[go: up one dir, main page]

CN105656791A - TLV (Type Length Value) sending method and system - Google Patents

TLV (Type Length Value) sending method and system Download PDF

Info

Publication number
CN105656791A
CN105656791A CN201610059972.7A CN201610059972A CN105656791A CN 105656791 A CN105656791 A CN 105656791A CN 201610059972 A CN201610059972 A CN 201610059972A CN 105656791 A CN105656791 A CN 105656791A
Authority
CN
China
Prior art keywords
tlv
connected device
lldp message
directly connected
type
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610059972.7A
Other languages
Chinese (zh)
Inventor
冯相东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Inspur Beijing Electronic Information Industry Co Ltd
Original Assignee
Inspur Beijing Electronic Information Industry Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Inspur Beijing Electronic Information Industry Co Ltd filed Critical Inspur Beijing Electronic Information Industry Co Ltd
Priority to CN201610059972.7A priority Critical patent/CN105656791A/en
Publication of CN105656791A publication Critical patent/CN105656791A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/02Topology update or discovery
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Small-Scale Networks (AREA)

Abstract

本发明公开了一种TLV发送方法,包括:接收直连设备发送的LLDP报文,并根据所述LLDP报文对所述直连设备的安全性进行验证;若验证通过,则根据所述LLDP报文确定所述直连设备的类型;根据所述直连设备的类型与设备TLV的对应关系,确定发送TLV;将所述发送TLV封装为对应的LLDP报文发送到所述直连设备;该方法能够根据直连设备的安全性发送相应的TLV,既大幅度减少设备信息泄漏的可能性又节约链路成本,确保发送的设备消息更合理;本发明还公开了一种TLV发送系统。

The invention discloses a TLV sending method, comprising: receiving an LLDP message sent by a directly connected device, and verifying the security of the directly connected device according to the LLDP message; if the verification is passed, then according to the LLDP The message determines the type of the directly connected device; according to the corresponding relationship between the type of the directly connected device and the device TLV, determine the sending TLV; encapsulate the sending TLV into a corresponding LLDP message and send it to the directly connected device; The method can send the corresponding TLV according to the security of the directly connected device, greatly reduces the possibility of device information leakage and saves the link cost, and ensures that the sent device message is more reasonable; the invention also discloses a TLV sending system.

Description

一种TLV发送方法及系统A TLV transmission method and system

技术领域technical field

本发明涉及电子信息技术领域,特别涉及一种TLV发送方法及系统。The invention relates to the technical field of electronic information, in particular to a TLV sending method and system.

背景技术Background technique

LLDP(LinkLayerDiscoveryProtocol,链路层发现协议)是基于TLV(TypeLengthValue,类型长度值)的协议,它将本端设备的信息组织成不同的TLV,并封装在LLDPDU中发布给与自己直连的邻居,邻居收到这些信息后将其以标准MIB的形式保存起来,以供网络管理系统查询及判断链路的通信状况。LLDP (LinkLayerDiscoveryProtocol, Link Layer Discovery Protocol) is a protocol based on TLV (TypeLengthValue, Type Length Value), which organizes the information of the local device into different TLVs, and encapsulates them in LLDPDUs to publish to neighbors directly connected to itself. Neighbors receive the information and save it in the form of standard MIB for the network management system to query and judge the communication status of the link.

随着数据中心技术的发展,LLDP的使用日益频繁,TLV的数量也日益增加。LLDP的初始定义规定,单个LLDP实例可以发送的最大信息是1522字节。然而,目前随着TLV数量的增加,很难将所有的TLV信息压缩在1522字节中,那么如果LLDP携带太多的TLV,大部分TLV信息就会丢失。而TLV携带着重要信息,若丢失的信息被非法组织获取,将是非常危险的。因此,如何安全高效的进行TLV发送,是本领域技术人员需要解决的技术问题。With the development of data center technology, LLDP is used more and more frequently, and the number of TLVs is also increasing. The original definition of LLDP stated that the maximum message that a single LLDP instance can send is 1522 bytes. However, at present, with the increase of the number of TLVs, it is difficult to compress all TLV information into 1522 bytes, so if LLDP carries too many TLVs, most of the TLV information will be lost. The TLV carries important information, and if the lost information is obtained by illegal organizations, it will be very dangerous. Therefore, how to transmit the TLV safely and efficiently is a technical problem to be solved by those skilled in the art.

发明内容Contents of the invention

本发明的目的是提供一种TLV发送方法及系统,能够根据直连设备的安全性发送相应的TLV,既大幅度减少设备信息泄漏的可能性又节约链路成本,确保发送的设备消息更合理。The purpose of the present invention is to provide a TLV sending method and system, which can send corresponding TLVs according to the security of directly connected devices, which not only greatly reduces the possibility of device information leakage, but also saves link costs, and ensures that the sent device messages are more reasonable .

为解决上述技术问题,本发明提供一种TLV发送方法,包括:In order to solve the above technical problems, the present invention provides a TLV sending method, including:

接收直连设备发送的LLDP报文,并根据所述LLDP报文对所述直连设备的安全性进行验证;receiving the LLDP message sent by the directly connected device, and verifying the security of the directly connected device according to the LLDP message;

若验证通过,则根据所述LLDP报文确定所述直连设备的类型;If the verification is passed, then determine the type of the directly connected device according to the LLDP message;

根据所述直连设备的类型与设备TLV的对应关系,确定发送TLV;Determine the sending TLV according to the correspondence between the type of the directly connected device and the device TLV;

将所述发送TLV封装为对应的LLDP报文发送到所述直连设备。Encapsulating the sending TLV into a corresponding LLDP packet and sending it to the directly connected device.

其中,根据所述LLDP报文对所述直连设备的安全性进行验证,包括:Wherein, verifying the security of the directly connected device according to the LLDP message includes:

利用认证密钥和/或系统安全性描述对所述LLDP报文进行匹配验证,并根据匹配验证结果判断所述直连设备的安全性。Perform matching verification on the LLDP packet by using the authentication key and/or system security description, and judge the security of the directly connected device according to the matching verification result.

其中,根据所述LLDP报文对所述直连设备的安全性进行验证之后,还包括:Wherein, after verifying the security of the directly connected device according to the LLDP message, it also includes:

若验证未通过,则将设备基本信息对应的TLV封装为LLDP报文发送到所述直连设备。If the verification fails, the TLV corresponding to the basic information of the device is encapsulated into an LLDP packet and sent to the directly connected device.

其中,根据所述LLDP报文确定所述直连设备的类型,包括:Wherein, determining the type of the directly connected device according to the LLDP message includes:

判断所述LLDP报文中是否包含系统功能对应的TLV;Judging whether the LLDP message includes a TLV corresponding to the system function;

若包含,则根据系统功能对应的TLV确定所述直连设备的类型。If included, the type of the directly connected device is determined according to the TLV corresponding to the system function.

其中,判断根据所述LLDP报文中是否包含系统功能对应的TLV之后,还包括:Wherein, after judging whether the TLV corresponding to the system function is included in the LLDP message, it also includes:

若未包含,则将设备所有的TLV封装为LLDP报文发送到所述直连设备。If not included, all TLVs of the device are encapsulated into LLDP packets and sent to the directly connected device.

本发明提供一种TLV发送系统,包括:The present invention provides a TLV transmission system, including:

验证模块,用于接收直连设备发送的LLDP报文,并根据所述LLDP报文对所述直连设备的安全性进行验证;A verification module, configured to receive the LLDP message sent by the directly connected device, and verify the security of the directly connected device according to the LLDP message;

类型确定模块,用于若验证通过,则根据所述LLDP报文确定所述直连设备的类型;A type determination module, configured to determine the type of the directly connected device according to the LLDP message if the verification is passed;

TLV确定模块,用于根据所述直连设备的类型与设备TLV的对应关系,确定发送TLV;A TLV determination module, configured to determine the sending TLV according to the correspondence between the type of the directly connected device and the device TLV;

第一发送模块,用于将所述发送TLV封装为对应的LLDP报文发送到所述直连设备。The first sending module is configured to encapsulate the sending TLV into a corresponding LLDP packet and send it to the directly connected device.

其中,所述验证模块包括:Wherein, the verification module includes:

接收单元,用于接收直连设备发送的LLDP报文;The receiving unit is used to receive the LLDP message sent by the directly connected device;

验证单元,用于利用认证密钥和/或系统安全性描述对所述LLDP报文进行匹配验证,并根据匹配验证结果判断所述直连设备的安全性。The verification unit is configured to use the authentication key and/or the system security description to perform matching verification on the LLDP message, and judge the security of the directly connected device according to the matching verification result.

其中,还包括:Among them, also include:

第二发送模块,用于若验证未通过,则将设备基本信息对应的TLV封装为LLDP报文发送到所述直连设备。The second sending module is configured to encapsulate the TLV corresponding to the basic device information into an LLDP message and send it to the directly connected device if the verification fails.

其中,类型确定模块包括:Among them, the type determination module includes:

判断单元,用于判断所述LLDP报文中是否包含系统功能对应的TLV;A judging unit, configured to judge whether the LLDP packet contains a TLV corresponding to the system function;

类型确定单元,用于若包含,则根据系统功能对应的TLV确定所述直连设备的类型。The type determining unit is configured to, if included, determine the type of the directly connected device according to the TLV corresponding to the system function.

其中,类型确定模块还包括:Among them, the type determination module also includes:

发送单元,用于若未包含,则将设备所有的TLV封装为LLDP报文发送到所述直连设备。A sending unit, configured to encapsulate all TLVs of the device into LLDP packets and send them to the directly connected device if not included.

本发明所提供的TLV发送方法,包括:接收直连设备发送的LLDP报文,并根据所述LLDP报文对所述直连设备的安全性进行验证;若验证通过,则根据所述LLDP报文确定所述直连设备的类型;根据所述直连设备的类型与设备TLV的对应关系,确定发送TLV;将所述发送TLV封装为对应的LLDP报文发送到所述直连设备;本发明还提供了一种TLV发送系统;The TLV sending method provided by the present invention includes: receiving the LLDP message sent by the directly connected device, and verifying the security of the directly connected device according to the LLDP message; if the verification is passed, then according to the LLDP message Determine the type of the directly connected device; determine the sending TLV according to the corresponding relationship between the type of the directly connected device and the device TLV; encapsulate the sending TLV into a corresponding LLDP message and send it to the directly connected device; The invention also provides a TLV sending system;

该方法根据接收到的LLDP报文对直连设备的安全性进行验证,能够确保设备进行TLV数据发送的安全性即大幅度减少设备信息泄漏的可能性;又根据直连设备的类型发送相应的TLV信息,能够减少LLDP报文携带的TLV信息的数量即节约链路成本又能够防止TLV过多导致的部分TLV丢失;因此,该方法能够根据直连设备的安全性发送相应的TLV,既大幅度减少设备信息泄漏的可能性又节约链路成本,确保发送的设备消息更合理。This method verifies the security of the directly connected device according to the received LLDP message, which can ensure the security of the device to send TLV data, that is, greatly reduce the possibility of device information leakage; TLV information can reduce the number of TLV information carried by LLDP packets, which saves link costs and prevents the loss of some TLVs caused by too many TLVs; It greatly reduces the possibility of device information leakage and saves link costs, ensuring that the sent device messages are more reasonable.

附图说明Description of drawings

为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据提供的附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only It is an embodiment of the present invention, and those skilled in the art can also obtain other drawings according to the provided drawings without creative work.

图1为本发明实施例所提供的TLV发送方法的流程图;FIG. 1 is a flowchart of a TLV sending method provided by an embodiment of the present invention;

图2为本发明实施例所提供的TLV发送系统的结构框图。FIG. 2 is a structural block diagram of a TLV sending system provided by an embodiment of the present invention.

具体实施方式detailed description

本发明的核心是提供一种TLV发送方法及系统,能够根据直连设备的安全性发送相应的TLV,既大幅度减少设备信息泄漏的可能性又节约链路成本,确保发送的设备消息更合理。The core of the present invention is to provide a TLV sending method and system, which can send corresponding TLVs according to the security of directly connected devices, which not only greatly reduces the possibility of device information leakage, but also saves link costs, and ensures that the sent device messages are more reasonable .

为使本发明实施例的目的、技术方案和优点更加清楚,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments It is a part of embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

请参考图1,图1为本发明实施例所提供的TLV发送方法的流程图;该方法可以包括:Please refer to FIG. 1. FIG. 1 is a flowchart of a TLV sending method provided by an embodiment of the present invention; the method may include:

S100、接收直连设备发送的LLDP报文,并根据所述LLDP报文对所述直连设备的安全性进行验证;S100. Receive the LLDP packet sent by the directly connected device, and verify the security of the directly connected device according to the LLDP packet;

其中,该步骤是为了验证与本端设备相连的直连设备的安全性,进而从根本上降低本端设备信息泄漏的可能性。由于LLDP报文中会含有直连设备的机箱IDTLV,端口IDTLV,TTLTLV等基本信息,可以利用这些信息判断直连设备的安全性。Among them, this step is to verify the security of the directly connected device connected to the local device, thereby fundamentally reducing the possibility of information leakage of the local device. Since LLDP packets contain basic information such as the chassis IDTLV, port IDTLV, and TTLTLV of the directly connected device, you can use this information to judge the security of the directly connected device.

可选的,验证方法可以包括:利用认证密钥和/或系统安全性描述对所述LLDP报文进行匹配验证,并根据匹配验证结果判断所述直连设备的安全性。Optionally, the verification method may include: performing matching verification on the LLDP packet by using the authentication key and/or system security description, and judging the security of the directly connected device according to the matching verification result.

其中,使用认证密钥的具体方式可以包括,利用系统MAC地址和key值。根据端口ID和其他有效信息,设备可以计算认证密钥。邻居设备即直连设备通过TLV中相同端口ID或其他信息来比较本地认证密钥。如果是相同的,认为该设备是安全的,然后开始交换LLDPDU。Wherein, the specific way of using the authentication key may include using the system MAC address and key value. According to the port ID and other valid information, the device can calculate the authentication key. The neighbor device, that is, the directly connected device, compares the local authentication key through the same port ID or other information in the TLV. If they are the same, the device is considered safe and starts exchanging LLDPDUs.

使用系统安全性描述来进行验证的计提方式可以包括,根据预先列出一些用于描述设备安全性的关键词。设备收到LLDP报文时,会检查报文中的系统描述字段,如果其中包含这些关键词,就认为邻居设备是安全的。The accrual method for verifying by using the system security description may include pre-listing some keywords used to describe the security of the device. When a device receives an LLDP packet, it checks the system description field in the packet, and if it contains these keywords, it considers the neighboring device to be safe.

S110、若验证通过,则根据所述LLDP报文确定所述直连设备的类型;S110. If the verification is passed, determine the type of the directly connected device according to the LLDP message;

其中,若通过验证,则认为直连设备是安全的,则可以进行设备类型的判断,由于LLDP报文中系统功能TLV通常是16位,用于描述该设备的功能,包含TLV类型,TLV信息串,系统功能和可实现功能等信息。通过系统功能,可以判断邻居设备是路由器还是中继器。具体过程即:Among them, if the verification is passed, it is considered that the directly connected device is safe, and the device type can be judged. Since the system function TLV in the LLDP message is usually 16 bits, it is used to describe the function of the device, including the TLV type and TLV information. Information such as strings, system functions, and achievable functions. Through the system function, you can judge whether the neighbor device is a router or a repeater. The specific process is:

判断所述LLDP报文中是否包含系统功能对应的TLV;Judging whether the LLDP message includes a TLV corresponding to the system function;

若包含,则根据系统功能对应的TLV确定所述直连设备的类型。If included, the type of the directly connected device is determined according to the TLV corresponding to the system function.

可选的,判断根据所述LLDP报文中是否包含系统功能对应的TLV之后,还包括:Optionally, after judging whether the LLDP message contains the TLV corresponding to the system function, it also includes:

若未包含,则将设备所有的TLV封装为LLDP报文发送到所述直连设备。If not included, all TLVs of the device are encapsulated into LLDP packets and sent to the directly connected device.

其中,这里首先可以判定直连设备是安全设备,因此为了使得直连设备获得足够的信息,在不能够获取直连设备类型的情况下,将设备所有的TLV封装为LLDP报文发送到所述直连设备;可以保证无论直连设备的类型是什么,都可以从报文中获取准确有用的TLV信息。从而可以提高发送的TLV信息的可靠性和合理性。Among them, it can be determined that the directly connected device is a security device first, so in order to enable the directly connected device to obtain sufficient information, if the type of the directly connected device cannot be obtained, all TLVs of the device are encapsulated into LLDP packets and sent to the Directly connected devices: It can ensure that accurate and useful TLV information can be obtained from packets regardless of the type of directly connected devices. Therefore, the reliability and rationality of the sent TLV information can be improved.

S120、根据所述直连设备的类型与设备TLV的对应关系,确定发送TLV;S120. Determine the sending TLV according to the correspondence between the type of the directly connected device and the device TLV;

S130、将所述发送TLV封装为对应的LLDP报文发送到所述直连设备。S130. Encapsulate the sending TLV into a corresponding LLDP packet and send it to the directly connected device.

其中,根据直连设备的类型,确定要发送的LLDP报文中TLV的内容;即通过直连设备的类型来提高发送的TLV的准确性和合理性。即减少了LLDP报文携带TLV信息的数量,从而避免现有技术中将所有的TLV信息压缩在1522字节中,LLDP携带太多的TLV,导致出现大部分TLV信息丢失。而TLV携带着重要信息,若丢失的信息被非法组织获取,将是非常危险的。Wherein, according to the type of the directly connected device, the content of the TLV in the LLDP message to be sent is determined; that is, the type of the directly connected device is used to improve the accuracy and rationality of the sent TLV. That is, the amount of TLV information carried in the LLDP message is reduced, thereby avoiding that in the prior art, all TLV information is compressed into 1522 bytes, and LLDP carries too many TLVs, resulting in loss of most TLV information. The TLV carries important information, and if the lost information is obtained by illegal organizations, it will be very dangerous.

其中,现有技术中LLDP协议中TLV发送机制主要是单个LLDP实例允许发送最大信息量一定且存在安全问题的情况下;该方法能够优化TLV发送机制,安全高效地交换设备信息。Among them, the TLV transmission mechanism in the LLDP protocol in the prior art is mainly when a single LLDP instance allows a certain maximum amount of information to be sent and there are security issues; this method can optimize the TLV transmission mechanism and exchange device information safely and efficiently.

上述步骤的过程为当网络设备即本端设备接收到第一个LLDP包时,会检查安全认证类型,以保证直连设备即直连设备的安全性。确定直连设备安全后,为了在仅有的LLDP数据长度下,尽量发送准确有用的信息,这里通过检测直连设备的类型来精检发送的TLV信息,检查直连设备类型,根据设备类型和TLV对应关系,本端设备发送第二个LLDP包。通过这个过程,既可以大幅度减少设备信息泄漏的可能性又节约链路成本,确保发送的设备消息更合理。The process of the above steps is that when the network device, that is, the local device, receives the first LLDP packet, it will check the security authentication type to ensure the security of the directly connected device, that is, the directly connected device. After confirming the security of the directly connected device, in order to send accurate and useful information as much as possible under the only LLDP data length, here the TLV information sent is precisely checked by detecting the type of the directly connected device, and the type of the directly connected device is checked. According to the device type and TLV correspondence, the local device sends the second LLDP packet. Through this process, the possibility of device information leakage can be greatly reduced and link costs can be saved, ensuring that the sent device messages are more reasonable.

基于上述技术方案,本发明实施例提的TLV发送方法,根据接收到的LLDP报文对直连设备的安全性进行验证,能够确保设备进行TLV数据发送的安全性即大幅度减少设备信息泄漏的可能性;又根据直连设备的类型发送相应的TLV信息,能够减少LLDP报文携带的TLV信息的数量即节约链路成本又能够防止TLV过多导致的部分TLV丢失;因此,该方法能够根据直连设备的安全性发送相应的TLV,既大幅度减少设备信息泄漏的可能性又节约链路成本,确保发送的设备消息更合理。Based on the above technical solution, the TLV sending method proposed in the embodiment of the present invention verifies the security of the directly connected device according to the received LLDP message, which can ensure the security of the device sending TLV data, that is, greatly reduce the risk of device information leakage Possibility; according to the type of the directly connected device, the corresponding TLV information can be sent, which can reduce the number of TLV information carried by the LLDP message, save the link cost and prevent the loss of some TLVs caused by too many TLVs; therefore, this method can be based on The security of directly connected devices sends corresponding TLVs, which not only greatly reduces the possibility of device information leakage, but also saves link costs, ensuring that the sent device messages are more reasonable.

基于上述实施例,根据所述LLDP报文对所述直连设备的安全性进行验证之后,还包括:Based on the above embodiment, after verifying the security of the directly connected device according to the LLDP message, it further includes:

若验证未通过,则将设备基本信息对应的TLV封装为LLDP报文发送到所述直连设备。If the verification fails, the TLV corresponding to the basic information of the device is encapsulated into an LLDP packet and sent to the directly connected device.

其中,若验证未通过,可以仅仅将设备基本信息对应的TLV封装为LLDP报文发送到所述直连设备。例如发送包括像机箱IDTLV,端口IDTLV,TTLTLV等基本信息。这些信息仅对直连设备告知本端设备的基本信息,使得直连设备即可以知道本端设备又不会对本端设备的安全造成严重影响。当然在验证未通过时,也可以拒绝向直连设备发送任何信息。Wherein, if the verification fails, only the TLV corresponding to the basic information of the device may be encapsulated into an LLDP packet and sent to the directly connected device. For example, sending includes basic information such as chassis IDTLV, port IDTLV, TTLTLV, etc. This information only informs the directly connected device of the basic information of the local device, so that the directly connected device can know the local device without seriously affecting the security of the local device. Of course, when the verification fails, you can also refuse to send any information to the directly connected device.

基于上述任意实施例,具体的一个实现过程可以是:Based on any of the above embodiments, a specific implementation process may be:

两设备相连且可以交换LLDP数据包。一旦设备A收到邻端设备B发来的LLDP包,设备A将通过认证密钥或系统安全性描述来检查LLDP数据包是否安全。如果判端邻端设备B为非安全包,该设备发送出的TLV仅包括像机箱IDTLV,端口IDTLV,TTLTLV等基本信息。如果判端邻端设备B为安全包,则根据系统功能进一步检查设备类型。The two devices are connected and can exchange LLDP packets. Once device A receives the LLDP packet sent by neighboring device B, device A will check whether the LLDP data packet is safe through the authentication key or system security description. If the neighboring device B at the judging end is a non-secure packet, the TLV sent by the device only includes basic information such as chassis IDTLV, port IDTLV, and TTLTLV. If it is judged that the neighboring device B is a security package, the device type is further checked according to the system function.

由于系统功能TLV不是公开属性,所以当检查设备类型时,应检查数据包是否包含LLDP系统功能TLV。若不包含,设备A向设备B发送所有TLV。若已包含,设备A通过系统功能TLV来判端设备B类型,然后设备A向B的设备类型发送相应的TLV。Since the System Capability TLV is not a public attribute, when checking the device type, it should be checked whether the packet contains the LLDP System Capability TLV. If not included, device A sends all TLVs to device B. If it has been included, device A judges the type of device B through the system function TLV, and then device A sends the corresponding TLV to the device type of B.

基于上述技术方案,本发明实施例提的TLV发送方法,根据接收到的LLDP报文对直连设备的安全性进行验证,能够确保设备进行TLV数据发送的安全性即大幅度减少设备信息泄漏的可能性;又根据直连设备的类型发送相应的TLV信息,能够减少LLDP报文携带的TLV信息的数量即节约链路成本又能够防止TLV过多导致的部分TLV丢失;因此,该方法能够根据直连设备的安全性发送相应的TLV,既大幅度减少设备信息泄漏的可能性又节约链路成本,确保发送的设备消息更合理。且在不知道直连设备的类型的情况下,可以尽可能的给安全的直连设备足够多的TLV信息,以提高TLV信息的可靠性和可用性。Based on the above technical solution, the TLV sending method proposed in the embodiment of the present invention verifies the security of the directly connected device according to the received LLDP message, which can ensure the security of the device sending TLV data, that is, greatly reduce the risk of device information leakage Possibility; according to the type of the directly connected device, the corresponding TLV information can be sent, which can reduce the number of TLV information carried by the LLDP message, save the link cost and prevent the loss of some TLVs caused by too many TLVs; therefore, this method can be based on The security of directly connected devices sends corresponding TLVs, which not only greatly reduces the possibility of device information leakage, but also saves link costs, ensuring that the sent device messages are more reasonable. And in the case of not knowing the type of the directly connected device, enough TLV information can be given to the secure directly connected device as much as possible, so as to improve the reliability and availability of the TLV information.

本发明实施例提供了TLV发送方法,能够根据直连设备的安全性发送相应的TLV,既大幅度减少设备信息泄漏的可能性又节约链路成本。The embodiment of the present invention provides a TLV sending method, which can send a corresponding TLV according to the security of directly connected devices, which not only greatly reduces the possibility of device information leakage, but also saves link costs.

下面对本发明实施例提供的TLV发送系统进行介绍,下文描述的TLV发送系统与上文描述的TLV发送方法可相互对应参照。The TLV sending system provided by the embodiment of the present invention is introduced below, and the TLV sending system described below and the TLV sending method described above can be referred to in correspondence.

请参考图2,图2为本发明实施例所提供的TLV发送系统的结构框图;该系统可以包括:Please refer to FIG. 2, which is a structural block diagram of a TLV sending system provided by an embodiment of the present invention; the system may include:

验证模块100,用于接收直连设备发送的LLDP报文,并根据所述LLDP报文对所述直连设备的安全性进行验证;The verification module 100 is configured to receive the LLDP message sent by the directly connected device, and verify the security of the directly connected device according to the LLDP message;

类型确定模块200,用于若验证通过,则根据所述LLDP报文确定所述直连设备的类型;A type determination module 200, configured to determine the type of the directly connected device according to the LLDP message if the verification is passed;

TLV确定模块300,用于根据所述直连设备的类型与设备TLV的对应关系,确定发送TLV;The TLV determination module 300 is configured to determine the sending TLV according to the correspondence between the type of the directly connected device and the device TLV;

第一发送模块400,用于将所述发送TLV封装为对应的LLDP报文发送到所述直连设备。The first sending module 400 is configured to encapsulate the sending TLV into a corresponding LLDP packet and send it to the directly connected device.

可选的,所述验证模块100包括:Optionally, the verification module 100 includes:

接收单元,用于接收直连设备发送的LLDP报文;The receiving unit is used to receive the LLDP message sent by the directly connected device;

验证单元,用于利用认证密钥和/或系统安全性描述对所述LLDP报文进行匹配验证,并根据匹配验证结果判断所述直连设备的安全性。The verification unit is configured to use the authentication key and/or the system security description to perform matching verification on the LLDP message, and judge the security of the directly connected device according to the matching verification result.

基于上述实施例,该系统还包括:Based on the foregoing embodiments, the system also includes:

第二发送模块,用于若验证未通过,则将设备基本信息对应的TLV封装为LLDP报文发送到所述直连设备。The second sending module is configured to encapsulate the TLV corresponding to the basic device information into an LLDP message and send it to the directly connected device if the verification fails.

可选的,类型确定模块200包括:Optionally, the type determination module 200 includes:

判断单元,用于判断所述LLDP报文中是否包含系统功能对应的TLV;A judging unit, configured to judge whether the LLDP packet contains a TLV corresponding to the system function;

类型确定单元,用于若包含,则根据系统功能对应的TLV确定所述直连设备的类型。The type determining unit is configured to, if included, determine the type of the directly connected device according to the TLV corresponding to the system function.

可选的,类型确定模块200还包括:Optionally, the type determination module 200 also includes:

发送单元,用于若未包含,则将设备所有的TLV封装为LLDP报文发送到所述直连设备。A sending unit, configured to encapsulate all TLVs of the device into LLDP packets and send them to the directly connected device if not included.

说明书中各个实施例采用递进的方式描述,每个实施例重点说明的都是与其他实施例的不同之处,各个实施例之间相同相似部分互相参见即可。对于实施例公开的装置而言,由于其与实施例公开的方法相对应,所以描述的比较简单,相关之处参见方法部分说明即可。Each embodiment in the description is described in a progressive manner, each embodiment focuses on the difference from other embodiments, and the same and similar parts of each embodiment can be referred to each other. As for the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and for the related information, please refer to the description of the method part.

专业人员还可以进一步意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、计算机软件或者二者的结合来实现,为了清楚地说明硬件和软件的可互换性,在上述说明中已经按照功能一般性地描述了各示例的组成及步骤。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本发明的范围。Professionals can further realize that the units and algorithm steps of the examples described in conjunction with the embodiments disclosed herein can be implemented by electronic hardware, computer software or a combination of the two. In order to clearly illustrate the possible For interchangeability, in the above description, the composition and steps of each example have been generally described according to their functions. Whether these functions are executed by hardware or software depends on the specific application and design constraints of the technical solution. Those skilled in the art may use different methods to implement the described functions for each specific application, but such implementation should not be regarded as exceeding the scope of the present invention.

结合本文中所公开的实施例描述的方法或算法的步骤可以直接用硬件、处理器执行的软件模块,或者二者的结合来实施。软件模块可以置于随机存储器(RAM)、内存、只读存储器(ROM)、电可编程ROM、电可擦除可编程ROM、寄存器、硬盘、可移动磁盘、CD-ROM、或技术领域内所公知的任意其它形式的存储介质中。The steps of the methods or algorithms described in connection with the embodiments disclosed herein may be directly implemented by hardware, software modules executed by a processor, or a combination of both. Software modules can be placed in random access memory (RAM), internal memory, read-only memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, removable disk, CD-ROM, or any other Any other known storage medium.

以上对本发明所提供的TLV发送方法及系统进行了详细介绍。本文中应用了具体个例对本发明的原理及实施方式进行了阐述,以上实施例的说明只是用于帮助理解本发明的方法及其核心思想。应当指出,对于本技术领域的普通技术人员来说,在不脱离本发明原理的前提下,还可以对本发明进行若干改进和修饰,这些改进和修饰也落入本发明权利要求的保护范围内。The TLV sending method and system provided by the present invention have been introduced in detail above. In this paper, specific examples are used to illustrate the principle and implementation of the present invention, and the descriptions of the above embodiments are only used to help understand the method and core idea of the present invention. It should be pointed out that for those skilled in the art, without departing from the principle of the present invention, some improvements and modifications can be made to the present invention, and these improvements and modifications also fall within the protection scope of the claims of the present invention.

Claims (10)

1. a TLV sending method, it is characterised in that including:
Receive the LLDP message that direct-connected device sends, and according to described LLDP message, the safety of described direct-connected device is verified;
If being verified, then determine the type of described direct-connected device according to described LLDP message;
The corresponding relation of the type according to described direct-connected device and equipment TLV, it is determined that send TLV;
The LLDP message that described transmission TLV is encapsulated as correspondence is sent to described direct-connected device.
2. TLV sending method as claimed in claim 1, it is characterised in that the safety of described direct-connected device is verified according to described LLDP message, including:
Utilize certification key and/or security of system to describe and described LLDP message is carried out coupling checking, and judge the safety of described direct-connected device according to coupling the result.
3. TLV sending method as claimed in claim 1, it is characterised in that after according to described LLDP message the safety of described direct-connected device being verified, also include:
If checking does not pass through, then TLV corresponding for equipment essential information is encapsulated as LLDP message and is sent to described direct-connected device.
4. the TLV sending method as described in any one of claims 1 to 3, it is characterised in that determine the type of described direct-connected device according to described LLDP message, including:
Judge whether described LLDP message comprises the TLV that systemic-function is corresponding;
If comprising, then determine the type of described direct-connected device according to the TLV that systemic-function is corresponding.
5. TLV sending method as claimed in claim 4, it is characterised in that judge according to, after whether comprising, in described LLDP message, the TLV that systemic-function is corresponding, also including:
If not comprising, then all of for equipment TLV is encapsulated as LLDP message and is sent to described direct-connected device.
6. a TLV sends system, it is characterised in that including:
Authentication module, for receiving the LLDP message that direct-connected device sends, and is verified the safety of described direct-connected device according to described LLDP message;
Determination type module, if for being verified, then determining the type of described direct-connected device according to described LLDP message;
TLV determines module, for the corresponding relation of the type according to described direct-connected device with equipment TLV, it is determined that send TLV;
First sending module, for being sent to described direct-connected device by the LLDP message that described transmission TLV is encapsulated as correspondence.
7. TLV as claimed in claim 6 sends system, it is characterised in that described authentication module includes:
Receive unit, for receiving the LLDP message that direct-connected device sends;
Authentication unit, is used for utilizing certification key and/or security of system to describe and described LLDP message carries out coupling checking, and judge the safety of described direct-connected device according to coupling the result.
8. TLV as claimed in claim 6 sends system, it is characterised in that also include:
Second sending module, if not passing through for checking, is then encapsulated as LLDP message by TLV corresponding for equipment essential information and is sent to described direct-connected device.
9. the TLV as described in any one of claim 6 to 8 sends system, it is characterised in that determination type module includes:
Judging unit, for judging whether comprise, in described LLDP message, the TLV that systemic-function is corresponding;
Type determining units, if for comprising, then determining the type of described direct-connected device according to the TLV that systemic-function is corresponding.
10. TLV as claimed in claim 9 sends system, it is characterised in that determination type module also includes:
Transmitting element, if for not comprising, being then encapsulated as LLDP message by all of for equipment TLV and be sent to described direct-connected device.
CN201610059972.7A 2016-01-28 2016-01-28 TLV (Type Length Value) sending method and system Pending CN105656791A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610059972.7A CN105656791A (en) 2016-01-28 2016-01-28 TLV (Type Length Value) sending method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610059972.7A CN105656791A (en) 2016-01-28 2016-01-28 TLV (Type Length Value) sending method and system

Publications (1)

Publication Number Publication Date
CN105656791A true CN105656791A (en) 2016-06-08

Family

ID=56488769

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610059972.7A Pending CN105656791A (en) 2016-01-28 2016-01-28 TLV (Type Length Value) sending method and system

Country Status (1)

Country Link
CN (1) CN105656791A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019125238A1 (en) * 2017-12-19 2019-06-27 Telefonaktiebolaget Lm Ericsson (Publ) Methods and nodes for handling lldp messages in a communication network

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8279874B1 (en) * 2007-03-30 2012-10-02 Extreme Networks, Inc. Self-configuring network
CN103236941A (en) * 2013-04-03 2013-08-07 华为技术有限公司 Link discovery method and device
CN103441983A (en) * 2013-07-11 2013-12-11 盛科网络(苏州)有限公司 Information protection method and device based on link layer discovery protocol
US20130336165A1 (en) * 2012-06-15 2013-12-19 Shaun Wakumoto Switch identification
CN103825825A (en) * 2014-01-18 2014-05-28 浙江大学 Flexible, extensible and safe inter-domain topology discovery method
CN104580116A (en) * 2013-10-25 2015-04-29 杭州华三通信技术有限公司 Management method and equipment of security policy

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8279874B1 (en) * 2007-03-30 2012-10-02 Extreme Networks, Inc. Self-configuring network
US20130336165A1 (en) * 2012-06-15 2013-12-19 Shaun Wakumoto Switch identification
CN103236941A (en) * 2013-04-03 2013-08-07 华为技术有限公司 Link discovery method and device
CN103441983A (en) * 2013-07-11 2013-12-11 盛科网络(苏州)有限公司 Information protection method and device based on link layer discovery protocol
CN104580116A (en) * 2013-10-25 2015-04-29 杭州华三通信技术有限公司 Management method and equipment of security policy
CN103825825A (en) * 2014-01-18 2014-05-28 浙江大学 Flexible, extensible and safe inter-domain topology discovery method

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019125238A1 (en) * 2017-12-19 2019-06-27 Telefonaktiebolaget Lm Ericsson (Publ) Methods and nodes for handling lldp messages in a communication network
US11552994B2 (en) 2017-12-19 2023-01-10 Telefonaktiebolaget Lm Ericsson (Publ) Methods and nodes for handling LLDP messages in a communication network

Similar Documents

Publication Publication Date Title
CN100581170C (en) A trusted network management method based on ternary peer-to-peer authentication of trusted network connections
CN101345660B (en) A Trusted Network Management Method Based on TCPA/TCG Trusted Network Connection
WO2015085848A1 (en) Security authentication method and bidirectional forwarding detection method
CN114124451A (en) A method, system and computer storage medium for data processing of Internet of Things equipment
CN106878343B (en) It is the system serviced that network security is provided under a kind of cloud computing environment
CN103647772A (en) Method for carrying out trusted access controlling on network data package
CN110290151B (en) Message sending method and device and readable storage medium
CN114827150A (en) Internet of things terminal data uplink adaptation method, system and storage medium
CN114143068A (en) Electric power internet of things gateway equipment container safety protection system and method thereof
CN114844672A (en) Application trusted identity confirmation method, management unit and equipment
US20240267319A1 (en) Remote attestation method, apparatus, device, and system, and readable storage medium
CN107104919A (en) The processing method of firewall box, SCTP SCTP packet
CN105656791A (en) TLV (Type Length Value) sending method and system
CN111224773B (en) Quantum key management equipment
CN114915536B (en) Network system based on SDP assembly and terminal equipment safety protection method
CN117896397A (en) Cross-domain secure connection transmission method
WO2023197529A1 (en) Online monitoring system, method and apparatus for power transmission line, and master station
CN116961961A (en) Network data transmission methods, devices, electronic equipment and readable storage media
CN115150480A (en) Internet of things data transmission method, data transmission device and storage medium
CN107516044A (en) A kind of recognition methods, device and system
CN111756551B (en) Industrial equipment-based authentication method and system
CN104135367B (en) A kind of UPnP access security authentication methods and device
CN118555137B (en) Zero trust protection method based on modified network frame
CN115348112B (en) Method for local area network exchange equipment access authentication and trusted networking
CN106330893A (en) A device information exchange method and system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20160608

WD01 Invention patent application deemed withdrawn after publication