Movatterモバイル変換

[0]ホーム
URL:

CN101030912A - Fast ring network method against attack based on RRPP, apparatus and system - Google Patents

Fast ring network method against attack based on RRPP, apparatus and systemDownload PDF

Info

Publication number
CN101030912A
CN101030912ACNA2007100903681ACN200710090368ACN101030912ACN 101030912 ACN101030912 ACN 101030912ACN A2007100903681 ACNA2007100903681 ACN A2007100903681ACN 200710090368 ACN200710090368 ACN 200710090368ACN 101030912 ACN101030912 ACN 101030912A
Authority
CN
China
Prior art keywords
rrpp
message
authentication
field
value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CNA2007100903681A
Other languages
Chinese (zh)
Other versions
CN100466583C (en
Inventor
顾荣伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Gaohang Intellectual Property Operation Co ltd
Jiangsu Normal University
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co LtdfiledCriticalHuawei Technologies Co Ltd
Priority to CNB2007100903681ApriorityCriticalpatent/CN100466583C/en
Publication of CN101030912ApublicationCriticalpatent/CN101030912A/en
Application grantedgrantedCritical
Publication of CN100466583CpublicationCriticalpatent/CN100466583C/en
Expired - Fee Relatedlegal-statusCriticalCurrent
Anticipated expirationlegal-statusCritical

Links

Images

Classifications

Landscapes

Abstract

Translated fromChinese

本发明提供了一种基于RRPP的快速环网防攻击的方法、装置和系统,属于网络通讯领域。所述方法包括:接收携带有认证信息的RRPP报文;读取RRPP报文中的认证信息,与本地的认证信息进行比较,若一致则处理RRPP报文,否则丢弃RRPP报文。所述装置包括:用于接收带有认证信息的RRPP报文的报文接收模块与用于读取和处理该RRPP报文的报文处理模块。所述系统包括:用于发送带有认证信息的RRPP报文的第一节点与用于接收、读取和处理该RRPP报文的第二节点。本发明提高了RRPP防攻击的能力,增强了RRPP环网的安全性和稳定性,有效阻止了伪造的RRPP报文的攻击,避免了系统的混乱以及产生链路振荡和环路的可能。

The invention provides an RRPP-based fast ring network attack prevention method, device and system, belonging to the field of network communication. The method includes: receiving an RRPP message carrying authentication information; reading the authentication information in the RRPP message, comparing it with local authentication information, and processing the RRPP message if they are consistent; otherwise, discarding the RRPP message. The device includes: a message receiving module for receiving an RRPP message with authentication information and a message processing module for reading and processing the RRPP message. The system includes: a first node for sending an RRPP message with authentication information and a second node for receiving, reading and processing the RRPP message. The invention improves the RRPP anti-attack ability, enhances the security and stability of the RRPP ring network, effectively prevents the attack of forged RRPP messages, and avoids system confusion and the possibility of link oscillation and loops.

Description

Methods, devices and systems based on the fast looped network attack protection of RRPP
Technical field
The present invention relates to field of network communication, particularly a kind of methods, devices and systems of the fast looped network attack protection based on RRPP.
Background technology
RRPP (Rapid Ring Protection Protocol, rapid ring protection protocol) is a link layer protocol that is specifically applied to Ethernet ring.It can prevent the broadcast storm that data loopback causes when Ethernet ring is complete, and can enable backup link rapidly to recover the communication path between each node on the looped network when a link disconnects on the Ethernet ring.
Each switch all is called a node on the Ethernet ring, has one and have only a host node on each RRPP ring, and it is main decision-making and Control Node on the RRPP ring.Other node on the RRPP ring except that host node can be called transmission node.Host node is the promoter of Polling mechanism (looped network state active detecting mechanism), also is the policymaker of executable operations after network topology changes.Transmission node is responsible for monitoring the state of the direct-connected RRPP link of oneself, and link change notice host node, is made a strategic decision by host node then and how to handle.
In two ports of host node and transmission node access network based on ethernet ring, one is master port, and another is secondary port, and the role of port is by user's configuration decision.Host node has two states: Complete (complete) state and Failed (fault) state.The online all links of Complete state description RRPP ring all are in the UP state, and the link that Failed state description RRPP ring has on the net is in the Down state.Transmission node has three kinds of states: Link-Up state, Link-Down state and Preforwarding (the interim obstruction) state.The Primary port and secondary port of Link-Up state description transmission node all is in the UP state, the master port or the secondary port of Link-Down state description transmission node are in the Down state, and the master port or the secondary port of Preforwarding state description transmission node are in blocked state.
To keep the state of RRPP ring net normal by sending the RRPP message in the prior art.The RRPP message has number of different types, for example, HELLO (loop circuit state detection) message, LINK-UP (link UP) message, LINK-DOWN (link DOWN) message, COMMON-FLUSH-FDB (refreshing FDB) message, COMPLETE-FLUSH-FDB (looped network recovers to refresh FDB) message or the like.
The form of RRPP message is as shown in table 1.
Table 1
0 7 8 15 16 23 24 31 32 39 40 47
Destination MAC Address (6bytes) (target MAC (Media Access Control) address)
Source MAC Address (6bytes) (source MAC)
EtherType (message encapsulated type territory)PRI (priority)VLAN ID (ID of message place VLAN)Frame Length (ethernet frame length)
DSAP/SSAP (purpose service access point/source service access point)CONTROL (control information) OUI=0x00e02b
0x00bb 0x99 0x0bRRPP Length RRPP (protocol Data Unit length)
RRPP_VER (version information)RRPPTYPE (type information)Domain ID (ID of RRPP domain under the message)Ring ID (ID of RRPP ring under the message)
0x0000SYSTEM_MAC_ADDR (6bytes) (sending the bridge MAC of message node)
HELLO_TIMER (sending the time-out time of the Hello timer of message node use)FAIL_TIMER (sending the time-out time of the Fail timer of message node use)
0x00LEVEL (rank of ring under the message)HELLO_SEQ Hello (sequence number of message) 0x0000
RESERVED (0x000000000000) (reserved field)
RESERVED (0x000000000000) (reserved field)
RESERVED (0x000000000000) (reserved field)
Referring to Fig. 1,node 4 is host nodes in the RRPP ring, and node 1,node 2,node 3,node 5 and node 6 are transmission nodes, and the master port of host node is 41, and secondary port is 42.The principle of Polling mechanism is as follows:host node 4 periodically sends the loop circuit state detection messages from itsmaster port 41, and promptly the HELLO message is propagated on ring through each transmission node successively; Ifhost node 4 can be received the HELLO message that oneself sends fromsecondary port 42, illustrate that RRPP ring network chain road is complete, secondary port is blocked inhost node 4 meetings this moment form the broadcasting loop to prevent data message on loop topology; Ifhost node 4 is not received the HELLO message at the appointed time, RRPP ring net generation link failure is described, the secondary port ofhost node 4 relievings this moment is to guarantee that each node communication is not interrupted on the looped network.
Referring to Fig. 2, suppose the link occurs fault between node 1 and thenode 2, thenhost node 4 is in the Failed state; When the link failure recovery in the RRPP ring net, thehost node 4 that is in the Failed state is received the HELLO message that oneself sends fromsecondary port 42, immediately the Complete state is arrived in state transition, stop up secondary port and refresh FDB (mac address forwarding table), decontrol interim port blocked and refresh FDB but also can send all transmission nodes of COMPLETE_FLUSH_FDB message notifying frommaster port 41.
The RRPP ring net anti-attack ability of above-mentioned prior art is not strong, in RRPP ring,, then can cause whole RRPP ring abnormal state in case the user forges the RRPP message, abnormal results can cause data forwarding obstructed, causes broadcast storm thereby perhaps cause whole link to form loop.
Summary of the invention
In order to solve the not strong problem of fast looped network anti-attack ability in the prior art, the embodiment of the invention provides a kind of methods, devices and systems of the fast looped network attack protection based on RRPP.
Described method comprises:
Receive the RRPP message, carry authentication information in the described RRPP message; Read the authentication information in the described RRPP message, compare,, then handle described RRPP message, otherwise abandon described RRPP message if consistent with the authentication information of this locality.
Described device comprises:
The message receiver module is used to receive the RRPP message, carries authentication information in the described RRPP message;
Message processing module (MPM) is used for reading the authentication information of the RRPP message that described message receiver module receives, compares with the authentication information of this locality, if consistent, then handle described RRPP message, otherwise abandons described RRPP message.
Described system comprises at least:
First node is used for sending the RRPP message that carries authentication information at the RRPP ring net;
Section Point is used to receive the RRPP message that described first node is sent, and reads the authentication information in the described RRPP message, and compares with the authentication information of this locality, if consistent, then handle described RRPP message, otherwise abandons described RRPP message.
The embodiment of the invention is by expansion RRPP message, and the mechanism that sends and adopt when receiving the RRPP message authentication, the RRPP message that carries authentication information is transmitted in RRPP ring, and authentication by after just carry out the RRPP message and handle, thereby guaranteed each the node operate as normal in the RRPP ring, greatly improved the ability of RRPP attack protection, the fail safe and the stability of RRPP ring net have been strengthened, stop the attack of the RRPP message of forging effectively, avoided system's confusion that therefore causes and the possibility that produces link oscillation and loop.
Description of drawings
Fig. 1 is the structural representation during the host node good working condition in the RRPP ring net in the prior art;
Fig. 2 is the structural representation during link failure recovery in the RRPP ring net in the prior art;
Fig. 3 is the method flow diagram based on the fast looped network attack protection of RRPP that the embodiment of the invention provides;
Fig. 4 is the structure drawing of device based on the fast looped network attack protection of RRPP that the embodiment of the invention provides;
Fig. 5 is the system construction drawing based on the fast looped network attack protection of RRPP that the embodiment of the invention provides.
Embodiment
The invention will be further described below in conjunction with the drawings and specific embodiments, but the present invention is not limited to the following examples.
The embodiment of the invention is by expansion RRPP message, and the mechanism that sends and adopt when receiving the RRPP message authentication, the RRPP message that carries authentication information is transmitted in RRPP ring, and authentication by after just carry out the RRPP message and handle, thereby guaranteed each the node operate as normal in the RRPP ring, stoped the attack of the RRPP message of forging effectively.
Referring to Fig. 3, the embodiment of the invention provides a kind of method of the fast looped network attack protection based on RRPP, specifically may further comprise the steps:
Step 101: the authentication information that prestores on the RRPP node in the RRPP ring net, authentication information comprises auth type information, approval-key information, described RRPP node can be a host node, also can be transmission node.
Auth type is set in the present embodiment has two kinds: cipher authentication and MD5 (Message Digest Version 5) authentication, can represent different auth types by the value of auth type information is arranged to different values, for example, auth type information is set is at 1 o'clock is the cipher authentication mode, and auth type information is set is at 2 o'clock is the md5 authentication mode.Auth type not simultaneously, the content of corresponding approval-key information is also different, when auth type was the cipher authentication mode, approval-key information was a password; When auth type was the md5 authentication mode, approval-key information was the data segment and the MD5 algorithm of appointment in the RRPP message.
Step 102: this RRPP node is expanded the RRPP message, increases by three fields in standard RRPP message: auth type (AUTHTYPE), authentication length (AUTHLEN) and authenticate key (Authentication Data).
Referring to table 2, the auth type fields account is with 1 byte in the RRPP message, and the authentication length field takies 1 byte, and the authenticate key fields account is with 16 bytes; The length of authentication authorization and accounting key information is between 1~16 byte, and maximum length can not surpass 16 bytes; When auth type being set in the auth type field being the cipher authentication mode, store in the authenticate key field be authentication the time password that uses, Password Length is between 1~16 byte; When auth type being set in the auth type field being the md5 authentication mode, what store in the authenticate key field is the data segment and the MD5 algorithm of appointment in the RRPP message, and its total length is no more than 16 bytes.Which kind of auth type no matter, what store in the authentication length field all is the length of approval-key information, promptly or be the length of password, perhaps is the data segment of appointment in the RRPP message and the total length of MD5 algorithm.
For example, approval-key information is password " 12345678 ", and its length is 8 bytes, and the value that then authenticates in the length field is 8.
Table 2
0 7 8 15 16 23 24 31 32 39 40 47
Destination MAC Address (6bytes) (target MAC (Media Access Control) address)
Source MAC Address (6bytes) (source MAC)
EtherType (message encapsulated type territory)PRI (priority)VLAN ID (ID of message place VLAN)Frame Length (ethernet frame length)
DSAP/SSAP (purpose service access point/source service access point)CONTROL (control information) OUI=0x00e02b
0x00bb 0x99 0x0bRRPP Length RRPP (protocol Data Unit length)
RRPP_VER (version information)RRPPTYPE (type information)Domain ID (ID of RRPP domain under the message)Ring ID (ID of RRPP ring under the message)
0x0000SYSTEM_MAC_ADDR (6bytes) (sending the bridge MAC of message node)
HELLO_TIMER (sending the time-out time of the Hello timer of message node use)FAIL_TIMER (sending the time-out time of the Fail timer of message node use)
0x00LEVEL (rank of ring under the message)HELLO_SEQ Hello (sequence number of message) 0x0000
AUTHTYPE (auth type)AUTHLEN (authentication field length)Authentication Data (authenticate key)
Authentication Data (authenticate key)
Authentication Data (authenticate key)
RESERVED (0x000000000000) (reserved field)
RESERVED (0x000000000000) (reserved field)
RESERVED (0x000000000000) (reserved field)
Step 103: the authentication information that this RRPP node prestores this locality is filled in the respective field of RRPP message of expansion, sends RRPP message after the expansion according to default rule then;
For example, with the auth type information " 1 " that prestores, promptly the cipher authentication mode is filled in the auth type field of RRPP message; The approval-key information password " 12345678 " that prestores is filled in the authenticate key field of RRPP message; The length of this password is 8 bytes, then " 8 " is filled in the authentication length field of RRPP message.
For example, with the auth type information " 2 " that prestores, promptly the md5 authentication mode is filled in the auth type field of RRPP message; Data segment with appointment in the RRPP message that prestores, the time-out time field of the Fail timer that the time-out time field of the Hello timer that transmission message node uses and transmission message node use is filled in the authenticate key field of RRPP message jointly with the MD5 algorithm; And the total length of above-mentioned data designated section and MD5 algorithm is filled in the authentication length field of RRPP message.
Default rule can be timed sending, and the Event triggered of the appointment of also can serving as reasons sends, for example, and LINK-UP Event triggered and LINK-DOWN Event triggered etc.
In actual applications, the authentication information that also can on node, not prestore, but when expansion RRPP message, dispose authentication information, and then be filled in the respective field of RRPP message.
Behind the RRPP message of other RRPP nodes after receiving above-mentioned expansion in the step 104:RRPP looped network, judge that earlier the RRPP message of receiving is the RRPP message of standard, or the RRPP message of expansion, if the RRPP message of standard, then execution instep 105; If the RRPP message of expansion, then execution instep 106.
Judge that whether the message receive is the length that the RRPP message of expansion can be by checking message or does not have newly-increased multiple modes such as field to judge.
Step 105: the node of receiving the RRPP message finishes then according to the described RRPP message of standard RRPP protocol processes flow processing.
Step 106: the node of receiving the RRPP message reads the extended field in the described RRPP message, authentication authorization and accounting type field, authentication length field and authenticate key field, and authenticate;
The process that reads and authenticate is specific as follows: read the auth type field, and read the authenticate key field according to the value in the authentication length field that reads; If the auth type information that reads is the cipher authentication type, the approval-key information that reads is a password, then the password that reads and the local password that prestores is compared, if consistent, then authentication is passed through, if inconsistent, authentification failure then; If the auth type information that reads is the md5 authentication type, the approval-key information that reads is data designated section and MD5 algorithm, then utilize the data segment read and MD5 algorithm carry out computing obtain the MD5 verification and, and utilize local specific data section that prestores and MD5 algorithm carry out computing also obtain the MD5 verification and, with two MD5 verifications with compare, if consistent, then authentication is passed through then, if inconsistent, authentification failure then.
Step 107:, then handle the RRPP message according to the standard handling process if authentication is passed through; If authentication is not passed through, think that then the RRPP message of receiving is an invalid packet, abandon this RRPP message, finish then.
Referring to Fig. 4, the embodiment of the invention also provides a kind of device of the fast looped network attack protection based on RRPP, specifically comprises:
(1) message receiver module is used to receive the RRPP message, carries authentication information in the RRPP message;
(2) message processing module (MPM) is used for reading the authentication information of the RRPP message that the message receiver module receives, compares with the authentication information of this locality, if consistent, then handle the RRPP message, otherwise abandons the RRPP message.
Message processing module (MPM) can specifically comprise:
1) reading unit, be used for reading the value of RRPP message auth type field, the value of auth type field is the cipher authentication type, read the value of authentication length field in the RRPP message, value according to the authentication length field reads approval-key information in the authenticate key field, and approval-key information is a preset password;
2) comparing unit is used for approval-key information that reading unit is read and compares with local password.
Message processing module (MPM) also can specifically comprise:
1) reading unit, be used for reading the value of RRPP message auth type field, the value of auth type field is the md5 authentication type, read the value of authentication length field in the RRPP message, value according to the authentication length field reads approval-key information in the authenticate key field, and approval-key information is the data segment and the MD5 algorithm of appointment in the RRPP message;
2) comparing unit, be used to utilize data designated section and MD5 algorithm carry out computing obtain the MD5 verification and, and with utilize local data segment and MD5 algorithm to carry out computing to obtain the MD5 verification and compare.
Referring to Fig. 5, the embodiment of the invention also provides a kind of system of the fast looped network attack protection based on RRPP, comprises at least:
(1) first node is used for sending the RRPP message that carries authentication information at the RRPP ring net;
(2) Section Point is used to receive the RRPP message that first node is sent, and reads the authentication information in the RRPP message, and compares with the authentication information of this locality, if consistent, then handle the RRPP message, otherwise abandons the RRPP message.
First node can specifically comprise:
1) expansion module, be used for increasing auth type field, authentication length field and authenticate key field at the RRPP message, and in the auth type field, fill auth type information, in the authenticate key field, fill approval-key information, in the authentication length field, fill the length of approval-key information;
2) sending module is used to send the RRPP message after expansion module is handled.
Section Point can specifically comprise:
1) receiver module is used to receive the RRPP message that first node is sent;
2) read module, be used for reading the value of the RRPP message auth type field that receiver module receives, the value of auth type field is the cipher authentication type, read the value of authentication length field in the RRPP message, value according to the authentication length field reads approval-key information in the authenticate key field, and approval-key information is a preset password;
3) comparison module is used for approval-key information that read module is read and compares with local password.
Section Point also can specifically comprise:
1) receiver module is used to receive the RRPP message that first node is sent;
2) read module, be used for reading the value of the RRPP message auth type field that receiver module receives, the value of auth type field is the md5 authentication type, read the value of authentication length field in the RRPP message, value according to the authentication length field reads approval-key information in the authenticate key field, and approval-key information is the data segment and the MD5 algorithm of appointment in the RRPP message;
3) comparison module, be used to utilize data designated section and MD5 algorithm carry out computing obtain the MD5 verification and, and with utilize local data segment and MD5 algorithm to carry out computing to obtain the MD5 verification and compare.
The embodiment of the invention can utilize software to realize, as utilizes Programming with Pascal Language such as C, C++ or JAVA to realize, corresponding software can be stored in the storage medium that can read, for example, and in the internal memory or buffer memory of switch or router.
The embodiment of the invention is by expansion RRPP message, and the mechanism that sends and adopt when receiving the RRPP message authentication, greatly improved the ability of RRPP attack protection, strengthened the fail safe and the stability of RRPP ring net; By judging that the RRPP message is Extended Protocol message or standard agreement message, strengthened the compatibility of RRPP system.
Above-described embodiment is a more preferably embodiment of the present invention, and common variation that those skilled in the art carries out in the technical solution of the present invention scope and replacement all should be included in protection scope of the present invention.

Claims (13)

CNB2007100903681A2007-04-062007-04-06 Method, device and system for fast ring network attack defense based on RRPPExpired - Fee RelatedCN100466583C (en)

Priority Applications (1)

Application NumberPriority DateFiling DateTitle
CNB2007100903681ACN100466583C (en)2007-04-062007-04-06 Method, device and system for fast ring network attack defense based on RRPP

Applications Claiming Priority (1)

Application NumberPriority DateFiling DateTitle
CNB2007100903681ACN100466583C (en)2007-04-062007-04-06 Method, device and system for fast ring network attack defense based on RRPP

Publications (2)

Publication NumberPublication Date
CN101030912Atrue CN101030912A (en)2007-09-05
CN100466583C CN100466583C (en)2009-03-04

Family

ID=38716004

Family Applications (1)

Application NumberTitlePriority DateFiling Date
CNB2007100903681AExpired - Fee RelatedCN100466583C (en)2007-04-062007-04-06 Method, device and system for fast ring network attack defense based on RRPP

Country Status (1)

CountryLink
CN (1)CN100466583C (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
CN102035710A (en)*2009-09-242011-04-27中兴通讯股份有限公司Method and system for updating blocked port information
CN102299906A (en)*2010-06-252011-12-28杭州华三通信技术有限公司Method for preventing spoofed message attack as well as upstream device and downstream device suitable for same
CN103618723A (en)*2013-12-032014-03-05北京东土科技股份有限公司Method and device for preventing looped network protocol message from attacking device CPU
CN104391805A (en)*2014-10-272015-03-04浪潮集团有限公司Data structure for encrypting solid state disk
CN109842584A (en)*2017-11-252019-06-04华为技术有限公司The method and network equipment of certification
WO2019137554A1 (en)*2018-01-152019-07-18中兴通讯股份有限公司Method and device for ensuring operation security of ring network protocol
CN112437007A (en)*2020-11-202021-03-02深圳前海微众银行股份有限公司Message authentication method, device, equipment and storage medium
CN112839009A (en)*2019-11-222021-05-25华为技术有限公司 Method, device and system for processing message
CN114500117A (en)*2022-04-152022-05-13北京全路通信信号研究设计院集团有限公司Looped network Master configuration error judgment method and device based on looped network storm flow characteristics

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
US7039049B1 (en)*2000-12-222006-05-023Com CorporationMethod and apparatus for PPPoE bridging in a routing CMTS
US8296452B2 (en)*2003-03-062012-10-23Cisco Technology, Inc.Apparatus and method for detecting tiny fragment attacks
CN1203642C (en)*2003-07-312005-05-25港湾网络有限公司Method for implementing Ethernet load-carrying point-to-point protocol authentication on very-high speed digital user loop
CN100505757C (en)*2005-08-092009-06-24华为技术有限公司 ARP Cache Table Attack Defense Method
CN100550770C (en)*2006-05-252009-10-14杭州华三通信技术有限公司 Method and device for loop detection
CN101005412A (en)*2007-01-292007-07-25中兴通讯股份有限公司Realizing method and system for preventing port loop detection message attack

Cited By (18)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
CN102035710B (en)*2009-09-242014-04-09中兴通讯股份有限公司Method and system for updating blocked port information
CN102035710A (en)*2009-09-242011-04-27中兴通讯股份有限公司Method and system for updating blocked port information
CN102299906A (en)*2010-06-252011-12-28杭州华三通信技术有限公司Method for preventing spoofed message attack as well as upstream device and downstream device suitable for same
CN102299906B (en)*2010-06-252014-04-16杭州华三通信技术有限公司Method for preventing spoofed message attack as well as upstream device suitable for same
CN103618723A (en)*2013-12-032014-03-05北京东土科技股份有限公司Method and device for preventing looped network protocol message from attacking device CPU
CN103618723B (en)*2013-12-032016-08-31北京东土科技股份有限公司Prevent the method and device of looped network protocol message from attacking device CPU
CN104391805A (en)*2014-10-272015-03-04浪潮集团有限公司Data structure for encrypting solid state disk
CN109842584B (en)*2017-11-252021-11-19华为技术有限公司Authentication method and network device
CN109842584A (en)*2017-11-252019-06-04华为技术有限公司The method and network equipment of certification
WO2019137554A1 (en)*2018-01-152019-07-18中兴通讯股份有限公司Method and device for ensuring operation security of ring network protocol
CN110048986A (en)*2018-01-152019-07-23中兴通讯股份有限公司A kind of method and device guaranteeing looped network agreement operational safety
CN110048986B (en)*2018-01-152022-02-25中兴通讯股份有限公司 A method and device for ensuring the safe operation of a ring network protocol
CN112839009A (en)*2019-11-222021-05-25华为技术有限公司 Method, device and system for processing message
WO2021098380A1 (en)*2019-11-222021-05-27华为技术有限公司Message processing method, apparatus, and system
CN112839009B (en)*2019-11-222023-09-01华为技术有限公司Method, device and system for processing message
US12113806B2 (en)2019-11-222024-10-08Huawei Technologies Co., Ltd.Packet processing method, apparatus, and system
CN112437007A (en)*2020-11-202021-03-02深圳前海微众银行股份有限公司Message authentication method, device, equipment and storage medium
CN114500117A (en)*2022-04-152022-05-13北京全路通信信号研究设计院集团有限公司Looped network Master configuration error judgment method and device based on looped network storm flow characteristics

Also Published As

Publication numberPublication date
CN100466583C (en)2009-03-04

Similar Documents

PublicationPublication DateTitle
CN113114528B (en) Communication connection detection method and device
CN101030912A (en)Fast ring network method against attack based on RRPP, apparatus and system
EP2555476A1 (en)Method, system and device for protecting multicast in communication network
US7555774B2 (en)Inline intrusion detection using a single physical port
US20050076140A1 (en)[topology loop detection mechanism]
US20160080033A1 (en)Physical unidirectional communication apparatus and method
CN1826776A (en) Method and apparatus for processing duplicate packets
JPH11506288A (en) Enhanced 802.3 media access control and associated signaling for full-duplex Ethernet
JP5862445B2 (en) Communication device
US8184650B2 (en)Filtering of redundant frames in a network node
US20210014249A1 (en)Packet Transmission Method and Apparatus
CN101068169A (en) A ring fault detection method, sub-ring master node and sub-ring
CN114270328B (en)Intelligent controller and sensor network bus and system and method including multi-layered platform security architecture
JP5134141B2 (en) Unauthorized access blocking control method
CN102136960A (en)Method and device for controlling switch ports
JP5678678B2 (en) Provider network and provider edge device
KR102148453B1 (en)Controller area network system and message authentication method
US20180262418A1 (en)Method and apparatus for communication in virtual network
JP5889218B2 (en) Data transfer apparatus and data transfer method
CN1878061A (en)Bridge protocol data unit message verification method and device therefor
JP4645839B2 (en) Security communication apparatus and sequence number management method
CN111431768B (en)Method for detecting and protecting port self-loop
CN102340511A (en)Safety control method and device
CN114208258B (en)Intelligent controller and sensor network bus and system and method including message retransmission mechanism
KR20200136124A (en)Apparatus for node of prevention of the Denial of Service attack on CAN communication and method for shifting priority using the same

Legal Events

DateCodeTitleDescription
C06Publication
PB01Publication
C10Entry into substantive examination
SE01Entry into force of request for substantive examination
GR01Patent grant
TR01Transfer of patent right
TR01Transfer of patent right

Effective date of registration:20201207

Address after:Unit 2414-2416, main building, no.371, Wushan Road, Tianhe District, Guangzhou City, Guangdong Province

Patentee after:GUANGDONG GAOHANG INTELLECTUAL PROPERTY OPERATION Co.,Ltd.

Address before:518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen

Patentee before:HUAWEI TECHNOLOGIES Co.,Ltd.

Effective date of registration:20201207

Address after:221300 No. 88 Liaohe West Road, Pizhou Economic Development Zone, Xuzhou City, Jiangsu Province

Patentee after:SU Normal University Semiconductor Materials and Equipment Research Institute (Pizhou) Co.,Ltd.

Address before:Unit 2414-2416, main building, no.371, Wushan Road, Tianhe District, Guangzhou City, Guangdong Province

Patentee before:GUANGDONG GAOHANG INTELLECTUAL PROPERTY OPERATION Co.,Ltd.

CF01Termination of patent right due to non-payment of annual fee
CF01Termination of patent right due to non-payment of annual fee

Granted publication date:20090304
[8]ページ先頭
©2009-2025 Movatter.jp