Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A flow diversion method and device

A traffic and equipment technology, applied in the computer field, can solve the problems of expensive bandwidth and limited access bandwidth for defense capabilities, and achieve the effect of improving the defense against DDOS attacks.

Active Publication Date: 2019-09-03
ALIBABA GRP HLDG LTD
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] For the above-mentioned traditional DDOS defense scheme, its defense capability is limited by the entrance bandwidth of a single IDC computer room; further, when the bandwidth is not enough, the solution provided in the prior art is: purchase bandwidth from ISP
And it is well known that the cost of buying bandwidth from ISP is relatively expensive

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A flow diversion method and device
  • A flow diversion method and device
  • A flow diversion method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0023] The following will describe in detail with reference to the embodiments of the present application.

[0024] Black hole processing refers to a method of discarding all traffic sent to the destination IP in the target IDC system, which is mostly seen on the ISP side device.

[0025] The specific black hole processing process, such as figure 2 Shown: When the destination IP 2.1.0.1 in the target IDC system A suffers 100Gbit DDOS attack traffic, and the size of the DDOS attack traffic exceeds the ingress bandwidth of the target IDC system A, in the actual application scenario, the IDC The ingress bandwidth of the system is generally 20Gbit; according to the traditional DDOS defense scheme, in order to protect other IPs (such as IP 2.2.0.1, IP 2.3.0.1, etc.) in the target IDC system A from being affected, the destination IP 2.1.0.1 Inform the upstream ISP side of the target IDC system A to directly perform black hole processing; in this way, although the traffic sent to t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention discloses a traffic diversion method and equipment, and is applied to a network comprising multiple IDC systems. The multiple IDC systems comprise one specific target IDC system and at least one IDC system which can be used for diversion. The method comprises the steps that when the value of traffic transmitted to the target IP in the target IDC system is greater than the value of the entrance bandwidth of the target IDC system, the traffic transmitted to the target IP in the target IDC system is diverted to at least one IDC system which can be used for diversion according to the bandwidth priority principle, the fair diversion principle and the quality priority principle so that the at least one IDC system which can be used for diversion is enabled to clean the traffic which is diverted to itself and transmitted to the target IP in the target IDC system and reinject the cleaned traffic back to the target IDC system after completion of cleaning. According to the method, the technical effect of enhancing the distributed denial of service DDOS capacity of the IDC systems can be realized.

Description

technical field [0001] The present application relates to the field of computer technology, in particular to a method and device for diverting traffic. Background technique [0002] How to improve the overall defense against DDOS (Distributed Denial of service) attack capabilities of the IDC (Internet Data Center) computer room and save the bandwidth resources of the computer room has become one of the research focuses in the field of computer technology; in the traditional distributed denial of service attack DDOS defense In the scheme, the IDC computer room is used as the unit, and its basic model is as follows figure 1 As shown, the IDC computer room includes the following equipment: computer room network equipment, computer room attack protection (cleaning) equipment, computer room attack detection equipment, and Internet Service Provider (ISP) routers; [0003] Specifically, when traffic enters the corresponding IDC computer room, the network equipment in the IDC compu...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
Inventor 屠一凡
Owner ALIBABA GRP HLDG LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products