WO2023168872A1 - Anomaly feedback method, fault location method, network node, and storage medium - Google Patents

Anomaly feedback method, fault location method, network node, and storage medium Download PDF

Info

Publication number
WO2023168872A1
WO2023168872A1 PCT/CN2022/104130 CN2022104130W WO2023168872A1 WO 2023168872 A1 WO2023168872 A1 WO 2023168872A1 CN 2022104130 W CN2022104130 W CN 2022104130W WO 2023168872 A1 WO2023168872 A1 WO 2023168872A1
Authority
WO
WIPO (PCT)
Prior art keywords
address
message forwarding
node
forwarding node
message
Prior art date
Application number
PCT/CN2022/104130
Other languages
French (fr)
Chinese (zh)
Inventor
黄灿灿
陆立
唐宏
叶何亮
邹洁
Original Assignee
中国电信股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中国电信股份有限公司 filed Critical 中国电信股份有限公司
Publication of WO2023168872A1 publication Critical patent/WO2023168872A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0677Localisation of faults

Definitions

  • the present disclosure relates to the field of network security technology, in particular to an abnormality feedback and fault location method, network node and storage medium.
  • the Tracert protocol is used in related technologies to troubleshoot the network.
  • Each router on the packet forwarding path will feedback its own IP (Internet Protocol) address to the sender of the packet.
  • IP Internet Protocol
  • the network management node will determine the fault-related node based on the packet carrying the IP address, and then perform fault location. operate.
  • One purpose of the present disclosure is to improve network security.
  • an exception feedback method including: when the message forwarding node determines that the message forwarding has timed out, determine the replacement address of the message forwarding node; generate the replacement address as the source address Timeout information; feedback the timeout information to the source node of the message.
  • the source node of the message includes a network management node, and the network management node determines the original address of the message forwarding node corresponding to the replacement address based on the timeout information.
  • determining the replacement address of the message forwarding node includes: the message forwarding node determines the replacement address based on a pre-stored correspondence between the original address of the message forwarding node and the replacement address.
  • At least one of the message forwarding node and the network management node pre-stores a corresponding relationship between the replacement address and the original address of the message forwarding node.
  • the exception feedback method further includes: the message forwarding node receives the corresponding relationship from the network management node, wherein the network management node synchronizes the corresponding relationship to each message forwarding node.
  • the message forwarding node receives the message and performs the operation of decrementing the TTL (Time To Live, time to live value) by 1, if it determines that the TTL is 0, it determines that the message forwarding has timed out.
  • TTL Time To Live, time to live value
  • the Ping (Packet Internet Groper, Internet packet explorer) function of the packet forwarding node can be configured to be turned on.
  • a fault location method including: a network management node obtains timeout information from a message forwarding node; and determines the source address carried by the timeout information, wherein the message forwarding node determines the message When forwarding times out, timeout information is generated, and the source address is the replacement address of the source node of the timeout information; the original address of the message forwarding node is determined based on the source address.
  • the network management node pre-stores the corresponding relationship between the replacement address and the original address of the message forwarding node; determining the original address of the message forwarding node based on the source address includes: matching the source address with the pre-stored replacement address, determining the The source address matches the packet forwarding address corresponding to the replacement address.
  • the fault location method further includes: the network management node performs network fault location based on the original address of the message forwarding node.
  • a message forwarding node including: a replacement address determination unit configured to determine the replacement address of the message forwarding node when the message forwarding times out; timeout information generation The unit is configured to use the replacement address as the source address to generate timeout information; the feedback unit is configured to feed back the timeout information to the source node of the message.
  • message forwarding further includes: a forwarding timeout determination unit configured to determine that the message forwarding has timed out if the TTL is determined to be 0 after receiving the message and performing an operation of decrementing the TTL by 1.
  • message forwarding also includes: a Ping functional unit configured to allow the Ping function to be set to an enabled state, and receive and feedback Ping messages in the enabled state.
  • a network management node including: a timeout information receiving unit configured to obtain timeout information from a message forwarding node; a replacement address obtaining unit configured to determine the timeout information carried The source address, wherein the message forwarding node generates timeout information when the message forwarding timeout is determined, and the source address is the replacement address of the source node of the timeout information; and the original address determination unit is configured to determine the message based on the source address The original address of the forwarding node.
  • the network management node further includes: a relationship storage unit configured to store the corresponding relationship between the replacement address and the original address of the message forwarding node; the address determination unit is configured to match the source address with the pre-stored replacement address, Determine the original address corresponding to the replacement address that matches the source address.
  • the network management node further includes: a fault location unit configured to perform network fault location based on the original address of the message forwarding node.
  • a network node including: a memory; and a processor coupled to the memory, the processor being configured to perform any of the above methods based on instructions stored in the memory.
  • a non-transitory computer-readable storage medium on which are stored computer program instructions, which when executed by a processor, implement the steps of any of the above methods.
  • a network system including: multiple message forwarding nodes configured to perform any of the above exception feedback methods; and a network management node configured to perform any of the above methods.
  • a fault location method is proposed, including: multiple message forwarding nodes configured to perform any of the above exception feedback methods; and a network management node configured to perform any of the above methods.
  • a computer program for causing a processor to perform any of the methods mentioned above.
  • Figure 1 is a flow chart of some embodiments of the exception feedback method of the present disclosure.
  • Figure 2 is a flow chart of some embodiments of the fault location method of the present disclosure.
  • FIG. 3A is a schematic diagram of some embodiments of the abnormality feedback and fault location method of the present disclosure.
  • FIG. 3B is a schematic diagram of other embodiments of the abnormality feedback and fault location method of the present disclosure.
  • Figure 4 is a schematic diagram of some embodiments of a message forwarding node of the present disclosure.
  • Figure 5 is a schematic diagram of some embodiments of the network management node of the present disclosure.
  • Figure 6 is a schematic diagram of some embodiments of network nodes of the present disclosure.
  • Figure 7 is a schematic diagram of other embodiments of network nodes of the present disclosure.
  • Figure 8 is a schematic diagram of some embodiments of the network system of the present disclosure.
  • the present disclosure proposes an exception feedback method and a corresponding fault location method to avoid address leakage caused by ICMP response messages.
  • the message forwarding node determines the replacement address of the message forwarding node.
  • the message forwarding node may be a router.
  • the message forwarding node may be an operator network router.
  • the above replacement address is a pseudo address of the message forwarding node, which is different from the real address of the message forwarding node.
  • the message forwarding node may store its own replacement address, and determine its own replacement address by querying the storage. In some embodiments, the message forwarding node may pre-store the corresponding relationship between its own real address and the replacement address, and determine the replacement address based on the pre-stored correspondence between the original address (real address) of the message forwarding node and the replacement address. In some embodiments, the original address of the message forwarding node refers to the address of the message forwarding node, which is a real network communication address and is used to find the message forwarding node during the communication process. In some embodiments, the replacement address of the message forwarding node does not affect the real address of the message forwarding node.
  • the message forwarding node uses the replacement address as the source address and generates timeout information. In some embodiments, the message forwarding node uses the source node address of the forwarded timed message as the destination address.
  • step 116 the timeout information is fed back to the source node of the message, so that the network management node determines the original address of the message forwarding node corresponding to the replacement address.
  • the network management node can obtain the timeout information through monitoring.
  • the network management node can monitor the network's downlink egress to the user and obtain timeout information.
  • the network management node may be the source node of forwarded timeout packets, so that the timeout information is directly fed back to the network management node, which can avoid consuming network management resources compared with obtaining timeout information through monitoring.
  • the timeout information does not carry the real address information of the packet forwarding node. If the timeout information is leaked, the leaked is a fake IP address.
  • hackers cannot attack the packet forwarding node through the fake IP address. This prevents hackers' DDOS (Distributed denial of service attack, distributed denial of service attack) attacks from the root cause and improves network security.
  • DDOS Distributed denial of service attack, distributed denial of service attack
  • the network management node can pre-store the corresponding relationship between the original address and the replacement address of each message forwarding node, and synchronize it to each message forwarding node, so that the message forwarding node can determine that the message forwarding timeout occurs. , can determine its own replacement address based on the synchronized correspondence.
  • the Ping function of the packet forwarding node can be set to a continuously enabled state to improve the flexibility of the setting.
  • the operator's network equipment will set up a Ping ban function, or will greatly reduce the number of ICMP responses generated by the network by limiting the number of Ping messages processed per second. number of messages, thereby limiting the consumption of device computing resources.
  • hackers forge dense ping packets there is a high probability that normal ping packets will be overwhelmed by forged packets and cannot receive a response.
  • the Ping function of the message forwarding node is set to the on state to facilitate the network management node's monitoring of the message forwarding node and fault location and troubleshooting operations.
  • the network management node obtains the timeout information from the message forwarding node.
  • the message forwarding node determines that the message forwarding has timed out, it will generate timeout information.
  • the message forwarding node may generate and send timeout information based on the method in the embodiment shown in Figure 1.
  • the network management node can extract the timeout information forwarded in the network, for example, obtain the timeout information through monitoring.
  • the network management node can monitor the network's downlink egress to the user and obtain timeout information.
  • the above-mentioned forwarding timeout message may be a message sent by a network management node, and the destination address of the timeout information is the network management node. There is no need to perform a monitoring operation and avoid consuming the resources of the network management node.
  • step 224 the network management node determines the source address carried in the timeout information, and the source address is the replacement address of the message forwarding node.
  • the original address of the message forwarding node is determined based on the source address.
  • the network management node may pre-store the corresponding relationship between each replacement address and the original address of the message forwarding node, and use the source address determined in step 224 as the matching object and each replacement address in the corresponding relationship as the address.
  • the matching operation determines the original address of the message forwarding node corresponding to the successfully matched replacement address, that is, the real address of the source node of the timeout information.
  • the replacement address in the network management node and the original address of the message forwarding node may be stored in the form of a mapping table.
  • the timeout information does not need to carry the real address of the message forwarding node.
  • the network management node can perform address restoration based on the replacement address carried in the timeout information and its own stored correspondence to determine the address of the message forwarding node. Real address, thereby realizing the traceability of timeout information while preventing hackers from DDOS attacks from the root cause and improving network security.
  • the network management node is the operator's network management equipment, thereby improving the security of the operator's network, avoiding leakage of the operator's network topology and being attacked and causing a large waste of resources, and improving the reliability of the operator's services.
  • the fault location method further includes step 228.
  • the network management node performs network fault location based on the original address of the message forwarding node. Based on the method in this embodiment, the network management node can use the original address of the packet forwarding node obtained by matching to perform troubleshooting, thereby improving the efficiency of network troubleshooting.
  • the Ping function of the packet forwarding node is continuously enabled, and the network management node can use the Ping function to troubleshoot according to the forwarding path, which further improves the efficiency and convenience of troubleshooting while ensuring network security.
  • FIG. 3A A schematic diagram of some embodiments of the abnormality feedback and fault location method of the present disclosure is shown in Figure 3A.
  • FIG. 3B A schematic diagram of other embodiments of the abnormality feedback and fault location method of the present disclosure is shown in Figure 3B.
  • the network management node 32 sends a message to a certain router 31n in the operator's network. Taking n greater than 3 as an example, when the TTL of the message received by the router 311 is 3, the process is similar to the process in the embodiment shown in Figure 3A.
  • the network management node can restore the pseudo IP address to the real address by virtue of its own stored correspondence, thereby determining the real address of the router 313 and using the real address as information for locating network faults.
  • the timeout message is obtained by a hacker
  • the attack initiated by the hacker will be directed to the wrong address.
  • the replacement address is 127.0.0.1
  • the hacker will launch an attack on himself.
  • the replacement address of one of the packet forwarding nodes can be set to 127.0.0.1, thereby interfering with the hacker's device and further improving network security.
  • the network management node obtains the ICMP timeout message, it reads the source address of the timeout message from the IP message header, and uses this address as the replacement address to query the mapping table between the replacement address and the real address of the router to obtain the address of router 313. , to promote normal fault location work.
  • FIG. 4 A schematic diagram of some embodiments of the message forwarding node 41 of the present disclosure is shown in Figure 4.
  • the replacement address determination unit 411 can determine the replacement address of the message forwarding node when the message forwarding times out.
  • the timeout information generation unit 412 can generate timeout information using the replacement address as the source address.
  • the timeout information generation unit 412 uses the source node address of the forwarded timeout message as the destination address, and carries the first 64 bits of the forwarded timeout message.
  • the first 64 bits of the message Includes the source and destination addresses of the forwarded timeout packet, thus facilitating packet source tracing.
  • the feedback unit 413 can feed back the timeout information to the source node of the message.
  • the network management node may determine the original address of the packet forwarding node corresponding to the replacement address.
  • the timeout information generated by such a packet forwarding node does not carry the real address information of the packet forwarding node. If the timeout information is leaked, the leaked IP address will be a fake IP address.
  • hackers cannot attack the packet forwarding node through the fake IP address, thus from It fundamentally prevents DDOS attacks by hackers and improves network security.
  • the type identifier carried in the timeout information generated by the timeout information generation unit 412 is 11.
  • Such message forwarding nodes can improve ICMP timeout (TTL exceeded) messages in related technologies, avoid timeout messages from leaking the real address of network devices and cause security risks, and improve network security.
  • TTL exceeded ICMP timeout
  • the message forwarding node 41 may also include a Ping function unit 415, which is continuously enabled and capable of receiving Ping messages and providing feedback.
  • a Ping function unit 415 which is continuously enabled and capable of receiving Ping messages and providing feedback.
  • hackers cannot obtain the original address of the message forwarding node through timeout information, and hackers cannot attack the message forwarding node through fake IP addresses. Therefore, turning on the Ping function will not lead to attacks by hackers forging dense Ping messages. situation, such a message forwarding node not only ensures network security, but also improves the convenience and efficiency of network troubleshooting.
  • FIG. 5 A schematic diagram of some embodiments of the network management node 52 of the present disclosure is shown in Figure 5.
  • the timeout information receiving unit 521 can obtain timeout information from the message forwarding node.
  • the message forwarding node will generate timeout information when it determines that the message forwarding has timed out.
  • the timeout information receiving unit 521 can extract the timeout information forwarded in the network, for example, obtain the timeout information through monitoring.
  • the timeout information receiving unit 521 can monitor the network's downlink egress to the user and obtain the timeout information.
  • the replacement address acquisition unit 522 can determine the source address carried in the timeout information, and the source address is the replacement address of the message forwarding node.
  • the address determination unit 523 can determine the original address of the message forwarding node according to the source address. In some embodiments, the address determination unit 523 may initiate a query to the relevant database to determine the original address of the message forwarding node associated with the source address.
  • the timeout information does not need to carry the real address of the message forwarding node.
  • the network management node can perform address restoration based on the replacement address carried in the timeout information and determine the real address of the message forwarding node, thereby achieving traceability of the timeout information. At the same time, it prevents hackers' DDOS attacks from the root cause and improves network security.
  • the network management node 52 may also include a relationship storage unit 524, which can store the corresponding relationship between the replacement address and the original address of the message forwarding node.
  • the replacement address and the original address of the message forwarding node may be stored in the form of a mapping table.
  • the address determination unit 523 may use the source address determined by the replacement address acquisition unit 522 as a matching object based on the corresponding relationship between each replacement address and the original address of the message forwarding node, and perform an address matching operation with each replacement address in the corresponding relationship. Determine the original address of the message forwarding node corresponding to the successfully matched replacement address, that is, the real address of the source node of the timeout information.
  • Such a network management node can easily perform address restoration operations, improving the reliability and efficiency of determining the real address of the message forwarding node.
  • the message forwarding node may also include a fault locating unit 525, which can perform network fault locating according to the original address of the message forwarding node.
  • a fault locating unit 525 can perform network fault locating according to the original address of the message forwarding node.
  • Such a network management node can use the matched original address of the packet forwarding node to perform troubleshooting, thereby improving the efficiency of network troubleshooting.
  • the network management node may include a message sending unit capable of sending messages to the message forwarding node. If the message forwarding times out, the timeout information receiving unit 521 of the network management node will receive a message from the message forwarding node. Timeout information. Such a network management node does not need to obtain timeout information in the network through monitoring, avoids consumption of network management node resources by monitoring operations, and saves network management node resources.
  • the network management node may also include a synchronization unit that can synchronize the correspondence between the original address and the replacement address of the message forwarding node to each message forwarding node, thereby ensuring that the network management node and the message forwarding node store the corresponding relationship. The consistency of the corresponding relationship ensures that the replacement address can be correctly restored to the real address, improving the reliability of the system.
  • the network node may be the message forwarding node mentioned above, or may be a network management node, including a memory 601 and a processor 602.
  • the memory 601 can be a disk, flash memory or any other non-volatile storage medium.
  • the memory is used to store instructions in corresponding embodiments of the above exception feedback method or network fault locating method.
  • Processor 602 is coupled to memory 601 and may be implemented as one or more integrated circuits, such as a microprocessor or microcontroller.
  • the processor 602 is used to execute instructions stored in the memory, which can improve the security of the network.
  • the network node 700 includes a memory 701 and a processor 702 .
  • Processor 702 is coupled to memory 701 via BUS bus 703 .
  • the network node 700 can also be connected to an external storage device 705 through a storage interface 704 to call external data, and can also be connected to a network or another computer system (not shown) through a network interface 706 . No further details will be given here.
  • the security of the network can be improved by storing data instructions in the memory and then processing the instructions by the processor.
  • a computer-readable storage medium has computer program instructions stored thereon. When the instructions are executed by a processor, the steps of the abnormal feedback method or the network fault locating method in the corresponding embodiment are implemented.
  • embodiments of the present disclosure may be provided as methods, apparatuses, or computer program products. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment that combines software and hardware aspects.
  • the present disclosure may take the form of a computer program product embodied on one or more computer-usable non-transitory storage media (including, but not limited to, disk memory, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein. .
  • FIG. 8 A schematic diagram of some embodiments of the network system of the present disclosure is shown in Figure 8.
  • Each message forwarding node 811 to 81n There are multiple message forwarding nodes 811 to 81n, n is a positive integer greater than 1. Each message forwarding node can be any one mentioned above and execute any one of the above exception feedback methods.
  • the network management node 82 can be any of the above network management nodes, and can perform any of the above fault location methods.
  • the timeout information generated by the message forwarding node does not carry the real address information of the message forwarding node.
  • the network management node can perform address restoration based on the replacement address carried in the timeout information to determine the real address of the message forwarding node. In this way, while realizing the traceability of timeout information, it prevents hackers' DDOS attacks from the root cause and improves network security.
  • the replacement address of one of the packet forwarding nodes 811 to 81n is 127.0.0.1, so that the hacker who attacks the node launches an attack on himself, and the hacker's device is interfered with, further improving the network performance. safety.
  • These computer program instructions may also be stored in a computer-readable memory that causes a computer or other programmable data processing apparatus to operate in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including the instruction means, the instructions
  • the device implements the functions specified in a process or processes of the flowchart and/or a block or blocks of the block diagram.
  • These computer program instructions may also be loaded onto a computer or other programmable data processing device, causing a series of operating steps to be performed on the computer or other programmable device to produce computer-implemented processing, thereby executing on the computer or other programmable device.
  • Instructions provide steps for implementing the functions specified in a process or processes of a flowchart diagram and/or a block or blocks of a block diagram.
  • the methods and apparatus of the present disclosure may be implemented in many ways.
  • the methods and devices of the present disclosure can be implemented through software, hardware, firmware, or any combination of software, hardware, and firmware.
  • the above order for the steps of the methods is for illustration only, and the steps of the methods of the present disclosure are not limited to the order specifically described above unless otherwise specifically stated.
  • the present disclosure may also be implemented as programs recorded in recording media, and these programs include machine-readable instructions for implementing methods according to the present disclosure.
  • the present disclosure also covers recording media storing programs for executing methods according to the present disclosure.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present disclosure relates to the technical field of network security, and provides an anomaly feedback method, a fault location method, a network node, and a storage medium. The anomaly feedback method of the present disclosure comprises: when a packet forwarding node determines that forwarding of a packet times out, determining an alternate address of the packet forwarding node; using the alternate address as a source address to generate timeout information; and feeding back the timeout information to a source node of the packet. By means of the method, network security is improved.

Description

异常反馈和故障定位方法、网络节点及存储介质Abnormal feedback and fault location methods, network nodes and storage media
相关申请的交叉引用Cross-references to related applications
本申请是以CN申请号为202210238228.9,申请日为2022年3月10日的申请为基础,并主张其优先权,该CN申请的公开内容在此作为整体引入本申请中。This application is based on the application with CN application number 202210238228.9 and the filing date is March 10, 2022, and claims its priority. The disclosure content of the CN application is hereby incorporated into this application as a whole.
技术领域Technical field
本公开涉及网络安全技术领域,特别是一种异常反馈和故障定位方法、网络节点及存储介质。The present disclosure relates to the field of network security technology, in particular to an abnormality feedback and fault location method, network node and storage medium.
背景技术Background technique
网络出现故障时,相关技术中会使用跟踪路由Tracert协议来对网络进行故障排除。报文转发路径上每一台路由器会将自己的IP(Internet Protocol,互联网协议)地址反馈给报文的发送端,网管节点会基于携带了IP地址的报文确定故障相关节点,进而进行故障定位操作。When a network failure occurs, the Tracert protocol is used in related technologies to troubleshoot the network. Each router on the packet forwarding path will feedback its own IP (Internet Protocol) address to the sender of the packet. The network management node will determine the fault-related node based on the packet carrying the IP address, and then perform fault location. operate.
发明内容Contents of the invention
本公开的一个目的在于提高网络安全性。One purpose of the present disclosure is to improve network security.
根据本公开的一些实施例的一个方面,提出一种异常反馈方法,包括:报文转发节点在确定报文转发超时的情况下,确定报文转发节点的替换地址;将替换地址作为源地址生成超时信息;将超时信息反馈给报文的源节点。According to an aspect of some embodiments of the present disclosure, an exception feedback method is proposed, including: when the message forwarding node determines that the message forwarding has timed out, determine the replacement address of the message forwarding node; generate the replacement address as the source address Timeout information; feedback the timeout information to the source node of the message.
在一些实施例中,报文的源节点包括网管节点,网管节点根据超时信息确定与替换地址相对应的报文转发节点的原始地址。In some embodiments, the source node of the message includes a network management node, and the network management node determines the original address of the message forwarding node corresponding to the replacement address based on the timeout information.
在一些实施例中,确定报文转发节点的替换地址包括:报文转发节点根据预存的报文转发节点的原始地址与替换地址的对应关系,确定替换地址。In some embodiments, determining the replacement address of the message forwarding node includes: the message forwarding node determines the replacement address based on a pre-stored correspondence between the original address of the message forwarding node and the replacement address.
在一些实施例中,报文转发节点与网管节点中的至少一个预存有替换地址与报文转发节点的原始地址的对应关系。In some embodiments, at least one of the message forwarding node and the network management node pre-stores a corresponding relationship between the replacement address and the original address of the message forwarding node.
在一些实施例中,异常反馈方法还包括:报文转发节点接收来自网管节点的对应关系,其中,网管节点将对应关系同步至各个报文转发节点。In some embodiments, the exception feedback method further includes: the message forwarding node receives the corresponding relationship from the network management node, wherein the network management node synchronizes the corresponding relationship to each message forwarding node.
在一些实施例中,报文转发节点在接收报文并执行将TTL(Time To Live,生存 时间值)减1的操作后,若确定TTL为0,则确定报文转发超时。In some embodiments, after the message forwarding node receives the message and performs the operation of decrementing the TTL (Time To Live, time to live value) by 1, if it determines that the TTL is 0, it determines that the message forwarding has timed out.
在一些实施例中,报文转发节点的Ping(Packet Internet Groper,因特网包探索器)功能能够被配置为开启状态。In some embodiments, the Ping (Packet Internet Groper, Internet packet explorer) function of the packet forwarding node can be configured to be turned on.
根据本公开的一些实施例的一个方面,提出一种故障定位方法,包括:网管节点获取来自报文转发节点的超时信息;确定超时信息携带的源地址,其中,报文转发节点在确定报文转发超时的情况下,生成超时信息,源地址为超时信息的源节点的替换地址;根据源地址确定报文转发节点的原始地址。According to an aspect of some embodiments of the present disclosure, a fault location method is proposed, including: a network management node obtains timeout information from a message forwarding node; and determines the source address carried by the timeout information, wherein the message forwarding node determines the message When forwarding times out, timeout information is generated, and the source address is the replacement address of the source node of the timeout information; the original address of the message forwarding node is determined based on the source address.
在一些实施例中,网管节点预存有替换地址与报文转发节点的原始地址的对应关系;根据源地址确定报文转发节点的原始地址包括:将源地址与预存的替换地址相匹配,确定与源地址相匹配的替换地址对应的报文转发地址。In some embodiments, the network management node pre-stores the corresponding relationship between the replacement address and the original address of the message forwarding node; determining the original address of the message forwarding node based on the source address includes: matching the source address with the pre-stored replacement address, determining the The source address matches the packet forwarding address corresponding to the replacement address.
在一些实施例中,故障定位方法还包括:网管节点根据报文转发节点的原始地址执行网络故障定位。In some embodiments, the fault location method further includes: the network management node performs network fault location based on the original address of the message forwarding node.
根据本公开的一些实施例的一个方面,提出一种报文转发节点,包括:替换地址确定单元,被配置为在报文转发超时的情况下,确定报文转发节点的替换地址;超时信息生成单元,被配置为将替换地址作为源地址生成超时信息;反馈单元,被配置为将超时信息反馈给报文的源节点。According to an aspect of some embodiments of the present disclosure, a message forwarding node is proposed, including: a replacement address determination unit configured to determine the replacement address of the message forwarding node when the message forwarding times out; timeout information generation The unit is configured to use the replacement address as the source address to generate timeout information; the feedback unit is configured to feed back the timeout information to the source node of the message.
在一些实施例中,报文转发还包括:转发超时确定单元,被配置为在接收报文并执行将TTL减1的操作后,若确定TTL为0,则确定报文转发超时。In some embodiments, message forwarding further includes: a forwarding timeout determination unit configured to determine that the message forwarding has timed out if the TTL is determined to be 0 after receiving the message and performing an operation of decrementing the TTL by 1.
在一些实施例中,报文转发还包括:Ping功能单元,被配置为允许设置为开启状态,在开启状态下接收Ping消息并反馈。In some embodiments, message forwarding also includes: a Ping functional unit configured to allow the Ping function to be set to an enabled state, and receive and feedback Ping messages in the enabled state.
根据本公开的一些实施例的一个方面,提出一种网管节点,包括:超时信息接收单元,被配置为获取来自报文转发节点的超时信息;替换地址获取单元,被配置为确定超时信息携带的源地址,其中,报文转发节点在确定报文转发超时的情况下,生成超时信息,源地址为超时信息的源节点的替换地址;和原始地址确定单元,被配置为根据源地址确定报文转发节点的原始地址。According to an aspect of some embodiments of the present disclosure, a network management node is proposed, including: a timeout information receiving unit configured to obtain timeout information from a message forwarding node; a replacement address obtaining unit configured to determine the timeout information carried The source address, wherein the message forwarding node generates timeout information when the message forwarding timeout is determined, and the source address is the replacement address of the source node of the timeout information; and the original address determination unit is configured to determine the message based on the source address The original address of the forwarding node.
在一些实施例中,网管节点还包括:关系存储单元,被配置为存储替换地址与报文转发节点的原始地址的对应关系;地址确定单元被配置为将源地址与预存的替换地址相匹配,确定与源地址相匹配的替换地址对应的原始地址。In some embodiments, the network management node further includes: a relationship storage unit configured to store the corresponding relationship between the replacement address and the original address of the message forwarding node; the address determination unit is configured to match the source address with the pre-stored replacement address, Determine the original address corresponding to the replacement address that matches the source address.
在一些实施例中,网管节点还包括:故障定位单元,被配置为根据报文转发节点的原始地址执行网络故障定位。In some embodiments, the network management node further includes: a fault location unit configured to perform network fault location based on the original address of the message forwarding node.
根据本公开的一些实施例的一个方面,提出一种网络节点,包括:存储器;以及耦接至存储器的处理器,处理器被配置为基于存储在存储器的指令执行上文中任意一种方法。According to an aspect of some embodiments of the present disclosure, a network node is proposed, including: a memory; and a processor coupled to the memory, the processor being configured to perform any of the above methods based on instructions stored in the memory.
根据本公开的一些实施例的一个方面,提出一种非瞬时性计算机可读存储介质,其上存储有计算机程序指令,该指令被处理器执行时实现上文中任意一种方法的步骤。According to an aspect of some embodiments of the present disclosure, a non-transitory computer-readable storage medium is provided, on which are stored computer program instructions, which when executed by a processor, implement the steps of any of the above methods.
根据本公开的一些实施例的一个方面,提出一种网络系统,包括:多个报文转发节点,被配置为执行上文中任意一种异常反馈方法;和网管节点,被配置为执行上文中任意一种故障定位方法。According to an aspect of some embodiments of the present disclosure, a network system is proposed, including: multiple message forwarding nodes configured to perform any of the above exception feedback methods; and a network management node configured to perform any of the above methods. A fault location method.
根据本公开的一些实施例的一个方面,提出一种计算机程序,用于使处理器执行上文中提到的任意一种方法。According to an aspect of some embodiments of the present disclosure, a computer program is provided for causing a processor to perform any of the methods mentioned above.
附图说明Description of the drawings
此处所说明的附图用来提供对本公开的进一步理解,构成本公开的一部分,本公开的示意性实施例及其说明用于解释本公开,并不构成对本公开的不当限定。在附图中:The drawings described here are used to provide a further understanding of the present disclosure and constitute a part of the present disclosure. The illustrative embodiments of the present disclosure and their descriptions are used to explain the present disclosure and do not constitute an improper limitation of the present disclosure. In the attached picture:
图1为本公开的异常反馈方法的一些实施例的流程图。Figure 1 is a flow chart of some embodiments of the exception feedback method of the present disclosure.
图2为本公开的故障定位方法的一些实施例的流程图。Figure 2 is a flow chart of some embodiments of the fault location method of the present disclosure.
图3A为本公开的异常反馈和故障定位方法的一些实施例的示意图。FIG. 3A is a schematic diagram of some embodiments of the abnormality feedback and fault location method of the present disclosure.
图3B为本公开的异常反馈和故障定位方法的另一些实施例的示意图。FIG. 3B is a schematic diagram of other embodiments of the abnormality feedback and fault location method of the present disclosure.
图4为本公开的报文转发节点的一些实施例的示意图。Figure 4 is a schematic diagram of some embodiments of a message forwarding node of the present disclosure.
图5为本公开的网管节点的一些实施例的示意图。Figure 5 is a schematic diagram of some embodiments of the network management node of the present disclosure.
图6为本公开的网络节点的一些实施例的示意图。Figure 6 is a schematic diagram of some embodiments of network nodes of the present disclosure.
图7为本公开的网络节点的另一些实施例的示意图。Figure 7 is a schematic diagram of other embodiments of network nodes of the present disclosure.
图8为本公开的网络系统的一些实施例的示意图。Figure 8 is a schematic diagram of some embodiments of the network system of the present disclosure.
具体实施方式Detailed ways
下面通过附图和实施例,对本公开的技术方案做进一步的详细描述。The technical solution of the present disclosure will be described in further detail below through the accompanying drawings and examples.
发明人发现,路由跟踪traceroute发起后,ICMP(Internet Control Message Protocol,互联网控制报文协议)回应报文会造成两方面风险:The inventor found that after the traceroute is initiated, the ICMP (Internet Control Message Protocol) response message will cause two risks:
1)ICMP回应报文被恶意截获,获取运营商设备的IP地址,进而可以通过密集 伪造ping报文的方式耗费运营商设备资源;1) The ICMP response message is maliciously intercepted and the IP address of the operator's equipment is obtained, which in turn consumes the operator's equipment resources by intensively forging ping messages;
2)用户基于ICMP回应报文中的真实IP地址,可以构建出运营商网络的拓扑结构,存在较大安全和商业风险。2) Users can construct the topology of the operator's network based on the real IP address in the ICMP response message, which involves greater security and business risks.
为了解决上述问题,本公开提出一种异常反馈方法和对应的故障定位方法,避免ICMP回应报文造成的地址泄露。In order to solve the above problems, the present disclosure proposes an exception feedback method and a corresponding fault location method to avoid address leakage caused by ICMP response messages.
在报文转发节点侧,本公开的异常反馈方法的一些实施例的流程图如图1所示。On the message forwarding node side, the flow chart of some embodiments of the exception feedback method of the present disclosure is as shown in Figure 1.
在步骤112中,报文转发节点在确定报文转发超时的情况下,确定报文转发节点的替换地址。在一些实施例中,报文转发节点可以为路由器,在一些实施例中,报文转发节点可以为运营商网络路由器。在一些实施例中,上述替换地址为报文转发节点的伪地址,与报文转发节点的真实地址不同。In step 112, when the message forwarding node determines that the message forwarding times out, the message forwarding node determines the replacement address of the message forwarding node. In some embodiments, the message forwarding node may be a router. In some embodiments, the message forwarding node may be an operator network router. In some embodiments, the above replacement address is a pseudo address of the message forwarding node, which is different from the real address of the message forwarding node.
在一些实施例中,报文转发节点可以存储有自身的替换地址,通过查询存储,确定自身的替换地址。在一些实施例中,报文转发节点可以预存有自身的真实地址与替换地址的对应关系,根据预存的报文转发节点的原始地址(真实地址)与替换地址的对应关系,确定替换地址。在一些实施例中,报文转发节点的原始地址指的是报文转发节点的地址,是真实的网络通信地址,用于在通信过程中找到该报文转发节点。在一些实施例中,报文转发节点的替换地址不会影响报文转发节点的真实地址。In some embodiments, the message forwarding node may store its own replacement address, and determine its own replacement address by querying the storage. In some embodiments, the message forwarding node may pre-store the corresponding relationship between its own real address and the replacement address, and determine the replacement address based on the pre-stored correspondence between the original address (real address) of the message forwarding node and the replacement address. In some embodiments, the original address of the message forwarding node refers to the address of the message forwarding node, which is a real network communication address and is used to find the message forwarding node during the communication process. In some embodiments, the replacement address of the message forwarding node does not affect the real address of the message forwarding node.
在步骤114中,报文转发节点将替换地址作为源地址,生成超时信息。在一些实施例中,报文转发节点将转发超时的报文的源节点地址作为目的地址。In step 114, the message forwarding node uses the replacement address as the source address and generates timeout information. In some embodiments, the message forwarding node uses the source node address of the forwarded timed message as the destination address.
在步骤116中,将超时信息反馈给报文的源节点,以便网管节点确定与替换地址相对应的报文转发节点的原始地址。在一些实施例中,网管节点可以通过监听获取超时信息。在一些实施例中,网管节点可以监听网络向用户的下行出口,获取超时信息。In step 116, the timeout information is fed back to the source node of the message, so that the network management node determines the original address of the message forwarding node corresponding to the replacement address. In some embodiments, the network management node can obtain the timeout information through monitoring. In some embodiments, the network management node can monitor the network's downlink egress to the user and obtain timeout information.
在一些实施例中,网管节点可以为被转发超时的报文的源节点,从而超时信息会直接反馈给网管节点,与通过监听获取超时信息的方式相比能够避免消耗网管资源。In some embodiments, the network management node may be the source node of forwarded timeout packets, so that the timeout information is directly fed back to the network management node, which can avoid consuming network management resources compared with obtaining timeout information through monitoring.
基于上文实施例中的方式,超时信息中不携带报文转发节点真实的地址信息,若超时信息泄露,则泄露的为伪IP地址,黑客通过伪IP地址无法对报文转发节点进行攻击,从而从根源上防止黑客的DDOS(Distributed denial of service attack,分布式拒绝服务攻击)攻击,提高了网络的安全性。Based on the method in the above embodiment, the timeout information does not carry the real address information of the packet forwarding node. If the timeout information is leaked, the leaked is a fake IP address. Hackers cannot attack the packet forwarding node through the fake IP address. This prevents hackers' DDOS (Distributed denial of service attack, distributed denial of service attack) attacks from the root cause and improves network security.
在一些实施例中,网管节点可以预存有各个报文转发节点的原始地址与替换地址的对应关系,并同步给各个报文转发节点,从而使报文转发节点在确定报文转发超时的情况下,能够根据已经同步的对应关系确定自身的替换地址。通过这样的方法,能 够确保网管节点与报文转发节点中存储的对应关系的一致性,确保替换地址能够被正确的还原为真实地址,提高网管故障定位正确率。In some embodiments, the network management node can pre-store the corresponding relationship between the original address and the replacement address of each message forwarding node, and synchronize it to each message forwarding node, so that the message forwarding node can determine that the message forwarding timeout occurs. , can determine its own replacement address based on the synchronized correspondence. Through this method, it is possible to ensure the consistency of the corresponding relationship stored in the network management node and the message forwarding node, ensure that the replacement address can be correctly restored to the real address, and improve the accuracy of network management fault location.
在一些实施例中,报文转发节点的Ping功能为可以被设置为持续开启状态,提高设置的灵活度。相关技术中,为了防止黑客伪造密集的Ping或者tracert报文消耗设备资源,运营商网络设备会设置禁Ping功能,或者会通过限制每秒钟的Ping报文处理个数来大幅减少网络产生ICMP回应报文的次数,从而限制设备计算资源的消耗。但是在黑客伪造密集的Ping报文的情况下,正常的Ping报文有很大概率被伪造的报文所淹没而无法得到回应。由于本公开中,黑客无法通过超时信息获得报文转发节点的原始地址,黑客通过替换地址无法对报文转发节点进行攻击,因此Ping功能的开启不会导致受到黑客伪造密集Ping报文攻击的情况,从而在保证网络安全性的同时,提高了网络故障定位便捷度和效率。在一些实施例中,将报文转发节点的Ping功能设置为开启状态,方便网管节点对报文转发节点的监测以及故障定位和排障操作。In some embodiments, the Ping function of the packet forwarding node can be set to a continuously enabled state to improve the flexibility of the setting. In related technologies, in order to prevent hackers from forging dense Ping or tracert messages to consume device resources, the operator's network equipment will set up a Ping ban function, or will greatly reduce the number of ICMP responses generated by the network by limiting the number of Ping messages processed per second. number of messages, thereby limiting the consumption of device computing resources. However, when hackers forge dense ping packets, there is a high probability that normal ping packets will be overwhelmed by forged packets and cannot receive a response. Since in this disclosure, hackers cannot obtain the original address of the message forwarding node through timeout information, and hackers cannot attack the message forwarding node by replacing the address, therefore turning on the Ping function will not lead to attacks by hackers forging dense Ping messages. , thereby improving the convenience and efficiency of network fault location while ensuring network security. In some embodiments, the Ping function of the message forwarding node is set to the on state to facilitate the network management node's monitoring of the message forwarding node and fault location and troubleshooting operations.
在网管节点侧,本公开的故障定位方法的一些实施例的流程图如图2所示。On the network management node side, the flow chart of some embodiments of the fault location method of the present disclosure is shown in Figure 2.
在步骤222中,网管节点获取来自报文转发节点的超时信息。在一些实施例中,报文转发节点在确定报文转发超时的情况下,会生成超时信息。在一些实施例中,报文转发节点可以基于如图1所示实施例中的方式生成并发送超时信息。在一些实施例中,网管节点可以提取网络中转发的超时信息,例如通过监听获取超时信息。在一些实施例中,网管节点可以监听网络向用户的下行出口,获取超时信息。在一些实施例中,上述转发超时的报文可以为网管节点发送的报文,则超时信息的目的地址即为网管节点,无需执行监听操作,避免了消耗网管节点的资源。In step 222, the network management node obtains the timeout information from the message forwarding node. In some embodiments, when the message forwarding node determines that the message forwarding has timed out, it will generate timeout information. In some embodiments, the message forwarding node may generate and send timeout information based on the method in the embodiment shown in Figure 1. In some embodiments, the network management node can extract the timeout information forwarded in the network, for example, obtain the timeout information through monitoring. In some embodiments, the network management node can monitor the network's downlink egress to the user and obtain timeout information. In some embodiments, the above-mentioned forwarding timeout message may be a message sent by a network management node, and the destination address of the timeout information is the network management node. There is no need to perform a monitoring operation and avoid consuming the resources of the network management node.
在步骤224中,网管节点确定超时信息携带的源地址,该源地址为报文转发节点的替换地址。In step 224, the network management node determines the source address carried in the timeout information, and the source address is the replacement address of the message forwarding node.
在步骤226中,根据源地址确定报文转发节点的原始地址。在一些实施例中,网管节点可以预存有各个替换地址与报文转发节点的原始地址之间的对应关系,以步骤224中确定的源地址为匹配对象、与对应关系中的各个替换地址做地址匹配操作,确定匹配成功的替换地址所对应的报文转发节点的原始地址,即超时信息的源节点的真实地址。在一些实施例中,网管节点中的替换地址与报文转发节点的原始地址可以以映射表的形式存储。In step 226, the original address of the message forwarding node is determined based on the source address. In some embodiments, the network management node may pre-store the corresponding relationship between each replacement address and the original address of the message forwarding node, and use the source address determined in step 224 as the matching object and each replacement address in the corresponding relationship as the address. The matching operation determines the original address of the message forwarding node corresponding to the successfully matched replacement address, that is, the real address of the source node of the timeout information. In some embodiments, the replacement address in the network management node and the original address of the message forwarding node may be stored in the form of a mapping table.
基于上文实施例中的方式,超时信息中无需携带报文转发节点的真实地址,网管节点能够基于超时信息中携带的替换地址、以及自身存储的对应关系进行地址还原, 确定报文转发节点的真实地址,从而在实现超时信息溯源的同时,从根源上防止黑客的DDOS攻击,提高了网络的安全性。在一些实施例中,网管节点为运营商的网络管理设备,从而提高了运营商网络的安全性,避免运营商网络拓扑泄露和被攻击造成大量资源浪费,提高了运营商服务的可靠性。Based on the method in the above embodiment, the timeout information does not need to carry the real address of the message forwarding node. The network management node can perform address restoration based on the replacement address carried in the timeout information and its own stored correspondence to determine the address of the message forwarding node. Real address, thereby realizing the traceability of timeout information while preventing hackers from DDOS attacks from the root cause and improving network security. In some embodiments, the network management node is the operator's network management equipment, thereby improving the security of the operator's network, avoiding leakage of the operator's network topology and being attacked and causing a large waste of resources, and improving the reliability of the operator's services.
在一些实施例中,如图2所示,故障定位方法还包括步骤228。在步骤228中,网管节点根据报文转发节点的原始地址执行网络故障定位。基于该实施例中的方式,网管节点能够利用匹配得出的报文转发节点的原始地址进行排查,提高网络排障的效率。在一些实施例中,报文转发节点的Ping功能持续开启,网管节点能够根据转发路径、利用Ping功能排查,在保证网络安全的同时,进一步提高排障的效率和便捷度。In some embodiments, as shown in Figure 2, the fault location method further includes step 228. In step 228, the network management node performs network fault location based on the original address of the message forwarding node. Based on the method in this embodiment, the network management node can use the original address of the packet forwarding node obtained by matching to perform troubleshooting, thereby improving the efficiency of network troubleshooting. In some embodiments, the Ping function of the packet forwarding node is continuously enabled, and the network management node can use the Ping function to troubleshoot according to the forwarding path, which further improves the efficiency and convenience of troubleshooting while ensuring network security.
本公开的异常反馈和故障定位方法的一些实施例的示意图如图3A所示。A schematic diagram of some embodiments of the abnormality feedback and fault location method of the present disclosure is shown in Figure 3A.
用户301向用户302发送报文,用户301向用户302发送路由跟踪traceroute的报文,例如echo request报文,TTL=3,ICMP type=8。路由器311收到该报文发现目的地址不是自己,将TTL-1=2,并将报文转发至下一跳路由器312。路由器312收到该报文发现目的地址不是自己,将TTL-1=1并将报文转发至下一跳路由器313。路由器313确定TTL=1,执行TTL-1=0,丢弃该报文,并使用该报文中的源地址(用户301的地址)作为目的地址。与相关技术中携带路由器313自身的真实地址不同,本公开中路由器313查询存储的自身的真实地址和替换地址的映射关系,将自己的伪IP地址作为源地址发送ICMP Type=11的TTL超时报文,发送给用户301。基于该实施例中的方式,用户301获取ICMP超时报文后,从IP报文头中读取超时报文的源地址,该地址为路由器313的替换地址,从而使用户301无法获得路由器313的真实地址,从而避免用户构建出运营商网络的拓扑结构,提高对运营商网络的保护。User 301 sends a message to user 302, and user 301 sends a traceroute message to user 302, such as an echo request message, TTL=3, ICMP type=8. Router 311 receives the message and finds that the destination address is not itself, sets TTL-1=2, and forwards the message to next-hop router 312. Router 312 receives the message and finds that the destination address is not itself, sets TTL-1=1 and forwards the message to next-hop router 313. Router 313 determines that TTL=1, executes TTL-1=0, discards the message, and uses the source address (the address of user 301) in the message as the destination address. Different from the related art that carries the real address of the router 313 itself, in this disclosure the router 313 queries the stored mapping relationship between its own real address and the replacement address, and uses its own pseudo IP address as the source address to send a TTL timeout report of ICMP Type=11. Text, sent to user 301. Based on the method in this embodiment, after user 301 obtains the ICMP timeout message, it reads the source address of the timeout message from the IP message header. This address is the replacement address of router 313, so that user 301 cannot obtain the source address of router 313. real address, thereby preventing users from constructing the topology structure of the operator's network and improving the protection of the operator's network.
本公开的异常反馈和故障定位方法的另一些实施例的示意图如图3B所示。网管节点32向运营商网络内的某个路由器31n发送报文,以n大于3为例,当路由器311收到的报文的TTL=3时,与图3A所示实施例中的过程相似,路由器313确定TTL=1,执行TTL-1=0,丢弃该报文,并使用该报文中的源地址(网管节点32的地址)作为目的地址,将路由器313的伪IP地址作为源地址发送ICMP Type=11的TTL超时报文,发送给网管节点32。网管节点能够凭借自身存储的对应关系,将伪IP地址还原为真实地址,从而确定路由器313的真实地址,将该真实地址作为网络故障定位的信息使用。A schematic diagram of other embodiments of the abnormality feedback and fault location method of the present disclosure is shown in Figure 3B. The network management node 32 sends a message to a certain router 31n in the operator's network. Taking n greater than 3 as an example, when the TTL of the message received by the router 311 is 3, the process is similar to the process in the embodiment shown in Figure 3A. Router 313 determines that TTL=1, executes TTL-1=0, discards the message, uses the source address in the message (the address of network management node 32) as the destination address, and sends the pseudo IP address of router 313 as the source address. The TTL timeout message of ICMP Type=11 is sent to the network management node 32. The network management node can restore the pseudo IP address to the real address by virtue of its own stored correspondence, thereby determining the real address of the router 313 and using the real address as information for locating network faults.
另外,针对图3A、3B所示实施例,若超时报文被黑客获取,则黑客发起的攻击 被引向错误的地址。在一些实施例中,替换地址为127.0.0.1的情况下,黑客会向自己发起攻击。在一些实施例中,可以设置其中一个报文转发节点的替换地址为127.0.0.1,从而使黑客的设备受到干扰,进一步提高网络安全性。另外,当网管节点获取ICMP超时报文后,从IP报文头中读取超时报文的源地址,并以此地址为替换地址查询替换地址和路由器真实地址的映射表,得到路由器313的地址,推进正常的故障定位工作。In addition, for the embodiments shown in Figures 3A and 3B, if the timeout message is obtained by a hacker, the attack initiated by the hacker will be directed to the wrong address. In some embodiments, if the replacement address is 127.0.0.1, the hacker will launch an attack on himself. In some embodiments, the replacement address of one of the packet forwarding nodes can be set to 127.0.0.1, thereby interfering with the hacker's device and further improving network security. In addition, when the network management node obtains the ICMP timeout message, it reads the source address of the timeout message from the IP message header, and uses this address as the replacement address to query the mapping table between the replacement address and the real address of the router to obtain the address of router 313. , to promote normal fault location work.
本公开的报文转发节点41的一些实施例的示意图如图4所示。A schematic diagram of some embodiments of the message forwarding node 41 of the present disclosure is shown in Figure 4.
替换地址确定单元411能够在报文转发超时的情况下,确定报文转发节点的替换地址。The replacement address determination unit 411 can determine the replacement address of the message forwarding node when the message forwarding times out.
超时信息生成单元412能够将替换地址作为源地址生成超时信息。在一些实施例中,超时信息生成单元412将转发超时的报文的源节点地址作为目的地址,并携带转发超时的报文的前64位内容,在一些实施例中,报文的前64位中包括该转发超时的报文的源、目的地址,从而便于报文溯源。The timeout information generation unit 412 can generate timeout information using the replacement address as the source address. In some embodiments, the timeout information generation unit 412 uses the source node address of the forwarded timeout message as the destination address, and carries the first 64 bits of the forwarded timeout message. In some embodiments, the first 64 bits of the message Includes the source and destination addresses of the forwarded timeout packet, thus facilitating packet source tracing.
反馈单元413能够将超时信息反馈给报文的源节点。在一些实施例中,当网管节点收到超时信息后,可以确定与替换地址相对应的报文转发节点的原始地址。The feedback unit 413 can feed back the timeout information to the source node of the message. In some embodiments, after receiving the timeout information, the network management node may determine the original address of the packet forwarding node corresponding to the replacement address.
这样的报文转发节点生成超时信息中不携带报文转发节点真实的地址信息,若超时信息泄露,则泄露的为伪IP地址,黑客通过伪IP地址无法对报文转发节点进行攻击,从而从根源上防止黑客的DDOS攻击,提高了网络的安全性。The timeout information generated by such a packet forwarding node does not carry the real address information of the packet forwarding node. If the timeout information is leaked, the leaked IP address will be a fake IP address. Hackers cannot attack the packet forwarding node through the fake IP address, thus from It fundamentally prevents DDOS attacks by hackers and improves network security.
在一些实施例中,如图4所示,报文转发节点41还可以包括转发超时确定单元414,能够执行对TTL-1的操作,若执行TTL=TTL-1的操作后得到TTL=0,则确定报文转发超时。在一些实施例中,超时信息生成单元412生成的超时信息中携带的类型标识为11。In some embodiments, as shown in Figure 4, the message forwarding node 41 may also include a forwarding timeout determination unit 414, which can perform operations on TTL-1. If TTL=0 is obtained after performing the operation of TTL=TTL-1, Then it is determined that the message forwarding has timed out. In some embodiments, the type identifier carried in the timeout information generated by the timeout information generation unit 412 is 11.
这样的报文转发节点能够对相关技术中的ICMP超时(TTL exceed)报文进行改进,避免超时报文泄露网络设备的真实地址造成安全隐患,提高网络安全性。Such message forwarding nodes can improve ICMP timeout (TTL exceeded) messages in related technologies, avoid timeout messages from leaking the real address of network devices and cause security risks, and improve network security.
在一些实施例中,如图4所示,报文转发节点41还可以包括Ping功能单元415,该单元持续开启,能够接收Ping消息并反馈。由于本公开中,黑客无法通过超时信息获得报文转发节点的原始地址,黑客通过伪IP地址无法对报文转发节点进行攻击,因此Ping功能的开启不会导致受到黑客伪造密集Ping报文攻击的情况,这样的报文转发节点在保证网络安全性的同时,提高了网络排障的便捷度和效率。In some embodiments, as shown in Figure 4, the message forwarding node 41 may also include a Ping function unit 415, which is continuously enabled and capable of receiving Ping messages and providing feedback. In this disclosure, hackers cannot obtain the original address of the message forwarding node through timeout information, and hackers cannot attack the message forwarding node through fake IP addresses. Therefore, turning on the Ping function will not lead to attacks by hackers forging dense Ping messages. situation, such a message forwarding node not only ensures network security, but also improves the convenience and efficiency of network troubleshooting.
本公开的网管节点52的一些实施例的示意图如图5所示。A schematic diagram of some embodiments of the network management node 52 of the present disclosure is shown in Figure 5.
超时信息接收单元521能够获取来自报文转发节点的超时信息,在一些实施例 中,报文转发节点在确定报文转发超时的情况下,会生成超时信息。在一些实施例中,超时信息接收单元521可以提取网络中转发的超时信息,例如通过监听获取超时信息。在一些实施例中,超时信息接收单元521可以监听网络向用户的下行出口,获取超时信息。The timeout information receiving unit 521 can obtain timeout information from the message forwarding node. In some embodiments, the message forwarding node will generate timeout information when it determines that the message forwarding has timed out. In some embodiments, the timeout information receiving unit 521 can extract the timeout information forwarded in the network, for example, obtain the timeout information through monitoring. In some embodiments, the timeout information receiving unit 521 can monitor the network's downlink egress to the user and obtain the timeout information.
替换地址获取单元522能够确定超时信息携带的源地址,该源地址为报文转发节点的替换地址。The replacement address acquisition unit 522 can determine the source address carried in the timeout information, and the source address is the replacement address of the message forwarding node.
地址确定单元523能够根据源地址确定报文转发节点的原始地址。在一些实施例中,地址确定单元523可以向相关数据库发起查询,确定与源地址相关联的报文转发节点的原始地址。The address determination unit 523 can determine the original address of the message forwarding node according to the source address. In some embodiments, the address determination unit 523 may initiate a query to the relevant database to determine the original address of the message forwarding node associated with the source address.
采用这样的网管节点,超时信息中无需携带报文转发节点的真实地址,网管节点能够基于超时信息中携带的替换地址进行地址还原,确定报文转发节点的真实地址,从而在实现超时信息溯源的同时,从根源上防止黑客的DDOS攻击,提高了网络的安全性。With such a network management node, the timeout information does not need to carry the real address of the message forwarding node. The network management node can perform address restoration based on the replacement address carried in the timeout information and determine the real address of the message forwarding node, thereby achieving traceability of the timeout information. At the same time, it prevents hackers' DDOS attacks from the root cause and improves network security.
在一些实施例中,如图5所示,网管节点52还可以包括关系存储单元524,能够存储替换地址与报文转发节点的原始地址的对应关系。在一些实施例中,替换地址与报文转发节点的原始地址可以以映射表的形式存储。地址确定单元523可以基于各个替换地址与报文转发节点的原始地址之间的对应关系,以替换地址获取单元522确定的源地址为匹配对象、与对应关系中的各个替换地址做地址匹配操作,确定匹配成功的替换地址所对应的报文转发节点的原始地址,即超时信息的源节点的真实地址。In some embodiments, as shown in Figure 5, the network management node 52 may also include a relationship storage unit 524, which can store the corresponding relationship between the replacement address and the original address of the message forwarding node. In some embodiments, the replacement address and the original address of the message forwarding node may be stored in the form of a mapping table. The address determination unit 523 may use the source address determined by the replacement address acquisition unit 522 as a matching object based on the corresponding relationship between each replacement address and the original address of the message forwarding node, and perform an address matching operation with each replacement address in the corresponding relationship. Determine the original address of the message forwarding node corresponding to the successfully matched replacement address, that is, the real address of the source node of the timeout information.
这样的网管节点能够方便的进行地址还原操作,提高了报文转发节点真实地址确定的可靠度和效率。Such a network management node can easily perform address restoration operations, improving the reliability and efficiency of determining the real address of the message forwarding node.
在一些实施例中,如图5所示,报文转发节点还可以包括故障定位单元525,能够根据报文转发节点的原始地址执行网络故障定位。这样的网管节点能够利用匹配得出的报文转发节点的原始地址进行排查,提高网络排障的效率。In some embodiments, as shown in Figure 5, the message forwarding node may also include a fault locating unit 525, which can perform network fault locating according to the original address of the message forwarding node. Such a network management node can use the matched original address of the packet forwarding node to perform troubleshooting, thereby improving the efficiency of network troubleshooting.
在一些实施例中,网管节点可以包括报文发送单元,能够向报文转发节点发送报文,若该报文转发超时,则网管节点的超时信息接收单元521会收到来自报文转发节点的超时信息。这样的网管节点无需通过监听获得网络中的超时信息,避免监听操作对网管节点资源的消耗,节省了网管节点的资源。In some embodiments, the network management node may include a message sending unit capable of sending messages to the message forwarding node. If the message forwarding times out, the timeout information receiving unit 521 of the network management node will receive a message from the message forwarding node. Timeout information. Such a network management node does not need to obtain timeout information in the network through monitoring, avoids consumption of network management node resources by monitoring operations, and saves network management node resources.
在一些实施例中,网管节点还可以包括同步单元,能够将报文转发节点的原始地址与替换地址的对应关系同步至各个报文转发节点,从而能够确保网管节点与报文转 发节点中存储的对应关系的一致性,确保替换地址能够被正确的还原为真实地址,提高系统的可靠性。In some embodiments, the network management node may also include a synchronization unit that can synchronize the correspondence between the original address and the replacement address of the message forwarding node to each message forwarding node, thereby ensuring that the network management node and the message forwarding node store the corresponding relationship. The consistency of the corresponding relationship ensures that the replacement address can be correctly restored to the real address, improving the reliability of the system.
本公开网络节点的一个实施例的结构示意图如图6所示。网络节点可以为上文中提到的报文转发节点,也可以为网管节点,包括存储器601和处理器602。其中:存储器601可以是磁盘、闪存或其它任何非易失性存储介质。存储器用于存储上文中异常反馈方法或网络故障定位方法的对应实施例中的指令。处理器602耦接至存储器601,可以作为一个或多个集成电路来实施,例如微处理器或微控制器。该处理器602用于执行存储器中存储的指令,能够提高网络的安全性。A schematic structural diagram of an embodiment of the disclosed network node is shown in Figure 6. The network node may be the message forwarding node mentioned above, or may be a network management node, including a memory 601 and a processor 602. Among them: the memory 601 can be a disk, flash memory or any other non-volatile storage medium. The memory is used to store instructions in corresponding embodiments of the above exception feedback method or network fault locating method. Processor 602 is coupled to memory 601 and may be implemented as one or more integrated circuits, such as a microprocessor or microcontroller. The processor 602 is used to execute instructions stored in the memory, which can improve the security of the network.
在一个实施例中,还可以如图7所示,网络节点700包括存储器701和处理器702。处理器702通过BUS总线703耦合至存储器701。该网络节点700还可以通过存储接口704连接至外部存储装置705以便调用外部数据,还可以通过网络接口706连接至网络或者另外一台计算机系统(未标出)。此处不再进行详细介绍。In one embodiment, as shown in FIG. 7 , the network node 700 includes a memory 701 and a processor 702 . Processor 702 is coupled to memory 701 via BUS bus 703 . The network node 700 can also be connected to an external storage device 705 through a storage interface 704 to call external data, and can also be connected to a network or another computer system (not shown) through a network interface 706 . No further details will be given here.
在该实施例中,通过存储器存储数据指令,再通过处理器处理上述指令,能够提高网络的安全性。In this embodiment, the security of the network can be improved by storing data instructions in the memory and then processing the instructions by the processor.
在另一个实施例中,一种计算机可读存储介质,其上存储有计算机程序指令,该指令被处理器执行时实现异常反馈方法或网络故障定位方法对应实施例中的方法的步骤。本领域内的技术人员应明白,本公开的实施例可提供为方法、装置、或计算机程序产品。因此,本公开可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本公开可采用在一个或多个其中包含有计算机可用程序代码的计算机可用非瞬时性存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。In another embodiment, a computer-readable storage medium has computer program instructions stored thereon. When the instructions are executed by a processor, the steps of the abnormal feedback method or the network fault locating method in the corresponding embodiment are implemented. It should be understood by those skilled in the art that embodiments of the present disclosure may be provided as methods, apparatuses, or computer program products. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment that combines software and hardware aspects. Furthermore, the present disclosure may take the form of a computer program product embodied on one or more computer-usable non-transitory storage media (including, but not limited to, disk memory, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein. .
本公开的网络系统的一些实施例的示意图如图8所示。A schematic diagram of some embodiments of the network system of the present disclosure is shown in Figure 8.
多个报文转发节点811~81n,n为大于1的正整数,每个报文转发节点可以为上文中提到的任意一种,执行上文中任意一种异常反馈方法。There are multiple message forwarding nodes 811 to 81n, n is a positive integer greater than 1. Each message forwarding node can be any one mentioned above and execute any one of the above exception feedback methods.
网管节点82可以为上文中任意一种网管节点,能够执行上文中任意一种故障定位方法。The network management node 82 can be any of the above network management nodes, and can perform any of the above fault location methods.
这样的网络系统中,报文转发节点生成的超时信息中不携带报文转发节点真实的地址信息,网管节点能够基于超时信息中携带的替换地址进行地址还原,确定报文转发节点的真实地址,从而在实现超时信息溯源的同时,从根源上防止黑客的DDOS攻击,提高了网络的安全性。In such a network system, the timeout information generated by the message forwarding node does not carry the real address information of the message forwarding node. The network management node can perform address restoration based on the replacement address carried in the timeout information to determine the real address of the message forwarding node. In this way, while realizing the traceability of timeout information, it prevents hackers' DDOS attacks from the root cause and improves network security.
在一些实施例中,报文转发节点811~81n中的其中一个报文转发节点的替换地址为127.0.0.1,从而使攻击该节点的黑客向自身发起攻击,黑客的设备受到干扰,进一步提高网络安全性。In some embodiments, the replacement address of one of the packet forwarding nodes 811 to 81n is 127.0.0.1, so that the hacker who attacks the node launches an attack on himself, and the hacker's device is interfered with, further improving the network performance. safety.
本公开是参照根据本公开实施例的方法、设备(系统)和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The disclosure is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the disclosure. It will be understood that each process and/or block in the flowchart illustrations and/or block diagrams, and combinations of processes and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing device to produce a machine, such that the instructions executed by the processor of the computer or other programmable data processing device produce a use A device for realizing the functions specified in one process or multiple processes of the flowchart and/or one block or multiple blocks of the block diagram.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory that causes a computer or other programmable data processing apparatus to operate in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including the instruction means, the instructions The device implements the functions specified in a process or processes of the flowchart and/or a block or blocks of the block diagram.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions may also be loaded onto a computer or other programmable data processing device, causing a series of operating steps to be performed on the computer or other programmable device to produce computer-implemented processing, thereby executing on the computer or other programmable device. Instructions provide steps for implementing the functions specified in a process or processes of a flowchart diagram and/or a block or blocks of a block diagram.
至此,已经详细描述了本公开。为了避免遮蔽本公开的构思,没有描述本领域所公知的一些细节。本领域技术人员根据上面的描述,完全可以明白如何实施这里公开的技术方案。Up to this point, the present disclosure has been described in detail. To avoid obscuring the concepts of the present disclosure, some details that are well known in the art have not been described. Based on the above description, those skilled in the art can completely understand how to implement the technical solution disclosed here.
可能以许多方式来实现本公开的方法以及装置。例如,可通过软件、硬件、固件或者软件、硬件、固件的任何组合来实现本公开的方法以及装置。用于所述方法的步骤的上述顺序仅是为了进行说明,本公开的方法的步骤不限于以上具体描述的顺序,除非以其它方式特别说明。此外,在一些实施例中,还可将本公开实施为记录在记录介质中的程序,这些程序包括用于实现根据本公开的方法的机器可读指令。因而,本公开还覆盖存储用于执行根据本公开的方法的程序的记录介质。The methods and apparatus of the present disclosure may be implemented in many ways. For example, the methods and devices of the present disclosure can be implemented through software, hardware, firmware, or any combination of software, hardware, and firmware. The above order for the steps of the methods is for illustration only, and the steps of the methods of the present disclosure are not limited to the order specifically described above unless otherwise specifically stated. Furthermore, in some embodiments, the present disclosure may also be implemented as programs recorded in recording media, and these programs include machine-readable instructions for implementing methods according to the present disclosure. Thus, the present disclosure also covers recording media storing programs for executing methods according to the present disclosure.
最后应当说明的是:以上实施例仅用以说明本公开的技术方案而非对其限制;尽 管参照较佳实施例对本公开进行了详细的说明,所属领域的普通技术人员应当理解:依然可以对本公开的具体实施方式进行修改或者对部分技术特征进行等同替换;而不脱离本公开技术方案的精神,其均应涵盖在本公开请求保护的技术方案范围当中。Finally, it should be noted that the above embodiments are only used to illustrate the technical solution of the present disclosure and not to limit it; although the present disclosure has been described in detail with reference to the preferred embodiments, those of ordinary skill in the art should understand that the present disclosure can still be modified Modifications to the specific embodiments disclosed or equivalent replacement of some technical features without departing from the spirit of the technical solution disclosed shall be included in the scope of the technical solution claimed by the present disclosure.

Claims (20)

  1. 一种异常反馈方法,包括:An exception feedback method, including:
    报文转发节点在确定报文转发超时的情况下,确定所述报文转发节点的替换地址;When the message forwarding node determines that the message forwarding has timed out, determine the replacement address of the message forwarding node;
    将所述替换地址作为源地址生成超时信息;和Use the replacement address as the source address to generate timeout information; and
    将所述超时信息反馈给所述报文的源节点。The timeout information is fed back to the source node of the message.
  2. 根据权利要求1所述的异常反馈方法,其中,所述报文的源节点包括网管节点,所述网管节点根据所述超时信息确定与所述替换地址相对应的报文转发节点的原始地址。The abnormality feedback method according to claim 1, wherein the source node of the message includes a network management node, and the network management node determines the original address of the message forwarding node corresponding to the replacement address based on the timeout information.
  3. 根据权利要求1所述的异常反馈方法,其中,所述确定所述报文转发节点的所述替换地址包括:所述报文转发节点根据预存的所述报文转发节点的原始地址与替换地址的对应关系,确定所述替换地址。The abnormality feedback method according to claim 1, wherein the determining the replacement address of the message forwarding node includes: the message forwarding node based on the pre-stored original address and replacement address of the message forwarding node. corresponding relationship to determine the replacement address.
  4. 根据权利要求1所述的异常反馈方法,其中,所述报文转发节点与网管节点中的至少一个预存有所述报文转发节点的原始地址与替换地址的对应关系。The abnormality feedback method according to claim 1, wherein at least one of the message forwarding node and the network management node pre-stores the corresponding relationship between the original address and the replacement address of the message forwarding node.
  5. 根据权利要求4所述的异常反馈方法,还包括:所述报文转发节点接收来自所述网管节点的所述对应关系,其中,所述网管节点将所述对应关系同步至各个报文转发节点。The abnormality feedback method according to claim 4, further comprising: the message forwarding node receiving the corresponding relationship from the network management node, wherein the network management node synchronizes the corresponding relationship to each message forwarding node .
  6. 根据权利要求1所述的异常反馈方法,其中,The abnormality feedback method according to claim 1, wherein,
    所述报文转发节点在接收所述报文并执行将生存时间值TTL减1的操作后,若确定TTL为0,则确定报文转发超时。After the message forwarding node receives the message and performs the operation of decrementing the time-to-live value TTL by 1, if it determines that the TTL is 0, it determines that the message forwarding has timed out.
  7. 根据权利要求1所述的异常反馈方法,其中,所述报文转发节点的因特网包探索器Ping功能能够被配置为开启状态。The abnormality feedback method according to claim 1, wherein the Internet packet explorer Ping function of the message forwarding node can be configured to be in an on state.
  8. 一种故障定位方法,包括:A fault location method, including:
    网管节点获取来自报文转发节点的超时信息;The network management node obtains the timeout information from the message forwarding node;
    确定所述超时信息携带的源地址,其中,所述报文转发节点在确定报文转发超时的情况下,生成所述超时信息,所述源地址为所述超时信息的源节点的替换地址;和根据所述源地址确定所述报文转发节点的原始地址。Determine the source address carried by the timeout information, wherein the message forwarding node generates the timeout information when the message forwarding timeout is determined, and the source address is the replacement address of the source node of the timeout information; and determining the original address of the message forwarding node according to the source address.
  9. 根据权利要求8所述的故障定位方法,其中,所述网管节点预存有替换地址与报文转发节点的原始地址的对应关系;The fault location method according to claim 8, wherein the network management node pre-stores the corresponding relationship between the replacement address and the original address of the message forwarding node;
    所述根据所述源地址确定所述报文转发节点的原始地址包括:将所述源地址与预存的替换地址相匹配,确定与所述源地址相匹配的替换地址对应的原始地址。Determining the original address of the message forwarding node according to the source address includes: matching the source address with a pre-stored replacement address, and determining the original address corresponding to the replacement address that matches the source address.
  10. 根据权利要求8所述的故障定位方法,还包括:The fault location method according to claim 8, further comprising:
    所述网管节点根据所述报文转发节点的原始地址执行网络故障定位。The network management node performs network fault location according to the original address of the message forwarding node.
  11. 一种报文转发节点,包括:A message forwarding node, including:
    替换地址确定单元,被配置为在报文转发超时的情况下,确定所述报文转发节点的替换地址;A replacement address determination unit configured to determine the replacement address of the message forwarding node when the message forwarding times out;
    超时信息生成单元,被配置为将所述替换地址作为源地址生成超时信息;和a timeout information generation unit configured to generate timeout information using the replacement address as a source address; and
    反馈单元,被配置为将所述超时信息反馈给所述报文的源节点。A feedback unit is configured to feed back the timeout information to the source node of the message.
  12. 根据权利要求11所述的报文转发节点,还包括:The message forwarding node according to claim 11, further comprising:
    转发超时确定单元,被配置为在接收所述报文并执行将TTL减1的操作后,若确定TTL为0,则确定报文转发超时。The forwarding timeout determining unit is configured to determine that the message forwarding has timed out if the TTL is determined to be 0 after receiving the message and performing an operation of decrementing the TTL by 1.
  13. 根据权利要求11所述的报文转发节点,还包括:The message forwarding node according to claim 11, further comprising:
    因特网包探索器Ping功能单元,被配置为允许被设置为开启状态,在开启状态下接收Ping消息并反馈。The Internet packet explorer Ping functional unit is configured to allow it to be set to an on state, and receive and feedback Ping messages in the on state.
  14. 一种网管节点,包括:A network management node includes:
    超时信息接收单元,被配置为获取来自报文转发节点的超时信息;A timeout information receiving unit configured to obtain timeout information from the message forwarding node;
    替换地址获取单元,被配置为确定所述超时信息携带的源地址,其中,所述报文转发节点在确定报文转发超时的情况下,生成所述超时信息,所述源地址为所述超时信息的源节点的替换地址;和A replacement address acquisition unit configured to determine the source address carried by the timeout information, wherein the message forwarding node generates the timeout information when determining that the message forwarding has timed out, and the source address is the timeout information. the replacement address of the source node of the message; and
    原始地址确定单元,被配置为根据所述源地址确定所述报文转发节点的原始地址。The original address determination unit is configured to determine the original address of the message forwarding node according to the source address.
  15. 根据权利要求14所述的网管节点,还包括:关系存储单元,被配置为存储替换地址与报文转发节点的原始地址的对应关系;The network management node according to claim 14, further comprising: a relationship storage unit configured to store the corresponding relationship between the replacement address and the original address of the message forwarding node;
    所述原始地址确定单元被配置为将所述源地址与预存的替换地址相匹配,确定与所述源地址相匹配的替换地址对应的原始地址。The original address determination unit is configured to match the source address with a pre-stored replacement address, and determine an original address corresponding to the replacement address that matches the source address.
  16. 根据权利要求14所述的网管节点,还包括:故障定位单元,被配置为根据所述报文转发节点的原始地址执行网络故障定位。The network management node according to claim 14, further comprising: a fault locating unit configured to perform network fault locating according to the original address of the message forwarding node.
  17. 一种网络节点,包括:A network node including:
    存储器;以及memory; and
    耦接至所述存储器的处理器,所述处理器被配置为基于存储在所述存储器的指令执行如权利要求1至10任一项所述的方法。A processor coupled to the memory, the processor configured to perform the method of any one of claims 1 to 10 based on instructions stored in the memory.
  18. 一种非瞬时性计算机可读存储介质,其上存储有计算机程序指令,该指令被处理器执行时实现权利要求1至10任意一项所述的方法的步骤。A non-transitory computer-readable storage medium on which computer program instructions are stored, which when executed by a processor implements the steps of the method described in any one of claims 1 to 10.
  19. 一种网络系统,包括:A network system including:
    多个报文转发节点,被配置为执行权利要求1~7任意一项所述的方法;和A plurality of message forwarding nodes configured to perform the method described in any one of claims 1 to 7; and
    网管节点,被配置为执行权利要求8~10任意一项所述的方法。The network management node is configured to execute the method described in any one of claims 8 to 10.
  20. 一种计算机程序,用于使处理器执行权利要求1~10任意一项所述的方法。A computer program used to cause a processor to execute the method described in any one of claims 1 to 10.
PCT/CN2022/104130 2022-03-10 2022-07-06 Anomaly feedback method, fault location method, network node, and storage medium WO2023168872A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202210238228.9 2022-03-10
CN202210238228.9A CN116781497A (en) 2022-03-10 2022-03-10 Abnormal feedback and fault positioning method, network node and storage medium

Publications (1)

Publication Number Publication Date
WO2023168872A1 true WO2023168872A1 (en) 2023-09-14

Family

ID=87937063

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/104130 WO2023168872A1 (en) 2022-03-10 2022-07-06 Anomaly feedback method, fault location method, network node, and storage medium

Country Status (2)

Country Link
CN (1) CN116781497A (en)
WO (1) WO2023168872A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103188716A (en) * 2011-12-29 2013-07-03 中兴通讯股份有限公司 Location method and device for failures of reliable user datagram protocol (RUDP) link
CN109831378A (en) * 2019-01-31 2019-05-31 新华三技术有限公司 A kind of message time-out response method and device
CN113542056A (en) * 2021-06-18 2021-10-22 新华三技术有限公司 Fault detection method, forwarding device and storage medium
WO2022017249A1 (en) * 2020-07-21 2022-01-27 阿里巴巴集团控股有限公司 Programmable switch, traffic statistics method, defense method, and packet processing method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103188716A (en) * 2011-12-29 2013-07-03 中兴通讯股份有限公司 Location method and device for failures of reliable user datagram protocol (RUDP) link
CN109831378A (en) * 2019-01-31 2019-05-31 新华三技术有限公司 A kind of message time-out response method and device
WO2022017249A1 (en) * 2020-07-21 2022-01-27 阿里巴巴集团控股有限公司 Programmable switch, traffic statistics method, defense method, and packet processing method
CN113542056A (en) * 2021-06-18 2021-10-22 新华三技术有限公司 Fault detection method, forwarding device and storage medium

Also Published As

Publication number Publication date
CN116781497A (en) 2023-09-19

Similar Documents

Publication Publication Date Title
US10084706B2 (en) Method and device for processing service function chaining
US20200220785A1 (en) Communications Connection Detection Method and Apparatus
US9654502B2 (en) Protecting address resolution protocol neighbor discovery cache against denial of service attacks
EP3355514B1 (en) Method and device for transmitting network attack defense policy and method and device for defending against network attack
US20170126522A1 (en) Methods, systems, and computer readable media for remote authentication dial in user service (radius) message loop detection and mitigation
EP3070902B1 (en) Mitigating neighbor discovery-based denial of service attacks
WO2019184752A1 (en) Network device management method, apparatus and system
EP3923532A1 (en) Bgp route identification method, apparatus and device
CN109587167B (en) Message processing method and device
US7986689B2 (en) ICMP with IP routing instance information
CN111787025B (en) Encryption and decryption processing method, device and system and data protection gateway
US10911581B2 (en) Packet parsing method and device
US20230007022A1 (en) Method and Device for Preventing Replay Attack on Srv6 HMAC Verification
CN104883360A (en) ARP spoofing fine-grained detecting method and system
EP3817285A1 (en) Method and device for monitoring forwarding table entry
CN101227287B (en) Data message processing method and data message processing equipment
CN102571488B (en) Failure processing method, device and system for encryption card
Wu et al. RFL: Robust fault localization on unreliable communication channels
US10680930B2 (en) Method and apparatus for communication in virtual network
WO2023168872A1 (en) Anomaly feedback method, fault location method, network node, and storage medium
US9380084B2 (en) Method, apparatus and system for implementing login of IP telephone number
Cisco Monitoring
Cisco 9.21(1) Caveats/9.21(2) Modifications
Cisco 9.21(1) Caveats/9.21(2) Modifications
Cisco 9.21(1) Caveats/9.21(2) Modifications

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22930501

Country of ref document: EP

Kind code of ref document: A1