CN101127717A - Method and switch for message forwarding - Google Patents
Method and switch for message forwarding Download PDFInfo
- Publication number
- CN101127717A CN101127717A CNA2007101513870A CN200710151387A CN101127717A CN 101127717 A CN101127717 A CN 101127717A CN A2007101513870 A CNA2007101513870 A CN A2007101513870A CN 200710151387 A CN200710151387 A CN 200710151387A CN 101127717 A CN101127717 A CN 101127717A
- Authority
- CN
- China
- Prior art keywords
- address
- message
- list
- switch
- forwarding
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Small-Scale Networks (AREA)
Abstract
本发明公开了一种报文转发的方法,涉及工业通信技术领域,包括:预先设置允许转发的报文类型列表,预先设置各个端口允许转发报文的授权设备地址列表、禁止转发报文的未授权设备地址列表;从所述端口接收到报文后,判断发送所述报文的源地址,如果判断出所述源地址不属于所述授权设备地址列表、未授权设备地址列表中的地址,则将所述报文通过预设的特定地址转发;如果判断出所述源地址为所述授权设备地址列表中的地址,并判断出所述报文类型为所述允许转发报文类型列表中的类型,则按照所述报文的目的地址转发。本发明还公开了一种交换机。本发明的方法和交换机能够避免未授权设备发送报文和非法类型的报文时影响正常工作设备的影响。
The invention discloses a message forwarding method, which relates to the technical field of industrial communication, including: pre-setting a list of message types allowed to be forwarded, a list of authorized device addresses for each port that is allowed to forward messages, and a list of unauthorized message types that are prohibited from forwarding messages. Authorized device address list; after receiving the message from the port, determine the source address of the message sent, if it is determined that the source address does not belong to the address in the authorized device address list and the unauthorized device address list, Then forward the message through a preset specific address; if it is determined that the source address is an address in the authorized device address list, and it is determined that the message type is in the allowed forwarding message type list type, forward the message according to the destination address of the message. The invention also discloses a switch. The method and switch of the invention can avoid the impact on the normal working equipment when the unauthorized equipment sends the message and the illegal type of message.
Description
技术领域technical field
本发明涉及工业通信技术领域,特别是指一种报文转发的方法和工业交换机。The invention relates to the technical field of industrial communication, in particular to a message forwarding method and an industrial switch.
背景技术Background technique
在工业网络系统中,为保证实时性的要求,很多服务器都采用用户数据报协议(UDP)广播报文,现场总线系统中,用于周期数据发送和调度的广播报文非常多,相应的,其网络负荷也非常大。所以对于工业控制网络和监控网络需要通过代理或者网桥分开,对于不同的工业控制网络也需要通过代理或者网桥分开,这样能够比较好地隔离不同的控制网络,但是如果两个不同的控制网络需要数据交换的时候,由于所述代理或者网桥的存在,数据传输的时间就会延长。In the industrial network system, in order to ensure real-time requirements, many servers use the User Datagram Protocol (UDP) broadcast message. In the field bus system, there are many broadcast messages used for periodic data transmission and scheduling. Correspondingly, Its network load is also very large. Therefore, the industrial control network and the monitoring network need to be separated by a proxy or a bridge, and different industrial control networks also need to be separated by a proxy or a bridge. This can better isolate different control networks, but if two different control networks When data exchange is required, the time for data transmission will be extended due to the existence of the agent or bridge.
在工业通信发展的历程中,交换机越来越占据重要地位,一般地,交换机处于核心交换的位置,网桥、代理和路由器都处于网络交换的边缘,处于补充的作用。但是由于目前的交换机构成网络的都是以交互数据为目的,并且由于工业控制网络自身应用环境的限制,交换机对于工业通信中所要求的响应时间、数据有效性认证等要求不能很好的满足。In the course of the development of industrial communication, switches are playing an increasingly important role. Generally, switches are at the core switching position, and bridges, proxies and routers are at the edge of network switching and play a supplementary role. However, due to the fact that the current switches constitute the network for the purpose of exchanging data, and due to the limitation of the application environment of the industrial control network itself, the switches cannot meet the requirements of response time and data validity authentication required in industrial communication.
传统意义上的交换机,都是工作在第二层的设备,转发单播数据是是通过点对点的传输实现的,而转发广播数据则会扩散到所有端口,一些加入虚拟局域网(VLAN)功能的交换机,能够将组播数据控制在固定的几个端口。随着网络技术的发展,目前的交换机技术能够完成第三层甚至第四层的转发,并且完成一部分的路由工作,这样使得从网络层划分各个网段就变得相对容易起来。Switches in the traditional sense are all devices that work on the second layer. The forwarding of unicast data is realized through point-to-point transmission, while the forwarding of broadcast data will spread to all ports. Some switches that join the virtual local area network (VLAN) function , able to control the multicast data to several fixed ports. With the development of network technology, the current switch technology can complete the forwarding of the third layer or even the fourth layer, and complete part of the routing work, which makes it relatively easy to divide each network segment from the network layer.
但是,目前工业控制网络中的交换机都会受到限制,主要是网络上如果出现未经过授权的设备,其发送的数据(特别是广播数据)将会扩散到所有端口,其他端口的设备就会受到其干扰,影响其他端口上的设备对生产的正常控制。However, the switches in the industrial control network are currently restricted, mainly because if there is an unauthorized device on the network, the data sent (especially broadcast data) will be spread to all ports, and the devices on other ports will be restricted by other ports. Interference, affecting the normal control of production by devices on other ports.
发明内容Contents of the invention
有鉴于此,本发明在于提供一种报文转发的方法和交换机,以解决上述工业控制网络中未授权设备通过交换机发送数据时影响其他已经授权并工作设备问题。In view of this, the present invention provides a message forwarding method and a switch to solve the above-mentioned problem that unauthorized devices in the industrial control network affect other authorized and working devices when sending data through the switch.
如上所述,本发明提供一种控制交换机报文转发的方法,详细描述如下:As mentioned above, the present invention provides a method for controlling message forwarding of a switch, which is described in detail as follows:
预先设置允许转发的报文类型列表,预先设置各个端口允许转发报文的授权设备地址列表、禁止转发报文的未授权设备地址列表;Pre-set the list of message types that are allowed to be forwarded, the list of authorized device addresses that are allowed to forward messages for each port, and the list of unauthorized device addresses that are prohibited from forwarding messages;
从所述端口接收到报文后,判断发送所述报文的源地址,如果判断出所述源地址不属于所述授权设备地址列表、未授权设备地址列表中的地址,则将所述报文通过预设的特定地址转发;After receiving the message from the port, judge the source address for sending the message, if it is judged that the source address does not belong to the addresses in the authorized device address list and unauthorized device address list, then send the The text is forwarded through the preset specific address;
如果判断出所述源地址为所述授权设备地址列表中的地址,并判断出所述报文类型为所述允许转发报文类型列表中的类型,则按照所述报文的目的地址转发。If it is determined that the source address is an address in the authorized device address list, and the packet type is determined to be a type in the packet type list allowed to be forwarded, forward the packet according to the destination address of the packet.
其中,该方法还包括:Wherein, the method also includes:
预先设置禁止转发的报文类型列表;Pre-set the list of message types that are prohibited from being forwarded;
如果判断出所述源地址为所述未授权设备地址列表中的地址,或判断出所述报文类型为所述禁止转发报文类型列表中的类型,则将所述报文屏蔽。If it is determined that the source address is an address in the unauthorized device address list, or it is determined that the packet type is a type in the prohibited-forwarding packet type list, then block the packet.
其中,将所述报文通过预设的特定地址转发为:Wherein, the message is forwarded through the preset specific address as:
将所述报文通过预设的特定地址转发至上位机;Forwarding the message to the host computer through a preset specific address;
所述上位机接收到所述报文后,通过所述特定地址回复所述报文的源地址所属设备的权限信息,或将所述端口屏蔽。After receiving the message, the upper computer replies with the permission information of the device to which the source address of the message belongs through the specific address, or blocks the port.
其中,该方法还包括:Wherein, the method also includes:
接收到所述权限信息后,判断权限信息中的标识,将所述源地址存储到授权设备地址列表或未授权设备地址列表。After receiving the permission information, judge the identifier in the permission information, and store the source address in the authorized device address list or the unauthorized device address list.
其中,所述地址列表包括单播列表、组播和广播的域列表。Wherein, the address list includes a unicast list, a multicast and a broadcast domain list.
其中,所述地址列表中的地址包括:Wherein, the addresses in the address list include:
源媒体接入控制MAC地址、源互联网IP地址、目的MAC地址、目的IP地址、设备连接的交换机端口号。Source media access control MAC address, source Internet IP address, destination MAC address, destination IP address, and switch port number to which the device is connected.
其中,判断出所述源地址为所述授权设备地址列表中的地址过程包括:Wherein, the process of determining that the source address is an address in the authorized device address list includes:
在所述授权设备地址列表中查找出所述报文的源和目的MAC地址;Find out the source and destination MAC addresses of the message in the authorized device address list;
按照所述报文目的地址转发为:Forward according to the destination address of the message as:
按照所述目的MAC地址转发。Forward according to the destination MAC address.
其中,该方法之前还包括:Among them, the method also includes:
将交换机内的路由功能设置为开;Set the routing function in the switch to ON;
判断出所述源地址为所述授权设备地址列表中的地址过程包括:The process of determining that the source address is an address in the authorized device address list includes:
在所述授权设备地址列表中查找出所述报文的源和目的MAC、IP地址;Find out the source and destination MAC and IP addresses of the message in the authorized device address list;
按照所述报文目的地址转发为:Forward according to the destination address of the message as:
按照所述目的MAC、IP地址转发。Forward according to the destination MAC and IP address.
其中,还包括,定期从各个端口接收来自设备的ARP、ICMP、IGMP或DHCP报文,分析从所述端口接收报文的子网掩码,判断所述报文所属的组播和广播的域地址,记录在所述域列表中。Among them, it also includes regularly receiving ARP, ICMP, IGMP or DHCP messages from the device from each port, analyzing the subnet mask of the message received from the port, and judging the multicast and broadcast domain to which the message belongs. address, recorded in the domain list.
其中,该方法还包括:Wherein, the method also includes:
定期将监控到交换机的通信数据与用户设定的通信数据进行比较,如果不相同,则判断出所述端口出现故障,关闭所述端口,通过所述特定地址下载授权设备地址并更新所述授权设备地址列表中。Regularly compare the communication data monitored by the switch with the communication data set by the user. If they are not the same, it is judged that the port is faulty, the port is closed, and the authorized device address is downloaded through the specific address and the authorized device is updated. device address list.
本发明还提供一种交换机,包括:收发单元、地址判断单元、授权判断单元、存储单元;The present invention also provides a switch, including: a transceiver unit, an address judging unit, an authorization judging unit, and a storage unit;
所述收发单元,用于接收或发送报文;The transceiver unit is used to receive or send messages;
所述存储单元,用于存储允许转发的报文类型列表,各个端口允许转发报文的授权设备地址列表、禁止转发报文的未授权设备地址列表;The storage unit is used to store a list of message types that are allowed to be forwarded, a list of authorized device addresses that are allowed to forward messages at each port, and a list of unauthorized device addresses that are prohibited from forwarding messages;
所述地址判断单元,用于判断所述接收单元接收到报文的源地址,如果判断出所述源地址不属于所述授权设备地址列表、未授权设备地址列表中的地址,则通知所述收发单元将所述报文通过预设的特定地址转发;The address judging unit is used to judge the source address of the message received by the receiving unit, and if it is judged that the source address does not belong to the addresses in the authorized device address list and the unauthorized device address list, notify the The transceiver unit forwards the message through a preset specific address;
所述授权判断单元,用于判断所述报文的源地址和报文类型,如果判断出所述源地址为所述授权设备地址列表中的地址,并判断出所述报文类型为所述允许转发报文类型列表中的类型,则通知所述收发单元将所述报文按照该报文的目的地址转发。The authorization judging unit is used to judge the source address and message type of the message, if it is judged that the source address is an address in the authorized device address list, and it is judged that the message type is the If the type in the packet type list is allowed to be forwarded, the sending and receiving unit is notified to forward the packet according to the destination address of the packet.
其中,所述存储单元还可存储禁止转发的报文类型列表;Wherein, the storage unit can also store a list of message types that are prohibited from being forwarded;
所述交换机还包括:The switch also includes:
屏蔽单元,用于判断所述报文的源地址和报文类型,如果判断出所述源地址为所述未授权设备地址列表中的地址,或判断出所述报文类型为所述禁止转发报文类型列表中的类型,则将所述报文屏蔽。A shielding unit, configured to determine the source address and message type of the message, if it is determined that the source address is an address in the unauthorized device address list, or it is determined that the message type is the prohibited forwarding type in the packet type list, the packet will be blocked.
其中,还包括:Among them, also include:
地址更新单元,用于接收到所述源地址所属设备的权限信息后,判断权限信息中的标识,将所述源地址存储到授权设备地址列表或未授权设备地址列表。The address updating unit is configured to, after receiving the authority information of the device to which the source address belongs, judge the identifier in the authority information, and store the source address in the authorized device address list or the unauthorized device address list.
其中,in,
所述存储单元中的地址列表包括单播列表、组播和广播的域列表;The address list in the storage unit includes a unicast list, a multicast and broadcast domain list;
还包括:Also includes:
分析单元,用于通知收发单元定期从各个端口接收来自设备的ARP、ICMP、IGMP或DHCP报文,分析从所述端口接收报文的子网掩码,判断所述报文所属的组播和广播的域地址,记录在所述域列表中。The analysis unit is used to notify the transceiver unit to regularly receive ARP, ICMP, IGMP or DHCP messages from the device from each port, analyze the subnet mask of the message received from the port, and determine the multicast and Broadcast domain address, recorded in the domain list.
其中,还包括:Among them, also include:
自动更新单元,定期将监控到交换机的通信数据与用户设定的通信数据进行比较,如果不相同,则判断出所述端口出现故障,关闭所述端口,通过所述特定地址下载授权设备地址并更新到所述授权设备地址列表中。The automatic update unit regularly compares the communication data monitored by the switch with the communication data set by the user. If they are not the same, it is judged that the port is faulty, the port is closed, the authorized device address is downloaded through the specific address and Update to the authorized device address list.
通过上述技术方案可知,本发明通过本发明报文转发的方法和交换机,建立地址列表、类型列表,并设置特定地址,当接收到报文后,如果发送该报文地址不属于列表中的地址,通过特定地址转发,从而避免未经过授权的设备发送报文和出现非法类型的报文时影响正常工作的设备。并且,对于首次出现的设备报文,通过特定地址发送至上位机,由用户授权后进行转发。在工作过程中,不断更新地址列表,并通过对报文数据的自动分析,关闭故障端口,减少对正常工作设备的影响,从而保证了正常的工业生产,提高了生产效率。It can be seen from the above technical solution that the present invention establishes an address list, a type list, and sets a specific address through the message forwarding method and the switch of the present invention. , forwarding through a specific address, so as to prevent unauthorized devices from sending messages and illegal types of messages from affecting normal working devices. Moreover, for the first device message, it is sent to the upper computer through a specific address, and is forwarded after being authorized by the user. During the working process, the address list is constantly updated, and through the automatic analysis of the message data, the faulty port is closed to reduce the impact on the normal working equipment, thereby ensuring normal industrial production and improving production efficiency.
附图说明Description of drawings
图1是本发明实施例的流程图;Fig. 1 is the flowchart of the embodiment of the present invention;
图2是本发明实施例中授权设备地址更新的流程图;Fig. 2 is a flow chart of updating the authorized device address in the embodiment of the present invention;
图3是本发明实施例中数据链路层报文转发的流程图;Fig. 3 is the flowchart of data link layer message forwarding in the embodiment of the present invention;
图4是本发明实施例中网络层报文转发的流程图;Fig. 4 is the flowchart of network layer message forwarding in the embodiment of the present invention;
图5是本发明实施例中监控设备和交换机之间报文处理的流程图;Fig. 5 is a flowchart of message processing between the monitoring device and the switch in an embodiment of the present invention;
图6是本发明实施例中用户通过监控设备进行设置示意图;Fig. 6 is a schematic diagram of setting by the user through the monitoring device in the embodiment of the present invention;
图7是本发明实施例中交换机定期更新授权设备地址列表的流程图;Fig. 7 is a flow chart of the switch regularly updating the authorized device address list in the embodiment of the present invention;
图8是本发明实施例中交换机监控端口数据的流程图;Fig. 8 is the flowchart of switch monitoring port data in the embodiment of the present invention;
图9是本发明实施例中交换机结构的示意图;FIG. 9 is a schematic diagram of a switch structure in an embodiment of the present invention;
图10是本发明实施例中交换机相互连接的示意图。Fig. 10 is a schematic diagram of interconnection of switches in an embodiment of the present invention.
具体实施方式Detailed ways
本发明的基本思想是:建立地址列表、类型列表,并设置特定地址,当接收到报文后,如果发送该报文地址不属于列表中的地址,通过特定地址转发,以避免未经过授权的设备发送报文和出现非法类型的报文时影响正常工作的设备。The basic idea of the present invention is: establish address list, type list, and set specific address, after receiving message, if sending this message address does not belong to the address in the list, forward through specific address, to avoid unauthorized When the device sends packets and illegal type packets appear, it will affect the normal operation of the device.
为了本领域技术人员对本发明的技术方案有更好的理解,下面结合附图和实施例对本发明进行详细描述。In order for those skilled in the art to have a better understanding of the technical solutions of the present invention, the present invention will be described in detail below in conjunction with the accompanying drawings and embodiments.
请参考图1,为本发明一种报文转发方法的实施例一的流程图。Please refer to FIG. 1 , which is a flow chart of Embodiment 1 of a message forwarding method according to the present invention.
包括以下步骤:Include the following steps:
步骤S101:设置允许转发的报文类型列表,并设置各个端口允许转发报文的授权设备地址列表、禁止转发报文的未授权设备地址列表。Step S101: Set a list of message types that are allowed to be forwarded, and set a list of authorized device addresses that are allowed to forward messages and a list of unauthorized device addresses that are prohibited from forwarding messages for each port.
步骤S102:从所述端口接收到报文后,对源地址执行判断操作。Step S102: After receiving the message from the port, perform a judgment operation on the source address.
步骤S103:判断所述源地址不属于所述授权设备地址列表或未授权设备地址列表中的地址,若是,进入步骤S104;否则结束。Step S103: Judging that the source address does not belong to the addresses in the authorized device address list or the unauthorized device address list, if yes, go to step S104; otherwise, end.
步骤S104:将所述报文通过预设的特定地址转发。Step S104: Forward the message through a preset specific address.
步骤S105:判断所述源地址是否为所述授权设备地址列表中的地址,并且所述报文类型是否为所述允许转发报文类型列表中的类型,若是,则进入步骤105;否则结束;Step S105: judging whether the source address is an address in the authorized device address list, and whether the message type is a type in the allowed forwarding message type list, and if so, proceed to step 105; otherwise, end;
步骤S106:按照所述报文的目的地址转发。Step S106: forwarding according to the destination address of the message.
在该实施例中,步骤S103与步骤S105没有先后的顺序关系。可根据具体情况,先后执行判断也可,也可以同时进行判断。In this embodiment, there is no sequential relationship between step S103 and step S105. Depending on the specific circumstances, the judgments may be executed successively, or may be judged simultaneously.
在该实施例中,还可将一些非法地址的报文进行屏蔽,以避免对网络中工作的其它设备造成不必要的影响。因此,该实施例还可包括以下步骤,In this embodiment, some messages with illegal addresses can also be shielded, so as to avoid unnecessary impact on other devices working in the network. Therefore, this embodiment may also include the following steps,
预先设置禁止转发的报文类型列表;Pre-set the list of message types that are prohibited from being forwarded;
可在执行步骤S103、步骤S105执行判断操作之前设置禁止转发的报文类型列表。A list of message types prohibited from forwarding may be set before performing the judgment operation in step S103 and step S105.
当执行判断发送所述报文的源地址的过程中,如果判断出所述源地址为所述未授权设备地址列表中的地址,或判断出所述报文类型为所述禁止转发报文类型列表中的类型,则将所述报文屏蔽。这样可将这些非法的报文屏蔽。When performing the process of judging the source address of sending the message, if it is judged that the source address is an address in the address list of the unauthorized device, or it is judged that the message type is the prohibited forwarding message type If the type in the list is not specified, the message will be blocked. In this way, these illegal messages can be shielded.
在该实施例中,如果工程人员对交换机执行错误的连接操作,或连接的设备没有经过授权,则此时交换机收到未授权设备发送的报文或因误连接而收到非法类型报文,对于这类报文,交换机收到后,会将报文屏蔽;或执行步骤S104,将这些报文通过特定地址转发。In this embodiment, if the engineer performs a wrong connection operation on the switch, or the connected device is not authorized, then the switch receives a message sent by an unauthorized device or receives an illegal type message due to a wrong connection. For such messages, the switch will shield the messages after receiving them; or perform step S104 to forward these messages through a specific address.
当通过特定地址转发时,如果连接有上级交换机,则发送至上级交换机,直至发送至上位机;上位机收到后,会以各种形式通知用户,通常会通过显示器将报文的信息展示给用户。用户收到后,为发送报文的源地址所属设备进行授权,将源地址所属设备的权限信息通过特定地址发送至交换机,或直接向交换机发送命令,将收到该报文的端口屏蔽。When forwarding through a specific address, if there is an upper-level switch connected, it will be sent to the upper-level switch until it is sent to the upper computer; after the upper computer receives it, it will notify the user in various forms, and usually display the information of the message to the user through the display. user. After receiving the message, the user authorizes the device to which the source address of the message belongs, and sends the authority information of the device to which the source address belongs to the switch through a specific address, or directly sends a command to the switch to block the port that received the message.
交换机通过特定地址收到权限信息后,可通过判断权限信息中的标识,将发送该报文的源地址存储到授权设备地址列表或未授权地址列表中。下次再收到该源地址发送的报文后,通过判断执行相应的操作。After receiving the permission information through the specific address, the switch can store the source address of the message in the authorized device address list or unauthorized address list by judging the identifier in the permission information. After receiving the message sent by the source address next time, the corresponding operation will be performed through judgment.
对于特定地址的功能,不仅包括上述的应用,还可用于对交换机内的各种地址列表进行定期或非定期的更新。对于这些列表的更新,可同时进行,也可先后进行,下面以授权设备地址列表为例描述该实施例中授权设备地址更新的过程。The function of a specific address not only includes the above-mentioned applications, but also can be used to update various address lists in the exchange regularly or non-periodically. These lists can be updated simultaneously or sequentially. The following uses the authorized device address list as an example to describe the process of updating the authorized device address in this embodiment.
更新的过程可参见图2,包括以下步骤:The update process can be seen in Figure 2, including the following steps:
步骤S201:用户设置组态信息。Step S201: The user sets configuration information.
步骤S202:用户组态配置软件通过特定地址将授权设备地址下载到交换机中。Step S202: The user configuration software downloads the address of the authorized device to the switch through a specific address.
其中,特定地址是交换机上的一个端口,授权设备地址包括:源媒体接入控制MAC地址、源互联网IP地址、目的MAC地址、目的IP地址、设备连接的交换机端口号等。Wherein, the specific address is a port on the switch, and the authorized device address includes: source media access control MAC address, source Internet IP address, destination MAC address, destination IP address, switch port number to which the device is connected, and the like.
步骤S203:交换机更新授权设备地址列表。Step S203: the switch updates the authorized device address list.
交换机接收到授权设备地址后,判断授权设备地址列表中是否存在所下载的地址,如果存在,则进行更新,即将列表中没有的地址加入到列表中,加入时,按照源媒体接入控制MAC地址、源互联网IP地址、目的MAC地址、目的IP地址、设备连接的交换机端口号作为一个记录加入到列表中;如果交换机没有列表,则创建授权设备地址列表,并将下载的地址全部加入到列表中。After the switch receives the authorized device address, it judges whether the downloaded address exists in the authorized device address list. If it exists, it updates it, that is, adds the address not in the list to the list. When adding, it controls the MAC address according to the source media access , source Internet IP address, destination MAC address, destination IP address, and the switch port number connected to the device are added to the list as a record; if the switch does not have a list, create a list of authorized device addresses and add all downloaded addresses to the list .
步骤S204:转发至下级交换机。Step S204: Forward to the lower-level switch.
如果交换机还连接有下级交换机,则通过特定地址将下载的地址发送至下级交换机。If the switch is also connected to a lower-level switch, the downloaded address is sent to the lower-level switch through a specific address.
在上述的实施例中,还可进一步将列表中的地址进行划分,划分出单播列表,组播和广播的域列表,以便于交换机在转发报文的过程中处理。In the above embodiment, the addresses in the list can be further divided into a unicast list, a multicast and a broadcast domain list, so as to be processed by the switch during message forwarding.
为实现分层转发,可在交换机内设置路由功能,如果关闭路由功能,则交换机实现以太网的报文发送控制;如果开启路由功能,则实现不同多个网段的转发。下面参见图3,说明当路由功能关闭时,转发报文的过程。In order to realize hierarchical forwarding, the routing function can be set in the switch. If the routing function is turned off, the switch will realize the packet sending control of Ethernet; if the routing function is turned on, the forwarding of different network segments will be realized. Referring to FIG. 3 below, it illustrates the process of forwarding packets when the routing function is disabled.
具体包括以下步骤:Specifically include the following steps:
步骤S301:接收以太网报文。Step S301: Receive an Ethernet message.
步骤S302:判断出所述源地址为所述授权设备地址列表中的地址,并且判断出所述报文类型为所述允许转发报文类型列表中的类型。Step S302: It is determined that the source address is an address in the authorized device address list, and it is determined that the packet type is a type in the allowed-forwarding packet type list.
由于接收的是以太网报文,交换机在接收到以太网报文后,获得所要转发报文的MAC地址,如果是单播,则在授权设备地址列表中的单播地址列表中进行查找;如果是广播或组播,则在授权设备地址列表中的广播或组播地址域列表中进行比较。将MAC地址与授权设备地址列表中的MAC地址进行匹配,找到相同的MAC地址,执行步骤S303。Since the Ethernet message is received, the switch obtains the MAC address of the message to be forwarded after receiving the Ethernet message. If it is unicast, it searches in the unicast address list in the authorized device address list; if If it is broadcast or multicast, compare it with the broadcast or multicast address domain list in the authorized device address list. Match the MAC address with the MAC addresses in the authorized device address list, find the same MAC address, and execute step S303.
步骤S303:按照所述报文的目的MAC地址转发。Step S303: forwarding according to the destination MAC address of the message.
所要转发的报文是来自授权设备的报文,交换机将要转发的报文按照该MAC地址转发到相应的设备。The message to be forwarded is a message from the authorized device, and the switch forwards the message to be forwarded to the corresponding device according to the MAC address.
上面详细说明路由功能关闭时的流程,下面详细说明路由功能开启时的流程,参见图4,为本发明实施例的网络层报文转发的流程图。The process when the routing function is turned off is described in detail above, and the process when the routing function is turned on is described in detail below. Refer to FIG. 4 , which is a flow chart of network layer packet forwarding in an embodiment of the present invention.
具体包括以下步骤:Specifically include the following steps:
步骤S401:接收以太网报文。Step S401: Receive an Ethernet packet.
步骤S402:判断出所述源地址为所述授权设备地址列表中的地址,并且判断出所述报文类型为所述允许转发报文类型列表中的类型。Step S402: It is determined that the source address is an address in the authorized device address list, and it is determined that the packet type is a type in the allowed-forwarding packet type list.
交换机在接收到以太网报文后,获得所要转发报文的MAC地址和IP地址,如果是单播,则在授权设备地址列表中的单播地址列表中进行查找;如果是广播或组播,则在授权设备列表中的广播或组播地址域列表中进行比较。将获得MAC、IP地址与授权设备地址列表中的记录进行匹配,找到相同的MAC、IP地址,并执行步骤S403。After receiving the Ethernet message, the switch obtains the MAC address and IP address of the message to be forwarded. If it is unicast, it will search in the unicast address list in the authorized device address list; if it is broadcast or multicast, Then compare it with the broadcast or multicast address domain list in the authorized device list. Match the obtained MAC and IP addresses with the records in the authorized device address list, find the same MAC and IP addresses, and execute step S403.
步骤S403:按照所述报文的目的地址转发。Step S403: Forward according to the destination address of the message.
所要转发的报文是来自授权设备的报文,交换机将要转发的报文按照该MAC、IP地址转发到相应的设备。The message to be forwarded is a message from the authorized device, and the switch forwards the message to be forwarded to the corresponding device according to the MAC and IP addresses.
上面分别描述交换机中路由功能开启或关闭时转发报文的流程,通过设置路由功能,可实现交换机在不同层转发报文。由于工业应用中的交换机所使用的协议较为固定,为加快交换机处理报文的速度,还可对不同层次中的不同类型的报文分别进行屏蔽。在该实施例中,还可包括,交换机接收到报文后执行源地址判断操作,即在步骤S301或步骤S401后,如果判断出所述源地址为所述未授权设备地址列表中的地址,或判断出所述报文类型为所述禁止转发报文类型列表中的类型,则将所述报文屏蔽。The above describes the process of forwarding packets when the routing function in the switch is enabled or disabled. By setting the routing function, the switch can forward packets at different layers. Since the protocols used by switches in industrial applications are relatively fixed, in order to speed up the processing speed of switches, different types of messages in different layers can be shielded separately. In this embodiment, it may also include that the switch performs a source address judgment operation after receiving the message, that is, after step S301 or step S401, if it is judged that the source address is an address in the unauthorized device address list, Or if it is determined that the packet type is a type in the packet type list prohibited from forwarding, then block the packet.
对于所判断的类型,如果交换机没有开启路由功能,仅对第二层源地址和目的地址进行判断,不再判断其第三层报文类型是否为允许转发或禁止转发的报文类型列表中的类型,仅在第二层进行匹配。For the judged type, if the switch does not enable the routing function, it only judges the source address and destination address of the second layer, and no longer judges whether the type of the third layer packet is in the list of packet types allowed to be forwarded or forbidden to be forwarded. type, only matches at the second level.
如果交换机开启路由功能,不但要对第二层进行匹配判断,而且也要在第三层进行匹配判断,并且能够对于UDP、TCP或ICMP等非第三层的报文,进行类型的匹配判断,从而扩展其转发数据的安全性和合法性。If the switch enables the routing function, it not only needs to make matching judgments on the second layer, but also needs to make matching judgments on the third layer, and can perform type matching judgments on non-third-layer packets such as UDP, TCP, or ICMP. Thereby expanding the security and legality of its forwarded data.
对于该实施例的步骤S103中,交换机将报文进行转发时,如果连接有上层的交换机,则通过特定地址将报文添加标识发送至上层的交换机,由上层交换机发送至上位机,即监控设备或工作站;如果直接连接到监控设备,则将报文发送至监控设备。In step S103 of this embodiment, when the switch forwards the message, if there is an upper-layer switch connected, then the message is sent to the upper-layer switch with a specific address, and the upper-layer switch sends it to the upper computer, that is, the monitoring device or workstation; if connected directly to the monitoring device, send the message to the monitoring device.
在该实施例的步骤S103后,还可包括监控设备与交换机之间的报文处理过程。下面结合附图5详细说明监控设备与交换机之间的报文处理过程。参见图5,为本发明实施例中监控设备和交换机之间报文处理的流程图。After step S103 in this embodiment, the message processing process between the monitoring device and the switch may also be included. The message processing process between the monitoring device and the switch will be described in detail below in conjunction with FIG. 5 . Referring to FIG. 5 , it is a flow chart of message processing between the monitoring device and the switch in the embodiment of the present invention.
具体包括以下步骤:Specifically include the following steps:
步骤S501:监控设备接收来自交换机发送的转发报文。Step S501: the monitoring device receives the forwarding message sent from the switch.
步骤S502:监控设备向用户提示网络上有新设备。Step S502: the monitoring device prompts the user that there is a new device on the network.
步骤S503:监控设备接收用户所选择的信息并发送至交换机。Step S503: the monitoring device receives the information selected by the user and sends it to the switch.
步骤S504:交换机判断用户所选择的信息为组态信息时,重新执行用户设置组态信息、并下载到交换机。Step S504: When the switch judges that the information selected by the user is configuration information, the user sets the configuration information again and downloads it to the switch.
步骤S505:交换机判断用户所选择的信息为误接入或非法设备信息时,将接收该转发报文的端口关闭。Step S505: When the switch judges that the information selected by the user is incorrect access or illegal device information, it closes the port receiving the forwarded message.
用户通过监控设备查看来自交换机的信息,如果是新上电加入到网络中的设备,用户对该设备所发送单播报文的目的地址进行设置,还可对该设备所发送广播或组播报文的域进行设置,通过监控设备进行具体设置的示意图可参见图6。The user checks the information from the switch through the monitoring device. If it is a device that is newly powered on and joins the network, the user can set the destination address of the unicast message sent by the device, and can also send broadcast or multicast messages to the device. The domain is set, and the schematic diagram of the specific setting through the monitoring device can be seen in Figure 6.
当有新的设备上电后,监控设备上面显示新上电设备的IP以及发送的目的IP地址,并且预制相应的域设置,这里采用的域设置同子网掩码相同的设置,在添加后提交到下面的已配置列表中。When a new device is powered on, the IP of the newly powered device and the destination IP address will be displayed on the monitoring device, and the corresponding domain settings will be prefabricated. The domain settings used here are the same as the subnet mask settings. After adding Submit to the configured list below.
以一个新设备接入为例,交换机检测到该地址没有在该端口设置过,就将其报文发送到特定地址,监控设备检测到相应的报文,把该报文的基本信息显示出来,并且为其预制相应的域。其中,图6上显示的ALL是代表不限制其发送的范围。用户可以根据需要设置其域的范围,并且下发到其交换机端口,得到授权的该设备就能够在其指定的域中发送数据。这样就保证任何一个设备接入到系统中,都是经过了授权后才能够完成其通信功能。Taking a new device access as an example, the switch detects that the address has not been set on the port, and sends its message to a specific address. The monitoring device detects the corresponding message and displays the basic information of the message. And prefabricate the corresponding domain for it. Wherein, ALL shown in FIG. 6 means that the sending range is not restricted. Users can set the scope of their domain as needed, and send it to their switch ports, and the authorized device can send data in its designated domain. This ensures that any device connected to the system can complete its communication function only after being authorized.
交换机还可定期对各个端口中来自各个设备的报文进行分析,得出各个端口地址所对应设备的单播地址、广播或组播的域地址,并将得出的地址添加到相应的列表中。下面结合图7进行详细说明,参见图7,为本发明实施例中交换机定期更新授权设备地址列表的流程图。The switch can also periodically analyze the packets from each device in each port, obtain the unicast address, broadcast or multicast domain address of the device corresponding to each port address, and add the obtained address to the corresponding list . The following describes in detail with reference to FIG. 7 . Referring to FIG. 7 , it is a flow chart of periodically updating the authorized device address list by the switch in the embodiment of the present invention.
具体包括以下步骤:Specifically include the following steps:
步骤S701:进入报文分析周期。Step S701: Enter the packet analysis cycle.
用户可预先设置交换机的报文分析周期,经过预定的时间间隔后,交换机进入分析周期。The user can pre-set the message analysis cycle of the switch, and the switch enters the analysis cycle after a predetermined time interval.
步骤S702:接收各个端口的报文。Step S702: Receive messages from each port.
步骤S703:判断是否存在可分析的报文。Step S703: Determine whether there are packets that can be analyzed.
交换机对该端口中是否存在ARP,ICMP,IGMP,DHCP等报文;如果存在,则执行步骤S704;如果不存在,则执行步骤706。Whether the switch has ARP, ICMP, IGMP, DHCP and other messages in the port; if yes, execute step S704; if not, execute step 706.
步骤S704:通过报文分析该端口所对应的子网掩码,从而判断该端口所对应的域。Step S704: Analyzing the subnet mask corresponding to the port through the packet, so as to determine the domain corresponding to the port.
步骤S705:判断是否大于授权设备地址列表的记录;如果大于,则执行步骤S708;如果小于,则结束。Step S705: Determine whether it is larger than the record of the authorized device address list; if larger, execute step S708; if smaller, end.
交换机将分析出的域地址与授权设备地址列表中的域地址进行比较,如果存在授权设备地址列表中所没有的域地址,则判断为大于授权设备地址列表的域地址。The switch compares the analyzed domain address with the domain address in the authorized device address list, and if there is a domain address not in the authorized device address list, it judges that it is greater than the domain address in the authorized device address list.
步骤S706:判断该端口是否存在广播、组播报文;如果存在,则执行步骤S707;如果不存在,则结束。Step S706: Determine whether there are broadcast and multicast packets on the port; if yes, execute step S707; if not, end.
步骤S707:通过广播、组播报文得出该端口所在的域,判断是否大于授权设备地址列表的记录;如果大于,则执行步骤S708;如果小于,则结束。Step S707: Obtain the domain where the port is located through broadcast and multicast messages, and judge whether it is greater than the record in the authorized device address list; if greater, execute step S708; if less, end.
交换机将分析出的域地址与授权设备地址列表中的域地址进行比较,如果存在授权设备地址列表中所没有的域地址,则判断为大于授权设备地址列表的域地址。The switch compares the analyzed domain address with the domain address in the authorized device address list, and if there is a domain address not in the authorized device address list, it judges that it is greater than the domain address in the authorized device address list.
步骤S708:更新授权设备地址列表中广播、组播地址域列表。Step S708: updating the broadcast and multicast address domain list in the authorized device address list.
上述域还可划分为子域,如果分析得出广播、组播的域是一个子域,则在以后的发送中可实现线速转发。The above-mentioned domain can also be divided into sub-domains. If the analysis shows that the domain of broadcast and multicast is a sub-domain, wire-speed forwarding can be realized in subsequent transmissions.
上述的实施例中,交换机还可包括监控操作,交换机在工作过程中,会一直对各个端口进行监控,如果出现通信的异常,则关闭通信端口,下面结合图8详细说明交换机在工作过程中对各个通信端口进行监控及出现问题处理的过程。参见图8,为本发明实施例中交换机监控端口数据的流程图。In the above-mentioned embodiment, the switch can also include a monitoring operation. During the working process of the switch, each port will be monitored all the time. If there is an abnormal communication, the communication port will be closed. The process of monitoring each communication port and dealing with problems. Referring to FIG. 8 , it is a flow chart of a switch monitoring port data in an embodiment of the present invention.
具体包括以下步骤:Specifically include the following steps:
步骤S801:监控各个端口中的通信数据。Step S801: Monitor communication data in each port.
步骤S802:将定期将监控到交换机端口的通信数据与用户设定的通信数据进行比较,如果不相同,则执行步骤S803;如果相同,则执行步骤S801。Step S802: regularly compare the communication data monitored to the switch port with the communication data set by the user, if they are not the same, perform step S803; if they are the same, perform step S801.
步骤S803:判断出所述端口出现故障,自动关闭所述端口;或通过监控设备通知用户,由于用户进行处理。当某一端口被关闭后,用户通过组态配置软件更新授权设备地址列表。即将新的IP地址转发域、各端口号和各端口对应连接的设备的MAC地址和/或IP地址等配置信息通过特定地址下载至所述交换机,所述交换机创建或者更新MAC地址、IP地址、交换机端口号等。Step S803: It is determined that the port is faulty, and the port is automatically closed; or the user is notified through the monitoring device, and the user handles it. When a certain port is closed, the user updates the authorized device address list through the configuration software. That is to download configuration information such as the new IP address forwarding domain, each port number and the MAC address and/or IP address of the device corresponding to each port to the switch through a specific address, and the switch creates or updates the MAC address, IP address, Switch port number, etc.
上述是本发明在实现报文转发过程的优选方案,本发明还提供一种交换机,用于实现上述报文转发过程的所有步骤。该交换机的结构图可参见图9,包括:收发单元901、地址判断单元903、授权判断单元904、存储单元902。其中,The above is the preferred solution of the present invention for realizing the message forwarding process, and the present invention also provides a switch for realizing all the steps of the above message forwarding process. Refer to FIG. 9 for a structural diagram of the switch, which includes: a transceiver unit 901 , an address judging unit 903 , an authorization judging unit 904 , and a storage unit 902 . in,
所述收发单元901,用于接收或发送报文。The transceiver unit 901 is configured to receive or send messages.
所述存储单元902,用于存储允许转发的报文类型列表,各个端口允许转发报文的授权设备地址列表、禁止转发报文的未授权设备地址列表。The storage unit 902 is configured to store a list of message types that are allowed to be forwarded, a list of authorized device addresses that are allowed to forward messages on each port, and a list of unauthorized device addresses that are prohibited from forwarding messages.
所述地址判断单元903,用于判断所述接收单元901接收到报文的源地址,如果判断出所述源地址不属于所述授权设备地址列表、未授权设备地址列表中的地址,则通知所述收发单元将所述报文通过预设的特定地址转发。The address judging unit 903 is configured to judge the source address of the message received by the receiving unit 901, and if it is judged that the source address does not belong to the addresses in the authorized device address list and the unauthorized device address list, notify The transceiver unit forwards the message through a preset specific address.
所述授权判断单元904,用于判断所述接收单元901接收到报文的源地址和报文类型,如果判断出所述源地址为所述授权设备地址列表中的地址,并判断出所述报文类型为所述允许转发报文类型列表中的类型,则通知所述收发单元将所述报文按照该报文的目的地址转发。The authorization judging unit 904 is configured to judge the source address and message type of the message received by the receiving unit 901, if it is judged that the source address is an address in the authorized device address list, and it is judged that the If the message type is a type in the list of message types allowed to be forwarded, the sending and receiving unit is notified to forward the message according to the destination address of the message.
其中,所述存储单元902还可存储禁止转发的报文类型列表。Wherein, the storage unit 902 may also store a list of packet types that are prohibited from being forwarded.
所述交换机还包括:The switch also includes:
屏蔽单元905,用于判断所述接收单元901接收到报文的源地址和报文类型,如果判断出所述源地址为所述未授权设备地址列表中的地址,或判断出所述报文类型为所述禁止转发报文类型列表中的类型,则将所述报文屏蔽。A shielding unit 905, configured to determine the source address and message type of the message received by the receiving unit 901, if it is determined that the source address is an address in the unauthorized device address list, or it is determined that the message If the type is a type in the prohibited-forwarding packet type list, the packet is blocked.
还包括:Also includes:
地址更新单元906,用于接收到所述源地址所属设备的权限信息后,判断权限信息中的标识,将所述源地址存储到授权设备地址列表或未授权设备地址列表。The address update unit 906 is configured to, after receiving the authority information of the device to which the source address belongs, judge the identifier in the authority information, and store the source address in the authorized device address list or the unauthorized device address list.
所述存储单元902中的地址列表包括单播列表、组播和广播的域列表。The address list in the storage unit 902 includes a unicast list, a multicast and a broadcast domain list.
还包括:Also includes:
分析单元907,用于通知所述收发单元901定期从各个端口接收来自设备的ARP、ICMP、IGMP或DHCP报文,分析从所述端口接收报文的子网掩码,判断所述报文所属的组播和广播的域地址,记录在所述域列表中。The analysis unit 907 is used to notify the transceiver unit 901 to regularly receive ARP, ICMP, IGMP or DHCP messages from the device from each port, analyze the subnet mask of the message received from the port, and determine the message to which the message belongs. The multicast and broadcast domain addresses are recorded in the domain list.
还包括:Also includes:
自动更新单元908,定期将监控到交换机的通信数据与用户设定的通信数据进行比较,如果不相同,则判断出所述端口出现故障,关闭所述端口,通过所述特定地址下载授权设备地址并更新到所述授权设备地址列表中。The automatic update unit 908 regularly compares the communication data monitored by the switch with the communication data set by the user. If they are not the same, it is judged that the port is faulty, the port is closed, and the authorized device address is downloaded through the specific address. And update to the authorized device address list.
上述是本发明交换机实施例的结构图,当若干个交换机90和监控设备10相连接的示意图可参见图10,交换机通过外接端口91与上级交换机相连,或直接连接监控设备10,该外接端口91的地址即所述的特定地址。The above is the structural diagram of the switch embodiment of the present invention. When several switches 90 are connected to the
对于本发明各个实施例中所阐述的方法和装置,凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。For the methods and devices described in the various embodiments of the present invention, any modifications, equivalent replacements, improvements, etc. made within the spirit and principles of the present invention shall be included within the protection scope of the present invention.
Claims (15)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200710151387A CN100588180C (en) | 2007-09-30 | 2007-09-30 | Method and switch for message forwarding |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200710151387A CN100588180C (en) | 2007-09-30 | 2007-09-30 | Method and switch for message forwarding |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101127717A true CN101127717A (en) | 2008-02-20 |
| CN100588180C CN100588180C (en) | 2010-02-03 |
Family
ID=39095643
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200710151387A Expired - Fee Related CN100588180C (en) | 2007-09-30 | 2007-09-30 | Method and switch for message forwarding |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100588180C (en) |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102843440A (en) * | 2011-06-24 | 2012-12-26 | 中兴通讯股份有限公司 | Method of preventing media access control address drifting and network processing device |
| CN102932316A (en) * | 2011-08-08 | 2013-02-13 | 上海粱江通信技术有限公司 | Signaling firewall system and implementation method |
| CN103841023A (en) * | 2012-11-22 | 2014-06-04 | 华为技术有限公司 | Data forwarding method and device |
| CN103885435A (en) * | 2014-04-11 | 2014-06-25 | 北京国电龙源环保工程有限公司 | Organic amine method desulfuration acid-manufacturing technology distributed control system |
| CN104023001A (en) * | 2013-12-25 | 2014-09-03 | 上海寰创通信科技股份有限公司 | Method for AC equipment to forward unauthorized message information |
| CN105306451A (en) * | 2015-09-28 | 2016-02-03 | 青岛海信电器股份有限公司 | Method and device for controlling DLNA (Digital Living Network Alliance) equipment service permission |
| CN105827427A (en) * | 2015-01-08 | 2016-08-03 | 联想(北京)有限公司 | Information processing method and electronic devices |
| CN106059886A (en) * | 2016-06-27 | 2016-10-26 | 杭州华三通信技术有限公司 | Message forwarding method and device |
| CN106559592A (en) * | 2015-09-28 | 2017-04-05 | 日本冲信息株式会社 | Image processing apparatus and set composite |
| CN106603523A (en) * | 2016-12-09 | 2017-04-26 | 北京东土军悦科技有限公司 | Message forwarding method and network switching device |
| CN109842854A (en) * | 2017-11-29 | 2019-06-04 | 华为技术有限公司 | A kind of message multicast, message broadcasting method and apparatus |
| CN114025182A (en) * | 2021-10-09 | 2022-02-08 | 南京思迈恩传媒科技有限公司 | A video programming and processing system suitable for streaming media network program broadcasting |
| CN114040262A (en) * | 2021-11-04 | 2022-02-11 | 西安数道航空技术有限公司 | Network switch |
| CN115378764A (en) * | 2022-08-19 | 2022-11-22 | 山石网科通信技术股份有限公司 | Communication method, communication apparatus, storage medium, and electronic apparatus |
| CN115395661A (en) * | 2022-09-28 | 2022-11-25 | 国家电投集团广西电力有限公司运营服务分公司 | New energy remote centralized control center communication system constructed based on power private network |
| CN116032857A (en) * | 2022-12-16 | 2023-04-28 | 广西电网有限责任公司 | Message analysis method and related device of data acquisition port |
| WO2024140277A1 (en) * | 2022-12-27 | 2024-07-04 | 杭州海康威视数字技术股份有限公司 | Security protection control method and apparatus, and device |
-
2007
- 2007-09-30 CN CN200710151387A patent/CN100588180C/en not_active Expired - Fee Related
Cited By (24)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102843440A (en) * | 2011-06-24 | 2012-12-26 | 中兴通讯股份有限公司 | Method of preventing media access control address drifting and network processing device |
| CN102843440B (en) * | 2011-06-24 | 2017-04-26 | 中兴通讯股份有限公司 | Method of preventing media access control address drifting and network processing device |
| CN102932316A (en) * | 2011-08-08 | 2013-02-13 | 上海粱江通信技术有限公司 | Signaling firewall system and implementation method |
| CN103841023B (en) * | 2012-11-22 | 2017-03-08 | 华为技术有限公司 | The method and apparatus of data forwarding |
| CN103841023A (en) * | 2012-11-22 | 2014-06-04 | 华为技术有限公司 | Data forwarding method and device |
| CN104023001A (en) * | 2013-12-25 | 2014-09-03 | 上海寰创通信科技股份有限公司 | Method for AC equipment to forward unauthorized message information |
| CN104023001B (en) * | 2013-12-25 | 2017-04-26 | 上海寰创通信科技股份有限公司 | Method for AC equipment to forward unauthorized message information |
| CN103885435A (en) * | 2014-04-11 | 2014-06-25 | 北京国电龙源环保工程有限公司 | Organic amine method desulfuration acid-manufacturing technology distributed control system |
| CN105827427A (en) * | 2015-01-08 | 2016-08-03 | 联想(北京)有限公司 | Information processing method and electronic devices |
| CN105827427B (en) * | 2015-01-08 | 2020-06-23 | 联想(北京)有限公司 | Information processing method and electronic equipment |
| CN106559592A (en) * | 2015-09-28 | 2017-04-05 | 日本冲信息株式会社 | Image processing apparatus and set composite |
| CN105306451A (en) * | 2015-09-28 | 2016-02-03 | 青岛海信电器股份有限公司 | Method and device for controlling DLNA (Digital Living Network Alliance) equipment service permission |
| CN106059886A (en) * | 2016-06-27 | 2016-10-26 | 杭州华三通信技术有限公司 | Message forwarding method and device |
| CN106603523A (en) * | 2016-12-09 | 2017-04-26 | 北京东土军悦科技有限公司 | Message forwarding method and network switching device |
| WO2019104857A1 (en) * | 2017-11-29 | 2019-06-06 | 华为技术有限公司 | Message multicast and message broadcast method and device |
| CN109842854A (en) * | 2017-11-29 | 2019-06-04 | 华为技术有限公司 | A kind of message multicast, message broadcasting method and apparatus |
| CN109842854B (en) * | 2017-11-29 | 2021-01-05 | 华为技术有限公司 | Message multicast and message broadcast method and device |
| CN114025182A (en) * | 2021-10-09 | 2022-02-08 | 南京思迈恩传媒科技有限公司 | A video programming and processing system suitable for streaming media network program broadcasting |
| CN114040262A (en) * | 2021-11-04 | 2022-02-11 | 西安数道航空技术有限公司 | Network switch |
| CN115378764A (en) * | 2022-08-19 | 2022-11-22 | 山石网科通信技术股份有限公司 | Communication method, communication apparatus, storage medium, and electronic apparatus |
| CN115378764B (en) * | 2022-08-19 | 2024-04-05 | 山石网科通信技术股份有限公司 | Communication method, device, storage medium and electronic device |
| CN115395661A (en) * | 2022-09-28 | 2022-11-25 | 国家电投集团广西电力有限公司运营服务分公司 | New energy remote centralized control center communication system constructed based on power private network |
| CN116032857A (en) * | 2022-12-16 | 2023-04-28 | 广西电网有限责任公司 | Message analysis method and related device of data acquisition port |
| WO2024140277A1 (en) * | 2022-12-27 | 2024-07-04 | 杭州海康威视数字技术股份有限公司 | Security protection control method and apparatus, and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100588180C (en) | 2010-02-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100588180C (en) | Method and switch for message forwarding | |
| EP2870737B1 (en) | Packet forwarding optimization with virtual machine mobility | |
| JP6080313B2 (en) | System and method for implementing and managing virtual networks | |
| EP2767047B1 (en) | Distributed ipv6 neighbor discovery for large datacenter switching systems | |
| US20080084888A1 (en) | Network Routing to the Socket | |
| EP2845365B1 (en) | Method and devices for protecting neighbour discovery cache against dos attacks | |
| US20120207160A1 (en) | Subnet scoped multicast/broadcast packet distribution mechanism over a routed network | |
| WO2005036831A1 (en) | Frame relay device | |
| US10567274B1 (en) | Method, system, and apparatus for proxying intra-subnet traffic across multiple interfaces within networks | |
| JP2011170591A (en) | Information system, apparatus and method | |
| US10630700B2 (en) | Probe counter state for neighbor discovery | |
| CN104202314B (en) | A kind of method and device for preventing DDOS attack | |
| US8830997B1 (en) | Preventing denial-of-service attacks employing broadcast packets | |
| JP5134141B2 (en) | Unauthorized access blocking control method | |
| CN101562576B (en) | Route distribution method and equipment thereof | |
| EP3448001B1 (en) | Communication security apparatus, control method, and storage medium storing a program | |
| WO2014132954A1 (en) | Communication system, control device, communication method, and program | |
| JP4895793B2 (en) | Network monitoring apparatus and network monitoring method | |
| JP7156310B2 (en) | COMMUNICATION DEVICE, COMMUNICATION SYSTEM, COMMUNICATION CONTROL METHOD, AND PROGRAM | |
| WO2016130126A1 (en) | Monitoring dynamic device configuration protocol offers to determine anomaly | |
| Pawar et al. | Segmented proactive flow rule injection for service chaining using SDN | |
| CN107659446B (en) | WAF migration method and device | |
| Sankaranarayanan et al. | PREDICTIVE AND ADAPTIVE MAC LEARNING AS A SERVICE FOR CLOUD AND WIRELESS ENVIRONMENTS | |
| CN112866031B (en) | Route configuration method, device, equipment and computer readable storage medium | |
| CN106452992A (en) | Remote multi-homing networking method and apparatus |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20100203 Termination date: 20180930 |