CN100448227C - Business flow idnetifying method - Google Patents
Business flow idnetifying method Download PDFInfo
- Publication number
- CN100448227C CN100448227C CNB2005100938056A CN200510093805A CN100448227C CN 100448227 C CN100448227 C CN 100448227C CN B2005100938056 A CNB2005100938056 A CN B2005100938056A CN 200510093805 A CN200510093805 A CN 200510093805A CN 100448227 C CN100448227 C CN 100448227C
- Authority
- CN
- China
- Prior art keywords
- packet
- business
- business stream
- stream
- match parameter
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The present invention discloses a business flow identifying method, which needs to use identified business flow characteristic information as consideration and find a data packet with the characteristic information; matching parameters are picked up from the data packet, and the matching parameters are used as foundation to build up a business flow table. The business flow needs to be identified can be determined as long as the subsequent data packet hits the business flow table. The present invention is not influenced by fixed parameter change, such as IP numbers, port numbers, etc. in the packet head of the data packet, for the present does not use traditional business flow identifying method which uses the fixed parameter in the packet head of the data packet as the consideration. The data packet of the business flow can be identified correctly even the fixed parameter is under dynamic application.
Description
Technical field
The present invention relates to data communication method, relate in particular to a kind of recognition methods of Business Stream.
Background technology
The mass data of transmission over networks can be regarded as the composition of multinomial Business Stream, and every Business Stream has specific service feature.What adopt such as HTTP applied business stream all is HTML (Hypertext Markup Language), and what FTP applied business stream adopted all is file transfer protocol (FTP).
Just because of the Business Stream that exists numerous and complicated on the network, therefore need sometimes the data identification of some Business Stream is come out, so that further handle and process.Such as forbidding that some data that harm is arranged in transmission over networks, passed through the packet that how much meets the demands on the phase-split network, for the packet that meets the demands is selected specific route and carried out QOS (service quality) and handle or the like.
A Business Stream may comprise a data flow, also may comprise several data flow.Data flow is meant a string continuous sequence of data packet with identical source, destination.For 3 layers of IP traffic is exactly the source I P sequence of data packet all identical with purpose IP, then is all identical sequence of data packet of source IP, purpose IP, source port, destination interface, protocol type for 4 layers of IP traffic.Similar for non-ip protocol.Therefore, identify a Business Stream, essence is exactly to identify a series of packets that satisfy certain feature.In other words, identify a certain Business Stream, identify all packets that belong to this Business Stream exactly.
The recognition methods of current operation stream, mainly be on the network equipment of router or switch and so on, the condition for identification of a certain Business Stream is set, those conditions for identification are foundation with the preset parameter in the packet packet header, if the information in the packet packet header that the network equipment receives satisfies the condition for identification that is provided with, just think that this packet belongs to the Business Stream that will discern.
The typical case of above-mentioned recognition methods uses can be with reference to the ACL Access Control List (ACL), its operation principle is: in the ACL table certain parameter condition is set in advance, generally comprises source address, destination address, source port, destination interface and five parameters of protocol type (being also referred to as five-tuple).When packet arrives, on router, read the preset parameter information in its 3rd layer and the 4th layer of packet header: source address, destination address, source port, destination interface and protocol type, the parameter condition that defines in those information and the acl list is mated, if coupling is consistent, think that then this packet that receives belongs to the Business Stream that will discern.
Enumerate an example that utilizes ACL control tabulation to carry out Business Stream identification below, for example, need identify the Business Stream that HTTP uses.Implementation method is as follows:
In the 1st step, because the destination slogan that the packet of HTTP applied business stream uses normally 80, therefore, definition destination slogan is 80 these conditions for identification in acl list.
In the 2nd step, when packet arrives, on router, read this and wrap preset parameter information in the 3rd layer and the 4th layer of packet header: the destination slogan.
The 3rd step, the destination slogan of definition in the destination slogan that reads and the tabulation is mated, if the packet rs destination port numbers that reads is 80, think that then this packet belongs to HTTP applied business stream; Otherwise think that it does not belong to HTTP applied business stream.
Below as can be seen, be that the Business Stream recognition methods of foundation can use 80 ports to come out as the identification of data packets of destination interface with preset parameter in the packet packet header, think that it belongs to HTTP applied business stream.But not all HTTP uses and uses 80 ports as destination interface bar none.In case the destination interface that some HTTP application data bag adopts is the dynamic assignment gained, rather than 80 ports, then those packets just can not be correctly validated out and belong to HTTP applied business stream.
Similarly the dynamic application situation also has a lot, such as present more popular P2P (Peer-to-peer) is a kind of point-to-point network application, existing many services can be included into the ranks of P2P in the network, the MSN Messenger of for example instant communicating system, such as ICQ, Microsoft and domestic OICQ etc. are that most popular P2P uses.The application of P2P makes the user can be directly connected to other user's computer, carries out file-sharing and exchange, does not need to pass through server.Because this point-to-point characteristic of P2P makes the PC of operation P2P no longer need fixed IP addresses, some in addition do not have fixed port, this is favourable for the user.But the dynamic application just because of P2P: fixing IP not, even do not have fixed port, causing traditional is the Business Stream recognition methods of foundation with the preset parameter in the packet packet header only, can't identify the Business Stream of this class dynamic application of picture P2P.
Summary of the invention
The purpose of this invention is to provide a kind of recognition methods of Business Stream, is foundation with the recognition methods that solves existing business stream with the preset parameter in the packet packet header, the technical problem that can not discern the Business Stream of dynamic application.
For this reason, the invention provides following technical scheme:
A kind of recognition methods of Business Stream, described method comprises step:
A, configuration service stream characteristic information on the network equipment in advance;
The packet that B, filtration receive, extraction has the match parameter of characteristic information packet;
C, be that business flow list is set up on the basis, judge that the packet that hits this business flow list belongs to the Business Stream that needs are discerned with the match parameter.
Described step B comprises:
B1, search whether there is the business flow list that is complementary with the packet that receives;
B2, in the packet of the business flow list that is not complementary, identify packet with described characteristic information;
Match parameter in the packet that B3, extraction identify.
Described step B3 specifically comprises:
If the characteristic information of configuration comprises the match parameter extracting mode,, extract the match parameter of packet then according to the match parameter extracting mode;
If the characteristic information of configuration does not comprise the match parameter extracting mode, then the transport protocol type that adopts according to packet extracts the match parameter in the packet packet header.
Described method also comprises step:
D, when surpassing ageing time or receiving deletion information, deletion respective traffic flows table.
Preferably, described Business Stream characteristic information comprises characteristic sequence.
Preferably, the content of described business flow list comprises traffic flow types sign and identification of data packets number of times.
A kind of recognition methods of Business Stream, described method comprises step:
A, configuration service stream characteristic information on the network equipment in advance;
Match parameter in the packet packet header that b, extraction receive;
C, be that business flow list is set up on the basis with the match parameter extracted;
D, according to the characteristic information of Business Stream, judge whether the packet that hits described business flow list belongs to the Business Stream that needs are discerned.
Described step b comprises:
B1, search whether there is the business flow list that is complementary with the packet that receives;
B2, for the packet of the business flow list that is not complementary, according to its transport protocol type that adopts, extract the match parameter in the packet packet header.
Described method also comprises step:
F, when surpassing ageing time or receiving deletion information, deletion respective traffic flows table.
Preferably, the characteristic information of described Business Stream comprises characteristic sequence.
Preferably, the content of described business flow list comprises traffic flow types sign and identification of data packets number of times.
A kind of recognition methods of Business Stream, described method comprises step:
Configuration service flows characteristic information on the network equipment in advance;
Filter the packet that receives, extraction has the match parameter of characteristic information packet;
When the match parameter in the subsequent packet that receives is consistent with the match parameter of extraction, judge that this follow-up data bag belongs to the Business Stream of needs identification.
A kind of recognition methods of Business Stream, described method comprises step:
Configuration service flows characteristic information on the network equipment in advance;
Filter the packet that receives, judge that the packet with characteristic information belongs to the Business Stream that will discern.
Find out that from such scheme compared with prior art, the present invention has the following advantages:
Business Stream recognition methods disclosed by the invention, mainly be with the key foundation of Business Stream characteristic information as a Business Stream of identification, each Business Stream all can have himself characteristic information of unique identification, though this characteristic information not necessarily is present among each packet of this Business Stream, belong to the Business Stream that to discern certainly as long as have the packet of Business Stream characteristic information.Do not contain the packet of characteristic information as for those,, can be determined and belong to the Business Stream that to discern yet as long as belong to same data flow with the packet with characteristic information.Though the present invention has also utilized the preset parameter in the packet header, purpose is to identify the packet that belongs to same data flow, and these preset parameters need not to know in advance, is to extract from the packet that receives.Therefore, are dynamic assignment gained for those preset parameter values, the dynamic application Business Stream that can't know in advance also can be discerned well.
Description of drawings
Fig. 1 is first embodiment of the present invention realization flow figure;
Fig. 2 is second embodiment of the present invention realization flow figure;
Fig. 3 is third embodiment of the present invention realization flow figure;
Fig. 4 is fourth embodiment of the present invention realization flow figure.
Embodiment
Core concept of the present invention is with in the Business Stream, and characteristic information that can this Business Stream of unique identification is as the key of identification.In the packet of same data flow, as long as there is a packet to have the Business Stream characteristic information, all packets of this data flow all can be judged out the Business Stream that belongs to needs identification.
For making those skilled in the art more be expressly understood technical scheme of the present invention, introduce the basic conception of Business Stream below earlier.
Business Stream is meant the application of finishing a certain specific function, uses ftp file transmission application etc. such as the transmission of HTTP hypertext.Business Stream mainly comprises two parts content, and the one, real service data information, the 2nd, indicate the control information of the aforementioned service data information flow direction, protocol type etc.
A Business Stream may be made up of a data flow, also may be made up of several data flow.A data flow refers to have a string continuous sequence of data packet of identical source, destination.For 3 layers of IP traffic is exactly the source IP sequence of data packet all identical with purpose IP, then is all identical sequence of data packet of source IP, purpose IP, source port, destination interface, protocol type for 4 layers of IP traffic.Similar for non-ip protocol.Therefore, any Business Stream finally all shows as a series of packet and is transferred to another node from a node.The control information and the service data information content of corresponding business stream are included in the data packets for transmission.Each packet is divided into two zones usually: packet header and data field.The control information of this bag of storage in the packet header, promptly this bag comes wherefrom, is dealt into and where goes, and adopts which kind of agreement etc.; Data field is stored the real data message of this bag.
Present Business Stream has two kinds of forms.
First kind of Business Stream, control information and service data information are in same data flow.Specific to the packet in this Business Stream, be the control information of this bag in the packet packet header, be used for indicating this packet and come (source IP, source port) wherefrom, be dealt into and where remove (purpose IP, destination interface) and adopt which kind of agreement etc.Generally, the information in the packet header also often is known as the basic parameter of packet; Data field contains the actual service data message of this Business Stream;
Second kind of Business Stream, control information and service data information be not in same data flow.Service data information is in business data flow, and the information of control business data flow is in control flows.Want to identify business data flow, must identify its corresponding control flows earlier.Being controlling packet in the control flows, is business data packet in the business data flow.
In the packet header of controlling packet, storage be the control information of this controlling packet itself.Be used for indicating this controlling packet and come (source IP, source port) wherefrom, where (purpose IP, destination interface) and observe which kind of protocol type etc. is also referred to as the basic parameter of packet itself.。
The data field of controlling packet, storage be the control information of business data packet.Be used for indicating business data packet and come (source IP, source port) wherefrom, where (purpose IP, destination interface) and observe which kind of protocol type etc.In brief, the data field content of controlling packet is the basic parameter of its corresponding service packet, and this also is the origin of " controlling packet " title.
In the business data packet, what comprise is the actual service data message of this Business Stream.
Below be the description of the specific embodiment of the invention, illustrated respectively according to two kinds of Business Stream are multi-form.
First kind of form at Business Stream: control information and the service data information situation in same data flow, set forth two kinds of execution modes disclosed by the invention.
The common design of these two kinds of execution modes all is to utilize the Business Stream characteristic information crucial as identification, and both differences only are: be to discern according to characteristic information earlier, then set up business flow list; Still set up business flow list earlier, then discern according to characteristic information.These two kinds of execution modes respectively have superiority, and the disposition that the user can will carry out according to the Business Stream that identifies specifically selects which kind of adopts.
At first, see also Fig. 1, it is first kind of embodiment realization flow figure of the present invention, and what this embodiment adopted is to discern according to characteristic information earlier, then sets up the RM of business flow list, and step is as follows:
101, the characteristic information that configuration service flows on the network equipment in advance.
102, the packet that receives arrives, and serves as the basis item with the parameter in its packet header, and inquiry has or not the business flow list that is complementary.If have, then this packet belongs to the pairing Business Stream of the business flow list that is complementary with it, enters step 103; If the business flow list that is not complementary with it then enters step 104.
103, corresponding business stream identification process.
104, according to the Business Stream characteristic information of configuration, packet is searched, identified packet with characteristic information.
105,, extract match parameter to identified packet;
106, be that business flow list is set up on the basis with the match parameter, judge that the packet that hits this stream table belongs to the Business Stream that will discern.
107, surpass ageing time or when receiving deletion information, the business flow list that deletion is set up.
In step 101, described Business Stream characteristic information is meant the feature that can discern this Business Stream.Generally include: characteristic sequence, match parameter extracting mode, match parameter coded system and build contents such as properties of flow.
Wherein, characteristic sequence is an entry required, and other is option.This is because characteristic sequence is the key of identification, so essential.And other all has the default process mode, if do not dispose just by default process.In most cases also be that default process gets final product, define so multinomial content and can adapt to the various current and following service needed more neatly.
Introduce the every content in the Business Stream characteristic information below in detail:
Described characteristic sequence:
Finger can a certain service application of unique identification feature, comprise protocol characteristic territory and application characteristic sequence.The protocol characteristic territory indicates should be with the protocol type that adopts, such as IP, TCP, UDP or the like.Can is the characteristic sequence of using used for indicating the feature that can characterize a certain application in the protocol data district, for example be by the HTTP/ in the protocol data district? (? be asterisk wildcard, represent two any characters) discern HTTP and use.
The protocol characteristic territory is optional, can specify an acquiescence default value, normally the most frequently used TCP.Characteristic sequence need not to be present in each packet of this Business Stream, has at least a packet to comprise this characteristic sequence and gets final product.Obviously, every Business Stream all can have its uniquely identified feature, can be different from other Business Stream.
Described match parameter extracting mode:
Before explaining this notion, will be clear that at first what is a match parameter.So-called match parameter just is meant the basis item that is used for setting up business flow list in step 106, and its content comprises the basic parameter of unique this data flow of expression, as source IP, source port, protocol type, purpose IP, destination interface etc.But be not limited to above-mentioned several, concrete match parameter is relevant with the features protocol territory.
After knowing the notion of match parameter, explain further what is the match parameter extracting mode.The match parameter extracting mode, be meant tell system packet where and how extract match parameter so that in step 105, extract the match parameter of packet according to pre-configured mode.To be the user dispose according to the characteristics of the Business Stream that oneself will discern extracting mode, both can be configured to extract from packet packet header basic parameter (with default process time identical), also can dispose simultaneously and extract the parameter that needs from data field.
Under the match parameter extracting mode was default situation, the protocol type that adopts according to packet extracted match parameter.For example, if protocol type is IP, then the match parameter in the packet of Ti Quing is source IP and purpose IP; If protocol type is TCP, then the match parameter in the packet of Ti Quing is source IP, source port, protocol type, purpose IP, destination interface.Certainly, also can extract corresponding match parameter according to other parameter types of packet itself.
Described match parameter coded system:
Usefulness just when match parameter exists is used for indicating the how correct computing of match parameter value, and character code, binary coding and B coding etc. are arranged usually, defaults to character code.
The described properties of flow of building:
Indicate Business Stream and set up business flow list and number of tuples content by forward, reverse or two-way mode.
Forward is built stream, refers to set up business flow list according to the direction of the current packet of receiving.Have only the subsequent packet consistent just can hit this business flow list with this packet arrival direction.That describes in the packet of source IP, source port, purpose IP, destination interface and the reception that defines in the business flow list is in full accord.Give an example, the source IP of tentation data bag is 1.1.1.1, source port is 1111, purpose IP is 2.2.2.2, destination interface is 2222, and then the business flow list of setting up in step 106 according to this packet will define: source IP is 1.1.1.1, and source port is 1111, purpose IP is 2.2.2.2, and destination interface is 2222.So only active IP is 1.1.1.1, source port is 1111, and purpose IP is 2.2.2.2, and destination interface is that 2222 follow-up data bag just can hit this business flow list.
Oppositely build stream, refer to set up business flow list in the other direction according to the current packet of receiving.Have only the follow-up data bag opposite just can hit this business flow list with this packet arrival direction.The source IP that defines in the business flow list, source port, purpose IP, destination interface are just in time opposite with the description in this packet.Give an example, the source IP that supposes a packet is 1.1.1.1, source port is 1111, purpose IP is 2.2.2.2, destination interface is 2222, and then the business flow list of setting up in step 106 according to this packet will define: source IP is 2.2.2.2, and source port is 2222, purpose IP is 1.1.1.1, and destination interface is 1111.So only active IP is 2.2.2.2, source port is 2222, and purpose IP is 1.1.1.1, and destination interface is that 1111 follow-up data bag just can hit this business flow list.
The two-way stream of building refers to set up business flow list simultaneously according to the current packet both direction of receiving, the follow-up data bag from both direction can both hit this business flow list like this.Give an example, the source IP that still supposes a packet is 1.1.1.1, and source port is 1111, purpose IP is 2.2.2.2, destination interface is 2222 packet, then by two-way build stream after, source IP is 1.1.1.1, source port is 1111, purpose IP is 2.2.2.2, and destination interface is that 2222 subsequent packet and source IP are 2.2.2.2, and source port is 2222, purpose IP is 1.1.1.1, and destination interface is that 1111 back packet can hit this business flow list.
The number of tuples content indicates what the match parameter content of extracting is from packet.Generally 5 tuples refer to source IP, source port, protocol type, purpose IP, destination interface; 4 tuples refer to source IP, source port, purpose IP and protocol type.
If do not dispose in the characteristic information of Business Stream and build properties of flow, then by default process.The default process of building properties of flow is two-way 5 yuan and sets up stream
More than with in the step 101 configuration the every content of Business Stream characteristic information done detailed introduction, these contents all are that the user disposes according to actual business requirement.
In step 102, owing to can discern multinomial Business Stream simultaneously on the router, therefore, when preparing the new Business Stream of one of identification, there has been multiple business stream table in possible the system, the Business Stream of discerning before the business flow list of those existence belongs to.At this moment, the packet that receives of equipment such as router has two kinds of situations:
One, hits certain business flow list that exists in the system, show that this packet belongs to the respective traffic flows of having discerned, thereby enter the identification process (step 103) of its affiliated Business Stream;
Two, can not hit any business flow list that exists in the system, show that then this packet does not belong to any Business Stream of having discerned,, need further judge, discern, enter step 104 it so might belong to the new service flow that to discern.
Certainly,, then do not need to carry out 102 steps, directly enter step 104 from step 101 and get final product if only discern a Business Stream in the whole system.
In step 104, all packets of a business data flow can not be same the time arrive, always have arrive first and after the branch that arrives.According to pre-configured Business Stream characteristic information each being reached packet and all search, see whether it comprises characteristic information, mainly is characteristic sequence.Just think and belong to the Business Stream that to discern if this packet has the characteristic sequence of configuration; Otherwise, ignore, then the next packet that receives of identification.So repeatedly, till identifying a packet with characteristic sequence, enter step 105.
In step 105, according to the match parameter extracting mode or the default process mode match parameter of extracting the packet that identifies of configuration in the step 101.
In step 106, be that business flow list is set up on the basis with the match parameter of extracting in the step 105.Wherein match parameter provides the basis that defines in business flow list item, such as source IP, source port, protocol type, purpose IP, destination interface etc.But be not limited to above-mentioned several, detailed programs are relevant with the features protocol territory.For example, the features protocol territory is IP, and then match parameter is source IP and purpose IP just.If the features protocol territory is TCP, then match parameter is source IP, source port, protocol type, purpose IP, destination interface just.Building properties of flow provides and has built stream mode, such as forward, reverse still two-way stream and number of tuples content etc. of building.The default mode of characteristic is two-way 5 tuples, i.e. source IP, source port, protocol type, purpose IP and destination interface.
The business flow list content of setting up not only comprises the relevant information of match parameter, can also comprise the content of representing this properties of flow, if for example identify this Business Stream, can write down identification marking and indicate the Business Stream that identifies and will how to handle or the like.
The packet of follow-up reception, with the step that repeats 102, if some packet can hit the business flow list of setting up in step 106, promptly decidable belongs to the Business Stream that will discern.According to the definition of data flow, for 3 layers of IP traffic, as long as belong to same data flow, their source IP is identical with purpose IP; For 4 layers of IP traffic, as long as belong to same data flow, their source IP, purpose IP, source port, destination interface and protocol type also all is identical.Other situation is also similar.Therefore, as long as the match parameter that defines in the match parameter of follow-up data bag and the business flow list is consistent, promptly hit this stream table, the packet that just can judge those packets and be used to set up business flow list belongs to a data flow together, and then belongs to the Business Stream that will discern
In step 107, if after a kind of Business Stream is identified, its business flow list still is present in the system for a long time, understands occupying system resources and does not have practical significance.So the present invention has set up this this step.Concrete deletion mode has two kinds, and a kind of is connection-oriented application as TCP, is to have special packet to connect deletion, in this case, as long as connection deleted data bag is received by system, just corresponding business is flowed list deletion.Another kind of mode is the ageing time that each business flow list is set, and deletes this business flow list when ageing time is not also received the corresponding data bag when surpassing.Certainly, setting up this step only is in order to improve resource utilization, also can to omit during practical operation.
So far, the Business Stream in same data flow just is correctly validated out at control information and service data information.Can be clearly seen that among the present invention, the key foundation of a Business Stream identifying is the characteristic sequence of a certain service application of unique identification, this and existing business stream recognition method serve as according to essential distinction is arranged with the preset parameter in the packet packet header, and then tangible beneficial effect is arranged: be not subjected to the restriction of several preset parameters, even IP address, port numbers etc. change, and also do not influence data identification.
Lift a simple example beneficial effect of the present invention is described: such as the applied business stream that individual HTTP is arranged, for the sake of simplicity, suppose that this Business Stream only comprises a data flow,, need at first it to be identified now for it is added up.According to existing recognition methods, can whether be 80 as basis for estimation with the destination slogan, still, the Business Stream destination slogan that this HTTP uses is not to adopt 80 conventional ports, but dynamic assignment, and specifically is assigned to which port numbers and does not know yet.At this moment, use the existing this recognition methods just can't be to its correct identification.And adopt recognition methods of the present invention not need to know in advance how many destination slogans that this HTTP Business Stream adopts is, because the characteristic sequence that HTTP uses can be described as the last several characters of first row in tcp data territory be " HTTP/ " so by identifying after the packet that in the Business Stream one has this characteristic sequence, the packet of HTTP Business Stream just can extract match parameter such as the IP address of this Business Stream and port numbers, so long as all can hit above-mentioned match parameter.So far, the HTTP applied business of dynamic application stream promptly is correctly validated out.
Below be example just with above-mentioned identification HTTP applied business stream, describe identifying of the present invention in detail.
The last several characters of first row of a1, configuration Transmission Control Protocol and data field be " HTTP/?.? " feature as the characteristic sequence of HTTP Business Stream identification, the sundry item in the characteristic information all is set to default mode.
A2, a packet arrive, with the match parameter of itself: source IP1.1.1.1, source port 1111, purpose IP2.2.2.2 and destination interface 2222 are basis, whether existing business flow list has the coupling unanimity in the inquiry system, inquires about the business flow list that the not discovery that finishes can be hit.
A 3, because this packet is a Transmission Control Protocol, therefore and the last several characters of first row of data field are HTTP/1.1, satisfy the characteristic information that is provided with among the step a1, judge that it belongs to the HTTP Business Stream.
A4, this packet is decoded, extract match parameter: source IP is 1.1.1.1, and source port is 1111, and purpose IP is 2.2.2.2, and destination interface is 2222 and the Transmission Control Protocol type.With a source IP is 1.1.1.1, and source port is 1111, and purpose IP is 2.2.2.2, destination interface be 2222 and the Transmission Control Protocol type set up the positive flow information of business flow list for basis item; With source IP is 2.2.2.2, and source port is 2222, and purpose IP sets up the reverse flow information of business flow list for the 1.1.1.1 destination interface is 1111.The business flow list content also comprises this data stream type sign HTTP.
As long as the match parameter of follow-up data bag is promptly hit this business flow list identical with match parameter in the business flow list of setting up, can judge to belong to the Business Stream that needs are discerned.Thereby the packet that belongs to the HTTP Business Stream is correctly validated out.
If a6 receives the FIN/RST bag (connecting the deletion bag) of TCP, show that TCP stops, so delete this business flow list.
Described above at control information and service data information situation,, then set up the technical scheme embodiment of business flow list earlier according to characteristic information identification in same data flow.Introduce below and set up business flow list earlier, again the technical scheme embodiment that discerns according to characteristic information.
See also Fig. 2, it is the second embodiment of the present invention, and step is as follows:
201, the characteristic information that configuration service flows on the network equipment in advance.
202, packet arrives, and serves as the basis item with the parameter in its this packet header, and inquiry has or not the business flow list that is complementary.If have, then this packet belongs to the pairing Business Stream of the business flow list that is complementary with it, if this Business Stream also is not identified, then enters step 205; If the business flow list that is not complementary with it then enters step 203.
203, the transport protocol type that adopts according to the packet that receives, the match parameter of extraction packet.
204, be that business flow list is set up on the basis with the match parameter.
205,, judge whether the packet that hits described business flow list belongs to the Business Stream of needs identification according to the characteristic information of Business Stream.
Has characteristic information if be used to set up the packet of business flow list, then this packet belongs to the Business Stream that will discern, what the business flow list of setting up according to its match parameter identified must be the Business Stream of needs identification, thereby the follow-up data bag that hits this stream table all belongs to the Business Stream that will discern.If this packet does not have characteristic information, then repeating step 202 is to the operation of step 205.
Delete above-mentioned business flow list when 206, receiving connection deleted data bag, ageing time perhaps is set, when also not receiving packet, delete above-mentioned business flow list above ageing time.
In step 201, the content of introduction is identical in the content of configuration service stream characteristic information and the first embodiment step 101.The Business Stream characteristic information is meant that description can discern the feature of this business, generally includes: characteristic sequence, match parameter extracting mode, match parameter coded system and build contents such as properties of flow.Wherein, characteristic sequence is an entry required, and other is option.Introduced owing to above in step 101, configuration service stream characteristic information has been done in detail, so this step repeats no more.
In step 202, owing to can discern multinomial Business Stream simultaneously on the router, therefore, when preparing the new Business Stream of one of identification, had a plurality of business flow list in the possible system, the business flow list of those existence belongs to other Business Streams of identification before or belongs to Unidentified Business Stream.At this moment, the packet that receives of equipment such as router has two kinds of situations:
One, hit certain business flow list that exists in the system, show that this packet belongs to the institute's stream table corresponding service of hitting stream, this Business Stream might be the Business Stream that has been identified, and also might be also unrecognized Business Stream.If this Business Stream also is not identified, then change step 205 over to.
Two, can not hit any business flow list that exists in the system, show that this packet does not belong to any Business Stream of having discerned,, need further judge, discern, enter step 203 it so might belong to the new service flow that to discern.
Certainly,, then do not need to carry out 202 steps, directly enter step 203 from step 201 and get final product if only discern a Business Stream in the whole system.
In step 203,, therefore can not look like first embodiment:, extract the match parameter of packet according to the match parameter extracting mode of configuration owing to also this packet is not discerned according to characteristic information.Here can only extract match parameter according to the transport protocol type of packet self employing that receives.For example, if protocol type is IP, then the match parameter in the packet of Ti Quing is source IP and purpose IP; If protocol type is TCP, then the match parameter in the packet of Ti Quing is source IP, source port, protocol type, purpose IP, destination interface.Any protocol type all has its corresponding match parameter content.Certainly, also can extract corresponding match parameter according to other parameter types of packet itself.
In step 204, be that business flow list is set up on the basis with the match parameter of extracting.Wherein match parameter is the basis item of business flow list content, such as source IP, source port, protocol type, purpose IP and destination interface etc.But be not limited to above-mentioned several, detailed programs are relevant with the features protocol territory.Build properties of flow the mode of setting up business flow list is provided, such as being forward, reverse or two-way stream and the number of tuples content etc. of building.The default mode of building properties of flow is two-way 5 yuan and sets up stream, serves as the two-way business flow list of setting up in basis with source IP, source port, protocol type, purpose IP and destination interface promptly.
In step 205,, judge whether the packet that hits Business Stream belongs to the Business Stream of needs identification according to the characteristic information of Business Stream.
When the follow-up data bag arrives, carry out 202 steps, if this packet can hit in 204 the business flow list of setting up, promptly the match parameter of follow-up data bag is identical with the match parameter of this business flow list, and the packet of then representing subsequent packet and being used to set up the stream table belongs to same data flow.At this moment, characteristic information according to configuration, the packet that is used to set up the stream table is discerned, if this packet has the characteristic sequence of configuration, then this packet belongs to the Business Stream that will discern, the business flow list sign of setting up in view of the above must be the Business Stream that will discern, thereby the packet that hits this stream table is judged and belongs to the Business Stream that will discern.
In step 206, because after a kind of Business Stream is identified, if also long-term existence will occupying system resources and do not have practical significance in system for its business flow list.So the present invention has set up this this step.Concrete deletion mode has two kinds, and a kind of is connection-oriented application as TCP, is to have special packet to connect deletion, in this case, as long as connection deleted data bag is received by system, just corresponding business is flowed list deletion.Another kind of mode is the ageing time that each business flow list is set, when also not receiving the corresponding data bag above ageing time, and deletion respective traffic flows table.Certainly, setting up this step only is in order to improve resource utilization, also can to omit during practical operation.。
Above content has been set forth two kinds of embodiments of Business Stream recognition methods of the present invention, these two kinds of embodiments all at control information and service data information in same data flow.Go back some Business Stream in addition, their control information and service data information elaborate the embodiment at the Business Stream recognition methods of this kind situation below not in same data flow.
At this moment, should be noted that a problem: in the control flows of a Business Stream that needs identification, the data field information of each controlling packet differs, and to establish a capital be identical.What a kind of situation was that controlling packet all in the control flows points to is same business data flow, and promptly this Business Stream only comprises a control flows and a business data flow.Another kind of situation is that the controlling packet in the control flows is pointed to the several different business data flow that belongs to same Business Stream.Lift a simple example, FTP applied business stream just need constantly be built new business data flow on control flows, and promptly this Business Stream comprises a control flows and a plurality of business data flow.Its meaning directly perceived just is to use File Transfer Protocol to transmit a plurality of files, transmitted a file after, pass alternative document again.Though these files belong to different data flow, what all adopt is File Transfer Protocol, thereby all belongs to the ftp business stream of needs identification.
If the data field information in all controlling packet in the control flows is identical, promptly point to same business data flow.Then only need identify the data field information of a controlling packet, can obtain belonging to the control information of all business data packet of this Business Stream.Need not each controlling packet is discerned, promptly only discern controlling packet one time.
If identification ftp business stream satisfy all business data flows that FTP uses may be for a plurality of.The business data flow that a plurality of FTP of satisfying use has a plurality of different controlling packet and controls, and these controlling packet belong to a control flows, so the parameter information in those controlling packet headers is identical.But the information of data field may be different, points to different business data flows.Thereby when recognition category flows like ftp business, need identify all controlling packet, and then find different types of business data flow of their correspondences.Promptly need repeatedly identification control bag.
Not in the situation of same data flow, the present invention also has two kinds of embodiments to control information and service data information, and the one, according to characteristic information identification, then set up business flow list earlier; The 2nd, set up business flow list earlier, discern according to characteristic information again.
See also Fig. 3, it is third embodiment of the present invention realization flow figure, employing be earlier according to characteristic information identification, set up the technical scheme of business flow list then, step is as follows:
301, configuration service stream characteristic information on the network equipment in advance.
302, the packet that receives arrives, and serves as basis with the parameter in itself packet header, and inquiry has or not the business flow list that is complementary.If have, then this packet belongs to the pairing Business Stream of the business flow list that is complementary with it, enters step 303; If the business flow list that is not complementary with it then enters step 304.
303, enter its corresponding Business Stream identification process.
304, according to the Business Stream characteristic information of configuration, the packet that receives is searched, identified packet with characteristic information.
305,, extract match parameter and the parameter information that is arranged in data field in its packet header to identified packet.
306, being that the control flows table is set up on the basis with the match parameter in the packet header, simultaneously, is that the business data flow table is set up on the basis with the parameter of data field.
When subsequent packet arrives, mate respectively with control flows table and business data flow table.If hit the control flows table, then repeat in 302 steps and 305,306 steps about setting up the associative operation of business data flow table; If subsequent packet is hit the business data flow table, then belong to the Business Stream that to discern.
307, surpass ageing time or receive when connecting the deleted data bag, delete this business flow list.
In step 301, described configuration service stream characteristic information, with the configuration service stream characteristic information basic ideas of introducing in 101 steps of first embodiment is the same, it mainly is the characteristic sequence of configuration unique identification service application, dispose some supplementarys again, such as match parameter extracting mode, match parameter coded system and build properties of flow etc.Because deploy content is identical substantially, be some difference of concrete operations of individual term.Therefore, repeat no more for identical this place of part, only the difference to configuration elaborates.
At first, because control information and service data information be in same data flow, the control information of business data flow is in control flows.Therefore, the information of business data flow be expected, must control flows will be found earlier.Therefore at first will discern according to the characteristic sequence of this arrangements of steps is controlling packet.Such as wanting to discern the FTP applied business, just can discern the controlling packet of ftp business for the characteristic sequence of " PORT " or " PASV " by preceding several characters in configuration tcp data territory.
Secondly, the match parameter extracting mode of configuration is also different.Just as what above carried, because control information and business datum data message be in same bag, therefore the packet of follow-up reception not only may be a controlling packet but also may be business data packet.Therefore, should dispose the match parameter extracting mode of controlling packet in the match parameter extracting mode, again the match parameter extracting mode of configuration service packet.Under the default situation of extracting mode, it is in the packet header of controlling packet that the match parameter of controlling packet is extracted.The match parameter of business data packet is extracted and can only be extracted in the data field of controlling packet by system configuration.
Once more, above carried, the data field information in the different controlling packet may be different.Therefore, in building properties of flow, except flow path direction and number of tuples content are built in configuration, also to dispose RM to controlling packet.If the Business Stream of identification has only a business data flow, then only need configuration that controlling packet is once discerned; If constantly build the new business data flow on the control flows, promptly the information difference of controlling packet data field then needs to dispose repeatedly identification control bag.
In step 302, owing to can discern multinomial Business Stream simultaneously on the router, therefore, when preparing the new Business Stream of one of identification, the Business Stream that has existed multiple business stream table, the business flow list of those existence to discern before belonging to is planted by possible system.At this moment, the packet that receives of equipment such as router has two kinds of situations:
One, hits certain business flow list that exists in the system, show that this packet belongs to the Business Stream of having discerned, thereby enter the identification process (step 303) of its affiliated Business Stream;
Two, can not hit any business flow list that exists in the system, show that then this packet does not belong to any Business Stream of having discerned,, need discern, enter step 304 at once it so might belong to the new service flow that to discern.
Certainly,, then do not need to carry out 302 steps, directly enter step 304 from step 301 and get final product if only discern a Business Stream in the whole system.
In step 304, because the characteristic sequence of configuration is at control flows in step 301, the packet that therefore has characteristic information is the controlling packet of this Business Stream.
In step 305, owing to configured the match parameter extracting mode in the Business Stream characteristic information, so the controlling packet that step 304 is identified is extracted match parameter in its packet header and the parameter information in the data field.Parameter information in this bag data field is exactly the match parameter of corresponding business data flow.
In step 306, based on the match parameter in the controlling packet packet header of extracting, set up control flows table at control flows, serve as that the business data flow table at business data flow is set up on the basis with the match parameter in the controlling packet data field that extracts simultaneously.Not only comprise the match parameter information of controlling packet in the content of control flows table, can also put down in writing RM: repeatedly identification or once identification controlling packet.This is to put down in writing according to repeatedly identification or the identifying information of configuration in the step 301.In addition, two business flow list of this of foundation can also comprise the content of representing this traffic characteristics, for example identify this Business Stream, can write down identification marking and indicate the Business Stream that identifies and will how to handle etc.
When subsequent packet arrives, mate respectively with control flows table and business data flow table.If hit the control flows table, illustrate that then this packet is a controlling packet of wanting identification services stream.If put down in writing in the control flows table controlling packet is repeatedly discerned, then extract in the repeating step 305 match parameter in the data field operation and and step 306 in build the operation of stream business data flow table, and then can identify the packet that is based upon a new business data flow on the control flows; If subsequent packet is hit the business data flow table, be business data packet then, belong to the Business Stream that will discern.
As can be seen, be the situation of controlling packet at the follow-up data bag, two kinds of processing modes are arranged:
If in the Business Stream characteristic information of step 301, disposed controlling packet is needed repeatedly identification, and then in the control flows table content of setting up, can record need repeatedly identification control bag.So each a controlling packet all can be extracted the information in its data field, and sets up new business data flow table based on this.Certainly also such control flows may occur: some controlling packet data field information is identical, some controlling packet data field information difference.At this moment, when configuration is repeatedly discerned controlling packet, only can also dispose and set up the business data flow table, so just can not go out a situation that repeats to set up the identical services data stream list, save system resource according to the different controlling packet of data field information that identifies;
If disposed in the Business Stream characteristic information of step 301 only once identification of controlling packet, then the subsequent control bag hits after the control flows table, can not extract the data field information of those bags again.Even it also is identical extracting data field information, there is not essential meaning.
Be example with identification FTP applied business stream below, not in same data flow, and the situation of constantly setting up the new business data flow on control flows is carried out the description of recognition methods to control information and service data information:
B1, configuration feature sequence are that the character that Transmission Control Protocol and data field begin is " PORT " or " PASV "; The feature coding mode is the FTP coding; The match parameter extracting mode is to extract match parameter in packet header and extract match parameter at data field; Building properties of flow is that controlling packet is set up stream, the two-way stream of building of business data packet 4 tuples for two-way 5 yuan; Dispose simultaneously controlling packet is repeatedly discerned.
B2, a packet arrive, with the parameter information in its packet header: source IP1.1.1.1, source port 1111, purpose IP are that 2.2.2.2, destination interface 2222 are existing business flow list in the inquiry system of basis, the business flow list that does not have discovery to conform to is so enter step b3.
What b3, this packet used is Transmission Control Protocol, and the several characters of the beginning of data field are PORT1,1,1,2,4,88, " PORT " is identical with the characteristic sequence that is provided with among the step b1, use so this packet belongs to FTP, obviously, this packet is the controlling packet of FTP applied business stream.
B4, extract the information in this controlling packet packet header, i.e. match parameter: source IP is 1.1.1.1, and source port is 1111, and purpose IP is 2.2.2.2, and destination interface is 2222 and what use is the Transmission Control Protocol type.
B5, according to the controlling packet match parameter that step b4 obtains, carry out the two-way stream of building of 5 tuples.With source IP is 1.1.1.1, source port is 1111, purpose IP is 2.2.2.2, destination interface be 2222 and the Transmission Control Protocol type set up the positive flow information of business flow list for basis item, be 1.1.1.1 with purpose IP simultaneously, destination interface is 1111, and source IP is 2.2.2.2, source port be 2222 and the Transmission Control Protocol type set up the reverse flow information of business flow list.So the business flow list of setting up is actual is the control flows table of FTP, and this control flows table content has also write down the traffic flow types that will discern and identified FTP and controlling packet is repeatedly discerned.
B6, extract the information in this controlling packet data field, be the match parameter of its corresponding service packet: source IP 1.1.1.2, source port are 4 * 256+88=1112, with purpose IP 2.2.2.2 and Transmission Control Protocol type, the IP here number and port numbers according to " PORT " after " 1; 1,1,2; 4; 112 " calculate gained, why calculate like this, be based on the match parameter coded system that disposes among the step b1.Because the definition of match parameter coded system is exactly the parameter value algorithm.
B7, the business data packet match parameter that obtains according to step b6 are carried out the two-way stream of building of 4 tuples.With source IP 1.1.1.2, source port 4 * 256+112=1112, purpose IP 2.2.2.2 and Transmission Control Protocol type are set up the positive flow information of business flow list for the basis item, with purpose IP 1.1.1.2, destination interface is 4 * 256+112=1112, sets up the reverse flow information of business flow list with source IP 2.2.2.2 and Transmission Control Protocol type.The business flow list content also comprises this stream type sign FTP, and does not need to discern once more.The actual business data flow table of this business flow list for the FTP application.
When follow-up packet arrives,, promptly hit the business data flow table, show that this bag belongs to the FTP applied business and flows, and be the business data packet of FTP if the match parameter of subsequent packet is identical with match parameter in the business data flow table; If the match parameter of subsequent packet is identical with match parameter in the control flows table, promptly hit the control flows table, show that this bag belongs to FTP applied business stream, and be the controlling packet of FTP.So repeating step b6 and b7 set up new business data flow table, and then discern the ftp business data flow that makes new advances.
If b8 receives the FIN/RST message of TCP, show that TCP stops, two kinds of business flow list that deletion is set up
Having introduced above is to discern according to characteristic information earlier, sets up the technical scheme of business flow list then; Introduce below and set up business flow list earlier, again the technical scheme of discerning according to characteristic information.。
See also Fig. 4, it is the 4th embodiment realization flow figure of the present invention, and step is as follows:
401, configuration service stream characteristic information on the network equipment in advance.
402, the packet that receives arrives, and serves as the basis item with the parameter in its this packet header, and inquiry has or not the business flow list that is complementary.If have, then this packet belongs to the pairing Business Stream of the business flow list that is complementary with it, if this Business Stream also is not identified, enters step 404; If the business flow list that is not complementary with it then enters step 403.
403, the transport protocol type that adopts according to the packet that receives extracts the match parameter in the packet packet header and sets up the control flows table based on this.
404, according to the characteristic information of Business Stream, judge whether the packet be used to set up the control flows table belongs to the Business Stream that will discern, if this packet has the characteristic sequence of configuration, can judge that then this packet is for wanting the controlling packet of identification services stream, what the stream table of setting up identified in view of the above is the Business Stream that will discern naturally, enters step 405.
405, according to the match parameter extracting mode of configuration, extract the match parameter in the controlling packet data field, and build stream business data flow table based on this.
Delete this business flow list when 406, receiving connection deleted data bag, ageing time perhaps is set, when not receiving packet, delete this business flow list when surpassing ageing time.
In step 401, the configuration feature information content of telling about in the characteristic information content of configuration service stream and the step 301 is identical, so repeats no more.Define characteristic sequence, match parameter extracting mode, match parameter coded system in the Business Stream characteristic information and built properties of flow.Build to have defined in the properties of flow and build flow path direction, number of tuples content and to the RM of controlling packet: once identification or repeatedly identification.
In step 403, owing to also this packet is not discerned according to characteristic information, so the match parameter extracting mode can't dispose, and the transport protocol type that can only adopt according to the packet self that receives extract corresponding match parameter.For example, if protocol type is IP, then the match parameter in the packet of Ti Quing is source IP and purpose IP; If protocol type is TCP, then the match parameter in the packet of Ti Quing is source IP, source port, protocol type, purpose IP, destination interface.Any protocol type all has its corresponding match parameter content.Certainly, also can extract corresponding match parameter according to other parameter information type of packet itself.
In step 404, essence is exactly that what will judge whether the control flows table of foundation identify is the Business Stream that will discern.As long as the packet that is used to build the stream table has the characteristic sequence of configuration, be the controlling packet of the Business Stream that will discern, be the control flows table of wanting identification services stream based on the business flow list of this data packet matched parameter.
In step 405, belong to the Business Stream that to discern because identified the controlling packet that is used to build the stream table, so just can extract the data field information of this controlling packet according to the match parameter extracting mode of configuration.The data field information content of extracting is exactly the match parameter of this controlling packet corresponding service packet, and the business flow list of setting up according to this match parameter is the business data flow table of wanting identification services stream.
If the packet of follow-up arrival hits the business data flow table, can judge that then this subsequent packet belongs to the Business Stream of needs identification, and be the business data packet of this Business Stream; If the packet of follow-up arrival hits the control flows table of setting up in 404 steps, then this packet belongs to and wants identification services stream, and is the controlling packet of this Business Stream, so repeating step 405.
More than a kind of Business Stream recognition methods provided by the present invention is described in detail, having used specific embodiment herein sets forth principle of the present invention and execution mode, the explanation of above embodiment just is used for helping to understand method of the present invention and core concept thereof, but the present invention is not limited thereto:
For example, all have the situation of characteristic information for each packet of some Business Stream, the step that just need not to extract match parameter He set up business flow list, as long as find characteristic information packet with configuration, promptly decidable its belong to the Business Stream of needs identification.
Again for example, extract after the match parameter, not necessarily must carry match parameter information, also can adopt other supporting body or directly store these information with the mode of tabulation.Even set up business flow list, also be not limited only to every Business Stream and set up a stream table, can set up a big tabulation during practice, the stream table content of every Business Stream of needs identification is all put down in writing into.The so both convenient packet that receives is searched the business flow list that is complementary, and has saved system resource again.
Simultaneously, for the conventional method personnel of this area, according to thought of the present invention, part in specific embodiments and applications all can change.In sum, this description should not be construed as limitation of the present invention.
Claims (12)
1, a kind of recognition methods of Business Stream is characterized in that, comprising:
A, configuration service stream characteristic information on the network equipment in advance;
The packet that B, filtration receive, extraction has the match parameter of characteristic information packet;
C, be that business flow list is set up on the basis, judge that the packet that hits this business flow list belongs to the Business Stream that needs are discerned with the match parameter.
2, the recognition methods of Business Stream as claimed in claim 1 is characterized in that, described step B comprises:
B1, search whether there is the business flow list that is complementary with the packet that receives;
B2, in the packet of the business flow list that is not complementary, identify packet with described characteristic information;
Match parameter in the packet that B3, extraction identify.
3, the recognition methods of Business Stream as claimed in claim 2 is characterized in that, described step B3 comprises:
If the characteristic information of configuration comprises the match parameter extracting mode,, extract the match parameter of packet then according to the match parameter extracting mode;
If the characteristic information of configuration does not comprise the match parameter extracting mode, then the transport protocol type that adopts according to packet extracts the match parameter in the packet packet header.
4, the recognition methods of Business Stream as claimed in claim 1 is characterized in that, described method also comprises step:
D, when surpassing ageing time or receiving deletion information, deletion respective traffic flows table.
5, the recognition methods of Business Stream as claimed in claim 1 is characterized in that, described Business Stream characteristic information comprises characteristic sequence.
6, the recognition methods of Business Stream as claimed in claim 1 is characterized in that, the content of described business flow list comprises traffic flow types sign and identification of data packets number of times.
7, a kind of recognition methods of Business Stream is characterized in that, comprising:
A, configuration service stream characteristic information on the network equipment in advance;
Match parameter in the packet packet header that b, extraction receive;
C, be that business flow list is set up on the basis with the match parameter extracted;
D, according to the characteristic information of Business Stream, judge whether the packet that hits described business flow list belongs to the Business Stream that needs are discerned.
8, the recognition methods of Business Stream as claimed in claim 7 is characterized in that, described step b comprises:
B1, search whether there is the business flow list that is complementary with the packet that receives;
B2, for the packet of the business flow list that is not complementary, according to its transport protocol type that adopts, extract the match parameter in the packet packet header.
9, the recognition methods of Business Stream as claimed in claim 7 is characterized in that, described method also comprises step:
F, when surpassing ageing time or receiving deletion information, deletion respective traffic flows table.
10, the recognition methods of Business Stream as claimed in claim 7 is characterized in that, the characteristic information of described Business Stream comprises characteristic sequence.
As the recognition methods of Business Stream as described in the claim 7, it is characterized in that 11, the content of described business flow list comprises traffic flow types sign and identification of data packets number of times.
12, a kind of recognition methods of Business Stream is characterized in that, comprises
12-1, configuration service stream characteristic information on the network equipment in advance;
The packet that 12-2, filtration receive, extraction has the match parameter of characteristic information packet;
When the match parameter in the subsequent packet of 12-3, reception is consistent with the match parameter of extraction, determine that this follow-up data bag belongs to the Business Stream of needs identification.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005100938056A CN100448227C (en) | 2005-08-30 | 2005-08-30 | Business flow idnetifying method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005100938056A CN100448227C (en) | 2005-08-30 | 2005-08-30 | Business flow idnetifying method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1744573A CN1744573A (en) | 2006-03-08 |
| CN100448227C true CN100448227C (en) | 2008-12-31 |
Family
ID=36139773
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2005100938056A Active CN100448227C (en) | 2005-08-30 | 2005-08-30 | Business flow idnetifying method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100448227C (en) |
Families Citing this family (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101026502B (en) * | 2007-04-09 | 2012-05-30 | 北京天勤信通科技有限公司 | Broad band network comprehensive performance management flatform |
| CN101459554B (en) * | 2008-12-30 | 2011-02-09 | 成都市华为赛门铁克科技有限公司 | Method and apparatus for data stream detection |
| CN101909077A (en) * | 2010-07-09 | 2010-12-08 | 北京邮电大学 | Method and device for identifying peer-to-peer services and access network |
| CN102595508B (en) * | 2011-01-14 | 2016-09-28 | 中兴通讯股份有限公司 | A kind of policy control method and system |
| CN102368769A (en) * | 2011-10-17 | 2012-03-07 | 深圳市共进电子股份有限公司 | Service quality guarantee method of network application under Linux network framework |
| EP2706711B1 (en) * | 2011-10-20 | 2016-10-05 | Huawei Technologies Co., Ltd. | Method and device for sending and receiving an ipv6 data packet |
| CN103548323B (en) * | 2012-02-03 | 2017-02-01 | 华为技术有限公司 | Flow identification method, device, and system |
| CN103457803B (en) * | 2013-09-10 | 2017-02-08 | 杭州华三通信技术有限公司 | Device and method for recognizing P2P flow |
| CN105471939B (en) * | 2014-08-19 | 2018-11-16 | 华为技术有限公司 | The correlating method and device of data packet in a kind of business chain |
| CN104935526B (en) * | 2015-06-11 | 2018-07-24 | 新华三技术有限公司 | A kind of application and identification method and equipment |
| CN106651382A (en) * | 2015-10-27 | 2017-05-10 | 阿里巴巴集团控股有限公司 | Method and device for recognizing business type of business operation |
| CN107085576A (en) * | 2016-02-15 | 2017-08-22 | 阿里巴巴集团控股有限公司 | A kind of stream data statistic algorithm and device |
| CN107425995A (en) * | 2016-05-24 | 2017-12-01 | 中兴通讯股份有限公司 | Bidirectional measurement control method, send business device and receive business device |
| CN107517237B (en) * | 2016-06-17 | 2021-05-07 | 中国移动通信集团广东有限公司 | Video identification method and device |
| CN108063692B (en) * | 2016-11-08 | 2019-11-26 | 中国移动通信有限公司研究院 | Method for recognizing flux and device |
| CN109151852A (en) * | 2017-06-16 | 2019-01-04 | 捷开通讯(深圳)有限公司 | A kind of communication means, communication equipment and the equipment with store function |
| CN111404768A (en) * | 2019-01-02 | 2020-07-10 | 中国移动通信有限公司研究院 | DPI recognition realization method and equipment |
| CN110460488B (en) * | 2019-07-01 | 2022-10-18 | 华为技术有限公司 | Service flow identification method and device, and model generation method and device |
| CN110414928B (en) * | 2019-07-09 | 2022-07-29 | 京信网络系统股份有限公司 | Service flow classification processing method and device and communication equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6496935B1 (en) * | 2000-03-02 | 2002-12-17 | Check Point Software Technologies Ltd | System, device and method for rapid packet filtering and processing |
| CN1416232A (en) * | 2001-10-31 | 2003-05-07 | 华为技术有限公司 | Method for controlling service priority for tunneling data packet in general packet wireless service |
| US6633860B1 (en) * | 1999-04-22 | 2003-10-14 | Ramot At Tel Aviv University Ltd. | Method for fast multi-dimensional packet classification |
| WO2005043811A1 (en) * | 2003-10-28 | 2005-05-12 | Huawei Technologies Co., Ltd. | Collection apparatus of data service billing information and billing method |
| CN1625149A (en) * | 2003-12-02 | 2005-06-08 | 四川南山之桥微电子有限公司 | Method for access control list |
-
2005
- 2005-08-30 CN CNB2005100938056A patent/CN100448227C/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6633860B1 (en) * | 1999-04-22 | 2003-10-14 | Ramot At Tel Aviv University Ltd. | Method for fast multi-dimensional packet classification |
| US6496935B1 (en) * | 2000-03-02 | 2002-12-17 | Check Point Software Technologies Ltd | System, device and method for rapid packet filtering and processing |
| CN1416232A (en) * | 2001-10-31 | 2003-05-07 | 华为技术有限公司 | Method for controlling service priority for tunneling data packet in general packet wireless service |
| WO2005043811A1 (en) * | 2003-10-28 | 2005-05-12 | Huawei Technologies Co., Ltd. | Collection apparatus of data service billing information and billing method |
| CN1625149A (en) * | 2003-12-02 | 2005-06-08 | 四川南山之桥微电子有限公司 | Method for access control list |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1744573A (en) | 2006-03-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100448227C (en) | Business flow idnetifying method | |
| CN104320304B (en) | A kind of core network user flow application recognition methods of the multimode fusion easily extended | |
| CN100561976C (en) | Be used to make the method and apparatus of packet based traversal network address conversion equipment | |
| CN105830406A (en) | Method, apparatus, and system for supporting flexible lookup keys in software-defined networks | |
| CN1441573A (en) | Virtual LAN connector | |
| CN101442489A (en) | Method for recognizing flux based on characteristic library | |
| CN108600107B (en) | Flow matching method capable of customizing content field | |
| CN101772923B (en) | Method and apparatus for searching for UPnP device | |
| CN105337881A (en) | Data message processing method, service node and stream guiding point | |
| CN102148854A (en) | Method and device for identifying peer-to-peer (P2P) shared flows | |
| CN102571946A (en) | Realization method of protocol identification and control system based on P2P (peer-to-peer network) | |
| CN101917332B (en) | Message delivery method for reducing network load of message midware | |
| CN102804707A (en) | Method for managing paths between a source node and a destination node within the link layer, and corresponding source node and table | |
| CN101582897A (en) | Deep packet inspection method and device | |
| CN103780483A (en) | Method, system and device for obtaining resource information of terminal device of Internet of Thingss | |
| CN106452954B (en) | HTTP data characteristics analysis method and system | |
| KR100501080B1 (en) | A method and system for distinguishing higher layer protocols of the internet traffic | |
| CN104426762A (en) | Metadata transmitting and receiving method and OFLS (open flow logic switch) | |
| KR101304971B1 (en) | Forwarding a packet in a sensor personal area network | |
| EP1835666B1 (en) | Communication device, routing method, and program | |
| CN101854366A (en) | Peer-to-peer network flow-rate identification method and device | |
| CN100593935C (en) | Method and computer system for triggering an action on digital communication data | |
| CN103036789A (en) | Message sending method, message sending device and network output equipment | |
| CN102868775A (en) | Method for expanding capacity of address resolution protocol table, and message forwarding method and device | |
| CN106330768B (en) | A kind of application and identification method based on cloud computing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Patentee after: NEW H3C TECHNOLOGIES Co.,Ltd. Address before: 310053 Hangzhou hi tech Industrial Development Zone, Zhejiang province science and Technology Industrial Park, No. 310 and No. six road, HUAWEI, Hangzhou production base Patentee before: HANGZHOU H3C TECHNOLOGIES Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20230619 Address after: 310052 11th Floor, 466 Changhe Road, Binjiang District, Hangzhou City, Zhejiang Province Patentee after: H3C INFORMATION TECHNOLOGY Co.,Ltd. Address before: 310052 Changhe Road, Binjiang District, Hangzhou, Zhejiang Province, No. 466 Patentee before: NEW H3C TECHNOLOGIES Co.,Ltd. |