[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN116185598A - Address processing method, address processing device, electronic equipment and readable storage medium - Google Patents

Address processing method, address processing device, electronic equipment and readable storage medium Download PDF

Info

Publication number
CN116185598A
CN116185598A CN202111431667.3A CN202111431667A CN116185598A CN 116185598 A CN116185598 A CN 116185598A CN 202111431667 A CN202111431667 A CN 202111431667A CN 116185598 A CN116185598 A CN 116185598A
Authority
CN
China
Prior art keywords
address
learning
migration
queue
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111431667.3A
Other languages
Chinese (zh)
Inventor
胡祖松
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Maipu Communication Technology Co Ltd
Original Assignee
Maipu Communication Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Maipu Communication Technology Co Ltd filed Critical Maipu Communication Technology Co Ltd
Priority to CN202111431667.3A priority Critical patent/CN116185598A/en
Publication of CN116185598A publication Critical patent/CN116185598A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5005Allocation of resources, e.g. of the central processing unit [CPU] to service a request
    • G06F9/5027Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals
    • G06F9/5038Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals considering the execution order of a plurality of tasks, e.g. taking priority or time dependency constraints into consideration
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5005Allocation of resources, e.g. of the central processing unit [CPU] to service a request
    • G06F9/5027Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Maintenance And Management Of Digital Transmission (AREA)

Abstract

The application provides an address processing method, an address processing device, electronic equipment and a readable storage medium, and relates to the technical field of communication. According to the scheme, the address for abnormal transfer learning is automatically identified, and then the address is added into the speed limit learning queue, so that the learning speed of the address for abnormal transfer learning is limited, and the problems that CPU consumption is high and normal operation of equipment is affected when a large number of abnormal addresses are subjected to transfer learning can be avoided.

Description

Address processing method, address processing device, electronic equipment and readable storage medium
Technical Field
The present invention relates to the field of communications technologies, and in particular, to an address processing method, an address processing device, an electronic device, and a readable storage medium.
Background
In the field of data communication, network communication devices are the basis and bridge for data forwarding, and network communication devices forward data through address information such as media access control (Media Access Control, MAC) addresses. The MAC address table records the correspondence between the MAC addresses of other devices learned by the switch and the interfaces, and the virtual local area network (Virtual LocalArea Network, VLAN) to which the interfaces belong, and other information. The MAC address table is obtained by the device through MAC learning, which includes learning of MAC address migration.
The MAC address migration refers to the phenomenon that two ports in one VLAN on the device learn the same MAC address, and the learned MAC address table item covers the original MAC address table item.
In an actual network deployment scene, a traffic model, an MAC address, a network topology and the like are complex, the situations of configuration errors, local network faults, loop occurrence, malicious DOS attack and the like can cause the same traffic to be received from different ports of network equipment, and when two ports continuously have larger traffic, repeated address transfer learning can occur. The MAC learning is to learn through the CPU, and under the scene of large MAC quantity or large flow, the same MAC information is repeatedly reported to the CPU for address transfer learning because of different ports, so that the CPU consumes higher and the normal operation of the network equipment is affected.
Disclosure of Invention
An object of the embodiments of the present application is to provide an address processing method, an address processing device, an electronic device, and a readable storage medium, so as to solve the problem in the prior art that, due to some abnormal situations, a large amount of address transfer learning causes excessive consumption of a CPU and affects normal operation of the device.
In a first aspect, an embodiment of the present application provides an address processing method, where the method includes:
acquiring a target address which needs address transfer learning;
judging whether the target address is an address for abnormal transfer learning or not;
if yes, the target address is added into a speed limit learning queue, wherein the speed limit learning queue is used for limiting the speed of address transfer learning by taking out the address from the speed limit learning queue.
In the implementation process, the address of the abnormal transfer learning is automatically identified, and then the address is added into the speed limit learning queue, so that the learning speed of the address of the abnormal transfer learning is limited, and the problem that the CPU consumption is high and the normal operation of equipment is influenced when a large number of abnormal addresses are transferred and learned can be avoided.
Optionally, the determining whether the target address is an address of abnormal transfer learning includes:
searching whether the target address is marked with a strategy control identifier from an address migration database; the address migration database comprises migration information corresponding to each address for address migration learning, and the policy control identifier is determined according to the migration information corresponding to the address;
if yes, determining the target address as the address of the abnormal transfer learning.
In the implementation process, the policy control identifier is marked for the address of the abnormal transfer learning in advance, so that whether the target address is the address of the abnormal transfer learning can be rapidly judged according to the policy control identifier.
Optionally, the migration information includes frequency and/or time of occurrence of address migration, and before the determining whether the target address is an address for abnormal migration learning, the method further includes:
and if the frequency of the address migration of the target address in the address migration database exceeds the set frequency and/or the time of the address migration of the target address is not in the set time period, the strategy control identifier corresponding to the target address mark is obtained.
In the implementation process, when the equipment is attacked, the transfer learning is frequently generated or the time for the transfer learning is abnormal, so that the address of the abnormal transfer learning can be accurately judged through the transfer frequency and/or the transfer time.
Optionally, after the determining whether the target address is the address of the abnormal transfer learning, the method further includes:
if the target address is not the address of the abnormal transfer learning, the target address is added into a normal learning queue, and the processing priority of the normal learning queue is higher than that of the speed limiting learning queue. Therefore, the address of normal transfer learning can be guaranteed to be fast in transfer learning, and the problem of higher consumption caused by the fact that a CPU processes a large number of addresses of abnormal transfer learning first can be avoided.
Optionally, the method further comprises:
acquiring an address to be deleted which needs to be processed; and adding the address to be deleted into a deleted address queue, wherein the processing priority of the deleted address queue is higher than that of the speed limit learning queue. Therefore, the deleting operation can be preferentially executed, and the problem of higher consumption caused by that a CPU processes a large number of addresses for abnormal transfer learning first can be avoided.
Optionally, after determining that the target address is an address of abnormal transfer learning, the method further includes:
and configuring a corresponding control strategy for the target address, wherein the control strategy comprises at least one of message discarding, alarming, address learning of a closed port and DOWN (DOWN-DOWN) port, and the control strategy is used for indicating that the message or the port corresponding to the target address is processed according to the control strategy. Therefore, the network security can be ensured, and the problem of high CPU consumption caused by frequent transfer learning of the address which occurs again later is avoided.
Optionally, after the target address is added to the speed limit learning queue, the method further includes:
and after the target address is taken out from the speed limit learning queue, deleting the original table entry corresponding to the target address in the table entry address database, and adding a new table entry corresponding to the target address in the table entry address database again. Although the speed-limiting transfer learning is carried out on the target address, the normal transfer learning process is not affected.
In a second aspect, an embodiment of the present application provides an address processing apparatus, including:
the address acquisition module is used for acquiring a target address which needs address transfer learning;
the address judging module is used for judging whether the target address is an address for abnormal transfer learning or not;
and the address processing module is used for adding the target address into a speed limit learning queue if the target address is an address for abnormal transfer learning, wherein the speed limit learning queue is used for limiting the speed of address transfer learning by taking out the address from the speed limit learning queue.
Optionally, the address judging module is specifically configured to search whether the target address is marked with a policy control identifier from an address migration database; the address migration database comprises migration information corresponding to each address for address migration learning, and the policy control identifier is determined according to the migration information corresponding to the address; if yes, determining the target address as the address of the abnormal transfer learning.
Optionally, the migration information includes a frequency and/or time at which address migration occurs, and the apparatus further includes:
and the marking module is used for marking the corresponding strategy control identifier for the target address if the frequency of the address migration of the target address in the address migration database exceeds the set frequency and/or the time of the address migration of the target address is not in the set time period.
Optionally, the address processing module is further configured to add the target address to a normal learning queue if the target address is not determined to be an address for abnormal transfer learning, where a processing priority of the normal learning queue is higher than a processing priority of the speed limit learning queue.
Optionally, the address processing module is further configured to obtain an address to be deleted that needs to be processed; and adding the address to be deleted into a deleted address queue, wherein the processing priority of the deleted address queue is higher than that of the speed limit learning queue.
Optionally, the apparatus further comprises:
the policy configuration module is configured to configure a corresponding control policy for the target address after the target address is determined to be an address for abnormal transfer learning, where the control policy includes at least one of packet discarding, alarming, address learning of a closed port, and DOWN port, and the control policy is used to instruct processing of a packet or a port corresponding to the target address according to the control policy.
Optionally, the apparatus further comprises:
and the transfer learning module is used for deleting the original table entry corresponding to the target address in the table entry address database after the target address is taken out from the speed limit learning queue, and re-adding a new table entry corresponding to the target address in the table entry address database.
In a third aspect, embodiments of the present application provide an electronic device comprising a processor and a memory storing computer readable instructions that, when executed by the processor, perform the steps of the method as provided in the first aspect above.
In a fourth aspect, embodiments of the present application provide a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of the method as provided in the first aspect above.
Additional features and advantages of the application will be set forth in the description which follows, and in part will be apparent from the description, or may be learned by practice of the embodiments of the application. The objectives and other advantages of the application will be realized and attained by the structure particularly pointed out in the written description and claims thereof as well as the appended drawings.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and should not be considered as limiting the scope, and other related drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flowchart of an address processing method according to an embodiment of the present application;
fig. 2 is a block diagram of an address processing apparatus according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of an electronic device for performing an address processing method according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application.
It should be noted that the terms "system" and "network" in embodiments of the present invention may be used interchangeably. "plurality" means two or more, and "plurality" may also be understood as "at least two" in this embodiment of the present invention. "and/or", describes an association relationship of an association object, and indicates that there may be three relationships, for example, a and/or B, and may indicate: a exists alone, A and B exist together, and B exists alone. The character "/", unless otherwise specified, generally indicates that the associated object is an "or" relationship.
The embodiment of the application provides an address processing method, which comprises the steps of firstly judging whether a target address is an address for abnormal transfer learning after the target address required to be subjected to the address transfer learning is obtained, if yes, adding the target address into a speed limit learning queue, wherein the speed limit learning queue is used for limiting the speed of taking out the address from the speed limit queue for address transfer learning, automatically identifying the address for the abnormal transfer learning, and limiting the learning speed of the address for the abnormal transfer learning, so that the problems that CPU consumption is higher and the normal operation of equipment is influenced when a large number of abnormal addresses are subjected to the transfer learning can be avoided.
Referring to fig. 1, fig. 1 is a flowchart of an address processing method according to an embodiment of the present application, where the method includes the following steps:
step S110: and acquiring a target address required to be subjected to address transfer learning.
For example, the address may include a MAC address+vlan+port (PORT), and after learning a new address, the switch chip in the switch will send address information to the CPU, create a MAC address table by the CPU, and after creating the MAC address table, the CPU will send the MAC address table to the switch chip. For example, after receiving a message from a certain port, the switch chip acquires information such as a source MAC address, a VLAN, a port, etc. in the message, and reports MAC summary information to the CPU, or directly sends the message to the CPU, the CPU parses the information from the message, generates a formal MAC address table entry, adds the formal MAC address table entry into an address table entry database (e.g., a MAC address table entry database), and writes the MAC address table entry into the switch chip. The CPU will synchronize the MAC address entries to other boards so that other boards will learn the MAC address entries as well.
The learning of the MAC address comprises two conditions, namely active learning, wherein the active learning is to acquire the MAC address and VLAN from the exchange chip after the exchange chip receives a message, then match the MAC address and VLAN with an MAC address table item in the exchange chip, and if the matched MAC address table item does not exist, the address information is sent to the CPU for active learning. The other is transfer learning, which means that the MAC address+vlan acquired by the switch chip from the received message has a matching MAC address table entry, but the ports are not matched.
For example, the switch chip obtains a message including mac1+vlan1 from PORT2, at this time, sends information including mac1+vlan1+port2 to the CPU, and the CPU searches the address table entry database, if it finds that an entry of mac1+vlan1 exists, but if the PORT is PORT1, it determines that the address is migrated, and address migration learning is required, and determines that the address mac1+vlan1+port2 at this time is an address required for address migration learning. If the CPU looks up the address table entry database, it does not find the table entry containing the mac1+vlans 1, indicating that the address at this time is an actively learned address.
Therefore, the CPU may determine whether the address is an address that needs address transfer learning by looking up the address table entry database according to the address information sent by the switch chip, and for convenience of description, the address that needs address transfer learning is referred to as a target address in the embodiment of the present application.
Step S120: and judging whether the target address is an address for abnormal transfer learning.
The occurrence of address transfer learning may be caused by network failure, malicious attack, etc., in these cases, a large number of target addresses that need to be subjected to address transfer learning may occur, and if the CPU performs address transfer learning on these addresses according to the normal transfer learning flow, the CPU consumption may be high, which affects the normal operation of the system. Therefore, in order to avoid these problems, the CPU needs to determine whether or not the target address is an address for abnormal transfer learning after determining the target address for which address transfer learning is required.
For example, if the target address is an address where transfer learning is frequently performed, the target address may be considered to be an address of abnormal transfer learning.
Step S130: and adding the target address into a speed limit learning queue.
After determining that the target address is an address for abnormal transfer learning, adding the target address into a speed limit learning queue, wherein the speed limit learning queue is used for limiting the speed of address transfer learning by taking out the address from the speed limit learning queue.
For example, the speed of processing normal address transfer learning by the CPU is 1 per second, that is, the CPU performs transfer learning on the address to be subjected to address transfer learning at a speed of 1 per second, and for the address in the speed limit learning queue, the processing speed of the CPU may be configured to be 1 per minute, that is, the CPU takes out one address from the speed limit learning queue for transfer learning every minute, so that a large number of addresses for abnormal transfer learning can be speed-limited, without causing the problem that the CPU consumes too much because of fast processing of a large number of addresses for abnormal transfer learning.
When the CPU performs address migration learning, the address migration message needs to be sent to an address migration background thread, and the address migration background thread processes the address migration message, if an address is currently fetched from a speed limit learning queue and is MAC1+VLAN1+PORT2, and if MAC1+VLAN1+PORT1 already exists in an address table item database, the CPU can generate the address migration message: and then sending the address migration message to an address migration background thread, wherein the address migration background thread obtains the address migration message, and the address migration background thread can count migration times, time periods, frequencies and other information of the MAC1+VLAN1 in different PORTs. And then, completing a normal migration flow, namely deleting the old table item MAC1+VLAN1+PORT1 from the address table item database, adding the new table item MAC1+VLAN1+PORT2 into the address table item database, and synchronizing the new table item to other board cards by the CPU so as to complete the migration learning of the address.
That is, if the target address is taken out from the speed-limiting learning queue, the original entry corresponding to the target address in the entry address database can be deleted, and a new entry corresponding to the target address is added in the entry address database again, that is, although the speed-limiting learning queue limits the speed of the transfer learning of the address, the CPU still needs to perform the transfer learning of the address in the speed-limiting learning queue, and the address transfer flow is completed, so as to avoid the condition of disordered forwarding of the message.
In the implementation process, the addresses of the abnormal transfer learning are automatically identified, and then the addresses are added into the speed limit learning queue to limit the learning speed of the addresses of the abnormal transfer learning, so that the problems that CPU consumption is high and normal operation of equipment is affected when a large number of abnormal addresses are transferred and learned can be avoided.
On the basis of the above-described embodiment, whether or not the target address is the address of the abnormal transfer learning may be determined by: and searching whether the target address is marked with a strategy control identifier from an address migration database, wherein the address migration database comprises migration information corresponding to each address for address migration learning, the strategy control identifier is determined according to the migration information corresponding to the address, and if yes, the target address is determined to be the address for abnormal migration learning.
The policy control identifier is an address for identifying abnormal transfer learning, for a target address needing to be subjected to address transfer learning, the target address can be stored in an address transfer database, the address transfer background thread can count transfer information corresponding to the address of each transfer learning, then the transfer information is stored in the address transfer database, the address transfer background thread can judge whether the address is the address of the abnormal transfer learning according to the transfer information of each address, if so, the policy control identifier can be marked for the address in the address transfer database, and if the address needing to be subjected to the transfer learning is obtained, then whether the address has the corresponding policy control identifier can be directly searched from the address transfer database, if so, the address is the address of the abnormal transfer learning, if not, the address is the address of the normal transfer learning, for the address of the normal transfer learning, the address transfer background thread can process according to the normal transfer learning flow, for the address of the abnormal transfer learning, the address can be added into a speed limit learning queue, and then the address is taken out from the speed limit learning queue for the normal transfer learning flow.
In the implementation process, the policy control identifier is marked for the address of the abnormal transfer learning in advance, so that whether the target address is the address of the abnormal transfer learning can be rapidly judged according to the policy control identifier.
Based on the above embodiment, the migration information may include the frequency and/or time of occurrence of address migration, and when the policy control identifier is an address tag policy control identifier for abnormal migration learning, if the frequency of occurrence of address migration of the target address in the address migration database exceeds a set frequency, and/or the world of occurrence of address migration of the target address is not within a set period of time, the policy control identifier corresponding to the target address tag.
For example, for a certain address mac1+vla1+port 1 for performing migration learning, the address mac1+vla1+port 1 is added to the address migration database, and then a period of address migration learning is performed, so that the address migration background thread can count the frequency and/or time of the occurrence of the migration of the address. Because of address migration learning caused by different PORTs, when migration information statistics is performed, statistics can be performed on the address information such as mac1+vlan1, for example, the number of times of migration of the address information such as the number of times of migration of the address information from PORT1 to PORT2, the number of times of migration from PORT2 to PORT1, and the time of each occurrence of migration can be performed, and then the frequency of occurrence of migration can be obtained according to the number of times and recorded in an address migration database.
After a period of time, the address migration background thread may count migration information of each address in the address migration database, for example, if the frequency of occurrence of address migration of the mac1+vlan1 is counted to exceed a set frequency or the time of occurrence of address migration is not within a set period of time, a policy control identifier may be marked for the mac1+vlan1, or if the frequency of occurrence of address migration of the mac1+vlan1 is counted to exceed the set frequency and the time of occurrence of address migration is not within the set period of time, a policy control identifier may be marked for the mac1+vlan 1.
Of course, the policy control identifier may be updated in real time, for example, the address migration background thread may continuously detect the migration times of the address in each unit time to obtain the migration frequency, if the migration frequency does not exceed the set frequency, the policy control identifier marked by the address is cleared, and if the migration frequency does not exceed the set frequency, the policy control identifier is marked continuously.
If the target address MAC1+VLAN1+PORT2 is currently received and needs to be subjected to address transfer learning, whether the MAC1+VLAN1 is marked with a strategy control mark or not can be searched from an address database, and if so, the target address is considered to be an address for abnormal transfer learning.
It should be noted that the migration information may include not only the migration frequency and/or the migration time, but also other information, such as the migration times, the migration time points, and the like, and may comprehensively determine the address of the abnormal migration learning based on these information.
In the implementation process, when the equipment is attacked, the transfer learning is frequently generated or the time for the transfer learning is abnormal, so that the address of the abnormal transfer learning can be accurately judged through the transfer frequency and/or the transfer time.
In other embodiments, when determining whether the target address is an address for abnormal transfer learning, history transfer information corresponding to the target address may be further obtained, where the history transfer information is stored in the address transfer database, and then whether the target address is an address for abnormal transfer learning is determined according to the history transfer information.
The history migration information may include information such as frequency and/or time of occurrence of address migration, and the information may be counted in an address migration database, so that a background thread of address migration may directly read history migration information corresponding to a target address from the address migration database, and if the frequency of occurrence of address migration of the target address exceeds a set frequency and/or the time of occurrence of address migration of the target address is not within a set time period, determine that the target address is an address for abnormal migration learning.
In this case, the policy control identifier does not need to be marked in advance for each address, and the act of marking can be omitted.
On the basis of the above embodiment, if it is determined that the target address is not the address of the abnormal transfer learning, it indicates that the target address is the address of the normal transfer learning, and the target address may be added to the normal learning queue, where the processing priority of the normal learning queue is higher than that of the speed limit learning queue.
For example, two queues, one is a normal learning queue and one is a speed limit learning queue, are created in advance in the CPU, and processing priorities are configured for the two queues, that is, the processing priority of the normal learning queue is higher than that of the speed limit learning queue. When the address migration background thread carries out migration learning, the address is read from the normal learning queue preferentially, and the address is read from the speed limit learning queue only when the address is not in the normal learning queue for migration learning, so that the address migration background thread can carry out migration learning preferentially on the address of normal migration learning, and carries out speed limit migration learning on the address of abnormal migration learning, thereby preferentially ensuring that the address of normal migration learning can carry out migration learning rapidly, and avoiding the problem of higher consumption caused by processing a large number of addresses of abnormal migration learning by a CPU.
Based on the above embodiment, for the learned address, there is an aging action, for example, if a message of the same source MAC address is not received within an aging time (e.g., 300 seconds by default), the corresponding address table entry is aged, the switch chip sends an address delete message to the CPU, which includes the address to be deleted, and after receiving the address delete message, the CPU searches for the corresponding table entry in the address table entry database, and then performs the delete operation. And the CPU can synchronize the deleting operation to other boards, and other boards synchronously delete the address table entry.
Of course, for events such as port DOWN, manual deletion of an address entry, etc., the switch chip will also send an address delete message to the CPU, which should be prioritized for operation of deleting an address entry to free up memory resources as soon as possible. Therefore, after the CPU obtains the address to be deleted which needs to be processed, the address to be deleted can be added into a deleted address queue, and the processing priority of the deleted address queue is higher than that of the speed limit learning queue.
For example, for the to-be-deleted address mac2+vlan2+port1, after determining that the address needs to be deleted, the switch chip sends the address to the CPU, the CPU adds the to-be-deleted address to the deletion address queue, the CPU preferentially extracts the address from the to-be-deleted address queue, then searches the address table entry database, and deletes the corresponding MAC address entry in the address table entry database. When the addresses which are not needed to be deleted in the address queue are deleted, the addresses are read from the speed limit learning queue to carry out transfer learning, so that the deleting operation can be preferentially executed, and the problem of higher consumption caused by that a CPU processes a large number of addresses which are subjected to abnormal transfer learning first can be avoided.
Of course, if there are three queues, i.e., the normal learning queue, the deleted address queue, and the speed limit learning queue, the deleting operation may be preferentially executed, i.e., the processing priority of the normal learning queue may be configured to be higher than the processing priority of the deleted address queue, i.e., the normal learning queue > the deleted address queue > the speed limit learning queue. In this case, the CPU sequentially fetches the addresses from the queues according to the processing priorities of the three queues, and if there are addresses in the queues of higher processing priorities, the CPU processes the addresses in the next low processing priority queue after the processing is continued.
And when the addresses in the normal learning queue are processed and the addresses in the address queue are deleted, the normal processing speed of the CPU is processed, the normal speed is 1 per second, and when the addresses in the speed-limiting learning queue are processed, the speed-limiting processing is performed according to the configured learning speed, for example, the speed limit is 1 per minute. The exchange chip is configured with a mechanism, so long as migration information is not processed, if a migration flow is not performed, namely, the MAC1+ VLAN1+ PORT1 is deleted, the MAC1+ VLAN1+ PORT2 is added, even if messages with the same source MAC address are still continuously forwarded in the PORT1 and the PORT2, the exchange chip can not report new migration information, and therefore, the high consumption of a CPU can be restrained only by limiting abnormal migration learning, and the problem that network equipment cannot work normally because address migration learning cannot be used for a heavy duty is avoided.
It can be understood that, after receiving the address to be deleted, the CPU adds the address to be deleted to the deleted address queue; after receiving the address needing to be subjected to transfer learning, if the address is the address of normal transfer learning, adding the address into a normal learning queue, and if the address is the address of abnormal transfer learning, adding the address into a speed limit learning queue. Of course, for the address of active learning in the above embodiment, the active learning address is also added into the normal learning queue, for the active learning address, the CPU newly builds a new MAC address table entry in the address table entry database, and for the address of normal transfer learning and the address of abnormal transfer learning, the transfer process is executed, for example, the CPU deletes the entry corresponding to the original address in the address table entry database, and then newly builds a new entry in the address table entry database. Of course, for the address to be migrated and learned, the address to be migrated and learned is recorded in the address migration database, and the migration information of each address in the address migration database is counted by the address migration background thread, so that the address label policy control identifier for abnormal migration and learned can be marked in the address migration database according to the migration information.
After the processing priorities of the three queues are configured, the CPU processes the addresses in the three queues according to the processing priorities, so that the normal transfer learning address, the active learning address and the deleting address can not be affected.
On the basis of the above embodiment, in order to ensure network security, a corresponding control policy may be configured for an address of the abnormal transfer learning, for example, after determining that the target address is the address of the abnormal transfer learning, a corresponding control policy may be configured for the target address, where the control policy includes at least one of packet discarding, alarming, address learning of closing a port, and DOWN (DOWN) dropping of a port, and the control policy is used to instruct processing of a packet or a port corresponding to the target address according to the control policy.
For example, for the target address of abnormal transfer learning, a Drop action (i.e. message discarding) is dynamically issued, so that after the message of the target address is subsequently received, the discard action can be directly executed on the message, and thus, the transfer message of malicious attack can be directly discarded, and DOS attack is avoided.
Or if the control strategy is an alarm, the alarm information can be output after the message of the target address is received subsequently.
Or if the control strategy is address learning of the closed port, namely address learning of the port in the closed target address, and if the message is subsequently received from the port, the address of the message is not actively learned or migrated.
Or if the control policy is DOWN, that is, DOWN, the port in the target address, then no message is received from the port, and thus no attack message is received from the port.
It can be appreciated that the control policies may also have other control policies, and the corresponding control policies may be configured according to different network scenarios, so as to prevent a malicious attack from threatening the security of the device.
When the number of the addresses for the abnormal transfer learning is large, in order to rapidly perform configuration of the control policies on the addresses, the addresses marked with the policy control identifiers can be obtained from the address transfer database, and then the configuration of the control policies is uniformly performed on the addresses, so that the configuration efficiency can be improved compared with the configuration of one address.
Or, the control strategy configured for the address can be recorded in the address migration database, so that after the message of a certain address is acquired subsequently, whether the control strategy is configured for the address can be searched through the address migration database, and if so, the message is correspondingly processed according to the configured control strategy. Of course, if the control policy is validated for the port, after the control policy is configured, the corresponding port is automatically validated and executed according to the control policy.
Referring to fig. 2, fig. 2 is a block diagram illustrating a structure of an address processing apparatus 200 according to an embodiment of the present application, where the apparatus 200 may be a module, a program segment, or a code on an electronic device. It should be understood that the apparatus 200 corresponds to the above embodiment of the method of fig. 1, and is capable of performing the steps involved in the embodiment of the method of fig. 1, and specific functions of the apparatus 200 may be referred to in the above description, and detailed descriptions thereof are omitted herein as appropriate to avoid redundancy.
Optionally, the apparatus 200 includes:
an address obtaining module 210, configured to obtain a target address that needs address transfer learning;
an address judging module 220, configured to judge whether the target address is an address for abnormal transfer learning;
and the address processing module 230 is configured to add the target address to a speed limit learning queue if the target address is an address for abnormal transfer learning, where the speed limit learning queue is configured to limit a speed of address transfer learning by taking out an address from the speed limit learning queue.
Optionally, the address judging module 220 is configured to search whether the target address is marked with a policy control identifier from an address migration database; the address migration database comprises migration information corresponding to each address for address migration learning, and the policy control identifier is determined according to the migration information corresponding to the address; if yes, determining the target address as the address of the abnormal transfer learning.
Optionally, the migration information includes a frequency and/or time at which address migration occurs, and the apparatus 200 includes:
and the marking module is used for marking the corresponding strategy control identifier for the target address if the frequency of the address migration of the target address in the address migration database exceeds the set frequency and/or the time of the address migration of the target address is not in the set time period.
Optionally, the address processing module 230 is further configured to add the target address to a normal learning queue if it is determined that the target address is not an address for abnormal transfer learning, where a processing priority of the normal learning queue is higher than a processing priority of the speed limit learning queue.
Optionally, the address processing module 230 is further configured to obtain an address to be deleted that needs to be processed; and adding the address to be deleted into a deleted address queue, wherein the processing priority of the deleted address queue is higher than that of the speed limit learning queue.
Optionally, the apparatus 200 further includes:
the policy configuration module is configured to configure a corresponding control policy for the target address after the target address is determined to be an address for abnormal transfer learning, where the control policy includes at least one of packet discarding, alarming, address learning of a closed port, and DOWN port, and the control policy is used to instruct processing of a packet or a port corresponding to the target address according to the control policy.
Optionally, the apparatus 200 further includes:
and the transfer learning module is used for deleting the original table entry corresponding to the target address in the table entry address database after the target address is taken out from the speed limit learning queue, and re-adding a new table entry corresponding to the target address in the table entry address database.
It should be noted that, for convenience and brevity, a person skilled in the art will clearly understand that, for the specific working procedure of the apparatus described above, reference may be made to the corresponding procedure in the foregoing method embodiment, and the description will not be repeated here.
Referring to fig. 3, fig. 3 is a schematic structural diagram of an electronic device for executing an address processing method according to an embodiment of the present application, where the electronic device may include: at least one processor 310, such as a CPU, at least one communication interface 320, at least one memory 330, and at least one communication bus 1340. Wherein the communication bus 340 is used to enable direct connection communication of these components. The communication interface 320 of the device in the embodiment of the present application is used for performing signaling or data communication with other node devices. The memory 330 may be a high-speed RAM memory or a nonvolatile memory (non-volatile memory), such as at least one disk memory. Memory 330 may also optionally be at least one storage device located remotely from the aforementioned processor. The memory 330 has stored therein computer readable instructions which, when executed by the processor 310, perform the method process described above in fig. 1.
It will be appreciated that the configuration shown in fig. 3 is merely illustrative, and that the electronic device may also include more or fewer components than shown in fig. 3, or have a different configuration than shown in fig. 3. The components shown in fig. 3 may be implemented in hardware, software, or a combination thereof.
Embodiments of the present application provide a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs a method process performed by an electronic device in the method embodiment shown in fig. 1.
The present embodiment discloses a computer program product comprising a computer program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions which, when executed by a computer, are capable of performing the methods provided by the above-described method embodiments, for example, comprising: acquiring a target address which needs address transfer learning; judging whether the target address is an address for abnormal transfer learning or not; if yes, the target address is added into a speed limit learning queue, wherein the speed limit learning queue is used for limiting the speed of address transfer learning by taking out the address from the speed limit learning queue.
In summary, the embodiments of the present application provide an address processing method, an apparatus, an electronic device, and a readable storage medium, where the address is automatically identified for abnormal transfer learning, and then the address is added to a speed limit learning queue, so as to limit the learning speed of the address for abnormal transfer learning, so that the problem that CPU consumption is high and normal operation of the device is affected when a large number of abnormal addresses perform transfer learning can be avoided.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners. The above-described apparatus embodiments are merely illustrative, for example, the division of the units is merely a logical function division, and there may be other manners of division in actual implementation, and for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some communication interface, device or unit indirect coupling or communication connection, which may be in electrical, mechanical or other form.
Further, the units described as separate units may or may not be physically separate, and units displayed as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
Furthermore, functional modules in various embodiments of the present application may be integrated together to form a single portion, or each module may exist alone, or two or more modules may be integrated to form a single portion.
In this document, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions.
The foregoing is merely exemplary embodiments of the present application and is not intended to limit the scope of the present application, and various modifications and variations may be suggested to one skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principles of the present application should be included in the protection scope of the present application.

Claims (10)

1. An address processing method, the method comprising:
acquiring a target address which needs address transfer learning;
judging whether the target address is an address for abnormal transfer learning or not;
if yes, the target address is added into a speed limit learning queue, wherein the speed limit learning queue is used for limiting the speed of address transfer learning by taking out the address from the speed limit learning queue.
2. The method of claim 1, wherein the determining whether the target address is an address for exception-shift learning comprises:
searching whether the target address is marked with a strategy control identifier from an address migration database; the address migration database comprises migration information corresponding to each address for address migration learning, and the policy control identifier is determined according to the migration information corresponding to the address;
if yes, determining the target address as the address of the abnormal transfer learning.
3. The method according to claim 2, wherein the migration information includes a frequency and/or time at which address migration occurs, and before the determining whether the target address is an address for abnormal migration learning, the method further includes:
and if the frequency of the address migration of the target address in the address migration database exceeds the set frequency and/or the time of the address migration of the target address is not in the set time period, the strategy control identifier corresponding to the target address mark is obtained.
4. The method of claim 1, wherein after determining whether the target address is an address for exception-shift learning, further comprising:
if the target address is not the address of the abnormal transfer learning, adding the target address into a normal learning queue, wherein the processing priority of the normal learning queue is higher than that of the speed limiting learning queue;
and/or
If the target address is judged to be the address of abnormal transfer learning, configuring a corresponding control strategy for the target address, wherein the control strategy comprises at least one of message discarding, alarming, address learning of a closed port and DOWN (DOWN) port, and the control strategy is used for indicating that the message or the port corresponding to the target address is processed according to the control strategy;
and/or
The method further comprises the steps of:
acquiring an address to be deleted which needs to be processed; and adding the address to be deleted into a deleted address queue, wherein the processing priority of the deleted address queue is higher than that of the speed limit learning queue.
5. The method of any of claims 1-4, further comprising, after adding the destination address to a speed limit learning queue:
and after the target address is taken out from the speed limit learning queue, deleting the original table entry corresponding to the target address in the table entry address database, and adding a new table entry corresponding to the target address in the table entry address database again.
6. An address processing apparatus, the apparatus comprising:
the address acquisition module is used for acquiring a target address which needs address transfer learning;
the address judging module is used for judging whether the target address is an address for abnormal transfer learning or not;
and the address processing module is used for adding the target address into a speed limit learning queue if the target address is an address for abnormal transfer learning, wherein the speed limit learning queue is used for limiting the speed of address transfer learning by taking out the address from the speed limit learning queue.
7. The apparatus of claim 6, wherein the address determination module is specifically configured to find out from an address migration database whether the target address is marked with a policy control identifier; the address migration database comprises migration information corresponding to each address for address migration learning, and the policy control identifier is determined according to the migration information corresponding to the address; if yes, determining the target address as the address of the abnormal transfer learning.
8. The apparatus of claim 7, wherein the migration information includes a frequency and/or time at which address migration occurs, the apparatus further comprising:
and the marking module is used for marking the corresponding strategy control identifier for the target address if the frequency of the address migration of the target address in the address migration database exceeds the set frequency and/or the time of the address migration of the target address is not in the set time period.
9. An electronic device comprising a processor and a memory storing computer readable instructions that, when executed by the processor, perform the method of any of claims 1-4.
10. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, performs the method according to any of claims 1-4.
CN202111431667.3A 2021-11-29 2021-11-29 Address processing method, address processing device, electronic equipment and readable storage medium Pending CN116185598A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111431667.3A CN116185598A (en) 2021-11-29 2021-11-29 Address processing method, address processing device, electronic equipment and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111431667.3A CN116185598A (en) 2021-11-29 2021-11-29 Address processing method, address processing device, electronic equipment and readable storage medium

Publications (1)

Publication Number Publication Date
CN116185598A true CN116185598A (en) 2023-05-30

Family

ID=86449450

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111431667.3A Pending CN116185598A (en) 2021-11-29 2021-11-29 Address processing method, address processing device, electronic equipment and readable storage medium

Country Status (1)

Country Link
CN (1) CN116185598A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116955855A (en) * 2023-09-14 2023-10-27 南京擎天科技有限公司 Low-cost cross-region address resolution model construction method and system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116955855A (en) * 2023-09-14 2023-10-27 南京擎天科技有限公司 Low-cost cross-region address resolution model construction method and system
CN116955855B (en) * 2023-09-14 2023-11-24 南京擎天科技有限公司 Low-cost cross-region address resolution model construction method and system

Similar Documents

Publication Publication Date Title
US20230135261A1 (en) Segment Routing Network Signaling and Packet Processing
JP2021087222A (en) Fault root cause determining method and apparatus, and computer storage medium
WO2022083540A1 (en) Method, apparatus, and system for determining fault recovery plan, and computer storage medium
US12015519B2 (en) Data processing method and apparatus, and computer storage medium
CN113992428B (en) Intrusion prevention method and device in container environment, electronic equipment and storage medium
CN109495567B (en) Static routing deployment method, device and system
US9491043B2 (en) Communication path switching device, communication path switching method and communication path switching program
CN110912826B (en) Method and device for expanding IPFIX table items by using ACL
WO2016101870A1 (en) Network attack analysis method and device
CN105357114A (en) Distributed network equipment
US20160299958A1 (en) Method and apparatus for visual logging in networking systems
CN109960634A (en) A kind of method for monitoring application program, apparatus and system
CN112291116A (en) Link fault detection method and device and network equipment
CN109240796A (en) Virtual machine information acquisition methods and device
US12088622B2 (en) Method and apparatus for defending against cyber attacks, receiving device and computer storage medium
CN102143011B (en) Device and method for realizing network protection
CN116185598A (en) Address processing method, address processing device, electronic equipment and readable storage medium
CN112491722B (en) Address table maintenance method, device and equipment
CN109150602A (en) A kind of method, apparatus, computer storage medium and the terminal of adaptation storage equipment
CN113055203B (en) Method and device for recovering exception of SDN control plane
CN110855566B (en) Method and device for dragging upstream flow
US10887282B1 (en) Determining synchronization of filter rules (e.g., on iptable filter tables on Linux kernal) across firewall filter application restarts
CN115118615B (en) Network monitoring data processing method and device
CN113556345B (en) Message processing method, device, equipment and medium
CN112866208B (en) Table item configuration method, message processing method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination