Method for layer-7 protocol Management

Currently, most network applications have been structured and designed on the seventh layer. This article also explains the layer-7 Protocol application for TCP/IP. First, let's get familiar with some network conditions. Currently, bandwidth management only stays at Layer 4. When BT downloads occur, dynamic IP network administrators are dumb-eyed. Using port settings to manage traffic is useless, in addition, the network administrators know what protocols they have run on their own bandwidth. Each Protocol occupies more than of the bandwidth. If you don't know, you can't say it accurately, bandwidth management based on layer-7 protocol is a new technology that can handle TCP protocol integers so that it does not send packets in queue but is concurrent ｡

Introduce layer-7 protocol Problems

Most group users use leased lines to access the Internet. The Network Management Department allocates and develops corresponding network IP address resources for registered users in the planned CIDR blocks, to ensure normal transmission of communication data. Here, static IP addresses are one of the essential configuration items, and they enjoy the "Network Communication ID card" Privilege. When configuring IP Address Resources, the network administrator, there are special requirements for its correctness, as shown in the following two aspects:

The allocated address should be within the planned subnet CIDR block;

The assigned IP address must be unique to any connected host, that is, it has no ambiguity ｡

In practice, the network administrator assigns and provides IP addresses for inbound users, it is valid only after the customer registers correctly. This provides a way for end users to directly access IP addresses, you may modify the IP address as needed. The modified IP address may result in three results during network running:

1. An invalid IP address. The IP address modified by the user is not in the planned CIDR block, and the network call is interrupted;

2. Duplicate IP addresses that conflict with the allocated and valid IP addresses that are running online and cannot be linked;

3. Illegal use of allocated resources, theft of the legitimate IP addresses of other registered users (and the machines registered with this IP address are not powered on) for online communication ｡

The first two cases can be identified and blocked by the network system, resulting in operation interruption. The third case cannot be effectively identified. If the system administrator does not take preventive measures, in the third case, the legitimate rights and interests of registered users are involved, causing great harm ｡

Working principle of TCP/IP Based on layer-7 protocol

The TCP/IP protocol model consists of four layers. The network interface layer is located between the network layer and the physical layer, consisting of NICs and device drivers. Data on this layer can be sent and accepted through a single and specific network. This singularity and uniqueness are determined by the NIC's physical address MAC. MAC must comply with the requirements of IEEE organizations, make sure that the MAC of any NIC in the world is unique and unambiguous. Therefore, the MAC is solidified in every NIC and is only granted access permissions ｡

In Ethernet, the MAC address exists in the header of each Ethernet packet. The Ethernet Switching Device implements Packet Exchange and Transmission Based on the MAC source address in the Ethernet packet header and the MAC destination address ｡

When the network layer converts the network address in the high-level protocol to the address used by the Ethernet, FDDI, TokenRing, and other protocols, it needs to map the IP address to the physical interface, to implement the ing between network nodes, the TCP/IP protocol family provides the Address Resolution Protocol (ARP) at the network interface layer ), converts an IP address to a hardware address. During network communication, the machine that initiates a hardware address resolution request sends a broadcast packet to other online machines in the network, where the IP address matches the target IP address, the system will respond to the address resolution request and return the hardware address to the source machine. Other machines in the network will not respond to this request, but they listen to these request packets, the IP address and hardware address of the source machine are recorded. It is worth noting that the ARP operating mechanism is dynamic. When the IP address and hardware address change over time, provides timely correction ｡

In reality, users may change the Client IP address or network adapter for some reason. Such changes are sometimes random, especially when they are not monitored by the network administrator, this will directly affect the secure operation of network resource environments such as network IP address management and calculation of communication traffic. In order to effectively prevent and prevent such problems and ensure the uniqueness of IP addresses, the network administrator must establish a standard IP Address Allocation Table, IP address and hardware address (MAC) Registration Form, and complete the filing ｡

Solution

The following three methods can be used to develop corresponding IP address management measures and countermeasures to monitor and prevent random IP address changes and improve the scientific and security of network management ｡

Method 1: The ARP function provided by UNIX and Windows systems is used to collect information regularly and store the output data to a database or document file, form a table that corresponds to the real-time IP address and the hardware address of the network card. Then, combine the query program with the history to automatically troubleshoot the problem and determine the cause ｡

Method 2: The network management function of the network switching device is used to improve the network fault detection capability. Currently, many kinds of network switches have built-in network management functions, such as 3ComSUPERSTACkII series switches, allows you to quickly and accurately locate and locate faulty host points ｡

Method 3: IP Address Management Based on Internet access is implemented through IP Address Allocation and router configuration. You can set static route tables to strictly match IP addresses and hardware addresses, make sure that the assigned IP address is unique ｡

Comparison of the three methods:

Method 1 no need to use additional network equipment, and the detection results need to be manually interpreted, which has a certain lag in troubleshooting non-conflicting and non-assigned IP addresses ｡

Method 2 the monitoring results are fast and accurate. switch devices with network management functions are required to automatically track IP address conflict, monitoring conflicts need to be manually completed. The Troubleshooting of non-conflicting and non-assigned IP addresses has a certain lag ｡

Method 3 the effect of IP address management on Internet access is obvious. It can automatically lock the route egress of any illegal IP address so that it can only access the internal IP address and run in the LAN, it also provides real-time troubleshooting for non-conflicting and non-assigned IP addresses, and effectively stops the access space of users with illegal IP addresses ｡