Method For Protecting Digital Subscriber Line Access Multiplexer, DSLAM And XDSL Single Service Board

Abstract

A method for protecting a Digital Subscriber Line Access Multiplexer (DSLAM) includes: capturing specific protocol packets at an XDSL port by hardware of an XDSL single service board; and sending the captured specific protocol packets to a CPU of the XDSL single service board; determining whether the traffic amount of the specific protocol packets in a time unit exceeds a predefined threshold, if the traffic amount does not exceed the predefined threshold, submitting the specific protocol packets to a CPU of the host; otherwise stopping submitting the specific protocol packets to the CPU of the host. The method and the XDSL single service board provided by embodiments of the present invention need not manually set Media Access Control (MAC) address or maximum MAC address learning number for each XDSL port, which cuts down the maintenance workload, and on the other hand, reduces the loss of important protocol packets and lowers the load of the CPU.

Description

DRAWINGS

The drawings described herein are for illustration purposes only and are not intended to limit the scope of the present disclosure in any way.

FIG. 1 is a schematic diagram illustrating a distributed bus network with a DSLAM device according to an embodiment of the present invention.

FIG. 2 is a schematic diagram illustrating a structure of an XDSL single service board according to an embodiment of the present invention.

FIG. 3 is a flowchart of the DSLAM device protection method according to an embodiment of the present invention.

Claims

1. A method for protecting a Digital Subscriber Line Access Multiplexer (DSLAM), comprising: capturing, by hardware of a Digital Subscriber Line (XDSL) single service board, specific protocol packets at an XDSL port; andsending, by the hardware of the XDSL single service board, the specific protocol packets captured to a Central Processing Unit (CPU) of the XDSL single service board;determining, by the CPU of the XDSL single service board, whether the traffic amount of the specific protocol packets in a time unit exceeds a predefined threshold, and if the traffic amount of the specific protocol packets does not exceed the predefined threshold, submitting the specific protocol packets to a CPU of a host for processing; otherwise, stopping submitting the specific protocol packets to the CPU of the host.

2. The method of claim 1, further comprising: determining, by the CPU of the XDSL single service board, the type of the specific protocol packets after the hardware of the XDSL single service board sends the specific protocol packets captured to the CPU of the XDSL single service board; andthe process of determining whether the traffic amount of the specific protocol packets in a time unit exceeds a predefined threshold comprising: determining, by the CPU of the XDSL single service board, whether the traffic amount of each type of the specific protocol packets in a time unit exceeds a respective predefined threshold, and if the traffic amount of each type of the specific protocol packets does not exceed their respective predefined threshold, submitting each type of the specific protocol packets to the CPU of the host for further processing; otherwise, stopping submitting each type of the specific protocol packets to the CPU of the host.

3. The method of claim 1, further comprising: upon stopping submitting the specific protocol packets to the CPU of the host, sending, by the CPU of the XDSL single service board, to the host a message indicating that there is an attack on the XDSL port, andadding, by the host, the XDSL port into a blacklist.

4. The method of claim 3, further comprising: after adding the XDSL port into the blacklist by the host, determining, by the CPU of the XDSL single service board, whether the traffic amount of the specific protocol packets in a time unit still exceeds the predefined threshold, and if the traffic amount of the specific protocol packets does not exceed the predefined threshold, sending a message by the CPU of the XDSL single service board to the host indicating that there is no attack on the XDSL port, removing, by the host, the XDSL port out of the blacklist, receiving and processing the specific protocol packets by the host; otherwise, sending no message to the host by the CPU of the XDSL single service board.

5. The method of claim 4, wherein the process of determining whether the traffic amount of the specific protocol packets in a time unit still exceeds the predefined threshold by the CPU of the XDSL single service board is performed at regular intervals.

6. The method of claim 1, further comprising: upon stopping submitting the specific protocol packets to the CPU of the host, discarding, by the CPU of the XDSL single service board, the specific protocol packets.

7. The method of claim 1, wherein the specific protocol packets include one or any combination of the followings: Address Resolution Protocol (ARP) packet, Internet Group Management Protocol (IGMP) packet, PPP over Ethernet (PPPOE) packet and Dynamic Host Configuration Protocol (DHCP) packet.

8. A Digital Subscriber Line (XDSL) single service board, comprising: an XDSL port;an element configured to capture specific protocol packets at the XDSL port and send the specific protocol packets;a Central Processing Unit (CPU), configured to determine whether the traffic amount of the specific protocol packets in a time unit exceeds a predefined threshold, submit the specific protocol packets to a CPU of the host for processing if the traffic amount of the specific protocol packets does not exceed the predefined threshold, and stop submitting the specific protocol packets to the CPU of the host if the traffic amount of the specific protocol packets exceeds the predefined threshold

9. The XDSL single service board of claim 8, wherein the CPU of the XDSL single service board is adapted to send to the host a message indicating that there is an attack on the XDSL port and discard the specific protocol packets when it is determined that the traffic amount of the specific protocol packets exceeds the predefined threshold.

10. A Digital Subscriber Line Access Multiplexer (DSLAM), comprising: a host, equipped with a Central Processing Unit (CPU), and configured to process specific protocol packets;a Digital Subscriber Line (XDSL) single service board, connected with the host, and configured to capture specific protocol packets and determine whether the traffic amount of the specific protocol packets in a time unit exceeds a predefined threshold, if the traffic amount of the specific protocol packets does not exceed the predefined threshold, submit the specific protocol packets to the CPU of the host for processing; otherwise, stop submitting the specific protocol packets to the CPU of the host.

11. The DSLAM of claim 10, wherein the XDSL single service board comprises: an XDSL port;an element configured to capture specific protocol packets at the XDSL port and send the specific protocol packets;a Central Processing Unit (CPU), configured to determine whether the traffic amount of the specific protocol packets in a time unit exceeds a predefined threshold, submit the specific protocol packets to a CPU of the host for processing if the traffic amount of the specific protocol packets does not exceed the predefined threshold, and stop submitting the specific protocol packets to the CPU of the host if the traffic amount of the specific protocol packets exceeds the predefined threshold.

12. The DSLAM of claim 11, wherein the CPU of the XDSL single service board is adapted to send to the host a message indicating that there is an attack on the XDSL port and discard the specific protocol packets when it is determined that the traffic amount of the specific protocol packets exceeds the predefined threshold.

13. The DSLAM of claim 10, wherein the CPU of the host is further configured to adding the XDSL port into a black list when there is an attack on the XDSL port; and removing the XDSL port out of the black list when there is no attack on the XDSL port.