Device and method for implementing endogenous security of forwarding flow table

An implementation method and flow forwarding technology, applied in the field of data communication, can solve problems such as algorithm vulnerability and untrustworthiness, and achieve the effect of active defense, meeting business needs, and avoiding vulnerability.

Active Publication Date: 2022-06-03
FENGHUO COMM SCI & TECH CO LTD
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] Aiming at the above defects or improvement needs of the prior art, the present invention provides a device and method for implementing endogenous security of forwarding flow tables. Compare and determine the security executive body and the attacked executive body to realize the endogenous security of network equipment, thereby solving the technical problem that a single algorithm is vulnerable to attack and untrustworthy

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Device and method for implementing endogenous security of forwarding flow table
  • Device and method for implementing endogenous security of forwarding flow table
  • Device and method for implementing endogenous security of forwarding flow table

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0060] In order to solve the technical problem that a single algorithm is vulnerable and untrustworthy, and realize the endogenous security of network equipment in a better heterogeneous manner, the embodiment of the present invention provides an endogenous security implementation device for forwarding flow table, such as: figure 1 As shown, it mainly includes a control unit, a security processing unit and a data plane.

[0061] The control unit calculates the forwarding flow table of the current network device separately based on different algorithms through different executors, and allocates a unified flow identification ID to each forwarding flow table according to the service flow attribute, and sends each forwarding flow table to all the forwarding flow tables after the allocation is completed. The security processing unit; wherein, the forwarding flow table includes one or more entries including a flow ID, and each service corresponds to an entry in the forwarding flow ta...

Embodiment 2

[0098] In order to solve the technical problem that a single algorithm is vulnerable and untrustworthy, and realize the endogenous security of network devices in a more optimal heterogeneous manner, the embodiment of the present invention further provides a method for realizing endogenous security of a forwarding flow table, which can be implemented by The apparatus described in Example 1 was completed.

[0099] like image 3 As shown, the method for implementing the endogenous security of the forwarding flow table provided by the embodiment of the present invention mainly includes the following steps:

[0100] Step S1: The configuration management module of the control unit selects at least three heterogeneous executive bodies, and configures a flow table generation algorithm, a flow table generation method, and related QoS constraint parameters for each executive body, and different executive bodies are configured with different flow table generation algorithm.

[0101] Th...

Embodiment 3

[0113] On the basis of the foregoing Embodiment 1, this embodiment of the present invention further introduces the process of "generating a forwarding flow table by each executor" corresponding to step S2. combine Figure 4 , the process of generating the forwarding flow table by each executor is as follows:

[0114] Step S201: Each executor receives the flow table generation algorithm, flow table generation method, and related QoS constraint parameters, such as delay and jitter requirements, configured by the configuration management module. It can be seen from the introduction in Embodiment 2 that the configuration management module will pre-configure the flow table generation algorithm, flow table generation method and relevant QoS constraint parameters that need to be satisfied for each executor. Leave 10M bandwidth, etc.; then each executive body can directly receive and use the parameters configured by the configuration management module. When the priority is pre-confi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a device and method for implementing endogenous security of forwarding flow tables. The control unit calculates the forwarding flow tables of the current network equipment based on different algorithms through different executive bodies, and allocates a unified forwarding flow table for each forwarding flow table according to the attributes of business flows. After the distribution is completed, each forwarding flow table is sent to the security processing unit; the security processing unit detects the security of each executive by comparing different forwarding flow tables, and according to the detection result, forwards the forwarding flow table generated by the security executive Send to the data plane; after receiving the data packet, the data plane calculates the flow ID according to the key field, and based on the flow ID, finds the corresponding entry from the received secure forwarding flow table to forward the data packet. The present invention generates dynamic heterogeneous redundancy of forwarding flow tables based on different algorithms, avoids the problem that a single algorithm is vulnerable to attack and cannot be trusted, and realizes endogenous security of network equipment in a more optimal heterogeneous manner.

Description

technical field [0001] The invention belongs to the technical field of data communication, and more particularly, relates to an endogenous security implementation device and method for forwarding a flow table. Background technique [0002] As the Internet penetrates deeply into production and life, especially the Internet of Vehicles, telemedicine, and industrial networks have put forward higher requirements for network security and trustworthiness, but the currently used TCP / IP protocol system is designed for a small The "acquaintance network" with scale and mutual trust does not consider how to establish trusted communication in the environment of untrusted network and terminal, nor fully consider how to carry out safe and reliable communication in the network with security risks. This leads to the current Internet superimposing partial security functions by continuously adding "security patches", instead of having complete and endogenous security and trustworthiness capab...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L45/00H04L9/40H04L47/24
CPCH04L45/54H04L63/20H04L47/24
Inventor 汪学舜余少华戴锦友张紫倩赵晓雨
Owner FENGHUO COMM SCI & TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap