Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

DDoS traffic re-injection method, SDN controller, and network system

A traffic re-injection and controller technology, applied in the field of communication, can solve the problems of a large amount of resource investment and high operating costs, and achieve the effect of reducing costs

Active Publication Date: 2018-07-06
CHINA UNITED NETWORK COMM GRP CO LTD
View PDF5 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] Embodiments of the present invention provide a DDoS traffic reinjection method, an SDN controller, and a network system, which solve the problem of reinjection of DDoS traffic across metropolitan area network domains in the prior art, requiring a large amount of resource investment and causing operational problems. high cost problem

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • DDoS traffic re-injection method, SDN controller, and network system
  • DDoS traffic re-injection method, SDN controller, and network system
  • DDoS traffic re-injection method, SDN controller, and network system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0040] Embodiment 1. Embodiments of the present invention provide a DDoS traffic reinjection method, such as figure 1 Shown include:

[0041] S101. When receiving an Address Resolution Protocol (English full name: Address Resolution Protocol, ARP for short) message reported by the cleaning device forwarded by the central SDN forwarding device, deliver the first Openflow flow table to the central SDN forwarding device.

[0042] Wherein, the first Openflow flow table is used to instruct the central SDN forwarding device to send a message carrying a virtual physical address (English full name: Medium Access Control, referred to as: MAC) address to the cleaning device; wherein, the message carrying the virtual MAC address is used for Instruct the cleaning device to send the cleaned DDoS traffic to the central SDN forwarding device; the central SDN forwarding device matches the cleaned DDoS traffic with the protocol (English full name: Internet Protocol, referred to as: IP) between...

Embodiment 2

[0050] Embodiment 2. The embodiment of the present invention provides an SDN controller 10, such as image 3 Shown include:

[0051] The data processing module 101 is configured to deliver the first Openflow flow table to the central SDN forwarding device when receiving the ARP message reported by the cleaning device forwarded by the central SDN forwarding device.

[0052] Wherein, the first Openflow flow table is used to instruct the central SDN forwarding device to send a message carrying a virtual MAC address to the cleaning device; wherein, the message carrying a virtual MAC address is used to instruct the cleaning device to send the cleaned DDoS traffic to the central SDN Forwarding device; the central SDN forwarding device performs destination IP matching on the cleaned DDoS traffic; the central SDN forwarding device performs Vxlan encapsulation on the DDoS traffic after destination IP matching according to the first Openflow flow table, generates the first traffic and r...

Embodiment 3

[0076] Embodiment 3. The embodiment of the present invention provides a computer-readable storage medium that stores one or more programs, and the one or more programs include instructions. When the instructions are executed by a computer, the computer executes any of the methods provided in Embodiment 1. Item DDoS traffic re-injection method. For the specific DDoS traffic reinjection method, refer to the relevant description in the first method embodiment, and will not be repeated here.

[0077] The steps of the methods described in conjunction with the disclosure of the present invention may be implemented by means of hardware, or may be implemented by means of a processor executing software instructions. The software instructions can be composed of corresponding software modules, and the software modules can be stored in RAM, flash memory, ROM, erasable programmable read-only memory (easable programmable ROM, EPROM), electrically erasable programmable read-only memory (elec...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention provides a DDoS traffic re-injection method, an SDN controller, and a network system, and relates to the technical field of communication. The problem that a large amount of resources investment is needed to solve the DDoS traffic re-injection across a metropolitan area network, resulting in a relatively high operation cost in the prior art is solved. The method comprises the following steps: when an ARP message reported by a cleaning device forwarded by a central SDN forwarding device is received, issuing a first Openflow flow table to the central SDN forwarding device; and issuing a second Openflow flow table to an edge SDN forwarding device. The embodiment of the invention is applied to DDoS traffic re-injection.

Description

technical field [0001] The present invention relates to the field of communication technology, in particular to a distributed denial of service attack (English full name: Distributed Denial of Service, abbreviated: DDoS) flow reinjection method, software-defined network (English full name: Software Defined Network, abbreviated: SDN) control devices and network systems. Background technique [0002] Traditional near-purpose DDoS protection systems are usually deployed at the egress of the metropolitan area network. Actively monitor DDoS by means of real-time linkage with cleaning equipment to achieve traction of DDoS traffic, and then through the deployment of re-injection technology, the normal business traffic can be completely returned to the access object; this method is applied to a single autonomous system (English full name: Autonomous System, abbreviation: AS) The scene of DDoS traffic cleaning and re-injection in the domain is very mature. However, for the flat car...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L12/741H04L12/715H04L29/12H04L45/74
CPCH04L45/04H04L45/74H04L61/103H04L63/1458
Inventor 彭锐刘子建范永斌何飚莫俊彬徐文顺
Owner CHINA UNITED NETWORK COMM GRP CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products