Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A method and apparatus for anti-spoofing in a VXLAN

An anti-spoofing and device technology, applied in the field of communication, can solve the problems of not getting VTEP, forwarding, etc.

Active Publication Date: 2018-12-21
MAIPU COMM TECH CO LTD
View PDF4 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Embodiments of the present invention provide an anti-spoofing method and device in VXLAN, which is used to solve the problem in the prior art that the VTEP that cannot obtain the MAC forwarding entry matching the MAC address carried in the route advertisement message will forward the data to the attacker question

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and apparatus for anti-spoofing in a VXLAN
  • A method and apparatus for anti-spoofing in a VXLAN
  • A method and apparatus for anti-spoofing in a VXLAN

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0053] The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0054] It should be noted that, in order to clearly describe the technical solutions of the embodiments of the present invention, in the embodiments of the present invention, words such as "first" and "second" are used for the same or similar items with basically the same function and effect To make a distinction, those skilled in the art can understand that words such as "first" and "second" do not limit the quantity and execution order.

[0055] In the embod...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present application provides a method and apparatus for preventing spoofing in a VXLAN, which relate to the field of communication technology and are used to solve the problem that a part of VETPin the prior art cannot recognize spoofing, thereby forwarding data to an attacker. The method comprises the following steps of: receiving an ARP message sent by a virtual machine VM. The ARP messagecarries a first IP address and a first MAC address. Obtaining an outbound port in a forwarding table entry whose destination MAC address is a first MAC address; sending a probe request message to thesecond VTEP device. The second VTEP device is a VTEP device connected with an outlet port in a forwarding table item. The probe request message is used for instructing the second VTEP device to send an ARP request for the first IP address through the physical port in the local MAC forwarding table entry matching the first MAC address; upon receiving the probe response message for the probe requestmessage sent by the second VTEP device, the local MAC forwarding table is refused to be updated according to the ARP message. This application is intended to prevent spoofing in VXLANs.

Description

technical field [0001] The present invention relates to the field of communication technologies, in particular to a method and device for anti-spoofing in a virtual extensible local area network (VirtualeXtensible Local Area Network, VXLAN). Background technique [0002] With the development of cloud computing technology and the expansion of data center scale, virtual extensible local area network (VirtualeXtensible Local Area Network, VXLAN) is widely used for large-scale two-layer interconnection between data centers. In a VXLAN network that dynamically establishes a tunnel using the Border Gateway Protocol Ethernet Virtual Private Network (BGP-EVPN), the VXLAN Tunnel End Point (VTEP) device learns the media access control of the virtual machine (Media Access Control, MAC) address will use MAC / IP routing (type 2 routing) to advertise the host MAC address to all its neighbor VTEP devices, so that all VTEP devices can learn the MAC addresses of all virtual machines in the ne...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L29/12H04L12/46H04L12/751H04L12/721H04L45/02
CPCH04L12/4641H04L61/103H04L63/1466H04L45/02H04L45/66
Inventor 涂安龙
Owner MAIPU COMM TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products