Security monitoring service recovery method and system

Abstract

The invention relates to a method of single fighter under mesh security monitor service recovery which comprises the following steps: transmitting trouble alarm notification to backing up device with a security binding table after audio monitor trouble-rebooting; transmitting security binding table to the audio monitor after received trouble alarm notification by backing up device; recovering legal message check according to security binding table after received the security binding table by audio monitor. The invention also relates to a method of double-returning group under mesh security monitor service recovery, and under mesh security monitor service recovery system of single fighter and double-returning group. Backing up the security binding table in backing up device before monitoring device or main monitoring device trouble, and transmitting security binding table back through backing up device after trouble, to make the monitoring device or backing up device can rebuild the security binding table rapidly and recover security monitor service.

Description

technical field [0001] The invention relates to the field of network communication, in particular to a method and a system applicable to network operators of Internet Protocol (Internet Protocol, referred to as IP) to quickly restore safety monitoring services when monitoring equipment fails. Background technique [0002] When the Dynamic Host Configuration Protocol (DHCP) is applied in the network, security problems such as Denial of Service (DOS) and man-in-the-middle attacks may be encountered, which are usually caused by attackers with bad intentions spoofing The IP address and the Medium Access Control (MAC for short) address use an Address Resolution Protocol (ARP for short) message or an IP message to launch an attack. In order to solve this kind of spoofing attack, the DHCP snooping (DHCP Snooping) function is usually enabled on the routing device or switching device, and the IP address, MAC address, interface and virtual local area network (Virtual LAN Local Area N...

AI Technical Summary

Problems solved by technology

Among them, the security binding table can not only be dynamically established according to the DHCP Reply message, but also can be statically configured, but this method has a large workload and is not easy to maintain, so there are many application restrictions

[0003] The monitoring device can use a single-group network or a dual-homing network (active and standby monitoring device) in networking. When DHCP monitoring is enabled, if the monitoring device fails, the service will be interrupted, and the user will not be able to communicate for a long time. Happening

For a stand-alone network, the monitoring device restarts to restore the service, but the security binding table information dynamically learned before the restart will be lost, and all client packets will be discarded. The client can only wait until the contract is renewed or the lease expires, and the client reapplies. Communication can only be resumed after the address

For a dual-homing network, when the active monitoring device restarts due to a fault, other functions (STP series protocols deployed in a layer 2 network, VRRP protocol deployed in a layer 3 network, etc.) can be rerouted to the backup monitoring device. There is no relevant security binding table information on the standby monitoring device, and all client packets will be discarded, and the business will be interrupted. Communication can only be resumed after the client re-applies for an address.

[0004] In order to overcome the inconvenience caused by the interruption of communication in the dual-homing network, in the prior art, all the messages of the client are forwarded to the standby monitoring device without matching the security binding table. Uninterrupted, but can no longer provide security monitoring services

Images