Three-layer message flow guidance method and controller

A controller and message technology, applied in the communication field, can solve problems such as the failure of the safety protection function of the safety equipment and the attack on the customer network

Active Publication Date: 2018-01-30
RUIJIE NETWORKS CO LTD
View PDF9 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, if the consistency check is turned off, the security protection functions of m...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Three-layer message flow guidance method and controller
  • Three-layer message flow guidance method and controller
  • Three-layer message flow guidance method and controller

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0032] refer to figure 2 As shown in , the embodiment of this application provides a three-layer packet diversion method, which is applied to the above network architecture, and the method includes:

[0033] S101. When the outbound Layer 3 message flows into the switching device, the controller replaces the source MAC address of the outbound Layer 3 message with the first virtual MAC address, and replaces the destination MAC address of the outbound Layer 3 message Replace it with the second virtual MAC address; and the controller controls the switching device to divert the outbound Layer 3 packets to the security device through the security port.

[0034] The outbound packets are in one-to-one correspondence with the first virtual MAC address and the second virtual MAC address.

[0035] Take a security device as an example of a service chain, refer to image 3 As shown in , it is assumed that the security device includes a FW, and the switching device is a switch. The serv...

Embodiment 2

[0060] The embodiment of this application provides a controller, which is applied to the above-mentioned network architecture, referring to Figure 6 As shown in, the controller 60 includes:

[0061] The replacement unit 601 is configured to replace the source media access control MAC address of the outbound Layer 3 message with the first virtual MAC address by the controller when the outbound Layer 3 message flows into the switching device, and replace the outbound Layer 3 message The destination MAC address of the destination MAC address is replaced with the second virtual MAC address, and the outbound packet corresponds to the first virtual MAC address and the second virtual MAC address one by one.

[0062] The traffic diversion unit 602 is configured to control the switching device to divert outbound Layer 3 packets to the security device through the security port.

[0063] The replacement unit 601 is also configured to replace the source MAC address of the return layer 3...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The application, which relates to the communication field, discloses a three-layer message flow guidance method and a controller so that flow guidance can be carried out on the three-layer message when a safety device starts consistency checking under a service chain framework. The method comprises: when an outbound three-layer message flows into switching equipment, a controller replaces a sourcemedia access control (MAC) address of the outbound three-layer message with a first virtual MAC address and replaces a destination MAC address of the outbound three-layer message with a second virtual MAC address; the controller controls the switching equipment to guide the outbound three-layer message to a safety device through a safety port; when a return three-layer message corresponding to the outbound three-layer message flows into the switching equipment, the controller replaces a destination MAC address of the return three-layer message with the first virtual MAC address and replaces asource MAC address of the return three-layer message with the second virtual MAC address; and the controller controls the switching equipment to guide the return three-layer message to the safety device through a safety port. According to the embodiment of the application, the three-layer message flow guidance method and the controller are applied to consistency checking of safety equipment.

Description

technical field [0001] The invention relates to the communication field, in particular to a three-layer message drainage method and a controller. Background technique [0002] The network device layout scheme of the service chain (Service Chain) grid architecture connects all security devices to a switch. Generally, the security devices have the bidirectional path consistency detection function of the session, that is, in the transparent mode, the Check the consistency between the source MAC (Media Access Control, MAC) and the destination MAC in the Layer 2 header. If the source MAC and destination MAC of the return packet are found to be inconsistent with those of the outbound packet, the packet flow will be blocked. broken. [0003] The transparent mode of the current service chain can normally divert traffic for Layer 2 packet flow, but for Layer 3 packet flow, due to the dynamic media access control (Dynamic Media Access Control, DMAC) of the bidirectional packet flow o...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L12/947
Inventor 周遵亮
Owner RUIJIE NETWORKS CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap