VMAC
VMAC can be used to solve MAC spoofing of service servers in various access environments.
(2) Static configuration of MAC address of service server
Manually configure the MAC of the service server to the static MAC address table of the access node switching chip, so that the learning of the MAC address of the service server will not migrate. Although this method is simple, it has poor flexibility and scalability.
(3) Automatic Configuration of MAC Address of Service Server
This is a method proposed in this paper to solve the problem of MAC address spoofing in service servers. The basic idea is to let access nodes act as PPPoE or DHCP clients, and periodically initiate PPPoE or DHCP requests, so that BRAS and DHCP server/relay MAC addresses can be dynamically obtained. Its advantages are obvious: it can use existing protocols, without manual configuration, without modifying data packets, without affecting other protocols.
IP spoofing exists in the scenario of IPoE access. It can use other people's IP addresses, steal services, or broadband access network without DHCP configuration information, which hinders the unified management of operators. To solve this problem, we need to implement "DHCP IP Source Guard" on access nodes, monitor protocol messages between users and DHCP servers/relays, and discard all the other upstream messages except DHCP protocol messages before users get configuration information. Once DHCP ACK message is monitored, it binds < assigned IP, user MAC > to user port, enabling the sending of upstream data message, while ensuring that the upstream data message is consistent with the bound < assigned IP, user MAC>. When the DHCP lease expires, the bundle is cancelled and the upstream non-DHCP protocol message is stopped.
