CN103973499B - IP accurate positioning system and method - Google Patents
IP accurate positioning system and method Download PDFInfo
- Publication number
- CN103973499B CN103973499B CN201410222683.5A CN201410222683A CN103973499B CN 103973499 B CN103973499 B CN 103973499B CN 201410222683 A CN201410222683 A CN 201410222683A CN 103973499 B CN103973499 B CN 103973499B
- Authority
- CN
- China
- Prior art keywords
- mac
- port
- address
- wid
- sid
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Abstract
The invention discloses an IP accurate positioning system and method. The system comprises access control modules, client modules, an agent module and a control center module, wherein the access control modules acquire the MAC of terminal addresses and a port of a switch, the MAC of the terminal addresses, the port of the switch, the identification WID of an access layer switch, the identification SID of the access control modules are made to form corresponding relation information MAC-PORT-WID-SID, and the MAC-PORT-WID-SID is transmitted to a control center; the client modules are used for transmitting heartbeat information to the agent module; the agent module is used for managing the online states of all terminals according to the heartbeat information transmitted by all the client modules and transmitting the corresponding relation information IP-MAC to the control center module in real time; the control center module is used for acquiring the MAC-PORT-WID-SID from all the access control modules, acquiring the IP-MAC from the agent module and correlating and storing the MAC-PORT-WID-SID and the IP-MAC to form five-side online data.
Description
Technical field
The present invention relates to network insertion management and control and security technology area, more particularly to a kind of IP request alignment systems and side
Method.
Background technology
The basic ICP/IP protocol of Ethernet is seven layers of hierarchy, and from top to bottom, upper layer data encapsulation is under for 7-1 layers
In layer data bag, conversely, upper layer data bag does not include lower property, such as:Three layer data bags encapsulate four layer data bags with IP
TCP, in turn, the four layer data bags only TCP attributes comprising this layer, and do not include three layers of IP attributes;Layer 2 data bag MAC
The IP of three layer data bags is encapsulated, and three layer data bags only have IP, and not comprising two layers of MAC information.IP is in seven-layer structure
Three layers, therefore IP-based network positions, can only carry out at three layers.The Access Layer major part of existing network is Layer 2 switch,
Do not support that three layer datas are forwarded, i.e., Layer 2 switch can not process IP packets, therefore IP positioning can not be realized on two layers, and
Network insertion is all that on access-layer switch, therefore the IP of access device is accurately positioned and can not realize, this is prior art
It is sorry.
IP-based the whole network positioning, follows the trail of significant to network management, data source.
The content of the invention
The present invention is being accurately positioned and Access Control difficulty to access layer network node present in solution prior art
Problem, it is proposed that a kind of IP Precise Position Systems and method, its for network management, data source follow the trail of, information security meaning
It is great.
According to an aspect of the present invention, it provides a kind of IP Precise Position Systems, and it includes:
Admission Control module, it is corresponding with switch ports themselves PORT for obtaining terminal address MAC from access-layer switch
Relation information, and by its mark WID associated storage with the access-layer switch, form terminal address MAC, switch ports themselves
Correspondence relationship information MAC-PORT-WID-SID of the mark SID of PORT, switch identification WID and Admission Control module;Then
Correspondence relationship information MAC-PORT-WID-SID is sent to into management and control center;
Client modules, it sends heartbeat message to proxy module in real time;The heartbeat message include IP address of terminal with
Correspondence relationship information IP-MAC of MAC Address;
Proxy module, its be used for according to the heartbeat message of each client modules transmission manage each terminal in wire
State, and in real time correspondence relationship information IP-MAC is sent to into management and control center module;
Management and control center module, for obtaining correspondence relationship information MAC-PORT-WID- from each Admission Control module
SID, from each proxy module correspondence relationship information IP-MAC is obtained, and is closed the correspondence according to MAC Address therein
It is that information MAC-PORT-WID-SID is associated with IP-MAC, forms five side online data IP-MAC-PORT-SID-WID.
Wherein, the Admission Control module is set up by snmp protocol with the access-layer switch and is connected, and is and it
Each access-layer switch for setting up connection gives unique mark WID.
Wherein, the Admission Control module is obtained terminal address MAC by way of snmp polling and SNMP Trap and is handed over
The correspondence relationship information of port PO RT of changing planes.
Wherein, the proxy module is corresponded with the Admission Control module.
Wherein, the client modules are located at terminal device, for the registration of terminal device, end message upload, terminal
Running environment monitoring, the instruction of response agent module and receive and show the notice of proxy module.
Wherein, the client periodically sends heartbeat message to proxy module, and the proxy module detects the heartbeat
Correspondence relationship information IP-MAC in information changes, then change information is sent to management and control center module.
Wherein, the management and control center module configures the information of each Admission Control module, is that it gives unique mark SID.
Wherein, the management and control center module also receives IP and is accurately positioned request, and is accurately positioned in request according to the IP
IP address, return corresponding with the IP address five side's online data.
According to a further aspect of the invention, it provides a kind of IP accurate positioning methods, and it includes
Admission Control module is believed from the corresponding relation that access-layer switch obtains terminal address MAC and switch ports themselves PORT
Breath, and it is associated with mark WID of the access-layer switch to form terminal address MAC, switch ports themselves PORT, switch
Correspondence relationship information MAC-PORT-WID-SID of the mark ID of mark WID and Admission Control module;Then the correspondence is closed
It is that information MAC-PORT-WID-SID is sent to management and control center;
Client modules send heartbeat message to proxy module, and the heartbeat message includes IP address of terminal and MAC Address
Correspondence relationship information IP-MAC;
Proxy module receives the heartbeat message, and in real time correspondence relationship information IP-MAC is sent to into management and control center
Module;
Management and control center module according to correspondence relationship information MAC-PORT-WID-SID obtained from Admission Control module,
From correspondence relationship information IP-MAC that proxy module is obtained, and according to MAC Address therein by the correspondence relationship information
MAC-PORT-WID-SID is associated with IP-MAC, forms five side online data IP-MAC-PORT-SID-WID.
The method also includes:
Management and control center module receives IP address Location Request, and the IP address Location Request includes IP address to be checked;
Management and control center module obtains and returns corresponding five side of the IP address to be checked according to the IP address to be checked
Online data.
According to the systems and methods that the present invention is provided, using the teaching of the invention it is possible to provide the IP across three-layer network is accurately positioned, can be with
The position of IP address is navigated to into access-layer switch physical port in network-wide basis, is network management, data source tracking, information
Safely provide strong means and instrument.
Description of the drawings
Fig. 1 is IP Precise Position Systems structure chart in the present invention;
Fig. 2 is the flow chart of IP accurate positioning methods in the present invention.
Specific embodiment
To make the object, technical solutions and advantages of the present invention become more apparent, below in conjunction with specific embodiment, and reference
Accompanying drawing, the present invention is described in further detail.
The layering of ICP/IP protocol, makes not comprising two layers of information in three layer data bags, therefore, the number of tri- layers of forwardings of Jing
According to bag IP address, can only be substantially navigate to IP scopes, it is impossible to be pin-pointed to access layer port.And for access-in management and
The information source positioning of information security and tracking, it is very valuable that two layers are accurately positioned.It is long-term that the whole network IP is accurately positioned
A difficult problem for puzzlement industry, can be with this problem of effectively solving by the present invention.
Fig. 1 shows a kind of structure and operation logic schematic diagram of IP Precise Position Systems proposed by the present invention.Such as Fig. 1 institutes
Show, the system includes:
Admission Control module SEAD, for obtaining the right of terminal address MAC- switch ports themselves PORT from access-layer switch
Relation information (MAC-PORT) is answered, that is, obtains the terminal MAC address being linked on each port of the access-layer switch, and will
It is associated with mark WID of the access-layer switch, forms terminal address MAC- switch ports themselves PORT- switch identifications
WID corresponding relations (MAC-PORT-WID-SID), SID is No. ID of SEAD;The MAC-PORT information includes:The Access Layer
Switch each port numbers, access corresponding port terminal device MAC Address;The MAC-PORT-WID information includes:Institute
State each port of access-layer switch, the MAC Address of the terminal device of access corresponding port, access-layer switch mark WID;Institute
State Admission Control module to be additionally operable to MAC-PORT-WID information transmissions to management and control center;Wherein, the SEAD is to exchanging wheel
Ask, the MAC-PORT data on the switch of acquisition, once the data change, will changing unit be sent in management and control
The heart.
Client modules Client, periodically sends heartbeat message, to show that its is online based on predetermined period to proxy module
State;The heartbeat message includes the corresponding informance (IP-MAC) of IP address of terminal-MAC Address;The IP-MAC data are Jing MAC
Protection, IP is the currently used IP of terminal, and MAC is the network interface card physics MAC for sending heartbeat terminal.
Proxy module PROXY, it is used to manage each client according to the heartbeat message of each client modules transmission
Presence, and in real time IP address of terminal in the heartbeat message-MAC Address corresponding informance is sent to into management and control center module;
Management and control center module MCC, for obtaining MAC-PORT-WID-SID information from each Admission Control module SEAD;Its
Also obtain each IP address of terminal-MAC Address corresponding informance from each proxy module, and according to the MAC Address by the end
End address MAC- switch ports themselves PORT- switch identifications WID are associated with IP address of terminal correspondence, form five side's online datas
IP-MAC-PORT-SID-WID。
In the system, the Admission Control module SEAD is logically located between access switch and management and control center MCC, thing
The reachable any positions of IP in network are may be located in reason, it is mainly used in controlling access-layer switch, and obtains institute's management and control
The network insertion state of the terminal device on the port of access-layer switch.
The Admission Control module SEAD sets up communication by snmp protocol and access-layer switch first, and for Access Layer
Switch gives unique mark WID, and SEAD is registered to into MCC by arranging communications protocol, sets up the communication of SEAD to MCC,
MCC gives SEAD unique marks SID;Afterwards it passes through the information of access-layer switch acquisition terminal equipment, such as terminal device
Address MAC and its corresponding switch ports themselves PORT etc.;Its acquisition mode can by the way of the Trap of snmp polling and SNMP,
Data for collecting are included access-layer switch for it unique mark WID, port PO RT of access-layer switch and access
To the corresponding informance write into Databasce of the MAC Address of the terminal device of corresponding port, and update timestamp.
The Admission Control module is in real time by unique mark WID of the access-layer switch for being stored, access-layer switch
Port address PORT and the corresponding informance of MAC Address of the terminal device for accessing to corresponding port be sent to management and control center.
The client modules are located at terminal device, are mainly used in registration, end message upload, the terminal fortune of terminal device
Row environment measuring (system account weak passwurd, illegal external connection, third party's fail-safe software operation conditions etc.), the finger of response agent module
Make, receive and show notice of proxy module etc..In the inventive solutions, it periodically sends heartbeat letter to proxy module
Breath, to show its current presence, the heartbeat message includes the IP address of client modules place terminal device
And MAC Address.
The proxy module is mainly the client modules service, is one-to-one relationship with SEAD, and with SEAD at
In same position, physically may be on same equipment, for safeguarding the authentication data of client modules, receive client mould
The heartbeat message of block, maintains terminal device presence, issues and specifies strategy and notify, the work(such as response terminal device abnormal conditions
Energy.On single server apparatus, configuration is different from the separate tP address of SEAD to MCC.
The proxy module also receives the log-on message of client modules, including client modules place terminal device
The information such as MAC Address, IP address;It also receives the heartbeat message of client modules, and safeguards the client according to heartbeat message
The presence at end.If not receiving the heartbeat message of client modules in intended duration, by the client modules be set to from
Line states.
The corresponding informance of the IP address obtained from client modules and MAC Address is also synchronized to management and control by the proxy module
Center module, proxy module real-time reception client heartbeat data obtains IP-MAC corresponding relations in terminal, and data once occur
Change, will changing unit be sent to management and control center.
The management and control center module, for configuring the information of each Admission Control module SEAD, including its unique mark SID
And IP address, and receive terminal MAC-PORT-WID of each Admission Control module SEAD transmissions;Simultaneously Receiving Agent module is sent out
The terminal IP-MAC information sent, by major key of MAC Address above- mentioned information is associated, and formation includes terminal IP- terminal MAC- switch
Port PO RT- switch identification WID- Admission Control module identifies five side's online datas of SID.
The management and control center module realizes IP accurate positioning functions according to five side's online datas, when to management and control center module
After sending request IP location informations, management and control center module returns corresponding record in the corresponding five sides online data of the IP address.IP
Location Request can be input on the interface of MCC, it is also possible to be obtained from other systems by data-interface.
Fig. 2 shows a kind of flow chart of IP accurate positioning methods proposed by the present invention.As shown in Fig. 2 it includes:
Admission Control module obtains terminal MAC address and corresponding switch ports themselves PORT on access-layer switch, and
It is sent to into management and control center module with the identification information WID of the access-layer switch;
Client modules send heartbeat message to proxy module, and the heartbeat message includes client modules place terminal IP
Address and MAC Address;
Proxy module receives the heartbeat message, and sends it to management and control center module;
Management and control center module according to correspondence relationship information MAC-PORT-WID-SID obtained from Admission Control module,
From correspondence relationship information IP-MAC that proxy module is obtained, and according to MAC Address therein by the correspondence relationship information
MAC-PORT-WID-SID is associated with IP-MAC, forms five side online data IP-MAC-PORT-SID-WID, and according to receiving
IP address the precise position information of the corresponding terminal device of the IP address is extracted from the five sides online data.
Said method also includes:
Management and control center module receives IP address Location Request, and the IP address Location Request includes the IP to be inquired about ground
Location;
Management and control center module inquires about the five sides online data table according to the IP address, and by the IP address corresponding five
Square online data is returned.
The present invention can obtain the complete precise location information of the IP address by above-mentioned localization method, and the IP is located at numbering
For under the SEAD of SID, numbering is on the switch of WID, port numbers are on the port of POTR;
WID therein is switch ID, and the management ip address of switch can be converted into by switch configuration data;
The IP address of switch is input in system initialization process, stores on SEAD and synchronized transmission is to MCC.
Obtained after the precise location information of the IP address by said method proposed by the present invention, can will be therein
PORT issues the switch management IP address that numbering is WID as switch ports themselves parameter Jing SNMP is closed, to cut off the IP's
Network connection.
Particular embodiments described above, has been carried out further in detail to the purpose of the present invention, technical scheme and beneficial effect
Describe in detail bright, it should be understood that the foregoing is only the specific embodiment of the present invention, be not limited to the present invention, it is all
Within the spirit and principles in the present invention, any modification, equivalent substitution and improvements done etc. should be included in the protection of the present invention
Within the scope of.
Claims (10)
1. a kind of IP Precise Position Systems, it includes:
Admission Control module, for obtaining the corresponding relation of terminal address MAC and switch ports themselves PORT from access-layer switch
Information, and by its mark WID associated storage with the access-layer switch, form terminal address MAC, switch ports themselves
Correspondence relationship information MAC-PORT-WID-SID of the mark SID of PORT, switch identification WID and Admission Control module;Then
Correspondence relationship information MAC-PORT-WID-SID is sent to into management and control center;
Client modules, it sends heartbeat message to proxy module in real time;The heartbeat message includes IP address of terminal with MAC ground
Correspondence relationship information IP-MAC of location;
Proxy module, it is used to manage the presence of each terminal according to the heartbeat message of each client modules transmission, and
In real time correspondence relationship information IP-MAC is sent to into management and control center;
Management and control center, for obtaining correspondence relationship information MAC-PORT-WID-SID from each Admission Control module, from each
Individual proxy module obtains correspondence relationship information IP-MAC, and according to MAC Address therein by the correspondence relationship information
MAC-PORT-WID-SID is associated with IP-MAC, forms five side online data IP-MAC-PORT-SID-WID.
2. the system as claimed in claim 1, wherein, the Admission Control module is assisted with the access-layer switch by SNMP
View sets up connection, and each access-layer switch to establish a connection gives unique mark WID.
3. the system as claimed in claim 1, wherein, the Admission Control module is by snmp polling and the side of SNMP Trap
Formula obtains the correspondence relationship information of terminal address MAC and switch ports themselves PORT.
4. the system as claimed in claim 1, wherein, the proxy module is corresponded with the Admission Control module.
5. the system as claimed in claim 1, wherein, the client modules are located at terminal device, for the note of terminal device
Volume, end message are uploaded, terminal operating environment monitoring, the instruction of response agent module and receive and show the logical of proxy module
Know.
6. the system as claimed in claim 1, wherein, the client periodically sends heartbeat message, the generation to proxy module
Reason correspondence relationship information IP-MAC that detects in the heartbeat message of module changes, then by change information send to
Management and control center.
7. the system as claimed in claim 1, wherein, the information of the management and control center configuration each Admission Control module, is it
Give unique mark SID.
8. the system as claimed in claim 1, wherein, the management and control center also receives IP and is accurately positioned request, and according to described
IP is accurately positioned the IP address in request, returns five side's online data corresponding with the IP address.
9. a kind of IP accurate positioning methods, it includes:
Admission Control module obtains the correspondence relationship information of terminal address MAC and switch ports themselves PORT from access-layer switch,
And associate it with mark WID of the access-layer switch to form terminal address MAC, switch ports themselves PORT, switch mark
Know correspondence relationship information MAC-PORT-WID-SID of the mark SID of WID and Admission Control module;Then by the corresponding relation
Information MAC-PORT-WID-SID is sent to management and control center;
Client modules send heartbeat message to proxy module, and the heartbeat message includes that IP address of terminal is right with MAC Address
Answer relation information IP-MAC;
Proxy module receives the heartbeat message, and in real time correspondence relationship information IP-MAC is sent to into management and control center;
Management and control center according to correspondence relationship information MAC-PORT-WID-SID obtained from Admission Control module, from acting on behalf of mould
Correspondence relationship information IP-MAC that block is obtained, and according to MAC Address therein by correspondence relationship information MAC-PORT-
WID-SID is associated with IP-MAC, forms five side online data IP-MAC-PORT-SID-WID.
10. method as claimed in claim 9, it also includes:
Management and control center receives IP address Location Request, and the IP address Location Request includes IP address to be checked;
Management and control center obtains and returns the corresponding five sides online data of the IP address to be checked according to the IP address to be checked,
Corresponding switch ports themselves number PORT of IP address to be checked is wherein included, the port numbers as inquire about the positioning result of IP, described
Include WID-PORT in the corresponding records of IP to be checked described in five side's online datas, control accordingly switch close it is described to be checked
Ask the corresponding network port of IP address.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410222683.5A CN103973499B (en) | 2014-05-23 | 2014-05-23 | IP accurate positioning system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410222683.5A CN103973499B (en) | 2014-05-23 | 2014-05-23 | IP accurate positioning system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103973499A CN103973499A (en) | 2014-08-06 |
| CN103973499B true CN103973499B (en) | 2017-04-26 |
Family
ID=51242566
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410222683.5A Expired - Fee Related CN103973499B (en) | 2014-05-23 | 2014-05-23 | IP accurate positioning system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103973499B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106790736A (en) * | 2016-11-17 | 2017-05-31 | 上海斐讯数据通信技术有限公司 | A kind of autosynchronous method of IP address of terminal and cloud terminal management system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101127681A (en) * | 2007-09-05 | 2008-02-20 | 杭州华三通信技术有限公司 | Method and device for binding server MAC address with uplink port |
| US7664110B1 (en) * | 2004-02-07 | 2010-02-16 | Habanero Holdings, Inc. | Input/output controller for coupling the processor-memory complex to the fabric in fabric-backplane interprise servers |
| CN102594882A (en) * | 2012-02-08 | 2012-07-18 | 神州数码网络(北京)有限公司 | Neighbor discovery proxy method and system based on Dynamic Host Configuration Protocol for Internet Protocol Version 6 (DHCPv6) monitoring |
| CN103269278A (en) * | 2013-04-19 | 2013-08-28 | 中国(南京)未来网络产业创新中心 | Terminal equipment real-time connecting and disconnecting sensing method based on SDN |
-
2014
- 2014-05-23 CN CN201410222683.5A patent/CN103973499B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7664110B1 (en) * | 2004-02-07 | 2010-02-16 | Habanero Holdings, Inc. | Input/output controller for coupling the processor-memory complex to the fabric in fabric-backplane interprise servers |
| CN101127681A (en) * | 2007-09-05 | 2008-02-20 | 杭州华三通信技术有限公司 | Method and device for binding server MAC address with uplink port |
| CN102594882A (en) * | 2012-02-08 | 2012-07-18 | 神州数码网络(北京)有限公司 | Neighbor discovery proxy method and system based on Dynamic Host Configuration Protocol for Internet Protocol Version 6 (DHCPv6) monitoring |
| CN103269278A (en) * | 2013-04-19 | 2013-08-28 | 中国(南京)未来网络产业创新中心 | Terminal equipment real-time connecting and disconnecting sensing method based on SDN |
Non-Patent Citations (1)
| Title |
|---|
| IP与MAC绑定技术的应用;冯建超;《沈阳大学学报》;20091215;第21卷(第6期);第7-8页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103973499A (en) | 2014-08-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105763426B (en) | A kind of internet of things service processing system based on multi-protocol instant messaging system | |
| CN105207853B (en) | A kind of LAN method for managing and monitoring | |
| CN104967533B (en) | Increase the method and apparatus that IEC 61850 configures interface on a kind of SDN controllers | |
| CN104539457B (en) | Equipment based on software definition technology unifies the methods, devices and systems of management and control | |
| CN103501249B (en) | A kind of NM client topology management system and method | |
| CN108092884A (en) | A kind of wireless access gateway system and application process | |
| CN103490962B (en) | A kind of Internet of Things access platform system and Internet of things access method | |
| CN101785283B (en) | Methods and devices for communicating diagnosis data in a real time communication network | |
| CN104883390B (en) | A kind of method and device accessing third party's video monitoring equipment | |
| CN101164283A (en) | Method and system of performing initialization configuration to managed equipment | |
| CN105376101B (en) | A kind of method and system of material object equipment access of virtual network | |
| CN104115445B (en) | Verify the method, apparatus and unit of the communication network of industrial automation and control system | |
| CN109525601A (en) | The lateral flow partition method and device of terminal room in Intranet | |
| CN104506598B (en) | A kind of electric power terminal management method of mixed networking | |
| CN103957171B (en) | Connection control method and system based on intelligent exchange physical port and MAC Address | |
| CN105791024B (en) | The improvement system and method for third party's united net management on access device | |
| CN110460483A (en) | A kind of Profinet and Modbus equipment isomery network-building method based on SDN | |
| CN105635335B (en) | Social resources cut-in method, apparatus and system | |
| CN103812672A (en) | Method for discovering newly-added network element device, correlative device, and system | |
| CN103973499B (en) | IP accurate positioning system and method | |
| CN103888289B (en) | Gateway control method, gateway, management and control device and system | |
| CN109410086A (en) | Wlding release management system | |
| CN101494561A (en) | Network management method and system based on simple network management protocol | |
| CN103873369B (en) | Gateway and method for supporting interaction of heterogeneous network | |
| CN104181415A (en) | Managing and monitoring system for direct current of transformer neutral point |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20170426 Termination date: 20190523 |