摘要
现有的高防DNS引流方式,需用户手动修改DNS域名,SRv6基于路由转发,不需要在每个节点做标签配置,只需要设定SRv6的头、尾节点即可通过路由进行自行选路从而将数据包转发至目标。介绍了SRv6 Policy下unaware SF节点的应用模型,创新性提出在高防及WAF系统下采用SRv6引流的方式将攻击流量引入高防系统进行防护的模型,提供“即插即用”式的高防服务。
The existing advanced defense DNS drainage method requires users to manually modify the DNS domain name.SRv6 is based on routing forwarding and does not require label configuration at each node,it can automaticly choose path through routing to forward data packets to the target only by setting the head and tail nodes of SRv6.It introduces the application model of unaware SF nodes under SRv6 Policy,and innovatively proposes a model that uses SRv6 drainage to introduce attack traffic into advanced defense systems for protection under advanced defense and WAF systems,which could provide"plug and play"advanced defense services.
作者
徐宝辰
余思阳
李长连
李发财
赵通
Xu Baochen;Yu Siyang;Li Changlian;Li Facai;Zhao Tong(China Information Technology Designing&Consulting Institute Co.,Ltd.,Beijing 100048,China;Intelligent Network&Innovation Center of China Unicom,Beijing 100046,China)
出处
《邮电设计技术》
2023年第8期38-41,共4页
Designing Techniques of Posts and Telecommunications
