FR3129552B1 - Procédé de contrôle dans un système informatique, système informatique et programme d’ordinateur pour la mise en œuvre du procédé - Google Patents

Procédé de contrôle dans un système informatique, système informatique et programme d’ordinateur pour la mise en œuvre du procédé Download PDF

Info

Publication number
FR3129552B1
FR3129552B1 FR2112451A FR2112451A FR3129552B1 FR 3129552 B1 FR3129552 B1 FR 3129552B1 FR 2112451 A FR2112451 A FR 2112451A FR 2112451 A FR2112451 A FR 2112451A FR 3129552 B1 FR3129552 B1 FR 3129552B1
Authority
FR
France
Prior art keywords
computer system
virtual machine
implementing
control method
data packet
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
FR2112451A
Other languages
English (en)
Other versions
FR3129552A1 (fr
Inventor
Jean-Christophe Carrière
Calloch Stéfane Le
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Orange SA
Original Assignee
Orange SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Orange SA filed Critical Orange SA
Priority to FR2112451A priority Critical patent/FR3129552B1/fr
Publication of FR3129552A1 publication Critical patent/FR3129552A1/fr
Application granted granted Critical
Publication of FR3129552B1 publication Critical patent/FR3129552B1/fr
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0806Configuration setting for initial configuration or provisioning, e.g. plug-and-play
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0895Configuration of virtualised networks or elements, e.g. virtualised network function or OpenFlow elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/40Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using virtualisation of network functions or resources, e.g. SDN or NFV entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/10Mapping addresses of different types
    • H04L61/103Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5046Resolving address allocation conflicts; Testing of addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/162Implementing security features at a particular protocol layer at the data link layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/164Implementing security features at a particular protocol layer at the network layer
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45595Network integration; Enabling network access in virtual machine instances
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/618Details of network addresses
    • H04L2101/622Layer-2 addresses, e.g. medium access control [MAC] addresses

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer And Data Communications (AREA)
  • Stored Programmes (AREA)

Abstract

Un procédé de contrôle dans un système informatique comprenant au moins une machine virtuelle utilisateur et une machine virtuelle de contrôle pilotées par un hyperviseur, mis en œuvre par la machine virtuelle de contrôle, est proposé, qui comprend : recevoir d’une machine virtuelle utilisateur un paquet de données associé à un flux d’administration, ledit paquet de données comprenant un identifiant de réseau et une première adresse physique identifiant la machine virtuelle utilisateur ; et lorsque l’identifiant de réseau est associé à une deuxième adresse physique différente de la première adresse physique, bloquer le paquet de données. Figure de l’abrégé : Figure 2
FR2112451A 2021-11-24 2021-11-24 Procédé de contrôle dans un système informatique, système informatique et programme d’ordinateur pour la mise en œuvre du procédé Active FR3129552B1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
FR2112451A FR3129552B1 (fr) 2021-11-24 2021-11-24 Procédé de contrôle dans un système informatique, système informatique et programme d’ordinateur pour la mise en œuvre du procédé

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR2112451 2021-11-24
FR2112451A FR3129552B1 (fr) 2021-11-24 2021-11-24 Procédé de contrôle dans un système informatique, système informatique et programme d’ordinateur pour la mise en œuvre du procédé

Publications (2)

Publication Number Publication Date
FR3129552A1 FR3129552A1 (fr) 2023-05-26
FR3129552B1 true FR3129552B1 (fr) 2024-01-19

Family

ID=81326885

Family Applications (1)

Application Number Title Priority Date Filing Date
FR2112451A Active FR3129552B1 (fr) 2021-11-24 2021-11-24 Procédé de contrôle dans un système informatique, système informatique et programme d’ordinateur pour la mise en œuvre du procédé

Country Status (1)

Country Link
FR (1) FR3129552B1 (fr)

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8792502B2 (en) * 2012-08-07 2014-07-29 Cisco Technology, Inc. Duplicate MAC address detection
EP2910003B1 (fr) * 2013-06-18 2016-11-23 Telefonaktiebolaget LM Ericsson (publ) Détection d'adresse mac en double
US9756010B2 (en) * 2013-09-30 2017-09-05 Vmware, Inc. Resolving network address conflicts
US9582308B2 (en) * 2014-03-31 2017-02-28 Nicira, Inc. Auto detecting legitimate IP addresses using spoofguard agents
US11258757B2 (en) * 2019-02-28 2022-02-22 Vmware, Inc. Management of blacklists and duplicate addresses in software defined networks

Also Published As

Publication number Publication date
FR3129552A1 (fr) 2023-05-26

Similar Documents

Publication Publication Date Title
CN101123583B (zh) 网络节点设备及其方法
US12255792B2 (en) Tagging packets for monitoring and analysis
JP4607320B2 (ja) モジュールのストリーミング
US10659315B2 (en) Virtual network function (VNF) relocation in a software defined network (SDN)
JP2000501207A (ja) 電気通信交換機での処理エラーを処理する方法と装置
CN101218804A (zh) 动态重新平衡连接至网络的服务器群集内的客户会话的方法和系统
US10855557B2 (en) Method and device for upgrading virtual switch
CN109996201B (zh) 一种网络访问方法及网络设备
US11743161B2 (en) Container network interface monitoring
CN108063714A (zh) 一种网络请求的处理方法及装置
CN105939284A (zh) 报文控制策略的匹配方法及装置
US20170220218A1 (en) Automatic Generation of Regular Expression Based on Log Line Data
CN115086250A (zh) 一种网络靶场分布式流量发生系统与方法
CN110322250A (zh) 无效用户操作路径识别方法、装置、设备及存储介质
US10778512B2 (en) System and method for network provisioning
WO2019062019A1 (fr) Procédé d'exportation de liste de données et terminal utilisant ce procédé
FR3129552B1 (fr) Procédé de contrôle dans un système informatique, système informatique et programme d’ordinateur pour la mise en œuvre du procédé
JP5649840B2 (ja) Sipサーブレットアプリケーションコホスティング
US7810103B2 (en) System and method for validating communication specification conformance between a device driver and a hardware device
CN118301164A (zh) 一种资源调整方法、装置、电子设备及存储介质
WO2021239157A1 (fr) Procédé et appareil de débogage d'application, ainsi que dispositif et support
US11171846B1 (en) Log throttling
CN113448729B (zh) 负载均衡方法、装置、设备及存储介质
US10191844B2 (en) Automatic garbage collection thrashing monitoring
CN113904951A (zh) 一种网关设备的数据监控方法、装置及相关设备

Legal Events

Date Code Title Description
PLFP Fee payment

Year of fee payment: 2

PLSC Publication of the preliminary search report

Effective date: 20230526

PLFP Fee payment

Year of fee payment: 3

PLFP Fee payment

Year of fee payment: 4

PLFP Fee payment

Year of fee payment: 5