Method and device for realizing unicast reverse path forwarding (URPF) examination

A reverse path forwarding and forwarding table technology, applied in digital transmission systems, data exchange networks, electrical components, etc., can solve problems such as complex processing, low inspection efficiency, and affecting network performance, so as to prevent malicious attacks and expand application scene effect

Active Publication Date: 2013-07-24
ZTE CORP
View PDF7 Cites 17 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In these two scenarios, if the original URPF inspection method is used, multiple physical ports need to be inspected sequentially, which is very complicated to process, and the inspection efficiency is low, which affects network performance.
[0007] To sum up, in the prior art, there is no URPF check processing method for "link aggregation group port" and "ECMP group", so it cannot effectively prevent the occurrence of malicious attacks by modifying the source address in the network

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for realizing unicast reverse path forwarding (URPF) examination
  • Method and device for realizing unicast reverse path forwarding (URPF) examination
  • Method and device for realizing unicast reverse path forwarding (URPF) examination

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0041] Such as figure 2 As shown, this embodiment provides a method for implementing URPF check of unicast reverse path forwarding, including the following steps:

[0042] S101: Obtain the source IP address and incoming port of the message;

[0043] In this step, the URPF mode of the packet URPF check is also obtained; for subsequent query according to the URPF mode.

[0044] URPF modes include: Strict URPF, Loose URPF, Allow default routing; where:

[0045] Strict URPF means: use the source IP address for routing lookup, and determine whether the outgoing port of the return path is consistent with the incoming port reached by the data packet.

[0046] Loose URPF means: check whether the routing entry exists in the routing forwarding table, without checking whether the outgoing port of the route is consistent with the source port of the packet.

[0047] Allowing the default route means that the default route is not included when looking up the routing and forwarding table wi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method and a device for realizing a unicast reverse path forwarding (URPF) examination. The method for realizing the URPF examination comprises the steps pf acquiring a source internet protocol (IP) address of a message and an incoming port, when carrying out the URPF examination after a matching route is found in a route forwarding table according to the source IP address, inquiring an index tag and an index corresponding to an IP address in the route forwarding table, if an index tag corresponding to the source IP address is an equal-cast multipath routing (ECMP) set index tag, inquiring an outing port corresponding to the source IP address in an allocated ECMP set index and port mapping information according to an inquired ECMP set index, and judging whether the inquired outing port is matched with the incoming port or not. The method and the device for realizing the URPF examination are especially for situations that a message sourcing port is an ECMP set and / or link aggregation set port, can effectively prevent the behavior that hostile attacks are conducted through the modification of source addresses from happening, and expand application scenes of a traditional URPF examination.

Description

technical field [0001] The invention relates to the field of computer network communication, in particular to a method and device for realizing URPF inspection of unicast reverse path forwarding. Background technique [0002] Unicast Reverse Path Forwarding (URPF for short) is a method for network devices to check the validity of the source address of a data packet. The processing method of the traditional URPF check is to obtain the source IP address and inbound port of the message, and use the source IP address as the destination address to check whether the outbound port corresponding to the source IP address matches the inbound port of the message in the routing and forwarding table. The matching entry will discard the data packet, otherwise the packet will be regarded as a normal packet. In this way, URPF can effectively prevent the occurrence of malicious attacks by modifying the source address in the network. [0003] However, this traditional URPF check is only for ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L12/741H04L45/74
Inventor 龚祥旭
Owner ZTE CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap