CN1893392A - Method and apparatus for preventing user from obtaining operation trader network information - Google Patents

Method and apparatus for preventing user from obtaining operation trader network information Download PDF

Info

Publication number
CN1893392A
CN1893392A CN 200510082717 CN200510082717A CN1893392A CN 1893392 A CN1893392 A CN 1893392A CN 200510082717 CN200510082717 CN 200510082717 CN 200510082717 A CN200510082717 A CN 200510082717A CN 1893392 A CN1893392 A CN 1893392A
Authority
CN
China
Prior art keywords
network
icmp
user
packet
operator
Prior art date
Application number
CN 200510082717
Other languages
Chinese (zh)
Other versions
CN100502352C (en
Inventor
苗福友
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to CN 200510082717 priority Critical patent/CN100502352C/en
Publication of CN1893392A publication Critical patent/CN1893392A/en
Application granted granted Critical
Publication of CN100502352C publication Critical patent/CN100502352C/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Abstract

The method includes main steps: determining edge router between network of operation manager and network of user; the edge router carries out filtering process for received time-out message sent from operation manager to network of user in Internet control message protocol ICMP. The invention makes network of operation manager not return router information of user data to user.

Description

防止用户获得运营商网络信息的方法和装置 The method and apparatus prevents the user's network operator information obtained

技术领域 FIELD

本发明涉及通讯领域,尤其涉及一种防止用户获得运营商网络信息的方法和装置。 The present invention relates to the field of communications, particularly to a method and apparatus for obtaining user information for preventing an operator network.

背景技术 Background technique

IP协议是因特网协议系列的核心部分,它以统一的选路机制屏蔽了底层物理网络,从而实现了异种网络的广域互联。 IP protocol is the core of the Internet protocol family, it is a unified routing mechanism shields the underlying physical network, enabling WAN interconnection of heterogeneous networks. 目前在因特网上使用的IP协议版本为IPv4协议。 IP protocol version currently used on the Internet for the IPv4 protocol.

IP协议虽然具有强大的传递报文的能力,但IP协议并不负责报文的丢失、重复、延迟和乱序等情况,因此,IP协议并不能保证报文一定能够投递到目的地。 IP protocol, while having the ability to deliver a strong message, but the IP protocol is not responsible for packet loss, duplication, delay and disorder, etc. Therefore, the IP protocol does not guarantee that the message will be able to deliver to the destination. 于是,为了提高IP报文交付成功的概率,准确反映报文的投递情况,IETF(因特网工程部)设计了ICMP(互联网控制报文协议)。 So, in order to improve the probability of successful delivery of IP packets, delivered accurately reflect the situation of the packet, IETF (Internet Engineering) is designed ICMP (Internet Control Message Protocol).

从因特网的结构看,因特网是由收发报文的主机和中转报文的路由器组成。 Seen from the structure of the Internet, Internet, send and receive packets by hosts and routers that relay packets composition. 鉴于IP协议本身的一些不可靠性,ICMP协议主要用于传输网络设备和结点之间的控制和差错报告报文。 In view of the IP protocol itself some unreliability, ICMP protocol is mainly used for error reporting and controlling transmission of packets between network nodes and devices. 即ICMP协议的目的仅仅是向源发主机告知网络环境中出现的问题。 That purpose is only to inform ICMP protocol network environment to the originating host arise. ICMP协议主要支持通过路由器将报文传输的结果信息反馈回源发主机。 ICMP protocol is mainly supported by the results back to the originating host router information packets transmitted feedback.

ICMP的使用者主要是路由器,接收者为IP报文的源发主机端,ICMP报文的简单传输过程如下:1、当路由器发现某份IP报文因为某种原因无法继续转发和投递时,相关的实体(一般为上层实体)便形成ICMP报文。 ICMP router main user, the recipient of the originating host IP packets, ICMP packets simple transmission process is as follows: 1, a router discovery parts when IP packets for some reason unable to continue forward and delivery, related entities (typically upper entity) will form ICMP packets.

2、路由器根据判断的故障类别,在该ICMP报文中分别填入报文类型、报文代码、报文检验和以及报文的数据部分。 2, according to the router fault category determination, the ICMP message packet types are filled, message code, and checksum packet data part of the telegram.

3、路由器从出现故障的IP报文中截取源发送主机的IP地址,形成新的携带该ICMP报文的IP报文;4、路由器利用信道通过一定的路由把该IP报文转发给源发主机;5、源发主机端收到携带ICMP报文的IP报文后,从中提取出ICMP报文,读取ICMP报文各字段值,进而判断出现故障的IP报文的故障类型及其故障原因。 3, the router taken from the failed IP packet the IP address of the source the sending host, to form a new carrying the ICMP packet is an IP packet; 4, the router using the channel through a certain route to the IP packet to the originating host; after 5, originating host receives ICMP packets carrying IP packets, extracts the ICMP packet, reads the ICMP packet field values, and then determine the type of fault failure of IP packets and failures the reason.

携带ICMP报文的IP报文在反馈传输过程中不具有任何优先级,与正常的IP报文一样进行转发,唯一不同的是如果携带ICMP报文的IP报文在传输过程中出现故障,转发该IP报文的路由器就将不产生任何新的差错报文。 Like the IP packet carries the ICMP packet IP packet does not have any priority, and normal feedback transmission process forward, the only difference is that if the carrying ICMP packet IP packet fails during transmission, forwarding the IP packet router will not generate any new error messages.

ICMP报文主要可分为两类报文,即ICMP错误性报告报文和ICMP信息性报文。 ICMP packets can be divided into two types of messages that ICMP error reporting ICMP packets and informational messages.

ICMP错误性报告报文主要有五种,即1、目的站不可达报文:当路由器或主机不能向目的站交付报文时,就向源站发送目的站不可达的报文。 ICMP error message reports there are five, namely 1, destination unreachable message: When a router or host can not deliver the message to the destination station, it sends a destination unreachable message to the source station.

2、源站抑制报文:当路由器或主机由于拥塞而丢弃报文时,就向源站发送源站抑制报文报文,使源站知道应该将报文的发送速率放慢。 2, source quench message: When a router or host discards packets due to congestion, the inhibition of the source packet to the packet transmitting station source station, the source station knows that the message should be slow transmission rate.

3、超时报文:当路由器收到生存时间为零的报文时,除丢弃该报文外,还要向源站发送超时报文。 3, timeout packets: When the router receives a packet survival time is zero, except discards the packet, but also send a timeout message to the source station. 当目的站在预先规定的时间内不能收到一个报文的全部内容时,就将已收到的报文内容都丢弃,并向源站发送超过报文。 When the entire contents of which can not receive a message within a predetermined time standing object, will have received the message contents are discarded, and sends the packets over the source station.

4、参数问题报文:当路由器或目的主机发现收到的报文的首部中有的字段的值不正确时,就丢弃该报文,并向源站发送参数问题报文。 4, packet parameters of the problem: When a router or the destination host discovery packet received by some of the header field value is not correct, it discards the packet and sends the packet parameters of the problem source station.

5、改变路由(重定向)报文:路由器通过将改变路由报文发送给主机,让主机知道下次应将报文发给另外的路由器。 5, change the routing (redirect) messages: the router by changing the routing packets sent to the host, so the host should know that the next packet to another router.

不应发送ICMP错误性报告报文的几种情况如下:1、对ICMP错误性报告报文不再发送ICMP错误性报告报文;2、对第一个分片的报文片的所有后续报文片都不发送ICMP错误性报告报文;3、对具有多播地址的报文都不发送ICMP错误性报告报文;4、对具有特殊地址(如127.0.0.0或0.0.0.0)的报文不发送ICMP错误性报告报文。 ICMP error reporting should not be sent in several packets as follows: 1, ICMP error reporting message not send an ICMP error reporting message; 2, all subsequent packets of the packet of sheets of the first fragment paper sheet not send an ICMP error reporting message; 3, do not send an ICMP error reporting message packets having a multicast address; 4, packets having a particular address (e.g., 127.0.0.0 or 0.0.0.0) is Wen does not send error reports ICMP packets.

ICMP信息性报文有四种:1、回送请求(Echo Request)和回答报文(Echo Reply):当主机或路由器向一个特定的目的主机发出回送请求报文后,收到此报文的机器必须给源发主机或路由器返回回答报文。 ICMP informational messages four: 1, echo request (Echo Request) and reply messages (Echo Reply): When the host or router sent to a particular destination host after the echo request packet, receiving the packet machine must return a reply message to the originating host or router.

2、时间戳请求和回答报文:该报文主要用于请某个主机或路由器回答当前的日期和时间。 2, timestamp request and reply messages: the message is mainly used to make a host or router to answer the current date and time.

3、掩码地址请求报文:该报文主要用于从子网掩码服务器得到某个接口的地址掩码。 3, address mask request message: the message is mainly used for address mask to get an interface from the server subnet mask.

4、路由器询问和通告报文:该报文主要用于了解连接在本网络上的路由器是否正常工作。 4, router advertisement message and ask: is mainly used for the packet router connected to the understanding of this network is working properly. 主机将路由器询问报文进行广播。 The host will ask the router broadcast packets. 收到询问报文的一个或多个路由器就使用路由器通告报文广播其路由选择信息。 Asks one or more routers receive messages on the use of a router advertisement message broadcast its routing information.

通过将回送请求和应答两类报文(信息性报文)和超时报文(错误报文)两种报文的功能进行组合,能够获得IP报文的网络传输路径。 By echo request and response types of messages (informational messages) and timeout packet (error message) two types of packets combination of functions, network transmission path can obtain IP packets.

下面我们以IPv4网络为例来说明traceRoute(一种跟踪数据传输路径的方法或程序)功能。 Here we IPv4 network will be described as an example (method of tracking data or program transmission path) traceroute function.

目前使用的traceroute包括两种:ICMP traceroute和UDP(用户数据报协议)traceroute。 Traceroute currently used includes two: ICMP traceroute and UDP (User Datagram Protocol) traceroute. 某些软件公司使用ICMP traceroute,所以,某些操作系统上发出的traceRT使用的是ICMP traceroute,其它操作系统,比如unix和某些公司的路由器都使用UDP traceroute。 Some software companies use ICMP traceroute, so some traceRT issued by the operating system using ICMP traceroute, other operating systems, such as unix and some of the company's routers using UDP traceroute.

在路由器和主机中,TraceRoute根据报文TTL(Time to Live,生存时间)的值来决定下一步的操作:如果收到的报文TTL=0,则丢弃该报文,同时向源节点发送ICMP超时报文;如果收到的报文TTL不等于0,则将TTL减1后,将该报文转发给上层协议处理。 In the router and the host, according to the value of the TraceRoute packet TTL (Time to Live, survival time) to determine the next operation: If the received packet TTL = 0, the packet is discarded, while the source node sends an ICMP timeout packets; if the received packet TTL not equal to 0, the TTL decrements by 1, forwards the packet to the upper layer protocol processing.

一般TraceRoute都将TTL的值设置得很小,刻意让路径上的节点返回ICMP超时报文来获得路径信息。 TraceRoute generally will set the TTL value is very small, deliberately let the nodes on the path to return ICMP timeout packet to get the path information.

ICMP traceroute的工作原理如下:ICMP traceroute使用ICMP Echo Request报文,ICMP Echo Reply报文和ICMP TTL-expired报文。 ICMP traceroute works as follows: ICMP traceroute use ICMP Echo Request packets, ICMP Echo Reply packets and ICMP TTL-expired messages. 源主机发出ICMP Echo Request报文,第一个request报文的TTL为1,第二个request报文的TTL为2,以后依此递增直至TTL为30;中间的路由器送回ICMP TTL-expired(ICMP type 11)报文通知源主机,packet同时因TTL超时而被drop,由此源主机知晓报文一路上经过的每一个路由器,最后的目的主机送回ICMP Echo Reply报文。 Source host sends ICMP Echo Request packet, a request packet of the first TTL of 1, the second request message TTL of 2, and so is incremented until after the TTL of 30; the intermediate router returned ICMP TTL-expired ( ICMP type 11) packet to inform the source host, while packet drop is due to the TTL expires, whereby each packet source host its way through a router, the final destination host returned ICMP Echo Reply packets.

UDP traceroute的工作原理如下:UDP traceroute使用ICMP TTL-expired(type 11)报文,ICMP portunreachable(type 3,code 3)报文和UDP port>32768报文。 UDP traceroute works as follows: UDP traceroute use ICMP TTL-expired (type 11) packets, ICMP portunreachable (type 3, code 3) messages and UDP port> 32768 messages. 源主机发出UDPpacket,源端口使用随机的任何大于32768的高段port#,destination port#从33434开始每送个probe依此递增,直至33434+29,(cisco router上使用extended-traceroute命令可以修改这个起始的33434 port#),同时TTL从1开始依此递增,直至1+29=30(最多送30个probe)。 Source host sends UDPpacket, any random source port is greater than 32768 high stage port #, destination port # 33434 from the beginning of each send a probe so incremented until 33,434 + 29, using the extended-traceroute command (cisco router can modify the starting 33434 port #), and so from the beginning while TTL is incremented until 29 + 1 = 30 (30 up to send probe). 中间的路由器送回ICMP TTL-expired报文,使得源主机得知了中间的每一个路由器,最后的目的主机送回TTL-expired报文和ICMP port unreachable报文(因为任何主机上都没有应用使用UDP port#>32768这样的高段port#)。 Intermediate router returned ICMP TTL-expired packets, the source host so that each router in the middle, and finally back to the destination host TTL-expired packets and ICMP port unreachable messages (because applications are not used on any host UDP port #> 32768 such high segment port #).

根据上面所述的ICMP traceroute和UDP traceroute的工作原理,用户可以利用ICMP traceroute和UDP traceroute来获得网络中的节点信息和路径信息,并且可以通过改变报文的目的地址,获得多个路径信息,这些信息组合起来就能够产生网络拓扑。 ICMP traceroute according to the principle described above and UDP traceroute, the user can utilize ICMP traceroute and UDP traceroute to obtain node information and route information in the network, and by changing the destination address of the packet to obtain a plurality of route information, these It can be generated by combining the information of the network topology.

从用户的角度来看,用户关心的是服务质量,用户不必关心通过哪些节点来完成报文的传输,用户获得路径信息也无益于提高用户的满意度。 From the user's point of view, users care about is quality of service, users need not be concerned by which nodes to complete packet transmission, users get the path information is also conducive to improving customer satisfaction. 但不良攻击者却可以利用路径信息来对网络发起攻击,所以,应该限制用户获得网络路径信息。 But poor attacker be able to use the path information to launch attacks on the network, so users should be restricted to obtain network path information.

现有技术中一种针对ICMP TraceRoute的安全防范方法为:通过改变路由器的报文处理规则来限制路由器返回系统信息。 One for the art security methods ICMP TraceRoute is: by changing the router packet processing rules to limit the router return system information. 该方法改变的报文处理规则主要为:1、中间路径上任何一个路由器如果过滤ICMP Echo Request,Traceroute就不能工作;2、封了type 11(Time Exceeded)报文,中间的路由器全看不到,但能看到报文到达了最后的目的地;3、封了ICMP Echo Reply报文,中间的所有节点能够返回TimeExceeded信息,最后的目的地看不到,因此,用户仍旧能够获得路径信息。 The packet processing method of changing the rules are essentially: either a router, if the intermediate path filter ICMP Echo Request, Traceroute will not work; 2, sealed type 11 (Time Exceeded) message, the intermediate router can not see the whole but to see the message arrives at the final destination; 3, sealing the ICMP Echo Reply message, all nodes in the middle can return TimeExceeded information, see the final destination, so users can still get route information.

现有技术中一种针对UDP TraceRoute的安全防范方法为:通过改变路由器的报文处理规则来限制路由器返回系统信息。 One for the art security methods UDP TraceRoute is: by changing the router packet processing rules to limit the router return system information. 该方法改变的报文处理规则主要为:1、中间路径上任何一个路由器如果过滤掉UDP port>32768,traceroute就不能工作; The method changes the packet processing rules mainly: 1, any router on a path, if the intermediate filtered UDP port> 32768, traceroute will not work;

2、封掉TTL超时报文,使源主机看不到中间的路由器;3、封掉Echo Reply报文,使源主机不能获得目的节点的反应。 2, sealing of TTL exceeded message, so that the source host can not see the intermediate router; 3, Fengdiao Echo Reply packet, the source host can not be obtained so that the reaction of the destination node.

所述现有技术中针对ICMP TraceRoute和UDP TraceRoute的安全防范方法的缺点为:该方法将导致运营商网络内部使用TraceRoute也受到限制,而TraceRoute功能是运营商管理和维护网络的重要工具。 The disadvantages of the prior art for a method to prevent the security ICMP TraceRoute and UDP TraceRoute is: This method will result in the carrier network using TraceRoute is limited, and TraceRoute function is an important tool for operators to manage and maintain the network.

发明内容 SUMMARY

鉴于上述现有技术所存在的问题,本发明的目的是提供一种防止用户获得运营商网络信息的方法和装置,从而可以使运营商网络不将路径信息返回给用户。 In view of the above-described prior art problems, an object of the present invention is to provide a method and apparatus for preventing the user to obtain information carrier network, so that the operator network can not return to the path information to the user.

本发明的目的是通过以下技术方案实现的:一种防止用户获得运营商网络信息的方法,包括:A、确定运营商网络和用户网络之间的边缘路由器;B、所述边缘路由器将接收到的从运营商网络发往用户网络的互联网控制报文协议ICMP超时报文进行过滤处理。 Object of the present invention is achieved by the following technical solutions: A method for preventing the user to obtain information carrier network, comprising: A, an edge router is determined between the user and the network operator network; B, the edge router received from the operator's network to a user network of Internet control message protocol ICMP timeout packet filtering process.

所述的步骤B具体包括:所述边缘路由器将接收到的从运营商网络发往用户网络的ICMP超时报文丢弃。 Said step B comprises: an edge router of the received ICMP time exceeded from the operator network to a network user discarded.

所述的步骤B具体包括:所述边缘路由器将接收到的从运营商网络发往用户网络的ICMP超时报文的源地址进行修改,然后将报文进行正常转发。 Said step B comprises: an edge router of the source address of the received ICMP timeout packet sent from the operator network to the user to modify the network, then the packet will be forwarded.

所述的步骤B具体包括:所述边缘路由器将接收到的从运营商网络发往用户网络的ICMP超时报文的源地址修改为自身的地址,然后将报文进行正常转发。 Said step B comprises: an edge router of the source address of the received ICMP timeout packet sent from the operator network to the user to modify the network of its own address, then the packet will be forwarded.

所述的步骤B还包括: Said step B further comprises:

所述边缘路由器将接收到的从运营商网络发往用户网络的ICMP超时报文的目的地址修改为引起该ICMP超时报文的主机的地址,该地址从ICMP超时报文的报文体中获得。 The edge router of the destination address of the received ICMP timeout packet sent from the operator network to the user to modify the network address of the host to cause the ICMP timeout packets, the address obtained from the packet body in the ICMP time exceeded.

所述的步骤B具体包括:所述边缘路由器将接收到的从运营商网络发往用户网络的ICMP超时报文中包含的运营商网络信息进行删除或转换处理,然后将经过删除或转换处理后的ICMP超时报文转发给目的用户网络。 Said step B comprises: an edge router of the received information to the operator network ICMP time exceeded from the operator network to a network user to delete or included in the conversion process, and after the conversion process or delete ICMP timeout packets forwarded to the destination user network.

所述的步骤B具体包括:B1、所述边缘路由器根据携带ICMP超时报文的IP报文本身的属性,判断接收到的从运营商网络发往用户网络的ICMP超时报文的源节点是来自运营商网络还是用户网络,如果是来自运营商网络,则执行步骤B2;否则,执行步骤B3;B2、所述边缘路由器对接收到的ICMP超时报文进行丢弃或地址修改操作,或者对接收到的ICMP超时报文中包含的运营商网络信息进行删除或转换处理;B3、所述边缘路由器将接收到的ICMP超时报文转发给目的用户网络。 Said step B comprising: B1, the edge router according to the attribute ICMP time exceeded carrying IP packet itself, whether the received carrier from the network to a network user's ICMP timeout packet from the source node operator network or subscriber network, if it is from the carrier network, step B2 is executed; otherwise, step B3; B2, the edge router received the ICMP time exceeded discards or address modification operation or received the ICMP time exceeded contained carrier network information conversion processing or deleted; B3, the edge router of the received ICMP timeout packets forwarded to the destination user network.

所述的步骤B1所述的IP报文本身的属性包括IP报文的生存时间TTL或跳数限制Hop Limit。 Said step Bl of the IP packet attribute itself comprises IP packet the TTL or hop limit Hop Limit.

所述方法适用于IPv4或IPv6网络。 The method is applicable to IPv4 or IPv6 network.

一种防止用户获得运营商网络信息的装置,该装置通过路由器来实现,其特征在于,所述路由器包括:报文过滤模块:用于将经过该路由器的,从运营商网络发往用户网络的ICMP超时报文进行过滤处理。 Obtaining means for preventing the user's network operator information, the apparatus is achieved by a router, wherein said router comprising: packet filtering module: for through the router, from the operator network to a network user ICMP timeout packet filtering process.

所述报文过滤模块包括:报文丢弃模块:用于将经过该路由器的,从运营商网络发往用户网络的ICMP超时报文进行丢弃;和/或,运营商网络信息处理模块:用于将经过该路由器的,从运营商网络发往用户网络的ICMP超时报文中包含的运营商网络信息进行删除或转换处理;和/或,报文地址修改模块:用于对经过该路由器的,从运营商网络发往用户网络的ICMP超时报文进行地址修改。 The packet filter module comprising: a packet discarding module: means for discarding after, ICMP timeout packets from the router network to a carrier network users; and / or carrier network information processing module: for the deletion or conversion process through, ICMP timeout packets from the operator's network to a user network contained in the operator's network information of the router; and / or packet address modification module: for through the router from operator network to a user's network ICMP timeout packets for address changes.

由上述本发明提供的技术方案可以看出,本发明通过对经过运营商网络边缘发送到用户网络的ICMP超时报文进行过滤、丢弃或修改,可以防止运营商网络将包含运营商网络路径信息的ICMP超时报文返回给用户,或返回的ICMP超时报文不能够用来生成运营商网络路径信息。 Provided by the present invention of the above it can be seen, the present invention is transmitted to the user by the network operator's network through the edge of the ICMP time exceeded filtered, discarded or modified, can be prevented operator network comprising an operator network path information ICMP timeout packet back to the user, or the return of ICMP timeout packets can not be used to generate a carrier network path information. 本发明同时保证在运营商网络内仍旧能够成功使用TraceRoute等路径跟踪程序。 The present invention is still successful use while ensuring the like TraceRoute path tracking program in the service provider network.

附图说明 BRIEF DESCRIPTION

图1为本发明所述方法的具体处理流程图;图2为本发明所述实施例的组网示意图;图3为本发明所述装置的结构图。 Specific methods of the invention is a process flow diagram of FIG. 1 present; FIG. 2 is a schematic diagram of networking of the embodiment of the present invention; structural diagram of the device of the present invention FIG.

具体实施方式 Detailed ways

本发明提供了一种防止用户获得运营商网络信息的方法和装置。 The present invention provides a method and apparatus for preventing the user to obtain information carrier network. 本发明的核心为:在ICMP超时报文经过运营商网络边缘路由器发送到用户网络的时候,网络边缘路由器对该ICMP超时报文进行过滤操作。 The core of the present invention are: the transmission via the operator network to the user network in the edge router ICMP time exceeded when the network edge routers filtering the ICMP time exceeded.

下面结合附图来详细描述本发明,本发明所述方法的具体处理流程如图1所示,包括如下步骤:步骤1-1、用户设备通过运营商网络向目的用户发送ICMP Echo或UDP报文,并产生ICMP超时报文。 DRAWINGS The invention is described in detail, the specific processing flow of the method of the present invention is shown in Figure 1, comprising the following steps: Step 1-1, the user equipment sends UDP or ICMP Echo packet to the destination user over the carrier network and generate ICMP time exceeded.

用户设备,可能是一台主机,也可能是多台主机、路由器、交换机组成的网络,通过运营商网络向目的用户发送多个ICMP TraceRoute功能中的ICMP Echo报文,或者发送多个UDP TraceRoute功能中的UDP报文。 User equipment, a host may be, it could be a network with multiple hosts, routers, switches composed of a plurality of transmitted ICMP Echo packets ICMP TraceRoute functions to the target user by the network operator, or a plurality of transmission functions UDP TraceRoute the UDP packet.

一些ICMP Echo报文或UDP报文到达运营商网络中的中间路由器或边缘路由器,以及运营商网络外的其它一些用户网络中的路由器时,报文中的TTL=0,于是,根据路由器中的ICMP报文处理规则,路由器将接收到的ICMP Echo报文或UDP报文丢弃,并根据IP协议规程产生一个ICMP超时报文,将该ICMP超时报文的目的地址设置为源用户设备的地址,源地址设置为路由器自身的地址。 Some When ICMP Echo packets or UDP packets to the intermediate router or edge router operator's network, and the router user network other outside the operator's network, packets TTL = 0, then, in accordance with the router ICMP packet processing rules, the router received ICMP Echo packets or UDP packets are discarded, and generates an ICMP timeout packet according to the IP protocol procedures, set the destination address of the ICMP time exceeded the address of the source user equipment, the source address is set to the address of the router itself.

步骤1-2、运营商网络中的中间路由器或边缘路由器接收到ICMP超时报文。 Step 1-2, the intermediate router or edge router operator network receives the ICMP time exceeded.

所述步骤1-1产生的ICMP超时报文将通过运营商网络发送给源用户设备。 Step 1-1 The generated ICMP time exceeded will be sent to the source user equipment by the network operator. 因此,运营商网络中的中间路由器或边缘路由器将接收到该ICMP超时报文,如果是中间路由器接收到该ICMP超时报文,则执行步骤1-3;如果是边缘路由器接收到该ICMP超时报文,则执行步骤1-4。 Thus, intermediate routers or edge routers in the service provider network receives the ICMP time exceeded, if the intermediate router receives the ICMP time exceeded, step 1-3; if the edge router receives the ICMP timeout Wen, step 1-4.

步骤1-3、中间路由器对ICMP超时报文进行正常转发。 Steps 1-3, intermediate routers to ICMP timeout packets forwarded properly.

中间路由器根据正常的报文转发规则,对接收到的ICMP超时报文进行转发,不对报文做特殊处理。 Intermediate router to forward packets according to the normal rules, received ICMP timeout packet forwarding, packet do not special treatment.

步骤1-4、边缘路由器判断超时报文是否是从运营商网络发往用户网络。 Step 1-4, the edge router determines whether a timeout message from the operator network to a network user.

边缘路由器接收到ICMP超时报文后,需要判断该ICMP超时报文是否是从运营商网络发往用户网络,如果是,则执行步骤1-6;否则,执行步骤,1-5。 After receiving the edge router ICMP time exceeded, the need to determine whether the ICMP destination unreachable packets from the operator network to a network user, if yes, steps 1-6; otherwise, performing step 1-5.

步骤1-5、边缘路由器对ICMP超时报文进行正常转发。 Steps 1-5, edge router ICMP timeout packets forwarded properly.

边缘路由器根据正常的报文转发规则,对接收到的ICMP超时报文进行转发,不对报文做特殊处理。 Edge router to forward packets according to the normal rules, received ICMP timeout packet forwarding, packet do not special treatment.

步骤1-6、边缘路由器对ICMP超时报文进行过滤操作。 Step 1-6, the edge router ICMP time exceeded the filtering operation.

如果边缘路由器判断该ICMP超时报文是从运营商网络发往用户网络,则丢弃该ICMP超时报文;或者对该ICMP超时报文中包含的运营商网络信息进行删除或转换处理,使用户根据该ICMP超时报文不能生成运营商网络的路径信息,该路径是请求报文经过的路径;或者将该ICMP超时报文的源地址替换为边缘路由器自身的地址,目的地址替换为报文中原先的源地址,即将该ICMP超时报文返回。 If the edge router determines whether the ICMP time exceeded from the operator network to a user network, discards the ICMP time exceeded; or deletion or conversion processing on the service provider network of ICMP timeout packets included in the user according to the can not generate ICMP time exceeded operator network path information, the path is a path through which the request packet; or alternatively the ICMP time exceeded edge router source address replace its own address, the destination address of the original message source address, the ICMP timeout packet is about to return.

因此,经过上面所述的操作后,将可以防止用户根据ICMP超时报文获得运营商网络中的网络连接信息。 Thus, after the operation described above, the network connection can be prevented from obtaining the user's network operator information based on ICMP time exceeded.

对本发明所述方法的步骤1-6,本发明还提出了一种改进方案,具体描述如下:边缘路由器利用携带ICMP超时报文的IP报文本身的一些属性,判断产生该ICMP超时报文的源节点是来自运营商网络还是用户网络。 The method of the present invention, the step 1-6, the present invention also provides an improved embodiment, described as follows: Some properties of the edge router using ICMP timeout packets carrying IP packet itself, the judgments of the ICMP time exceeded The source node from the network operator's network or the user. 由于在一些网络方案中,运营商网络中的节点产生的报文的TTL和用户网络中的节点产生的报文的TTL被分配了不同的范围,因此,能够根据报文TTL值来实现该判断。 Since some network schemes, the TTL and the user network operator network nodes generated in the node generates a TTL of packets being assigned a different range, it is possible to achieve this is determined according to the message TTL value .

边缘路由器在判断了ICMP超时报文的来源后,对于来自运营商网络的ICMP超时报文,不允许其从运营商网络转发到用户网络,即根据上面的描述,对ICMP超时报文进行过滤操作;对于来自用户网络的ICMP超时报文,仍旧正常地转发给用户网络。 After determining the edge router sources ICMP timeout packets, an ICMP timeout packets from the operator network, which is not allowed to be forwarded from the user to the network operator's network, i.e., from the above description, for ICMP time exceeded the filtering operation ; for ICMP timeout packets from a user of the network, still forwarded properly to the user network.

上述改进方案对VPN(虚拟专用网)有一定的意义,因为两个在不同地理位置的多个用户网络/场所/站点属于同一个客户,这样同一个VPN内的用户都可以跟踪到属于同一个VPN的其他用户网络/场所/站点中,同时用户也不会获得运营商网络的信息。 These improvements program has some significance to the VPN (virtual private network), because the two belong to the same customer multiple users in different geographical locations of network / site / sites, so within the same VPN users can belong to the same track VPN users of other networks / sites / site, and you also will not get the information carrier network.

本发明还提供了一个本发明所述方法的实施例,该实施例的组网示意图如图2所示。 The present invention further provides an embodiment of the present invention, a method of networking a schematic view of the embodiment shown in FIG.

在图2所示的组网中,CPN为用户设备,可能是一台主机,也可能是多台主机、路由器或交换机组成的网络,CPN可能属于同一个或不同的个人用户、家庭用户、企业用户或内容提供商、IDC(因特网数据中心)。 In the network shown in Figure 2, CPN user equipment, may be a host, it may be a network with multiple hosts, routers or switches composition, CPN may belong to the same or a different individual users, home users, businesses users or content providers, IDC (Internet data Center).

PE为运营商边缘路由器,位于用户网络同运营商网络的边界,PE需要具有两个主要功能:1、根据需要对ICMP超时报文进行过滤操作,其中包括对报文进行丢弃或地址修改操作,或者对报文中包含的运营商网络信息进行删除或转换处理。 PE is the provider edge routers, the user located in the boundary with the network operator's network, PE needs to have two main functions: 1, the filtering operation of the ICMP time exceeded needed, including discards packets or address modification operation, or on the operator's network information contained in the message for deletion or conversion process.

2、根据ICMP协议规程,对报文进行正常的转发;产生ICMP超时报文。 2, according to ICMP protocol procedures, normal for packet forwarding; generate ICMP time exceeded.

P为运营商核心路由器,其主要功能为:根据ICMP协议规程,对报文进行正常的转发;产生ICMP超时报文。 P is the provider core router, its main function is: According to the ICMP protocol procedures, normal for packet forwarding; generate ICMP time exceeded.

在图2所示的组网中,用户发起的一个路径跟踪流程如下:1、CPN1内的用户Host1发送Echo报文到CPN4内的目的节点Host4,Host1从返回的Echo Reply报文中获得到目的节点的跳数N(中间需要经过的转发节点数)。 In the network shown in Figure 2, the user initiates a path tracking process is as follows: 1, the user transmits within CPN1 Host1 Echo packets to the destination node within the CPN4 Host4, Host1 available from Echo Reply packet returned to the object number of hops of nodes N (to go through intermediate nodes forwarding).

2、CPN1内的Host1发送多个ICMP Echo或UDP报文,目的地址为CPN4内的节点Host4的地址,并将各报文的TTL依次设为TTL=1,2,3,...,N,这里N即为到目的节点的跳数N。 2, Host1 transmitted within a plurality of CPN1 ICMP Echo or UDP packet, the destination address is the address of the node in Host4 CPN4, and the TTL of each packet are sequentially set TTL = 1,2,3, ..., N , where N is the number of hops to the destination node N.

3、Host1发送的某些ICMP Echo或UDP报文在到达PE1、P1、P2、PE4后,其TTL=0,于是,根据路由器中的ICMP报文处理规则,这些PE1、P1、P2、PE4将接收到的ICMP Echo报文或UDP报文丢弃,并根据IP规程产生一个ICMP超时报文,将该ICMP超时报文的目的地址设置为Host1的地址,源地址设置为PE1、P1、P2、PE4自身的地址。 3, some of the transmitted ICMP Echo Host1 or UDP packet after reaching PE1, P1, P2, PE4, which TTL = 0, then, according to the ICMP packet processing rules router, these PE1, P1, P2, PE4 will received ICMP Echo packets or UDP packets are discarded according to the IP protocol and generates a ICMP time exceeded, provided the destination address of the ICMP time exceeded Host1's address, the source address is set to PE1, P1, P2, PE4 own address.

4,PE1、PE2、PE3、PE4等运营商边缘路由器接收到ICMP超时报文后,将检查该报文,判断该报文是否是从运营商网络发往用户网络,如果是,则对该报文进行过滤操作;否则,继续转发该报文。 After 4, PE1, PE2, PE3, PE4 other provider edge router receives the ICMP time exceeded, checks the packet, whether the packet is sent from the operator network to a user network, if so, the newspaper text filtering operation; otherwise, continue to forward the packet.

比如,如果PE1接收到P2发往Host1的ICMP超时报文,则对该报文进行过滤操作;如果PE4接收到Host4发往Host1的ICMP超时报文,则继续转发该报文。 For example, if the received P2 PE1 sent to Host1's ICMP time exceeded, then the packet filtering operation; if received Host4 PE4 is sent to Host1 ICMP time exceeded, then continues to forward the packet. 该报文随后将到达PE1。 Then the message will reach PE1.

如果不采用上面所述的本发明的一种改进方案,PE1接收到Host4发往Host1的ICMP超时报文后,则对该报文进行过滤操作。 If not used, an improved embodiment of the present invention described above, the received PEl Host4 sent to Host1's ICMP time exceeded, the packet is the filtering operation.

如果采用上面所述的本发明的一种改进方案,PE1接收到Host4发往Host1的ICMP超时报文后,则继续转发该报文。 If the latter embodiment of the invention described above, the received PEl Host4 sent to Host1's ICMP time exceeded, then continues to forward the packet.

本发明所述装置的结构图如图3所示。 The present invention is a configuration diagram of the device shown in Fig. 该装置通过路由器来实现,并且在路由器中增加如下模块:报文丢弃模块、用于将经过该路由器的,从运营商网络发往用户网络的ICMP超时报文进行丢弃。 This is achieved through a router device, and add the following module in the router: packet discard module configured to discard will go through, ICMP timeout packets from the router network to a carrier network users.

报文地址修改模块、用于对经过该路由器的,从运营商网络发往用户网络的ICMP超时报文进行地址修改,使该ICMP超时报文不能到达用户网络。 Message address modification module configured through the router, ICMP timeout packets from the operator's network to a customer network address changes, so that the ICMP timeout packet network can not reach the user.

运营商网络信息处理模块:用于将经过该路由器的,从运营商网络发往用户网络的ICMP超时报文中包含的运营商网络信息进行删除或转换处理。 Operator network information processing module: used to delete or through the conversion process, contained in the operator's network ICMP timeout packets sent to the user's network operator information network of the router. 使用户不能根据处理后的ICMP超时报文获得运营商网络的路径信息。 So that users can not obtain the operator's network according to ICMP timeout packets processed path information.

以上所述,仅为本发明较佳的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到的变化或替换,都应涵盖在本发明的保护范围之内。 Above, the present invention is merely preferred specific embodiments, but the scope of the present invention is not limited thereto, any skilled in the art in the art within the scope of the invention disclosed can be easily thought of the changes or Alternatively, it shall fall within the protection scope of the present invention. 因此,本发明的保护范围应该以权利要求的保护范围为准。 Accordingly, the scope of the present invention should be defined by the scope of the claims.

Claims (11)

1.一种防止用户获得运营商网络信息的方法,其特征在于,包括:A、确定运营商网络和用户网络之间的边缘路由器;B、所述边缘路由器将接收到的从运营商网络发往用户网络的互联网控制报文协议ICMP超时报文进行过滤处理。 CLAIMS 1. A method of preventing an operator network to obtain user information, characterized by comprising: A, an edge router is determined between the user and the network operator network; B, the edge router will be received from the carrier network hair Internet users to the network control message protocol ICMP timeout packet filtering process.
2.根据权利要求1所述防止用户获得运营商网络信息的方法,其特征在于,所述的步骤B具体包括:所述边缘路由器将接收到的从运营商网络发往用户网络的ICMP超时报文丢弃。 2. The method prevents users from getting to the operator's network information claim, wherein said step B comprises: an edge router received the ICMP timeout from the operator network to a network user discarded.
3.根据权利要求1所述防止用户获得运营商网络信息的方法,其特征在于,所述的步骤B具体包括:所述边缘路由器将接收到的从运营商网络发往用户网络的ICMP超时报文的源地址进行修改,然后将报文进行正常转发。 3. The method prevents the user obtains the information service provider network as claimed in claim wherein said step B comprises: an edge router received the ICMP timeout from the operator network to a network user modify the source address, then the packet is forwarded properly.
4.根据权利要求3所述防止用户获得运营商网络信息的方法,其特征在于,所述的步骤B具体包括:所述边缘路由器将接收到的从运营商网络发往用户网络的ICMP超时报文的源地址修改为自身的地址,然后将报文进行正常转发。 4. The method of 3, wherein prevents users from getting information about the service provider network as claimed in claim, wherein said step B comprises: an edge router received the ICMP timeout from the operator network to a network user modify the source address is its own address, then the packet is forwarded properly.
5.根据权利要求4所述防止用户获得运营商网络信息的方法,其特征在于,所述的步骤B还包括:所述边缘路由器将接收到的从运营商网络发往用户网络的ICMP超时报文的目的地址修改为引起该ICMP超时报文的主机的地址,该地址从ICMP超时报文的报文体中获得。 5. The method according prevents users from getting information about the service provider network as claimed in claim, wherein said step B further comprises: an edge router received the ICMP timeout from the operator network to a network user the destination address of the text of the address of the host to cause modification of the ICMP timeout packets, the address obtained from the message body ICMP timeout packets of.
6.根据权利要求1所述防止用户获得运营商网络信息的方法,其特征在于,所述的步骤B具体包括:所述边缘路由器将接收到的从运营商网络发往用户网络的ICMP超时报文中包含的运营商网络信息进行删除或转换处理,然后将经过删除或转换处理后的ICMP超时报文转发给目的用户网络。 6. The method prevents the user obtains the information service provider network as claimed in claim wherein said step B comprises: an edge router received the ICMP timeout from the operator network to a network user the text contained in the operator's network information is deleted or conversion process, and then forwarded to the destination user network through ICMP timeout packets after deletion or conversion process.
7.根据权利要求1所述防止用户获得运营商网络信息的方法,其特征在于,所述的步骤B具体包括:B1、所述边缘路由器根据携带ICMP超时报文的IP报文本身的属性,判断接收到的从运营商网络发往用户网络的ICMP超时报文的源节点是来自运营商网络还是用户网络,如果是来自运营商网络,则执行步骤B2;否则,执行步骤B3;B2、所述边缘路由器对接收到的ICMP超时报文进行丢弃或地址修改操作,或者对接收到的ICMP超时报文中包含的运营商网络信息进行删除或转换处理;B3、所述边缘路由器将接收到的ICMP超时报文转发给目的用户网络。 7. The method prevents the user obtains the information service provider network as claimed in claim wherein said step B comprises: B1, according to the edge router attribute ICMP time exceeded carrying IP packet itself, the source node determines whether the received ICMP timeout packets from the operator network to a user of the network from the operator network or subscriber network, if it is from the carrier network, step B2; otherwise, step B3; B2, the said edge router received the ICMP time exceeded discards or address modification operation or the received ICMP time exceeded contained carrier network information conversion processing or deleted; B3, the edge router of the received ICMP timeout packets forwarded to the destination user network.
8.根据权利要求7所述防止用户获得运营商网络信息的方法,其特征在于,所述的步骤B1所述的IP报文本身的属性包括IP报文的生存时间TTL或跳数限制Hop Limit。 8.7 The carrier network to prevent the user information obtaining method according to claim, wherein said attribute of said step Bl IP packet itself includes a plurality of IP packets the TTL limitation or hop Hop Limit .
9.根据权利要求1所述防止用户获得运营商网络信息的方法,其特征在于,所述方法适用于IPv4或IPv6网络。 9. The method of claim 1 prevents a user to obtain information carrier network, characterized in that the method is applicable to IPv4 or IPv6 network.
10.一种防止用户获得运营商网络信息的装置,该装置通过路由器来实现,其特征在于,所述路由器包括:报文过滤模块:用于将经过该路由器的,从运营商网络发往用户网络的ICMP超时报文进行过滤处理。 10. A method for preventing the user's network operator information obtaining apparatus, the apparatus is achieved by means of a router, wherein said router comprising: packet filtering module: for through the router, from the operator network to a user ICMP timeout packet network filtering process.
11.根据权利要求10所述防止用户获得运营商网络信息的装置,其特征在于,所述报文过滤模块包括:报文丢弃模块:用于将经过该路由器的,从运营商网络发往用户网络的ICMP超时报文进行丢弃;和/或,运营商网络信息处理模块:用于将经过该路由器的,从运营商网络发往用户网络的ICMP超时报文中包含的运营商网络信息进行删除或转换处理;和/或,报文地址修改模块:用于对经过该路由器的,从运营商网络发往用户网络的ICMP超时报文进行地址修改。 11. The method of claim 10 prevents the user's network operator information obtaining means, and wherein said packet filtering module comprising: a packet discarding module: for through the router, from the operator network to a user ICMP time exceeded the network are discarded; and / or carrier network information processing module: used to delete through, ICMP time exceeded from the operator network to a user network comprising a carrier network information of the router or conversion processing; and / or packet address modification module: for through the router, ICMP timeout packets from the operator network to a customer network address changes.
CN 200510082717 2005-07-07 2005-07-07 Method and apparatus for preventing user from obtaining operation trader network information CN100502352C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 200510082717 CN100502352C (en) 2005-07-07 2005-07-07 Method and apparatus for preventing user from obtaining operation trader network information

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN 200510082717 CN100502352C (en) 2005-07-07 2005-07-07 Method and apparatus for preventing user from obtaining operation trader network information
PCT/CN2006/000935 WO2007006193A1 (en) 2005-07-07 2006-05-10 A method for preventing the user from obtaining the service provider network information and the equipment as well as the system thereof

Publications (2)

Publication Number Publication Date
CN1893392A true CN1893392A (en) 2007-01-10
CN100502352C CN100502352C (en) 2009-06-17

Family

ID=37597914

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200510082717 CN100502352C (en) 2005-07-07 2005-07-07 Method and apparatus for preventing user from obtaining operation trader network information

Country Status (2)

Country Link
CN (1) CN100502352C (en)
WO (1) WO2007006193A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101964723A (en) * 2010-07-30 2011-02-02 中国联合网络通信集团有限公司;北京电信规划设计院有限公司 Communication operator network information interaction management method and system
CN102025483B (en) * 2009-09-17 2012-07-04 国基电子(上海)有限公司 Wireless router and method for preventing malicious scanning by using same
CN103986652A (en) * 2014-05-22 2014-08-13 杭州华三通信技术有限公司 Router tracking method and device
CN105828218A (en) * 2016-04-19 2016-08-03 华为技术有限公司 Method for detecting transmission quality of multicast streams, device and system

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5892753A (en) * 1996-12-02 1999-04-06 International Business Machines Corporation System and method for dynamically refining PMTU estimates in a multimedia datastream internet system
US6339595B1 (en) * 1997-12-23 2002-01-15 Cisco Technology, Inc. Peer-model support for virtual private networks with potentially overlapping addresses
US20030236913A1 (en) * 2002-06-25 2003-12-25 Hoban Adrian C. Network address translation for internet control message protocol packets
CN1300985C (en) 2003-04-04 2007-02-14 华为技术有限公司 Method for processing extra-long message in two-layer virtual special-purpose network
CA2425442A1 (en) 2003-04-15 2004-10-15 Felix Katz Connectivity verification for internet protocol/multi-protocol label switching data communications networks

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102025483B (en) * 2009-09-17 2012-07-04 国基电子(上海)有限公司 Wireless router and method for preventing malicious scanning by using same
CN101964723A (en) * 2010-07-30 2011-02-02 中国联合网络通信集团有限公司;北京电信规划设计院有限公司 Communication operator network information interaction management method and system
CN101964723B (en) 2010-07-30 2012-03-28 中国联合网络通信集团有限公司 Communication operator network information interaction management method and system
CN103986652A (en) * 2014-05-22 2014-08-13 杭州华三通信技术有限公司 Router tracking method and device
CN105828218A (en) * 2016-04-19 2016-08-03 华为技术有限公司 Method for detecting transmission quality of multicast streams, device and system
CN105828218B (en) * 2016-04-19 2019-06-11 华为技术有限公司 A kind of method, apparatus and system detecting multicast data flow transmission quality

Also Published As

Publication number Publication date
WO2007006193A1 (en) 2007-01-18
CN100502352C (en) 2009-06-17

Similar Documents

Publication Publication Date Title
Cain et al. Internet group management protocol, version 3
US7782897B1 (en) Multimedia over internet protocol border controller for network-based virtual private networks
US8339973B1 (en) Multicast traceroute over MPLS/BGP IP multicast VPN
CN101765827B (en) Overlay transport virtualization
US7746796B2 (en) Directed echo requests and reverse traceroute
US9049047B2 (en) Method for providing scalable multicast service in a virtual private LAN service
EP0980608B1 (en) Multicast switching
US8665699B2 (en) Link failure detection and traffic redirection in an OpenFlow network
US7835276B2 (en) Admission control mechanism for multicast receivers
US6502140B1 (en) Multicast support for small groups
EP1164753B1 (en) Method and arrangement for handling information packets via user selectable relay nodes
US7650424B2 (en) Supporting mobile hosts on an internet protocol network
JP5992602B2 (en) System and method for using label distribution protocol (LDP) in IPv6 networks
EP1416682B1 (en) Methods of processing data packets at layer three level in a telecommunication equipment
US7768913B1 (en) Delivering and receiving multicast content across a unicast network
US8127029B1 (en) Internet protocol based network architecture for cable television network access with switched fallback
US20080229095A1 (en) Method and apparatus for dynamically securing voice and other delay-sensitive network traffic
CN1254059C (en) Method of realizing special multiple-protocol label exchanging virtual network
DE69727447T2 (en) Transmission separation and level 3 network switching
Li et al. IP/ICMP translation algorithm
US7639625B2 (en) Tracing connection paths through transparent proxies
JP3266188B2 (en) Multicast communication device and multicast communication method
US6977891B1 (en) Method and system for multicast traffic reduction
Rosen et al. Multicast in mpls/bgp ip vpns
JP2539167B2 (en) Multicast METHOD AND SYSTEM

Legal Events

Date Code Title Description
C06 Publication
C10 Entry into substantive examination
C14 Grant of patent or utility model
CF01