CN111064825A - Method and device for realizing DPI data acquisition and control based on ARP - Google Patents
Method and device for realizing DPI data acquisition and control based on ARP Download PDFInfo
- Publication number
- CN111064825A CN111064825A CN201911391601.9A CN201911391601A CN111064825A CN 111064825 A CN111064825 A CN 111064825A CN 201911391601 A CN201911391601 A CN 201911391601A CN 111064825 A CN111064825 A CN 111064825A
- Authority
- CN
- China
- Prior art keywords
- address
- arp
- equipment
- dpi
- default gateway
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/10—Mapping addresses of different types
- H04L61/103—Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to the technical field of data acquisition, and provides a method and a device for realizing DPI data acquisition and control based on ARP. The method comprises the steps that DPI equipment sends a first ARP update message to a default gateway; after receiving the first ARP update message, the default gateway updates a local address list for storing address information of equipment to be controlled; the DPI equipment sends a second ARP update message to each equipment to be controlled, wherein the second ARP update message carries an address pair consisting of an IP address of a default gateway and an MAC address of specified equipment; and after receiving the second ARP update message, each device to be controlled uses an address pair formed by the IP address of the default gateway and the MAC address of the designated device as the address of a corresponding network layer and a data link layer for subsequently sending an external data packet. Compared with the prior art, the method can be realized without additional equipment hypothesis, and can also realize flow control and blocking.
Description
[ technical field ] A method for producing a semiconductor device
The invention relates to the technical field of data acquisition, in particular to a method and a device for realizing DPI data acquisition and control based on ARP.
[ background of the invention ]
When DPI analysis is required for an outbound access of an internal device in an enterprise network, a traffic port mirror and a data splitting mode are usually available, but flow control and blocking cannot be realized by this mode, so serial access is usually required. Because the performance of the serially connected DPI equipment directly influences the internet delay and the stability directly influences the on-off of the network, the network equipment is also matched with ByPass equipment for protection, and the deployment cost and the complexity are higher for small enterprises.
In view of the above, overcoming the drawbacks of the prior art is an urgent problem in the art.
[ summary of the invention ]
The technical problem to be solved by the invention is how to utilize the existing DPI equipment finished by a flow port mirror image and a data light splitting mode, and the flow control and the blocking can be realized without a serial connection mode in the prior art and protection by matching ByPass equipment, so that the deployment cost and the complexity are improved.
The invention adopts the following technical scheme:
in a first aspect, the present invention provides a method for implementing DPI data acquisition and control based on ARP, the method comprising: ,
the DPI equipment sends a first ARP update message to a default gateway, wherein the first ARP update message carries address information of each equipment to be controlled; the address information of each device to be controlled comprises an address pair consisting of an IP address of the device to be controlled and the MAC address of the specified device;
after receiving the first ARP update message, the default gateway updates a local address list for storing address information of equipment to be controlled;
the DPI equipment sends a second ARP update message to each equipment to be controlled, wherein the second ARP update message carries an address pair consisting of an IP address of a default gateway and an MAC address of specified equipment;
and after receiving the second ARP update message, each device to be controlled stores an address pair consisting of the IP address of the default gateway and the MAC address of the designated device to the local, and uses the address pair consisting of the IP address of the default gateway and the MAC address of the designated device as the addresses of a corresponding network layer and a data link layer for subsequently sending external data packets.
Preferably, the method further comprises:
the method comprises the steps that when an exchanger receives an external data packet which is sent by each to-be-controlled device and carries an IP address of a default gateway and an MAC address of a designated device, the exchanger forwards the external data packet to DPI equipment;
after the DPI equipment acquires the external data packet, modifying the MAC address of the specified equipment in the external data packet into a default gateway MAC address, and then forwarding the updated external data packet to the switch, so that the updated external data packet enters an external network after being forwarded to the default gateway by the switch;
and the DPI equipment analyzes and monitors the external data packet while modifying the MAC address of the specified equipment in the external data packet into a default gateway MAC address.
Preferably, the sending, by the DPI device, the first ARP update message to the default gateway specifically includes:
when the DPI equipment receives an ARP message sent by first equipment to be controlled in a network, according to the IP address of the first equipment to be controlled carried in the obtained ARP message, sending a first ARP update message carrying an address pair formed by the IP address of the first equipment to be controlled and the MAC address of the specified equipment to a gateway.
Preferably, the method for sending the ARP message by the device to be controlled and the default gateway is sending in a broadcast manner, and the DPI device triggers sending the first ARP message when receiving the ARP message sent by the device to be controlled in a broadcast manner; and the DPI equipment triggers the second ARP message to be sent when receiving the ARP message sent by the broadcast of the default gateway.
Preferably, after the DPI device is configured to a network in normal operation and before the DPI device sends the first ARP update message and/or the second ARP update message, the method further comprises:
configuring an IP address of a default gateway and an MAC address pair of the default gateway, and an IP address of equipment to be controlled and an address list of the MAC address pair of the equipment to be controlled;
the DPI equipment initiates ARP messages to the default gateway to inquire the MAC address of the default gateway, and sends the ARP messages to the IP address list of the equipment to be controlled one by one to inquire the MAC address of each equipment; and the DPI equipment stores the IP address of the default gateway, the MAC address of the default gateway, the IP address of each equipment to be controlled and the corresponding MAC address.
Preferably, an access account and an access password of a default gateway are configured in the DPI device, and the method further includes:
the DPI equipment accesses the default gateway through the access account and the access password of the default gateway and acquires a current online equipment list maintained by the default gateway;
and the DPI equipment updates a locally stored address list according to the online equipment list.
Preferably, the analyzing and monitoring of the external data packet specifically includes:
after the external data packet is analyzed, one or more of speed limit, speed block, volume limit, volume block and specific blocking service data are carried out on the transmission speed of the external data packet of each device to be controlled according to specific control rules.
Preferably, a privilege list is set in the DPI device, and a MAC address of the privileged device is registered in the privilege list, and the method further includes:
and when the DPI equipment receives the ARP message of the privileged equipment, skipping the operation of sending a first ARP update message carrying an address pair consisting of the IP address of the privileged equipment and the MAC address of the specified equipment to a default gateway, so that an address list which is locally stored in the default gateway and corresponds to the privileged equipment is the address pair consisting of the IP address of the privileged equipment and the MAC address of the privileged equipment.
In a second aspect, the present invention further provides an apparatus for implementing DPI data acquisition and control based on ARP, which is used to implement the method for implementing DPI data acquisition and control based on ARP in the first aspect, and the apparatus includes:
at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor for performing the method for ARP-based DPI data acquisition and control according to the first aspect.
In a third aspect, the present invention further provides a non-volatile computer storage medium, where the computer storage medium stores computer-executable instructions, which are executed by one or more processors, and are configured to implement the method for implementing DPI data collection and control based on ARP according to the first aspect.
The invention utilizes the self characteristics of the DPI equipment finished by the existing flow port mirror image and data light splitting mode and utilizes the ARP mechanism to realize the directional intervention of the equipment needing to be controlled, compared with the prior art, the invention can be realized without additional equipment hypothesis, and the flow control and blocking can also be realized.
[ description of the drawings ]
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required to be used in the embodiments of the present invention will be briefly described below. It is obvious that the drawings described below are only some embodiments of the invention, and that for a person skilled in the art, other drawings can be derived from them without inventive effort.
Fig. 1 is a schematic flowchart of a method for implementing DPI data acquisition and control based on ARP according to an embodiment of the present invention;
fig. 2 is a schematic diagram illustrating a format content of a first ARP update message sent by a DPI device to a default gateway according to an embodiment of the present invention;
fig. 3 is a schematic diagram of message content of sending, by a device to be managed, an ARP response to a default gateway according to an embodiment of the present invention, where the device to be managed is the same device as the device to be managed to which a first ARP update message in fig. 2 is directed;
fig. 4 is a diagram illustrating descriptions of fields of an APR message according to an embodiment of the present invention;
fig. 5 is a schematic flowchart of a method for implementing DPI data acquisition and control based on ARP according to an embodiment of the present invention;
fig. 6 is a schematic diagram illustrating a flow of initially completing DPI equipment to-be-managed and controlled equipment and acquiescent gateway effective address information acquisition by DPI equipment in a method for implementing DPI data acquisition and control based on ARP according to an embodiment of the present invention;
fig. 7 is a schematic diagram illustrating a flow of another DPI device completing address information acquisition in a default gateway in a method for implementing DPI data acquisition and control based on ARP according to an embodiment of the present invention;
fig. 8 is a schematic diagram of an architecture for implementing DPI data acquisition and control based on ARP according to an embodiment of the present invention;
fig. 9 is a schematic diagram of device data in an architecture for implementing DPI data acquisition and control based on ARP according to an embodiment of the present invention;
fig. 10 is a schematic diagram illustrating a device data change in a DPI data acquisition and control architecture based on ARP according to an embodiment of the present invention;
fig. 11 is a schematic diagram illustrating a device data change in a DPI data acquisition and control architecture based on ARP according to an embodiment of the present invention;
fig. 12 is a model diagram of a device for implementing DPI data acquisition and control based on ARP according to an embodiment of the present invention;
fig. 13 is a schematic structural diagram of a device for implementing DPI data collection and control based on ARP according to an embodiment of the present invention.
[ detailed description ] embodiments
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
In the description of the present invention, the terms "inner", "outer", "longitudinal", "lateral", "upper", "lower", "top", "bottom", and the like indicate orientations or positional relationships based on those shown in the drawings, and are for convenience only to describe the present invention without requiring the present invention to be necessarily constructed and operated in a specific orientation, and thus should not be construed as limiting the present invention.
In addition, the technical features involved in the embodiments of the present invention described below may be combined with each other as long as they do not conflict with each other.
Example 1:
in the method provided in the embodiment of the present invention, the DPI device may continue to collect traffic in the prior art in a traffic port mirroring and data splitting manner, but unlike the prior art, the DPI device also serves as one of network elements in a network that is equivalent to each terminal device, that is, the DPI device may perform message interaction with a default gateway and each terminal device. In a specific implementation manner, the DPI device may also directly access the DPI device in a network element node manner without acquiring traffic in a traffic port mirror and data splitting manner, and a difference between the DPI device and the DPI device will be specifically described later. The following explains a common part, that is, when a device to be managed needs to be managed and controlled, as shown in fig. 1, the method includes:
in step 201, a DPI device sends a first ARP update message to a default gateway, where the first ARP update message carries address information of each device to be controlled; the address information of each device to be controlled comprises an address pair consisting of an IP address of the device to be controlled and the MAC address of the specified device.
As shown in fig. 2, a message format diagram of sending the first ARP update message (i.e. ARP reply) to the default gateway for DPI. As can be known from the figure, the sending of the ARP message by the DPI device is based on a broadcast mechanism, and when acquiring that the device to be controlled sends an ARP reply to the default gateway, the DPI device generates a first ARP update message as shown in fig. 2 and sends the first ARP update message to the default gateway, where in the message shown in fig. 2, the ethernet address of the sending end is replaced by the MAC address of the DPI device from the original dev.a sent by the terminal to be controlled, and the IP address of the sending end is not modified and is still presented by the IP address of the device to be controlled.
In order to recognize the difference between the first ARP update message and the original ARP reply of the device to be managed, the message content of the ARP reply of the device to be managed is further shown in fig. 3, and as can be seen from a comparison between fig. 2 and fig. 3, the substantial action of the first ARP update message is to replace the sending-end ethernet address therein. In order to provide a deeper understanding of the above fields, a description of the functions of the fields as shown in fig. 4 is further provided.
In step 202, after receiving the first ARP update message, the default gateway updates a local address list for storing address information of the device to be managed.
In step 203, the DPI device sends a second ARP update message to each device to be managed, where the second ARP update message carries an address pair formed by an IP address of a default gateway and an MAC address of a specific device.
In step 204, after receiving the second ARP update message, each device to be controlled stores an address pair formed by the IP address of the default gateway and the MAC address of the designated device to the local, and uses the address pair formed by the IP address of the default gateway and the MAC address of the designated device as the address of the corresponding network layer and the data link layer for subsequently sending the external data packet.
The embodiment of the invention utilizes the self characteristics of the existing DPI equipment which is finished by a flow port mirror image and a data light splitting mode and utilizes an ARP mechanism to realize the directional intervention of the equipment which needs to be controlled, compared with the prior art, the method can be realized without additional equipment hypothesis, and the flow control and the blocking can also be realized.
Based on the address relationship adjusted by the ARP update message in the above steps 201 and 204 in the embodiment of the present invention, as shown in fig. 5, when the subsequent specific data packet is sent, the method further includes:
in step 205, when receiving an external data packet carrying an IP address of a default gateway and an MAC address of a designated device, sent by each device to be controlled, the switch forwards the external data packet to the DPI device.
In step 206, after the DPI device obtains the external data packet, the DPI device modifies the MAC address of the specified device in the external data packet to the default gateway MAC address, and then forwards the updated external data packet to the switch, so that the updated external data packet enters the external network after being forwarded to the default gateway by the switch.
And the DPI equipment analyzes and monitors the external data packet while modifying the MAC address of the specified equipment in the external data packet into a default gateway MAC address.
In this embodiment of the present invention, a feasible implementation manner is provided for the triggering manner in which the DPI device sends the first ARP update message to the default gateway in step 201, and specifically includes:
when the DPI equipment receives an ARP message sent by first equipment to be controlled in a network, according to the IP address of the first equipment to be controlled carried in the obtained ARP message, sending a first ARP update message carrying an address pair formed by the IP address of the first equipment to be controlled and the MAC address of the specified equipment to a gateway.
Specifically, in the embodiment of the present invention, there is a preferred implementation manner, and the method for sending the ARP message by the corresponding device to be controlled and the default gateway is sending the ARP message in a broadcast manner, and the timing when the DPI device triggers to send the first ARP message is when the DPI device receives the ARP message sent by the device to be controlled in a broadcast manner; and the DPI equipment triggers the second ARP message to be sent when receiving the ARP message sent by the broadcast of the default gateway.
In the implementation process of the embodiment of the present invention, there is also a case where, after the IP address of each device to be controlled and the MAC address correspondence of each device to be controlled are already stored in the default gateway, that is, after the DPI device is set to a network in normal operation and before the DPI device sends the first ARP update message and/or the second ARP update message, as shown in fig. 6, the method further includes:
in step 301, an IP address and a MAC address pair of a default gateway, and an IP address and an address list of an identification MAC address pair of a device to be managed and controlled are configured in the DPI device.
In step 302, the DPI device initiates an ARP message to the default gateway to query the MAC address of the default gateway, and sends ARP messages to the IP address list of the device to be controlled one by one to query the MAC address of each device; and the DPI equipment stores the IP address of the default gateway, the MAC address of the default gateway, the IP address of each equipment to be controlled and the corresponding MAC address.
In the embodiment of the present invention, for the DPI device initiating an ARP message to the default gateway to query the MAC address of the default gateway, in an implementation and configuration of the embodiment of the present invention, there is also a preferred alternative, specifically, an access account and an access password of the default gateway are configured in the DPI device, as shown in fig. 7, the method further includes:
in step 401, the DPI device accesses the default gateway through the access account and the access password of the default gateway, and obtains a current online device list maintained by the default gateway.
In step 402, the DPI device updates a locally stored address list according to the online device list.
In the embodiment of the present invention, the analyzing and monitoring of the external data packet specifically includes:
after the external data packet is analyzed, one or more of speed limit, speed block, volume limit, volume block and specific blocking service data are carried out on the transmission speed of the external data packet of each device to be controlled according to specific control rules.
Although the original intention of the embodiment of the present invention is to perform the method as in step 201 and 204 in embodiment 1 for the user who has reached the above monitoring condition, so as to control the packet transmission of the device to be controlled, in this control process, there is also a special case that some devices to be controlled are allowed to reach the above control condition (one or more of speed limit, speed block, speed limit, quantity block and block of specified traffic data) but are allowed. Therefore, a preferred implementation scheme is further proposed in combination with the embodiment of the present invention, specifically, a privilege list is set in the DPI device, and a MAC address of the privileged device is registered in the privilege list, and the method further includes:
and when the DPI equipment receives the ARP message of the privileged equipment, skipping the operation of sending a first ARP update message carrying an address pair consisting of the IP address of the privileged equipment and the MAC address of the specified equipment to a default gateway, so that an address list which is locally stored in the default gateway and corresponds to the privileged equipment is the address pair consisting of the IP address of the privileged equipment and the MAC address of the privileged equipment.
Example 2:
compared with the embodiment of the invention introduced in embodiment 1, the embodiment of the invention is different from the prior art in that the flow is acquired in a flow port mirroring and data splitting mode, in the embodiment of the invention, the DPI device (i.e., DPI Server) is mainly connected to the local area network to be monitored, and the network port is connected to the core switch of the local area network, so that the network port data of the DPI Server and other network devices can be realized in a two-layer accessible mode, i.e., the data is acquired without the flow port mirroring and data splitting mode.
The deployment architecture is as shown in fig. 8, the DPI devices are physically connected in parallel to the local area network, and the concatenation effect is achieved through to-be-managed control, so the deployment cost is very low.
And configuring the IP address of a default gateway and an IP address list of the equipment to be managed and controlled in the DPI Server.
And initiating a normal ARP message to the default gateway to inquire the MAC address of the default gateway, and recording the MAC address as gateway.
Sending normal ARP message to IP list to be managed one by one to inquire MAC address of each device, and recording as device. MAC (multiple devices are numbered as device1.MAC, device2.MAC, etc.)
And the system gateway.IP and gateway.MAC corresponding relation is managed simultaneously. And storing the mapping Table MAP-Table in the DPI Server.
The embodiment of the invention is developed and explained from three major parts, namely a control process, a flow example, and flow control and forwarding collection.
Firstly, the management and control process comprises:
and circularly sending the ARP message which accords with the following corresponding rules in the local area network so as to achieve the effect of waiting for management and control.
1) The following ARP messages are sent to the default gateway, and the messages carry:
Device1.IP->DPI.MAC
Device2.IP->DPI.MAC
...
2) sending the following ARP messages to the Device devices in the list:
gateway.ip- > dpi.mac message
3) The operating system ARP table of each device after completion of the to-be-managed control is in the state shown in fig. 9.
Second, example of procedure
As shown in fig. 10, in order to perform the request trend and the state change of the MAC layer address after the local area network ARP is to be managed:
as shown in fig. 11, in order to perform the request trend and the state change of the MAC layer address after the local area network ARP is to be managed:
in the whole process, a packet transfer module of the DPI Server is required to perform the following processing between the processes 2) and 3):
and replacing the SRC-MAC with the MAC address of the equipment.
And inquiring the MAP-Table to replace the DST-MAC of the original data according to the DST-IP.
And sending out the forged data packet from the internet access.
Second, collecting flow control and forwarding
After the process of waiting for management and control is completed, the local area network data packet can flow into the system, and is sent back to the local area network again after being processed by the relevant function module of the system. The system mainly includes the following functional entities in addition to network discovery, ARP to be managed and controlled, and MAP-Table management, as shown in fig. 12, including:
and (6) data acquisition. And collecting data of which the target MAC is the local network card into the system, and submitting the data to an upper layer for processing.
And managing the conversation. In order to realize the service identification and flow control functions, network data packets need to be managed in a session flow manner. The IP quintuple (containing the original IP, destination IP, source port, destination port, transport layer protocol) uniquely identifies a session flow.
And identifying the service. In order to realize flow control, namely other extended functions, the seven-layer protocol of the data packet needs to be identified and the identification result needs to be stored in a session table.
And controlling the flow. And (4) limiting the speed and blocking according to specific control rules (the control rules include but are not limited to speed limit speed, speed block, quantity limit speed, quantity block, blocking of specified service data and the like). The allowed data packets are delivered to the data forwarding module for further processing.
And (6) forwarding the data. And the data forwarding module modifies the SRC-MAC of the incoming data packet into the local MAC, replaces the DST-MAC of the data packet by inquiring the MAP-Table, and finally sends the data packet out through the network card.
The use scenario of the present invention generally includes the following requirement, ethernet local area network for data exchange over IP. The devices in the local area network all access the external network through the default gateway. All devices within the local area network, including the default gateway, are not statically ARP table bound. It is only suitable for DPI collection of packets passing through the default gateway. All devices in the local area network including the default gateway have certain tolerance to the ARP broadcast quantity. The local area network equipment is small in scale.
Example 3:
fig. 13 is a schematic diagram of an architecture of an ARP-based DPI data collection and control apparatus according to an embodiment of the present invention. The ARP-based DPI data collection and control apparatus of the present embodiment includes one or more processors 21 and a memory 22. In fig. 13, one processor 21 is taken as an example.
The processor 21 and the memory 22 may be connected by a bus or other means, and the bus connection is exemplified in fig. 13.
The memory 22, as a non-volatile computer-readable storage medium, may be used to store a non-volatile software program and a non-volatile computer-executable program, such as the ARP-based DPI data collection and control method in embodiment 1. The processor 21 implements the ARP-based DPI data collection and control method by running non-volatile software programs and instructions stored in the memory 22.
The memory 22 may include high speed random access memory and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some embodiments, the memory 22 may optionally include memory located remotely from the processor 21, and these remote memories may be connected to the processor 21 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The program instructions/modules are stored in the memory 22 and when executed by the one or more processors 21, perform the ARP-based DPI data collection and control method of embodiment 1 described above, for example, perform the steps shown in fig. 1-7 described above.
It should be noted that, for the information interaction, execution process and other contents between the modules and units in the apparatus and system, the specific contents may refer to the description in the embodiment of the method of the present invention because the same concept is used as the embodiment of the processing method of the present invention, and are not described herein again.
Those of ordinary skill in the art will appreciate that all or part of the steps of the various methods of the embodiments may be implemented by associated hardware as instructed by a program, which may be stored on a computer-readable storage medium, which may include: a Read Only Memory (ROM), a Random Access Memory (RAM), a magnetic or optical disk, or the like.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.
Claims (10)
1. A DPI data acquisition and control method based on ARP is characterized by comprising the following steps: ,
the DPI equipment sends a first ARP update message to a default gateway, wherein the first ARP update message carries address information of each equipment to be controlled; the address information of each device to be controlled comprises an address pair consisting of an IP address of the device to be controlled and the MAC address of the specified device;
after receiving the first ARP update message, the default gateway updates a local address list for storing address information of equipment to be controlled;
the DPI equipment sends a second ARP update message to each equipment to be controlled, wherein the second ARP update message carries an address pair consisting of an IP address of a default gateway and an MAC address of specified equipment;
and after receiving the second ARP update message, each device to be controlled stores an address pair consisting of the IP address of the default gateway and the MAC address of the designated device to the local, and uses the address pair consisting of the IP address of the default gateway and the MAC address of the designated device as the addresses of a corresponding network layer and a data link layer for subsequently sending external data packets.
2. The method of ARP-based DPI data collection and control according to claim 1, wherein the method further comprises:
the method comprises the steps that when an exchanger receives an external data packet which is sent by each to-be-controlled device and carries an IP address of a default gateway and an MAC address of a designated device, the exchanger forwards the external data packet to DPI equipment;
after the DPI equipment acquires the external data packet, modifying the MAC address of the specified equipment in the external data packet into a default gateway MAC address, and then forwarding the updated external data packet to the switch, so that the updated external data packet enters an external network after being forwarded to the default gateway by the switch;
and the DPI equipment analyzes and monitors the external data packet while modifying the MAC address of the specified equipment in the external data packet into a default gateway MAC address.
3. The method according to claim 1, wherein the DPI device sends a first ARP update message to a default gateway, and specifically comprises:
when the DPI equipment receives an ARP message sent by first equipment to be controlled in a network, according to the IP address of the first equipment to be controlled carried in the obtained ARP message, sending a first ARP update message carrying an address pair formed by the IP address of the first equipment to be controlled and the MAC address of the specified equipment to a gateway.
4. The method according to claim 3, wherein the ARP-based DPI data collection and control method is implemented such that the device to be controlled and the default gateway send the ARP message in a broadcast manner, and the DPI device triggers the first ARP message to be sent when receiving the ARP message broadcast by the device to be controlled; and the DPI equipment triggers the second ARP message to be sent when receiving the ARP message sent by the broadcast of the default gateway.
5. The method of ARP-based DPI data collection and control according to claim 1, wherein after the DPI device is set up in a normally functioning network, and before sending the first ARP update message and/or the second ARP update message, the method further comprises:
configuring an IP address of a default gateway and an MAC address pair of the default gateway, and an IP address of equipment to be controlled and an address list of the MAC address pair of the equipment to be controlled;
the DPI equipment initiates ARP messages to the default gateway to inquire the MAC address of the default gateway, and sends the ARP messages to the IP address list of the equipment to be controlled one by one to inquire the MAC address of each equipment; and the DPI equipment stores the IP address of the default gateway, the MAC address of the default gateway, the IP address of each equipment to be controlled and the corresponding MAC address.
6. The method of ARP-based DPI data collection and control according to claim 1, wherein the DPI device configures an access account and an access password of a default gateway, the method further comprising:
the DPI equipment accesses the default gateway through the access account and the access password of the default gateway and acquires a current online equipment list maintained by the default gateway;
and the DPI equipment updates a locally stored address list according to the online equipment list.
7. The method for achieving DPI data collection and control based on ARP according to claims 1-6, wherein the parsing and monitoring of the outbound packet specifically comprises:
after the external data packet is analyzed, one or more of speed limit, speed block, volume limit, volume block and specific blocking service data are carried out on the transmission speed of the external data packet of each device to be controlled according to specific control rules.
8. The method of claim 7, wherein for a second device to be managed that meets one or more of speed limit, speed block, and block specified traffic data, a first ARP update message for the second device to be managed is sent to the default gateway and a second ARP update message is sent to the second device to be managed.
9. The method of ARP-based DPI data collection and control according to claim 1, wherein a privileged list is set in the DPI device, the privileged list having a MAC address of a privileged device registered therein, the method further comprising:
and when the DPI equipment receives the ARP message of the privileged equipment, skipping the operation of sending a first ARP update message carrying an address pair consisting of the IP address of the privileged equipment and the MAC address of the specified equipment to a default gateway, so that an address list which is locally stored in the default gateway and corresponds to the privileged equipment is the address pair consisting of the IP address of the privileged equipment and the MAC address of the privileged equipment.
10. An ARP-based DPI data acquisition and control apparatus, comprising:
at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor for performing the ARP-based DPI data collection and control method of any of claims 1-9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911391601.9A CN111064825B (en) | 2019-12-30 | 2019-12-30 | Method and device for realizing DPI data acquisition and control based on ARP |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911391601.9A CN111064825B (en) | 2019-12-30 | 2019-12-30 | Method and device for realizing DPI data acquisition and control based on ARP |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111064825A true CN111064825A (en) | 2020-04-24 |
| CN111064825B CN111064825B (en) | 2022-02-18 |
Family
ID=70304571
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911391601.9A Active CN111064825B (en) | 2019-12-30 | 2019-12-30 | Method and device for realizing DPI data acquisition and control based on ARP |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111064825B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114513562A (en) * | 2022-01-04 | 2022-05-17 | 烽火通信科技股份有限公司 | User internet data source tracing identification method and device |
| CN115150363A (en) * | 2022-06-27 | 2022-10-04 | 中兴通讯股份有限公司 | IP address updating method, gateway device, gateway drop device and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101540772A (en) * | 2009-04-15 | 2009-09-23 | 成都市华为赛门铁克科技有限公司 | DPI (deep packet inspection) equipment and communication method thereof |
| CN107276983A (en) * | 2017-05-12 | 2017-10-20 | 西安电子科技大学 | A kind of the traffic security control method and system synchronous with cloud based on DPI |
| CN108259466A (en) * | 2017-12-08 | 2018-07-06 | 中国联合网络通信集团有限公司 | DDoS flows re-injection method, SDN controllers and network system |
-
2019
- 2019-12-30 CN CN201911391601.9A patent/CN111064825B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101540772A (en) * | 2009-04-15 | 2009-09-23 | 成都市华为赛门铁克科技有限公司 | DPI (deep packet inspection) equipment and communication method thereof |
| CN107276983A (en) * | 2017-05-12 | 2017-10-20 | 西安电子科技大学 | A kind of the traffic security control method and system synchronous with cloud based on DPI |
| CN108259466A (en) * | 2017-12-08 | 2018-07-06 | 中国联合网络通信集团有限公司 | DDoS flows re-injection method, SDN controllers and network system |
Non-Patent Citations (1)
| Title |
|---|
| 朱永庆: "DPI技术应用场景探讨", 《广东通信技术》 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114513562A (en) * | 2022-01-04 | 2022-05-17 | 烽火通信科技股份有限公司 | User internet data source tracing identification method and device |
| CN114513562B (en) * | 2022-01-04 | 2023-05-16 | 烽火通信科技股份有限公司 | User internet surfing data tracing identification method and device |
| CN115150363A (en) * | 2022-06-27 | 2022-10-04 | 中兴通讯股份有限公司 | IP address updating method, gateway device, gateway drop device and storage medium |
| CN115150363B (en) * | 2022-06-27 | 2024-05-10 | 中兴通讯股份有限公司 | IP address updating method, gateway device, gateway down-hanging device and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111064825B (en) | 2022-02-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3422656B1 (en) | Udp protocol acceleration method and system | |
| US8743876B2 (en) | Equipment in a data network and methods for monitoring, configuring and/or managing the equipment | |
| CN113364610B (en) | Network equipment management method, device and system | |
| US20140143414A1 (en) | Method for sending information and gateway | |
| EP3026872B1 (en) | Packet forwarding method, apparatus, and system | |
| JPH1141271A (en) | Ad hoc local area network | |
| EP3313031B1 (en) | Sdn-based arp realization method and apparatus | |
| CN111064825B (en) | Method and device for realizing DPI data acquisition and control based on ARP | |
| CN107623752B (en) | Network management method and device based on link layer | |
| US20150271086A1 (en) | Reducing Network Traffic By Intercepting Address Resolution Messages | |
| CN107888711B (en) | Cross-network-segment equipment searching and communication method | |
| US20200186463A1 (en) | Method and system for name-based in-networking processing | |
| WO2012088934A1 (en) | Method and switching device for filtering messages | |
| CN110601989A (en) | Network traffic balancing method and device | |
| RU2542933C1 (en) | Method (versions), apparatus (versions) and system for controlling access | |
| US20040249923A1 (en) | Efficient home network management system and method | |
| JP2005033250A (en) | Relaying apparatus and port forward setting method | |
| CN108833284B (en) | Communication method and device for cloud platform and IDC network | |
| WO2017101028A1 (en) | Data transmission method, m2m server, pgw, sgw and serving network node | |
| US8276204B2 (en) | Relay device and relay method | |
| CN110505357B (en) | Management method of aerospace VOIP voice terminal | |
| CN109151086A (en) | A kind of message forwarding method and the network equipment | |
| WO2023116289A1 (en) | User message forwarding method, network element, electronic device, and storage medium | |
| CN113746670B (en) | Cross-domain network management method and device based on network management server | |
| WO2023005630A1 (en) | Method and apparatus for sending message to be transferred, and storage medium and electronic apparatus |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: A DPI data acquisition and control method and device based on ARP Effective date of registration: 20220620 Granted publication date: 20220218 Pledgee: Guanggu Branch of Wuhan Rural Commercial Bank Co.,Ltd. Pledgor: WUHAN GREENET INFORMATION SERVICE Co.,Ltd. Registration number: Y2022420000171 |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20230704 Granted publication date: 20220218 Pledgee: Guanggu Branch of Wuhan Rural Commercial Bank Co.,Ltd. Pledgor: WUHAN GREENET INFORMATION SERVICE Co.,Ltd. Registration number: Y2022420000171 |
|
| PC01 | Cancellation of the registration of the contract for pledge of patent right |