公开(公告)号：US20190281081A1

公开(公告)日：2019-09-12

申请号：US16415749

申请日：2019-05-17

Applicant: Huawei Technologies Co., Ltd.

Inventor： Ke Lin ,  Yongcan Wang ,  Yingjun Tian

IPC: H04L29/06 ,  H04L12/26

Abstract: A malicious attack detection method includes receiving, by a controller, a packet-in message sent by a switch, sending, by the controller, an abnormal flow entry to the switch, receiving, by the controller, a triggering count sent by the switch, where the triggering count is a quantity of times that the abnormal flow entry is triggered, and determining, according to the triggering count, whether a malicious attack is initiated.

公开(公告)号：US20160254995A1

公开(公告)日：2016-09-01

申请号：US15148819

申请日：2016-05-06

Applicant: Huawei Technologies Co., Ltd.

Inventor： Yongcan Wang ,  Ke Lin ,  Yingjun Tian

IPC: H04L12/741 ,  H04L12/813 ,  H04L12/721

CPC classification number: H04L45/54 ,  H04L41/022 ,  H04L45/38 ,  H04L47/20

Abstract: A preset flow table matching policy in a switching device is set, a flow table for processing data by a switching device that the data needs to pass through during forwarding and an action that needs to be executed in the flow table are generated according to the matching policy and capability information of the switching device, and the flow table is sent to the switching device that the data needs to pass through during forwarding such that the control device may generate, according to different flow table information of the switching device and with reference to different data forwarding policies, a corresponding flow table to be executed by the switching device, which manages switching devices of different types, and enables a switching device that has multiple flow tables to flexibly implement a data forwarding function in use of a preset policy.

Abstract translation: 设置切换装置中的预设流表匹配策略，用于在转发期间由数据需要通过的切换装置处理数据的流表，并且根据匹配生成需要在流表中执行的动作 交换设备的策略和能力信息，并且流转表被发送到数据在转发期间需要通过的交换设备，使得控制设备可以根据交换设备的不同流表信息并参考 不同的数据转发策略，用于管理不同类型的交换设备的切换设备执行的对应流表，并且使具有多个流表的交换设备能够灵活地实现使用预设策略的数据转发功能。

公开(公告)号：US20160227002A1

公开(公告)日：2016-08-04

申请号：US15095270

申请日：2016-04-11

Applicant: Huawei Technologies Co., Ltd.

Inventor： Ke Lin ,  Yongcan Wang

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L69/163 ,  H04L67/141

Abstract: A method for establishing an in-band connection in an OpenFlow network and switch where the method includes receiving, from a first port, a SYN packet passing through a first path, recording the first port as a first transmit port between a target controller and a source switch, according to the SYN packet passing through the first path, in an in-band connection list, and forwarding the SYN packet passing through the first path, receiving a SYN response packet from a second port, determining the first transmit port between the target controller and the source switch, and forwarding the SYN response packet from the first transmit port between the target controller and the source switch which enable controllers and switches provided by more manufacturers are compatible.

Abstract translation: 一种用于在OpenFlow网络和交换机中建立带内连接的方法，其中所述方法包括从第一端口接收通过第一路径的SYN分组，将所述第一端口记录为目标控制器和第一传输端口之间的第一传输端口 根据通过第一路径的SYN分组，在带内连接列表中，转发通过第一路径的SYN分组，从第二端口接收SYN响应分组，确定第一发送端口 目标控制器和源交换机，并且从目标控制器和源交换机之间的第一个传输端口转发SYN响应数据包，使得更多制造商提供的控制器和交换机是兼容的。

公开(公告)号：US10257322B2

公开(公告)日：2019-04-09

申请号：US15095270

申请日：2016-04-11

Applicant: Huawei Technologies Co., Ltd.

Inventor： Ke Lin ,  Yongcan Wang

IPC: H04L29/06 ,  H04L29/08

Abstract: A method for establishing an in-band connection in an OpenFlow network and switch where the method includes receiving, from a first port, a SYN packet passing through a first path, recording the first port as a first transmit port between a target controller and a source switch, according to the SYN packet passing through the first path, in an in-band connection list, and forwarding the SYN packet passing through the first path, receiving a SYN response packet from a second port, determining the first transmit port between the target controller and the source switch, and forwarding the SYN response packet from the first transmit port between the target controller and the source switch which enable controllers and switches provided by more manufacturers are compatible.

公开(公告)号：US10313375B2

公开(公告)日：2019-06-04

申请号：US15160158

申请日：2016-05-20

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Ke Lin ,  Yongcan Wang ,  Yingjun Tian

IPC: H04L29/00 ,  H04L29/06 ,  H04L12/26

Abstract: A malicious attack detection method includes: receiving, by a controller, a Packet-in message sent by a switch, where the Packet-in message includes a source host identifier and a destination host identifier of a data packet for which the switch does not find a flow entry; when determining that a host indicated by the destination host identifier does not exist in an SDN network, sending, by the controller, an abnormal flow entry to the switch; receiving, by the controller, a triggering count sent by the switch, where the triggering count is a quantity of times that the abnormal flow entry is triggered; and determining, according to the triggering count, whether a malicious attack is initiated. According to the method, a malicious attack from a host can be detected, a data processing volume of a controller can be reduced, and performance of the controller can be improved.

公开(公告)号：US11637845B2

公开(公告)日：2023-04-25

申请号：US16415749

申请日：2019-05-17

Applicant: Huawei Technologies Co., Ltd.

Inventor： Ke Lin ,  Yongcan Wang ,  Yingjun Tian

IPC: H04L29/00 ,  H04L9/40 ,  H04L43/18

Abstract: A malicious attack detection method includes receiving, by a controller, a packet-in message sent by a switch, sending, by the controller, an abnormal flow entry to the switch, receiving, by the controller, a triggering count sent by the switch, where the triggering count is a quantity of times that the abnormal flow entry is triggered, and determining, according to the triggering count, whether a malicious attack is initiated.

公开(公告)号：US10122623B2

公开(公告)日：2018-11-06

申请号：US15148819

申请日：2016-05-06

Applicant: Huawei Technologies Co., Ltd.

Inventor： Yongcan Wang ,  Ke Lin ,  Yingjun Tian

IPC: H04L12/721 ,  H04L12/741 ,  H04L12/24 ,  H04L12/813

Abstract: A preset flow table matching policy in a switching device is set, a flow table for processing data by a switching device that the data needs to pass through during forwarding and an action that needs to be executed in the flow table are generated according to the matching policy and capability information of the switching device, and the flow table is sent to the switching device that the data needs to pass through during forwarding such that the control device may generate, according to different flow table information of the switching device and with reference to different data forwarding policies, a corresponding flow table to be executed by the switching device, which manages switching devices of different types, and enables a switching device that has multiple flow tables to flexibly implement a data forwarding function in use of a preset policy.

公开(公告)号：US20160269432A1

公开(公告)日：2016-09-15

申请号：US15160158

申请日：2016-05-20

Applicant: HUAWEI TECHNOLOGIES CO.,LTD.

Inventor： Ke Lin ,  Yongcan Wang ,  Yingjun Tian

IPC: H04L29/06 ,  H04L12/26

CPC classification number: H04L63/1425 ,  H04L43/18 ,  H04L63/0272 ,  H04L63/1458 ,  H04L2463/146

Abstract: A malicious attack detection method includes: receiving, by a controller, a Packet-in message sent by a switch, where the Packet-in message includes a source host identifier and a destination host identifier of a data packet for which the switch does not find a flow entry; when determining that a host indicated by the destination host identifier does not exist in an SDN network, sending, by the controller, an abnormal flow entry to the switch; receiving, by the controller, a triggering count sent by the switch, where the triggering count is a quantity of times that the abnormal flow entry is triggered; and determining, according to the triggering count, whether a malicious attack is initiated. According to the method, a malicious attack from a host can be detected, a data processing volume of a controller can be reduced, and performance of the controller can be improved.

Abstract translation: 恶意攻击检测方法包括：由控制器接收由交换机发送的分组输入消息，其中分组输入消息包括交换机未找到的数据分组的源主机标识符和目的主机标识符 流入口 当确定由目的地主机标识符指示的主机不存在于SDN网络中时，由控制器发送到交换机的异常流入口; 由控制器接收由交换机发送的触发计数，其中触发计数是异常流入口被触发的次数; 以及根据触发计数确定是否启动恶意攻击。 根据该方法，可以检测到来自主机的恶意攻击，可以减少控制器的数据处理量，并且可以提高控制器的性能。