Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method for suppressing mac address attack in evi network and edge device ed

A MAC address and MAC address table technology, applied in electrical components, transmission systems, etc., can solve problems such as affecting the normal forwarding of data service traffic, affecting the normal forwarding of service traffic, occupying equipment CPU resources, etc., so as to guide normal forwarding and reduce usage. rate, and the effect of suppressing MAC address attacks

Active Publication Date: 2017-07-14
NEW H3C TECH CO LTD
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

When there is a MAC address attack in the site, that is, when different ports in the same site keep entering the same MAC address as the existing host MAC, the ED device in this site will continuously update the local MAC, send LSP, delete local MAC operations, when there is external data flow to the MAC, this data flow will also be switched between different ports of the site, and the data will sometimes be forwarded to the MAC when attacking The false host corresponding to the false MAC address entered, resulting in the loss of data packets and affecting the normal forwarding of business traffic
[0012] To sum up, currently in the EVI network, when the host is migrated, if a MAC address attack occurs, it will occupy a large amount of CPU resources of the device, and will cause the loss of data packets, affecting the normal forwarding of data traffic.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for suppressing mac address attack in evi network and edge device ed
  • Method for suppressing mac address attack in evi network and edge device ed
  • Method for suppressing mac address attack in evi network and edge device ed

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0036] In order to make the purpose, technical solution and advantages of the present application clearer, the present application will be described in detail below through specific embodiments and with reference to the accompanying drawings.

[0037] This application proposes a method for suppressing MAC address attacks in an EVI network, adding a priority field in the MAC address entry of the media access control, and connecting the intermediate system to the intermediate system EVI-ISIS routing protocol in the Ethernet virtualized interconnection network. Add the priority information of the MAC address in the data packet LSP of the road status protocol;

[0038] When the ED learns the MAC address from the local or LSP update message, if there is no MAC address entry with the same VLAN ID and MAC address in the local MAC table, and the VLAN corresponding to the learned MAC address is an authorized VLAN, then Recording the learned MAC address entry and setting its initial pri...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method of inhabiting MAC address attack in EVI (Ethernet Virtualization Interconnection) network. The method comprises steps: a priority field is added to an MAC table entry, and priority information is added to an LSP message of an EVI-ISIS protocol; when an edge device learns the MAC address from the local or the MAC address with normal priority from the LSP message, if the local MAC table has the MAC address table entry with the same authorized VLAN ID and the same MAC address and the local MAC address is the high priority showing the normal traffic flow, the MAC address table entry with high priority is updated to be in an unavailable state, and the learnt MAC address table entry is recorded and is set to be normal priority; and when MAC attack is detected, the MAC address table entry with high priority is updated to be in a dynamic learning state, and the MAC address table entry with the same VLAN ID and the MAC address in the local MAC table is updated to be in an unavailable state. The invention also discloses an edge device (ED). Thus, MAC address attack can be inhabited, the utilization rate of device CPU resources is recued, missing of data packets is reduced, and normal forwarding of data stream is guided.

Description

technical field [0001] The present application relates to the technical field of network security, in particular to a method for suppressing MAC address attacks in an EVI network and an edge device ED. Background technique [0002] With the popularity of cloud computing concept, data center network technology has ushered in a drastic change. A large number of new technology standards have emerged in recent years, and EVI (Ethernet Virtualization Interconnection, Ethernet Virtualization Interconnection) technology has also followed. produce. [0003] EVI is an advanced "MAC in IP" technology. It is a layer-2 virtual private network VPN technology based on IP core network. interconnection function. EVI only maintains routing and forwarding information on edge devices at the site, without changing the routing and forwarding information inside the site and the IP core network. [0004] The network model after deploying EVI is as follows: figure 1 As shown, the EVI network (E...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L29/12
Inventor 郑萍萍蒋益群沈岭
Owner NEW H3C TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com