CN113727222B - Method and device for detecting MAC address drift in PON system - Google Patents
Method and device for detecting MAC address drift in PON system Download PDFInfo
- Publication number
- CN113727222B CN113727222B CN202110945762.9A CN202110945762A CN113727222B CN 113727222 B CN113727222 B CN 113727222B CN 202110945762 A CN202110945762 A CN 202110945762A CN 113727222 B CN113727222 B CN 113727222B
- Authority
- CN
- China
- Prior art keywords
- mac address
- message
- port
- link information
- learning
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 23
- 230000002159 abnormal effect Effects 0.000 claims abstract description 71
- 238000001514 detection method Methods 0.000 claims abstract description 38
- 238000011144 upstream manufacturing Methods 0.000 claims description 17
- 230000003287 optical effect Effects 0.000 abstract description 7
- 230000009286 beneficial effect Effects 0.000 abstract 1
- 230000006399 behavior Effects 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 3
- 238000012544 monitoring process Methods 0.000 description 3
- 238000011895 specific detection Methods 0.000 description 3
- 230000006978 adaptation Effects 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 239000000284 extract Substances 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 1
- 230000010355 oscillation Effects 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04Q—SELECTING
- H04Q11/00—Selecting arrangements for multiplex systems
- H04Q11/0001—Selecting arrangements for multiplex systems using optical switching
- H04Q11/0062—Network aspects
- H04Q11/0067—Provisions for optical access or distribution networks, e.g. Gigabit Ethernet Passive Optical Network (GE-PON), ATM-based Passive Optical Network (A-PON), PON-Ring
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5053—Lease time; Renewal aspects
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2101/00—Indexing scheme associated with group H04L61/00
- H04L2101/60—Types of network addresses
- H04L2101/618—Details of network addresses
- H04L2101/622—Layer-2 addresses, e.g. medium access control [MAC] addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04Q—SELECTING
- H04Q11/00—Selecting arrangements for multiplex systems
- H04Q11/0001—Selecting arrangements for multiplex systems using optical switching
- H04Q11/0062—Network aspects
- H04Q2011/0079—Operation or maintenance aspects
- H04Q2011/0083—Testing; Monitoring
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention discloses a method and a device for detecting MAC address drift in a PON system, which relate to the field of passive optical networks and comprise the following steps: and establishing an uplink MAC address learning table and a downlink MAC address learning table, wherein each item of MAC address table information of the uplink MAC address learning table comprises link information. When the two-layer service port receives an external data message, the source MAC address of the message is learned, and the abnormal drift ONU and the service flow attribute thereof are positioned according to the learning condition. The invention has the beneficial effects that: under the condition of not excessively increasing the complexity of the PON system, the rapid detection and processing of the MAC address drift are realized by optimizing the learning content of the OLT line card, and the detection precision and the detection efficiency are improved.
Description
Technical Field
The invention relates to the technical field of PONs (Passive Optical Network, passive optical networks), in particular to a method and a device for detecting MAC address drift in a PON system.
Background
As the broadband access network falls to the ground comprehensively when the last kilometer light enters and exits, PON technology and equipment are applied in a large scale.
The PON system is composed of an OLT (Optical Line Terminal ), an ODN (Optical Distribution Network, optical distribution network), and an ONU (Optical Network Unit ) including an SFU (Single family Unit, single-Dwelling Unit ONU) and an MDU (Multi-Dwelling Unit ONU).
In the prior art, when the address drift of the MAC (Medium Access Control, media access control) at the line card end of the OLT is identified, the processing pressure of the CPU (Central Processing Unit ) of the line card of the OLT is higher, the detection granularity can only be based on the PON port, the drift inside the rogue ONU can not be positioned, the specific ONU and the service flow of the specific ONU can not be positioned, and the detection precision and the detection efficiency are lower.
Disclosure of Invention
Aiming at the defects existing in the prior art, the invention aims to overcome the defects in the prior art, and provides a method and a device for detecting the MAC address drift in a PON system, which realize the rapid detection and processing of the MAC address drift by optimizing the learning content of an OLT line card under the condition of not excessively increasing the complexity of the PON system.
In order to achieve the above purpose, the invention adopts the following technical scheme:
a method for detecting MAC address drift in a PON system comprises the following steps:
establishing an uplink MAC address learning table and a downlink MAC address learning table, wherein each item of MAC address table information of the uplink MAC address learning table comprises link information;
when the two-layer service port receives an external data message, the source MAC address of the message is learned, and the abnormal drift ONU and the service flow attribute thereof are positioned according to the learning condition.
On the basis of the technical scheme, each item of MAC address table information of the uplink MAC address learning table comprises an MAC address, link information and a UNI (user interface) number;
each item of MAC address table information of the downlink MAC address learning table comprises an MAC address and an NNI (network node identifier) number;
when the PON system is an EPON system, the link information is LLID;
when the PON system is a GPON system, the link information is a GEMPORT ID.
On the basis of the technical scheme, when the two-layer service port receives an external data message, the source MAC address of the message is learned, and the method specifically comprises the following steps:
judging whether the source MAC address of the message is learned or not based on the uplink MAC address learning table and the downlink MAC address learning table;
if the source MAC address of the message is learned, judging whether the MAC address drift occurs or not and judging the type of the MAC address drift according to the consistency of the port which learns the source MAC address and the port which currently receives the message and the consistency of the link information which learns the source MAC address and the link information of the message;
if the port learning the source MAC address is consistent with the port currently receiving the message and the link information learning the source MAC address is consistent with the link information of the message, the learning condition is that the MAC address drift is judged not to occur.
On the basis of the above technical solution, the determining the type of the MAC address drift includes:
for an uplink data message, if the source MAC address of the message is not learned in an uplink MAC address learning table, but the source MAC address of the message is learned in a downlink MAC address learning table, judging that abnormal MAC address drift occurs from an NNI port to a UNI port;
for an uplink data message, if the source MAC address of the message is learned in an uplink MAC address learning table, the port from which the source MAC address is learned is consistent with the port from which the message is currently received, and the link information from which the source MAC address is learned is inconsistent with the link information of the message, abnormal MAC address drift is judged to occur in the same UNI port;
for an uplink data message, if the source MAC address of the message is learned in an uplink MAC address learning table and the port on which the source MAC address is learned is inconsistent with the port on which the message is currently received, determining that abnormal MAC address drift occurs between different UNI ports;
for the downlink data message, if the source MAC address of the message is not learned in the downlink MAC address learning table, but the source MAC address of the message is learned in the uplink MAC address learning table, it is determined that normal MAC address drift occurs from the UNI port to the NNI port.
On the basis of the technical scheme, the positioning of the abnormal drifting ONU and the service flow attribute thereof according to the learning condition specifically comprises the following steps:
when the learning condition is that abnormal MAC address drift is judged to occur, the source MAC address and link information contained in the message and the port number currently receiving the message are reported to the CPU of the OLT line card, and the CPU positions the abnormal drift ONU and the service flow attribute thereof according to the source MAC address, the link information and the port number and discards the message.
The invention also provides a device for detecting the MAC address drift in the PON system, which is arranged in the OLT line card and comprises:
the MAC address learning table configuration module is used for: establishing an uplink MAC address learning table and a downlink MAC address learning table, wherein each item of MAC address table information of the uplink MAC address learning table comprises link information;
the message processing module is used for: when the two-layer service port receives an external data message, the source MAC address of the message is learned, and the abnormal drift ONU and the service flow attribute thereof are positioned according to the learning condition.
On the basis of the technical scheme, each item of MAC address table information of the uplink MAC address learning table comprises an MAC address, link information and a UNI (user interface) number;
each item of MAC address table information of the downlink MAC address learning table comprises an MAC address and an NNI (network node identifier) number;
when the PON system is an EPON system, the link information is LLID;
when the PON system is a GPON system, the link information is a GEMPORT ID.
On the basis of the technical scheme, when the message processing module judges that the two-layer service port receives the external data message, the specific operation of learning the source MAC address of the message comprises the following steps:
the message processing module judges whether the source MAC address of the message is learned or not based on the uplink MAC address learning table and the downlink MAC address learning table;
if the source MAC address of the message is learned, judging whether the MAC address drift occurs or not and judging the type of the MAC address drift according to the consistency of the port which learns the source MAC address and the port which currently receives the message and the consistency of the link information which learns the source MAC address and the link information of the message;
if the port learning the source MAC address is consistent with the port currently receiving the message and the link information learning the source MAC address is consistent with the link information of the message, the learning condition is that the MAC address drift is judged not to occur.
On the basis of the above technical solution, the determining the type of the MAC address drift includes:
for an uplink data message, if the source MAC address of the message is not learned in an uplink MAC address learning table, but the source MAC address of the message is learned in a downlink MAC address learning table, judging that abnormal MAC address drift occurs from an NNI port to a UNI port;
for an uplink data message, if the source MAC address of the message is learned in an uplink MAC address learning table, the port from which the source MAC address is learned is consistent with the port from which the message is currently received, and the link information from which the source MAC address is learned is inconsistent with the link information of the message, abnormal MAC address drift is judged to occur in the same UNI port;
for an uplink data message, if the source MAC address of the message is learned in an uplink MAC address learning table and the port on which the source MAC address is learned is inconsistent with the port on which the message is currently received, determining that abnormal MAC address drift occurs between different UNI ports;
for the downlink data message, if the source MAC address of the message is not learned in the downlink MAC address learning table, but the source MAC address of the message is learned in the uplink MAC address learning table, it is determined that normal MAC address drift occurs from the UNI port to the NNI port.
On the basis of the technical scheme, the specific operation of the message processing module for positioning the abnormal drifting ONU and the service flow attribute thereof according to the learning condition comprises the following steps:
and when the learning condition is that abnormal MAC address drift occurs, the message processing module reports the source MAC address and link information contained in the message and the port number currently receiving the message to the CPU of the OLT line card, and the CPU discards the message after positioning the abnormal drift ONU and the service flow attribute thereof according to the source MAC address, the link information and the port number.
Compared with the prior art, the invention has the advantages that:
the method has the advantages that the MAC address learning mode of the OLT line card is optimized, link information is added in an uplink MAC address learning table to accurately characterize the ONU and the service flow thereof, the rapid detection and processing of the MAC address drift are realized by monitoring the change of the port corresponding to the source MAC address and the link information, when the abnormal MAC address drift is judged, the CPU of the OLT line card is informed of partial key information of the abnormal message in an event mode, the detection flow is simplified, the pressure of the CPU is reduced, the drift inside the ONU can be detected, the specific ONU and the service flow of the specific ONU are positioned, a specific detection message is not required to be constructed, the influence of the transparent transmission characteristics of the ONU connected under the UNI port is avoided, the influence of the loss of the detection message is avoided, the requirements on the OLT line card and the ONU are not high, and the detection efficiency and the detection precision can be improved.
Drawings
Fig. 1 is a flow chart of a method for detecting MAC address drift in a PON system according to an embodiment of the present invention.
Fig. 2 is a schematic flow chart of learning a source MAC address of an uplink data packet when a UNI port of an OLT line card receives the packet in the embodiment of the present invention.
Fig. 3 is a schematic flow chart of learning a source MAC address of a downlink data packet when an NNI port of an OLT line card receives the packet in the embodiment of the present invention.
Fig. 4 is a functional block diagram of a detection device for MAC address drift in a PON system according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples.
In the engineering scenario of PON systems, there are theoretically the following scenarios regarding MAC address drift:
scene one: and the MAC address drift occurs in the same UNI port, namely, a malicious user at the ONU side impersonates the MAC address of a normal ONU user to surf the Internet from different two-layer service ports of different SFUs, so that the normal ONU user cannot surf the Internet.
Scene II: and the MAC address drift occurs in the same UNI port, namely, a malicious user impersonates the MAC address of a normal user to surf the Internet from different ports of the same MDU, so that the normal ONU user cannot surf the Internet.
Scene III: the MAC address drifts from the NNI port to the UNI port, namely, a malicious user impersonates the MAC address from the NNI side (Network Network Interface network-network interface side, namely, network side) of the OLT, so that the message of the network side cannot be forwarded normally, and the associated ONU user cannot surf the internet normally.
Scene four: MAC address drift occurs in the same UNI port or between different UNI ports, namely, a loop is formed between different ONUs of the same PON system, a UNI side of the OLT receives a message sent by the user, and MAC address oscillation is formed on the UNI side, so that an ONU user cannot normally surf the Internet.
For such malicious or abnormal MAC address drift, it is desirable from the perspective of operators to detect and track its malicious behavior, and further limit the surfing behavior of malicious users, so as to achieve the purpose of protecting normal surfing users.
Aiming at a first scene, a second scene and a third scene, the traditional MAC address drift detection method is used for positioning a malicious ONU through network management information, the MAC address drift is obtained by inquiring the network management information, the positioning efficiency is problematic, the positioning precision is also problematic, and for example, the positioning precision is lower because the drift of the malicious MAC address in the rogue ONU can not be detected. The other MAC address drift detection method is to acquire abnormal information by monitoring an update event of the MAC address table information in the OLT line card exchange chip, wherein the detection granularity can only be based on PON ports, so that drift among different PON ports can be detected, and a specific ONU and a service flow of the specific ONU can not be positioned.
For the fourth scenario, the traditional MAC address drift detection method detects the drift of the MAC address by sending a specific loopback detection message to the ONU by the OLT, and if the OLT receives the loopback message sent by itself from the ONU side, it is considered that an abnormal loop occurs in the ONU side link. However, this method has the disadvantage that once the loopback detection message is discarded in a link of the network, the detection fails.
In an actual engineering scene, the NNI side does not directly face a user, and is generally connected with upstream equipment of an operator, and the network environment is relatively clean, so that the situation that MAC address drift occurs between different NNI ports or MAC address drift occurs in the same NNI port is less likely, but the MAC address drift from a UNI port to an NNI port exists. The UNI side is directly oriented to the user, so that a great number of malicious user attacks or imitation problems exist, and the four scenes are more generated. In view of this, how to detect malicious or abnormal MAC address drift of an ONU by using an accurate, effective and inexpensive method, efficiently backtrack abnormal conditions, and have great significance for telecom operators. The invention mainly solves the problem of how to rapidly detect and process the MAC address drift.
As shown in fig. 1, the present invention provides a method for detecting MAC address drift in a PON system, including:
s1, establishing an uplink MAC address learning table and a downlink MAC address learning table in a memory of an OLT line card, wherein each item of MAC address table information of the uplink MAC address learning table comprises link information.
Specifically, in this embodiment, in the upstream direction, the UNI side of the OLT line card is abutted against the user equipment, which has a large number of attack or imitation problems of malicious users, and it needs to be considered whether an abnormal MAC address drift from the NNI port to the UNI port occurs, whether an abnormal MAC address drift inside the same UNI port occurs, or whether an abnormal MAC address drift between different UNI ports occurs. Therefore, link information is added to the upstream MAC address learning table to accurately characterize the ONU and its traffic flow attribute, and each item of MAC address table information in the upstream MAC address learning table includes a MAC address, link information, and UNI number. After the OLT line card starts MAC address drift detection, judging whether abnormal MAC address drift and the type of the abnormal MAC address drift occur according to the port number corresponding to the source MAC address of the uplink data message and whether the link information changes, and positioning the abnormal drift ONU and the service flow attribute thereof based on the link information and the UNI number, wherein the abnormal drift ONU is the ONU with the abnormal drift of the MAC address.
In the downstream direction, the NNI side of the OLT line card interfaces with upstream devices, such as BRAS (Broadband Access Server ) devices, data switches, and video servers, where the NNI side is not directly facing the user, the network environment is relatively clean (i.e., no MAC address drift inside the NNI ports or between the NNI ports occurs by default), no MAC address drift caused by malicious users on the NNI side needs to be identified, no positioning of abnormal MAC address drift on the NNI side needs to be performed, and only whether there is a normal MAC address drift from the UNI port to the NNI port needs to be considered. Therefore, each item of MAC address table information of the downstream MAC address learning table includes a MAC address, a VLAN ID, and an NNI number. After the OLT line card starts the MAC address drift detection, whether the normal MAC address drift occurs is judged according to whether the port number corresponding to the source MAC address of the downlink data message changes.
The invention allows the MAC address to drift from the UNI port to the NNI port, judges the drift of the MAC address from the UNI port to the NNI port as normal MAC address drift, defaults that the drift of the MAC address does not occur in the same NNI port and among different NNI ports, and judges the drift of other MAC addresses as abnormal MAC address drift.
When the external data message is a downlink data message, the port number is the port number of the NNI port, namely the NNI port number, and when the external data message is an uplink data message, the port number is the port number of the UNI port, namely the UNI port number.
When the PON system is an EPON system, the link information is a GEMPORT ID (GEM port identification). When the PON system is an EPON system, the link information is LLID (Logical Link Identifier ).
And S2, when the two-layer service port of the OLT line card receives an external data message, learning the source MAC address of the message based on an uplink MAC address learning table and a downlink MAC address learning table to obtain a corresponding learning condition, and positioning the abnormal drifting ONU and the service flow attribute thereof according to the learning condition.
Specifically, in this embodiment, after the OLT line card receives a service flow sent from a downstream user device from the UNI port, it needs to extract a source MAC address and link information from an uplink data packet, obtain a UNI port number of the packet currently received, and determine whether the source MAC address of the packet is learned by the uplink and downlink MAC address learning tables:
if the source MAC address of the message is not learned by the uplink MAC address learning table and the downlink MAC address learning table, updating the uplink MAC address learning table according to the source MAC address, the link information and the UNI number corresponding to the message.
If the uplink MAC address learning table learns the source MAC address of the message, and learns that the port of the source MAC address is consistent with the port currently receiving the message, and learns that the link information of the source MAC address is consistent with the link information of the message, the learning condition is that the MAC address drift is not generated.
If the uplink MAC address learning table learns the source MAC address of the message, and learns that the port of the source MAC address is consistent with the port currently receiving the message, and learns that the link information of the source MAC address is inconsistent with the link information of the message, the learning condition is that abnormal MAC address drift occurs in the same UNI port.
If the uplink MAC address learning table learns the source MAC address of the message, the port which learns the source MAC address is inconsistent with the port which currently receives the message, and the port which learns the source MAC address is a UNI port, the learning condition is that abnormal MAC address drift occurs between different UNI ports.
If the downstream MAC address learning table learns the source MAC address of the message, and the port learning the source MAC address is inconsistent with the port currently receiving the message, and the port learning the source MAC address is an NNI port, the learning condition is that abnormal MAC address drift occurs from the NNI port to the UNI port.
After the OLT line card receives the service flow sent by the upstream application provider device from the NNI port, it needs to extract the source MAC address from the downstream data packet, obtain the NNI port number of the packet currently received, and determine whether the source MAC address of the packet is learned by the upstream and downstream MAC address learning tables:
if the source MAC address of the message is not learned by the uplink MAC address learning table and the downlink MAC address learning table, updating the downlink MAC address learning table according to the source MAC address corresponding to the message and the NNI number.
If the downstream MAC address learning table learns the source MAC address of the message and learns that the port of the source MAC address is an NNI port, the learning condition is that the MAC address drift does not occur.
If the uplink MAC address learning table learns the source MAC address of the message, the port which learns the source MAC address is inconsistent with the port which currently receives the message, and the learned port is a UNI port, the learning condition is that the normal MAC address drift from the UNI port to the NNI port is judged to occur, and then the downlink MAC address learning table is updated according to the source MAC address corresponding to the message and the NNI port number.
Further, in this embodiment, if the learning condition is that it is determined that there is an abnormal MAC address drift, the source MAC address, the link information, and the port number corresponding to the abnormal packet are directly reported to the CPU of the OLT line card, so that it is not necessary to send all the information of the abnormal packet to the CPU, the detection flow is simplified, the CPU pressure is reduced, and the subsequent OLT line card discards the packet after the abnormal positioning is completed.
The OLT line card can backtrack the ONU ID corresponding to the abnormal packet based on the link information and the UNI number, and acquire the service flow attribute corresponding to the abnormal packet (the service flow attribute is complete service information including the source MAC address, the link information, and the port number), so that the network behavior of the malicious user can be shielded by accurate link information level.
In summary, by optimizing the MAC address learning manner of the OLT line card, adding link information to the upstream MAC address learning table to accurately characterize the ONU and its service flow, and monitoring the port corresponding to the source MAC address and the change of the link information to implement rapid detection and processing of the MAC address drift, when it is determined that abnormal MAC address drift occurs, notifying the CPU of the OLT line card of part of the critical information of the abnormal message by the event manner, simplifying the detection flow, reducing the pressure of the CPU, and being able to detect drift inside the ONU, locate a specific ONU and the service flow of the specific ONU, without constructing a specific detection message, without being affected by the transparent transmission characteristics of the ONU under the UNI port, without being affected by the loss of the detection message, and having low requirements on the OLT and the ONU, and being able to improve the detection accuracy and efficiency detection.
Based on the above embodiment, in step S2, the source MAC address of the packet is learned based on the uplink and downlink MAC address learning tables according to the embodiments, so as to obtain a corresponding learning situation, and after the two-layer service ports of the OLT line card receive the external data packet, the processing methods for the uplink data packet and the downlink data packet are different.
As shown in fig. 2, in step S2, when the UNI port of the OLT line card receives an uplink data packet, the specific steps of learning the source MAC address of the packet based on the uplink and downlink MAC address learning tables to obtain a corresponding learning condition include:
step S21a, the OLT line card extracts the source MAC address and the link information from the uplink data message, acquires the UNI number of the current received message, and judges whether the source MAC address of the message is learned by the uplink MAC address learning table and the downlink MAC address learning table:
if yes, go to step S22a;
if not, updating an uplink MAC address learning table according to the source MAC address, the link information and the UNI number corresponding to the message;
step S22a, judging whether the source MAC address of the message is learned from the uplink MAC address learning table:
if yes, go to step S23a;
if not, the learning condition is that abnormal MAC address drift is judged to occur from NNI port to UNI port;
step S23a, judging whether the port which learns the source MAC address is consistent with the port which currently receives the message:
if yes, go to step S24a;
if not, the learning condition is that abnormal MAC address drift occurs between different UNI ports;
step S24a, judging whether the learned link information of the source MAC address is consistent with the link information of the message:
if yes, the learning condition is that the MAC address drift is judged not to occur;
if not, the learning condition is to judge that abnormal MAC address drift occurs in the same UNI port.
In this embodiment, if it is determined in step S21a that the source MAC address of the uplink data packet has been learned by the uplink MAC address learning table or the downlink MAC address learning table, the process goes to step S22a. If the message is not learned by the uplink MAC address learning table and the downlink MAC address learning table, updating the uplink MAC address learning table according to the source MAC address, the link information and the UNI number corresponding to the message.
In step S22a, for the uplink data packet, if the source MAC address of the packet is not learned in the uplink MAC address learning table, but the source MAC address of the packet is learned in the downlink MAC address learning table, it is determined that an abnormal MAC address drift occurs from the NNI port to the UNI port.
As shown in fig. 3, in step S2, when the NNI port of the OLT line card receives a downlink data packet, the specific steps of learning the source MAC address of the packet based on the uplink and downlink MAC address learning tables to obtain a corresponding learning condition include:
step S21b, the OLT line card extracts the source MAC address from the downlink data message, acquires the NNI number of the message currently received, and judges whether the source MAC address of the message is learned by the uplink MAC address learning table and the downlink MAC address learning table:
if yes, go to step S22b;
if not, updating a downstream MAC address learning table according to the source MAC address corresponding to the message and the NNI number;
step S22b, judging whether the source MAC address of the message is learned from the downstream MAC address learning table:
if yes, the learning condition is that the MAC address drift is judged not to occur;
if not, the learning condition is that the normal MAC address drift from the UNI port to the NNI port is judged, and the downstream MAC address learning table is updated according to the source MAC address corresponding to the message and the NNI number.
In this embodiment, if it is determined in step S21b that the source MAC address of the downlink data packet has been learned by the uplink MAC address learning table or the downlink MAC address learning table, the process goes to step S22b. If the message is not learned by the uplink MAC address learning table and the downlink MAC address learning table, updating the downlink MAC address learning table according to the source MAC address, the link information and the UNI number corresponding to the message.
In step S22b, for the downlink data packet, if the source MAC address of the packet is not learned in the downlink MAC address learning table, but the source MAC address of the packet is learned in the uplink MAC address learning table, it is determined that a normal MAC address drift occurs from the UNI port to the NNI port.
Further, when it is determined in step S2 that the abnormal MAC address drift occurs, in step S3, the source MAC address, the link information, and the UNI number corresponding to the abnormal packet are directly reported to the CPU of the OLT line card, and the CPU notifies the device gateway of the information and discards the abnormal packet. The OLT line card can backtrack the ONU ID corresponding to the uplink data message according to the link information and the UNI number, so that the abnormal drifting ONU is positioned, and the service flow attribute comprising the source MAC address, the link information and the UNI number is obtained.
As shown in fig. 4, an embodiment of a detection apparatus for MAC address drift in a PON system is provided. The device comprises a MAC address learning table configuration module 1 and a message processing module 2 which are arranged in the OLT line card.
The MAC address learning table configuration module 1 is configured to: and establishing an uplink MAC address learning table and a downlink MAC address learning table in the memory of the OLT line card, wherein each item of MAC address table information of the uplink MAC address learning table comprises link information.
The message processing module 2 is configured to: when the two-layer service port of the OLT line card receives an uplink data message, the source MAC address of the message is learned based on an uplink MAC address learning table and a downlink MAC address learning table, and the abnormal drift ONU and the service flow attribute thereof are positioned according to the learning condition.
And the message processing module 2 positions the abnormal drift ONU and the service flow attribute thereof according to the link information and the UNI number corresponding to the uplink data message when the learning condition is that the abnormal MAC address drift is judged. In this embodiment, since the ONU ID corresponding to the upstream data packet can be retrospectively and reversely found according to the link information and UNI number, the network behavior of the malicious user can be shielded by precisely reaching the link information level according to the information of the MAC that maliciously drifts.
Further, the specific operations of the MAC address learning table configuration module 1 to build the uplink and downlink MAC address learning tables include:
each item of MAC address table information in the upstream MAC address learning table is configured to include a MAC address, a VLAN ID, link information, and a UNI number.
Each item of MAC address table information in the downstream MAC address learning table is configured to include a MAC address, a VLAN ID, and an NNI number.
When the PON system is an EPON system, the link information is LLID.
When the PON system is a GPON system, the link information is a GEMPORT ID.
In this embodiment, the MAC address learning manner of the OLT line card is optimized, link information is added to the upstream MAC address learning table to accurately characterize the ONU and the service flow thereof, the port corresponding to the source MAC address and the change of the link information are monitored to implement rapid detection and processing of the MAC address drift, when it is determined that abnormal MAC address drift occurs, part of key information of an abnormal message is notified to the CPU of the OLT line card by an event manner, so that the detection flow is simplified, the pressure of the CPU is reduced, the drift inside the ONU can be detected, the specific ONU and the service flow of the specific ONU can be positioned, no specific detection message is required to be constructed, the influence of the transparent transmission characteristics of the ONU connected under the UNI port is avoided, the influence of the loss of the detection message is avoided, the requirements on the OLT line card and the ONU are not high, and the detection accuracy and the detection efficiency can be improved.
Specifically, in some embodiments, when the above-mentioned packet processing module 2 determines that the two-layer service port of the OLT line card receives the external data packet, it determines, based on the uplink and downlink MAC address learning tables, whether the source MAC address of the packet has been learned:
if not, learning the source MAC address of the message, and searching a forwarding path for forwarding according to the destination MAC and VLAN ID of the message.
If the source MAC address of the message is learned, judging whether the MAC address drift occurs or not and judging the type of the MAC address drift according to the consistency of the port which learns the source MAC address and the port which currently receives the message and the consistency of the link information which learns the source MAC address and the link information of the message.
If the port learning the source MAC address is consistent with the port currently receiving the message and the link information learning the source MAC address is consistent with the link information of the message, the learning condition is that the MAC address drift is judged not to occur.
For the uplink data message, if the source MAC address of the message is learned in the downlink MAC address learning table, abnormal MAC address drift from the NNI port to the UNI port is judged.
For an uplink data message, if the source MAC address of the message is learned in an uplink MAC address learning table, the port learning the source MAC address is consistent with the port currently receiving the message, and the link information learning the source MAC address is inconsistent with the link information of the message, abnormal MAC address drift is judged to occur in the same UNI port.
For the uplink data message, if the source MAC address of the message is learned in the uplink MAC address learning table and the port on which the source MAC address is learned is inconsistent with the port on which the message is currently received, abnormal MAC address drift is determined to occur between different UNI ports.
For the downlink data message, if the source MAC address of the message is learned in the uplink MAC address learning table, judging that normal MAC address drift occurs from the UNI port to the NNI port.
Further, the specific operation of the message processing module 2 for locating the abnormal drift ONU and the traffic flow attribute thereof according to the learning condition includes:
and when the learning condition is that abnormal MAC address drift occurs, the message processing module reports the source MAC address and link information contained in the message and the port number currently receiving the message to the CPU of the OLT line card, and the CPU discards the message after positioning the abnormal drift ONU and the service flow attribute thereof according to the source MAC address, the link information and the port number.
In this embodiment, the abnormal MAC address drift in the same UNI port can be detected directly through the link information and UNI port number in the message, and the abnormal ONU and the traffic flow attribute thereof are located, so that the detection flow is simplified, the CPU pressure is reduced, and the detection accuracy and the detection efficiency are improved.
The invention is not limited to the embodiments described above, but a number of modifications and adaptations can be made by a person skilled in the art without departing from the principle of the invention, which modifications and adaptations are also considered to be within the scope of the invention. What is not described in detail in this specification is prior art known to those skilled in the art.
Claims (9)
1. A method for detecting MAC address drift in a PON system, the method comprising:
an uplink MAC address learning table is established in a memory of an OLT line card, and each item of MAC address table information of the uplink MAC address learning table comprises link information;
when a two-layer service port of the OLT line card receives an uplink data message, learning a source MAC address and link information of the message based on the uplink MAC address learning table, and positioning an abnormal drifting ONU and a service flow attribute according to the learning condition of the uplink data message;
when the two-layer service port of the OLT line card receives an uplink data message, the source MAC address and the link information of the message are learned based on the uplink MAC address learning table, and the method specifically comprises the following steps:
the OLT line card acquires the source MAC address and link information of the message and judges whether the source MAC address of the message is learned or not;
if not, learning the source MAC address of the message, and searching a forwarding path according to the target MAC of the message for forwarding;
if so, judging the type of the MAC address drift according to the consistency of the port of the source MAC address and the port of the current received message and the consistency of the link information of the source MAC address and the link information of the message;
when the port learning the source MAC address is consistent with the port currently receiving the message and the link information learning the source MAC address is consistent with the link information of the message, the learning condition is that the MAC address drift is judged not to occur.
2. The method for detecting MAC address drift in a PON system according to claim 1, wherein the method for detecting MAC address drift in a PON system further comprises:
carrying out priority configuration of ports on two layers of service ports of the OLT line card;
the priority of all NNI ports is configured to be the same high priority, and the NNI ports are two-layer service ports which are butted with an external network on an OLT line card;
the priorities of all UNI ports are configured to be the same low priority, and UNI ports are other two-layer service ports on the OLT card.
3. The method for detecting MAC address drift in a PON system according to claim 2, wherein each item of MAC address table information in the upstream MAC address learning table comprises a MAC address, a VLAN ID, link information, and a UNI number;
a downlink MAC address learning table is established in the memory of the OLT line card, and each item of MAC address table information comprises an MAC address, a VLAN ID and an NNI number;
when the PON system is an EPON system, the link information is LLID;
when the PON system is a GPON system, the link information is a GEMPORT ID.
4. The method for detecting MAC address drift in a PON system according to claim 1, wherein determining a type of MAC address drift comprises:
if the learning is already performed and the port of the source MAC address is learned to be inconsistent with the port of the current received message and the link information of the source MAC address is learned to be inconsistent with the link information of the message, the learning condition is that the MAC address drift occurs in the same UNI port;
if the learning is already performed, and the port of the source MAC address is learned to be consistent with the port of the current received message, and the link information of the source MAC address is learned to be inconsistent with the link information of the message, determining that the MAC address drift occurs in the same UNI port;
if the source MAC address is learned and the port of the source MAC address is inconsistent with the port of the current received message, and the link information of the source MAC address is learned to be consistent with the link information of the message, the learning condition is that the MAC address drift occurs between different UNI ports.
5. The method for detecting MAC address drift in PON system according to claim 1, wherein positioning the abnormal drift ONU and its traffic stream attribute according to the learning condition of the upstream packet specifically comprises the following steps:
and when the learning condition is that the MAC address drift is judged to occur, positioning the abnormal drift ONU and the service flow attribute thereof according to the link information in the uplink data message.
6. The utility model provides a detection device of MAC address drift in PON system, its characterized in that sets up in the OLT ply-yarn drill, includes:
the MAC address learning table configuration module is used for: an uplink MAC address learning table is established in a memory of an OLT line card, and each item of MAC address table information of the uplink MAC address learning table comprises link information;
the message processing module is used for: when a two-layer service port of an OLT line card receives an uplink data message, learning a source MAC address and link information of the message based on the uplink MAC address learning table, and positioning an abnormal drifting ONU and a service flow attribute thereof according to the learning condition of the uplink data message;
when the message processing module judges that the two-layer service port of the OLT line card receives an uplink data message, the specific operation of learning the source MAC address and the link information of the message based on the uplink MAC address learning table comprises the following steps: the message processing module judges whether the source MAC address of the message is learned or not; if not, learning the source MAC address of the message, and searching a forwarding path according to the target MAC of the message for forwarding; if so, judging the type of the MAC address drift according to the consistency of the port of the source MAC address and the port of the current received message and the consistency of the link information of the source MAC address and the link information of the message; when the port learning the source MAC address is consistent with the port currently receiving the message and the link information learning the source MAC address is consistent with the link information of the message, the learning condition is that the MAC address drift is judged not to occur.
7. The apparatus for detecting MAC address drift in a PON system according to claim 6, wherein the specific operation of the MAC address learning table configuration module to build an upstream MAC address learning table comprises:
each item of MAC address table information in the uplink MAC address learning table is configured to comprise an MAC address, a VLAN ID, link information and a UNI number;
the MAC address learning table configuration module is further configured to establish a downstream MAC address learning table in a memory of the OLT line card, wherein each item of MAC address table information is configured to include an MAC address, a VLAN ID and an NNI number;
when the PON system is an EPON system, the link information is LLID;
when the PON system is a GPON system, the link information is a GEMPORT ID.
8. The apparatus for detecting MAC address drift in a PON system according to claim 6, wherein when the packet processing module determines that an upstream data packet is received by a two-layer service port of an OLT line card, a specific operation for learning a source MAC address and link information of the packet based on the upstream MAC address learning table comprises:
the message processing module judges whether the source MAC address of the message is learned or not when the OLT line card receives the uplink data message;
if not, learning the source MAC address of the message, and searching a forwarding path according to the target MAC of the message for forwarding;
if the source MAC address is learned and the port of the source MAC address is learned to be consistent with the port of the current received message and the link information of the source MAC address is learned to be consistent with the link information of the message, judging that the MAC address drift does not occur in the learning condition;
if the learning is already performed and the port of the source MAC address is learned to be inconsistent with the port of the current received message and the link information of the source MAC address is learned to be inconsistent with the link information of the message, the learning condition is that the MAC address drift occurs in the same UNI port;
if the learning is already performed, and the port of the source MAC address is learned to be consistent with the port of the current received message, and the link information of the source MAC address is learned to be inconsistent with the link information of the message, determining that the MAC address drift occurs in the same UNI port;
if the source MAC address is learned and the port of the source MAC address is inconsistent with the port of the current received message, and the link information of the source MAC address is learned to be consistent with the link information of the message, the learning condition is that the MAC address drift occurs between different UNI ports.
9. The apparatus for detecting MAC address drift in a PON system according to claim 8, wherein the packet processing module locates the abnormal drift ONU and the traffic stream attribute thereof according to the learning condition of the upstream packet, comprising:
and the message processing module positions the abnormal drift ONU and the service flow attribute thereof according to the link information in the uplink data message when the learning condition is that the MAC address drift is judged to occur.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110945762.9A CN113727222B (en) | 2021-08-16 | 2021-08-16 | Method and device for detecting MAC address drift in PON system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110945762.9A CN113727222B (en) | 2021-08-16 | 2021-08-16 | Method and device for detecting MAC address drift in PON system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113727222A CN113727222A (en) | 2021-11-30 |
| CN113727222B true CN113727222B (en) | 2023-11-03 |
Family
ID=78676131
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110945762.9A Active CN113727222B (en) | 2021-08-16 | 2021-08-16 | Method and device for detecting MAC address drift in PON system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113727222B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114257891A (en) * | 2021-12-22 | 2022-03-29 | 苏州盛科通信股份有限公司 | Method for controlling MAC drift in passive optical network and application |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20070025856A (en) * | 2005-09-05 | 2007-03-08 | 한국전자통신연구원 | Epon bridge apparatus and method for forwarding thereof |
| CN101114882A (en) * | 2006-07-27 | 2008-01-30 | 中兴通讯股份有限公司 | Method for processing data traffic in GPON |
| WO2012095040A2 (en) * | 2012-02-17 | 2012-07-19 | 华为技术有限公司 | Method for transmitting data in passive optical network, user-side equipment, and system |
| CN103685265A (en) * | 2013-12-09 | 2014-03-26 | 上海斐讯数据通信技术有限公司 | Security detection method and system of passive optical network |
| WO2015154548A1 (en) * | 2014-09-11 | 2015-10-15 | 中兴通讯股份有限公司 | Port processing method and device |
| CN105553739A (en) * | 2015-12-25 | 2016-05-04 | 瑞斯康达科技发展股份有限公司 | Method and device for tracking MAC addresses |
| CN106941634A (en) * | 2017-05-18 | 2017-07-11 | 烽火通信科技股份有限公司 | The method and system of OLT loopback detections in a kind of GPON systems |
| US9992114B1 (en) * | 2016-12-02 | 2018-06-05 | Adtran, Inc. | Selective MAC address learning |
| CN109327462A (en) * | 2018-11-14 | 2019-02-12 | 盛科网络(苏州)有限公司 | A kind of MAC address authentication method based on L2VPN network |
| CN110958502A (en) * | 2019-11-27 | 2020-04-03 | 烽火通信科技股份有限公司 | Method and system for realizing intercommunication between different ONUs in same PON |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8861401B2 (en) * | 2012-04-03 | 2014-10-14 | International Business Machines Corporation | Layer 2 packet switching without look-up table for ethernet switches |
-
2021
- 2021-08-16 CN CN202110945762.9A patent/CN113727222B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20070025856A (en) * | 2005-09-05 | 2007-03-08 | 한국전자통신연구원 | Epon bridge apparatus and method for forwarding thereof |
| CN101114882A (en) * | 2006-07-27 | 2008-01-30 | 中兴通讯股份有限公司 | Method for processing data traffic in GPON |
| WO2012095040A2 (en) * | 2012-02-17 | 2012-07-19 | 华为技术有限公司 | Method for transmitting data in passive optical network, user-side equipment, and system |
| CN103685265A (en) * | 2013-12-09 | 2014-03-26 | 上海斐讯数据通信技术有限公司 | Security detection method and system of passive optical network |
| WO2015154548A1 (en) * | 2014-09-11 | 2015-10-15 | 中兴通讯股份有限公司 | Port processing method and device |
| CN105553739A (en) * | 2015-12-25 | 2016-05-04 | 瑞斯康达科技发展股份有限公司 | Method and device for tracking MAC addresses |
| US9992114B1 (en) * | 2016-12-02 | 2018-06-05 | Adtran, Inc. | Selective MAC address learning |
| CN106941634A (en) * | 2017-05-18 | 2017-07-11 | 烽火通信科技股份有限公司 | The method and system of OLT loopback detections in a kind of GPON systems |
| CN109327462A (en) * | 2018-11-14 | 2019-02-12 | 盛科网络(苏州)有限公司 | A kind of MAC address authentication method based on L2VPN network |
| CN110958502A (en) * | 2019-11-27 | 2020-04-03 | 烽火通信科技股份有限公司 | Method and system for realizing intercommunication between different ONUs in same PON |
Non-Patent Citations (1)
| Title |
|---|
| 一种EPON网络环路问题解决方案;贺健;;有线电视技术(12);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113727222A (en) | 2021-11-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101505191B (en) | Fault processing method and system for Ethernet passive optical network | |
| US8554075B2 (en) | Communication system, subscriber accommodating apparatus and communication method | |
| US8755685B2 (en) | Joint switching method for an aggregation node, aggregation node and system | |
| CN101317377B (en) | Device, method and system for configuring Ethernet service in passive optical network | |
| US9432114B2 (en) | Method for identifying the optical network unit power off reason | |
| EP2355374B1 (en) | Method, system and optical line terminal for message transmission in an optical communication system | |
| WO2008011780A1 (en) | Method, system and apparatus for detecting a faulty network terminal in pon | |
| US9755749B2 (en) | ONU, communication system and communication method for ONU | |
| WO2009052721A1 (en) | Method, system and device for alarm management in long reach passive optical network system | |
| JP2004096734A (en) | Apparatus and method for duplexing gigabit ethernet (r) passive optical network system, and frame format for controlling the same | |
| CN102130718B (en) | A kind of network element device of protection switching of backbone optical path and method | |
| KR20190019177A (en) | Optical network unit reset message | |
| CN1921357A (en) | Full optical fibre protecting device and method | |
| US20080253770A1 (en) | Optical transmission device and optical transmission method | |
| WO2009043290A1 (en) | A method, a system and an apparatus for protection in a long reach passive optical network | |
| CN106464356B (en) | A kind of detection method of rogue's optical network unit, apparatus and system | |
| CN101997605B (en) | Optical distribution network as well as fault processing method, registration method and physical positioning method for optical network unit | |
| CN106301837A (en) | EPON alarm detection method and device | |
| CN101345581A (en) | Fault location method and system for passive optical network | |
| CN101931460A (en) | Link fault detection method, device and system | |
| CN110460371B (en) | Optical resource checking method and system | |
| CN102611519B (en) | Method and device for link protection of passive optical network | |
| CN105228183A (en) | Upstream data abnormality eliminating method and device | |
| CN113727222B (en) | Method and device for detecting MAC address drift in PON system | |
| EP0942544B1 (en) | A method to provide a management channel, a line terminator, a first network terminator card and a second network terminator card realizing such a method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |