CN108540348B - To the analysis process system and processing method of a variety of Virtual Private Network flows - Google Patents

To the analysis process system and processing method of a variety of Virtual Private Network flows Download PDF

Info

Publication number
CN108540348B
CN108540348B CN201810323970.3A CN201810323970A CN108540348B CN 108540348 B CN108540348 B CN 108540348B CN 201810323970 A CN201810323970 A CN 201810323970A CN 108540348 B CN108540348 B CN 108540348B
Authority
CN
China
Prior art keywords
vpn
flow
private network
virtual private
processing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810323970.3A
Other languages
Chinese (zh)
Other versions
CN108540348A (en
Inventor
邹昕
张家琦
贾有春
武欣
韩志前
李高超
颜靖华
何清林
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Sinovatio Technology LLC
National Computer Network and Information Security Management Center
Original Assignee
Nanjing Sinovatio Technology LLC
National Computer Network and Information Security Management Center
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Sinovatio Technology LLC, National Computer Network and Information Security Management Center filed Critical Nanjing Sinovatio Technology LLC
Priority to CN201810323970.3A priority Critical patent/CN108540348B/en
Publication of CN108540348A publication Critical patent/CN108540348A/en
Application granted granted Critical
Publication of CN108540348B publication Critical patent/CN108540348B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/02Capturing of monitoring data
    • H04L43/028Capturing of monitoring data by filtering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/02Capturing of monitoring data
    • H04L43/026Capturing of monitoring data using flow identification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/50Routing or path finding of packets in data switching networks using label swapping, e.g. multi-protocol label switch [MPLS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention discloses a kind of analysis process system and processing method to a variety of Virtual Private Network flows, it is responsible for the integration of Virtual Private Network technology by first device, shield the difference of various VPN technologies, VPN flow is found roughly simultaneously and is finely counted, original VPN flow is transmitted to secondary server after two layer message encapsulation or three-tier message encapsulation as needed;Secondary server generates mapping table entry according to VPN user information, hexa-atomic group of rule table clause effect level-one acquires equipment;Afterbody equipment and secondary server, which cooperate, realizes that the analysis to Virtual Private Network flow is handled.

Description

To the analysis process system and processing method of a variety of Virtual Private Network flows
Technical field
The present invention relates to IP data network datas to acquire field, especially a kind of pair of Virtual Private Network flow analysis processing System.
Present invention simultaneously relates to Virtual Private Network flow analysis processing methods.
Background technique
Common Virtual Private Network technology has mpls, vlan, frame relay.Due to different in Virtual Private Network VPN between there are identical subnet traffic, so level-one acquires processing one of the equipment to all kinds of Virtual Private Network flow differences Straight not good method.
Therefore the technical solution for needing one kind new is to solve the above problems.
Summary of the invention
It is an object of the invention to: a kind of multi-service flow separate system based on SDN framework is provided.
Present invention simultaneously provides the multi-service flow streamed data processing methods based on SDN framework.
In order to achieve the above objectives, following technical solution can be used in guide shell device of the present invention:
A kind of analysis process system to a variety of Virtual Private Network flows, between first device and secondary server The analysis of networking traffic is handled, comprising:
The enabled module of Virtual Private Network flow processing, for controlling whether to analyze dedicated network flow, handle;
The pre- discovery module of Virtual Private Network flow, for having detected whether VPN when not knowing specific VPN feature Flow passes through;
Virtual Private Network flow action executing module, there are three types of movements: white list movement, redirects blacklist movement Movement;White list, which refers to, carries out transparent transmission processing to flow;Blacklist, which refers to, carries out discard processing to flow;Redirection refers to stream Amount gives the processing of Virtual Private Network flux deepness analysis module;
Virtual Private Network flow modular converter is redirected for the format to data on flows, if first device and two Grade two layers of networking of server redirect format using MacInMac;If the three layers of networking of first device and secondary server, use Vxlan redirects format;
Virtual Private Network flux deepness analysis module, it is raw to be analyzed and processed according to No. VPN in redirection message It is added to first device at mapping table entry, hexa-atomic group of rule table clause and by arranging proprietary protocol.
The utility model has the advantages that the present invention provides analysis process system aiming at the problems existing in the prior art, wherein level-one is set Standby responsible Virtual Private Network technology integration, shields the difference of various VPN technologies, while find roughly to VPN flow and finely Then statistics is acted (white list, blacklist, redirection) processing to Virtual Private Network flow, as needed will be original VPN flow is transmitted to secondary server after two layer message encapsulates or three-tier message encapsulates;Secondary server is according to VPN user Information generates mapping table entry, hexa-atomic group of rule table clause effect level-one acquires equipment;First device is defined simultaneously and second level takes It is engaged in the mutual message format of device, VPN information is carried by vlan in mutual message format, flux deepness is greatly facilitated and analyzes mould The analysis of block is handled.
Further, the pre- discovery module of Virtual Private Network flow is to find that default VPN and fine VPN mapping is closed System, if when flow does not match any accurate VPN corresponding relationship or when fruit does not configure any accurate VPN corresponding relationship Acquire default No. VPN.
Further, six element group representations of VPN flow, hexa-atomic group by No. VPN, protocol number, source IP, destination IP, source port, Destination port composition, uniquely to indicate some VPN flow.
Further, fine VPN mapping relations are for tracking specific VPN user, configuration VPN and vlan, mpls, dlic Mapping relations, as needed select vlan, mpls, dlic thrin or three combination.
The present invention also provides a kind of analysis and processing methods to a variety of Virtual Private Network flows, and following technology can be used Scheme:
Judge whether to analyze dedicated network flow, handle,
It such as needs to handle, has then detected whether that VPN flow passes through,
Judge whether the operation that white list movement, blacklist movement, redirection movement are carried out to VPN flow;White list is Refer to and transparent transmission processing is carried out to flow;Blacklist, which refers to, carries out discard processing to flow;Redirection, which refers to, gives flow virtually specially With network flow depth analysis resume module;
It redirects for the format to data on flows, if the two layers of networking of first device and secondary server, uses MacInMac redirects format;If the three layers of networking of first device and secondary server, format is redirected using Vxlan;
It is analyzed and processed, generates mapping table entry, hexa-atomic group of rule table clause and led to according to No. VPN in redirection message It crosses agreement proprietary protocol and is added to first device.
The utility model has the advantages that the present invention provides analysis and processing method aiming at the problems existing in the prior art, wherein level-one is set Standby responsible Virtual Private Network technology integration, shields the difference of various VPN technologies, while find roughly to VPN flow and finely Then statistics is acted (white list, blacklist, redirection) processing to Virtual Private Network flow, as needed will be original VPN flow is transmitted to secondary server after two layer message encapsulates or three-tier message encapsulates;Secondary server is according to VPN user Information generates mapping table entry, hexa-atomic group of rule table clause effect level-one acquires equipment;First device is defined simultaneously and second level takes It is engaged in the mutual message format of device, VPN information is carried by vlan in mutual message format, flux deepness is greatly facilitated and analyzes mould The analysis of block is handled.
Invention also provides the network flow processing methods according to above-mentioned analysis process system, and following technology can be used Scheme, comprising the following steps:
Step 101, flow enters first device from port;
Step 102, vlan, mpls, frame relay packet parsing are carried out;
Step 103, judge whether VPN flow processing function is opened, carry out step 104 processing if opened, otherwise carry out 105 processing;
Step 104, if it is vlan message, then No. vlan lookup VPN relation mapping table is extracted;If it is mpls message, It then extracts label value and searches VPN relation mapping table;If it is POS frame relay message, then extracts dlci value and search the pass VPN It is mapping table;
Step 105, transparent transmission processing is carried out to message;
Step 106, judge whether to match VPN relation mapping table, if matching carries out step 107 processing, otherwise be walked Rapid 108 processing;
Step 107, No. VPN for pressing table clause in hit VPN relation mapping table is counted;
Step 108, default No. VPN of configuration is pressed to be counted;
Step 109, hexa-atomic group is constructed with agreement, source IP, destination IP, source port, destination port in No. VPN and original flow Key assignments;
Step 110, search hexa-atomic group of rule list and judge whether to hit, if hit carry out step 111 processing, otherwise into The processing of row step 105;
Step 111, it is handled by hexa-atomic group of rule action, acts, then flow is abandoned if it is blacklist Processing;It is acted if it is white list, then transparent transmission processing is carried out to flow;It is acted if it is redirection, then flow is sent to stream Measure depth analysis resume module;
Step 112, judge whether two laminar flow amount injection way, if it is two laminar flow amount injection way, then carry out step 113 Processing;If it is three laminar flow amount injection way, then step 114 processing is carried out;
Step 113, increase 802.1Q field carrying VPN information in two floor encapsulation redirection message and be supplied to flux deepness Analysis module analysis;
Step 114, VPN information is carried by the head vxlan in three floor encapsulation redirection message and is supplied to flux deepness Analysis module analysis;
Step 115, secondary server is analyzed and processed according to No. VPN in redirection message, generates mapping table entry, six Tuple rule table clause is added to first device by arranging proprietary protocol
Detailed description of the invention
Fig. 1 is the analysis process flow diagram of a variety of Virtual Private Network flows of the invention.
Specific embodiment
With reference to the accompanying drawing to being illustrated.
Embodiment one
It can refer to Fig. 1, embodiment one provides a kind of analysis process system to a variety of Virtual Private Network flows, is used for one The analysis of networking traffic is handled between grade equipment and secondary server, comprising:
The enabled module of Virtual Private Network flow processing, for controlling whether to analyze dedicated network flow, handle, With assurance function independence, the influence to the other functions of system is reduced.
The pre- discovery module of Virtual Private Network flow, for having detected whether VPN when not knowing specific VPN feature Flow passes through;It is finely counted again according to some VPN feature that Virtual Private Network flux deepness analysis module is fed back.Its In, the pre- discovery module of Virtual Private Network flow is to find default VPN and fine VPN mapping relations, if flow does not have Have when matching any accurate VPN corresponding relationship or fruit then acquires default VPN when not configuring any accurate VPN corresponding relationship Number.Fine VPN mapping relations configure No. VPN mapping relations with vlan, mpls, dlic, root for tracking specific VPN user According to needing to select vlan, mpls, dlic thrin or three to combine.It is with No. VPN 10 configuration vlan 100, mpls 200 Example is illustrated, unified for the flow of the vlan flow for being 100 or mpls 200 to handle by VPN 10.
Virtual Private Network flow action executing module, there are three types of movements: white list movement, redirects blacklist movement Movement;White list, which refers to, carries out transparent transmission processing to flow;Blacklist, which refers to, carries out discard processing to flow;Redirection refers to stream Amount gives the processing of Virtual Private Network flux deepness analysis module.Six element group representations of VPN flow, hexa-atomic group by No. VPN, agreement Number, source IP, destination IP, source port, destination port composition, can uniquely indicate some VPN flow.By hexa-atomic group of definition process Movement, wherein protocol number, source IP, destination IP, source port, destination port support mask, it can be achieved that pressing some VPN big customer's flow Or some user carries out different movement processing in some VPN big customer.
Virtual Private Network flow modular converter is redirected for the format to data on flows, if first device and two Grade two layers of networking of server redirect format using MacInMac;Such as:
Two layers of redirection format:
DMAC SMAC Vlan Type Original message
Illustrate: Vlan field fills in VPN number.
If the three layers of networking of first device and secondary server, format is redirected using Vxlan;Such as:
Three layers of redirection format:
Illustrate: Vxlan id field fills in corresponding No. VPN.
Virtual Private Network flux deepness analysis module, it is raw to be analyzed and processed according to No. VPN in redirection message It is added to first device at mapping table entry, hexa-atomic group of rule table clause and by arranging proprietary protocol.
Embodiment two
Corresponding above-mentioned analysis process system can equally provide a kind of analysis processing to a variety of Virtual Private Network flows The embodiment of method, comprising:
Judge whether to analyze dedicated network flow, handle,
Such as need to handle, then detected whether that VPN flow passes through, the pre- discovery module of Virtual Private Network flow to It was found that default VPN and fine VPN mapping relations, if when flow does not match any accurate VPN corresponding relationship or fruit does not have Default No. VPN is then acquired when configuring any accurate VPN corresponding relationship.Fine VPN mapping relations are used to track specific VPN user, The mapping relations of No. VPN with vlan, mpls, dlic are configured, select vlan, mpls, dlic thrin or three as needed Person's combination.
Judge whether the operation that white list movement, blacklist movement, redirection movement are carried out to VPN flow;White list is Refer to and transparent transmission processing is carried out to flow;Blacklist, which refers to, carries out discard processing to flow;Redirection, which refers to, gives flow virtually specially With network flow depth analysis resume module;
It redirects for the format to data on flows, if the two layers of networking of first device and secondary server, uses MacInMac redirects format;If the three layers of networking of first device and secondary server, format is redirected using Vxlan;
It is analyzed and processed, generates mapping table entry, hexa-atomic group of rule table clause and led to according to No. VPN in redirection message It crosses agreement proprietary protocol and is added to first device.
Embodiment three
Incorporated by reference to shown in Fig. 1, the present embodiment provides a kind of network flows of analysis process system according to embodiment one Processing method, comprising the following steps:
Step 101, flow enters first device from port;
Step 102, vlan, mpls, frame relay packet parsing are carried out;
Step 103, judge whether VPN flow processing function is opened, carry out step 104 processing if opened, otherwise carry out 105 processing;
Step 104, if it is vlan message, then No. vlan lookup VPN relation mapping table is extracted;If it is mpls message, It then extracts label value and searches VPN relation mapping table;If it is POS frame relay message, then extracts dlci value and search the pass VPN It is mapping table;
Step 105, transparent transmission processing is carried out to message;
Step 106, judge whether to match VPN relation mapping table, if matching carries out step 107 processing, otherwise be walked Rapid 108 processing;
Step 107, No. VPN for pressing table clause in hit VPN relation mapping table is counted;
Step 108, default No. VPN of configuration is pressed to be counted;
Step 109, hexa-atomic group is constructed with agreement, source IP, destination IP, source port, destination port in No. VPN and original flow Key assignments;
Step 110, search hexa-atomic group of rule list and judge whether to hit, if hit carry out step 111 processing, otherwise into The processing of row step 105;
Step 111, it is handled by hexa-atomic group of rule action, acts, then flow is abandoned if it is blacklist Processing;It is acted if it is white list, then transparent transmission processing is carried out to flow;It is acted if it is redirection, then flow is sent to stream Measure depth analysis resume module;
Step 112, judge whether two laminar flow amount injection way, if it is two laminar flow amount injection way, then carry out step 113 Processing;If it is three laminar flow amount injection way, then step 114 processing is carried out;
Step 113, increase 802.1Q field carrying VPN information in two floor encapsulation redirection message and be supplied to flux deepness Analysis module analysis;
Step 114, VPN information is carried by the head vxlan in three floor encapsulation redirection message and is supplied to flux deepness Analysis module analysis;
Step 115, secondary server is analyzed and processed according to No. VPN in redirection message, generates mapping table entry, six Tuple rule table clause is added to first device by arranging proprietary protocol.
The present invention proposes that a kind of system-level first device is cooperated with secondary server to " Virtual Private Network stream The analysis and processing method of amount ".All kinds of Virtual Private Network flow differences are shielded, from rough Statistics to fine statistics, then to void Quasi- dedicated network flow is acted (white list, blacklist, redirection) processing.First device and secondary server are defined simultaneously Mutual message format, VPN information is carried by vlan in mutual message format, greatly facilitates flux deepness analysis module Analysis processing.

Claims (8)

1. a kind of analysis process system to a variety of Virtual Private Network flows is used for group between first device and secondary server The analysis of net flow is handled characterized by comprising
The enabled module of Virtual Private Network flow processing, for controlling whether to analyze Virtual Private Network flow, handle;
The pre- discovery module of Virtual Private Network flow, for having detected whether VPN flow when not knowing specific VPN feature Pass through;
Virtual Private Network flow action executing module, there are three types of movements: white list movement, blacklist movement, redirection movement; White list movement, which refers to, carries out transparent transmission processing to flow;Blacklist movement, which refers to, carries out discard processing to flow;Redirection movement Refer to and gives the processing of Virtual Private Network flux deepness analysis module flow;
Virtual Private Network flow modular converter is redirected for the format to data on flows, if first device and second level clothes Business two layers of networking of device redirect format using MacInMac;If the three layers of networking of first device and secondary server, use Vxlan redirects format;
Virtual Private Network flux deepness analysis module, for being analyzed and processed according to No. VPN in redirection message, generation is reflected Firing table entry, hexa-atomic group of rule table clause are simultaneously added to first device by arranging proprietary protocol.
2. analysis process system according to claim 1, it is characterised in that: the Virtual Private Network flow finds mould in advance Block for finding default VPN and fine VPN mapping relations,
If if not configuring when flow does not match any accurate VPN corresponding relationship or any accurate VPN corresponding relationship When then acquire default No. VPN.
3. analysis process system according to claim 1, it is characterised in that: six element group representations of VPN flow, hexa-atomic group by No. VPN, protocol number, source IP, destination IP, source port, destination port composition, for uniquely indicating some VPN flow.
4. analysis process system according to claim 2, it is characterised in that: fine VPN mapping relations are specific for tracking VPN user, configuration VPN and the mapping relations of vlan, mpls, dlic, as needed selection vlan, mpls, dlic three it One or three combination.
5. a kind of analysis and processing method to a variety of Virtual Private Network flows, it is characterised in that:
Judge whether to analyze Virtual Private Network flow, handle,
It such as needs to handle, has then detected whether that VPN flow passes through,
Judge whether the operation that white list movement or blacklist movement or redirection movement are carried out to VPN flow;White list movement Refer to and transparent transmission processing is carried out to flow;Blacklist movement, which refers to, carries out discard processing to flow;Redirection movement refers to flow Give the processing of Virtual Private Network flux deepness analysis module;
The format of data on flows is redirected, if the two layers of networking of first device and secondary server, are reset using MacInMac To format;If the three layers of networking of first device and secondary server, format is redirected using Vxlan;
Virtual Private Network flux deepness analysis module is analyzed and processed according to No. VPN in redirection message, generates mapping table Entry, hexa-atomic group of rule table clause are simultaneously added to first device by arranging proprietary protocol.
6. analysis and processing method according to claim 5, it is characterised in that: find that default VPN and fine VPN mapping is closed System,
If if not configuring when flow does not match any accurate VPN corresponding relationship or any accurate VPN corresponding relationship When then acquire default No. VPN.
7. analysis and processing method according to claim 6, it is characterised in that: fine VPN mapping relations are specific for tracking VPN user, configuration VPN and the mapping relations of vlan, mpls, dlic, as needed selection vlan, mpls, dlic three it One or three combination.
8. a kind of network flow processing method of analysis process system according to claim 1, which is characterized in that including following Step:
Step 101, flow enters first device from port;
Step 102, vlan, mpls, frame relay packet parsing are carried out;
Step 103, judge whether VPN flow processing function is opened, carry out step 104 processing if opened, otherwise carry out at 105 Reason;
Step 104, if it is vlan message, then No. vlan lookup VPN relation mapping table is extracted;If it is mpls message, then mention Label value is taken to search VPN relation mapping table;If it is POS frame relay message, then extracts dlci value lookup VPN relationship and reflect Firing table;
Step 105, transparent transmission processing is carried out to message;
Step 106, judge whether to match VPN relation mapping table, if matching carries out step 107 processing, otherwise carry out step 108 Processing;
Step 107, No. VPN for pressing table clause in hit VPN relation mapping table is counted;
Step 108, default No. VPN of configuration is pressed to be counted;
Step 109, hexa-atomic group of key is constructed with protocol number, source IP, destination IP, source port, destination port in No. VPN and original flow Value;
Step 110, it searches hexa-atomic group of rule list and judges whether to hit, if hit carries out step 111 processing, otherwise walked Rapid 105 processing;
Step 111, it is handled by hexa-atomic group of rule action, is acted if it is blacklist, then discard processing is carried out to flow; It is acted if it is white list, then transparent transmission processing is carried out to flow;It is acted if it is redirection, then flow is sent to virtual private Network flow depth analysis resume module;
Step 112, judge whether two laminar flow amount injection way, if it is two laminar flow amount injection way, then carry out step 113 place Reason;If it is three laminar flow amount injection way, then step 114 processing is carried out;
Step 113, increase 802.1Q field carrying VPN information in two floor encapsulation redirection message and be supplied to Virtual Private Network The analysis of flux deepness analysis module;
Step 114, VPN information is carried by the head vxlan in three floor encapsulation redirection message and is supplied to Virtual Private Network The analysis of flux deepness analysis module;
Step 115, the Virtual Private Network flux deepness analysis module of secondary server is according to No. VPN progress in redirection message Analysis processing generates mapping table entry, hexa-atomic group of rule table clause by arranging proprietary protocol and is added to first device.
CN201810323970.3A 2018-04-12 2018-04-12 To the analysis process system and processing method of a variety of Virtual Private Network flows Active CN108540348B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810323970.3A CN108540348B (en) 2018-04-12 2018-04-12 To the analysis process system and processing method of a variety of Virtual Private Network flows

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810323970.3A CN108540348B (en) 2018-04-12 2018-04-12 To the analysis process system and processing method of a variety of Virtual Private Network flows

Publications (2)

Publication Number Publication Date
CN108540348A CN108540348A (en) 2018-09-14
CN108540348B true CN108540348B (en) 2019-06-14

Family

ID=63480893

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810323970.3A Active CN108540348B (en) 2018-04-12 2018-04-12 To the analysis process system and processing method of a variety of Virtual Private Network flows

Country Status (1)

Country Link
CN (1) CN108540348B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102281156A (en) * 2011-08-03 2011-12-14 中国人民解放军91655部队 Emergency control method and system thereof for hierarchical network management system
CN104426763A (en) * 2013-08-21 2015-03-18 中兴通讯股份有限公司 Channel switching method and apparatus, and switch
CN104579810A (en) * 2013-10-23 2015-04-29 中兴通讯股份有限公司 Flow sampling method and system for software-defined network
CN107026791A (en) * 2016-01-29 2017-08-08 华为技术有限公司 VPN vpn service optimization method and equipment

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8811409B2 (en) * 2012-06-04 2014-08-19 Telefonaktiebolaget L M Ericsson (Publ) Routing VLAN tagged packets to far end addresses of virtual forwarding instances using separate administrations

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102281156A (en) * 2011-08-03 2011-12-14 中国人民解放军91655部队 Emergency control method and system thereof for hierarchical network management system
CN104426763A (en) * 2013-08-21 2015-03-18 中兴通讯股份有限公司 Channel switching method and apparatus, and switch
CN104579810A (en) * 2013-10-23 2015-04-29 中兴通讯股份有限公司 Flow sampling method and system for software-defined network
CN107026791A (en) * 2016-01-29 2017-08-08 华为技术有限公司 VPN vpn service optimization method and equipment

Also Published As

Publication number Publication date
CN108540348A (en) 2018-09-14

Similar Documents

Publication Publication Date Title
CN106961445B (en) Packet parsing device based on FPGA hardware parallel pipeline
US10728176B2 (en) Ruled-based network traffic interception and distribution scheme
US9407450B2 (en) Method and apparatus for providing tenant information for network flows
CN104158745B (en) A kind of method and system for realizing data packet forwarding
CN102315974B (en) Stratification characteristic analysis-based method and apparatus thereof for on-line identification for TCP, UDP flows
CN108289104A (en) A kind of industry SDN network ddos attack detection with alleviate method
CN106341418B (en) The detection of DNS distributed reflection type Denial of Service attack, defence method and system
WO2015078233A1 (en) Method for processing downlink signalling of sdn virtualization platform based on openflow
CN105812340B (en) A kind of method and apparatus of virtual network access outer net
CN108566342A (en) Multi-service flow separate system based on SDN frameworks and streamed data processing method
CN108270699B (en) Message processing method, shunt switch and aggregation network
CN105897493B (en) A kind of detection method of SDN rule conflicts
CN105847157B (en) Communication means end to end between mark network based on SDN
WO2020228398A1 (en) Message detection method, device and system
CN103200133A (en) Flow identification method based on network flow gravitation cluster
CN106375223B (en) A kind of data forwarding system and method based on SDN
CN104954367A (en) Internet omnidirectional cross-domain DDoS (distributed denial of service) attack defense method
JP2019517217A5 (en)
CN103475559B (en) Method and system for processing and transmitting message according to contents of message
CN106357534A (en) Network flow monitoring system and method based on SDN
WO2018001242A1 (en) Data-message processing method and apparatus
CN103763198B (en) A kind of data packet classification method
CN104394149B (en) A kind of method of the Complex event processing based on parallel distributed framework
CN104243237A (en) P2P flow detection method and device
CN107276800A (en) A kind of network traffics method for tracing and device for cloud data center

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant