CN103973499A - IP accurate positioning system and method - Google Patents
IP accurate positioning system and method Download PDFInfo
- Publication number
- CN103973499A CN103973499A CN201410222683.5A CN201410222683A CN103973499A CN 103973499 A CN103973499 A CN 103973499A CN 201410222683 A CN201410222683 A CN 201410222683A CN 103973499 A CN103973499 A CN 103973499A
- Authority
- CN
- China
- Prior art keywords
- mac
- port
- address
- wid
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The invention discloses an IP accurate positioning system and method. The system comprises access control modules, client modules, an agent module and a control center module, wherein the access control modules acquire the MAC of terminal addresses and a port of a switch, the MAC of the terminal addresses, the port of the switch, the identification WID of an access layer switch, the identification SID of the access control modules are made to form corresponding relation information MAC-PORT-WID-SID, and the MAC-PORT-WID-SID is transmitted to a control center; the client modules are used for transmitting heartbeat information to the agent module; the agent module is used for managing the online states of all terminals according to the heartbeat information transmitted by all the client modules and transmitting the corresponding relation information IP-MAC to the control center module in real time; the control center module is used for acquiring the MAC-PORT-WID-SID from all the access control modules, acquiring the IP-MAC from the agent module and correlating and storing the MAC-PORT-WID-SID and the IP-MAC to form five-side online data.
Description
Technical field
The present invention relates to network insertion management and control and safe practice field, relate in particular to a kind of IP request navigation system and method.
Background technology
The basic ICP/IP protocol of Ethernet is seven layers of hierarchy, 7-1 layer from top to bottom, upper layer data is sealed and is contained in lower floor's packet, otherwise, upper layer data comprises lower floor's attribute, as: three layer data bags encapsulate the TCP of four layer data bags with IP, conversely, four layer data bags only comprise the TCP attribute of this layer, and do not comprise the IP attribute of three layers; Layer 2 data bag encapsulates the IP of three layer data bags with MAC, and three layer data bags only have IP, do not comprise the MAC information of two layers.In seven-layer structure three layers of IP, therefore IP-based network positions, can only carry out at three layers.The Access Layer major part of existing network is Layer 2 switch, do not support three layer data to forward, be that Layer 2 switch can not process IP packet, therefore IP location can not be realized on two layers, and network insertion is all on access-layer switch, therefore the accurate location of the IP of access device can not be realized, and this is the sorry of prior art.
IP-based the whole network location, follows the trail of significant to network management, data source.
Summary of the invention
The present invention solves the accurate location to access layer network node that exists in prior art and the problem of access control difficulty, has proposed a kind of IP Precise Position System and method, its for network management, data source follow the trail of, information security is significant.
According to an aspect of the present invention, it provides a kind of IP Precise Position System, and it comprises:
Access control module, for obtain the correspondence relationship information of terminal address MAC and switch ports themselves PORT from access-layer switch, and by the mark WID association store of itself and described access-layer switch, form the correspondence relationship information MAC-PORT-WID-SID of the mark SID of terminal address MAC, switch ports themselves PORT, switch identification WID and access control module; Then described correspondence relationship information MAC-PORT-WID-SID is sent to management and control center;
Client modules, it sends heartbeat message to proxy module in real time; Described heartbeat message comprises the correspondence relationship information IP-MAC of IP address of terminal and MAC Address;
Proxy module, it manages the presence of each terminal for the heartbeat message transmitting according to each client modules, and in real time described correspondence relationship information IP-MAC is sent to management and control center module;
Management and control center module, for obtaining described correspondence relationship information MAC-PORT-WID-SID from each access control module, obtain described correspondence relationship information IP-MAC from each proxy module, and according to MAC Address wherein, described correspondence relationship information MAC-PORT-WID-SID is associated with IP-MAC, form five side's online data IP-MAC-PORT-SID-WID.
Wherein, described access control module and described access-layer switch connect by snmp protocol, and are that the each access-layer switch connecting with it is given unique mark WID.
Wherein, described access control module is obtained the correspondence relationship information of terminal address MAC and switch ports themselves PORT by the mode of snmp polling and SNMP Trap.
Wherein, described proxy module is corresponding one by one with described access control module.
Wherein, described client modules is positioned at terminal equipment, for registration, the end message of terminal equipment upload, terminal operating environmental monitoring, instruction and the reception of response agent module the notice of showing proxy module.
Wherein, described client regularly sends heartbeat message to proxy module, and described proxy module detects that the described correspondence relationship information IP-MAC in described heartbeat message changes, and change information is sent to management and control center module.
Wherein, described management and control center module configures the information of each access control module, for it gives unique identification SID.
Wherein, described management and control center module also receives the accurate Location Request of IP, and according to the IP address in the accurate Location Request of described IP, returns to the five side online datas corresponding with this IP address.
According to a further aspect of the invention, it provides a kind of IP accurate positioning method, and it comprises
Access control module is obtained the correspondence relationship information of terminal address MAC and switch ports themselves PORT from access-layer switch, and by the correspondence relationship information MAC-PORT-WID-SID of the mark ID of its formation terminal address MAC associated with the mark WID of described access-layer switch, switch ports themselves PORT, switch identification WID and access control module; Then described correspondence relationship information MAC-PORT-WID-SID is sent to management and control center;
Client modules sends heartbeat message to proxy module, and described heartbeat message comprises the correspondence relationship information IP-MAC of IP address of terminal and MAC Address;
Proxy module receives described heartbeat message, and in real time described correspondence relationship information IP-MAC is sent to management and control center module;
Management and control center module is according to the described correspondence relationship information MAC-PORT-WID-SID obtaining from access control module, the described correspondence relationship information IP-MAC obtaining from proxy module, and according to MAC Address wherein, described correspondence relationship information MAC-PORT-WID-SID is associated with IP-MAC, form five side's online data IP-MAC-PORT-SID-WID.
The method also comprises:
Management and control center module receives the request of IP address location, and the request of described IP address location comprises IP to be checked address;
Management and control center module is according to described IP address acquisition to be checked and return to five side's online datas corresponding to described IP to be checked address.
According to said system provided by the invention and method, can provide the IP that crosses over three-layer network accurately to locate, can the position of IP address be navigated to access-layer switch physical port at network-wide basis, for network management, data source are followed the trail of, information security provides strong means and instrument.
Brief description of the drawings
Fig. 1 is IP Precise Position System structure chart in the present invention;
Fig. 2 is the flow chart of IP accurate positioning method in the present invention.
Embodiment
For making the object, technical solutions and advantages of the present invention clearer, below in conjunction with specific embodiment, and with reference to accompanying drawing, the present invention is described in further detail.
The layering of ICP/IP protocol, makes not comprise two layers of information in three layer data bags, therefore, through the IP address of the packet of three layers of forwarding, can only roughly navigate to IP scope, can not accurately navigate to access layer port.And for locating and follow the trail of in the information source of access-in management and information security, two layers are accurately located is very valuable.The whole network IP accurately location is a difficult problem that perplexs for a long time industry, can effectively address this problem by the present invention.
Fig. 1 shows structure and the operation logic schematic diagram of a kind of IP Precise Position System of the present invention's proposition.As shown in Figure 1, this system comprises:
Access control module SEAD, for obtain the correspondence relationship information (MAC-PORT) of terminal address MAC-switch ports themselves PORT from access-layer switch, obtain the terminal MAC Address being linked on each port of described access-layer switch, and it is associated with the mark WID of described access-layer switch, form terminal address MAC-switch ports themselves PORT-switch identification WID corresponding relation (MAC-PORT-WID-SID), SID is No. ID of SEAD; Described MAC-PORT information comprises: the MAC Address of the terminal equipment of each port numbers of described access-layer switch, access corresponding port; Described MAC-PORT-WID information comprises: the MAC Address of the terminal equipment of each port of described access-layer switch, access corresponding port, access-layer switch mark WID; Described access control module is also for being sent to management and control center by MAC-PORT-WID information; Wherein, described SEAD is to switch polls, and the MAC-PORT data on the switch of acquisition, once these data change, send to management and control center by changing unit.
Client modules Client, regularly sends heartbeat message to proxy module based on predetermined period, to show its presence; Described heartbeat message comprises the corresponding informance (IP-MAC) of IP address of terminal-MAC Address; This IP-MAC number pick is through MAC protection, and IP is the IP of the current use of terminal, and MAC is the network interface card thing a kind of jade MAC that sends heartbeat terminal.
Proxy module PROXY, it manages the presence of each client for the heartbeat message transmitting according to each client modules, and in real time IP address of terminal-MAC Address corresponding informance in described heartbeat message is sent to management and control center module;
Management and control center module MCC, for obtaining MAC-PORT-WID-SID information from each access control module SEAD; It also obtains each IP address of terminal-MAC Address corresponding informance from each proxy module, and according to described MAC Address, described terminal address MAC-switch ports themselves PORT-switch identification WID is corresponding associated with IP address of terminal, form five side's online data IP-MAC-PORT-SID-WID.
In this system, described access control module SEAD is in logic between access switch and management and control center MCC, physically can be arranged in any position that network IP can reach, it is mainly used in controlling access-layer switch, and obtains the network insertion state of the terminal equipment on the port of access-layer switch of institute's management and control.
First described access control module SEAD sets up communication by snmp protocol and access-layer switch, and give unique mark WID for access-layer switch, by communications protocol is set, SEAD is registered to MCC, sets up the communication of SEAD to MCC, MCC gives SEAD unique identification SID;
It is by the information of access-layer switch acquisition terminal equipment afterwards, as the address MAC of terminal equipment and corresponding switch ports themselves PORT thereof etc.; Its acquisition mode can adopt the mode of the Trap of snmp polling and SNMP, its by the data that collect comprise access-layer switch unique identification WID,
The port PO RT of access-layer switch and access to the corresponding informance write into Databasce of the MAC Address of the terminal equipment of corresponding port, and update time stamp.
Described access control module sends to management and control center by the port address PORT of the unique identification WID of stored access-layer switch, access-layer switch and the corresponding informance that accesses to the MAC Address of the terminal equipment of corresponding port in real time.
Described client modules is positioned at terminal equipment, registration, the end message that is mainly used in terminal equipment uploaded, terminal operating environment measuring (system account weak passwurd, illegal external connection, third party's fail-safe software operation conditions etc.), instruction, the reception of response agent module show notice of proxy module etc.In technical scheme of the present invention, it regularly sends heartbeat message to proxy module, and with the presence that shows that it is current, described heartbeat message comprises IP address and the MAC Address of described client modules place terminal equipment.
Described proxy module is mainly described client modules service, with SEAD be one-to-one relationship, and with SEAD in same position, physically can be on same equipment, for the verify data of maintain customer end module, receive the heartbeat message of client modules, maintain terminal equipment presence, issue named policer and notice, the functions such as response terminal unit exception situation.MCC is on independent server apparatus, and configuration is different from the independent IP address of SEAD.
Described proxy module is also accepted the log-on message of client modules, comprises the information such as MAC Address, IP address of client modules place terminal equipment; It also accepts the heartbeat message of client modules, and safeguards the presence of described client according to heartbeat message.If do not receive the heartbeat message of client modules in intended duration, this client modules is set to off-line state.
Described proxy module is also synchronized to management and control center module by the corresponding informance of the IP address obtaining from client modules and MAC Address, proxy module receives client heartbeat data in real time, obtain IP-MAC corresponding relation in terminal, once data change, send to management and control center by changing unit.
Described management and control center module, for configuring the information of each access control module SEAD, comprises its unique identification SID and IP address, and receives the terminal MAC-PORT-WID that each access control module SEAD sends; The terminal IP-MAC information that Receiving Agent module sends simultaneously, taking MAC Address as major key, associated above-mentioned information, forms the five side's online datas that comprise terminal IP-terminal MAC-switch ports themselves PORT-switch identification WID-access control module id SID.
Described management and control center module realizes IP accurate positioning function according to five side's online datas, and when sending request after IP locating information to management and control center module, management and control center module is returned to record corresponding in five side's online datas corresponding to this IP address.IP Location Request can be inputted on the interface of MCC, also can obtain from other system by data-interface.
Fig. 2 shows the flow chart of a kind of IP accurate positioning method of the present invention's proposition.As shown in Figure 2, it comprises:
Access control module is obtained terminal MAC Address on access-layer switch and corresponding switch ports themselves PORT, and the identification information WID of itself and described access-layer switch is sent to management and control center module;
Client modules sends heartbeat message to proxy module, and described heartbeat message comprises client modules place IP address of terminal and MAC Address;
Proxy module receives described heartbeat message, and sends it to management and control center module;
Management and control center module is according to the described correspondence relationship information MAC-PORT-WID-SID obtaining from access control module, the described correspondence relationship information IP-MAC obtaining from proxy module, and according to MAC Address wherein, described correspondence relationship information MAC-PORT-WID-SID is associated with IP-MAC, form five side's online data IP-MAC-PORT-SID-WID, and extract the precise position information of terminal equipment corresponding to this IP address according to the IP address receiving from described five side's online datas.
Said method also comprises:
Management and control center module receives the request of IP address location, and the request of described IP address location comprises the IP address that will inquire about;
Management and control center module is according to five side's online data tables described in described IP address lookup, and five corresponding this IP address side's online datas are returned.
The present invention can obtain the precise location information of this IP AC address complete by above-mentioned localization method, on the port that this IP is positioned under the SEAD that is numbered SID, be numbered on the switch of WID, port numbers is POTR;
WID is wherein No. ID, switch, can be converted into by switch configuration data the management ip address of switch; The IP address of switch is inputted in system initialization process, and on SEAD, storage synchronized transmission are to MCC.
The said method proposing by the present invention obtains after the precise location information of described IP address, PORT wherein can be issued to the switch management IP address that is numbered WID as closing switch ports themselves parameter through SNMP, connects with the network that cuts off this IP.
Above-described specific embodiment; object of the present invention, technical scheme and beneficial effect are further described; be understood that; the foregoing is only specific embodiments of the invention; be not limited to the present invention; within the spirit and principles in the present invention all, any amendment of making, be equal to replacement, improvement etc., within all should being included in protection scope of the present invention.
Claims (10)
1. an IP Precise Position System, it comprises:
Access control module, for obtain the correspondence relationship information of terminal address MAC and switch ports themselves PORT from access-layer switch, and by the mark WID association store of itself and described access-layer switch, form the correspondence relationship information MAC-PORT-WID-SID of the mark SID of terminal address MAC, switch ports themselves PORT, switch identification WID and access control module; Then described correspondence relationship information MAC-PORT-WID-SID is sent to management and control center;
Client modules, it sends heartbeat message to proxy module in real time; Described heartbeat message comprises the correspondence relationship information IP-MAC of IP address of terminal and MAC Address;
Proxy module, it manages the presence of each terminal for the heartbeat message transmitting according to each client modules, and in real time described correspondence relationship information IP-MAC is sent to management and control center module;
Management and control center module, for obtaining described correspondence relationship information MAC-PORT-WID-SID from each access control module, obtain described correspondence relationship information IP-MAC from each proxy module, and according to MAC Address wherein, described correspondence relationship information MAC-PORT-WID-SID is associated with IP-MAC, form five side's online data IP-MAC-PORT-SID-WID.
2. the system as claimed in claim 1, wherein, described access control module and described access-layer switch connect by snmp protocol, and are that the each access-layer switch connecting with it is given unique mark WID.
3. the system as claimed in claim 1, wherein, described access control module is obtained the correspondence relationship information of terminal address MAC and switch ports themselves PORT by the mode of snmp polling and SNMP Trap.
4. the system as claimed in claim 1, wherein, described proxy module is corresponding one by one with described access control module.
5. the system as claimed in claim 1, wherein, described client modules is positioned at terminal equipment, for registration, the end message of terminal equipment upload, terminal operating environmental monitoring, instruction and the reception of response agent module the notice of showing proxy module.
6. the system as claimed in claim 1, wherein, described client regularly sends heartbeat message to proxy module, and described proxy module detects that the described correspondence relationship information IP-MAC in described heartbeat message changes, and change information is sent to management and control center module.
7. the system as claimed in claim 1, wherein, described management and control center module configures the information of each access control module, for it gives unique identification SID.
8. the system as claimed in claim 1, wherein, described management and control center module also receives the accurate Location Request of IP, and according to the IP address in the accurate Location Request of described IP, returns to the five side online datas corresponding with this IP address.
9. an IP accurate positioning method, it comprises:
Access control module is obtained the correspondence relationship information of terminal address MAC and switch ports themselves PORT from access-layer switch, and by the correspondence relationship information MAC-PORT-WID-SID of the mark SID of its formation terminal address MAC associated with the mark WID of described access-layer switch, switch ports themselves PORT, switch identification WID and access control module; Then described correspondence relationship information MAC-PORT-WID-SID is sent to management and control center;
Client modules sends heartbeat message to proxy module, and described heartbeat message comprises the correspondence relationship information IP-MAC of IP address of terminal and MAC Address;
Proxy module receives described heartbeat message, and in real time described correspondence relationship information IP-MAC is sent to management and control center module;
Management and control center module is according to the described correspondence relationship information MAC-PORT-WID-SID obtaining from access control module, the described correspondence relationship information IP-MAC obtaining from proxy module, and according to MAC Address wherein, described correspondence relationship information MAC-PORT-WID-SID is associated with IP-MAC, form five side's online data IP-MAC-PORT-SID-WID.
10. method as claimed in claim 9, it also comprises:
Management and control center module receives the request of IP address location, and the request of described IP address location comprises IP to be checked address;
Management and control center module is according to described IP address acquisition to be checked and return to five side's online datas corresponding to described IP to be checked address, wherein comprise switch ports themselves PORT corresponding to IP to be checked address, this port numbers is the positioning result of inquiry IP, in the record that described in described five side's online datas, IP to be checked is corresponding, comprise WID-PORT, control accordingly switch and close the network port corresponding to described IP to be checked address.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410222683.5A CN103973499B (en) | 2014-05-23 | 2014-05-23 | IP accurate positioning system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410222683.5A CN103973499B (en) | 2014-05-23 | 2014-05-23 | IP accurate positioning system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103973499A true CN103973499A (en) | 2014-08-06 |
| CN103973499B CN103973499B (en) | 2017-04-26 |
Family
ID=51242566
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410222683.5A Expired - Fee Related CN103973499B (en) | 2014-05-23 | 2014-05-23 | IP accurate positioning system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103973499B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106790736A (en) * | 2016-11-17 | 2017-05-31 | 上海斐讯数据通信技术有限公司 | A kind of autosynchronous method of IP address of terminal and cloud terminal management system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101127681A (en) * | 2007-09-05 | 2008-02-20 | 杭州华三通信技术有限公司 | Method and device for binding server MAC address with uplink port |
| US7664110B1 (en) * | 2004-02-07 | 2010-02-16 | Habanero Holdings, Inc. | Input/output controller for coupling the processor-memory complex to the fabric in fabric-backplane interprise servers |
| CN102594882A (en) * | 2012-02-08 | 2012-07-18 | 神州数码网络(北京)有限公司 | Neighbor discovery proxy method and system based on Dynamic Host Configuration Protocol for Internet Protocol Version 6 (DHCPv6) monitoring |
| CN103269278A (en) * | 2013-04-19 | 2013-08-28 | 中国(南京)未来网络产业创新中心 | Terminal equipment real-time connecting and disconnecting sensing method based on SDN |
-
2014
- 2014-05-23 CN CN201410222683.5A patent/CN103973499B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7664110B1 (en) * | 2004-02-07 | 2010-02-16 | Habanero Holdings, Inc. | Input/output controller for coupling the processor-memory complex to the fabric in fabric-backplane interprise servers |
| CN101127681A (en) * | 2007-09-05 | 2008-02-20 | 杭州华三通信技术有限公司 | Method and device for binding server MAC address with uplink port |
| CN102594882A (en) * | 2012-02-08 | 2012-07-18 | 神州数码网络(北京)有限公司 | Neighbor discovery proxy method and system based on Dynamic Host Configuration Protocol for Internet Protocol Version 6 (DHCPv6) monitoring |
| CN103269278A (en) * | 2013-04-19 | 2013-08-28 | 中国(南京)未来网络产业创新中心 | Terminal equipment real-time connecting and disconnecting sensing method based on SDN |
Non-Patent Citations (1)
| Title |
|---|
| 冯建超: "IP与MAC绑定技术的应用", 《沈阳大学学报》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106790736A (en) * | 2016-11-17 | 2017-05-31 | 上海斐讯数据通信技术有限公司 | A kind of autosynchronous method of IP address of terminal and cloud terminal management system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103973499B (en) | 2017-04-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105763426B (en) | A kind of internet of things service processing system based on multi-protocol instant messaging system | |
| CN108092884A (en) | A kind of wireless access gateway system and application process | |
| CN103795636B (en) | Multicast processing method, device and system | |
| CN103501249B (en) | A kind of NM client topology management system and method | |
| CN104796344B (en) | Method and system for realizing message forwarding based on SDN, Openflow switch and server | |
| CN105245632B (en) | A kind of different segment inter-host communication method in SDN network | |
| CN102938794A (en) | Address resolution protocol (ARP) message forwarding method, exchanger and controller | |
| CN106161248A (en) | Message forwarding method and device in a kind of VXLAN network | |
| CN102739539B (en) | Method for carrying out topology association on optical network unit (ONU) and Ethernet over coax (EOC) | |
| CN104967533B (en) | Increase the method and apparatus that IEC 61850 configures interface on a kind of SDN controllers | |
| CN104993591B (en) | A kind of distribution system long-distance maintenance method based on IEC61850 standards | |
| CN101588265A (en) | A kind of method and device that obtains the network information | |
| CN101335637A (en) | Method and device for multicast control | |
| CN104243427A (en) | Virtual machine online migration method and data package transmission method and device | |
| CN104243589B (en) | A kind of operating service plateform system and method based on Big Dipper RDSS/RNSS | |
| CN108696370B (en) | Method, device and system for binding and unbinding server and service | |
| CN103888289B (en) | Gateway control method, gateway, management and control device and system | |
| CN105635335B (en) | Social resources cut-in method, apparatus and system | |
| CN103812672A (en) | Method for discovering newly-added network element device, correlative device, and system | |
| CN101494561A (en) | Network management method and system based on simple network management protocol | |
| CN106209416B (en) | A kind of automatic discovery operational administrative ADOA system | |
| CN106413127A (en) | Method and system for connecting relay device with remote network management server, and the relay device | |
| CN103957242B (en) | A kind of things-internet gateway of IP virtualizations conversion | |
| CN103873369B (en) | Gateway and method for supporting interaction of heterogeneous network | |
| CN103973499A (en) | IP accurate positioning system and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20170426 Termination date: 20190523 |