CN100459574C - Network flow classifying, state tracking and message processing device and method - Google Patents
Network flow classifying, state tracking and message processing device and method Download PDFInfo
- Publication number
- CN100459574C CN100459574C CNB2005100864404A CN200510086440A CN100459574C CN 100459574 C CN100459574 C CN 100459574C CN B2005100864404 A CNB2005100864404 A CN B2005100864404A CN 200510086440 A CN200510086440 A CN 200510086440A CN 100459574 C CN100459574 C CN 100459574C
- Authority
- CN
- China
- Prior art keywords
- stream
- message
- record
- list item
- network flow
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
The invention relates to a classifying, status tracking and message processing device and method for network, implementing finely granular flow control by dynamic flow classification method based on IP quinary group or other specific tags, implementing high speed parallel flow processing by plural parallel devices and inside-device multiple process/thread mechanisms, avoiding large number of exclusive and synchronous operations caused by parallel processing by the measures of slitting network flow table, setting unique writer of flow recording list, strictly stipulating write instruction sequence in list insert and delete operating processes to keep list integrity, etc, and thus further raising processing efficiency. And it is applied to various parallel processing environments, such as network processor, ASIC, FPGA, multikernel processor, symmetrical multiprocessor (SMP), and software process/ thread, having good inter-platform compatibility, extendibility and practicality.
Description
Technical field
The invention belongs to computer network and data communication technology field, be specifically related to a kind of to network flow is classified, status tracking and message are handled apparatus and method, can be used among the network equipment such as router, security gateway, flow monitoring and audit, network billing, load balancing and the software, realize to flow fine granularity control, improve the efficient that message is handled.
Background technology
Continuous increase along with VoIP (Voice over IP), mobile data services, P2P emerging application demands such as (Peer-to-Peer), network application presents development trend with rapid changepl. never-ending changes and improvements, also rapid growth of the network bandwidth meanwhile, the key business function of the network facilitiess such as the detection of QoS (Quality of Service), attack/invasion and defence, flow monitoring and audit, network billing, load balancing faces new and bigger challenge.These business functions relate to many Processing tasks at session, user or upper-layer protocol, session and user's load often reaches 100,000 grades even 1,000,000 grades, need take into account the high speed processing of message when flow being carried out fine granularity control, its core is to realize traffic classification efficiently.The classification of rule-based passive flow is by searching the rule that is complementary with message in the rule list of setting up in advance, message is referred in the Business Stream of matched rule appointment to handle.The method of passive flow classification does not write down the context status information of flow, need search at each message, and therefore often more complicated and load are bigger.Article one, Business Stream comprises back and forth the flow of both direction usually, and the passive flow sorting technique can't be set up the incidence relation between this both direction flow, can not satisfy the needs of some application (as intrusion detection).In addition, also there are scalability problems such as regular number restriction (maximum several ten thousand usually), regular incremental update in the passive flow sorting technique, has certain limitation.And have advantages such as fine size, extensibility are good based on the dynamic flow sorting technique of IP five-tuple (source address, destination address, source port/ICMP id, destination interface/ICMP type and code, protocol number) or other specific identifiers, therefore obtained using widely.
The dynamic flow sorting technique is based on a network flow table that dynamically updates, its basic operation is: when message arrives, the IP five-tuple information or other specific identifier requester network stream tables that comprise according to message, determine the network flow that message is affiliated, and message is done respective handling according to the processing policy information in the correspondence stream record.In addition, dynamic flow classification also will relate to the important process of two aspects: be the management of network flow table on the one hand, comprise the stream record newly-built, replace, aging and reclaim; Be the renewal that stream mode is followed the tracks of and stream writes down on the other hand.Because the scale of network flow table often reaches up to a million records, message number to be processed is also very many, so performance becomes the problem of primary solution.In addition, practicality and cross-platform compatibility also are to consider.
In sum, the apparatus and method of needing outstanding, practical, the cross-platform compatibility of a kind of performance, can classify to network flow, status tracking and message being handled are controlled and the high speed processing of message the fine granularity of flow realizing.
Summary of the invention
The purpose of this invention is to provide a kind of to network flow is classified, status tracking and message are handled apparatus and method.
According to an aspect of the present invention, provide a kind of to network flow is classified, status tracking and message are handled device, this device comprises: based on the dynamic flow sorter of IP five-tuple (source address, destination address, source port/ICMP id, destination interface/ICMP type and code, protocol number) or other specific identifiers, carry out the dynamic flow sort operation, the IP five-tuple information or other specific identifier requester network stream tables that comprise according to message, determine the network flow that message is affiliated, for the message that can not find corresponding stream record, give stream table management devices and handle; The stream mode tracking means is carried out stream mode and is followed the tracks of operation, according to the information such as stream mode, timestamp and ageing time in the message field (MFLD) content update stream record; Message process device is carried out message and is handled operation, according to the processing policy information in the stream record message is correspondingly processed; Stream table management devices, be used for carrying out network flow table stream record newly-built, replace, aging and reclaimer operation; The network flow table is used to write down network flow information, and the stream record adopts the hash table mode to organize, and adopts the chained list mode to solve Hash collision; Idle stream record list item buffering area is used to store idle stream record list item, and employing (FILO) mode first-in last-out distributes idle list item.
Wherein, a key character of dynamic flow sorter, stream mode tracking means, stream table management devices and message process device is all to comprise a plurality of processes or thread, can carry out high-speed parallel and handle.Another key character of stream table management devices is: each process or thread are responsible for the different piece of network flow table respectively, thereby the stream record chained list of each hash table entry in the assurance stream table and sensing thereof has only the person of writing, the insertion and the deletion that are chained list are responsible for by unique process or thread, and in the insertion of chained list and deletion action process by strict regulations write command order keeping the integrality of chained list, thereby avoided a large amount of mutual exclusions and the simultaneous operation that cause owing to parallel processing.
According to another aspect of the present invention, provide a kind of to network flow is classified, status tracking and message are handled method, this method comprises: carry out the dynamic flow sort operation according to IP five-tuple information or other specific identifiers that message comprises, determine the network flow that message is affiliated; Carry out stream mode according to the message field (MFLD) content and follow the tracks of operation, upgrade the stream record; Handle operation according to the information and executing message in the stream record, realize the corresponding business function; For the message of inquiry in the network flow table less than correspondence stream record, give stream table management devices with it, after stream table management devices confirms not exist corresponding stream record, carry out newly-built operation of stream record (idle stream record list item buffering area is not empty) or stream record replacement operation (idle stream record list item buffering area is empty) according to the situation of idle stream record list item buffering area again; Regularly carry out the aging operation of stream record, the stream record that meets or exceeds ageing time is deleted from the network flow table; The stream record list item of having deleted from the network flow table is carried out reclaimer operation, be recovered in the idle stream record list item buffering area.
The step of described dynamic flow sort operation is:
1) the IP five-tuple information that comprises with message (source address, destination address, source port/ICMP id, destination interface/ICMP type and code, protocol number) or other specific identifiers are key assignments substitution hash function, are that index finds hash table entry corresponding in the network flow table with the operation result.The all corresponding stream record chained list of each hash table entry is to solve the Hash collision problem;
2) with the key assignments of message successively with described hash table entry in the key assignments of each stream record compare.If find corresponding stream record (key assignments equates), then message is given the stream mode tracking means and carried out stream mode tracking operation; Otherwise, index according to hash table entry is given process or thread corresponding in the stream table management devices with message, after stream table management devices confirms not exist corresponding stream record, carry out newly-built operation of stream record (idle stream record list item buffering area is not empty) or stream record replacement operation (idle stream record list item buffering area is empty) according to the situation of idle stream record list item buffering area again.If stream table management devices finds to have existed corresponding stream record, then directly message is given the stream mode tracking means, carry out stream mode and follow the tracks of operation.
Described stream mode is followed the tracks of operation, and the step of upgrading the stream record is:
1) stream of message correspondence record is added writes lock, perhaps adopt mutual exclusion to write atomic instructions flow record content is made amendment;
2) upgrade flow state information in the stream record according to field contents (as the flags field in TCP packet header) relevant in agreement under the message (TCP, UDP, ICMP, or the like), the message and message transmissions direction with protocol status;
3) upgrade the timestamp information that flows in the record with the current time;
4) upgrade the ageing time information (the ageing time intervals that different stream modes is corresponding different) that flows in the record according to current stream mode;
5) remove the lock of writing that flows record;
6) give message process device with message, carry out message and handle operation.
The step that described message is handled operation is:
1) reads processing policy information in the stream record of message correspondence;
2) according to processing policy message is handled, realized the corresponding business function.Typical business function comprises the detection of QoS, packet filtering, attack/invasion and defence, network address translation, message forwarding, load balancing, traffic statistics, or the like.
The step that described stream writes down newly-built operation is:
1) (one network flow comprises back and forth the flow of both direction as the forward key assignments of stream with the key assignments of message, divide into positive direction flow and opposite direction flow according to first direction that arrives message, the key assignments difference of both direction), handle by the process or the thread of forward key assignments correspondence earlier;
2) fill in the information such as forward key assignments, time started, timestamp, ageing time and stream mode that flow in the record.Further, according to required business function, fill in the processing policy information in the stream record, typical business function comprises QoS, network security, network address translation, route, two layers of conversion, load balancing, traffic statistics, or the like.Then determine the reverse key assignments of stream and be filled up to flow in the record;
3) will flow the record list item inserts in the stream record chained list of forward key assignments correspondence in the network flow table;
4) message is given stream reverse key assignments correspondence process or thread process.Stream record list item is inserted in the stream record chained list of reverse key assignments correspondence in the network flow table, then message is given the stream mode tracking means, carry out stream mode and follow the tracks of operation.
The step of described stream record replacement operation is:
1) checks timestamp and the ageing time information that each stream writes down in the current stream record chained list successively, select to have reached or surpassed the stream record of ageing term.If there is not such stream record, then adopt recent minimum use replacement policy (LRU), select the oldest stream record of timestamp in the chained list, perhaps adopt first in first out replacement policy (FIFO), select to be in the stream record of linked list head;
2) the list item reclaimer operation carried out in the stream record of choosing.
The step of the aging operation of described stream record is:
1) its that part of network flow table of being responsible for of each process of stream table management devices or thread periodic scanning reclaims the stream record that meets or exceeds ageing term;
2) be the expense of the aging operation of control, the threshold value of maximum scanning list items in the once-through operation need be set.Each aging operation is all proceeded scanning since the place of finishing last time.
The step of described stream record list item reclaimer operation is:
1) handles by the process or the thread of the forward key assignments correspondence that flows record earlier.Delete in the stream record chained list with stream record list item forward key assignments correspondence from the network flow table;
2) process or the thread of then giving the reverse key assignments correspondence of stream record handled.Stream record list item is oppositely deleted in the stream of the key assignments correspondence record chained list from the network flow table, and be recovered in the idle stream record list item buffering area.Before reclaiming, using the message of this list item if also there are some, in order not influence it in removal process and reclaim later normal use, avoid since reclaim cause synchronization overhead, when reclaiming, do not empty contents in table, but by the time empty again during sub-distribution under this list item, simultaneously idle stream being write down the distributed list item threshold value of list item buffering area is arranged to less than the idle list item number of maximum---because idle stream record list item buffering area takes mode first-in last-out to distribute idle list item, therefore the list item that is recovered can not redistributed away at once, makes the message of current this list item of use successfully to dispose.
The described operating procedure of inserting stream record list item in the network flow table is:
1) supposes and between stream record list item A in the stream record chained list and C, to insert a new list item B.At first, read the value (being the position of list item C) of next list item field of list item A;
2) value that will read is write in next list item field of list item B;
3) address of list item B is inserted in next list item field of list item A.
Described operating procedure of deleting stream record list item in the network flow table is:
1) supposes and in stream record chained list, deletion to flow the list item B that writes down between list item A and the C.At first, read the value (being the position of list item C) of next list item field of list item B;
2) value that will read is write in next list item field of list item A;
3) content (next the list item field that comprises list item B) of reservation list item B does not empty.Even current like this have along this chained list carry out the reader of query manipulation and just in time arrive list item B, also can because B by from chained list the deletion and not influence its visit back list item.
The present invention relates to a kind of network flow be classified, the apparatus and method that status tracking and message are handled, employing has realized the fine granularity of flow is controlled based on the dynamic flow sorting technique of IP five-tuple or other specific identifiers, adopt a plurality of parallel devices and the inner multi-process of device or threading mechanism to realize the high-speed parallel of flow is handled, by cutting network flow table, it is unique that the stream record chained list person of writing is set, the write command order is to keep the integrality of chained list in insertion of strict regulations chained list and the deletion action process, the a large amount of mutual exclusions and the simultaneous operation that cause owing to parallel processing has been avoided in the measures such as distributed list item threshold value that idle stream record list item buffering area is set, and makes treatment effeciency be further enhanced.The present invention is applicable to various parallel processing environments such as network processing unit, ASIC, FPGA, multi-core processor, symmetric multi processor (smp), software process or thread, has good cross-platform compatibility, extensibility and practicality.
Description of drawings
Below in conjunction with accompanying drawing the present invention is illustrated in further detail:
Fig. 1 is a network flow hoist pennants of the present invention;
Fig. 2 is an idle stream record list item buffering area schematic diagram of the present invention;
Fig. 3 for according to embodiments of the invention to network flow is classified, status tracking and message are handled device schematic diagram;
Fig. 4 for according to embodiments of the invention to network flow is classified, status tracking and message are handled method flow diagram;
Embodiment
Below with reference to accompanying drawing of the present invention, describe most preferred embodiment of the present invention in more detail and describe in detail.
The present invention is a kind of to network flow is classified, status tracking and message are handled apparatus and method.
Referring to Fig. 1, network flow table of the present invention is used to write down network flow information, adopts the hash table mode to organize, and hash table length is L.Adopt the chained list mode to solve Hash collision, each hash table entry all comprises the head pointer of a stream record chained list.Because network flow comprises the flow of positive and negative both direction, so each stream record list item all belongs to two stream record chained lists of network flow table respectively, forward key assignments of the corresponding respectively stream record of these two chained lists and reverse key assignments.
The structure of network flow table hash table entry is as shown in the table:
| Data message (arranging) according to storage order | Length (position) | Implication |
| Stream record chain meter pointer (flowlist) | 32 | The chained list that sensing is made up of the stream record list item of corresponding same Hash value |
| Direction signs (dir) | 8 | The forward key assignments of stream record is pointed in 0 expression, and 1 represents to point to the reverse key assignments of stream record, down together |
The structure of stream record list item is as shown in the table:
| Reverse output equipment (reoutdev) | 16 | Reverse output equipment/forward input equipment |
| Reverse next list item pointer (renext) | 32 | Point to the next list item of the chained list of reverse key assignments retuple correspondence |
| Time started (starttime) | 32 | Timestamp constantly set up in the stream record |
| Timestamp (timestamp) | 32 | Arrive the timestamp of message recently |
| Ageing time is (agetime) at interval | 32 | Ageing time at interval, and is different and different according to stream mode |
| Stream mode (flowstate) | 8 | Stream mode |
| Write lock (wlock) | 8 | Be used for the mutual exclusion of writing of this stream record field |
| Processing policy information (action) | Indefinite | Needed information when preserving each business function processing message |
| Statistical information (stats) | Indefinite | Statistical informations such as the flow of process |
Referring to Fig. 2, idle stream of the present invention record list item buffering area is used to store idle stream record list item, adopts the chained list mode to organize, and adopts first-in last-out (FILO) mode to distribute idle list item.Indicating by buffering area head pointer Ph and buffering area tail pointer Pt respectively end to end of buffering area.For fear of because the synchronization overhead that causes of reclaimer operation guarantees that the list item that is recovered can not redistributed and empty at once, setting can distribute list item threshold value Tr and maximum idle list item to count S (0<Tr<S).
Referring to Fig. 3, of the present invention the device that network flow is classified, status tracking and message are handled is comprised: dynamic flow sorter 1, stream mode tracking means 2, message process device 3, and stream table management devices 4.In addition, also comprise network flow table shown in Fig. 1-2 and idle stream record list item buffering area.Dynamic flow sorter 1 is carried out the dynamic flow sort operation, according to the IP five-tuple information inquiry network flow table that message comprises, determines the network flow that message is affiliated, for the message that can not find corresponding stream record, gives stream table management devices 4 and handles.Stream mode tracking means 2 is carried out stream mode and is followed the tracks of operation, according to the information such as stream mode, timestamp and ageing time in the message field (MFLD) content update stream record.Message process device 3 is carried out message and is handled operation, according to the processing policy information (action) in the stream record message is done corresponding processing, realizes the related service function.Stream table management devices 4 be used for carrying out network flow table stream record newly-built, replace, aging and reclaimer operation.All comprise N process or thread in each device, handle to realize high-speed parallel.In order to eliminate the mutual exclusion and the synchronization overhead of the network flow table access that causes owing to parallel processing, need the network flow table to be carried out cutting according to process in the stream table management devices or Thread Count, each process in the stream table management devices or thread independently are responsible for the part of network flow table, to guarantee that having only unique person of writing to carry out to every stream record chained list inserts and deletion action.In addition, for controlling the expense of each aging operation, threshold value Ta need be set to allow the number of the list item of scanning in the once aging operation of control.
Referring to Fig. 4, of the present invention the method that network flow is classified, status tracking and message are handled is comprised the steps:
1) network message at first enters the dynamic flow sorter, carries out dynamic flow sort operation S1.The IP five-tuple information that comprises with message is key assignments substitution hash function H, calculates index value i.The typical computing formula of function H is:
(source address+destination address+source port+destination interface+protocol number) %L
Find hash table entry E corresponding in the network flow table according to i.With the key assignments of message successively with the flowlist field indication chained list of hash table entry in the key assignments of each stream record compare.If the stream mode tracking means then given message in the stream record that finds key assignments to equate, change step 2); Otherwise, give (i%N) individual process or thread in the stream table management devices with message, change step 4);
2) carry out stream mode and follow the tracks of operation S2.To flow to write down to add and write lock (wlock), then according to agreement under the message (TCP, UDP, ICMP, or the like), the field contents (as flags field in TCP head) relevant with protocol status and message transmissions direction are upgraded the stream record in the message flowstate field, according to the timestamp field that current time renewal stream writes down, upgrade the agetime field (the ageing time intervals that different stream modes is corresponding different) that stream writes down according to the value of current flowstate field.Remove the lock of writing of stream record, give message process device with message then, change step 3);
3) carry out message and handle operation S3.Action field in the reading flow record is handled message according to processing policy information wherein, realizes the corresponding business function.Typical business function comprises the detection of QoS, packet filtering, attack/invasion and defence, network address translation, message forwarding, load balancing, traffic statistics, or the like;
4) with the key assignments of message forward key assignments, handle by the process or the thread of forward key assignments tuple correspondence earlier as stream.At first requester network stream table confirms whether there has been corresponding stream record.If exist, then directly message is given the stream mode tracking means, change step 2); Otherwise, from idle stream record list item buffering area, distribute an idle list item and list item carried out zero clearing.If idle stream record list item buffering area is empty (the allocation table item number reaches threshold value Tr),, change step 6) then with packet loss;
5) carry out the newly-built operation S4 of stream record.Fill in fields such as tuple, starttime in the stream record, timestamp, agetime, flowstate.Further, according to required business function, fill in the action field in the stream record.Then determine the reverse key assignments retuple of stream and be filled into to flow in the record---generally, the computational methods of retuple are:
(resip,redip,resport,redport,proto)=(dip,sip,dport,sport,proto)
Stream record list item is inserted in the stream record chained list of tuple correspondence in the network flow table, then message is given the process or the thread process of retuple correspondence.The process of retuple correspondence or thread are responsible for stream record list item is inserted in the stream record chained list of retuple correspondence in the network flow table, then message are given the stream mode tracking means, change step 3);
6) carry out stream record replacement operation S5.Check the timestamp and the agetime field of each stream record in the current stream record chained list successively, select to have reached or surpassed the stream record of ageing term.If there is not such stream record, then adopt recent minimum use replacement policy (LRU), select the oldest stream record of timestamp in the chained list, perhaps adopt first in first out replacement policy (FIFO), select to be in the stream record of linked list head, change step 7);
7) carry out stream record reclaimer operation S6.Handle by the process or the thread of the forward key assignments tuple correspondence that flows record earlier, delete in the stream record chained list with stream record list item tuple correspondence from the network flow table.Then give the process or the thread of the reverse key assignments retuple correspondence of stream record and handle, delete in the stream record chained list with stream record list item retuple correspondence from the network flow table, be recovered in the idle stream record list item buffering area.Before reclaiming, may also exist some using the message of this list item, in order not influence it in removal process and reclaim later normal use, avoid since reclaim cause synchronization overhead, when reclaiming, do not empty contents in table, but by the time empty again during sub-distribution under this list item, simultaneously idle stream being write down the distributed list item threshold value of list item buffering area is arranged to less than the idle list item number of maximum---because idle stream record list item buffering area takes mode first-in last-out to distribute idle list item, therefore the list item that is recovered can not redistributed away at once, makes the message of current this list item of use successfully to dispose.
In addition, each process of stream table management devices or thread also need regularly to carry out the aging operation of stream record S7, promptly scan that part of network flow table that it is responsible for, and the stream record that meets or exceeds ageing term is reclaimed.Once aging operation is Ta list item of scanning at most, and each aging operation is all proceeded scanning since the place of finishing last time.
The operating procedure of inserting stream record list item in the network flow table of the present invention is:
1) supposes and between stream record list item A in the stream record chained list and C, to insert a new list item B.At first, read the value (being the position of list item C) of the next field of list item A;
2) value that will read is write in the next field of list item B;
3) address of list item B is inserted in the next field of list item A.
Operating procedure of deleting stream record list item in the network flow table of the present invention is:
1) supposes and in stream record chained list, deletion to flow the list item B that writes down between list item A and the C.At first, read the value (being the position of list item C) of the next field of list item B;
2) value that will read is write in the next field of list item A;
3) content (the next field that comprises list item B) of reservation list item B does not empty.Even current like this have along this chained list carry out the reader of query manipulation and just in time arrive list item B, also can because B by from chained list the deletion and not influence its visit back list item.
So, the present invention adopts the dynamic flow sorting technique based on IP five-tuple or other specific identifiers to realize the fine granularity of flow is controlled, adopt a plurality of parallel devices and the inner multi-process of device or threading mechanism to realize the high-speed parallel of flow is handled, by cutting network flow table, it is unique that the stream record chained list person of writing is set, the write command order is to keep the integrality of chained list in insertion of strict regulations chained list and the deletion action process, the a large amount of mutual exclusions and the simultaneous operation that cause owing to parallel processing has been avoided in the measures such as distributed list item threshold value that idle stream record list item buffering area is set, and makes treatment effeciency be further enhanced.The present invention is applicable to various parallel processing environments such as network processing unit, ASIC, FPGA, multi-core processor, symmetric multi processor (smp), software process or thread, has good cross-platform compatibility, extensibility and practicality.
The present invention using, has obtained good effect on the network security processing platform of the processor Network Based of applicant development and gigabit level security gateway, the performance index excellence has realized purpose of the present invention.The present invention has good practicability and popularizing application prospect.
Although disclose specific embodiments of the invention and accompanying drawing for the purpose of illustration, its purpose is to help to understand content of the present invention and implement according to this, but it will be appreciated by those skilled in the art that: without departing from the spirit and scope of the invention and the appended claims, various replacements, variation and modification all are possible.Therefore, the present invention should not be limited to most preferred embodiment and the disclosed content of accompanying drawing, and the scope of protection of present invention is as the criterion with the scope that claims define.
Claims (10)
1. one kind to the device that network flow is classified, status tracking and message are handled, and this device comprises:
Dynamic flow sorter based on IP five-tuple information or specific identifier, be used to carry out the dynamic flow sort operation, the IP five-tuple information or the specific identifier requester network stream table that comprise according to message, determine the network flow that message is affiliated, for the message that can not find corresponding stream record, give stream table management devices and handle;
The stream mode tracking means is used to carry out stream mode and follows the tracks of operation, according to stream mode, timestamp and the ageing time information in the message field (MFLD) content update stream record;
Message process device is used to carry out message and handles operation, according to the processing policy information in the stream record message is correspondingly processed;
Stream table management devices, be used for carrying out network flow table stream record newly-built, replace, aging and reclaimer operation;
The network flow table is used to write down network flow information, and the stream record adopts the hash table mode to organize, and adopts the chained list mode to solve Hash collision; And
Idle stream record list item buffering area is used to store idle stream record list item, adopts first-in last-out to distribute idle list item.
2. according to claim 1 to network flow is classified, status tracking and message are handled device, it is characterized in that: dynamic flow sorter, stream mode tracking means, stream table management devices and message process device all comprise a plurality of processes or thread, can carry out high-speed parallel and handle; Each process of stream table management devices or thread are responsible for the different piece of network flow table respectively.
3. one kind to the method that network flow is classified, status tracking and message are handled, and specifically may further comprise the steps:
Carry out the dynamic flow sort operation according to IP five-tuple information or specific identifier that message comprises, determine the network flow that message is affiliated;
Carry out stream mode according to the message field (MFLD) content and follow the tracks of operation, upgrade the stream record;
Handle operation according to the information and executing message in the stream record, realize the corresponding business function;
For the message of inquiry in the network flow table less than correspondence stream record, give stream table management devices with it, after stream table management devices confirms not exist corresponding stream record, carry out stream newly-built operation of record or stream record replacement operation according to the situation of idle stream record list item buffering area again;
Regularly carry out the aging operation of stream record, the stream record that meets or exceeds ageing time is deleted from the network flow table;
The stream record list item of having deleted from the network flow table is carried out reclaimer operation, be recovered in the idle stream record list item buffering area.
4. according to claim 3 to the method that network flow is classified, status tracking and message are handled, it is characterized in that the step of described dynamic flow sort operation is:
1) IP five-tuple information or the specific identifier that comprises with message is key assignments substitution hash function, is that index finds hash table entry corresponding in the network flow table with the operation result;
2) with the key assignments of message successively with described hash table entry in stream record chain meter pointer field indication chained list in the key assignments of each stream record compare: if find corresponding stream record, then message is given the stream mode tracking means and is carried out stream mode and follow the tracks of and operate; Otherwise, index according to hash table entry is given process or thread corresponding in the stream table management devices with message, after stream table management devices confirms not exist corresponding stream record, carry out stream newly-built operation of record or stream record replacement operation according to the situation of idle stream record list item buffering area again.
5. according to claim 3ly the method that network flow is classified, status tracking and message are handled be is characterized in that described stream mode is followed the tracks of operation, the step of upgrading the stream record is:
1) stream of message correspondence record is added writes lock, perhaps adopt mutual exclusion to write atomic instructions flow record content is made amendment;
2) upgrade the flow state information that flows in the record according to field contents relevant in agreement, the message under the message and message transmissions direction with protocol status;
3) upgrade the timestamp information that flows in the record with the current time;
4) upgrade the ageing time information that flows in the record according to current stream mode;
5) remove the lock of writing that flows record; 6) give message process device with message, carry out message and handle operation.
6. according to claim 3ly the method that network flow is classified, status tracking and message are handled be is characterized in that the step that described message is handled operation is:
1) reads processing policy information in the stream record of message correspondence;
2) according to processing policy message is handled, realized the corresponding business function.
7. according to claim 3 to the method that network flow is classified, status tracking and message are handled, it is characterized in that the step that described stream writes down newly-built operation is:
1) with the key assignments of message forward key assignments, handles by the process or the thread of forward key assignments correspondence earlier as stream;
2) fill in forward key assignments, time started, timestamp, ageing time and the flow state information that flows in the record;
Further, according to required business function, fill in the processing policy information in the stream record; Then determine the reverse key assignments of stream and be filled up to flow in the record;
3) will flow the record list item inserts in the stream record chained list of forward key assignments correspondence in the network flow table;
4) will flow the record list item and insert in the stream record chained list of reverse key assignments correspondence in the network flow table, then message be given the stream mode tracking means, and carry out stream mode and follow the tracks of operation.
8. according to claim 3ly the method that network flow is classified, status tracking and message are handled be is characterized in that the step of described stream record replacement operation is:
1) checks timestamp and the ageing time information that each stream writes down in the current stream record chained list successively, select to have reached or surpassed the stream record of ageing term; If there is not such stream record, then adopt recent minimum use replacement policy, select the oldest stream record of timestamp in the chained list, perhaps adopt the first in first out replacement policy, select to be in the stream record of linked list head;
2) the list item reclaimer operation carried out in the stream record of choosing.
9. according to claim 3ly the method that network flow is classified, status tracking and message are handled be is characterized in that the step of the aging operation of described stream record is:
1) its that part of network flow table of being responsible for of each process of stream table management devices or thread periodic scanning reclaims the stream record that meets or exceeds ageing term;
2) be the expense of the aging operation of control, the threshold value of maximum scanning list items in the once-through operation need be set, each aging operation is all proceeded scanning since the place of end last time.
10. according to claim 3ly the method that network flow is classified, status tracking and message are handled be is characterized in that the step of described stream record list item reclaimer operation is:
1) handles by the process or the thread of stream record forward key assignments correspondence earlier, delete in the stream record chained list with stream record list item forward key assignments correspondence from the network flow table;
2) process or the thread of then giving the reverse key assignments correspondence of stream record handled, and stream record list item oppositely deleted in the stream of the key assignments correspondence record chained list from the network flow table, and be recovered in the idle stream record list item buffering area; Before reclaiming, using the message of this list item if also there are some, in order not influence it in removal process and reclaim later normal use, avoid since reclaim cause synchronization overhead, when reclaiming, do not empty contents in table, but by the time empty again during sub-distribution under this list item, simultaneously idle stream is write down the distributed list item threshold value of list item buffering area and be arranged to less than the idle list item number of maximum.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005100864404A CN100459574C (en) | 2005-09-19 | 2005-09-19 | Network flow classifying, state tracking and message processing device and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005100864404A CN100459574C (en) | 2005-09-19 | 2005-09-19 | Network flow classifying, state tracking and message processing device and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1937574A CN1937574A (en) | 2007-03-28 |
| CN100459574C true CN100459574C (en) | 2009-02-04 |
Family
ID=37954848
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2005100864404A Expired - Fee Related CN100459574C (en) | 2005-09-19 | 2005-09-19 | Network flow classifying, state tracking and message processing device and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100459574C (en) |
Families Citing this family (38)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101170563A (en) * | 2007-11-30 | 2008-04-30 | 杭州华三通信技术有限公司 | A method and device for matching message rule |
| CN101252541B (en) * | 2008-04-09 | 2011-05-04 | 中国科学院计算技术研究所 | Method for establishing network flow classified model and corresponding system thereof |
| CN101599894B (en) * | 2008-06-04 | 2013-01-30 | 华为技术有限公司 | Method, device and system for processing messages containing clock information |
| CN101420371B (en) * | 2008-07-03 | 2010-12-01 | 江苏华丽网络工程有限公司 | Dynamic function supporting method and system for ASIC fusion network device |
| CN101610209B (en) * | 2008-11-28 | 2011-08-03 | 北京网康科技有限公司 | Method and device for multi-core parallel concurrent processing of network traffic flows |
| CN101753332B (en) * | 2008-12-03 | 2012-08-22 | 财团法人资讯工业策进会 | Event relation analyzing method and system |
| CN101572670B (en) * | 2009-05-07 | 2011-08-10 | 成都市华为赛门铁克科技有限公司 | Data packet processing method based on flow table, device and network system |
| CN101635676B (en) * | 2009-08-31 | 2011-07-27 | 杭州华三通信技术有限公司 | Message processing method and network equipment |
| CN101729240B (en) * | 2009-11-13 | 2012-10-10 | 北京中创信测科技股份有限公司 | Method and device for realizing time synchronization |
| CN101827021B (en) * | 2010-03-16 | 2012-11-28 | 杭州华三通信技术有限公司 | Method, device and system for classifying and marking QoS |
| CN102385588B (en) | 2010-08-31 | 2014-08-06 | 国际商业机器公司 | Method and system for improving performance of data parallel insertion |
| CN102004673A (en) * | 2010-11-29 | 2011-04-06 | 中兴通讯股份有限公司 | Processing method and system of multi-core processor load balancing |
| EP2677705A4 (en) | 2011-02-17 | 2016-06-01 | Nec Corp | Network system and network flow tracking method |
| CN102761517B (en) * | 2011-04-25 | 2015-06-24 | 工业和信息化部电信传输研究所 | Content reduction method for high-speed network |
| US8619800B1 (en) * | 2012-12-20 | 2013-12-31 | Unbound Networks | Parallel processing using multi-core processor |
| CN103023728B (en) * | 2013-01-15 | 2016-03-02 | 中国人民解放军信息工程大学 | flow monitoring method |
| CN103748842B (en) * | 2013-06-26 | 2017-04-12 | 华为技术有限公司 | Method, device and route device for forwarding data packages |
| CN104348716B (en) * | 2013-07-23 | 2018-03-23 | 新华三技术有限公司 | A kind of message processing method and equipment |
| WO2015114646A1 (en) * | 2014-01-30 | 2015-08-06 | Hewlett-Packard Development Company, L.P. | Analyzing network traffic in a computer network |
| CN104009924B (en) * | 2014-05-19 | 2017-04-12 | 北京东土科技股份有限公司 | Message processing method and device based on TCAM and FPGA |
| CN106330582B (en) * | 2015-06-18 | 2020-11-20 | 中兴通讯股份有限公司 | Method and device for detecting number of shared internet access mobile terminals |
| CN106330694A (en) * | 2015-06-26 | 2017-01-11 | 中兴通讯股份有限公司 | Method and device for realizing flow table traversal business |
| CN108092914B (en) * | 2016-11-21 | 2022-03-04 | 华为技术有限公司 | Network traffic load balancing scheduling method and device |
| CN107317759A (en) * | 2017-06-13 | 2017-11-03 | 国家计算机网络与信息安全管理中心 | A kind of thread-level dynamic equalization dispatching method of network interface card |
| CN107508757B (en) * | 2017-08-15 | 2021-11-19 | 网宿科技股份有限公司 | Multi-process load balancing method and device |
| CN107608773B (en) * | 2017-08-24 | 2020-08-04 | 阿里巴巴集团控股有限公司 | Task concurrent processing method and device and computing equipment |
| CN109831394B (en) * | 2017-11-23 | 2021-07-09 | 华为技术有限公司 | Data processing method, terminal and computer storage medium |
| CN108243107B (en) * | 2018-01-30 | 2020-11-20 | 盛科网络(苏州)有限公司 | Method and device for dynamically adjusting hardware table entry aging period |
| CN110471944A (en) * | 2018-05-11 | 2019-11-19 | 北京京东尚科信息技术有限公司 | Indicator-specific statistics method, system, equipment and storage medium |
| CN111107042B (en) * | 2018-10-26 | 2021-03-09 | 广州汽车集团股份有限公司 | Message parsing method and device, computer equipment and storage medium |
| CN109410445A (en) * | 2018-10-31 | 2019-03-01 | 湖南金码智能设备制造有限公司 | A kind of method and self-help shopping system of multiple unit cabinets of selling goods |
| CN110851334A (en) * | 2019-11-19 | 2020-02-28 | 深圳市网心科技有限公司 | Flow statistical method, electronic device, system and medium |
| CN113347090B (en) * | 2020-02-18 | 2023-06-20 | 华为技术有限公司 | Message processing method, forwarding equipment and message processing system |
| CN112311895B (en) * | 2020-11-12 | 2022-10-11 | 中国电子科技集团公司第五十四研究所 | Transparent mode TCP flow load balancing method and device based on SDN |
| CN112667375A (en) * | 2020-12-22 | 2021-04-16 | 杭州东信北邮信息技术有限公司 | Task scheduling method and system based on big data service |
| CN112749028A (en) * | 2021-01-11 | 2021-05-04 | 科大讯飞股份有限公司 | Network traffic processing method, related device and readable storage medium |
| CN113518130B (en) * | 2021-08-19 | 2023-03-24 | 北京航空航天大学 | Packet burst load balancing method and system based on multi-core processor |
| CN115150331B (en) * | 2022-09-02 | 2022-11-25 | 无锡沐创集成电路设计有限公司 | Information processing method, information processing device, electronic device, and medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5379297A (en) * | 1992-04-09 | 1995-01-03 | Network Equipment Technologies, Inc. | Concurrent multi-channel segmentation and reassembly processors for asynchronous transfer mode |
| JP2003298638A (en) * | 2002-04-05 | 2003-10-17 | Matsushita Electric Ind Co Ltd | Apparatus and method for transmitting packet |
| US20040085964A1 (en) * | 2002-10-29 | 2004-05-06 | Janne Vaananen | Method and apparatus for scheduling available link bandwidth between packet-switched data flows |
| CN1612527A (en) * | 2003-10-28 | 2005-05-04 | 华为技术有限公司 | Data service information collecting device and charging method using same |
| CN1633111A (en) * | 2005-01-14 | 2005-06-29 | 中国科学院计算技术研究所 | High-speed network traffic flow classification method |
-
2005
- 2005-09-19 CN CNB2005100864404A patent/CN100459574C/en not_active Expired - Fee Related
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5379297A (en) * | 1992-04-09 | 1995-01-03 | Network Equipment Technologies, Inc. | Concurrent multi-channel segmentation and reassembly processors for asynchronous transfer mode |
| JP2003298638A (en) * | 2002-04-05 | 2003-10-17 | Matsushita Electric Ind Co Ltd | Apparatus and method for transmitting packet |
| US20040085964A1 (en) * | 2002-10-29 | 2004-05-06 | Janne Vaananen | Method and apparatus for scheduling available link bandwidth between packet-switched data flows |
| CN1612527A (en) * | 2003-10-28 | 2005-05-04 | 华为技术有限公司 | Data service information collecting device and charging method using same |
| CN1633111A (en) * | 2005-01-14 | 2005-06-29 | 中国科学院计算技术研究所 | High-speed network traffic flow classification method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1937574A (en) | 2007-03-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100459574C (en) | Network flow classifying, state tracking and message processing device and method | |
| CN100448225C (en) | Method and device for classifying dynamic flow without IP partitioned regrouping | |
| CN107566206B (en) | Flow measuring method, equipment and system | |
| Ramabhadran et al. | Efficient implementation of a statistics counter architecture | |
| US20130304926A1 (en) | Concurrent linked-list traversal for real-time hash processing in multi-core, multi-thread network processors | |
| CN108337172A (en) | Extensive OpenFlow flow table classification storage architecture and acceleration lookup method | |
| US20060059165A1 (en) | Highly scalable subscription matching for a content routing network | |
| CN101650730B (en) | Method and system for discovering weighted-value frequent-item in data flow | |
| US9128686B2 (en) | Sorting | |
| CN102387082B (en) | Flow-classification-based grouping flow control system and control method | |
| CN111988231B (en) | Mask quintuple rule matching method and device | |
| CN101026576B (en) | Pattern matching method and device for processing fragmented message string giving consideration to matching strategy | |
| CN113518130B (en) | Packet burst load balancing method and system based on multi-core processor | |
| Zhao et al. | Dhs: Adaptive memory layout organization of sketch slots for fast and accurate data stream processing | |
| Canini et al. | Experience with high-speed automated application-identification for network-management | |
| KR101191251B1 (en) | 10 Gbps scalable flow generation and control, using dynamic classification with 3-level aggregation | |
| CN111200542B (en) | Network flow management method and system based on deterministic replacement strategy | |
| Li et al. | Ladderfilter: Filtering infrequent items with small memory and time overhead | |
| Xie et al. | Index–Trie: Efficient archival and retrieval of network traffic | |
| KR100770643B1 (en) | Method of High Performance Packet Classification Using TCAM and Apparatus Thereof | |
| Ye et al. | UA-Sketch: An Accurate Approach to Detect Heavy Flow based on Uninterrupted Arrival | |
| Whitehead et al. | An efficient hybrid approach to per-flow state tracking for high-speed networks | |
| Xie et al. | Towards Capacity-Adjustable and Scalable Quotient Filter Design for Packet Classification in Software-Defined Networks | |
| Lal et al. | A survey of real-time big data processing algorithms | |
| Gong et al. | SSS: An accurate and fast algorithm for finding top-k hot items in data streams |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20090204 Termination date: 20140919 |
|
| EXPY | Termination of patent right or utility model |