Check patentability & draft patents in minutes with Patsnap Eureka AI!

Method and device for allocating resources

A resource allocation and resource technology, applied in the field of network communication, can solve the problem that the attacked server cannot provide normal services

Active Publication Date: 2015-11-25
HUAWEI TECH CO LTD
View PDF5 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0011] The embodiment of the present invention provides a resource allocation method and device to solve the problem in the prior art that when a TCP semi-connection flood attack occurs, the attacked server cannot provide normal services

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for allocating resources
  • Method and device for allocating resources
  • Method and device for allocating resources

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0072] In Embodiment 1 of the present invention, a resource allocation method is provided. The resource allocation method provided in Embodiment 1 of the present invention solves the problem that the attacked server cannot Problems with providing normal service. Such as Image 6 As shown, it specifically includes the following steps:

[0073] S601. When receiving a SYN data packet sent by the client, assign a sequence number that is used to characterize the TCP connection to the TCP connection to which the SYN data packet belongs and that is not repeated with the assigned sequence number.

[0074] In this step, since no half-connection resources will be allocated for this TCP connection, the IP address and port number of the client corresponding to this TCP connection will not be recorded. When the ACK data packet and the first business data packet sent by the client cannot be used to represent the TCP connection through the client's IP address and port number, then the seri...

Embodiment 2

[0106] In Embodiment 2 of the present invention, a resource allocation method is provided. The resource allocation method provided in Embodiment 1 of the present invention solves the problem that the attacked server cannot Problems with providing normal service. Compared with the resource allocation method provided in Embodiment 1, it can further ensure the security of the TCP connection and prevent full connection attacks. Such as Figure 8 As shown, it specifically includes the following steps:

[0107] S801. When receiving a SYN data packet sent by the client, perform a preset operation on the value of the SEQ field in the SYN data packet.

[0108] S802. Allocate the identification value obtained by the preset calculation in S801 to an idle entry of the connection request table to store the identification value, and use the sequence number of the allocated idle entry to indicate the TCP connection to which the SYN packet belongs.

[0109] In this step, a preset calculati...

Embodiment approach

[0145] The first type: when the number of entries stored with the identification value in the connection request table reaches the preset maximum number of entries, and a new SYN packet is received, the entry that stores the identification value first is cleared and used The cleared idle entry stores the identification value corresponding to the TCP connection to which the new SYN data packet belongs.

[0146] In the first embodiment, the maximum number of entries can be set for the connection request table. When the connection request table is not full (that is, the number of entries used in the connection request table does not reach the maximum number of entries), it can follow the preset order Fill in the identification value into the connection request table. When the connection request table is full (that is, the number of entries used in the connection request table reaches the maximum number of entries), you can determine the first The entry of the identification value...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

Embodiments of the present invention provide a method and a device for allocating resources. The method comprises the steps of: when receiving an SYN packet transmitted by a client, allocating a serial number to a TCP connection to which the SYN packet belongs, wherein the serial number is used for representing the TCP connection and is different from allocated serial numbers; responding an SYN+ACK packet; when receiving an ACK packet, determining the value of an SEQ field in the corresponding SYN+ACK packet based on the value of an ACK field in the ACK packet; performing an inverse operation of a first operation for the value, and querying the allocated serial numbers by using an obtained first query value as a serial number; identifying the TCP connection represented by the queried serial number to be in a state that three-way handshake is achieved; and allocating resources required for transmitting business data in the TCP connection to the client achieving the three-way handshake. The method of the present invention solves the problem that when a TCP semi-connection flood attack occurs in the prior art, an attacked server cannot provide normal service. The present invention relates to the technical field of network communication.

Description

technical field [0001] The present invention relates to the technical field of network communication, in particular to a resource allocation method and device. Background technique [0002] The Transmission Control / Internet Protocol (TCP / IP, TransferControlnProtocol / InternetProtocol) reference model is an abstract layered model, and all TCP / IP series network protocols in the model are classified into four abstract "layers". Each layer builds on the services provided by the lower layer and provides services for the higher layer. Such as figure 1 As shown, the TCP protocol is located in the transport layer of the TCP / IP reference model. [0003] The communication parties who use TCP for data communication need to establish a TCP connection before transmitting business data. Specifically, the process of establishing a TCP connection includes three message exchanges, such as figure 2 shown, including the following steps: [0004] Step 1, the client sends a synchronous (SYN,...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/917H04L47/76
Inventor 陈国海张锦辉
Owner HUAWEI TECH CO LTD
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com