Hi there!
This time, I will share with you about basic knowledge of fast entry broadband access network for beginners.
The broadband access network is still relatively common, so I studied the basic knowledge of the broadband access network, and here out to share with you, hoping to be useful to you.
Upstream direction, because the user's ad hoc network is uncontrolled, malicious users or malicious programs can construct illegal protocol messages and send them upwards. This will not only lead to the degradation of network equipment processing performance but also sometimes cause network equipment system disorder or even crash. In addition, if malicious users or programs send protocols and broadcasting messages over-the-top, whether legitimate or illegal, the performance of system equipment will also be significantly reduced, because the processing of protocols and broadcasting messages consumes equipment resources. Despite being in a controllable network domain, the downlink direction may also cause illegal or excessive message sending due to the stability of the device itself and the complexity of the network, which also needs to be prevented. Illegal messages include:
(1) Illegal source MAC address message. Source MAC addresses cannot be broadcast or multicast addresses because some MAC addresses have been reserved by standard organizations and cannot be used by ordinary users.
(2) Illegal agreement message. Theoretically, there is no Query message in the upstream direction of Internet Group Management Protocol (IGMP), no Report/Leave/Join message in the downstream direction, no OFFER/ACK message in the upstream direction of DHCP, no DISCOVER/REQUEST message in the downstream, no PADO and PADS message in the upstream and no ADS message in the downstream. There will be PADI and PADR messages. These messages are intercepted and filtered as needed.
(3) Super-long, ultra-short or error-checking messages, such as messages less than 64 bytes or messages greater than 1,518 bytes. Extra-long messages are allowed under certain circumstances.
For illegal messages, the general technology is to use filters to filter and discard them. The basic principle of filters is to match data messages according to the characteristics of filtered data messages defined by users. If the predefined feature is met, the message is filtered out. Most of the current switching chips have the function of message feature extraction and matching, which can complete the extraction and matching of the data link layer, network layer, an even higher level data message feature information.
The first three kinds of excessive messages will consume a lot of equipment processing resources, and the fourth kind will occupy the limited MAC address table resources of switching chips, which need to be controlled. The first three steps of processing excessive messages are: matching a specific type of message, characterized by a specific protocol message, a broadcast message (or a more specific broadcast message), a multicast message (or a more specific multicast message); counting the transmission rate of such messages; discarding the message if the transmission rate exceeds the predefined rate. The technology of overhandling protocols, broadcasting, and multicasting messages are also called message suppression. It is simple to solve the problem of excessive source MAC addresses: the upper limit of the number of user-side port MAC addresses can be set. In this way, once the port reaches the predefined number of MAC addresses, subsequent messages with new MAC addresses will be discarded. Illegal and excessive messages need to be processed at all levels of the broadband access networks, but for access nodes, because of their location in the broadband access networks, the realization of the above functions is particularly important.
That's all, I welcome everyone to leave a message and exchange in the comment area!
Thank you!
