Search

KR-102961944-B1 - NETWORK SWITCH FOR SETTING UP PORT MIRRORING USING A DEDICATED MIRROR PORT AND METHOD THEREOF

KR102961944B1KR 102961944 B1KR102961944 B1KR 102961944B1KR-102961944-B1

Abstract

A network switch comprises a plurality of ports connected to a plurality of external devices, into which packets are received from the plurality of external devices and which output packets to the plurality of external devices; a dedicated mirror port connected to a control device, which outputs a packet replicated from at least one of the plurality of ports to the control device; and a port mirroring control unit that sets at least one of the plurality of ports as a mirroring source port and replicates a packet delivered to the at least one port set as the mirroring source port to the dedicated mirror port, wherein the port mirroring control unit controls the dedicated mirror port to perform port mirroring in a fixed manner according to prior design information.

Inventors

  • 박익동

Assignees

  • (주)한드림넷

Dates

Publication Date
20260507
Application Date
20250429

Claims (17)

  1. A plurality of ports connected to a plurality of external devices, wherein packets are received from the plurality of external devices and packets are output to the plurality of external devices, A dedicated mirror port connected to a control device and outputting a duplicated packet to the control device from at least one port configured as a mirroring source port among the plurality of ports, and It includes a port mirroring control unit that sets at least one port among the plurality of ports as a mirroring source port and replicates packets transmitted to the at least one port set as the mirroring source port to the dedicated mirror port. The above dedicated mirror port is, It is configured to perform fixed port mirroring based on prior design information, and The above port mirroring control unit is, A network switch that receives mirroring setting information from the control device through the dedicated mirror port and sets at least one port among the plurality of ports as a mirroring source port based on the received mirroring setting information.
  2. delete
  3. In paragraph 1, The above mirroring setting information is, Includes mirroring source port information selected through a user interface provided by the above-mentioned control device, and The above user interface is, A network switch that provides the above-mentioned plurality of ports as candidates for mirroring targets and receives from a user at least one port among the above-mentioned plurality of ports as a mirroring source port.
  4. In Paragraph 3, The above mirroring setting information is, A network switch comprising information related to the addition, deletion, and modification of mirroring source ports created according to the user's selection through the user interface.
  5. In Paragraph 3, The above port mirroring control unit is, A network switch that obtains mirroring setting information in real time from a control link connected via control protocol communication between the control device and the dedicated mirror port.
  6. In paragraph 5, The above control protocol communication is, A network switch including LLDP (Link Layer Discovery Protocol) communication.
  7. In paragraph 5, The above port mirroring control unit is, A network switch that acquires an authentication packet transmitted by the control device from the dedicated mirror port, performs authentication to determine whether a password included in the authentication packet matches a previously stored password, allows mirroring according to the mirroring setting information if the authentication is successful, and blocks mirroring according to the mirroring setting information if the authentication fails.
  8. In Paragraph 7, The above authentication packet is, It is encrypted and transmitted using a key exchange algorithm, and The above port mirroring control unit is, A network switch that obtains the password by decrypting an encrypted authentication packet.
  9. In paragraph 5, The above port mirroring control unit is, A network switch that monitors packets flowing into the dedicated mirror port and discards packets that do not conform to the specifications of the control protocol communication.
  10. In paragraph 5, The above port mirroring control unit is, A network switch that transmits at least one of switch status information, port information possessed by the network switch, and port information set as a mirroring source port to the control device via the control link using a packet according to the specifications of the control protocol communication.
  11. As a method of operation for a network switch, Step of setting a dedicated mirror port to perform fixed port mirroring according to prior design information, A step of receiving mirroring setting information from a control device connected to the dedicated mirror port through the configured dedicated mirror port, A step of setting at least one port among a plurality of ports possessed by the network switch as a mirroring source port according to the mirroring setting information, and A step of replicating a packet transmitted to at least one port configured as the mirroring source port to the dedicated mirror port, and transmitting the replicated packet to the control device through the dedicated mirror port. A method including
  12. In Paragraph 11, Between the step of setting the dedicated mirror port and the step of receiving the mirroring setting information, The method further includes the step of creating an LLDP (Link Layer Discovery Protocol) link connected between the control device and the dedicated mirror port, The above mirroring setting information is, A method obtained from an LLDP packet received in real time from the above-mentioned control device.
  13. In Paragraph 12, Between the step of creating the above LLDP link and the step of receiving the above mirroring setting information, The step of receiving an encrypted LLDP packet requesting authentication from the control device, A step of decrypting the above-mentioned encrypted LLDP packet, extracting a password from the decrypted LLDP packet, and determining whether the extracted password matches a previously registered password; and A step of allowing or blocking mirroring according to the mirroring setting information based on whether the above passwords match. A method that further includes.
  14. In Paragraph 12, After the step of setting the dedicated mirror port mentioned above, A step of monitoring packets entering the dedicated mirror port and discarding them if they are not LLDP packets. A method that further includes.
  15. In Paragraph 12, After the step of setting the above mirroring source port, A step of transmitting at least one of switch status information, port information possessed by the network switch, and port information set as a mirroring source port to the control device via the LLDP packet. A method that further includes.
  16. In Paragraph 11, The above mirroring setting information is, It is generated based on information selected or entered by the user on the user interface provided by the control device, and The above user interface is, A method of providing the plurality of ports as candidates for mirroring targets and receiving from a user at least one port among the plurality of ports as a mirroring source port.
  17. In Paragraph 16, The above user interface is, A method of providing port information configured as a plurality of ports and a mirroring source port, and receiving input from the user for the addition, deletion, and modification of the mirroring source port.

Description

Network switch capable of setting up port mirroring using a dedicated mirror port and method thereof The present disclosure relates to a network switch capable of port mirroring configuration using a dedicated mirror port and a method thereof. Port mirroring refers to the function of forwarding copies of all packets transmitted to and received on a specific port to another port. Conventionally, to use the port mirroring function on a network switch, a specific port must be configured as a mirroring port. For example, conventional network switches are typically configured with 4, 8, 16, 24, 32, or 48 ports, and one of these ports is used for port mirroring. However, conventional technology has limitations in that network administrators must directly configure mirroring ports, and they can only change settings by entering complex commands through a user interface (UI) or within the network switch. Therefore, if the mirroring target changes, there is the inconvenience of a network administrator having to intervene and change the mirroring port settings again. As a result, it is difficult for users to control or change the mirroring port in real time. FIG. 1 is a configuration diagram of a network switch according to one embodiment. FIG. 2 is a flowchart illustrating a port mirroring control method according to one embodiment. FIG. 3 is a flowchart illustrating the port mirroring operation of a network switch according to one embodiment. FIG. 4 is a flowchart illustrating the authentication operation of a network switch according to one embodiment. FIG. 5 is a flowchart illustrating the packet monitoring operation of a network switch according to one embodiment. FIG. 6 is a flowchart illustrating the port mirroring setting operation of a control device according to one embodiment. FIG. 7 is a flowchart illustrating a port mirroring control method according to another embodiment. FIG. 8 is a flowchart illustrating a port mirroring control method according to another embodiment. Embodiments of the present disclosure are described below with reference to the attached drawings so that those skilled in the art can easily implement them. However, the present disclosure may be embodied in various different forms and is not limited to the embodiments described herein. Furthermore, in order to clearly explain the present disclosure in the drawings, parts unrelated to the explanation have been omitted, and similar parts throughout the specification are denoted by similar reference numerals. In descriptions, when a part is said to "include" a certain component, this means that, unless specifically stated otherwise, it does not exclude other components but may include additional components. In the description, terms such as "…part," "…unit," and "…module" refer to a unit that processes at least one function or operation, which may be implemented in hardware, software, or a combination of hardware and software. In the description, drawing symbols and names are provided for convenience of explanation and are not strictly limited to the drawing symbols or names. In the description, "transmission," "delivery," or "provision" may include not only direct transmission, delivery, or provision, but also indirect transmission, delivery, or provision through another device or by using an alternative route. In the description, the same reference numeral refers to the same component regardless of the drawing, and "and/or" includes each of the mentioned components and all combinations of one or more. In the description, terms including ordinal numbers, such as first, second, etc., may be used to describe various components, but said components are not limited by said terms. Such terms are used solely for the purpose of distinguishing one component from another. For example, without departing from the scope of the present disclosure, the first component may be named the second component, and similarly, the second component may be named the first component. In the description, expressions written in the singular may be interpreted as singular or plural unless explicit expressions such as "one" or "singular" are used. In the description, the order of operations listed in the flowchart may be changed, multiple operations may be merged or split, and certain operations may not be performed. In the description, each of the various devices is composed of hardware including at least one processor, memory, communication device, etc., and a computer program that is executed in combination with the hardware is stored in a designated location. The hardware has a configuration and performance capable of executing the method of the present disclosure. The computer program includes instructions that implement the method of operation of the present disclosure described with reference to the drawings, and executes the present disclosure in combination with hardware such as a processor and memory. FIG. 1 is a configuration diagram of a network switch acco