公开(公告)号：US10313375B2

公开(公告)日：2019-06-04

申请号：US15160158

申请日：2016-05-20

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Ke Lin ,  Yongcan Wang ,  Yingjun Tian

IPC: H04L29/00 ,  H04L29/06 ,  H04L12/26

Abstract: A malicious attack detection method includes: receiving, by a controller, a Packet-in message sent by a switch, where the Packet-in message includes a source host identifier and a destination host identifier of a data packet for which the switch does not find a flow entry; when determining that a host indicated by the destination host identifier does not exist in an SDN network, sending, by the controller, an abnormal flow entry to the switch; receiving, by the controller, a triggering count sent by the switch, where the triggering count is a quantity of times that the abnormal flow entry is triggered; and determining, according to the triggering count, whether a malicious attack is initiated. According to the method, a malicious attack from a host can be detected, a data processing volume of a controller can be reduced, and performance of the controller can be improved.

公开(公告)号：US20190281081A1

公开(公告)日：2019-09-12

申请号：US16415749

申请日：2019-05-17

Applicant: Huawei Technologies Co., Ltd.

Inventor： Ke Lin ,  Yongcan Wang ,  Yingjun Tian

IPC: H04L29/06 ,  H04L12/26

Abstract: A malicious attack detection method includes receiving, by a controller, a packet-in message sent by a switch, sending, by the controller, an abnormal flow entry to the switch, receiving, by the controller, a triggering count sent by the switch, where the triggering count is a quantity of times that the abnormal flow entry is triggered, and determining, according to the triggering count, whether a malicious attack is initiated.

公开(公告)号：US20160254995A1

公开(公告)日：2016-09-01

申请号：US15148819

申请日：2016-05-06

Applicant: Huawei Technologies Co., Ltd.

Inventor： Yongcan Wang ,  Ke Lin ,  Yingjun Tian

IPC: H04L12/741 ,  H04L12/813 ,  H04L12/721

CPC classification number: H04L45/54 ,  H04L41/022 ,  H04L45/38 ,  H04L47/20

Abstract: A preset flow table matching policy in a switching device is set, a flow table for processing data by a switching device that the data needs to pass through during forwarding and an action that needs to be executed in the flow table are generated according to the matching policy and capability information of the switching device, and the flow table is sent to the switching device that the data needs to pass through during forwarding such that the control device may generate, according to different flow table information of the switching device and with reference to different data forwarding policies, a corresponding flow table to be executed by the switching device, which manages switching devices of different types, and enables a switching device that has multiple flow tables to flexibly implement a data forwarding function in use of a preset policy.

Abstract translation: 设置切换装置中的预设流表匹配策略，用于在转发期间由数据需要通过的切换装置处理数据的流表，并且根据匹配生成需要在流表中执行的动作 交换设备的策略和能力信息，并且流转表被发送到数据在转发期间需要通过的交换设备，使得控制设备可以根据交换设备的不同流表信息并参考 不同的数据转发策略，用于管理不同类型的交换设备的切换设备执行的对应流表，并且使具有多个流表的交换设备能够灵活地实现使用预设策略的数据转发功能。

公开(公告)号：US11637845B2

公开(公告)日：2023-04-25

申请号：US16415749

申请日：2019-05-17

Applicant: Huawei Technologies Co., Ltd.

Inventor： Ke Lin ,  Yongcan Wang ,  Yingjun Tian

IPC: H04L29/00 ,  H04L9/40 ,  H04L43/18

Abstract: A malicious attack detection method includes receiving, by a controller, a packet-in message sent by a switch, sending, by the controller, an abnormal flow entry to the switch, receiving, by the controller, a triggering count sent by the switch, where the triggering count is a quantity of times that the abnormal flow entry is triggered, and determining, according to the triggering count, whether a malicious attack is initiated.

公开(公告)号：US10594586B2

公开(公告)日：2020-03-17

申请号：US15799297

申请日：2017-10-31

Applicant: Huawei Technologies Co., Ltd.

Inventor： Zhengxian Zhang ,  Yingjun Tian ,  Yu Zhang

IPC: G06F15/173 ,  H04L12/26 ,  H04L12/937 ,  H04L29/12 ,  H04L12/24 ,  H04L12/931

Abstract: A dialing test method, a dialing test system, and a computing node relate to the network field. In this method, a dialing test system respectively creates a two dialing test ports on two computing nodes, where both Internet Protocol (IP) addresses of the two dialing test ports are IP addresses of a dialing test network, and the dialing test network does not overlap a service network of a virtual machine (VM). The dialing test system separately deploys respective dialing test resources for the two dialing test ports, and the dialing test resources does not overlap a resource of the VM on the two computing nodes, and the dialing test system triggers a dialing test procedure such that a dialing test task is executed between the two dialing test ports using the dialing test resources.

公开(公告)号：US10122623B2

公开(公告)日：2018-11-06

申请号：US15148819

申请日：2016-05-06

Applicant: Huawei Technologies Co., Ltd.

Inventor： Yongcan Wang ,  Ke Lin ,  Yingjun Tian

IPC: H04L12/721 ,  H04L12/741 ,  H04L12/24 ,  H04L12/813

Abstract: A preset flow table matching policy in a switching device is set, a flow table for processing data by a switching device that the data needs to pass through during forwarding and an action that needs to be executed in the flow table are generated according to the matching policy and capability information of the switching device, and the flow table is sent to the switching device that the data needs to pass through during forwarding such that the control device may generate, according to different flow table information of the switching device and with reference to different data forwarding policies, a corresponding flow table to be executed by the switching device, which manages switching devices of different types, and enables a switching device that has multiple flow tables to flexibly implement a data forwarding function in use of a preset policy.

公开(公告)号：US20180069778A1

公开(公告)日：2018-03-08

申请号：US15799297

申请日：2017-10-31

Applicant: Huawei Technologies Co., Ltd.

Inventor： Zhengxian Zhang ,  Yingjun Tian ,  Yu Zhang

IPC: H04L12/26 ,  H04L29/12 ,  H04L12/937 ,  H04L12/931

CPC classification number: H04L43/50 ,  H04L41/0893 ,  H04L49/253 ,  H04L49/70 ,  H04L61/20 ,  H04L61/2007 ,  H04L61/6068

Abstract: A dialing test method, a dialing test system, and a computing node relate to the network field. In this method, a dialing test system respectively creates a two dialing test ports on two computing nodes, where both Internet Protocol (IP) addresses of the two dialing test ports are IP addresses of a dialing test network, and the dialing test network does not overlap a service network of a virtual machine (VM). The dialing test system separately deploys respective dialing test resources for the two dialing test ports, and the dialing test resources does not overlap a resource of the VM on the two computing nodes, and the dialing test system triggers a dialing test procedure such that a dialing test task is executed between the two dialing test ports using the dialing test resources.

公开(公告)号：US20160269432A1

公开(公告)日：2016-09-15

申请号：US15160158

申请日：2016-05-20

Applicant: HUAWEI TECHNOLOGIES CO.,LTD.

Inventor： Ke Lin ,  Yongcan Wang ,  Yingjun Tian

IPC: H04L29/06 ,  H04L12/26

CPC classification number: H04L63/1425 ,  H04L43/18 ,  H04L63/0272 ,  H04L63/1458 ,  H04L2463/146

Abstract: A malicious attack detection method includes: receiving, by a controller, a Packet-in message sent by a switch, where the Packet-in message includes a source host identifier and a destination host identifier of a data packet for which the switch does not find a flow entry; when determining that a host indicated by the destination host identifier does not exist in an SDN network, sending, by the controller, an abnormal flow entry to the switch; receiving, by the controller, a triggering count sent by the switch, where the triggering count is a quantity of times that the abnormal flow entry is triggered; and determining, according to the triggering count, whether a malicious attack is initiated. According to the method, a malicious attack from a host can be detected, a data processing volume of a controller can be reduced, and performance of the controller can be improved.

Abstract translation: 恶意攻击检测方法包括：由控制器接收由交换机发送的分组输入消息，其中分组输入消息包括交换机未找到的数据分组的源主机标识符和目的主机标识符 流入口 当确定由目的地主机标识符指示的主机不存在于SDN网络中时，由控制器发送到交换机的异常流入口; 由控制器接收由交换机发送的触发计数，其中触发计数是异常流入口被触发的次数; 以及根据触发计数确定是否启动恶意攻击。 根据该方法，可以检测到来自主机的恶意攻击，可以减少控制器的数据处理量，并且可以提高控制器的性能。