Method, device and system for assigning IP (Internet Protocol) address in wireless LAN (Local Area Network)
A wireless local area network, IP address technology, applied in the field of wireless communication, can solve the problems of DHCP flooding attacks, legitimate terminals cannot obtain IP addresses normally, and legitimate terminals cannot access the Internet, etc., so as to reduce malicious consumption and avoid flooding attacks. Effect
Active Publication Date: 2013-06-26
中国移动通信集团广西有限公司
3 Cites 11 Cited by
AI-Extracted Technical Summary
Problems solved by technology
[0013] Embodiments of the present invention provide a method, device and system for allocating IP addresses in a wireless local area network, which are used to solve how to prevent malicious terminals f...
Method used
By the scheme of embodiment one, determine the size of the usage rate of IP address in the IP resource pool of DHCP server, and according to the corresponding strategy of assigning IP address corresponding to said usage rate, avoid malicious terminal to utilize a large a...
Abstract
The invention discloses a method, device and system for assigning an IP (Internet Protocol) address in a wireless LAN (Local Area Network). The method mainly comprises the steps of: after receiving an IP address assignment request sent by an AP (Access Point), determining a utilization rate of a current IP address of a DHCP (Dynamic Host Configuration Protocol) server, and then taking a strict IP address assignment strategy which matches the current utilization rate. Therefore, the method, device and system for assigning the IP address in the wireless LAN can prevent the DHCP server from being subjected to flooding attack, and reduce malicious consumption of IP addresses in the DHCP server.
Application Domain
TransmissionNetwork data management
Technology Topic
Ip addressLocal area network +4
Image
Examples
- Experimental program(4)
Example Embodiment
[0033] Example one:
[0034] Such as figure 2 As shown, this is a flowchart of a method for allocating an IP address in a wireless local area network according to the first embodiment, and the method includes:
[0035] Step 201: After receiving the IP address allocation request sent by the AP, determine the usage rate of the current IP address in the DHCP server.
[0036] In order to ensure that the available IP addresses in the IP resource pool of the DHCP server are not consumed by malicious terminals, when receiving the IP address allocation request sent by the AP, the use rate of the current IP address in the DHCP server is judged (that is, the number of IP addresses that have been allocated to the AP) The ratio of the total number of IP addresses in the IP resource pool of the DHCP server), to indicate the number of available IP addresses remaining in the current DHCP server, and to provide a basis for whether to adopt a strict IP address allocation strategy.
[0037] In this step 201, there are many ways to determine the usage rate of the current IP address in the DHCP server. The number of IP addresses allocated by the DHCP server and the number of IP addresses released by the terminal can be monitored in real time to determine the received AP When sending an IP address allocation request, the number of IP addresses used in the DHCP server can also be obtained through the signaling interaction with the DHCP server to obtain the current IP address usage rate in the DHCP server. There is no specific restriction here.
[0038] Step 202: Perform an IP address allocation operation according to the determined IP address allocation strategy corresponding to the usage rate.
[0039] Specifically, different IP address allocation strategies are determined according to the determined usage rate, where the greater the usage rate, the stricter the IP allocation strategy. The steps of performing IP address allocation according to the determined IP address allocation strategy corresponding to the usage rate specifically include:
[0040] Step 2021: Determine whether the usage rate is greater than the first threshold and less than the second threshold; if not, execute step 2023; if yes, execute step 2022.
[0041] The first threshold represents the dividing line where the usage rate of the IP address in the DHCP server reaches a higher value. The value of the first threshold can be set according to the actual network environment or empirical values, for example, the current peak time of network usage During the period, a relatively large first threshold can be set, such as 70%; when the current period is in a low network usage period, a relatively small first threshold can be set, such as 40%.
[0042] When the usage rate is greater than the first threshold, it can indicate that a large number of IP addresses in the IP resource pool of the current DHCP server have been used, and the number of available IP addresses is limited. Once a malicious terminal initiates a large number of IP address allocation requests, it will take a short time It will cause the IP addresses available in the IP resource pool of the DHCP server to be consumed in large quantities, which will affect the legitimate terminals to obtain IP addresses. Therefore, it is necessary to adopt a strict IP address allocation strategy for the available IP addresses.
[0043] The second threshold value represents a dividing line at which the usage rate of the IP address in the DHCP server reaches a higher value, and the second threshold value is greater than the first threshold value.
[0044] Step 2022: Determine whether the AP has obtained the assigned IP address after sending the IP address assignment request N times before the neighboring, if not, perform step 203; otherwise, perform step 204.
[0045] Since it has been determined that the number of IP addresses in the IP resource pool has been used in large numbers, strict IP address allocation strategies need to be adopted. Therefore, in this step 2022, the AP is required to initiate IP address allocation requests multiple times before allowing allocation to the AP. One-time IP address to limit the number of IP addresses the AP can obtain.
[0046] The N involved in this step 2022 is a positive integer, and the size of the N value is determined according to the actual situation of the network. The larger the N value, the stricter the restriction on the AP to obtain the IP address. For example, the value of N may be 2, which means that when receiving the IP address allocation request sent by the AP this time, it is necessary to determine whether the IP address has been allocated in the last and the last IP address allocation request. If it has been allocated, Then the IP address allocation request received this time will not be allocated an IP address, otherwise, the IP address allocation request received this time will be allocated an IP address.
[0047] Step 2023: Determine whether the usage rate is greater than the second threshold, if yes, go to step 2024; otherwise, go to step 203.
[0048] When the usage rate of the IP address in the DHCP server reaches a higher value, it is necessary to adopt a stricter IP address allocation strategy for the available IP addresses than in step 2022.
[0049] It should be noted that this step 2023 is a preferred step to achieve the purpose of the present invention. If, on the basis of step 2021 and step 2022, when the usage rate of the IP address in the DHCP server reaches a higher value, a method will be adopted More stringent IP address allocation strategy.
[0050] Step 2024: Determine the time period corresponding to the current moment, and determine whether the DHCP server has allocated M IP addresses for the AP within the determined time period. If yes, perform step 204; otherwise, perform step 2025.
[0051] The M is a positive integer, and the value of M can decrease as the usage rate increases.
[0052] The time period is the time period divided by the set period length from the time when the IP address usage rate of the DHCP server is greater than the second threshold; since the IP address usage rate of the DHCP server is greater than the second threshold value, the time period is restricted The number of IP addresses obtained by the AP, and if the usage rate continues to increase, the available number of IP addresses in the DHCP server is very small, and an emergency occurs. Therefore, the set value can be increased when the usage rate increases. Cycle time.
[0053] For example: starting from t1, the IP address usage rate in the IP resource pool of the DHCP server is greater than the second threshold, and when the IP address usage rate in the IP resource pool of the DHCP server is greater than the second threshold, T is the period length, At least one time period is obtained by dividing, and it is assumed that two time periods are obtained, namely: t1 to t2, t2 to t3. If the AP initiates an IP address allocation request at time t (corresponding to the time period t2 to t3), it is determined whether M IP addresses have been allocated to the AP during the period from t2 to t; if so, the IP allocated to the AP is required Address restrictions; otherwise, you can assign an IP address to the AP.
[0054] Step 2025: Determine whether the number of times that the AP sends IP address allocation requests within the set time period reaches the set threshold, if yes, proceed to step 204; otherwise, proceed to step 203.
[0055] In this step 2025, by calculating the rate at which the AP sends an IP address allocation request, it is estimated whether the AP maliciously requests to allocate an IP address. If the rate at which the AP sends an IP address allocation request is too high, it can be determined that the current AP may request an IP address maliciously and illegally.
[0056] The set threshold value represents a dividing line whether the rate at which the AP sends an IP address allocation request is too high, and the size of the set threshold value is related to the usage rate of the IP address in the IP resource pool of the DHCP server. Generally, the DHCP server can only receive 1024 DHCP messages at the same time per second. That is to say, when the IP address usage rate in the IP resource pool of the DHCP server is small, it can receive 1024 IP address allocation requests sent by the AP. As the usage rate of IP addresses in the IP resource pool of the DHCP server increases, the number of packets that the DHCP server can receive per second decreases accordingly. Therefore, the higher the usage rate, the smaller the threshold.
[0057] For example, when the IP address usage rate in the IP resource pool of the DHCP server is lower than the first threshold, the set threshold can be set to 1024; the IP address usage rate in the IP resource pool of the DHCP server is greater than the first threshold and When it is less than the second threshold, the set threshold can be set=1024*(1-X), where X is the usage rate of the IP address in the IP resource pool of the DHCP server; the IP address in the IP resource pool of the DHCP server When the usage rate is greater than the second threshold, the threshold can also be calculated according to the 1024*(1-X) formula, or a value less than 100 can be set as the threshold.
[0058] It should be noted that steps 2021 to 2024 determine whether to adopt a strict IP address allocation strategy based on the usage rate of the IP address in the IP resource pool of the DHCP server. Step 2025 analyzes the rate at which the AP sends IP address allocation requests. To determine whether to use a strict IP address allocation strategy, the solution in this embodiment is not limited to first determining whether to use a strict IP address allocation strategy by analyzing the rate at which the AP sends IP address allocation requests, and then using the IP resources of the DHCP server The usage rate of IP addresses in the pool determines whether to adopt strict IP address allocation strategies.
[0059] Step 203: Instruct the DHCP server to allocate an IP address for the AP, and end this IP address allocation process.
[0060] In the solution of this step 203, by sending an allocation instruction to the DHCP server, the DHCP server may be required to respond to the IP address allocation request sent by the AP this time and allocate an IP address for it.
[0061] Step 204: Instruct the DHCP server to refuse to allocate an IP address for the AP, and end this IP address allocation process.
[0062] In the solution of this step 204, the DHCP server can be requested to refuse to respond to the IP address allocation request sent by the AP by sending an allocation rejection instruction to the DHCP server, without assigning an IP address to it, and by discarding data packets, sending log information or Send an email to the administrator to alert.
[0063] Through the solution of the first embodiment, the size of the usage rate of the IP address in the IP resource pool of the DHCP server is determined, and the corresponding strategy for allocating IP addresses according to the usage rate is avoided, avoiding malicious terminals from using a large number of forged clients in a short time The possibility of occupying a large number of IP addresses not only improves the efficiency of legal terminals obtaining IP addresses, but also maintains the normal operation of the wireless local area network.
Example Embodiment
[0064] Embodiment two:
[0065] The second embodiment is a specific example to describe the solution of the first embodiment in detail, such as image 3 As shown, this is a schematic flowchart of the method of the second embodiment, and the method includes:
[0066] Step 301: The wireless terminal initiates a request to access the wireless local area network to the AP.
[0067] Step 302: After receiving the request to access the wireless local area network, the AP sends a message through the switch, which contains the IP address allocation request.
[0068] Step 303: After receiving the message, determine whether it is a message sent by the wireless device according to the preset configuration information or the default port information, if so, go to step 304; otherwise, forward it directly.
[0069] Step 304: Determine whether the message is a control message or a data message according to the control channel and the data channel. If it is a control message, it is directly forwarded; if it is a data message, step 305 is executed.
[0070] Step 305: For the determined data message, parse the data message, analyze the DHCP message and the non-DHCP message in it, and forward the parsed non-DHCP message directly, and the parsed out For DHCP messages, go to step 306.
[0071] Step 306: Parse the DHCP message to determine the IP address allocation request sent by the AP.
[0072] Step 307: Determine the usage rate of the current IP address in the DHCP server. If the usage rate is not greater than the first threshold, instruct the DHCP server to allocate an IP address for the AP, and perform step 312; otherwise, perform step 308.
[0073] Step 308: Determine whether the usage rate is greater than the first threshold and less than the second threshold, if yes, go to step 309; if not, go to step 310.
[0074] Step 309: Determine whether the AP has obtained the assigned IP address after sending the IP address assignment request for the first N times adjacent to it. If the assigned IP address is not obtained, instruct the DHCP server to assign an IP address to the AP, and execute step 312 ; Otherwise, instruct the DHCP server to refuse to allocate an IP address for the AP and give an alarm.
[0075] Step 310: When the usage rate is greater than the second threshold, determine the time period corresponding to the current moment, and determine whether the DHCP server has allocated M IP addresses for the AP within the determined time period, and if so, instruct the DHCP server Refuse to assign an IP address to the AP and give an alarm; otherwise, proceed to step 311.
[0076] Step 311: Determine the number of times that the AP sends IP address allocation requests within a set time period. If the number of times reaches the set threshold, the DHCP server is instructed to refuse to allocate an IP address for the AP, and an alarm is issued; otherwise, the DHCP server is instructed Assign an IP address to the AP, and execute step 312.
[0077] Step 312: After obtaining the IP address allocated by the DHCP server for the corresponding wireless terminal, the AP forwards the request message of the wireless terminal requesting access to the wireless local area network to the AC through the switch.
[0078] Step 313: The AC pushes the Web authentication page to the wireless terminal through the Portal server, and submits the authentication information reported by the wireless terminal to the Radius server for authentication.
[0079] Step 314: When the Radius server passes the identity authentication of the wireless terminal, the wireless terminal will successfully use the assigned IP address to access the wireless local area network and start charging for Internet access; otherwise, a login failure message will be returned.
[0080] In step 314, after receiving the login failure message, the wireless terminal can perform re-authentication, and after the set number of re-authentication times is reached, the IP address will be released.
Example Embodiment
[0081] Embodiment three:
[0082] Such as Figure 4 As shown, this is a schematic structural diagram of a device for allocating IP addresses in a wireless local area network of the third embodiment. The device includes: a receiving module 41, a determining module 42 and an IP address allocation module 43. among them,
[0083] The receiving module 41 is used to receive the IP address allocation request sent by the AP; the determining module 42 is used to determine the current IP address usage rate in the DHCP server; the IP address allocation module 43 is used to determine the IP address corresponding to the usage rate The address allocation strategy allocates IP addresses.
[0084] Specifically, the IP address allocation module 43 includes: a usage rate judgment submodule 44, a first frequency judgment submodule 45, and an IP address allocation submodule 46.
[0085] The usage rate judging submodule 44 is configured to determine whether the usage rate of the current IP address in the DHCP server is greater than a first threshold and less than a second threshold, and the second threshold is greater than the first threshold;
[0086] The first number of times judging submodule 45 is used for judging whether the AP has been allocated after the IP address allocation request sent by the neighboring previous N times when the current IP address usage rate is greater than the first threshold and less than the second threshold IP address;
[0087] The IP address allocation submodule 46 is configured to instruct the DHCP server to allocate an IP address to the AP when the judgment result of the first count judgment module 44 is yes; otherwise, to instruct the DHCP server to refuse to allocate an IP address to the AP.
[0088] Specifically, the usage rate determining submodule 44 is further configured to determine whether the usage rate of the current IP address in the DHCP server is greater than the second threshold.
[0089] The IP address allocation module 43 further includes: a time period determining sub-module 47 and a second frequency determination sub-module 48. among them,
[0090] The time period determining sub-module 47 is configured to determine the time period corresponding to the current moment when the current IP address usage rate is greater than the second threshold, and the time period starts from the DHCP server's IP address usage rate greater than the second threshold. The time period divided by the set period length;
[0091] The second number of times judging sub-module 48 is configured to judge whether the DHCP server has allocated M IP addresses for the AP within a certain time period, where M is a positive integer;
[0092] The IP address allocation submodule 46 is further configured to instruct the DHCP server to refuse to allocate an IP address for the AP when the judgment result of the second times judgment module 48 is yes, otherwise, to instruct the DHCP server to allocate an IP address for the AP .
[0093] In addition, the device for assigning an IP address in the wireless local area network further includes: a sending frequency determining module 49 and a sending frequency determining module 50. among them,
[0094] A sending frequency determining module 49, configured to determine the number of times the AP sends an IP address allocation request within a set time period;
[0095] The sending times judging module 50 is used to judge whether the number of times the AP sends IP address allocation requests within a set time period reaches a set threshold. The greater the usage rate of the IP address, the greater the set threshold. small;
[0096] The IP address allocation submodule 46 is further configured to instruct the DHCP server to refuse to allocate an IP address for the AP when the number of times the AP sends IP address allocation requests within a set time period reaches a set threshold.
[0097] The device that assigns the IP address in the wireless local area network can be an independent device or a logical component in the DHCP server, such as Figure 5 As shown, the device that allocates IP addresses in the wireless local area network is a schematic structural diagram of the logical components in the DHCP server.
PUM


Description & Claims & Application Information
We can also present the details of the Description, Claims and Application information to help users get a comprehensive understanding of the technical details of the patent, such as background art, summary of invention, brief description of drawings, description of embodiments, and other original content. On the other hand, users can also determine the specific scope of protection of the technology through the list of claims; as well as understand the changes in the life cycle of the technology with the presentation of the patent timeline. Login to view more.