WO2017054526A1 - Procédé et dispositif de génération d'entrée de protocole de résolution d'adresse (arp) - Google Patents

Procédé et dispositif de génération d'entrée de protocole de résolution d'adresse (arp) Download PDF

Info

Publication number
WO2017054526A1
WO2017054526A1 PCT/CN2016/086454 CN2016086454W WO2017054526A1 WO 2017054526 A1 WO2017054526 A1 WO 2017054526A1 CN 2016086454 W CN2016086454 W CN 2016086454W WO 2017054526 A1 WO2017054526 A1 WO 2017054526A1
Authority
WO
WIPO (PCT)
Prior art keywords
dhcp
arp entry
client
address
arp
Prior art date
Application number
PCT/CN2016/086454
Other languages
English (en)
Chinese (zh)
Inventor
张玉磊
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2017054526A1 publication Critical patent/WO2017054526A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/10Mapping addresses of different types
    • H04L61/103Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses
    • H04L61/5014Internet protocol [IP] addresses using dynamic host configuration protocol [DHCP] or bootstrap protocol [BOOTP]

Definitions

  • the present application relates to, but is not limited to, the field of communications, and in particular, to an address resolution protocol ARP entry generation method and apparatus.
  • the Dynamic Host Configuration Protocol is a network configuration protocol that is optimized and extended based on the Bootstrap Protocol (BOOTP). With the development of the network and the expansion of the network, the network complexity is getting higher and higher, and the network configuration is more and more complicated.
  • the network device generally uses the DHCP protocol to allocate the host address.
  • DHCP snooping is a DHCP security feature that filters untrusted DHCP information by establishing and maintaining a DHCP snooping binding table. This information refers to DHCP information from untrusted areas.
  • the DHCP snooping binding table contains the Media Access Control (MAC) address, the Internet Protocol (IP) address, the lease period, and the virtual local area network identity (Virtual Local Area Network). -Identity, abbreviated as VLAN-ID) interface and other information.
  • MAC Media Access Control
  • IP Internet Protocol
  • VLAN-ID Virtual Local Area Network
  • the Address Resolution Protocol is a Transmission Control Protocol/Internet Protocol (TCP/IP) that acquires a physical address based on an IP address.
  • TCP/IP Transmission Control Protocol/Internet Protocol
  • the host sends the information, it broadcasts the ARP request containing the target IP address to all hosts on the network, and receives the return message to determine the physical address of the target. After receiving the return message, the IP address and physical address are stored in the local ARP.
  • the cache keeps a certain amount of time, and the next time the request is made, the ARP cache is directly queried to save resources.
  • a Layer 3 gateway also has ARP entries. After the host obtains an IP address, the host learns ARP through ARP. In the case of the ARP entry, the ARP entry in the network may be overwritten by the ARP entry. The ARP entry on the Layer 3 gateway device may be overwritten. , resulting in a host of abnormal Internet access, reduced call quality and other quality of service defects and security risks.
  • the embodiment of the invention provides a method and a device for generating an ARP entry, which solves the problem that the reliability of the ARP entry in the related art is low.
  • a method for generating an ARP entry including: obtaining a dynamic host configuration protocol requesting a DHCP REQUEST message, and parsing a MAC address of the client carried in the DHCP REQUEST message and the client request The assigned IP address, wherein the DHCP REQUEST message is sent by the client to the DHCP server; determining whether the first DHCP ACK message of the DHCP server responding to the DHCP REQUEST message is received; When the first DHCP ACK packet is received, the MAC address and the IP address assigned by the client request are written into the ARP entry as an ARP entry.
  • the method further includes: obtaining a dynamic host configuration protocol requesting a DHCP DISCOVER message in a broadcast form, and parsing the MAC address carried in the DHCP DISCOVER message, before acquiring the DHCP REQUEST message,
  • the DHCP DISCOVER packet is sent by the client to the DHCP server, and one or more dynamic host configuration protocol IP addresses carrying the MAC address are used to supply a DHCP OFFER packet, and the one is parsed.
  • one or more IP addresses carried in the multiple DHCP OFFER messages where the one or more DHCP OFFER messages are sent by the DHCP server to the client.
  • the method further includes: following the DHCP address lease after the MAC address and the IP address assigned by the client request are used as the ARP entry to be written into the ARP entry. Aging time, aging the ARP entry.
  • the method further includes: after the MAC address and the IP address assigned by the client request are used as the ARP entry to be written into the ARP entry, obtaining a DHCP REQUEST carrying the MAC address. a renewal lease message, wherein the DHCP REQUEST renewal message is sent by the client to the DHCP server; and determining whether the DHCP server receives a second DHCP response to the DHCP REQUEST renewal message
  • the ACK packet is updated, and the aging time of the ARP entry is updated when it is determined that the second DHCP ACK packet is received.
  • the method further includes: after the MAC address and the IP address assigned by the client request are used as the ARP entry, the dynamic host that carries the MAC address is obtained.
  • the configuration protocol releases the DHCP RELEASE message; the ARP entry is deleted.
  • the ARP entry has a higher priority than the dynamic ARP entry generated according to the address resolution protocol.
  • the method further includes: receiving an ARP learning report sent by the client after the MAC address and the IP address assigned by the client request are used as the ARP entry to be written into the ARP entry. Determining whether the source MAC address and the source IP address carried in the ARP learning packet are consistent with the MAC address recorded in the ARP entry and the IP address allocated by the client request; determining the ARP learning The source MAC address and the source IP address carried in the packet are the same as the MAC address recorded in the ARP entry and the IP address allocated by the client, and the ARP response packet is sent to the client.
  • the method further includes: after aging the ARP entry according to the aging time of the DHCP address lease, determining whether the ARP entry has aged; and determining that the ARP entry is aged, Checking whether the client is online; in the case that the client is checked to be online, the ARP entry is converted into a dynamic ARP entry; and when it is checked that the client is not online, the ARP entry is deleted.
  • An ARP entry generating apparatus includes: a first processing module, a first determining module, and a writing module.
  • the first processing module is configured to obtain a DHCP REQUEST packet, and parse the MAC address of the client carried in the DHCP REQUEST packet and the IP address allocated by the client request Address, wherein the DHCP REQUEST message is sent by the client to a DHCP server.
  • the first determining module is configured to determine whether the first DHCP ACK message of the DHCP server in response to the DHCP REQUEST message is received.
  • Writing to the module configured to: when the first determining module determines that the first DHCP ACK message is received, writing the MAC address and the IP address allocated by the client request to the ARP table as an ARP entry item.
  • the first processing module is further configured to:
  • the dynamic host configuration protocol in the broadcast form requests the DHCP DISCOVER packet, and parses the MAC address carried in the DHCP DISCOVER packet, where the DHCP DISCOVER packet is The client sends the message to the DHCP server.
  • IP addresses carrying the MAC address to provide a DHCP OFFER message
  • IP addresses carrying the MAC address to provide a DHCP OFFER message
  • parsing one or more IP addresses carried in the one or more DHCP OFFER messages where One or more DHCP OFFER messages are sent by the DHCP server to the client.
  • the device further includes: an aging module.
  • An aging module configured to: after the write module writes the MAC address and the IP address assigned by the client request to the ARP entry as the ARP entry, according to a DHCP address lease aging time, ARP entries are aged.
  • the device further includes: a first obtaining module, a second determining module, and an updating module.
  • a first obtaining module configured to acquire, after the writing module writes the MAC address and the IP address that is requested by the client as the ARP entry into the ARP entry, acquiring the MAC address A DHCP REQUEST renewal message, wherein the DHCP REQUEST renewal message is sent by the client to the DHCP server.
  • the second determining module is configured to determine whether the second DHCP ACK message of the DHCP server in response to the DHCP REQUEST renewal message is received.
  • an update module configured to update an aging time of the ARP entry if it is determined that the second DHCP ACK message is received.
  • the device further includes: a second acquiring module.
  • a second obtaining module configured to acquire, after the writing module writes the MAC address and the IP address that is requested by the client to the ARP entry as the ARP entry, to obtain the MAC address DHCP RELEASE message.
  • the ARP entry has a higher priority than the dynamic ARP entry generated according to the address resolution protocol.
  • the device further includes: a receiving module, a third determining module, and a sending module.
  • the receiving module is configured to receive the ARP learning report sent by the client after the writing module writes the MAC address and the IP address that the client requests to be the ARP entry to the ARP entry. Text.
  • the third determining module is configured to determine whether the source MAC address and the source IP address carried in the ARP learning packet are consistent with the MAC address recorded in the ARP entry and the IP address allocated by the client request.
  • a sending module configured to determine, by the third determining module, a source MAC address and a source IP address carried in the ARP learning packet, and the MAC address recorded in the ARP entry and the IP address allocated by the client request If the addresses are the same, an ARP response packet is sent to the client.
  • the device further includes: a fourth determining module.
  • the fourth judging module is configured to determine whether the ARP entry has aged after the aging module ages the ARP entry according to the aging time of the DHCP address lease.
  • the checking module is configured to check whether the client is online if the fourth determining module determines that the ARP entry has aged.
  • a second processing module configured to: when the check module checks that the client is online, convert the ARP entry into a dynamic ARP entry; if the check module detects that the client is offline , delete the ARP entry.
  • a computer readable storage medium storing computer executable instructions that, when executed by a processor, implement the address resolution protocol ARP entry generation method.
  • the solution of the embodiment of the present invention is to obtain a DHCP REQUEST packet, and parse the MAC address of the client carried in the DHCP REQUEST packet and the IP address requested by the client, where the DHCP REQUEST packet is sent by the client to the DHCP server. Determining whether the first DHCP ACK message of the DHCP server responding to the DHCP REQUEST message is received; if it is determined that the first DHCP ACK message is received, the MAC address and the IP address assigned by the client request are written as the ARP entry.
  • the method of entering ARP entries solves the problem of low reliability of ARP entries in related technologies and improves the reliability of ARP entries.
  • FIG. 1 is a flowchart of a method for generating an ARP entry according to an embodiment of the present invention
  • FIG. 2 is a structural block diagram of an ARP entry generating apparatus according to an embodiment of the present invention.
  • FIG. 3 is a block diagram 1 of a preferred structure of an ARP entry generating apparatus according to an embodiment of the present invention
  • FIG. 4 is a block diagram 2 of a preferred structure of an ARP entry generating apparatus according to an embodiment of the present invention
  • FIG. 5 is a block diagram 3 of a preferred structure of an ARP entry generating apparatus according to an embodiment of the present invention.
  • FIG. 6 is a block diagram 4 of a preferred structure of an ARP entry generating apparatus according to an embodiment of the present invention.
  • FIG. 7 is a block diagram 5 of a preferred structure of an ARP entry generating apparatus according to an embodiment of the present invention.
  • FIG. 8 is a block diagram 1 of a networking structure according to an alternative embodiment of the present invention.
  • FIG. 9 is a block diagram 2 of a networking structure according to an alternative embodiment of the present invention.
  • FIG. 10 is a timing diagram of a method for generating an ARP entry in accordance with an alternative embodiment of the present invention.
  • FIG. 11 is a flowchart of an ARP learning method according to an alternative embodiment of the present invention.
  • FIG. 12 is a flow chart of an ARP entry aging method in accordance with an alternate embodiment of the present invention.
  • FIG. 1 is a flowchart of a method for generating an ARP entry according to an embodiment of the present invention. As shown in FIG. 1, the process includes steps S101-S103:
  • Step S101 Acquire a DHCP REQUEST packet, and parse the MAC address of the client carried in the DHCP REQUEST packet and the IP address that the client requests to allocate, where the DHCP REQUEST packet is sent by the client to the DHCP server.
  • Step S102 Determine whether the first DHCP ACK message of the DHCP server in response to the DHCP REQUEST message is received.
  • Step S103 In the case that it is determined that the first DHCP ACK message is received, the MAC address and the IP address assigned by the client request are written into the ARP entry as an ARP entry.
  • the client MAC address carried in the DHCP REQUEST packet and the IP address that has been confirmed to be assigned to the client are written into the ARP entry as the ARP entry.
  • the ARP entry generated by the method only updates the ARP entry when the client requests the IP address allocation from the DHCP server. Therefore, there is no problem that the reliability of the ARP entry caused by learning ARP in the address resolution protocol is low. It can be seen that the above steps solve the problem that the reliability of the ARP entry in the related art is low, and the reliability of the ARP entry is improved.
  • the ARP entry includes the VLAN and the interface information of the virtual local area network.
  • the VLAN and the interface information are information about the VLAN and interface used by the client to send DHCP packets.
  • the foregoing method may be applied to a Layer 3 gateway device, where the Layer 3 gateway may be a DHCP relay or a DHCP server.
  • the MAC address of the client carried in the DHCP DISCOVER packet can be obtained.
  • the DHCP server that receives the DHCP DISCOVER packet sends a DHCP OFFER packet to the client, so that the client can be obtained.
  • One or more DHCP OFFER packet methods of the MAC address, and parsing one or more IP addresses carried in one or more DHCP OFFER packets.
  • the access information consistency check may be performed after intercepting the DHCP request message; Reaching DHCP with the same MAC address If the access information is inconsistent, the ARP entry is not generated based on the intercepted two DHCP DISCOVER messages and the DHCP REQUEST message.
  • the DHCP address lease and the ARP entry are controlled by the aging time.
  • the ARP entry can be obtained according to the DHCP address lease aging time after the step S103. Perform aging.
  • the client can send a DHCP REQUEST renewal request to the DHCP server. Therefore, the second DHCP can be received by the DHCP server in response to the DHCP REQUEST renewal message.
  • the aging time of the ARP entry is updated according to the client's renewal request. For example, after the step S103, the DHCP REQUEST renewal message carrying the MAC address may be acquired, where the DHCP REQUEST renews the lease.
  • the message is sent by the client to the DHCP server; it is determined whether the second DHCP ACK message of the DHCP server responding to the DHCP REQUEST renewal message is received; and the ARP entry is updated when it is determined that the second DHCP ACK message is received. Aging time.
  • the DHCP server may release the IP address assigned to the client. Therefore, the ARP entry corresponding to the MAC address of the client may be deleted, for example, in the foregoing steps. After S103, the DHCP RELEASE packet carrying the MAC address may also be obtained; and the ARP entry is deleted.
  • the ARP entry has a higher priority than the dynamic ARP entry generated according to the address resolution protocol, wherein the ARP entry has a higher priority than the dynamic ARP entry generated according to the address resolution protocol, and the ARP entry cannot be represented as an ARP entry according to the address resolution protocol.
  • the generated dynamic ARP entry is overwritten.
  • the ARP learning packet sent by the client may be received, and the validity of the client is confirmed according to the MAC address and the IP address of the client, and the ARP response is sent to the client when the client is legal.
  • the packet is not acknowledged if the client is not legal.
  • the ARP learning packet sent by the client can be received.
  • the source MAC address and the source IP address carried in the ARP learning packet are recorded in the ARP entry.
  • the MAC address is the same as the IP address assigned by the client request.
  • the source MAC address and source IP address carried in the ARP learning packet are consistent with the MAC address recorded in the ARP entry and the IP address assigned by the client request.
  • the ARP entry may be aged according to the aging time of the DHCP address lease, and the ARP entry may be aged. If the ARP entry is aged, the aging ARP entry may be processed according to whether the client is online. For example, after aging the ARP entry according to the aging time of the DHCP address lease, you can determine whether the ARP entry is aged. If the ARP entry is aged, check whether the client is online. Check the client online. In the case of ARP entries, the ARP entries are converted to dynamic ARP entries; in the case where the client is not online, the ARP entries are deleted.
  • the method according to the above embodiment can be implemented by means of software plus a necessary general hardware platform, and of course, by hardware, but in many cases, the former is A better implementation.
  • the technical solution of the embodiments of the present invention may be embodied in the form of a software product in essence or in the form of a software product stored in a storage medium (such as ROM/RAM, disk).
  • the optical disc includes a plurality of instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the method described in various embodiments of the present invention.
  • An ARP entry generating device is also provided in this embodiment, and the device is configured to implement the foregoing embodiments and optional embodiments, and details are not described herein.
  • the term "module” may implement a combination of software and/or hardware of a predetermined function.
  • the apparatus described in the following embodiments is preferably implemented in software, hardware, or a combination of software and hardware, is also possible and contemplated.
  • the apparatus includes: a first processing module 21, a first judging module 22, and a writing module 23, wherein the first processing module 21: Set to obtain a DHCP REQUEST packet, and parse the MAC address of the client carried in the DHCP REQUEST packet and the IP address assigned by the client request, where the DHCP REQUEST packet is sent by the client to the DHCP server;
  • the module 22 is coupled to the first processing module 21 and configured to determine whether the first DHCP ACK message of the DHCP server is received in response to the DHCP REQUEST message.
  • the writing module 23 is coupled to the first determining module 22 and configured to determine When the first DHCP ACK message is received, the MAC address is The IP address that the client requests to be assigned is the ARP entry to be written to the ARP entry.
  • the device may further include: a third processing module, configured to obtain a DHCP DISCOVER message, and parse the MAC address carried in the DHCP DISCOVER message, where the DHCP DISCOVER message is sent by the client to the DHCP server;
  • the fourth processing module is coupled to the third processing module and the first processing module 21, configured to acquire one or more DHCP OFFER messages carrying the MAC address, and parse the one or more DHCP OFFER messages.
  • FIG. 3 is a block diagram of an optional structure of an ARP entry generating apparatus according to an embodiment of the present invention.
  • the apparatus further includes: an aging module 31 coupled to the writing module 23, configured to follow a DHCP address. Aging entries are aged and the ARP entries are aged.
  • FIG. 4 is a block diagram 2 of an optional structure of an ARP entry generating apparatus according to an embodiment of the present invention.
  • the apparatus further includes: a first obtaining module 41, a second determining module 42, and an updating module 43.
  • the first obtaining module 41 is coupled to the aging module 31 and configured to obtain a DHCP REQUEST renewal message carrying a MAC address, where the DHCP REQUEST renewal message is sent by the client to the DHCP server;
  • the module 42 is coupled to the first obtaining module 41, and configured to determine whether the second DHCP ACK message of the DHCP server responding to the DHCP REQUEST renewal message is received.
  • the updating module 43 is coupled to the second determining module 42 and configured to be When it is determined that the second DHCP ACK packet is received, the aging time of the ARP entry is updated.
  • FIG. 5 is a block diagram 3 of an optional structure of an ARP entry generating apparatus according to an embodiment of the present invention.
  • the apparatus further includes: a second obtaining module 51 and a deleting module 52, wherein the second acquiring module 51, coupled to the write module 23, configured to acquire a DHCP RELEASE message carrying a MAC address; the deletion module 52, coupled to the second acquisition module 51, configured to delete the ARP entry.
  • the ARP entry has a higher priority than the dynamic ARP entry generated according to the address resolution protocol.
  • FIG. 6 is a block diagram of an optional structure of an ARP entry generating apparatus according to an embodiment of the present invention.
  • the apparatus further includes: a receiving module 61, a third determining module 62, and a sending module 63, where The receiving module 61 is coupled to the writing module 23 and configured to receive the ARP sent by the client.
  • the third message determining module 62 is coupled to the receiving module 61 and configured to determine whether the source MAC address and the source IP address carried in the ARP learning packet are the MAC address recorded in the ARP entry and the IP address assigned by the client request.
  • the sending module 63 is coupled to the third determining module 62, and is configured to determine that the source MAC address and the source IP address carried in the ARP learning packet are the same as the MAC address recorded in the ARP entry and the IP address assigned by the client request. In case, an ARP response packet is sent to the client.
  • FIG. 7 is a block diagram 5 of an optional structure of an ARP entry generating apparatus according to an embodiment of the present invention.
  • the apparatus further includes: a fourth determining module 71, an inspecting module 72, and a second processing module 73.
  • the fourth determining module 71 is coupled to the aging module 31, configured to determine whether the ARP entry has aged;
  • the checking module 72 is coupled to the fourth determining module 71, and configured to check if the ARP entry is aged. Whether the client is online;
  • the second processing module 73 coupled to the checking module 72, is configured to convert the ARP entry to a dynamic ARP entry if the client is checked online; otherwise, delete the ARP entry.
  • each of the foregoing modules may be implemented by software or hardware.
  • the foregoing may be implemented by, but not limited to, the foregoing modules are all located in the same processor; or, the modules are located in multiple In the processor.
  • the embodiment of the invention further provides a software, which is arranged to perform the technical solutions described in the above embodiments and preferred embodiments.
  • the storage medium is further arranged to store program code arranged to perform the following steps:
  • S100 Obtain a DHCP REQUEST packet, and parse the MAC address of the client carried in the DHCP REQUEST packet and the IP address allocated by the client request, where the DHCP REQUEST packet is sent by the client to the DHCP server.
  • the storage medium is further arranged to store program code for performing the following steps:
  • S110 Acquire a DHCP DISCOVER packet and parse the DHCP DISCOVER packet.
  • S120 Obtain one or more DHCP OFFER messages carrying a MAC address, and parse one or more IP addresses carried in one or more DHCP OFFER messages, where one or more DHCP OFFER messages are DHCP servers. Sent to the client.
  • the storage medium is further arranged to store program code for performing the following steps:
  • the ARP entry is aged according to the aging time of the DHCP address lease.
  • the storage medium is further arranged to store program code for performing the following steps:
  • S710 Obtain a DHCP REQUEST renewal message carrying a MAC address, where the DHCP REQUEST renewal message is sent by the client to the DHCP server.
  • the storage medium is further arranged to store program code for performing the following steps:
  • the storage medium is further arranged to store program code for performing the following steps:
  • the ARP entry has a higher priority than the dynamic ARP entry generated according to the address resolution protocol.
  • the storage medium is further arranged to store program code for performing the following steps:
  • S902 Determine whether the source MAC address and the source IP address carried in the ARP learning packet are consistent with the MAC address recorded in the ARP entry and the IP address allocated by the client request.
  • the ARP response packet is sent to the client.
  • a computer readable storage medium storing computer executable instructions, the computer being executable
  • the address resolution protocol ARP entry generation method is implemented when the row instruction is executed by the processor.
  • Embodiments of the present invention also provide a storage medium.
  • the above storage medium may be configured to store program code for performing the following steps:
  • the foregoing storage medium may include, but is not limited to, a USB flash drive, a read-only memory (ROM), a random access memory (RAM), and a mobile device.
  • ROM read-only memory
  • RAM random access memory
  • An alternative embodiment of the present invention provides a method for generating an ARP entry on a Layer 3 gateway device.
  • the device intercepts and intercepts DHCP packets, and extracts the IP and MAC information required for the ARP entry.
  • the Layer 3 The gateway device adds the ARP entry to the ARP entry.
  • the ARP entry is aged according to the address assigned by the DHCP.
  • the ARP entry aging time is updated.
  • the priority of the ARP entry is greater than the dynamic ARP entry priority and cannot be overwritten by the dynamic ARP entry. Therefore, the legality of the ARP entry is ensured, the security is improved, and the burden of the device for dynamic host ARP learning is also reduced.
  • FIG. 8 is a block diagram of a networking structure according to an alternative embodiment of the present invention.
  • the Layer 3 gateway may be a DHCP relay.
  • FIG. 9 is a block diagram 2 of a networking structure according to an alternative embodiment of the present invention. As shown in FIG. 9, a Layer 3 gateway may also be deployed on a same device as a DHCP server.
  • FIG. 10 is a timing diagram of a method for generating an ARP entry according to an alternative embodiment of the present invention. As shown in FIG. 10, the flow includes steps S1001-S1007:
  • step S1001 the host (equivalent to the above client) provides DHCP to the DHCP protocol.
  • the device sends a DHCP DISCOVER packet, and listens to or intercepts the DHCP DISCOVER packet on the Layer 3 gateway device to extract the legal access information and MAC information of the host.
  • Step S1002 The DHCP server receives the DHCP DISCOVER message for protocol processing, and returns a DHCP OFFER message to the host, and listens to or intercepts the DHCP OFFER message on the Layer 3 gateway device to extract the MAC information, performs matching, finds the entry generated in step S1002, and extracts the entry.
  • the IP address information is written to the entry.
  • step S1003 the host receives the DHCP OFFER packet for protocol processing, and sends a DHCP REQUEST packet to the DHCP server, and listens to or intercepts the DHCP REQUEST packet on the Layer 3 gateway device to extract the MAC information, and finds the entry generated in step S1002, and performs the connection. Into the information consistency check.
  • Step S1004 After receiving the DHCP REQUEST, the DHCP server performs protocol processing to return a DHCP ACK message to the host, and listens to or intercepts the DHCP ACK message on the Layer 3 gateway device to extract the MAC information, and matches the entry generated in step S1002, and simultaneously obtains the IP address. Performs a consistency check and writes the legal IP and MAC address information to the ARP entry.
  • step S1005 the host sends a DHCP REQUEST renewal packet to the DHCP server, and the DHCP REQUEST packet is extracted or intercepted on the Layer 3 gateway device to extract the MAC address, and the entry is found to be found in step S1001, and the access information consistency check is performed.
  • Step S1006 After receiving the DHCP REQUEST renewal packet, the DHCP server returns a DHCP ACK packet to the host, and listens to or intercepts the DHCP ACK packet on the Layer 3 gateway device to extract the MAC information, and performs matching to find the entry generated in step S1002. At the same time, the IP is checked for consistency, and the aging time of the ARP entry is updated.
  • Step S1007 The host sends a DHCP RELEASE packet to the DHCP server, and the DHCP RELEASE packet is intercepted or intercepted on the Layer 3 gateway device to extract the MAC address, and the entry generated in step S1001 is found, and the access information consistency check is performed, and the corresponding information is deleted. ARP entry.
  • FIG. 11 is a flowchart of an ARP learning method according to an alternative embodiment of the present invention. As shown in FIG. 11, the process includes steps S1101-S1104:
  • Step S1101 The Layer 3 gateway device receives the ARP learning packet of the user terminal.
  • Step S1102 according to the IP and MAC and the ARP entry added in the ARP table. Correct.
  • step S1103 if it is legal, the ARP response is returned.
  • step S1104 if it is illegal, no response is received.
  • FIG. 12 is a flowchart of an ARP entry aging method according to an alternative embodiment of the present invention. As shown in FIG. 12, the process includes steps S1201-S1204:
  • step S1201 the ARP entry added in the ARP table is aged according to the DHCP lease, and the aging time is up.
  • step S1202 the Layer 3 gateway device triggers ARP learning to check whether the host is still online.
  • step S1203 if the host is still online, the ARP entry is converted into a normal dynamic ARP entry.
  • step S1204 if the host is not online, the ARP entry is deleted.
  • the ARP entry generation mode is added by using the foregoing embodiment and the optional embodiment of the present invention.
  • the ARP is extracted by intercepting and intercepting DHCP packets on the Layer 3 gateway device.
  • the Layer 3 device adds the ARP entry to the ARP table.
  • the ARP entry is aged according to the address assigned by the DHCP.
  • the priority of the ARP entry is greater than that of the dynamic ARP entry and cannot be overwritten by the dynamic ARP entry. This ensures the validity of the ARP entry, improves the security, and reduces the burden on the device for dynamic host ARP learning.
  • each of the above-described modules or steps of the present invention can be implemented by a general-purpose computing device, which can be centralized on a single computing device or distributed over a network of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device such that they may be stored in the storage device by the computing device and, in some cases, may be different from the order herein.
  • the steps shown or described are performed, or they are separately fabricated into individual integrated circuit modules, or a plurality of modules or steps thereof are fabricated as a single integrated circuit module.
  • embodiments of the invention are not limited to any specific combination of hardware and software.
  • the solution of the embodiment of the present invention is to obtain a DHCP REQUEST packet, and parse the MAC address of the client carried in the DHCP REQUEST packet and the IP address requested by the client, where the DHCP REQUEST packet is sent by the client to the DHCP server. Determining whether the first DHCP ACK message of the DHCP server responding to the DHCP REQUEST message is received; if it is determined that the first DHCP ACK message is received, the MAC address and the IP address assigned by the client request are written as the ARP entry.
  • the method of entering ARP entries solves the problem of low reliability of ARP entries in related technologies and improves the reliability of ARP entries.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Small-Scale Networks (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

L'invention concerne un procédé et un dispositif de génération d'entrée de protocole de résolution d'adresse (ARP). Le procédé consiste : à acquérir un message de requête de protocole de configuration d'hôte dynamique (REQUÊTE de DHCP) et à analyser une adresse de contrôle d'accès au support (MAC) d'un client et une adresse de protocole Internet (IP), demandées par le client pour une attribution, qui sont acheminées dans le message de REQUÊTE de DHCP, le message de REQUÊTE de DHCP étant envoyé par le client à un serveur de protocole de configuration d'hôte dynamique (DHCP) ; à déterminer s'il faut ou non recevoir un premier message d'accusé de réception de protocole de configuration d'hôte dynamique (ACK de DHCP) du serveur de DHCP en réponse au message de REQUÊTE de DHCP ; lorsqu'il est déterminé que le premier message de ACK de DHCP est reçu, à écrire l'adresse MAC et l'adresse IP demandées par le client pour une attribution dans une entrée de table ARP comme entrées ARP.
PCT/CN2016/086454 2015-09-28 2016-06-20 Procédé et dispositif de génération d'entrée de protocole de résolution d'adresse (arp) WO2017054526A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510628667.0A CN106559506A (zh) 2015-09-28 2015-09-28 Arp条目生成方法和装置
CN201510628667.0 2015-09-28

Publications (1)

Publication Number Publication Date
WO2017054526A1 true WO2017054526A1 (fr) 2017-04-06

Family

ID=58416703

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/086454 WO2017054526A1 (fr) 2015-09-28 2016-06-20 Procédé et dispositif de génération d'entrée de protocole de résolution d'adresse (arp)

Country Status (2)

Country Link
CN (1) CN106559506A (fr)
WO (1) WO2017054526A1 (fr)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110474814A (zh) * 2019-08-29 2019-11-19 广州供电局有限公司 电力局域网故障诊断方法、装置
CN111740901A (zh) * 2020-05-20 2020-10-02 北京华三通信技术有限公司 一种建立bgp对等体的方法及装置
CN111835879A (zh) * 2020-06-18 2020-10-27 烽火通信科技股份有限公司 一种基于dhcp relay协议的报文处理方法及中继设备
CN112261173A (zh) * 2020-10-20 2021-01-22 四川天邑康和通信股份有限公司 一种涉及融合网关的dhcp服务器分配地址冲突检测方法
CN112383559A (zh) * 2020-11-25 2021-02-19 杭州迪普信息技术有限公司 地址解析协议攻击的防护方法及装置
CN113630322A (zh) * 2021-08-02 2021-11-09 迈普通信技术股份有限公司 网络割接方法、装置、网络设备及计算机可读存储介质
CN113709129A (zh) * 2021-08-20 2021-11-26 绿盟科技集团股份有限公司 一种基于流量学习的白名单生成方法、装置和系统
CN114553761A (zh) * 2022-01-14 2022-05-27 新华三技术有限公司合肥分公司 一种异常处理方法、装置、网络设备及存储介质
CN115002067A (zh) * 2022-04-19 2022-09-02 深圳市共进电子股份有限公司 客户端主机名处理方法、装置、系统、设备及介质
CN115065664A (zh) * 2022-06-17 2022-09-16 北京天融信网络安全技术有限公司 一种互联网协议地址的回收方法、电子设备及存储介质

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107343057A (zh) * 2017-06-30 2017-11-10 中国航空工业集团公司雷华电子技术研究所 一种ip地址灵活可变的c6678以太网加载方法
CN109462609B (zh) * 2018-12-24 2021-08-06 新华三技术有限公司 一种arp抑制表项生成方法和装置
CN110677508A (zh) * 2019-09-06 2020-01-10 四川天邑康和通信股份有限公司 白盒子工程ip网络优化
CN111835735B (zh) * 2020-06-29 2023-12-29 新华三信息安全技术有限公司 一种防攻击方法、装置、设备及机器可读存储介质
CN113014693B (zh) * 2021-03-31 2023-05-26 贵州航天电子科技有限公司 一种多客户端温控组合服务器
CN114124812A (zh) * 2021-11-22 2022-03-01 迈普通信技术股份有限公司 维护表项一致性的方法、装置及电子设备

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060294257A1 (en) * 2005-06-24 2006-12-28 Olympus Corporation IP address obtaining method
US20070192500A1 (en) * 2006-02-16 2007-08-16 Infoexpress, Inc. Network access control including dynamic policy enforcement point
CN101175080A (zh) * 2007-07-26 2008-05-07 杭州华三通信技术有限公司 防止arp报文攻击的方法和系统
CN101179566A (zh) * 2007-11-24 2008-05-14 华为技术有限公司 一种防御arp报文攻击的方法和装置
CN101453495A (zh) * 2008-12-30 2009-06-10 杭州华三通信技术有限公司 防止授权地址解析协议信息丢失的方法、系统和设备

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120195198A1 (en) * 2011-01-31 2012-08-02 Joseph Regan Method and apparatus providing protocol policing

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060294257A1 (en) * 2005-06-24 2006-12-28 Olympus Corporation IP address obtaining method
US20070192500A1 (en) * 2006-02-16 2007-08-16 Infoexpress, Inc. Network access control including dynamic policy enforcement point
CN101175080A (zh) * 2007-07-26 2008-05-07 杭州华三通信技术有限公司 防止arp报文攻击的方法和系统
CN101179566A (zh) * 2007-11-24 2008-05-14 华为技术有限公司 一种防御arp报文攻击的方法和装置
CN101453495A (zh) * 2008-12-30 2009-06-10 杭州华三通信技术有限公司 防止授权地址解析协议信息丢失的方法、系统和设备

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110474814A (zh) * 2019-08-29 2019-11-19 广州供电局有限公司 电力局域网故障诊断方法、装置
CN111740901A (zh) * 2020-05-20 2020-10-02 北京华三通信技术有限公司 一种建立bgp对等体的方法及装置
CN111740901B (zh) * 2020-05-20 2022-09-02 北京华三通信技术有限公司 一种建立bgp对等体的方法及装置
CN111835879B (zh) * 2020-06-18 2022-06-24 烽火通信科技股份有限公司 一种基于dhcp relay协议的报文处理方法及中继设备
CN111835879A (zh) * 2020-06-18 2020-10-27 烽火通信科技股份有限公司 一种基于dhcp relay协议的报文处理方法及中继设备
CN112261173A (zh) * 2020-10-20 2021-01-22 四川天邑康和通信股份有限公司 一种涉及融合网关的dhcp服务器分配地址冲突检测方法
CN112383559A (zh) * 2020-11-25 2021-02-19 杭州迪普信息技术有限公司 地址解析协议攻击的防护方法及装置
CN113630322A (zh) * 2021-08-02 2021-11-09 迈普通信技术股份有限公司 网络割接方法、装置、网络设备及计算机可读存储介质
CN113630322B (zh) * 2021-08-02 2023-06-13 迈普通信技术股份有限公司 网络割接方法、装置、网络设备及计算机可读存储介质
CN113709129A (zh) * 2021-08-20 2021-11-26 绿盟科技集团股份有限公司 一种基于流量学习的白名单生成方法、装置和系统
CN114553761A (zh) * 2022-01-14 2022-05-27 新华三技术有限公司合肥分公司 一种异常处理方法、装置、网络设备及存储介质
CN114553761B (zh) * 2022-01-14 2024-02-09 新华三技术有限公司合肥分公司 一种异常处理方法、装置、网络设备及存储介质
CN115002067A (zh) * 2022-04-19 2022-09-02 深圳市共进电子股份有限公司 客户端主机名处理方法、装置、系统、设备及介质
CN115065664A (zh) * 2022-06-17 2022-09-16 北京天融信网络安全技术有限公司 一种互联网协议地址的回收方法、电子设备及存储介质
CN115065664B (zh) * 2022-06-17 2024-01-26 北京天融信网络安全技术有限公司 一种互联网协议地址的回收方法、电子设备及存储介质

Also Published As

Publication number Publication date
CN106559506A (zh) 2017-04-05

Similar Documents

Publication Publication Date Title
WO2017054526A1 (fr) Procédé et dispositif de génération d'entrée de protocole de résolution d'adresse (arp)
US10033818B2 (en) Using listen ranges to deliver content to electronic devices from local caching servers
KR101914318B1 (ko) 수정된 호스트네임을 사용하는 글로벌 트래픽 관리 기법
US9554276B2 (en) System and method for on the fly protocol conversion in obtaining policy enforcement information
US20140122572A1 (en) Enterprise service bus routing system
CN101827138B (zh) 一种优化的ipv6过滤规则处理方法和设备
US10341286B2 (en) Methods and systems for updating domain name service (DNS) resource records
WO2018214853A1 (fr) Procédé, appareil, support et dispositif de réduction de longueur de message dns
RU2654854C1 (ru) Способ сбора данных о пользователе устройства беспроводной связи и машиночитаемый носитель для реализации этого способа
WO2014048746A1 (fr) Dispositif, système et procédé permettant de limiter les attaques sur un dns
US10652204B2 (en) ReNAT systems and methods
AU2023203289A1 (en) Systems and methods for providing a ReNAT communications environment
CN103795581A (zh) 地址处理方法和设备
WO2016034006A1 (fr) Procédé d'émission de paquets et dispositif d'accès
US9210129B2 (en) Systems and methods for providing a multiple secure link architecture
WO2016177185A1 (fr) Procédé et appareil de traitement d'adresse de commande d'accès au support (mac)
US8996607B1 (en) Identity-based casting of network addresses
WO2022135132A1 (fr) Procédé et appareil de traitement de service, dispositif électronique et support de stockage
JP2017118248A (ja) 名前解決装置、名前解決方法及び名前解決プログラム
JP6605149B2 (ja) 共有端末の検出方法及びその装置
CN115567539A (zh) 会话保持方法、装置、设备及存储介质
US20220337546A1 (en) Method and system for realizing network dynamics, terminal device and storage medium
CN116938486A (zh) 一种访问控制的方法、装置、系统、设备及存储介质
WO2016179960A1 (fr) Procédé et dispositif de gestion de résolution de système de noms de domaine (dns)
CN114614999A (zh) 一种网络访问方法、装置、设备和存储介质

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16850151

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16850151

Country of ref document: EP

Kind code of ref document: A1