Unlock instant, AI-driven research and patent intelligence for your innovation.

A method and device for realizing unicast reverse path forwarding urpf check

A reverse path forwarding and forwarding table technology, applied in digital transmission systems, electrical components, transmission systems, etc., can solve the problems of complex processing, low inspection efficiency, and inability to effectively prevent malicious attacks, so as to prevent malicious attacks, Expand the effect of applicable scenarios

Active Publication Date: 2017-07-21
ZTE CORP
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In these two scenarios, if the original URPF inspection method is used, multiple physical ports need to be inspected sequentially, which is very complicated to process, and the inspection efficiency is low, which affects network performance.
[0007] To sum up, in the prior art, there is no URPF check processing method for "link aggregation group port" and "ECMP group", so it cannot effectively prevent the occurrence of malicious attacks by modifying the source address in the network

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and device for realizing unicast reverse path forwarding urpf check
  • A method and device for realizing unicast reverse path forwarding urpf check
  • A method and device for realizing unicast reverse path forwarding urpf check

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0041] Such as figure 2 As shown, this embodiment provides a method for implementing URPF check of unicast reverse path forwarding, including the following steps:

[0042] S101: Obtain the source IP address and incoming port of the message;

[0043] In this step, the URPF mode of the packet URPF check is also obtained; for subsequent query according to the URPF mode.

[0044] URPF modes include: Strict URPF, Loose URPF, Allow default routing; where:

[0045] Strict URPF means: use the source IP address for routing lookup, and determine whether the outgoing port of the return path is consistent with the incoming port reached by the data packet.

[0046] Loose URPF means: check whether the routing entry exists in the routing forwarding table, without checking whether the outgoing port of the route is consistent with the source port of the packet.

[0047] Allowing the default route means that the default route is not included when looking up the routing and forwarding table wi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method and device for realizing URPF inspection of unicast reverse path forwarding. The method includes: obtaining the source IP address and ingress port of the message; finding a matching route in the routing forwarding table according to the source IP address When carrying out URPF inspection afterward, query the index identification and index corresponding to the IP address in the routing forwarding table, as the index identification corresponding to the source IP address is the ECMP group index identification, then according to the ECMP group index found in the query to the configured Query the egress port corresponding to the source IP address in the mapping information of the ECMP group index and port, and judge whether the queried egress port matches the ingress port. The method and device provided by the present invention are especially aimed at the message source When the port is an "ECMP group" and / or "link aggregation group port", it can effectively prevent the occurrence of malicious attacks by modifying the source address in the network, and expand the application scenarios of traditional URPF checks.

Description

technical field [0001] The invention relates to the field of computer network communication, in particular to a method and device for realizing URPF inspection of unicast reverse path forwarding. Background technique [0002] Unicast Reverse Path Forwarding (URPF for short) is a method for network devices to check the validity of the source address of a data packet. The processing method of the traditional URPF check is to obtain the source IP address and inbound port of the message, and use the source IP address as the destination address to check whether the outbound port corresponding to the source IP address matches the inbound port of the message in the routing and forwarding table. The matching entry will discard the data packet, otherwise the packet will be regarded as a normal packet. In this way, URPF can effectively prevent the occurrence of malicious attacks by modifying the source address in the network. [0003] However, this traditional URPF check is only for ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/741H04L45/74
Inventor 龚祥旭
Owner ZTE CORP