Method and system for authenticating intra-site automatic tunnel addressing protocol (ISATAP) tunnels based on dynamic host configuration protocol (DHCP) monitoring

A technology of tunneling and IP address, which is applied in transmission systems, digital transmission systems, electrical components, etc., can solve problems such as attacks and insufficient security, and achieve the effect of avoiding network attacks

Active Publication Date: 2012-07-04
北京神州数码云科信息技术有限公司
View PDF5 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, one defect of ISATAP tunnel is that as long as the remote dual-protocol stack host node can reach the address of the ISATAP tunnel router that accesses the IPv6 network on the IPv4 route, the address of the IPv6 access network can be obtained without identity verification, which is very important in terms of security. Not enough, malicious unauthorized users can easily use the ISATAP tunnel as a springboard to attack the IPv6 network

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for authenticating intra-site automatic tunnel addressing protocol (ISATAP) tunnels based on dynamic host configuration protocol (DHCP) monitoring
  • Method and system for authenticating intra-site automatic tunnel addressing protocol (ISATAP) tunnels based on dynamic host configuration protocol (DHCP) monitoring
  • Method and system for authenticating intra-site automatic tunnel addressing protocol (ISATAP) tunnels based on dynamic host configuration protocol (DHCP) monitoring

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0035] The technical solutions of the present invention will be further described below in conjunction with the accompanying drawings and through specific implementation methods.

[0036] figure 1 It is a schematic structural diagram of an ISATAP tunnel authentication system based on DHCP snooping according to an embodiment of the present invention. Such as figure 1As shown, the system includes a dual-protocol stack host connected based on the IPv4 network, an access switch, a DHCP server, and an ISATAP router for enabling the dual-protocol stack host to access the IPv6 network, wherein the dual-protocol stack host is connected to the access switch, The access switch is connected to the ISATAP router and the DHCP server through the IPv4 network, and is connected to the IPv4 and IPv6 networks.

[0037] In the system, the access switch includes a DHCP monitoring and binding module, the DHCP monitoring and binding module is used to monitor the DHCP request process of the dual-p...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method and a system for authenticating intra-site automatic tunnel addressing protocol (ISATAP) tunnels based on dynamic host configuration protocol (DHCP) monitoring. The method includes that A an access switch monitors DHCP request processes of an internet protocol version 4/internal protocol version 6 (IPv4/IPv6) double-protocol stack host, binding information containing a media access control (MAC) address, an internet protocol (IP) address, a tenancy, a virtual local area network identifier and a port number of the double-protocol stack host is built, the binding information is packaged in a binding message, and the binding message is sent to a ISATAP router; B the double-protocol stack host to be accessed in a IPv6 network sends a router request message to the ISATAP router to request a prefix of a global IPv6 address; and C the ISATAP router inquires the binding information to determine whether a router advertisement is sent to notify the double-protocol stack host of the prefix of the global IPv6 address according to the IP address of the double-protocol stack host in the router request message.

Description

technical field [0001] The invention relates to the field of computer data communication, in particular to an authentication method and system of an ISATAP tunnel based on DHCP Snooping. Background technique [0002] Dynamic Host Configuration Protocol (DHCP) is a network protocol developed from the BOOTP protocol, which is used to dynamically assign IP addresses and other related information to hosts. DHCP adopts the client / server mode. The DHCP client is used to propose a configuration request. The DHCP server responds to the configuration request and returns configuration information to the DHCP client according to a predetermined strategy. All DHCP messages use the User Datagram Protocol (User Datagram) Protocol, UDP) encapsulation. [0003] DHCP snooping (DHCP Snooping) function refers to the process that the switch monitors the DHCP client to obtain IP through the DHCP protocol. It prevents DHCP attacks and privately sets up DHCP servers by setting trusted ports and ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/56H04L29/12H04L45/60
Inventor 梁小冰
Owner 北京神州数码云科信息技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap