CN105812502A - OpenFlow-based implementation method for address resolution protocol proxy technology - Google Patents

OpenFlow-based implementation method for address resolution protocol proxy technology Download PDF

Info

Publication number
CN105812502A
CN105812502A CN201610127935.5A CN201610127935A CN105812502A CN 105812502 A CN105812502 A CN 105812502A CN 201610127935 A CN201610127935 A CN 201610127935A CN 105812502 A CN105812502 A CN 105812502A
Authority
CN
China
Prior art keywords
host
address
dhcp
controller
lease
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610127935.5A
Other languages
Chinese (zh)
Inventor
李�昊
刘静
赖英旭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing University of Technology
Original Assignee
Beijing University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing University of Technology filed Critical Beijing University of Technology
Priority to CN201610127935.5A priority Critical patent/CN105812502A/en
Publication of CN105812502A publication Critical patent/CN105812502A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/10Mapping addresses of different types
    • H04L61/103Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/2521Translation architectures other than single NAT servers
    • H04L61/2528Translation at a proxy
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5076Update or notification mechanisms, e.g. DynDNS
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/59Network arrangements, protocols or services for addressing or naming using proxies for addressing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/618Details of network addresses
    • H04L2101/622Layer-2 addresses, e.g. medium access control [MAC] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2212/00Encapsulation of packets
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses
    • H04L61/5014Internet protocol [IP] addresses using dynamic host configuration protocol [DHCP] or bootstrap protocol [BOOTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

An OpenFlow-based implementation method for an address resolution protocol proxy technology belongs to the field of network communication. The OpenFlow technology provides a platform and a tool for network innovation through separating a data plane and a control plane of a network. Based on a structure realizing separation of management and control through the OpenFlow technology, software programming is performed on a controller POX and a powerful APP proxy service is designed and realized. In an OpenFlow network environment, through analyzing DHCP data packets uploaded to the controller, data including host IPs, host MACs, host port numbers and the like are extracted automatically and a host information binding table is created. After the host information table is created, the OpenFlow controller replies ARP requests as a proxy, so that a problem of communication between two hosts is solved effectively. Besides, the binding table can also be used for judging whether the data packets sent to the controller are legal or not, so that functions of normal forwarding of legal messages and discarding of illegal messages are realized. Therefore, system safety is improved substantially.

Description

Based on OpenFlow address analysis protocol proxy technology realize method
Technical field
The invention belongs to technical field of the computer network.
Background technology
Network in tradition IT architecture, disposes according to business demand after reaching the standard grade, if business demand change, remodifying the configuration on corresponding network equipment (router, switch, fire wall) is a very loaded down with trivial details thing.Under the service environment that the Internet/mobile Internet is fast changing, it is more crucial on the contrary that the high stable of network and high-performance are also insufficient for business demand, motility and agility.The thing that SDN does is the control on the network equipment to be separated, and by the controller management concentrated, need not rely on underlay network device (router, switch, fire wall), shield the difference from underlay network device.And control is wide-open, user can route and transmission rule strategy by self-defined any network thinking realization, thus more flexible and intelligent.
After carrying out SDN transformation, it is not necessary to the router of node each in network is repeatedly performed configuration, the connection of the inherently automatization of the equipment in network.Have only to define simple networking rule in use.If you do not like the agreement that router self is built-in, it is possible to by the mode programmed, it is modified, to realize better data switching performance.
In Hong Kong, the U.S.'s popular cloud host concept also slowly start to show up prominently in China, cloud main frame is cloud computing important component part in infrastructure application, is positioned at cloud computing industrial chain pyramid bottom, and product is derived from cloud computing platform.This Platform integration internet, applications three big key element: calculate, storage, network, user oriented provides the Internet infrastructure service of publicization.Cloud main frame is the Intel Virtualization Technology of a kind of similar VPS main frame, VPS adopts virtual software, VZ or VM fictionalizes the part of multiple similar unique host on a main frame, it is possible to realize unit multi-user, each part can do independent operating system, and management method is the same with main frame.And cloud main frame is the part fictionalizing multiple similar unique host on one group of cluster system, cluster has on each main frame a mirror image of cloud main frame, thus substantially increasing the security and stability of fictitious host computer, unless main frame all goes wrong in all of cluster, cloud main frame just can cannot access.
It is worth mentioning that enterprise is when renting cloud main frame, its All hosts rented is likely to not a data center, not even in a city.The physical network of the cloud main frame that so enterprise rents is likely to not at phase same network segment, although be all under phase same network segment at all cloud main frames rented of enterprises.So in physical network, how the cloud main frame of different segment communicates in enterprise network, has just become a sufficiently complex thing.
It is known that to carry out inter-host communication, then must first send ARP request and get the MAC Address of destination host.May span across multiple different network between each cloud main frame that so enterprise rents, want ARP request is forwarded to destination host, be necessary in the network utilizing network tunnel technology to connect between two main frames in legacy network and transmit message.Because we also do not know where the cloud main frame of the distributed to enterprise of cloud service provider all leaves in, span how many networks.The ARP request sent by source host exactly in simple terms is encapsulated in a specific packet, utilizes network tunnel protocol to be forwarded to by this packet in the middle of the network connecting destination host, then packet is decapsulated again, finally reach destination host.The cost of do so is higher, and efficiency comparison is low, it is achieved the amount of getting up to work also is huge.Therefore, along with the development of cloud service, legacy network inferior position in this respect just displays, and we carry out ARP proxy by the mode of SDN and then can be good at solving this problem.
It is known that in SDN framework, controller is the brain in whole network, in network, All hosts must be connected with controller, and the information of All hosts then grasped by controller.Therefore, if to communicate between the main frame under heterogeneous networks, then ARP request first can being sent to controller, because the information of All hosts in network known by controller, then the MAC Address of destination host directly can be replied to source host by controller.The thus problem of the communication solved between two main frames of convenience and high-efficiency.
DHCPSnooping technology is DHCP security feature, and by setting up and the maintaining DHCP Snooping binding table fly-by-night DHCP information of filtration, these information refer to from the DHCP information distrusting region.DHCPSnooping binding table comprises the information such as the distrust IP address in region, MAC Address, lease period, VLAN-ID interface.
After switch opens DHCP-Snooping, DHCP message can be intercepted, it is possible to extract from DHCPRequest or the DHCPAck message received and record IP address and mac address information.It addition, DHCP-Snooping allows certain physical port is set to trusted port or distrusts port.Trusted port can normally receive and forward DHCPOffer message, and distrusts the DHCPOffer packet loss that port can will receive.As such, it is possible to complete the switch shielding action to personation DHCPServer, it is ensured that client obtains IP address from legal DHCPServer.
The effect of DHCPSnooping
(1) Main Function of .DHCPSnooping is exactly completely cut off illegal DHCPServer, by configuring non-trusted port.
(2). with coordinating of switch DAI, it is prevented that the propagation of ARP virus.
(3). setting up and safeguard the binding table of a DHCPSnooping, this table one is to be generated by the IP in DHCPAck bag and MAC Address, and two is to specify by hand.This table is follow-up DAI (dynamicarpinspect) and IPSourceGuard basis.The technology that both is similar, is judge that whether IP or MAC Address be legal by this table, limits user and be connected to network.
In this programme, by the DHCP packet uploading to controller is operated and analysis, a binding table is set up by needing the data obtained to automatically extract out, need not manually add, the information one_to_one corresponding such as IP, MAC, PORT, after binding relationship is set up, from the data message that corresponding port receives, according to whether its source address has coupling to determine that whether message is legal in PORT BINDING RELATIONSHIP table, thus legal message is normally forwarded, invalid packet then abandons, and this is greatly improved the safety of system.
In large-scale data center, there is thousands of main frame, by utilizing the advantage of SDN, the All hosts information being linked in network is integrated, set up and safeguard a binding table, so not only obtain the details of All hosts, provide necessary data for ARP proxy and main-machine communication, and the centralized management for daily main frame has very big help.This is the advantage that legacy network is incomparable, is also that I studies the meaning of this work.
Summary of the invention
ARP proxy under SDN environment is listed in detail in Research Significance, and SDN is a technology extremely with innovative significance inherently.We are with SDN for overall background, utilize himself feature develop a kind of than legacy network more efficient safer ARP proxy scheme.Compared with legacy network, our ARP proxy scheme has many innovations, is described in detail as follows:
Controller is most important in the middle of SDN environment, and our scheme is one dhcp_lease table having main frame relevant information of establishment in the middle of controller, including host IP address, host MAC address, host side slogan, IP address obtains time, IP lease time.But these data we can both automatically obtain, it is not necessary to manual intervention, and ensure the safety of obtained data.Therefore our ARP proxy scheme adopts the method for DHCP proxy to obtain host IP address, host MAC address, host side slogan simultaneously, and IP address obtains time, IP lease time.We obtain, by simulating the workflow of DHCP protocol, the data that we want automatically, and write in dhcp_lease table.This is also another innovative point of our this scheme.
Wherein host IP address and main frame MAC are corresponding relation, if host IP address lease expires, then in table, this list item can be deleted, and host MAC address is no longer corresponding with this IP address.
Program starts the stream table then automatically issuing coupling ARP, DHCP packet, the packet of coupling stream table uploads to controller and starts the intervalometer scan_expire of expired host ip list item in scanning dhcp_lease table simultaneously.If meanwhile receive DHCPDISCOVER or the DHCPREQUEST message that host client sends, extract the event.port in message and in port number information write dhcp_lease table.When receiving DHCPACK message, extracting Dynamic Host Configuration Protocol server in message and distribute to the IP address MAC Address with this main frame of this main frame, time and the life cycle of IP that IP obtains write in dhcp_lease table together.So far, controller just completes the DHCP packet that operation coupling is come up, and our required data are configured to a dhcp_lease table automatically, provides necessary data for ARP proxy afterwards.
Next be discussed in detail we ARP proxy scheme realize method.
When main frame sends ARPREQUEST, now this ARPREQUEST message will not be forwarded to destination host place, but extracted the purpose IP address in ARPREQUEST packet by controller, it is compared with the first row in dhcp_lease table and host ip information, if it find that occurrence, then construct the ARPREPLY response packet comprising target MAC (Media Access Control) address according to the form of ARPREPLY, acted on behalf of and reply to the main frame sending ARPREQUEST.After the main frame sending ARPREQUEST obtains the MAC Address of destination host, continue to send ICMPREQUEST message, because according to the stream table rule issued, the packet of coupling all can first upload to controller, so after controller receives this ICMPREQUEST message, then can extract the purpose IP address comprised in this packet, continue to compare with the first row in dhcp_lease table, find occurrence, then the port numbers of respective host being extracted is encapsulated in Packet_out message, ICMPREQUEST message is forwarded in destination host by Packet_out message, destination host then can reply ICMPREPLY message after receiving this message.So far, the mode that two main frames successfully pass controller proxy ARP achieves and intercoms mutually.
In the middle of whole program is run, intervalometer is also ceaselessly operating, at set intervals run-down dhcp_lease table.Scan_expire () is as the term suggests being scan expired item.Its function is exactly deleted by IP items for information expired in dhcp_lease table, because there is lease the IP address that Dynamic Host Configuration Protocol server distributes to each main frame, lease expires, and is automatically releasable this IP address.In conjunction with practical situation, if the IP address aging in the dhcp_lease table of our structure, namely main frame MAC no longer with IP address corresponding to, then it would appear that problem in ARP proxy process afterwards.Intervalometer is set as every 30 seconds run-down dhcp_lease tables by this program, the write time of this IP address in table is deducted with present system time, difference is if greater than life cycle defined in table, namely show that this IP address lease expires, regained by Dynamic Host Configuration Protocol server to be allocated, then this IP information is deleted from dhcp_lease table.
Accompanying drawing explanation
Fig. 1 is exploitation experimental situation schematic diagram.
Detailed description of the invention
This program is using POX as controller, develops based under Openflow1.0 agreement.
POX provides several basic module and completes the parsing of common bag, by issuing the stream table of matched data bag, packet is uploaded to controller, the operation of packet is then completed in Packet_in event.After having processed, POX controller then sends Packet_out message to Openflow switch.
Exploitation experimental situation:
Controller: POX controller
Openvswitch version: 2.3.0
PC1 system version: Ubuntu14.04.2LTS
PC2 system version: Windows7
PC3 system version: Windows7
Controller POX and Openvswitch switch operate on a PC equipped with Ubuntu14.04.2LTS system version, are called PC1.This PC1 is equipped with 3 network card interface.The simulated environment of this experiment is constituted plus two PC2, PC3 equipped with Windows7 system.
Equipped with controller POX, the PC of OVS is called control host PC 1, the PC of two Window7 systems is called PC2 and PC3, PC2 and PC3 is connected on 2 network interface cards of PC1, is linked together by two PC by the OVS bridge br0 built, and the another one network interface card of PC1 is connected with Dynamic Host Configuration Protocol server, so, PC2, PC3 can with Dynamic Host Configuration Protocol server communications by bridge joint, it is thus achieved that DHCP service.
Experiment effect:
This program is with 2 different main frames any in 2 PC analog networks, and the IP address meanwhile controller POX that they obtain oneself from Dynamic Host Configuration Protocol server respectively also obtain the relevant information of two PC and is created as table.The ARP proxy technology that PC2 can pass through to utilize this programme to propose afterwards communicates with PC3 foundation.
The present invention realizes in a computer successively according to the following steps:
Step (1): issue the stream table of coupling ARP, DHCP packet
PC1 starts program, issues the stream table of coupling ARP, DHCP packet, then the packet mated with stream table is uploaded to controller POX
Step (2): start intervalometer and scan expired IP entry
Starting the intervalometer scan_expire of expired host ip list item in scanning dhcp_lease table, at whole program run duration according to the continual operation of the content of application definition, the function of the setting of intervalometer is as follows:
Step (2.1): print system time and be easy to observe and analyze.
Step (2.2): traversal list_all list, expired IP items for information is deleted, and not out of date entry re-writes disk document.
Step (2.3): time format, the form that the system of being converted into can process.
Step (2.4): the time of IP entry write becomes the second with current time conversion.
Step (2.5): deduct IP items for information with the current time and be written to time of disk and draw the time that this information has existed.
Step (2.6): if IP items for information exist time more than regulation lease time; delete this information.
Step (2.7): intervalometer was every 30 seconds run-downs.
Step (3): PC2, PC3 obtain by DHCP service application IP address
In PC2, PC3 upper input ipconfig/renew order, to Dynamic Host Configuration Protocol server application IP address, the associative operation of DHCP module in this command triggers arp_dhcp_handler.py, namely the relevant information of PC2, PC3 is write in dhcp_lease table.Its main information, by the DHCP packet uploaded is resolved, is extracted in write table by controller, and in table, content is once from the beginning to the end, PC2, port numbers that IP address that PC3 obtains, the MAC Address of PC2, PC3, PC2, PC3 and PC1 connect, IP acquisition time, IP life cycle.
Step (4): realize controller proxy arp function.
Program has issued the stream table of coupling DHCP, ARP packet when starting makes it upload to controller.Want the intercommunication mutually realizing between the host PC 2 in network and PC3, first PC2 need to send ARP request, ARP request packet is uploaded to controller POX, controller POX extracts the purpose IP address information in the PC2 ARP request bag sent, it is made to mate with the first row in dhcp_lease table and host ip information, find the information matches with PC3, then the MAC Address of the PC3 in secondary series is acted on behalf of and reply to the host PC 2 sending ARP request.When the host PC 2 sending ARP request learns after the MAC Address of destination host PC3, then may proceed to send ICMPREQUEST message, after controller gets this message, then can extract the purpose IP address comprised in packet, continue to compare with the first row in dhcp_lease table, find occurrence, then the OpenFlow port numbers of respective host PC3 being extracted is encapsulated in Packet_out message, being then forwarded in destination host PC3, destination host PC3 sends ICMPREPLY message to PC2 afterwards.So far, two main frames meet what communication possessed condition and therefore realize intercoming mutually.
Step (5): issue coupling destination host IP, destination host port numbers is to flowing table
Issue the IP of coupling destination host PC3, the stream table of port numbers.So as to after similar packet directly switch through from switchboard direct by stream table rule and send out, no longer upload to controller.So can either ensure that communication efficiency also is able to alleviate the load of controller, thus ensureing that whole network runs well.

Claims (1)

1. realize method based on the address analysis protocol proxy technology of OpenFlow, it is characterised in that:
Creating a dhcp_lease table having main frame relevant information in the middle of controller, adopt the method for DHCP proxy to obtain host IP address, host MAC address, host side slogan, IP address obtains time and IP lease time, and writes in dhcp_lease table;Wherein host IP address and main frame MAC are corresponding relation, if host IP address lease expires, then in table, this list item can be deleted, and host MAC address is no longer corresponding with this IP address;
When main frame sends ARPREQUEST, the purpose IP address in ARPREQUEST packet is extracted by controller, it is compared with the first row in dhcp_lease table and host ip information, if it find that occurrence, then construct the ARPREPLY response packet comprising target MAC (Media Access Control) address according to the form of ARPREPLY, acted on behalf of and reply to the main frame sending ARPREQUEST;After the main frame sending ARPREQUEST obtains the MAC Address of destination host, continue to send ICMPREQUEST message;After controller receives this ICMPREQUEST message, then can extract the purpose IP address comprised in this packet, continue to compare with the first row in dhcp_lease table, find occurrence, then the port numbers of respective host being extracted is encapsulated in Packet_out message, being forwarded in destination host by ICMPREQUEST message by Packet_out message, destination host then can reply ICMPREPLY message after receiving this message;
In the middle of whole program is run, intervalometer is run-down dhcp_lease table at set intervals, the write time of this IP address in table is deducted with present system time, difference is if greater than life cycle defined in table, namely show that this IP address lease expires, regained by Dynamic Host Configuration Protocol server to be allocated, then this IP information is deleted from dhcp_lease table.
CN201610127935.5A 2016-03-07 2016-03-07 OpenFlow-based implementation method for address resolution protocol proxy technology Pending CN105812502A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610127935.5A CN105812502A (en) 2016-03-07 2016-03-07 OpenFlow-based implementation method for address resolution protocol proxy technology

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610127935.5A CN105812502A (en) 2016-03-07 2016-03-07 OpenFlow-based implementation method for address resolution protocol proxy technology

Publications (1)

Publication Number Publication Date
CN105812502A true CN105812502A (en) 2016-07-27

Family

ID=56467663

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610127935.5A Pending CN105812502A (en) 2016-03-07 2016-03-07 OpenFlow-based implementation method for address resolution protocol proxy technology

Country Status (1)

Country Link
CN (1) CN105812502A (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106506534A (en) * 2016-12-09 2017-03-15 河南工业大学 A kind of ARP attack detection methods of SDN
CN107911297A (en) * 2017-11-21 2018-04-13 迈普通信技术股份有限公司 A kind of SDN network band control Path Setup method and apparatus
CN109842692A (en) * 2018-11-13 2019-06-04 联想企业解决方案(新加坡)有限公司 VxLAN switch, system and method for obtaining host information in physical network
CN110401733A (en) * 2019-08-22 2019-11-01 中国科学院声学研究所 A kind of ARP protocol implementation method, system and the controller of SDN network
CN111010362A (en) * 2019-03-20 2020-04-14 新华三技术有限公司 Monitoring method and device for abnormal host
CN111431912A (en) * 2020-03-30 2020-07-17 上海连尚网络科技有限公司 Method and device for detecting DHCP hijacking
CN111884916A (en) * 2020-07-24 2020-11-03 杭州希益丰新业科技有限公司 Proxy gateway system for realizing transparent transmission based on multi-network-port computer
CN112235881A (en) * 2020-10-21 2021-01-15 深圳市友华软件科技有限公司 Method and device for truly displaying down-hanging equipment based on ONU (optical network Unit) relay network
US20210377299A1 (en) * 2020-05-26 2021-12-02 Dell Products L.P. Determine a trusted dynamic host configuration protocol (dhcp) server in a dhcp snooping environment

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0915594A2 (en) * 1997-10-07 1999-05-12 AT&T Corp. Method for route selection from a central site
CN101442436A (en) * 2007-11-20 2009-05-27 国际商业机器公司 IP network management method and system
CN103248724A (en) * 2013-04-19 2013-08-14 中国(南京)未来网络产业创新中心 SDN (Software-Defined Networking) controller-based DHCP (Dynamic Host Configuration Protocol) broadcast processing method
CN103650427A (en) * 2011-07-08 2014-03-19 阿尔卡特朗讯公司 Centralized system for routing ethernet packets over an internet protocol network
CN104202266A (en) * 2014-08-04 2014-12-10 福建星网锐捷网络有限公司 Communication method, switch, controller and communication system
CN104301238A (en) * 2014-10-17 2015-01-21 福建星网锐捷网络有限公司 Message processing method, device and system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0915594A2 (en) * 1997-10-07 1999-05-12 AT&T Corp. Method for route selection from a central site
CN101442436A (en) * 2007-11-20 2009-05-27 国际商业机器公司 IP network management method and system
CN103650427A (en) * 2011-07-08 2014-03-19 阿尔卡特朗讯公司 Centralized system for routing ethernet packets over an internet protocol network
CN103248724A (en) * 2013-04-19 2013-08-14 中国(南京)未来网络产业创新中心 SDN (Software-Defined Networking) controller-based DHCP (Dynamic Host Configuration Protocol) broadcast processing method
CN104202266A (en) * 2014-08-04 2014-12-10 福建星网锐捷网络有限公司 Communication method, switch, controller and communication system
CN104301238A (en) * 2014-10-17 2015-01-21 福建星网锐捷网络有限公司 Message processing method, device and system

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106506534B (en) * 2016-12-09 2019-09-27 河南工业大学 A kind of ARP attack detection method of SDN network
CN106506534A (en) * 2016-12-09 2017-03-15 河南工业大学 A kind of ARP attack detection methods of SDN
CN107911297B (en) * 2017-11-21 2020-03-24 迈普通信技术股份有限公司 SDN network in-band control channel establishment method and device
CN107911297A (en) * 2017-11-21 2018-04-13 迈普通信技术股份有限公司 A kind of SDN network band control Path Setup method and apparatus
CN109842692A (en) * 2018-11-13 2019-06-04 联想企业解决方案(新加坡)有限公司 VxLAN switch, system and method for obtaining host information in physical network
CN111010362A (en) * 2019-03-20 2020-04-14 新华三技术有限公司 Monitoring method and device for abnormal host
CN111010362B (en) * 2019-03-20 2021-09-21 新华三技术有限公司 Monitoring method and device for abnormal host
CN110401733A (en) * 2019-08-22 2019-11-01 中国科学院声学研究所 A kind of ARP protocol implementation method, system and the controller of SDN network
CN111431912A (en) * 2020-03-30 2020-07-17 上海连尚网络科技有限公司 Method and device for detecting DHCP hijacking
CN111431912B (en) * 2020-03-30 2021-12-28 上海尚往网络科技有限公司 Method and device for detecting DHCP hijacking
US20210377299A1 (en) * 2020-05-26 2021-12-02 Dell Products L.P. Determine a trusted dynamic host configuration protocol (dhcp) server in a dhcp snooping environment
US11641374B2 (en) * 2020-05-26 2023-05-02 Dell Products L.P. Determine a trusted dynamic host configuration protocol (DHCP) server in a DHCP snooping environment
CN111884916A (en) * 2020-07-24 2020-11-03 杭州希益丰新业科技有限公司 Proxy gateway system for realizing transparent transmission based on multi-network-port computer
CN112235881A (en) * 2020-10-21 2021-01-15 深圳市友华软件科技有限公司 Method and device for truly displaying down-hanging equipment based on ONU (optical network Unit) relay network

Similar Documents

Publication Publication Date Title
CN105812502A (en) OpenFlow-based implementation method for address resolution protocol proxy technology
CN103825954B (en) A kind of OpenFlow control methods and corresponding plug-in unit, platform and network
EP2843906B1 (en) Method, apparatus, and system for data transmission
JP5776337B2 (en) Packet conversion program, packet conversion apparatus, and packet conversion method
CN104581419B (en) Double net implementation methods based on android Intelligent set top boxes
CN106790420B (en) A kind of more session channel method for building up and system
EP3148113B1 (en) Multicast method, apparatus, and system for software defined network
CN105553849A (en) Conventional IP network and SPTN network intercommunication method and system
CN102355479B (en) Method and equipment for forwarding traffic of multi-NAT (network address translation) gateway
CN106134133B (en) Tunneling time critical messages between substations over WAN
CN105450553A (en) Mechanism for management controllers to learn the control plane hierarchy in a data center environment
CN103763310A (en) Firewall service system and method based on virtual network
CN114024880B (en) Network target range probe acquisition method and system based on proxy IP and flow table
US20140317313A1 (en) Nat sub-topology management server
JP2013157855A (en) Method of connecting virtual network, virtual network connection device, and program
CN104407913A (en) Method for implementing two-wire access through virtual machine with single network card
CN103428095A (en) Proxy server and proxy method thereof
CN106713493A (en) System and method for constructing distributed file system in cluster environment
CN104092630A (en) Configuration file for automatic operation of switchboards and operation method thereof
CN109088957A (en) The method, apparatus and equipment of NAT regulation management
JP6211975B2 (en) Network extension system, control device, and network extension method
CN105357130A (en) System for information transmission, and controller for information transmission
CN108833284B (en) Communication method and device for cloud platform and IDC network
CN113742424B (en) Natural resource integrated cross-network dynamic form data synchronization method based on RPA
CN105607594B (en) The method that server memory based on smart home searches equipment

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20160727

RJ01 Rejection of invention patent application after publication