Access control list capacity test method and device for and computer storage medium

A technology of testing equipment and testing methods, applied in the direction of digital transmission systems, electrical components, transmission systems, etc., can solve the problems of complex and difficult configuration of verification flow and black hole flow

Active Publication Date: 2019-07-16
CHINA MOBILE COMM LTD RES INST +1
View PDF9 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] The disadvantage of the ACL capacity test method in the prior art is that in order to facilitate the generation of ACL verification traffic, the ACL rules in the test are generated according to certain rules, and the device under test can easily perform ACL through the configuration of the ACL anti-mask (wildcard mask). The rule entries are aggregated, and the ACL entries actually delivered to the device storage space are far smaller than the test requirements
If irregular ACL rules are used for verification, the test instrument cannot automatically generate verification traffic and black hole traffic that precisely match the ACL rules. Usually, manual configuration of verification traffic and black hole traffic is required. When the ACL capacity is larger, the verification traffic and black hole traffic The configuration is more complex and difficult

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Access control list capacity test method and device for and computer storage medium
  • Access control list capacity test method and device for and computer storage medium
  • Access control list capacity test method and device for and computer storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0033] Before describing the ACL capacity testing scheme of the embodiment of the present invention, firstly, the current ACL capacity testing method will be described.

[0034] When an IP packet arrives at the interface of the device, the device will extract the specific fields of the IP packet, such as source address, destination address, source port, destination port, etc., and search the ACL associated with the interface to obtain the rules matching the information. Do corresponding processing (such as matching or discarding) according to the ACL rules. For example: access-list 100 permit tcp192.168.10.0 0.0.0.255 172.16.1.0 0.0.0.0 eq 80 This ACL rule numbered 100 means that the 192.168.10.0 / 24 network is allowed to access the 172.16.1.0 server through the WEB80 port ( Use an inverse mask in an access control list to mark whether one or more addresses are allowed or denied, 0 means bits to check, 1 means don't check bits to ignore).

[0035] The ACL capacity test is to v...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention discloses an ACL capacity test method and device and a computer storage medium. The method comprises the following steps: generating a discrete ACL rule based on a discrete routing pool, and generating verification traffic and black hole traffic; wherein the black hole flow represents the flow which is not covered by the discrete ACL rule; sending the ACL rule, theverification flow and the ACL black hole flow to a tested port of tested equipment, so that the tested port of the tested equipment performs data matching based on the ACL rule, the verification flowand the black hole flow; and obtaining the matching number of the ACL rules of the tested equipment, and determining the ACL capacity based on the matching number.

Description

technical field [0001] The invention relates to testing technology, in particular to a testing method, equipment and computer storage medium for the capacity of an Access Control List (ACL, Access Control List). Background technique [0002] ACL is a set of rules established on IP network communication nodes such as routers, switches, and firewalls to filter traffic passing through communication nodes. [0003] The disadvantage of the ACL capacity test method in the prior art is that in order to facilitate the generation of ACL verification traffic, the ACL rules in the test are generated according to certain rules, and the device under test can easily perform ACL through the configuration of the ACL anti-mask (wildcard mask). The rule entries are aggregated, and the ACL entries actually delivered to the device storage space are far smaller than the test requirements. If irregular ACL rules are used for verification, the test instrument cannot automatically generate verific...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L12/24H04L12/26
CPCH04L41/0803H04L43/0876H04L63/101
Inventor 汪滢杨海俊
Owner CHINA MOBILE COMM LTD RES INST
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap