Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A service access control method and device based on a virtual router VSR

A service access and control method technology, which is applied in the field of service access control based on a virtual router VSR, can solve problems such as poor anti-attack capabilities, users cannot enjoy information services, and fragility, so as to suppress invalid access and attacks, save bandwidth and The effect of computing power

Active Publication Date: 2017-06-16
NEW H3C TECH CO LTD
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Now the IT information services of small and medium-sized enterprises are renting virtual space or virtual server to build their own websites and application services, but there are always some attackers or viruses on the network, which scan domain names to conduct invalid access to websites, general DNS (Domain Name) are all deployed in a third party, and the enterprise cannot configure on the DNS server to control the access strategy to the enterprise's web services, resulting in very fragile websites or application servers, particularly poor defense against attacks, and many invalid attacks occupying A large amount of valuable server bandwidth prevents the real users of SMEs from enjoying good information services

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A service access control method and device based on a virtual router VSR
  • A service access control method and device based on a virtual router VSR
  • A service access control method and device based on a virtual router VSR

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0055] In this embodiment, a local life service website is taken as an example, and the users that the local life service website wants to visit are people in a local city. The domain name of the service website is www.service.com, the IP network segment of the local Unicom is 10.10.1.1 / 255.255.0.0, and the IP network segment of the local mobile is 20.10.1.1 / 255.255.0.0; the virtual data center deployed in the public cloud The DNS in the VDC or virtual private cloud VPC maintains the following two tables: Web service access permission table (Table 3) and zone correspondence table (Table 4).

[0056] table 3

[0057] rule number Site Web Services action 1 Site A www.service.com permit 2 Site B www.service.com permit 3 Any Any Deny

[0058] Table 4

[0059] Site IP Mask Site A 10.10.1.1 255.255.0.0 Site B 20.10.1.1 255.255.0.0

[0060] Site C 30.10.1.1 255.255.0.0 Site D 40.10....

Embodiment 2

[0074] Method Embodiment 1 Take a local Unicom user trying to access a local life service website as an example to introduce the technical solution of the present invention. In this embodiment, a foreign Unicom user (IP address is 30.10.1.88) tries to access the local life service website www.service.com To further illustrate the technical solution of the present invention, the region correspondence table and the Web service access authority table in the first method embodiment are still used. image 3 The flowchart of the present embodiment includes the following steps:

[0075] Step 301: The DNS receives a domain name resolution request message sent by the client, and the domain name resolution request message carries the source IP address of the client and information about the domain name requested by the client.

[0076] In this step, the DNS receives the domain name resolution request message sent by the non-local Unicom user (IP address 30.10.1.88), and the domain name ...

Embodiment 3

[0086] Both method embodiment 1 and method embodiment 2 can query the area corresponding to the source IP address carried in the domain name resolution request message in Table 2, and this embodiment does not exist in the domain name resolution request message from Table 2 The embodiment of the present invention is described from the perspective of the area corresponding to the source IP address carried. For example, a user of Unicom (IP address 50.10.1.88) trying to access the local life service website www.service.com is still using the method in Embodiment 1. Region correspondence table and Web service access permission table. Figure 4 The flowchart of the present embodiment includes the following steps:

[0087] Step 401: The DNS receives a domain name resolution request message sent by the client, and the domain name resolution request message carries the source IP address of the client and information about the domain name requested by the client.

[0088] In this step, ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a service access control method and device based on a virtual router VSR, which is applied to DNS in a virtual data center VDC or a virtual private cloud VPC deployed together with the VSR, and the technical solution is: domain name The resolution server DNS receives the domain name resolution request message sent by the client, the domain name resolution request message carries the source IP address of the client and the domain name information requested by the client; the DNS resolves the domain name resolution request message The source IP address and domain name information of the client carried in the document, query the access authority of the source IP address to the domain name according to the source IP address of the client, if access is allowed, then DNS further parses the domain name resolution request message to obtain The IP address of the domain name is carried in the domain name resolution response message and sent to the client. If access is prohibited, the DNS sends a domain name resolution error message to the client.

Description

technical field [0001] The invention relates to network communication transmission technology, in particular to a service access control method and equipment based on a virtual router VSR. Background technique [0002] With the continuous maturity of virtualization and cloud computing technologies, more and more cloud service providers and telecom operators have begun to provide public cloud services, allowing enterprises to rent resources and services on demand and create their own virtual data centers (Virtual Data Centers). Center, VDC) or Virtual Private Cloud (Virtual Private Cloud, VPC), which helps enterprises save construction costs and improve business agility. Therefore, more enterprises begin to migrate business applications to public clouds. However, the public cloud is a multi-tenant environment, and its infrastructure and resources are shared by all tenants. Enterprises cannot deploy their own network equipment in the public cloud, which brings many network cha...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L29/08
Inventor 王奕王伟
Owner NEW H3C TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products