CN114884922A - IP conflict detection method, equipment and storage medium in data center - Google Patents
IP conflict detection method, equipment and storage medium in data center Download PDFInfo
- Publication number
- CN114884922A CN114884922A CN202210461300.4A CN202210461300A CN114884922A CN 114884922 A CN114884922 A CN 114884922A CN 202210461300 A CN202210461300 A CN 202210461300A CN 114884922 A CN114884922 A CN 114884922A
- Authority
- CN
- China
- Prior art keywords
- mac address
- message
- data
- computing node
- conflict
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims description 20
- 238000000034 method Methods 0.000 claims abstract description 59
- 238000012544 monitoring process Methods 0.000 claims description 17
- 238000004590 computer program Methods 0.000 claims description 9
- 230000008859 change Effects 0.000 claims description 4
- 230000000873 masking effect Effects 0.000 claims 1
- 230000008569 process Effects 0.000 description 13
- 230000006854 communication Effects 0.000 description 12
- 238000004891 communication Methods 0.000 description 8
- 230000009471 action Effects 0.000 description 4
- 230000008030 elimination Effects 0.000 description 3
- 238000003379 elimination reaction Methods 0.000 description 3
- 238000004422 calculation algorithm Methods 0.000 description 2
- 238000013480 data collection Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 208000033748 Device issues Diseases 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000000737 periodic effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0631—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/10—Mapping addresses of different types
- H04L61/103—Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Small-Scale Networks (AREA)
Abstract
The application relates to the technical field of cloud computing, and discloses a method, equipment and a storage medium for detecting IP conflicts in a data center, wherein the method comprises the following steps: collecting IP addresses and MAC addresses of all computing nodes; the IP address and the MAC address of each computing node are in one-to-one correspondence; forming IP-MAC address pair data of each computing node; synchronizing all collected IP-MAC address pair data to each computing node so that the computing node can judge whether the received message comes from the MAC address in the IP-MAC address pair data; if yes, forwarding the message; if not, judging that the message has IP conflict with the computing node, and shielding the message. Therefore, the message sent by the IP conflict equipment of the third party can be effectively shielded, and the faults of host disconnection, downtime, service interruption and the like caused by the conflict between the IP configured by the equipment of the third party and the IP of the node in the data center are avoided.
Description
Technical Field
The invention relates to the technical field of cloud computing, in particular to a method, equipment and a storage medium for detecting IP (Internet protocol) conflicts in a data center.
Background
With the development of cloud computing technology, more and more virtual machines are running in various cloud platforms. Any management node, computing node, virtual machine and other network equipment of each cloud platform can be accessed through the IP address. But if two devices use one IP address at the same time, an IP collision occurs. If the IP conflict occurs in a computing node of the cloud platform, the management network of the computing node is affected by the IP conflict, and thus, a connection may be dropped to cause a significant impact on the service. If an IP conflict occurs in a virtual machine, the traffic running on that virtual machine is affected. In a more serious case, if the IP conflict occurs in the management node, the entire cloud platform is affected by the IP conflict and becomes uncontrollable. Therefore, in the cloud platform, the IP conflict protection is an important and practical function, and has great significance for improving the running stability of the cloud platform.
Currently, each data center has a plurality of hosts, each host has one or more IP addresses, but each IP address can only appear on one host at the same time; the hosts are linked with each other through network devices such as switches and routers to form a network. Due to more users or configuration errors, the same IP address may be used by different hosts or network devices in the whole network. At this time, if a third device wants to communicate with the IP, the third device may be linked to an unexpected device, or the data being transmitted may be suddenly interrupted, or the network may be disconnected.
Therefore, how to effectively avoid the above situation is a technical problem to be solved by those skilled in the art.
Disclosure of Invention
In view of this, an object of the present invention is to provide a method, a device, and a storage medium for detecting an IP collision in a data center, which can effectively shield a packet sent by an IP collision device of a third party, and avoid a failure caused by an IP collision between an IP configured by the third party device and an IP of a node in the data center. The specific scheme is as follows:
an IP collision detection method in a data center comprises the following steps:
collecting IP addresses and MAC addresses of all computing nodes; the IP address and the MAC address of each computing node are in one-to-one correspondence;
forming IP-MAC address pair data of each computing node;
synchronizing all the collected IP-MAC address pair data to each computing node so that the computing nodes can judge whether the received message comes from the MAC address in the IP-MAC address pair data; if yes, forwarding the message; if not, judging that the message has IP conflict with the computing node, and shielding the message.
Preferably, in the method for detecting an IP collision in a data center provided in the embodiment of the present invention, while shielding the packet, the method further includes:
prompting that IP conflict exists in a user network in a warning mode; the content of the alarm comprises the IP address and the MAC address of the message with the IP conflict, and the MAC address corresponding to the IP address in the data of the IP-MAC address pair.
Preferably, in the method for detecting an IP collision in a data center provided in the embodiment of the present invention, after forming the IP-MAC address pair data of each computing node, the method further includes:
periodically checking whether the IP addresses and the MAC addresses of all the computing nodes are changed or not;
and when the IP address or the MAC address of the computing node changes, updating the IP-MAC address pair data corresponding to the computing node.
Preferably, in the method for detecting an IP collision in a data center provided in the embodiment of the present invention, synchronizing all collected IP-MAC address pair data to each computing node, so that the computing node determines whether a received packet is from a MAC address in the IP-MAC address pair data, includes:
synchronizing all the collected IP-MAC address pair data to the local proxy equipment of each computing node so that the local proxy equipment can convert the IP-MAC address pair data into a flow table, and the computing node judges whether the received message comes from the MAC address in the IP-MAC address pair data or not according to the flow table.
Preferably, in the method for detecting an IP collision in a data center provided in the embodiment of the present invention, the determining, by the compute node, whether the received packet is from a MAC address in the IP-MAC address pair data according to the flow table includes:
the local proxy equipment issues the flow table to a virtual switch of the computing node;
and the virtual machine switch matches the flow table with the received message to acquire the type, the IP address and the MAC address of the message, and directly judges whether the acquired corresponding relation between the IP address and the MAC address is in the IP-MAC address pair data or not when the message is in the ARP type.
Preferably, in the method for detecting an IP collision in a data center provided in the embodiment of the present invention, determining that an IP collision exists between the packet and the computing node, and shielding the packet includes:
and sending the message to a message monitoring system so that the message monitoring system can judge whether the message and the computing node have IP conflict, and if so, automatically sending ARP broadcast to cover the message.
Preferably, in the method for detecting an IP collision in a data center provided in the embodiment of the present invention, after automatically sending an ARP broadcast to cover the packet, the method further includes:
and recording the related data of the IP conflict in a cache.
Preferably, in the method for detecting an IP collision in a data center provided in the embodiment of the present invention, after recording relevant data of an IP collision in a cache, the method further includes:
and using a timer and a data comparator to periodically compare data recorded in the cache of the message monitoring system, and sending different alarm information to a user according to data change.
An embodiment of the present invention further provides an electronic device, which includes a processor and a memory, where when the processor executes a computer program stored in the memory, the method for detecting an IP collision in the data center provided in the embodiment of the present invention is implemented.
An embodiment of the present invention further provides a computer-readable storage medium for storing a computer program, where the computer program, when executed by a processor, implements the IP collision detection method in the data center as provided in the embodiment of the present invention.
According to the technical scheme, the IP conflict detection method in the data center comprises the following steps: collecting IP addresses and MAC addresses of all computing nodes; the IP address and the MAC address of each computing node are in one-to-one correspondence; forming IP-MAC address pair data of each computing node; synchronizing all collected IP-MAC address pair data to each computing node so that the computing node can judge whether the received message comes from the MAC address in the IP-MAC address pair data; if yes, forwarding the message; if not, judging that the message has IP conflict with the computing node, and shielding the message.
The method for detecting the IP conflict in the data center provided by the invention has the advantages that the IP and MAC address information of all the computing nodes under the data center is collected, the information is used as the judgment basis for judging whether the message received in the communication process comes from a legal address or not, and is synchronously sent to all the computing nodes, and the computing nodes can effectively shield the message sent by the IP conflict equipment of the third party through the information, so that the faults of host disconnection, downtime, service interruption and the like caused by the conflict between the IP configured by the equipment of the third party and the IP of the nodes in the data center are avoided.
In addition, the invention also provides corresponding equipment and a computer readable storage medium aiming at the IP collision detection method in the data center, so that the method has higher practicability, and the equipment and the computer readable storage medium have corresponding advantages.
Drawings
In order to more clearly illustrate the embodiments of the present invention or technical solutions in related arts, the drawings used in the description of the embodiments or related arts will be briefly introduced below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a flowchart of an IP collision detection method in a data center according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a data center structure according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of internal modules of a compute node according to an embodiment of the present invention;
fig. 4 is a flowchart of a message monitoring system according to an embodiment of the present invention.
Detailed Description
In practical applications, a front problem of communication between two terminals (such as a host or a virtual machine) is that a hardware physical Address (MAC) of an opposite terminal device or a gateway device needs to be known, that is, before a communication message is sent, a MAC Address corresponding to an IP of a device communicating with the terminal device needs to be searched first, and then the message is forwarded through a network card, a network cable, a switch and other devices in a data frame form. These data frame headers are filled with source MAC address and destination MAC address information. In the MAC Address query, a message used is called an Address Resolution Protocol (ARP). The normal ARP message is divided into request message and response message, and in addition, it also has the types of free ARP message. Based on the above and in view of the above problems in the prior art, the present invention provides a method for detecting IP conflicts in a data center, which is capable of avoiding the failures such as dropped hosts, downtime, service interruption, etc. caused by the conflicts between the IP configured by a third-party device and the IP of a node in the data center, by utilizing the property that all communications need to be performed by an ARP message first.
For the convenience of understanding, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention provides an IP conflict detection method in a data center, as shown in figure 1, comprising the following steps:
s1, the management node collects the IP addresses and MAC addresses of all the computing nodes; the IP address and the MAC address of each computing node are in one-to-one correspondence;
it should be noted that the present invention is mainly applied to virtualized or super-converged data centers. Fig. 2 is a scenario of the present invention, each data center includes a management center and a plurality of computing nodes. There may be one or more virtual machines in each compute node. The management node is connected with the computing node through a physical switch. The virtual machines are also connected through the service network, the uplink and the physical switch. In the whole link, if a certain device is connected to a switch or an adjacent switch and the same IP address as a certain computing node or virtual machine is configured, an IP collision occurs. Then the conflicted virtual machine or host becomes unavailable.
Generally, after the management node and the computing node are installed, a host is added to the management node, so that the computing node and the management node are integrated into a whole, namely a data center. Specifically, when step S1 is executed, in the process of adding a host to the management node, the management node may call an interface to perform data collection on each computing node, where the collected main content is an IP address and an MAC address, and it is ensured that the IP address and the MAC address are in one-to-one correspondence.
S2, the management node forms IP-MAC address pair data of each computing node according to the collected IP address and MAC address;
specifically, the data of an IP-MAC address pair formed in step S2 is data in which an IP address and a corresponding MAC address are combined together, and all the data of the IP-MAC address pair serve as a basis for determining whether a message received in a subsequent communication process is a legitimate MAC address. For convenience of description, when the MAC address of the packet is the MAC address in the IP-MAC address pair data, it is defined as legal, whereas when the MAC address of the packet is not the MAC address in the IP-MAC address pair data, it is defined as illegal.
Preferably, the IP-MAC address pair data is recorded in a database of the management node for subsequent use. The database may further include an IP address and a MAC address of the management node itself, and the recording may be specifically performed in the following manner:
the management node A: IP _ A is MAC _ A; and the management node B: IP _ B is MAC _ B;
the other compute nodes X, are also all one-to-one records: and calculating a node X: IP _ X MAC _ X.
The IP-MAC addresses are all in one-to-one correspondence record to data, and the phenomenon that a certain IP address corresponds to a plurality of MAC addresses or MAC address sets is avoided, so that the method can be more accurate in illegal message identification later, and is less in consumed computing resource and higher in efficiency.
S3, the management node synchronizes all collected IP-MAC address pair data to each computing node;
specifically, after data collection is completed, the management node synchronizes the collected data to each computing node, so that the computing node has the capability of identifying whether an MAC address corresponding to a certain IP address is legal or illegal.
S4, the computing node judges whether the received message comes from the MAC address in the IP-MAC address pair data; if yes, forwarding the message; if not, judging that the message has IP conflict with the computing node, and shielding the message.
It is understood that the IP address and the MAC address can be identified as legitimate and can be forwarded directly and normally. Messages other than this MAC address are illegal. In addition, only the ARP message is identified in the whole process of the invention, other types of messages do not need to be identified, and other messages do not need to be further identified.
In the method for detecting IP collision in a data center provided in the embodiments of the present invention, IP and MAC address information of all computing nodes in the data center is collected, and the information is used as a criterion for determining whether a message received in a communication process is from a legal address, and is synchronously sent to all computing nodes.
Further, in a specific implementation, in the method for detecting an IP collision in a data center provided in the embodiment of the present invention, after the step S2 is executed to form IP-MAC address pair data of each computing node, the method may further include: periodically checking whether the IP addresses and the MAC addresses of all the computing nodes are changed or not; and when the IP address or the MAC address of the computing node changes, updating the IP-MAC address pair data corresponding to the computing node.
Specifically, since a user can add or delete a computing node in a data center at any time, or modify an IP address of a computing node, which results in failure of IP-MAC information synchronized to the computing node by a management node, the management node also needs to collect information of the IP address and the MAC address of the computing node added, deleted, or modified by the user, and synchronize to each computing node in time.
The steps are a periodic task, the management node can check whether the collected data changes relative to the data before 5 minutes every 5 minutes, and if the collected data changes, new data are sent to each computing node. That is, in the process of executing the data issue in step S3, the IP-MAC address pair data updated in the above steps need to be synchronously sent to each computing node, so that the computing node has a basis for identifying whether the packet is sent by a legitimate device.
Next, to describe the detection process of the embodiment of the present invention in detail, the internal module of the computing node is explained first. As shown in fig. 3, each compute node has a home agent for receiving the configuration sent from the management node and acting on the configuration on the virtual switch. The compute node also has at least one virtual switch. The virtual switch provides a network for the link management network of the node on one hand and provides a network for the virtual machine of the node on the other hand. Any message entering the host needs to be forwarded through the virtual switch. The invention utilizes the characteristic to identify the incoming and outgoing messages and actively discover illegal ARP messages.
In a specific implementation, in the method for detecting an IP collision in a data center provided in the embodiment of the present invention, steps S3 and S4 synchronize all collected IP-MAC address pairs to each computing node, and the computing node determines whether a received packet is from a MAC address in the IP-MAC address pair data, which may specifically include: firstly, synchronizing all collected IP-MAC address pair data to local agent equipment of each computing node; then, the local proxy device converts the IP-MAC address pair data into a flow table, and the computing node judges whether the received message is from the MAC address in the IP-MAC address pair data or not according to the flow table.
It should be noted that, in the cloud platform, no matter the traffic of the management network or the service network, after the data is received through the physical network card, the data flows through the virtual network bridge device. Each virtual bridge device is controlled by a controller operating among the various computing nodes. This controller may translate certain configurations into a flow table. Applying flow tables to these bridges allows filtering, interception or modification, response generation, etc. of packets flowing through the bridge. If the address is legal, the ARP message is forwarded normally to complete the subsequent communication work; if the ARP is illegal, the ARP is discarded to prevent the host from learning the illegal MAC address of the IP address, thereby influencing normal communication. In the present invention, the IP-MAC address pair data received in step S3 is converted into a flow table by the home agent apparatus.
In specific implementation, in the method for detecting an IP collision in a data center provided in the embodiment of the present invention, the step in which the computing node determines, according to the flow table, whether the received packet is from an MAC address in IP-MAC address pair data may specifically include: firstly, the local proxy equipment issues a flow table to a virtual switch of a computing node; and then, the virtual machine switch matches the flow table with the received message to acquire the type, the IP address and the MAC address of the message, and directly judges whether the acquired corresponding relation between the IP address and the MAC address is in the data of the IP-MAC address pair or not when the message is in the ARP type.
Specifically, in the process of issuing the flow table, the proxy device issues the converted flow table to the virtual switch; after the flow tables are downloaded into the virtual switch, when a message enters the host, the flow tables are matched first. In the invention, the flow table rules are mainly divided into two types, wherein the first type is the type, IP address and MAC address of the matched message; when the message is the ARP type, the IP address and the MAC address are IP-MAC address pair data received by the agent, the virtual machine normally forwards the message. The second type is matching ARP message type and IP address, but not matching MAC address, can send the message to the message monitoring system to process; that is, for an ARP message of a certain IP that cannot be matched in the first class, that is, an ARP message sent by other MAC addresses, the ARP message needs to be handed to a message monitoring system for further processing, and the message monitoring mainly analyzes and processes the message; the two rules are applied to the virtual switch, so that all ARP messages entering the host through the virtual switch are legal and do not have IP conflict.
Further, in a specific implementation, in the method for detecting an IP collision in a data center provided in the embodiment of the present invention, step S4 determines that an IP collision exists between a packet and a computing node, and shields the packet, which may specifically include: and sending the message to a message monitoring system so that the message monitoring system can judge whether the message and the computing node have IP conflict, and if so, automatically sending an ARP broadcast coverage message.
It should be understood that, since a device illegally holding an IP generally notifies the MAC address corresponding to the IP in a broadcast manner, although the host or the virtual machine in the system can correctly identify the illegal MAC address to mask the MAC address through the above configuration, it is impossible for other network devices such as the host, the virtual machine or the gateway in the system to distinguish which is the legal MAC address. This may cause another device to connect to the host or the virtual machine incorrectly because the ARP table of the other device records the MAC address of the illegal device. For the situation, the calculation node updates and covers the ARP message according to the monitored information so as to ensure that the recorded MAC addresses in the ARP tables of all network devices in the two-layer network are legal all the time, and the ARP records of other devices in the whole network are automatically and timely refreshed. Specifically, after monitoring that the IP collision exists between the packet and the computing node, the automatic monitoring system can automatically send its correct ARP broadcast to cover the illegal ARP record in this segment, so as to ensure that the communication between the host in the cluster and other network devices outside the cluster is normal.
Further, the above method can ensure that all devices can be correctly accessed, but conflicting devices still exist, and this security risk still needs to be eliminated. Therefore, in the method for detecting an IP collision in a data center according to the embodiment of the present invention, when an illegal ARP packet is detected, while performing step S4 to shield the packet, the method may further include: and prompting the user that the IP conflict exists in the network in the form of an alarm. The content of the alarm may include an IP address and an MAC address of the message where the IP collision exists, and a MAC address corresponding to the IP address in the IP-MAC address pair data; it can also be understood that the content of the alarm includes an IP address, an illegal MAC address, and a legal MAC address of the host or the virtual machine. Therefore, the warning is sent out in time to prompt the user to conflict the MAC of the equipment, so that the conflicting equipment can be fundamentally checked and positioned in time, the reliability of the data center is greatly improved, and faults and the checking cost caused by the faults are avoided.
In specific implementation, in the method for detecting an IP collision in a data center provided in the embodiment of the present invention, after automatically sending an ARP broadcast coverage packet, the method may further include: and recording the related data of the IP conflict in a cache for taking when the alarm message is sent. Then, a timer and a data comparator can be used for regularly comparing the data recorded in the cache of the message monitoring system and sending different alarm information to the user according to the data change.
Fig. 4 shows a flow chart of the operation of the message monitoring system. The main purpose of this procedure is to send IP alerting information to the user. When a conflicting message is sent to the monitoring system, the system starts to acquire information such as an IP address, an MAC address and the like in the message from the message. Firstly, whether the message conflicts with the IP of the host is judged. If not, the message is discarded, and no other action is performed. This is to ensure that all compute nodes cannot send alarm information to the user, but only once by the compute node that is being collided.
If the computing node finds that the IP conflict occurs with the node, on one hand, the information of the conflict is recorded and stored in the cache of the program. There are two types of information in the program's cache, new _ ipmac _ fact and old _ ipmac _ fact:
the received conflict information is stored in new _ ipmac _ fact, as indicated above, 172.16.1.1 that the IP has a conflict, and the MAC address of the conflicting illegal device is: 00:22:44:66:88:11.
172.16.1.2 the IP has conflict, and there are two conflicting illegal device MAC addresses, which are: 22: aa: ee:11:22:33 and 44:99:88:66:55: 44.
In addition to storing data, because the ARP message just received can be masked and not failed for the computing node in the data center, for an external device, such as a gateway, or for a user who wants to connect to the computing node, the MAC address of the computing node corresponding to the IP in the ARP table is already covered by the wrong MAC address. Therefore, in order to update the ARP table already covered by the illegal MAC in the third-party device, a free ARP message needs to be sent, and the free ARP message is used for broadcasting the MAC address of the free ARP message to make other devices in the network know a certain MAC corresponding to the IP of the free ARP message. This ensures that all network devices except the data center have access to the compute nodes properly.
When the conflict is detected for the first time, if the timer is not started yet, the timer needs to be started; the timer may check the data currently in the cache every 10 minutes.
When finding that the new _ ipmac _ fact in the cache has the conflict data recorded therein, the data comparator starts to compare the conflict data with old _ ipmac _ fact data, and sends different alarm information to the user according to the comparison result.
The data comparator has the following three results for the results of the new _ ipmac _ fact and old _ ipmac _ fact comparison: ADD, DELETE, UPDATE. ADD indicates that there is a new IP-MAC address pair added in new _ ipmac _ dit relative to old _ ipmac _ dit. DELETE indicates that some or all IP-MAC address pairs in new _ ipmac _ dit are deleted relative to old _ ipmac _ dit. UPDATE indicates that the MAC address corresponding to one IP of old _ ipmac _ fact and new _ ipmac _ fact has changed. The above comparison result may occur simultaneously, for example, when both ADD and DELETE are found in the result, indicating that there is a new IP-MAC address added to new _ ipmac _ dit and some IP-MAC address deleted from old _ ipmac _ dit.
When DELETE appears and no ADD exists, sending a warning elimination message, and clearing old _ ipmac _ dit; otherwise, when DELETE and/or UPDATE appear, firstly sending a warning elimination message, then sending a new warning message, and replacing old _ ipmac _ dit with new _ ipmac _ dit; otherwise, when ADD appears, sending a new alarm message, and replacing old _ ipmac _ dit with new _ ipmac _ dit; and finally emptying the new _ ipmac _ dit to continuously save new IP conflict information in a new timing period.
If the above-mentioned alarm or alarm removal message is a sent alarm message, the content of the message is the content of new _ ipmac _ fact as described in step 2. The format is as follows:
wherein, ip _ confllict _ msg indicates that the type of the message is an alarm message, and can also be an alarm _ ip _ confllict _ msg, which indicates that the alarm message is eliminated. Followed by the specific IP and MAC addresses that are in conflict. When the type is the alarm message, filling the content of new _ ipmac _ fact; when the type is an alarm message, it is taken out from old _ ipmac _ fact.
If the alarm elimination message is used to eliminate the alarm information sent before, the alarm content is old _ ipmac _ dit. This allows IP address alarms that do not conflict any more within a timing period to be automatically eliminated.
It should be noted that the present invention can shield the illegal message by correctly identifying the MAC address of each host or virtual machine in the data center, so that the MAC table in each host or virtual machine is not covered by the illegal message, and the communication in the cluster is ensured to be normal; meanwhile, when the host detects that the IP address conflicts, correct ARP broadcast is actively sent out so as to ensure that the host in the cluster and other network equipment outside the cluster can normally communicate. Besides ensuring normal communication, the system can also find out warning in time so as to fundamentally ensure that conflicts can be checked in time. In order to complete the process, the invention defines an alarm format, and also uses a timer and a data comparator to periodically compare the data recorded by the cache. And according to the data change, different alarm information is sent to the user.
Correspondingly, the embodiment of the invention also discloses an electronic device, which comprises a processor and a memory; wherein the processor implements the IP collision detection method in the data center disclosed in the foregoing embodiments when executing the computer program stored in the memory.
For more specific processes of the above method, reference may be made to corresponding contents disclosed in the foregoing embodiments, and details are not repeated here.
Further, the present invention also discloses a computer readable storage medium for storing a computer program; the computer program, when executed by a processor, implements the IP collision detection method in a data center disclosed above.
For more specific processes of the above method, reference may be made to corresponding contents disclosed in the foregoing embodiments, and details are not repeated here.
The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other. The device and the storage medium disclosed by the embodiment correspond to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
To sum up, an IP collision detection method in a data center provided by the embodiment of the present invention includes: collecting IP addresses and MAC addresses of all computing nodes; the IP address and the MAC address of each computing node are in one-to-one correspondence; forming IP-MAC address pair data of each computing node; synchronizing all collected IP-MAC address pair data to each computing node so that the computing node can judge whether the received message comes from the MAC address in the IP-MAC address pair data; if yes, forwarding the message; if not, judging that the message has IP conflict with the computing node, and shielding the message. Therefore, IP and MAC address information of all the computing nodes under the data center is collected and is used as a judgment basis for judging whether messages received in the communication process are from legal addresses or not, the messages are synchronously sent to all the computing nodes, and the computing nodes can effectively shield the messages sent by the IP conflict equipment of the third party through the information, so that the faults of host disconnection, downtime, service interruption and the like caused by the conflict between the IP configured by the equipment of the third party and the IP of the nodes in the data center are avoided. In addition, the invention also provides corresponding equipment and a computer readable storage medium aiming at the IP collision detection method in the data center, so that the method has higher practicability, and the equipment and the computer readable storage medium have corresponding advantages.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The IP collision detection method, device and storage medium in the data center provided by the present invention are described in detail above, and specific examples are applied in this document to explain the principle and the implementation of the present invention, and the description of the above embodiments is only used to help understand the method and the core idea of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.
Claims (10)
1. An IP collision detection method in a data center is characterized by comprising the following steps:
collecting IP addresses and MAC addresses of all computing nodes; the IP address and the MAC address of each computing node are in one-to-one correspondence;
forming IP-MAC address pair data of each computing node;
synchronizing all the collected IP-MAC address pair data to each computing node so that the computing nodes can judge whether the received message comes from the MAC address in the IP-MAC address pair data; if yes, forwarding the message; if not, judging that the message has IP conflict with the computing node, and shielding the message.
2. The IP collision detection method in a data center according to claim 1, further comprising, while shielding the packet:
prompting that IP conflict exists in a user network in a warning mode; the content of the alarm comprises the IP address and the MAC address of the message with the IP conflict, and the MAC address corresponding to the IP address in the data of the IP-MAC address pair.
3. The IP collision detection method in a data center according to claim 1, further comprising, after forming the IP-MAC address pair data of each of the computing nodes:
periodically checking whether the IP addresses and the MAC addresses of all the computing nodes are changed or not;
and when the IP address or the MAC address of the computing node changes, updating the IP-MAC address pair data corresponding to the computing node.
4. The method of claim 1, wherein synchronizing all the collected IP-MAC address pair data to each of the computing nodes so that the computing nodes determine whether the received packet is from a MAC address in the IP-MAC address pair data comprises:
synchronizing all the collected IP-MAC address pair data to the local proxy equipment of each computing node so that the local proxy equipment can convert the IP-MAC address pair data into a flow table, and the computing node judges whether the received message comes from the MAC address in the IP-MAC address pair data or not according to the flow table.
5. The method according to claim 4, wherein the step of the compute node determining whether the received packet is from the MAC address in the IP-MAC address pair data according to the flow table includes:
the local proxy equipment issues the flow table to a virtual switch of the computing node;
and the virtual machine switch matches the flow table with the received message to acquire the type, the IP address and the MAC address of the message, and directly judges whether the acquired corresponding relation between the IP address and the MAC address is in the IP-MAC address pair data or not when the message is in the ARP type.
6. The method according to claim 5, wherein determining that the packet and the computing node have an IP collision and masking the packet comprises:
and sending the message to a message monitoring system so that the message monitoring system can judge whether the message and the computing node have IP conflict, and if so, automatically sending ARP broadcast to cover the message.
7. The method of claim 6, further comprising, after automatically sending an ARP broadcast to override the message:
and recording the related data of the IP conflict in a cache.
8. The IP collision detection method in a data center according to claim 7, further comprising, after recording the relevant data of the IP collision in the cache:
and using a timer and a data comparator to periodically compare data recorded in the cache of the message monitoring system, and sending different alarm information to a user according to data change.
9. An electronic device comprising a processor and a memory, wherein the processor implements the IP collision detection method in the data center according to any one of claims 1 to 8 when executing the computer program stored in the memory.
10. A computer-readable storage medium for storing a computer program, wherein the computer program, when executed by a processor, implements the IP collision detection method in a data center according to any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210461300.4A CN114884922A (en) | 2022-04-28 | 2022-04-28 | IP conflict detection method, equipment and storage medium in data center |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210461300.4A CN114884922A (en) | 2022-04-28 | 2022-04-28 | IP conflict detection method, equipment and storage medium in data center |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114884922A true CN114884922A (en) | 2022-08-09 |
Family
ID=82671383
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210461300.4A Pending CN114884922A (en) | 2022-04-28 | 2022-04-28 | IP conflict detection method, equipment and storage medium in data center |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114884922A (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101185292A (en) * | 2005-05-30 | 2008-05-21 | 松下电器产业株式会社 | Communication device provided with arp function |
| US20130166723A1 (en) * | 2011-12-22 | 2013-06-27 | International Business Machines Corporation | Duplicate ip address detection by a dhcp relay agent |
| CN105657081A (en) * | 2016-04-07 | 2016-06-08 | 华为技术有限公司 | DHCP (dynamic host configuration protocol) service providing method, device and system |
| US20160197876A1 (en) * | 2013-09-27 | 2016-07-07 | Alcatel Lucent | Method for centralized address resolution |
| CN107612843A (en) * | 2017-09-27 | 2018-01-19 | 国云科技股份有限公司 | A kind of method for preventing cloud platform IP and MAC from forging |
| CN108833613A (en) * | 2018-09-28 | 2018-11-16 | 郑州云海信息技术有限公司 | A kind of realization method and system of dynamic host configuration protocol |
| CN114221928A (en) * | 2021-11-05 | 2022-03-22 | 济南浪潮数据技术有限公司 | Method, system, device and storage medium for defending IP conflict of management network |
-
2022
- 2022-04-28 CN CN202210461300.4A patent/CN114884922A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101185292A (en) * | 2005-05-30 | 2008-05-21 | 松下电器产业株式会社 | Communication device provided with arp function |
| US20130166723A1 (en) * | 2011-12-22 | 2013-06-27 | International Business Machines Corporation | Duplicate ip address detection by a dhcp relay agent |
| US20160197876A1 (en) * | 2013-09-27 | 2016-07-07 | Alcatel Lucent | Method for centralized address resolution |
| CN105657081A (en) * | 2016-04-07 | 2016-06-08 | 华为技术有限公司 | DHCP (dynamic host configuration protocol) service providing method, device and system |
| CN107612843A (en) * | 2017-09-27 | 2018-01-19 | 国云科技股份有限公司 | A kind of method for preventing cloud platform IP and MAC from forging |
| CN108833613A (en) * | 2018-09-28 | 2018-11-16 | 郑州云海信息技术有限公司 | A kind of realization method and system of dynamic host configuration protocol |
| CN114221928A (en) * | 2021-11-05 | 2022-03-22 | 济南浪潮数据技术有限公司 | Method, system, device and storage medium for defending IP conflict of management network |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR100992968B1 (en) | Network switch and method for protecting ip address conflict thereof | |
| CN1937589B (en) | Routing configuration validation apparatus and methods | |
| CN103442008B (en) | A kind of routing safety detecting system and detection method | |
| CN100586106C (en) | Message processing method, system and equipment | |
| CN101662393B (en) | Inter-domain prefix hijack detection and location method | |
| EP1537701B1 (en) | Root cause correlation in connectionless networks | |
| US10917289B2 (en) | Handling network failures in networks with redundant servers | |
| CN111030873A (en) | Fault diagnosis method and device | |
| CN101267312B (en) | A method for preventing address from confliction detection and cheat in network | |
| CN112469044B (en) | Edge access control method and controller for heterogeneous terminal | |
| KR100779072B1 (en) | ARP poisoning detection apparatus and method | |
| CN101656638B (en) | Inter-domain prefix hijacking detection method for error configuration | |
| CN103634166A (en) | Equipment survival detection method and equipment survival detection device | |
| CN113115314B (en) | Method and device for protecting HSS (home subscriber server) signaling of 4G mobile communication network | |
| CN114143225A (en) | Method and device for dynamically monitoring abnormal active address based on network detection technology | |
| EP2883414B1 (en) | Self organizing network event reporting | |
| CN114884922A (en) | IP conflict detection method, equipment and storage medium in data center | |
| US7245618B2 (en) | Communication device for automatically setting a router configuration and method of controlling the device | |
| CN109617920B (en) | Message processing method and device, router and firewall equipment | |
| CN110048909B (en) | Network operation and maintenance method and device | |
| CN114900377B (en) | Induction data packet-based illegal external connection monitoring method and system | |
| CN113347239B (en) | Communication request processing method, device, system, electronic equipment and storage medium | |
| CN116112229A (en) | Flow cleaning method, system, storage medium and intelligent terminal | |
| CN113961920A (en) | Suspicious process processing method and device, storage medium and electronic equipment | |
| CN109756543B (en) | Decoupling system and method for program association |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |