77 results about "Reverse Address Resolution Protocol" patented technology

A data center network system and a packet forwarding method thereof are provided. The data center network system includes a virtual bridge and an address resolution protocol (ARP) server. The virtual bridge intercepts an ARP request having an identification field and a destination IP address field and adds a corresponding virtual data center identification to the identification field of the ARP request and redirecting the ARP request to the ARP server. Additionally, the ARP server queries a corresponding MAC address according to an IP address recorded in the destination IP address field of the ARP request and the corresponding VDCID recorded in the identification field of the ARP request, and transmits the corresponding MAC address in response to the ARP request. Accordingly, the same private IP address can be reused in the data center network system.

A virtual networking system and method are disclosed. Switched Ethernet local area network semantics are provided over an underlying point to point mesh. Computer processor nodes may directly communicate via virtual interfaces over a switch fabric or they may communicate via an ethernet switch emulation. Address resolution protocol logic helps associate IP addresses with virtual interfaces while allowing computer processors to reply to ARP requests with virtual MAC addresses.

The invention discloses a method for handling an address resolution protocol (ARP) packet, and access equipment and a communication system thereof. The method comprises the following steps: access equipment receives an ARP packet through a lower interface, which carries an active Internet protocol (IP) address, a source media access control (MAC) address, a destination IP address and a destination MAC address; the access equipment judges whether the source IP address is the same as the IP address of gateway equipment configured on the lower interface, and the upper interface of the access equipment is connected with the gateway equipment; if the source IP address is the same as the IP address of gateway equipment, the access equipment discards the ARP packet; and if the source IP address is different from the IP address of gateway equipment, the access equipment forwards the ARP packet according to the destination IP address in the ARP packet. The embodiment of the invention can prevent the ARP packet which is deceived by an illegal host and passes through the gateway equipment of not performing ARP spoofing with respect to the gateway equipment, without imposing heavier load upon the gateway equipment.

An embodiment of the invention provides an address resolution protocol (ARP) message forwarding method, an exchanger and a controller. The ARP message forwarding method includes: a first exchanger receives ARP messages; the first exchanger sends the ARP messages to the controller in the network to lead the controllers to construct response messages containing forwarding port messages according to the ARP messages; the first exchanger receives the response messages sent by the controller; and the first exchanger forwards the response messages to a corresponding port according to the forwarding port messages. The controller provides ARP service for a main machine of the network managed by the controller, and therefore network efficiency can be improved and network bandwidth can be saved.

A system and method for providing a congestion optimized address resolution protocol (ARP) for a wireless ad-hoc network. The system and method enables a node in the wireless ad-hoc network to issue an ARP request without the need to broadcast the request to all of the nodes in the wireless ad-hoc network, to thus minimize radio traffic on the wireless ad-hoc network for handling the ARP request. The node includes an address resolution protocol module which is adapted to generate an ARP request for a media access control (MAC) address corresponding to an Internet protocol (IP) address, and a transceiver which is adapted to transmit the ARP request for delivery to an access point of a network portion, such as a core LAN of the network, without broadcasting the ARP request to a plurality of other nodes in the wireless ad-hoc network. The transceiver can transmit the ARP request to the access point directly or via other nodes in the wireless ad-hoc network.

An IP address duplication detection method using an address resolution protocol is used in a network system in which an IP address duplication diagnosis / detection host and a plurality of check target hosts are connected to a single LAN, all the hosts are respectively assigned MAC addresses as hardware addresses unique to devices without any duplication, and an address resolution protocol aimed at acquiring a MAC address of a remote device from an IP address is installed in each host. In this method, an ARP request packet containing a check target IP address in the same subnet as for the IP address duplication diagnosis / detection host is sent out from the IP address duplication diagnosis / detection host to each of the check target hosts through the LAN. IP address duplication is detected depending on whether an ARP reply packet as a response packet for the ARP request packet is returned from each of the check target hosts to the IP address duplication diagnosis / detection host through the LAN.

The invention provides an address resolution protocol (ARP) reply on-behalf method. The method includes the steps that a VTEP device obtains and stores routing information of a hung host device of the VTEP device and synchronizes the routing information with other VTEP devices; when the VTEP device receives routing information synchronized by other VTEP devices, the routing information is locally stored; when the VTEP device receives an ARP request message sent by the hung host device, ARP reply on-behalf is carried out by using the locally-stored routing information. Based on the same inventive concept, the invention further provides an ARP reply on-behalf device which can improve collection efficiency of ARP reply on-behalf information and improves efficiency of ARP reply on-behalf accordingly.

This invention discloses one wireless local network address analysis agreement broadcasting method and its interface controller, which comprises the following steps: firstly, connecting controller and establishing and maintaining user information with the information for user end IP address and MAC address relationship; when controller achieves certain user address analysis agreement ARP message to extract ARP require message aim IP address; according to maintain user information finding aim IP address and relative MAC address to take place of user with MAC address ARP message.

There are provided a system and method for detecting Address Resolution Protocol (ARP) attacks. The ARP spoofing attack detection system includes: a reception module which receives an ARP packet, and which determines whether the received ARP packet is an unsolicited ARP packet; a transmission module which creates, if the ARP packet is an unsolicited ARP packet, an ARP request packet corresponding to the unsolicited ARP packet, and which broadcasts the ARP request packet; and a detection module which determines, if an ARP response packet corresponding to the ARP request packet is received, whether an input port of the ARP response packet is identical to an input port of the unsolicited ARP packet, and which determines that an ARP spoofing attack has occurred if the input port of the ARP response packet is not identical to the input port of the unsolicited ARP packet.

The invention provides an access authority control method and a wireless access device, wherein, the method comprises the steps of: establishing a corresponding relation between the media access control (MAC) address of an STA and the service set identifier (SSID) accessed into an extended service set (ESS) during the process when a mobile terminal (STA) is assessed into a wireless access device; obtaining the source IP address of an access control request after the wireless assess device receives the access control request of the STA; searching an MAC address corresponding to the source IP address in an address resolution protocol (ARP) table entry in the wireless assess device and an SSID corresponding to the MAC address in the corresponding relation; and judging whether the determined SSID belongs to a preset legal SSID, if so, allowing the access control carried out by the STA, otherwise, rejecting the access control carried out by the STA.

An embodiment of the invention provides a method and a device for determining migration of virtual machines (VM). The method includes transmitting free ARP (address resolution protocol) messages or RARP (reverse address resolution protocol) messages to immigration VTEP [VXLAN (virtual extensible local area network) tunnel endpoint] equipment after the VM are migrated; acquiring MAC (media access control) addresses of the VM by the VTEP equipment, searching ARP Cache tables according to the MAC addresses and acquiring IP (internet protocol) addresses of the VM; constructing ARP unicast requestmessages by the aid of the IP addresses which are used as destination IP addresses, and determining that the VM are migrated if ARP response messages transmitted by the VM for the ARP unicast requestmessages are received by the VTEP equipment. The method and the device in the embodiment of the invention have the advantages that only the MAC addresses of the VM need to be acquired by the immigration equipment after the VM are migrated, and accordingly the fact that the VM are migrated can be determined; immigration of the VM can be sensed by the immigration equipment without constraints of thefree ARP messages transmitted by the virtual machines, and the virtual machine configuration compatibility can be effectively improved.

The method enables prevention of attacks on the network using layer-2 to layer-4 internet protocols. A secure local area network (LAN) is established having a secure peer group (SPG) of member entities with each member entity having its media access control (MAC) address locked to its own identity. A secure server within the LAN is configured as administrative and dynamic host configuration protocol (DHCP) server enabled to issue IP addresses. When using DHCP, address resolution protocol (ARP), and reverse address resolution protocol (RARP), the identity of the requesting entity is verified and entity is confirmed as legitimate. Data sent during transactions is encrypted using the public key of the receiving entity. These steps enable verified and secure establishment of IP to MAC binding during DHCP and ARP, and an enabler for secure connectivity between members of the SPG for eliminating attacks on the secure LAN.

The invention discloses a method for realizing plug and play of network monitoring video, which is simplicity and convenience for operation; a network video recorder (NVR) adopts a plug and play module with a plurality of ports, the main control chip of the module is connected with the plurality of ports through a Switch chip, and each port is corresponding to the video channel for connecting an Internet protocol camera (IPC) one to one; when the IPC is inserted into the port, the NVR obtains the MAC address of the IPC and distributes a new IP address for the IPC through a RARP protocol (Reverse Address Resolution Protocol), and the NVR automatically logins the IPC after the address is distributed; when the IPC is removed from the port, the NVR detects the removing of the IPC and removes the MAC address of the IPC from a port configuration table.

The invention provides a method and device for dynamically migrating VLAN (virtual local area network) configuration. The method comprises the following steps of: storing virtual machine ID and corresponding VLAN configuration information in a network management system in advance; transmitting the VLAN configuration of a virtual machine to an upstream physical switch corresponding to a migrated physical server of the virtual machine when the network management system senses out a network migration event of the virtual machine, wherein the migrated physical server transmits an RARP (reverse address resolution protocol) message so as to update ARP tables of all the upstream physical switches after the migration of the virtual machine is finished; and if the migration event is finished before the network management system finishes transmitting the VLAN configuration, the network management system ages the ARP table on a physical switch by an SNMP (simple network management protocol) or command line so as to update the ARP tables of all the upstream physical switches of the migrated physical server. According to the invention, the VLAN configuration of the virtual machine can be migrated dynamically along with the migration of the virtual machine.

The embodiments of the invention disclose a method and system for inhibiting an address resolution protocol (ARP) message, and a controller. The method comprises the following steps: when a source host needs to communicate with target hosts in different local area networks in the same intercommunication domain in a VxLAN, the source host emitting an ARP request, a VxLAN gateway controller which the source host belongs to forwarding the ARP request, the controller, according to IP addresses of the target hosts in the ARP request, querying whether a pre-learnt address resolution table stores MAC address of the target hosts, and if the MAC address of the target hosts are already stored, the controller responding to the ARP request of the source host; if the MAC addresses of the target hosts are not stored, a controller indication source VxLAN gateway sending the ARP request to other VxLAN gateways in the same intercommunication domain; and other VxLAN gateways, after receiving the ARP request, spreading the ARP request in their own local area networks, and forwarding an ARP response to the source host and reporting the ARP request to the controller. According to the embodiments of the invention, forwarding of ARP broadcast messages on a VxLAN tunnel and in the intercommunication domain can be effectively inhibited, the bandwidth of the VxLAN tunnel is saved, and the ARP query efficiency is improved.

The invention discloses a method for synchronizing address resolution protocol (ARP) tables between master and slave virtual router redundancy protocol (VRRP) devices and a VRRP device. The method comprises the following steps: after ARP tables in three layers of examples or three layers of virtual private networks (L3VPN) corresponding to a VRRP protection group are packaged into a message by the master VRRP device, the message is transmitted to the slave VRRP device; the received message is analyzed by the slave VRRP device, and the carried ARP table is loaded on the ARP table corresponding to the locality. The VRRB device comprises an ARP table message generating module, an ARP table message transmitting module, an ARP table message analyzing module and an ARP table loading module. After adopting the method provided by the invention, the ARP tables between the master and slave VRRP devices are synchronous through the ARP table information message and are supported on the master and slave VRRP devices, and the method has no additional requirement about an access loop device.

The present invention provides a network equipment and its access control methods. Said network equipment comprises an address resolution protocol (ARP) data frame filter module which is used for searching for access control list on the basis of identification information in the address resolution protocol data frames received by the network equipment, and filtrating the address resolution protocol data frames according to the corresponding states of the identification information in the access control list. Said network equipment comprises further an address resolution protocol (ARP) data frame inspection module which is used for inspecting the validity and correctness of the address resolution protocol data frames before the address resolution protocol data frame filter module filtrates the address resolution protocol data frames; and an address resolution protocol (ARP) data frame treatment module which is used for dealing with the address resolution protocol data frames permited by the address resolution protocol (ARP) data frame filter module. The present invention is capable of preventing an illegal equipment attacking viciously network equipments through address resolution protocol data frames, with improved security and reliability.

The invention discloses an address resolution protocol (ARP) table entry synchronization method and a business processing method and equipment. The ARP table entry synchronization method is applied to distributed equipment comprising a master control board and at least two interface boards. The ARP table entry synchronization method comprises the following steps of: receiving an ARP request message asking for inquiring respective media access control (MAC) addresses of the interface boards by the interface boards; then performing ARP table entry learning according to the ARP request message if a receiving interface of the ARP request message is a non-aggregation interface; and performing ARP table entry synchronization according to the type of the receiving interface of the ARP request message. Chip resources of the interface boards are saved, so that the interface boards are capable of learning more ARP table entries, and the message transmitting and processing capacity of the interface boards is improved.

With utilization of the technical scheme of the present invention, forward devices in a software defined network (SDN) report log-on messages sent by virtual machines in the SDN and received by first ports of the forward devices to a controller in the SDN; a first filtering flow table aiming at the first ports and issued by the controller is received, the first filtering flow table comprising IP addresses and MAC addresses of the virtual machines in the log-on messages; and ARP messages, consistent with the IP addresses and the MAC addresses in the first filtering flow table, of the ARP messages received by the first ports are reported to the controller. Therefore, the ARP messages are filtered, illegal ARP messages (attack or fraud ARP messages) are filtered out, the network safety is raised, and the problem that a large amount of illegal ARP messages occupy a lot of bandwidth resources and thus cause a high CPU occupancy rate of the controller is also avoided, thereby raising the ARP message forwarding efficiency of the controller, and reducing hardware resource consumption.

The invention discloses a method and a system for preventing address resolution protocol (ARP) gateway spoofing. The method comprises the following steps that: a convergence-layer switch stores a mapping relationship between the Internet protocol (IP) address and media access control (MAC) address of each layer-three interface, and transmits the mapping relationship to an access-layer switch; the access-layer switch stores the mapping relationship in a mapping table, and enables an ARP monitoring function; and the access-layer switch receives an ARP message, discards the ARP message when the IP address of an ARP message transmission or receiving party is an IP address in the mapping table and the MAC address of the ARP message transmission or receiving party is inconsistent with a corresponding MAC address in the mapping table, and forwards the ARP message when the IP address of the ARP message transmission or receiving party is not the IP address in the mapping table. By the method and the system, the problem of ARP IP gateway spoofing in a network is solved; and the ARP monitoring function is devolved to the access-layer switch, so that the pressure of a central processing unit (CPU) of the convergence-layer switch is greatly alleviated.

Verifying subscriber host connectivity is disclosed. In some embodiments, a unicast address resolution protocol (ARP) request is sent to a subscriber host, and based at least in part on whether a response to the request is received from the subscriber host, it is determined whether the subscriber host remains connected to a network.

The invention discloses a synchronizing method of address resolution protocols and a device. The method comprises that address resolution protocol (ARP) messages which are received by primary devices at a second layer virtual private network (VPN) bridging point and a third layer VPN bridging point are transmitted through a monitoring channel to standby devices at the second layer VPN bridging point and the third layer VPN bridging point which are in a virtual router redundancy protocol (VRRP) standby relationship with primary devices; and the ARP messages are uploaded into local ARPs of standby devices to achieve synchronization of ARPs. According to the synchronizing method of address resolution protocols and the device, the cost for synchronization of ARPs is reduced.

The invention provides address resolution protocol (ARP) message processing method, device and access equipment. The method comprises the following steps of: detecting whether an ARP message conforms to the preset anti-cheating feature entry of the access equipment when the access equipment receives the ARP message transmitted by a terminal through privileged ports, wherein the anti-cheating feature entry comprises the filtration of ARP messages of which the transmit leg IP address is the IP address of any legal terminal of the access equipment and ARP messages of which the transmit leg MAC address is the MAC address of any legal terminal, and the privileged ports comprise ports which do not set up static ARP detection functions; and if the ARP message conforms to the preset anti-cheatingfeature entry, filtering the ARP message. The invention effectively prevents an illegal terminal from carrying out ARP cheat by personating a legal terminal through privileged ports. Besides, the invention can be realized without the participation of gateway equipment and a user's host, thereby ensuring simple network configuration and improving the flexibility, the stability and the safety of network allocation.

A method and system for supporting Wake-on-LAN (WOL) in a team of network interface cards (NICs) in a computing device is disclosed. One embodiment of the present invention sets forth a method, which includes the steps of programming each of the NICs on the team with a team Media Access Control (MAC) address after having backed up the NIC MAC addresses of the NICs but before the computing device enters a low power state, and causing modification of address resolution protocol (ARP) caches associated with a plurality of client devices coupled to the team of NICs to use the team MAC address.

The application relates to a method and a device for preventing address resolution protocol (ARP) attacks, as well as computer equipment and a storage medium, wherein the method comprises the following steps of: acquiring the IP address allocation requests transmitted by each of the terminals of a local area network, and parsing the allocation requests to obtain MAC addresses corresponding to eachof the terminals of the local area network; transmitting the IP addresses to each of the terminals according to the allocation requests, and recording the MAC addresses of each of the terminals and the correspondingly assigned IP addresses to obtain a correspondence relationship table; receiving an ARP query request message carrying the IP address of a target terminal and transmitted by the firstterminal of the local area network, and transmitting the ARP query request message to the local area network broadcast; acquiring an ARP reply message transmitted by a second terminal, and parsing the ARP reply message to obtain the current IP address and current MAC address of the second terminal; matching the current IP address and current MAC address with the IP addresses and corresponding MACaddresses of each of the terminals in the correspondence relationship table, forwarding the ARP reply message to the first terminal if the match is successful, otherwise discarding the ARP reply message. By using the method, ARP attacks can be effectively prevented.

The invention provides a method and a device for realizing address resolution protocol (ARP) interception. The ARP information sharing of a site network can be realized by utilizing any bearing message such as an intermediate system to intermediate system (ISIS) protocol message, so that the number of ARP request messages broadcast in a core network can be effectively suppressed. Moreover, an edge device of each site network can intercept the ARP information of a remote host from the bearing message, and simultaneously learn the media access control (MAC) information of the remote host so as to learn the MAC information of the remote host as early as possible to avoid the condition that the edge device not timely learning the MAC information of the remote host discards an ARP response message returned by the remote host and further avoid the repeated broadcasting of an ARP request message corresponding to the ARP response message which cannot be returned in the core network.

The invention discloses a response method for free ARP (address solution protocol) request and a gateway device for the application of the method. The method comprises the following steps: the gateway device, when receiving the free ARP request with the same IP address as the gateway device, determines whether the source MAC (media access control) address of the free ARP address is a dependable authorized MAC address; and if the source MAC address is the dependable authorized MAC address, the gateway device allows the free ARP request with the same IP address as the gateway device to be transmitted in the internet. By configuring the dependable authorized MAC address on the gateway device, the invention leads the gateway device to carry out corresponding processing when receiving the free ARP request with the same IP address as the gateway device according to whether the source MAC address of the free MAC request is the dependable authorized MAC address. The IP address conflict can be effectively avoided without impact on the monitoring to an illegal network device of a network monitoring device.

The present invention relates to a server cluster-based packet generation method and a load balancer. The method comprises the steps of receiving a request packet of a client, wherein the request packet of the client comprises a source IP address and a destination IP address; determining a destination server according to a preset load balance policy; sending an address resolution protocol (ARP) request packet according to the destination IP address; obtaining an ARP response packet according to the ARP request packet, wherein the ARP response packet comprises an initial media access control (MAC) address of the destination server, and the initial MAC address is different from an actual MAC address of the destination server; and updating the destination IP address according to the initial MAC address, so as to obtain an updated request packet of the client, wherein the updated request packet of the client comprises the source IP address and the updated destination IP address. Through adoption of the server cluster-based packet generation method and the load balancer, the source IP address in the request packet is maintained in the transmission of the packet, and the source IP address of the client is detected in the network layer.