A method and apparatus for anti-spoofing in a VXLAN

An anti-spoofing and device technology, applied in the field of communication, can solve the problems of not getting VTEP, forwarding, etc.
CN109067784AActive Publication Date: 2018-12-21MAIPU COMM TECH CO LTD
4 Cites 13 Cited by

Patent Information

Authority / Receiving Office
CN · China
Current Assignee / Owner
MAIPU COMM TECH CO LTD
Publication Date
2018-12-21

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
  • Figure 3
    Figure 3
Patent Text Reader

Abstract

The present application provides a method and apparatus for preventing spoofing in a VXLAN, which relate to the field of communication technology and are used to solve the problem that a part of VETPin the prior art cannot recognize spoofing, thereby forwarding data to an attacker. The method comprises the following steps of: receiving an ARP message sent by a virtual machine VM. The ARP messagecarries a first IP address and a first MAC address. Obtaining an outbound port in a forwarding table entry whose destination MAC address is a first MAC address; sending a probe request message to thesecond VTEP device. The second VTEP device is a VTEP device connected with an outlet port in a forwarding table item. The probe request message is used for instructing the second VTEP device to send an ARP request for the first IP address through the physical port in the local MAC forwarding table entry matching the first MAC address; upon receiving the probe response message for the probe requestmessage sent by the second VTEP device, the local MAC forwarding table is refused to be updated according to the ARP message. This application is intended to prevent spoofing in VXLANs.
Need to check novelty before this filing date? Find Prior Art

Description

technical field

[0001] The present invention relates to the field of communication technologies, in particular to a method and device for anti-spoofing in a virtual extensible local area network (VirtualeXtensible Local Area Network, VXLAN). Background technique

[0002] With the development of cloud computing technology and the expansion of data center scale, virtual extensible local area network (VirtualeXtensible Local Area Network, VXLAN) is widely used for large-scale two-layer interconnection between data centers. In a VXLAN network that dynamically establishes a tunnel using the Border Gateway Protocol Ethernet Virtual Private Network (BGP-EVPN), the VXLAN Tunnel End Point (VTEP) device learns the media access control of the virtual machine (Media Access Control, MAC) address will use MAC / IP routing (type 2 routing) to advertise the host MAC address to all its neighbor VTEP devices, so that all VTEP devices can learn the MAC addresses of all virtual machines in the ne...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More