Message transmission method and related device

Abstract

The embodiment of the invention discloses a message transmission method and access gateway equipment. The embodiment of the invention can be applied to a system architecture in which a control plane and a forwarding plane are separated, and specifically can be realized on access gateway equipment, and the method comprises the following steps: the access gateway equipment determines a CAR channel corresponding to a message according to user host feature information and a changed salt value or a feature sequence obtained by randomly sorting bits of the user host feature information, in this way, messages sent by the same user host in different time periods can enter different CAR channels to be transmitted, and therefore legal user hosts can avoid attacks of illegal user hosts to complete the session establishment process.

Description

technical field [0001] The embodiments of the present application relate to the technical field of network interconnection protocols, and in particular, to a message transmission method and related devices. Background technique [0002] The access gateway (AG) generally adopts a system architecture in which the control plane and the forwarding plane are separated. Among them, the central processing unit (CPU) of the control plane is weak in processing packets. Once a network attack occurs, It will cause the CPU to be busy and cause the entire network to be unstable. Generally, when packets are sent from the forwarding plane to the control plane, a committed access rate (CAR) rate-limiting strategy is adopted to ensure that the flow of packets sent to the CPU is within the processing capability of the CPU. [0003] The host committed access rate (host-CAR) rate limiting technology is an anti-attack technology. By limiting the flow of CPU packets sent by the user host, the im...

AI Technical Summary

Problems solved by technology

[0004] However, when a large number of attack packets without session establishment sent by illegal user hosts appear in the host-CAR area of ​​the packets without session establishment, the access gateway device hashes the packets without session establishment according to a fixed hash algorithm, The legitimate user hosts that hash the attack packets of the illegal user hosts in the same CAR channel are fixed. The traffic of the attack packets of the illegal user hosts is very large, and the packets of the legitimate user hosts with small traffic will be blocked by the CAR channel. Rate-limited discarding, which will cause all unestablished packets sent by legitimate user hosts in the same CAR channel as the attack packets of illegal user hosts to be crowded by attack packets, and all unestablished packets sent by legitimate user hosts Session packets cannot complete the session establishment process

Images