Authentication method, system and equipment for bidirectional forwarding detection protocol conversation
A technology of two-way forwarding detection and authentication method, which is applied in the field of authentication of two-way forwarding detection protocol sessions, can solve the problems that BFD multi-hop sessions cannot be effectively protected and are vulnerable to attacks, and achieve the effect of improving security and protection capability.
Active Publication Date: 2008-08-27
HUAWEI TECH CO LTD
View PDF0 Cites 22 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0011] The descriptor of the existing BFD protocol message is used as the unique identifier to distinguish the session, and its allocation is linear growth, so it is vulnerable to attack
In addition, the TTL of BFD multi-hop session protocol packets does not meet specific conditions, so BFD multi-hop sessions cannot be effectively protected
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0030] An authentication method for bidirectional forwarding detection BFD sessions is provided in an embodiment of the present invention, such as image 3 shown, including:
[0031] 301. The local end receives a BFD session packet sent by the peer end, and acquires a session descriptor and a characteristic field carried in the BFD session packet.
[0032] 302. The local end compares the acquired session descriptor with the locally pre-stored session descriptor of the BFD session, and compares the acquired feature field with the locally pre-stored feature field of the BFD session.
[0033] 303. When the comparison results of the session descriptor and the feature field are consistent, the local end processes the BFD session packet, otherwise discards it.
[0034] The following is combined with specific application scenarios for the above-mentioned image 3 The process described in is described in detail.
[0035] First, the format of commonly used BFD protocol packets is de...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The embodiment of the invention discloses an authentication method, an authentication system and an authentication apparatus of a bilateral forwarding detection protocol BFD. The method includes: firstly, receiving the BFD conversation messages from the other part and obtaining the attribute fields and the conversation descriptors carried in the BFD conversation messages; secondly, comparing the obtained conversation descriptors with the conversation descriptors of the local pre-memorized BFD conversation and comparing the obtained attribute fields with the attribute fields of the local pre-memorized BFD conversation; and finally processing the BFD conversation messages when the comparative results of the conversation descriptors and the attribute fields are consistent. The protection capacity of the apparatus in defending BFD attacks and the security of the network are effectively improved by the embodiment of the invention and with the method that the attribute fields are combined and matched with the conversation descriptors.
Description
technical field [0001] The invention relates to the field of communication technology, in particular to an authentication method, system and equipment for bidirectional forwarding detection protocol sessions. Background technique [0002] With the development of technology, the security problem of the existing BFD (Bidirectional Forwarding Detection, Bidirectional Forwarding Detection) protocol itself becomes more and more prominent along with the promotion of its application. The existing main security problem is that the protocol state of BFD changes when a forged packet is received, which causes session flapping. [0003] first with figure 1 Take the BFD single-hop session scenario shown in as an example: [0004] figure 1 Among them, RTA (Router A, Router A) and RTB (Router B, Router B) are the core devices in the network. RTA and RTB establish a single-hop BFD session, that is, RTA and RTB are directly connected, and BFD is bound to the neighbor relationship of the r...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
Inventor 李振华
Owner HUAWEI TECH CO LTD