Extensible DDoS defense method and system

A defense system and purpose technology, applied in the field of scalable DDoS defense methods and systems, can solve the problems of complex changes, limited cluster size, poor scalability, etc., and achieve the effect of increasing the number of nodes, improving scalability, and reducing repetitive workloads

Active Publication Date: 2021-01-26
GUANGDONG COMM & NETWORKS INST
View PDF3 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the defensive function system deployed in this way has a large workload and complex changes, and is only applicable to the second-tier network. The cluster size is limited and the scalability is poor.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Extensible DDoS defense method and system
  • Extensible DDoS defense method and system
  • Extensible DDoS defense method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0038] see image 3 , image 3 It is a schematic flowchart of a method for implementing a scalable DDoS defense disclosed by an embodiment of the present invention. Wherein, the method for implementing scalable DDoS defense can be applied to a DDoS defense system, and the DDoS defense system includes an access switch, a core switch, and a cleaning server controlled by routing. For the specific implementation of the DDoS defense system, the embodiments of the present invention Do limit. Such as image 3 As shown, the method for implementing scalable DDoS defense may include the following operations:

[0039] 101. Deploy SRv6 for access switches and core switches.

[0040] Among them, SR (Segment Routing) is a source routing technology. SRv6 is the application of SR technology on the IPv6 network plane. SRv6 is deployed for access switches and core switches. Network topology information, link state information, and add SRv6 function to it, which can be realized by installin...

Embodiment 2

[0046] see Figure 4 , Figure 4 It is a schematic flowchart of a scalable DDoS defense method disclosed in the embodiment of the present invention. Wherein, the scalable DDoS defense method can be applied in the DDoS defense system, and the DDoS defense system includes an access switch, a core switch and a cleaning server controlled by routing, and the embodiment of the present invention does not limit the specific implementation of the DDoS defense system. Such as Figure 4 As shown, the scalable DDoS defense method can include the following operations:

[0047] Among them, in order to facilitate the description of the specific implementation of this step, combined with Figure 5 The system described is described.

[0048] 201. Detect whether attack traffic currently exists.

[0049] Firstly, it will capture whether there is attack traffic currently, and the detection method can be implemented with reference to the existing technology, which is not the focus of the pres...

Embodiment 3

[0063] see Figure 6 , Figure 6 It is a schematic flowchart of a scalable DDoS defense method disclosed in the embodiment of the present invention. Wherein, the scalable DDoS defense method can be applied in the DDoS defense system, and the DDoS defense system includes an access switch, a core switch and a cleaning server controlled by routing, and the embodiment of the present invention does not limit the specific implementation of the DDoS defense system. Such as Figure 6 As shown, the scalable DDoS defense method can include the following operations:

[0064] Among them, in order to facilitate the description of the specific implementation of this step, combined with Figure 7 The system described is described. Among them, the DDoS defense system also includes hardware cleaning machines.

[0065] 301. Detect whether attack traffic currently exists.

[0066]Firstly, it will capture whether there is attack traffic currently, and the detection method can be implemented...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an extensible DDoS (Distributed Denial of Service) defense method and system, the method is applied to the DDoS defense system, the DDoS defense system comprises an access switch, a core switch and a cleaning server which are controlled by routing, and the method comprises the following steps: deploying SRv6 for the access switch and the core switch; and setting a compressed routing network segment of the SRv6, and configuring sid numbers and SRv6 table entries for a plurality of ports of the access switch and the core switch. According to another aspect of the invention, the invention also discloses the extensible DDoS defense method and system, which can compile sid numbers for corresponding interfaces through the SRv6 technology used by the core switch and the access switch so as to realize centralized control of all routes and reduce repeated workload when other defense devices are newly added.

Description

technical field [0001] The invention relates to the technical field of computer network security, in particular to an expandable DDoS defense method and system. Background technique [0002] DDoS (Distributed Denial of Service, distributed denial of service attack) means that the attacker sends a large amount of data to the target by controlling a large number of devices in the network, exhausting the target's resources, and causing it to fail to respond to service requests normally. Due to the lack of security considerations in the network protocol and its openness, there are various forms of DDOS attacks. Various DDOS attack methods have appeared in the network layer, transport layer, and application layer. Especially in recent years, the trend of DDOS attacks is to attack The means are more and more diverse, and the traffic is getting bigger and bigger. [0003] In order to deal with DDOS attacks, methods such as destination address, next-hop routing method, and network ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1458
Inventor 金海洋丁瑞郑坤蔡磊卢华
Owner GUANGDONG COMM & NETWORKS INST
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap