CN109347701A - Realize the system and method that Network Isolation properties of product are carried out with testing and control - Google Patents
Realize the system and method that Network Isolation properties of product are carried out with testing and control Download PDFInfo
- Publication number
- CN109347701A CN109347701A CN201811331953.0A CN201811331953A CN109347701A CN 109347701 A CN109347701 A CN 109347701A CN 201811331953 A CN201811331953 A CN 201811331953A CN 109347701 A CN109347701 A CN 109347701A
- Authority
- CN
- China
- Prior art keywords
- physics
- machine
- product
- interchanger
- security domain
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000012360 testing method Methods 0.000 title claims abstract description 137
- 238000002955 isolation Methods 0.000 title claims abstract description 61
- 238000000034 method Methods 0.000 title claims abstract description 26
- 238000012545 processing Methods 0.000 claims description 4
- 230000003111 delayed effect Effects 0.000 claims description 3
- 238000012544 monitoring process Methods 0.000 abstract description 5
- 238000010998 test method Methods 0.000 description 6
- 238000009434 installation Methods 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000011056 performance test Methods 0.000 description 3
- 230000004075 alteration Effects 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000000528 statistical test Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0852—Delays
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0876—Network utilisation, e.g. volume of load or congestion level
- H04L43/0888—Throughput
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/50—Testing arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Environmental & Geological Engineering (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention relates to a kind of systems realized and carry out testing and control to Network Isolation properties of product, including physics PC machine group, for sending, receiving and capturing test packet;Interchanger is connected with the physics PC machine group, is used for transmitted test message, and monitoring and mirror image can be carried out to test packet;Tested network isolated product is connected with the interchanger, and the test packet for sending to the interchanger returns to the interchanger.The invention further relates to a kind of methods realized based on the system and carry out testing and control to Network Isolation properties of product.Using the realization Network Isolation properties of product are carried out with the system and method for testing and control, by disposing test program in physics PC machine, tested network isolated product is forwarded to by interchanger, the handling capacity and system delay that Network Isolation product has been tested out using statistics and the method calculated, solve the test problem of Network Isolation properties of product.
Description
Technical field
The present invention relates to field of communication technology more particularly to properties of product the field of test technology, in particular to a kind of realizations
Network Isolation properties of product are carried out with the system and method for testing and control.
Background technique
United information portion of national Internet information office, the Ministry of Public Security, Certification And Aecreditation Administration of The People's Republic of China etc.
Department has issued the catalogue of a collection of network key equipment and network security special product, equipment and product in catalogue in 2017
Requirement according to national standards is needed to carry out forcible authentication and detection.Network security product-security isolation and information exchange product
(Network Isolation product) appears within the catalogue of this announcement, and gives Network Isolation product in catalogue and enter network peace
The condition that full special product needs to have.Explicitly Network Isolation properties of product are required in condition, i.e., handling capacity >=
1Gbps, system delay≤5ms.
For in Network Isolation product test, test instrumentation is can be used to tested network in increased performance test requirement
Isolated product carries out the test of handling capacity and system delay, but test instrumentation is expensive, is not easy to obtain, and test instrumentation branch
The protocol type held is limited, and the update cycle is long.For some such as applied to the Network Isolation product of industry control industry, test instrumentation
The test packet of product support can not be issued.The present invention uses PC machine and interchanger test system building, and phase is disposed in PC machine
The test packet that test program generates is sent to tested network isolated product by the test program answered, after test product is handled,
Test packet is returned into test PC machine, by PC machine reception, record and statistical test message, to calculate tested network isolation
The handling capacity and system delay of product, solve the problems, such as the performance test of Network Isolation product.
Summary of the invention
The purpose of the present invention is overcoming the above-mentioned prior art, provide it is a kind of meet high-performance test request,
Realization easy to operate, the scope of application is relatively broad carries out the system and method for testing and control to Network Isolation properties of product.
To achieve the goals above, realization of the invention carries out system and the side of testing and control to Network Isolation properties of product
Method is as follows:
The system that the realization carries out testing and control to Network Isolation properties of product, is mainly characterized by, the system packet
It includes:
Physics PC machine group, for sending, receiving and capturing test packet;
Interchanger is connected with the physics PC machine group, is used for transmitted test message, and can carry out to test packet
Monitoring and mirror image;
Tested network isolated product is connected with the interchanger, and the test packet for sending to the interchanger returns
Back to the interchanger;
Preferably, the physics PC machine group includes:
First physics PC machine, is connected with the interchanger, sends program for configuration data message, and send data
The bandwidth of message;
Second physics PC machine, is connected with the interchanger, receives program for configuration data message, and to receiving
Data message carry out bandwidth statistics;
Third physics PC machine, is connected with the interchanger, is used for configuration data message capturing and logging program, and right
The data message captured is analyzed and is saved.
Preferably, the interchanger includes 5 physical interfaces, wherein 2 physical interfaces and the tested network every
Be connected from product, remaining 3 physical interface respectively with the first physics PC machine, the second physics PC machine and third physics PC machine phase
Connection.
Preferably, the tested network isolated product include the first security domain and the second security domain, respectively with it is described
Interchanger is connected, for will return it to the second physics PC after the data message processing of the first physics PC machine sending
Machine.
Preferably, the physical interface being connected with the third physics PC machine receives the tested network isolated product
Data message Mirror Info.
This is realized based on above system to the method for Network Isolation properties of product test function, is mainly characterized by, described
Method the following steps are included:
(1) message of the first physics PC machine described in sends program and sends test packet to first security domain;
(2) the first security domain described in receives the test packet that the first physics PC machine is sent, and handles and is sent to
Second security domain;
(3) by treated, test packet is sent to the second physics PC machine to the second security domain described in;
(4) interchanger described in is by the data of the data message for being sent to the first security domain and the second security domain received
Message is monitored, and mirror image to the third physics PC machine, then computing system is delayed.
Preferably, the step (1) specifically includes the following steps:
(1.1) test packet is sent to the interchanger connecting with its network card interface by the first physics PC machine described in
Physical interface on;
(1.2) interchanger described according to the destination address or Routing Protocol of test packet, by test packet by with institute
The connected physical interface of the first security domain stated is sent to tested network isolated product.
Preferably, the step (2) specifically includes the following steps:
(2.1) the internal data message forwarding strategy of the configuration tested network isolated product;
(2.2) data message forwarding for receiving the first security domain is to the second security domain, and is not provided with any data
The bandwidth threshold of message forwarding.
Preferably, the step (3) specifically includes the following steps:
(3.1) physical interface that the interchanger described in is connected with the second security domain receives the Network Isolation product treatment
The test packet issued afterwards;
(3.2) test packet is forwarded to and the second physics PC by the interchanger described according to the destination address of test packet
The connected physical interface of machine.
Preferably, the step (4) specifically includes the following steps:
(4.1) the second physics PC machine described in carries out bandwidth statistics after receiving test packet, and calculate tested network every
Handling capacity from product;
(4.2) the third physics PC machine described in is captured and recorded after receiving test packet, and is calculated same
Or the data message with identical data packet header enters the first security domain and leaves the time difference of the second security domain.
The system and method that using realization of the invention Network Isolation properties of product are carried out with testing and control, by object
Test program is disposed in reason PC machine, tested network isolated product is forwarded to by interchanger, is tested using statistics and the method calculated
The handling capacity and system delay for having gone out Network Isolation product, solve the test problem of Network Isolation properties of product.
Detailed description of the invention
Fig. 1 is the connection topological structure for the system that realization of the invention carries out testing and control to Network Isolation properties of product
Figure.
Fig. 2 is the flow chart of realization of the invention to the method for Network Isolation properties of product test function.
Specific embodiment
It is further to carry out combined with specific embodiments below in order to more clearly describe technology contents of the invention
Description.
The system that the realization carries out testing and control to Network Isolation properties of product, wherein the system includes:
Physics PC machine group, for sending, receiving and capturing test packet;
Interchanger is connected with the physics PC machine group, is used for transmitted test message, and can carry out to test packet
Monitoring and mirror image;
Tested network isolated product is connected with the interchanger, and the test packet for sending to the interchanger returns
Back to the interchanger;
As the preferred embodiment of the present invention, the physics PC machine group includes:
First physics PC machine, is connected with the interchanger, sends program for configuration data message, and send data
The bandwidth of message;
Second physics PC machine, is connected with the interchanger, receives program for configuration data message, and to receiving
Data message carry out bandwidth statistics;
Third physics PC machine, is connected with the interchanger, is used for configuration data message capturing and logging program, and right
The data message captured is analyzed and is saved.
Wherein, the interchanger includes 5 physical interfaces, wherein 2 physical interfaces are isolated with the tested network
Product is connected, remaining 3 physical interface is connected with the first physics PC machine, the second physics PC machine and third physics PC machine respectively
It connects.
As the preferred embodiment of the present invention, the tested network isolated product includes the first security domain and the second peace
Universe is connected with the interchanger respectively, will after the data message processing for issuing the first physics PC machine
It is back to the second physics PC machine.
As the preferred embodiment of the present invention, described in the physical interface that is connected with the third physics PC machine receives
Tested network isolated product data message Mirror Info.
This realizes the method to Network Isolation properties of product test function based on above system, including following steps:
(1) message of the first physics PC machine described in sends program and sends test packet to first security domain;
(1.1) test packet is sent to the interchanger connecting with its network card interface by the first physics PC machine described in
Physical interface on;
(1.2) interchanger described according to the destination address or Routing Protocol of test packet, by test packet by with institute
The connected physical interface of the first security domain stated is sent to tested network isolated product;
(2) the first security domain described in receives the test packet that the first physics PC machine is sent, and handles and is sent to
Second security domain;
(2.1) the internal data message forwarding strategy of the configuration tested network isolated product;
(2.2) data message forwarding for receiving the first security domain is to the second security domain, and is not provided with any data
The bandwidth threshold of message forwarding;
(3) by treated, test packet is sent to the second physics PC machine to the second security domain described in;
(3.1) physical interface that the interchanger described in is connected with the second security domain receives the Network Isolation product treatment
The test packet issued afterwards;
(3.2) test packet is forwarded to and the second physics PC by the interchanger described according to the destination address of test packet
The connected physical interface of machine;
(4) interchanger described in is by the data of the data message for being sent to the first security domain and the second security domain received
Message is monitored, and mirror image to the third physics PC machine, then computing system is delayed;
(4.1) the second physics PC machine described in carries out bandwidth statistics after receiving test packet, and calculate tested network every
Handling capacity from product;
(4.2) the third physics PC machine described in is captured and recorded after receiving test packet, and is calculated same
Or the data message with identical data packet header enters the first security domain and leaves the time difference of the second security domain.
In a specific embodiment of the invention, physics PC machine, for sending, receiving and capturing test packet, and can be right
The statistics and calculating of test packet progress bandwidth and system delay;Interchanger is connected with physics PC machine, is used for transmitted test report
Text, and monitoring and mirror image can be carried out to test packet;Tested network isolated product, is connected with interchanger, sends to interchanger
The test packet come carries out returning to interchanger according to the forwarding of strategy.
Physics PC machine, interchanger and tested network isolated product constitute the test system of a kind of pair of Network Isolation properties of product
System.
The test macro of a kind of pair of Network Isolation properties of product of the realization, physics PC machine include:
First physics PC machine is provided with data message and sends program, the settable bandwidth to send datagram, and its network interface card
Bandwidth be not less than tested network isolated product bandwidth;
Second physics PC machine is provided with data message and receives program, can carry out bandwidth system according to the data message received
Meter;
Third physics PC machine, is provided with Datagram Capturing and logging program, can carry out to the data message captured
Analysis;
Realize the test macro of a kind of pair of Network Isolation properties of product further include:
Interchanger include five physical interfaces, respectively with the first physics PC machine, the second physics PC machine, third physics PC machine and
Tested network isolated product is connected;Wherein, it is connected with Network Isolation product and needs to use two physical interfaces;
The physical interface for the interchanger being connected with third physics PC machine, the object that mirror image is connected with tested network isolated product
Manage the flow of interface;
Tested network isolated product, two security domain are connected with interchanger respectively, the data that the first physics PC machine issues
For message after two security domain processing of the Network Isolation product, flow is back to the second physics PC machine.
The data message of two physical interfaces of the interchanger being connected with Network Isolation product, is monitored and mirror image is to the
The connected physical interface of three physics PC machine;It is mirrored to the data message for the physical interface being connected with third physics PC machine, by
Three physics PC machine capture and record.
First physics PC machine, by the data message of transmission after interchanger and tested physics isolated product, by the second object
PC machine is managed to receive;
Test macro is sent to the message of the second physics PC machine according to the first physics PC machine, for testing tested network isolation
The handling capacity of product;The capture of third physics PC machine and mirror image are by the data message before and after tested network isolated product, for surveying
Try the system delay of tested network isolated product.
This realizes the test method to Network Isolation properties of product based on above system, wherein the following steps are included:
The message of (1) first physics PC machine configuration sends program, sends to the first security domain of tested network isolated product
Test packet;
(2) the first security domain of tested network isolated product receives the test packet of the first physics PC machine transmission, by place
After reason, it is sent to the second security domain of the Network Isolation product;
(3) the second security domain of tested network isolated product will treated test packet, be sent to the second physics PC machine;
(4) interchanger by the first security domain for being sent to tested network isolated product and receive by Network Isolation product
The data message of second security domain, mirror image to third platform physics PC;
Above-mentioned steps (1) are as shown in S1 in Fig. 2, and above-mentioned steps (2)~(4) are as shown in S2 in Fig. 2.
The step of test method of a kind of pair of Network Isolation properties of product of the realization (1) further include:
Test packet is sent to the physical interface for the interchanger connecting with its network card interface by (1.1) first physics PC machine
On;
(1.2) after interchanger receives test packet, according to the destination address or Routing Protocol of test packet, test is reported
Text is sent to the tested network isolated product by the physical interface that the first security domain with tested network isolated product is connected;
(1.3) interchanger monitors the data message for being sent to the first security domain of tested network isolated product, and
The physical interface that mirror image is extremely connected with third physics PC machine;
The step of test method of a kind of pair of Network Isolation properties of product of the realization (2) further include:
(2.1) network is divided into two security domains, the first peace by the physical structure of itself by tested network isolated product
Universe and the second security domain;
(2.2) the internal data message forwarding strategy of tested network isolated product, the number that the first security domain is received are configured
It is forwarded to the second security domain according to message, and is not provided with the bandwidth threshold of any data message forwarding.
The step of test method of a kind of pair of Network Isolation properties of product of the realization (3) further include:
(3.1) physical interface that interchanger is connected with the second security domain of tested network isolated product, receive the network every
From the test data message issued after product treatment;
(3.2) after interchanger receives test packet, according to the destination address or Routing Protocol of test packet, test is reported
Text is forwarded to the physical interface being connected with the second physics PC machine;
(3.3) interchanger monitors the data message of the second security domain of the tested network isolated product received,
And the physical interface that mirror image is extremely connected with third physics PC machine;
This realizes that as shown in S3 in Fig. 2, method is also to the test method of Network Isolation properties of product based on above system
The following steps are included:
After (1) second physics PC machine receives test packet, by disposing program progress bandwidth statistics on it, and calculate
The handling capacity of tested network isolated product out;
(2) it after third physics PC machine receives the test packet of mirror image, is captured and is remembered by the program for disposing on it
Record, and calculate same or with identical data packet header data message and enter the first safety of tested network isolated product
Domain and the time difference for leaving the second security domain of tested network isolated product, using the time difference as tested network isolated product
System delay.
In a specific embodiment, referring to shown in Fig. 2, the application builds survey using physics PC machine and interchanger
Test ring border disposes test program in physics PC machine, and carries out monitoring and mirror configuration, realization pair to the physical interface of interchanger
The performance of Network Isolation product is tested.It is described herein using three physics PC machine and an interchanger as test environment
System and method can effectively the handling capacity to Network Isolation product and system delay test, without relying on tester
Table, and test result is accurate.The system includes: that three physics PC machine, an interchanger and test program are several.Three physics PC machine
In the first physics PC machine installation test packet send program, the second physics PC machine install test packet receive program, third object
PC machine installation message capturing and logging program are managed, an affiliated interchanger configures two monitor ports and a mirror port.
In a specific embodiment, the test method for realizing a kind of pair of Network Isolation properties of product of the invention includes:
(1) physics PC machine needs three altogether, and First is used for the transmission of test packet, and second user's test packet connects
It receives, third platform is captured and recorded for test packet;
(2) interchanger includes 5 physical interfaces, is respectively used to receive test packet, transmitted test message, mirror image test report
Text and reception test packet, wherein the physical interface forwarded needs 2;
(3) being tested isolated product is to be devices under, the equipment 2 physical units inside and outside being physically divided into, 2
The exchange of data is carried out between unit by non-TCP/IP network protocol;
In a specific embodiment, the concrete configuration step of three physics PC machine of the invention includes:
(1.1) first physics PC machine M101 installation configuration test packet sends program, such as iperf, outside by network interface card
Portion sends test packet;
(1.2) second physics PC machine M102 installation configuration test packet receives program, such as iperf, is received by network interface card
External test packet, with the M100 handling capacity of statistics network isolated product;
(1.3) handling capacity of network interface card should be greater than the nominal value of the handling capacity of tested network isolated product, to guarantee
Issue the test packet of enough bandwidth.
(1.4) third physics PC machine M103 installation captures and records the program of the test packet of interchanger mirror port, such as
Wireshark etc. passes through the system delay before and after tested network isolated product with analytical calculation test packet.
In a specific embodiment, the concrete configuration step of the interchanger in the present invention includes:
(2.1) interchanger M104 receives the test packet that the first physics PC machine issues, according to the purpose IP address of datagram
Or Routing Protocol, test packet is forwarded to the first security domain of tested network isolated product;
(2.2) interchanger should also be when by data message forwarding to tested network isolated product, extremely by data message mirror image
Mirror image physical interface.
(2.3) in test process using to the handling capacity of physical interface of interchanger should be greater than tested network isolated product
Handling capacity, to avoid formed bandwidth bottleneck.
In a specific embodiment, the concrete configuration step of the tested network isolated product in the present invention includes:
(3.1) network is divided into two security domains, the first peace by the physical structure of itself by tested network isolated product
Universe and the second security domain;
(3.2) the internal data message forwarding strategy of tested network isolated product, the number that the first security domain is received are configured
It is forwarded to the second security domain according to message, and is not provided with any data message forwarding limitation.
The system and method that using the realization Network Isolation properties of product are carried out with testing and control, by physics PC machine
Upper deployment test program is forwarded to tested network isolated product by interchanger, has tested out net using statistics and the method calculated
The handling capacity and system delay of network isolated product, solve the test problem of Network Isolation properties of product.
In this description, the present invention is described with reference to its specific embodiment.But it is clear that can still make
Various modifications and alterations are without departing from the spirit and scope of the invention.Therefore, the description and the appended drawings should be considered as illustrative
And not restrictive.
Claims (10)
1. a kind of realize the system for carrying out testing and control to Network Isolation properties of product, which is characterized in that the system includes:
Physics PC machine group, for sending, receiving and capturing test packet;
Interchanger is connected with the physics PC machine group, is used for transmitted test message, and can monitor test packet
And mirror image;
Tested network isolated product is connected with the interchanger, and the test packet for sending to the interchanger returns to
The interchanger.
2. according to claim 1 realize the system for carrying out testing and control to Network Isolation properties of product, which is characterized in that
The physics PC machine group includes:
First physics PC machine, is connected with the interchanger, sends program for configuration data message, and send datagram
Bandwidth;
Second physics PC machine, is connected with the interchanger, receives program for configuration data message, and to the number received
Bandwidth statistics are carried out according to message;
Third physics PC machine, is connected with the interchanger, is used for configuration data message capturing and logging program, and to capture
To data message analyzed and saved.
3. according to claim 2 realize the system for carrying out testing and control to Network Isolation properties of product, which is characterized in that
The interchanger includes 5 physical interfaces, wherein 2 physical interfaces are connected with the tested network isolated product,
3 remaining physical interfaces are connected with the first physics PC machine, the second physics PC machine and third physics PC machine respectively.
4. according to claim 2 realize the system for carrying out testing and control to Network Isolation properties of product, which is characterized in that
The tested network isolated product includes the first security domain and the second security domain, is connected respectively with the interchanger, is used
The second physics PC machine is returned it to after by the data message processing of the first physics PC machine sending.
5. according to claim 3 realize the system for carrying out testing and control to Network Isolation properties of product, which is characterized in that
The physical interface being connected with the third physics PC machine receives the mirror of the data message of the tested network isolated product
As information.
6. a kind of realize the method for carrying out testing and control to Network Isolation properties of product, institute based on system described in claim 1
The physics PC machine group stated includes the first physics PC machine, the second physics PC machine and third physics PC machine, the tested network isolation
Product includes the first security domain and the second security domain, which is characterized in that the method the following steps are included:
(1) message of the first physics PC machine described in sends program and sends test packet to first security domain;
(2) the first security domain described in receives the test packet that the first physics PC machine is sent, and handles and is sent to second
Security domain;
(3) by treated, test packet is sent to the second physics PC machine to the second security domain described in;
(4) interchanger described in is by the data message of the data message for being sent to the first security domain and the second security domain received
It is monitored, and mirror image to the third physics PC machine, then computing system is delayed.
7. according to claim 6 realize the method for carrying out testing and control to Network Isolation properties of product, which is characterized in that
The step (1) specifically includes the following steps:
(1.1) test packet is sent to the object for the interchanger connecting with its network card interface by the first physics PC machine described in
It manages on interface;
(1.2) interchanger described according to the destination address or Routing Protocol of test packet, by test packet by with it is described
The connected physical interface of first security domain is sent to tested network isolated product.
8. according to claim 6 realize the method for carrying out testing and control to Network Isolation properties of product, which is characterized in that
The step (2) specifically includes the following steps:
(2.1) the internal data message forwarding strategy of the configuration tested network isolated product;
(2.2) data message forwarding for receiving the first security domain is to the second security domain, and is not provided with any data message
The bandwidth threshold of forwarding.
9. according to claim 6 realize the method for carrying out testing and control to Network Isolation properties of product, which is characterized in that
The step (3) specifically includes the following steps:
(3.1) physical interface that the interchanger described in is connected with the second security domain is sent out after receiving the Network Isolation product treatment
Test packet out;
(3.2) test packet is forwarded to and the second physics PC machine phase by the interchanger described according to the destination address of test packet
Physical interface even.
10. according to claim 6 realize that the method for carrying out testing and control to Network Isolation properties of product, feature exist
In, the step (4) specifically includes the following steps:
(4.1) the second physics PC machine described in carries out bandwidth statistics after receiving test packet, and calculates tested network isolation and produce
The handling capacity of product;
(4.2) the third physics PC machine described in is captured and recorded after receiving test packet, and calculate it is same or
Data message with identical data packet header enters the first security domain and leaves the time difference of the second security domain.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811331953.0A CN109347701B (en) | 2018-11-09 | 2018-11-09 | System and method for realizing test control on performance of network isolation product |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811331953.0A CN109347701B (en) | 2018-11-09 | 2018-11-09 | System and method for realizing test control on performance of network isolation product |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109347701A true CN109347701A (en) | 2019-02-15 |
| CN109347701B CN109347701B (en) | 2024-05-17 |
Family
ID=65312713
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811331953.0A Active CN109347701B (en) | 2018-11-09 | 2018-11-09 | System and method for realizing test control on performance of network isolation product |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109347701B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112383444A (en) * | 2020-10-21 | 2021-02-19 | 北京威努特技术有限公司 | Industrial control network equipment performance testing device and method |
Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6240533B1 (en) * | 1999-02-25 | 2001-05-29 | Lodgenet Entertainment Corporation | Method and apparatus for providing uninterrupted communication over a network link |
| US20020093917A1 (en) * | 2001-01-16 | 2002-07-18 | Networks Associates,Inc. D/B/A Network Associates, Inc. | Method and apparatus for passively calculating latency for a network appliance |
| CN201667661U (en) * | 2010-03-19 | 2010-12-08 | 北京星网锐捷网络技术有限公司 | Auxiliary measurement equipment and testing system of PPPOE client router |
| CN102099811A (en) * | 2008-07-21 | 2011-06-15 | 国际商业机器公司 | A method and system for improvements in or relating to off-line virtual environments |
| CN103078765A (en) * | 2012-12-28 | 2013-05-01 | 华为技术有限公司 | Test method and device of network element equipment performance |
| CN103152223A (en) * | 2013-03-15 | 2013-06-12 | 华为技术有限公司 | Network performance monitoring method and device |
| US20150128246A1 (en) * | 2013-11-07 | 2015-05-07 | Attivo Networks Inc. | Methods and apparatus for redirecting attacks on a network |
| CN105376110A (en) * | 2015-10-26 | 2016-03-02 | 上海华讯网络***有限公司 | Network data packet analysis method and system in big data stream technology |
| US20170093677A1 (en) * | 2015-09-25 | 2017-03-30 | Intel Corporation | Method and apparatus to securely measure quality of service end to end in a network |
| US20170141989A1 (en) * | 2015-11-13 | 2017-05-18 | Gigamon Inc. | In-line tool performance monitoring and adaptive packet routing |
| CN107888455A (en) * | 2017-12-04 | 2018-04-06 | 北京星河星云信息技术有限公司 | A kind of data detection method, device and system |
| CN108111482A (en) * | 2017-11-24 | 2018-06-01 | 国网天津市电力公司电力科学研究院 | A kind of intelligent grid industrial control network safety test system and test method |
| CN108206753A (en) * | 2016-12-19 | 2018-06-26 | 华为技术有限公司 | A kind of method, apparatus and system for detecting time delay |
| CN108737207A (en) * | 2017-04-25 | 2018-11-02 | 华为技术有限公司 | Propagation delay time detection method, equipment and system |
| CN208890823U (en) * | 2018-11-09 | 2019-05-21 | 公安部第三研究所 | It supports to realize the device for carrying out Network Isolation properties of product testing and control |
-
2018
- 2018-11-09 CN CN201811331953.0A patent/CN109347701B/en active Active
Patent Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6240533B1 (en) * | 1999-02-25 | 2001-05-29 | Lodgenet Entertainment Corporation | Method and apparatus for providing uninterrupted communication over a network link |
| US20020093917A1 (en) * | 2001-01-16 | 2002-07-18 | Networks Associates,Inc. D/B/A Network Associates, Inc. | Method and apparatus for passively calculating latency for a network appliance |
| CN102099811A (en) * | 2008-07-21 | 2011-06-15 | 国际商业机器公司 | A method and system for improvements in or relating to off-line virtual environments |
| CN201667661U (en) * | 2010-03-19 | 2010-12-08 | 北京星网锐捷网络技术有限公司 | Auxiliary measurement equipment and testing system of PPPOE client router |
| CN103078765A (en) * | 2012-12-28 | 2013-05-01 | 华为技术有限公司 | Test method and device of network element equipment performance |
| CN103152223A (en) * | 2013-03-15 | 2013-06-12 | 华为技术有限公司 | Network performance monitoring method and device |
| US20150128246A1 (en) * | 2013-11-07 | 2015-05-07 | Attivo Networks Inc. | Methods and apparatus for redirecting attacks on a network |
| US20170093677A1 (en) * | 2015-09-25 | 2017-03-30 | Intel Corporation | Method and apparatus to securely measure quality of service end to end in a network |
| CN105376110A (en) * | 2015-10-26 | 2016-03-02 | 上海华讯网络***有限公司 | Network data packet analysis method and system in big data stream technology |
| US20170141989A1 (en) * | 2015-11-13 | 2017-05-18 | Gigamon Inc. | In-line tool performance monitoring and adaptive packet routing |
| CN108206753A (en) * | 2016-12-19 | 2018-06-26 | 华为技术有限公司 | A kind of method, apparatus and system for detecting time delay |
| CN108737207A (en) * | 2017-04-25 | 2018-11-02 | 华为技术有限公司 | Propagation delay time detection method, equipment and system |
| CN108111482A (en) * | 2017-11-24 | 2018-06-01 | 国网天津市电力公司电力科学研究院 | A kind of intelligent grid industrial control network safety test system and test method |
| CN107888455A (en) * | 2017-12-04 | 2018-04-06 | 北京星河星云信息技术有限公司 | A kind of data detection method, device and system |
| CN208890823U (en) * | 2018-11-09 | 2019-05-21 | 公安部第三研究所 | It supports to realize the device for carrying out Network Isolation properties of product testing and control |
Non-Patent Citations (3)
| Title |
|---|
| 吴训吉;韦荻山;: "专用网络安全隔离交换设备设计与测试", 数据通信, no. 06, 28 December 2012 (2012-12-28) * |
| 李旋,吴其聪: "一种数据加密与完整性保护的网闸实现方法", 南通大学学报(自然科学版), no. 2014, pages 18 - 23 * |
| 杨贵;王兆强;王文龙;刘明慧;周旭峰;: "智能变电站过程层交换机关键技术探讨", 电气技术, no. 2012, pages 51 - 55 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112383444A (en) * | 2020-10-21 | 2021-02-19 | 北京威努特技术有限公司 | Industrial control network equipment performance testing device and method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109347701B (en) | 2024-05-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Liang et al. | A denial of service attack method for an iot system | |
| EP2518940B1 (en) | Automatic network topology detection and modeling | |
| CN101567884B (en) | Method for detecting network theft Trojan | |
| CN107566218B (en) | Flow auditing method suitable for cloud environment | |
| Fan et al. | A novel SDN based stealthy TCP connection handover mechanism for hybrid honeypot systems | |
| CN110996285A (en) | College intelligent fire service system based on 6LoWPAN and design method | |
| CN101741628A (en) | Application layer service analysis-based network flow analysis method | |
| Zulkifli et al. | Live Forensics Method for Analysis Denial of Service (DOS) Attack on Routerboard | |
| Yin et al. | Detecting protected layer-3 rogue APs | |
| CN104918042B (en) | A kind of vision signal network harm analogue means, system and method | |
| Evers et al. | Security measurement on a cloud-based cyber-physical system used for intelligent transportation | |
| CN109729059A (en) | Data processing method, device and computer | |
| CN208890823U (en) | It supports to realize the device for carrying out Network Isolation properties of product testing and control | |
| CN109347701A (en) | Realize the system and method that Network Isolation properties of product are carried out with testing and control | |
| CN104601400B (en) | Shunting device performance test methods, test client and test server | |
| Aziz et al. | A distributed infrastructure to analyse SIP attacks in the Internet | |
| CN101883081A (en) | Method for carrying out video stream transmission filtering based on content of network data packet | |
| EP1849261A1 (en) | Method, device and program for detection of address spoofing in a wireless network | |
| CN108184091A (en) | A kind of video monitoring equipment dispositions method and device | |
| CN103078865A (en) | Network server communication model based on transmission control protocol (TCP) | |
| CN114866362B (en) | Campus network addiction prevention method and system | |
| Bravo-Montoya et al. | Development and testing of a real-time lorawan sniffer based on gnu-radio | |
| CN104320634A (en) | Method for rapidly transmitting electric transmission line remote intelligent line patrolling data | |
| CN107786554A (en) | A kind of method and apparatus of automatic detection IPsec agreement man-in-the-middle attacks | |
| James | Network Automation Methodology for Detecting Rogue Switch |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |