Network device attack prevention method and device and network device

A network device and anti-attack technology, which is applied in the direction of data exchange network, digital transmission system, electrical components, etc., can solve the problems of deleting routing tables, network equipment cannot forward, cache is full, etc., and achieve the effect of ensuring normal communication

Active Publication Date: 2013-11-06
BEIJING XINWANG RUIJIE NETWORK TECH CO LTD
View PDF5 Cites 19 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0015] In view of this, the embodiments of the present invention provide a network device attack defense method and device, and a network device to solve the problem in the prior art that when a network device is attacked by a network flood message, the cache is full, causing the network The routing table cannot be deleted due to the failure of control plane communication between devices, resulting in the failure of forwarding between network devices

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network device attack prevention method and device and network device
  • Network device attack prevention method and device and network device
  • Network device attack prevention method and device and network device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0044] image 3 A working flowchart of a method for defending a network device against an attack provided by an embodiment of the present invention is shown, and the method includes:

[0045] Step 301, the network forwarding device pre-divides its cache into a first cache and a second cache according to a predetermined first capacity ratio, and divides the second cache into at least two sub-buffer areas according to a predetermined second capacity ratio;

[0046] Wherein, the first cache is equivalent to a public cache and is used to store various types of messages, and the second cache is equivalent to a specified cache and is used to cache messages of a specified message flow;

[0047] Among them, the first capacity ratio and the second capacity ratio can be set according to the needs of specific application scenarios. Two-capacity ratio, that is, the capacity of the first cache is greater than the capacity of the second cache. Similarly, the capacity of the sub-buffer with...

Embodiment 2

[0093] Figure 10 A working flowchart of a method for defending a network device against an attack provided by an embodiment of the present invention is shown, and the method includes:

[0094] Step 1001, the network forwarding device pre-divides the transmission bandwidth with other network forwarding devices into the first bandwidth and the second bandwidth according to the predetermined first capacity ratio, and divides the second bandwidth according to the predetermined second capacity ratio into at least Two sub-bandwidths;

[0095]Specifically, the first bandwidth is equivalent to a public bandwidth and is used to transmit various types of messages, and the second bandwidth is equivalent to a specified bandwidth and is used to transmit messages of a specified message flow;

[0096] Wherein, the setting of the first capacity ratio and the second capacity ratio can refer to the above-mentioned step 301, which will not be repeated here;

[0097] Specifically, such as Fi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a network device attack prevention method and device and a network device. The network device attack prevention method and device and the network device are used for solving the problem that in the prior art, when the network device is attacked by network flooding messages, cache is full, so that control plane communication cannot be performed between network devices, routing tables are deleted, and forwarding between the network devices cannot be performed. Cache of a network forwarding device is divided into first cache and second cache, messages in a possible flooding attack message flow are limited to be stored in one designated sub-cache area of the first cache and the second cache, and when data volume of the messages of the corresponding message flow stored in the sub-cache area is larger than or equal to the data volume of a predetermined flooding attack message flow, the message flow corresponding to the sub-cache area is determined to be the flooding attack message. The network forwarding device can effectively recognize the network flooding attack messages and can reserve certain storage space to store other messages, and normal communication between the network forwarding devices can be ensured.

Description

technical field [0001] The present invention relates to a network communication system, in particular to a method and device for defending network equipment against attacks, and network equipment. Background technique [0002] With the wide application of TCP / IP networks, the requirements for network reliability are getting higher and higher. Network devices play a vital role in TCP / IP networks. Once attacked, the control plane of network devices may be paralyzed , which in turn causes forwarding interruption. However, due to the limited processing capability of the network forwarding device itself, and the network topology where the network forwarding device is located is difficult to be fully protected by the firewall, it is very likely to be attacked. [0003] figure 1 It is a common network forwarding device deployment scheme. Two network devices (that is, network device 1 with an IP address of 192.168.3.1 and network device 2 with an IP address of 192.168.3.2) pass th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/861
Inventor 钟建龙
Owner BEIJING XINWANG RUIJIE NETWORK TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap