CN100446509C - Method for realizing re-oriented message correctly repeat and first-part and second-part - Google Patents
Method for realizing re-oriented message correctly repeat and first-part and second-part Download PDFInfo
- Publication number
- CN100446509C CN100446509C CNB2006101386207A CN200610138620A CN100446509C CN 100446509 C CN100446509 C CN 100446509C CN B2006101386207 A CNB2006101386207 A CN B2006101386207A CN 200610138620 A CN200610138620 A CN 200610138620A CN 100446509 C CN100446509 C CN 100446509C
- Authority
- CN
- China
- Prior art keywords
- redirected
- message
- nfc
- rule
- iac
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
This invention relates to a method for realizing transferring re-directional messages correctly including: 1, a first part sets up re-directional channel while configuring re-direction rule to distribute a channel ID to each channel, 2, the first part re-directs the received re-directed message to a second part carrying the ID, 3, when the first part receives the message fed back by the second part, it analyzes the ID from the message to get the re-direction rule and transfers said message, which can recover the context of a message to finish the successive work when the first part receives multi-kind of message flows fed back from the second part.
Description
Technical field
The present invention relates to network field, relate in particular to OAA (Open Application Architecture, open application architecture) NFC (Network Forwarding Component in, the forwarded parts) realize method that re-oriented message correctly is transmitted and the OAA that uses this method and between the IAC (Independent Application Component, separate traffic parts).
Background technology
Along with the fast development of Network and progressively refinement, traditional network equipment becomes no longer handy when handling these business.Such as, require equipment can do data forwarding and not only can insert voice, require equipment can finish load balancing but also can carry out content safety and filter.At this moment, a family independently technology producer be difficult to offer simultaneously desired all services of user.For this reason, the user need buy the equipment of a plurality of producers usually, and those equipment are linked together.So not only interoperability often goes wrong, equipment room cooperates and to be not easy especially to consult, and the equipment of giving administer and maintain the burden of bringing on the cost
With switching equipment (described switching equipment comprises switch and router) is example, and at present according to position in the network and effect, switching equipment is divided into low and middle-end switching equipment and core switching device usually.The major function of low and middle-end switching equipment is to compile and carry out service management, and the major function of core switching device is quick forwarding, makes packet pass through IP backbone as far as possible apace.The low and middle-end switching equipment generally is in the marginal position of network, and implementation is the centralized switching equipment of general uniprocessor (CPU).Because centralized switching equipment has Costco Wholesale advantage preferably, so obtain using comparatively widely.Centralized switching equipment can rely on the simple single-processor of built-in function to realize function of exchange, but, in the face of the traffic performance requirement that becomes increasingly abundant, as IPSec (IP Security agreement), IPS (Intrusion Protect System intrusion prevention system), voice and wireless etc., centralized switching equipment can not satisfy those professional demands.
In order to address the above problem, the applicant has proposed a kind of OAA framework, the equipment of different vendor is integrated into system's (seeing also Fig. 1) of a loose coupling.A system that meets the OAA framework comprises (the Interface Linkage Component by ILC, the interface link) NFC of Lian Jieing and IAC, wherein NFC is the main body of OAA system, being responsible for carrying out message transmits, the function that complete router and switch are arranged also is the core of user management control; IAC is the business service main body that is used to provide the additional function of various application, generally shows as a veneer or button card in the OAA system; ILC is integrated in respectively on NFC and the IAC as interface usually, transmits and the path of control information transmission for NFC and IAC provide message.
Be redirected and mainly refer to change the flow direction of message in the network equipment.With Fig. 2 is example, and message enters from interface A, should go out from interface D according to the destination address that message carries, and still, goes out from interface G after re-orientation processes.The existing redirected equipment (as switching equipment) of finishing, normally by the forwarding module (as Ethernet card) at this equipment incoming interface place, the message (being redirection message) that coupling is redirected rule is sent to interface G.Because prior art is when redirected, do not preserve message and be redirected preceding context, as source MAC, the target MAC (Media Access Control) address of message, after redirection message returns, owing to can't recover those contexts, therefore the technical problem that causes original message follow-up business to interrupt.
For example: NFC is redirected rule match to the message of our department's part of flowing through, if described message is the redirection message that coupling is redirected rule, NFC just need handle the source module information in the message, object module information: object module information in the message is revised as the IAC side ports information that IAC is connected with NFC, source module information in the message is revised as NFC goes up the NFC side ports information that is connected with IAC, like this, NFC just can be redirected to described redirection message on the IAC of appointment, and IAC could be back to NFC with the redirection message after handling.Because in the redirection message that returns, original source, the object module information of message are lost, if follow-up business need be known original source module and object module information, according to existing reorientation method, be original source module and the object module information of to reduce, cause the interruption of follow-up business thus, and then can not carry out follow-up repeating process.
Summary of the invention
The object of the present invention is to provide a kind of method of re-oriented message correctly forwarding of suitable open application architecture, to solve the context that to know the redirection message that returns in the prior art, cause follow-up business to interrupt thus, and then influence the technical problem of the follow-up forwarding of message.
In order to achieve the above object, the invention provides a kind of method that realizes that re-oriented message correctly is transmitted, the forwarded parts NFC that is used for open application architecture with message redirecting to separate traffic parts IAC, comprise: (1) NFC sets up when configuration is redirected rule and is redirected passage, is redirected passage ID to each redirected channel allocation one; (2) the NFC redirection message that will mate described redirected rule provides the IAC to appointment, the corresponding redirected passage ID of carrying in the described redirection message; (3) when NFC receives the redirection message that is returned by IAC, from redirection message, parse and be redirected passage ID, obtain corresponding redirected rule, transmit described message.
Step (2) comprising: the first processor of (21) NFC will be redirected the forwarding module and the first redirected forwarding module that rule and redirected passage ID are issued to local terminal respectively; (22) after forwarding module goes up internal head for the redirection message interpolation of the described redirected rule of coupling, provide, comprise at least in the described internal head and be redirected passage ID to the described first redirected forwarding module; (23) described first be redirected forwarding module and will comprise the message that is redirected passage ID and be redirected.
Internal head also comprises object module ID in the step (22), described object module ID is the first redirected forwarding module ID, described forwarding module provides center forwarding module to NFC, described center forwarding module to utilize object module ID that described message is sent to corresponding first redirection message and is redirected forwarding module.
Also comprise between step (2) and the step (3): IAC parses from redirection message and is redirected passage ID, and NFC obtains corresponding redirected rule by visit, and IAC utilizes the described message of described redirected rule process, perhaps
IAC searches the redirected channel table of local terminal, if find the redirected rule of described redirected passage ID correspondence, then IAC utilizes the described message of described redirected rule process, otherwise visit NFC obtains corresponding redirected rule, and described redirected passage ID and redirected rule be saved in the described redirected channel table, utilize the described message of described redirected rule process.
Step (1) also comprises: IAC issues to described NFC and is redirected rule, and the redirected passage ID that NFC will distribute is back to IAC, and IAC preserves the corresponding relation of described redirected rule and redirected passage ID; Also comprise between step (2) and the step (3): IAC parses and is redirected passage ID, after obtaining to be redirected rule, handles described redirection message, determines to abandon described message and still returns described message.
Transmitting described message in the step (3) comprises: know original object module information from be redirected rule, the forwarding module that described message is offered object module information correspondence is transmitted.
Step (1) set up to be redirected passage for determining to be redirected channel information, determines that being redirected channel information further comprises: by being redirected the port information of port information that rule directly finds the NFC side that corresponding IAC is connected with NFC, IAC side that IAC is connected with NFC.
Step (1) also comprises: NFC sets up and is redirected the corresponding relation that channel table is preserved redirected rule and is redirected passage ID; NFC obtains the redirected rule of described redirected passage ID correspondence by searching described redirected channel table in the step (3).
A kind of first parts of this method of application, described first parts are forwarded parts NFC, and described NFC comprises that first processor, some forwarding modules and some first are redirected forwarding module, wherein:
First processor is used for and will comprises the described first redirected forwarding module that the redirected channel information that is redirected rule and redirected passage ID is issued to described forwarding module and appointment;
Forwarding module: be used to receive message and send message, and the message of this module of flowing through is redirected regular coupling, and the redirection message that the match is successful is sent to the appointment first redirected forwarding module;
First is redirected forwarding module: be used for sending described redirection message to IAC, and restore to the redirection message that returns after the redirected rule of described message coupling, carry out message and transmit.
NFC also comprises the center forwarding module, connects first processor, forwarding module and first respectively and is redirected forwarding module, is used to set up between each forwarding module, forwarding module and first communication that is redirected between the forwarding module.
A kind of method that realizes that re-oriented message correctly is transmitted, the forwarded parts NFC that is used for described open application architecture with message redirecting to separate traffic parts IAC, comprise: the redirection message that (1) NFC will mate described redirected rule provides the IAC to appointment, the direct described redirected rule of carrying in the described redirection message; (2) when NFC receives the redirection message that is returned by IAC, from redirection message, directly parse and be redirected rule, transmit described message.
By means of the present invention, in advance carrying in the redirection message is redirected passage ID based on the NFC in the loosely coupled system of two layers of forwarding, like this, when receiving can directly parse in the redirection message that returns, NFC is redirected passage ID, find unique to being redirected the redirected rule of passage ID, utilize and be redirected some contextual informations that the information that comprises in the rule just can restore original message, such as, should be redirected in the rule and comprise source module information, this is redirected the original source module information of the message of rule just to restore coupling, avoid prior art owing to message original source module information is lost the technical problem that causes service disconnection thus, and then finish follow-up forwarding.
For example: NFC is redirected rule match to the message of our department's part of flowing through, if described message is the redirection message that coupling is redirected rule, NFC just need handle the source module information in the message, object module information: object module information in the message is revised as the IAC side ports information that IAC is connected with NFC, source module information in the message is revised as NFC goes up the NFC side ports information that is connected with IAC, like this, NFC just can be redirected to described redirection message on the IAC of appointment, and IAC could be back to NFC with the redirection message after handling.The present invention is after receiving the redirection message that returns, find the redirected rule of this redirection message of coupling, usually comprise source module, object module information owing to be redirected in the rule, therefore just can restore original source, the object module information of message, and then carry out follow-up repeating process.
Description of drawings
Fig. 1 is a kind of typical structure of the OAA system of the present invention's application;
Fig. 2 is existing redirected flow process schematic diagram;
Fig. 3 is the structured flowchart of the forwarded parts NFC in the OAA framework of the present invention;
Fig. 4 is the structural principle schematic diagram of the IAC of OAA framework of the present invention;
Fig. 5 is a kind of flow chart of realizing the re-oriented message correctly retransmission method in the OAA framework disclosed by the invention;
Fig. 6 is a flow chart of realizing the re-oriented message correctly retransmission method in the another kind of open application architecture disclosed by the invention.
Embodiment
Below in conjunction with accompanying drawing, specify the present invention.
Still please refer to Fig. 1, Figure 1 shows that a kind of typical structure of the OAA system that the present invention uses.The ILC that connects NFC and IAC among the OAA generally includes control interface and datum plane interface, control interface can be the interface that asynchronous serial port, synchronous serial interface etc. are supported stream mode, also may be an independent Ethernet physical port, perhaps shared physical port with datum plane.Control interface on the NFC is connected with control interface on the IAC, is used to carry out the communication of control information, and the datum plane interface on the NFC is connected with datum plane interface on the IAC, is used to carry out the communication of data message.In addition, can comprise a plurality of IAC that finish difference in functionality in an OAA system.
In the OAA system, the function of forwarding is finished by NFC, and professional additional treatments is finished by IAC.At different application, the applicant defines 4 kinds of mode of operations, can finish communicating by letter between NFC and the IAC by one of these 4 kinds of patterns or wherein several combinations.Below carry out exemplary introduction at various mode of operations:
1, main frame (Host) pattern
IAC resembles a main frame on the network, has the IP address of oneself, exists as the network tip.The IP message all is to transmit by the Ethernet interface of ILC.This mode, NFC only finishes simple message and transmits, and IAC then as the promoter and the recipient of data message, receives and dispatches various messages, and NFC is exactly the gateway of IAC.
2, mirror image (Mirror) pattern
Under this pattern, mirror image message also is to transmit by the Ethernet interface of ILC, and NFC as requested, duplicates a IAC of giving to specific message in the process that message is transmitted, and original message continues to finish normal forwarding.Analyze later on and handle and IAC receives this message, then message is abandoned according to specific strategy.This mode of operation often is applied to IDS (intruding detection system).
3, be redirected (Redirection) pattern
Under this pattern, redirection message also is to transmit by the Ethernet interface of ILC, and NFC as requested, gives IAC specific message redirecting in the message repeating process.After IAC handles, or abandon, or pass through.If pass through, then message is by the intact NFC that returns, and NFC then continues to handle from the place of interrupting originally, finishes follow-up forwarding work.This pattern is used for IPS (intrusion prevention system) more.
4, penetrate (Pass-Through) pattern
Under this pattern, IAC does not have configuration of IP address, and external Ethernet interface must be arranged, and data flow into from this external Ethernet interface, pass IAC, and the Ethernet interface of process ILC is to NFC, perhaps in the other direction.As if at NFC, external data similarly is the Ethernet interface that has directly arrived ILC, and IAC does not exist the same.Certainly, when flow passed through, IAC still can do relevant record analysis, and in the time of necessary, IAC also can make certain modification to finish relevant function at message.
Below introduce the process how the present invention realizes that re-oriented message correctly is transmitted.
The applicant finds after deliberation, if each message is all kept the context of this message in advance on NFC before being redirected, NFC is after receiving the redirection message that returns, restore the context of the described message of original preservation, just can carry out follow-up business, thereby avoid owing to the problem that causes service disconnection lost in the message context.But, when NFC is switch, because the transmitting-receiving of message is normally finished at each forwarding module of switch, therefore the memory space that one larger capacity need be set at each forwarding module is preserved the context of message, and after each forwarding module preserves the context of a message, also need this context is notified to the forwarding module at outgoing interface place, whole repeating process is very complicated, and it is big to implement difficulty.That is to say that the inapplicable NFC of above-mentioned redirection process is being redirected of switch.
The applicant is again through repeatedly discovering, the last predefined redirected rule of NFC, usually comprise the context of message or comprise context partly, such as, being redirected rule 1 is: incoming interface be A1, outgoing interface be the message redirecting of B2 to a certain IAC, mating this incoming interface that is redirected all messages of rule 1 all is that A1, outgoing interface all are B2.Obviously, only need preserve and be redirected rule, mate this respective contexts that is redirected all messages of rule and just can know at NFC.By said method, equally also can restore the respective contexts of original redirection message, and need not remove to preserve corresponding context at message.Based on above-mentioned principle, the method and the corresponding hardware thereof that the invention provides several concrete realization redirection process are improved.
A kind of first parts disclosed by the invention, described first parts are the forwarded parts NFC in the OAA framework.See also Fig. 3, it is the structured flowchart of the forwarded parts NFC in the OAA framework of the present invention.It comprises that some forwarding modules 11, center forwarding module 12, some first are redirected forwarding module 13 and first processor 14.Wherein:
First processor 14: be used for and be redirected the described first redirected forwarding module 13 that channel information is issued to forwarding module 11 and appointment.
When the present invention adopted by the reducing redirected rule of the mode that is redirected passage ID, first processor 14 was at producing unique redirected passage ID once being redirected rule.First processor 14 will comprise the first redirected forwarding module 12 that the redirected channel information that is redirected rule and redirected passage ID is distributed to the forwarding module 11 at the incoming interface place that indicates in the described redirected rule and is redirected the outgoing interface place.When redirected rule does not indicate incoming interface, such as, described redirected regular 2 for all outgoing interfaces be the message redirecting of x to being redirected outgoing interface y, then described first processor is given all forwarding modules and is redirected first of outgoing interface y and is redirected forwarding module and issues the redirected channel information that comprises described redirected rule and be redirected passage ID.When not indicating in the described redirected rule when being redirected outgoing interface, find this redirected rule downloading to which IAC, can know the port information of the NFC side that NFC is connected with IAC, i.e. the first redirected forwarding module information that is connected with IAC of correspondence.
When the present invention's employing is directly carried redirected rule in redirection message, first processor 14 will comprise redirected regular redirected channel information and be issued to the forwarding module 11 at the incoming interface place that indicates in the redirected rule and the first redirected forwarding module 12 at redirected outgoing interface place.
Forwarding module 11: be used to receive message and send message, and the message of this module of flowing through is redirected rule match, and the redirection message that the match is successful is sent to the appointment first redirected forwarding module.
When receive that first processor 14 sends comprise the redirected channel information that is redirected rule and redirected passage ID the time, preserve described redirected channel information.The present invention can be provided with a redirected channel table and preserve redirected channel information on forwarding module 11.
It includes interface processing sub and outgoing interface processing sub, wherein:
The incoming interface processing sub is used in the internal head of mating the message interpolation message that is redirected rule, and message is forwarded to the first corresponding redirected forwarding module 13.Usually forwarding module 11 is by center forwarding module 12 message to be forwarded to first to be redirected forwarding module 13.Described internal head can comprise source module information, object module information and redirected passage ID.When indicating source module information in being redirected rule, described internal head can comprise passage ID and the object module information of being redirected.Source module information can include the forwarding module information at interface message and incoming interface place.Object module information is the first redirected forwarding module ID, so that center forwarding module 12 receives this object module ID, message can be forwarded to the first corresponding redirected forwarding module 13.
When the present invention adopted that directly carrying is redirected rule in redirection message, the incoming interface processing sub can be redirected the internal head of interpolation message in the message of rule in coupling.Described internal head can comprise source module information, object module information.Described object module information comprises that first is redirected the module I D of forwarding module.
Outgoing interface processing sub: be used for message being transmitted according to the destination address (as purpose IP address, target MAC (Media Access Control) address) of the message that receives.
First is redirected forwarding module 13: be used for sending described redirection message to IAC, and restore the redirected rule of described message coupling for the redirection message that returns.
When receive that first processor sends comprise the redirected channel information that is redirected rule and redirected passage ID the time, preserve the redirected rule and the redirected passage ID that receive.First is redirected forwarding module 13 can be provided with a redirected channel table (shown in table 1 or table 2) on this module.
An attach most importance to example table of directed access table of table 1
| Be redirected passage ID | Source module information | Object module information | The redirected outgoing interface of message | Rule Information |
| 10 | Incoming interface is PortA1 | Outgoing interface is PortF2 | PortD1 | Incoming interface is that PortA1, outgoing interface are the message of PortF2 |
| 20 | Incoming interface is PortA2 | Outgoing interface is PortF2 | PortD1 | Incoming interface is that PortA2, outgoing interface are the message of PortF2 |
| ... | ... | ... | ... | ... |
Attach most importance to another example table of directed access table of table 2
| Be redirected passage ID | The forwarding module ID at incoming interface place (being referred to as source module ID) | The message incoming interface | The forwarding module ID at outgoing interface place (being referred to as object module ID) | The message outgoing interface | The redirected outgoing interface of message | Rule Information |
| 10 | 1 | PortA1 | 6 | PortF2 | PortD1 | Incoming interface is that PortA1, outgoing interface are the message of PortF2 |
| 20 | 1 | PortA2 | 6 | PortF2 | PortD1 | Incoming interface is that PortA2, outgoing interface are the message of PortF2 |
| ... | ... | ... | ... | ... |
When whenever receiving a redirected rule and redirected passage ID, then in the redirected channel table of local terminal, increase by one and be redirected the passage list item.
First is redirected forwarding module 13 comprises redirected outgoing interface processing sub and redirected incoming interface processing sub, and the message that is redirected passage ID that comprises that described redirected outgoing interface processing sub is used for receiving is sent to IAC.Described redirected incoming interface processing sub is used to receive the redirection message that returns from IAC, therefrom parses to be redirected passage ID, finds corresponding redirected rule subsequently, then message is transmitted.
When the present invention adopted that directly carrying is redirected rule in redirection message, first is redirected forwarding module 13 was used for the redirection message that directly carrying is redirected rule and is sent to IAC, and from the redirected rule of returning, directly parse be redirected regular.
See also Fig. 4, it is the structural principle schematic diagram of the IAC of OAA framework of the present invention.It comprises that second processor 22 and second is redirected forwarding module 23.Wherein:
Described second processor 22 is used to handle message, according to predefined strategy decision message be back deletion by analysis or by analysis after return.
Launch particularly be exactly, when the reception message, by message being handled according to predefined strategy, such as, message is carried out analysis and judgement, and whether it is illegal message, if, dropping packets then, otherwise, return message is intact.
Second processor can carry out fine-grained management thus.Described fine-grained management is meant that IAC handles targetedly redirection message and NFC is controlled targetedly.Such as, IAC according to predefined strategy decision message be back deletion by analysis or by analysis after intactly return in, the number of statistics deletion message also.For another example, it is that the message of 192.168.1.1 all is the malicious attack message that IAC finds from the source IP that NFC interface A receives, and then can tell NFC by means such as interlock MIB, on interface A is that the message of 192.168.1.1 all abandons with the source IP that receives.
Second is redirected forwarding module 23: be used for being redirected Transmit-Receive Unit by first on the NFC and set up message communication between NFC and the IAC.
See also Fig. 5, it is a kind of flow chart of realizing the re-oriented message correctly retransmission method in the OAA framework disclosed by the invention.Be used for realizing that open application architecture forwarded parts NFC correctly transmits the redirection message that separate traffic parts IAC returns, it may further comprise the steps:
S110:NFC sets up when configuration is redirected rule and is redirected passage, is redirected passage ID to each redirected channel allocation one;
The redirection message that S120:NFC will mate described redirected rule provides the IAC to appointment, and carrying is corresponding in the described redirection message resets passage ID;
S130: when NFC receives the redirection message that is returned by IAC, from redirection message, parse and be redirected passage ID, obtain the redirected rule of described message coupling, transmit described message.
Below specify each step.
One, step S110
Can dispose in the following manner on the NFC to be redirected rule and to set up and be redirected passage.
The execution mode that first kind of configuration is redirected rule is: configuration is redirected rule to the user to IAC by NFC, and NFC preserves this simultaneously and is redirected rule and corresponding IAC information (port information of the IAC side that is connected with NFC as IAC sign, IAC etc.).
Second kind of configuration is redirected regular execution mode and is, the user is the redirected rule of configuration on IAC only, and IAC is sent to NFC with described redirected rule, and NFC preserves redirected rule and corresponding IAC information.
It is that execution mode is that the third configuration is redirected rule, and the user only disposes redirected rule on NFC and described redirected rule is redirected to IAC information among which IAC.
The every preservation one of NFC is redirected rule, sets up the redirected passage of a correspondence.Described redirected passage is a logical channel.Setting up redirected passage mainly is to determine to be redirected channel information.First of the NFC side that IAC is connected with NFC that generally includes redirected channel information is redirected the second redirected forwarding module information of the IAC side that forwarding module information and IAC be connected with NFC.Be redirected and preserve second on the forwarding module information when being redirected forwarding module information when first, being redirected needs to comprise described first and is redirected forwarding module information in the channel information.Comprise described first when being redirected forwarding module information in being redirected rule, described redirected channel information only comprises described redirected rule and corresponding redirected passage ID.
That is to say, determine to be redirected channel information and further comprise:
Set up the corresponding relation that is redirected rule and IAC sign;
Find port (the first redirected forwarding module) information of the NFC side that corresponding IAC is connected with NFC, port (the second redirected forwarding module) information of IAC side that IAC is connected with NFC by IAC sign.
The corresponding relation of the port information of the IAC side that the port information of the NFC side that in store in advance IAC sign, IAC are connected with NFC on the NFC, IAC are connected with NFC.When setting up redirected rule, indicate and be redirected to which IAC.Can know the first corresponding redirected forwarding module information by the sign of this IAC, be redirected first usually and preserve the second redirected forwarding module information that is attached thereto in the forwarding module.
Determining to be redirected channel information further comprises:
By being redirected the port information of port information that rule directly finds the NFC side that corresponding IAC is connected with NFC, IAC side that IAC is connected with NFC.When directly comprising in this redirected rule when being redirected outgoing interface information, can find first of this redirected outgoing interface place to be redirected forwarding module information, and in the first redirected forwarding module, preserve the second redirected forwarding module information that is attached thereto usually.
NFC is to the unique redirected passage ID of each redirected channel allocation, under the execution mode of first kind and the second kind redirected rule of configuration, NFC will be redirected passage ID and notify to IAC, and IAC keeps the corresponding relation that is redirected passage ID and is redirected rule in the redirected channel table of local terminal.Be redirected under the execution mode of rule in the third configuration, whenever IAC receives a redirection message, therefrom parse and be redirected passage ID, search the redirected channel table that local terminal is preserved, if do not find corresponding redirected rule, then visit the redirected rule that NFC obtains to be redirected passage ID correspondence.
The redirected rule that IAC visit NFC obtains redirected passage ID correspondence can comprise: at first, IAC sends the control command that inquiry is redirected rule to NFC, comprises described redirected passage ID in the described control command.Then, after NFC receives this instruction, send corresponding redirected rule to IAC.Subsequently, IAC redirected rule that will receive and the redirected passage ID redirected channel table that is saved in local terminal.IAC does not then need to send the control command that inquiry is redirected rule to NFC if find corresponding redirected rule in the redirected channel table that local terminal is preserved.In this implementation, the redirected channel table that the IAC end begins to preserve most is an empty table.
NFC also will comprise the first redirected forwarding module that the redirected channel information that is redirected passage ID and redirected rule is issued to the forwarding module at the incoming interface place that indicates in the described redirected rule respectively and is redirected the outgoing interface place.The forwarding module at incoming interface place and the first redirected forwarding module are set up the redirected channel table shown in table 1 or table 2 respectively.
Two, step S120
The redirection message that NFC will mate described redirected rule offers the IAC of appointment, and carrying is redirected passage ID in the described message.See also table 3, it is existing a kind of VLAN frame message format.It comprises the VLAN head, RIF (route information field), Data (content regions), and FCS (end code).
Table 3
Being redirected passage ID can be arranged on the virtual LAN VLAN head and the routing information field (rif) between the content regions (data) of message.That is to say that when NFC was switch, the RIF route information field can be used for carrying redirected passage ID.
See also table 4, it is the form signal table of a message VLAN head.
Table 4
| DMAC | SMAC | 8100 | PCP|CFI|VLANID(1-4094) | Channel ID | 0800 | IP PACKET |
In table 4, be redirected passage ID and in channel ID (passage ID) field, carry.Except carrying in the channel id field is redirected the passage ID, also can in DMAC and SMAC field, carry.Preferred forms of the present invention is for to carry in the channel id field.Need to prove that be redirected the where carrying of passage ID at message, only needing to make an appointment between NFC and the IAC gets final product, and also not only is confined to carry in above-mentioned disclosed field.
Step S120 is specially:
(21) first processor of NFC will comprise the redirected channel information that is redirected rule and is redirected passage ID and be issued to first of the forwarding module at incoming interface place and redirected outgoing interface place respectively and be redirected forwarding module.
Forwarding module is preserved and is redirected channel information, and first is redirected forwarding module can directly preserve the redirected passage ID that is redirected rule and correspondence or it is kept in the redirected channel table of setting up local terminal in advance as a list item.
(22) forwarding module is forwarded to the described first redirected forwarding module after internal head is gone up in the message interpolation of the described redirected rule of coupling, and described internal head comprises that redirected passage ID and first is redirected the module I D of forwarding module correspondence.
Forwarding module whenever receives a message, analyzes described message, judges whether to mate the wherein rule in all redirected rules of preserving in advance, if the match is successful, then described message is added internal head, this message is sent to corresponding redirected forwarding module again.Described internal head can comprise redirected passage ID, source module ID, object module ID, and forwarding module can add redirected passage ID in the message to according to the form of making an appointment.Generally, internal head comprises source module ID and object module ID, after the center forwarding module receives this message, according to object module ID, described message is sent to the first corresponding redirected forwarding module.
(23) the described first redirected forwarding module will carry the message that is redirected passage ID and be sent to IAC.
The described first redirected forwarding module is sent to second of IAC with this message and is redirected forwarding module, is redirected second processor that forwarding module is sent to local terminal by second of IAC end.
Three, step S130
When receiving redirection message, IAC is by handling message according to predefined strategy, such as, message is carried out analysis and judgement, and whether it is illegal message, if, dropping packets then, otherwise return message is intact.
Because the context dependent of common meeting of predefined strategy and message.Such as, the statistics incoming interface is the number of the message of A1, analysis source IP is whether the message of 192.168.1.1 is aggressive message.For this reason, behind the redirection message that IAC receives, need find the redirected rule of this message coupling.
Disposing under the preceding two kinds of execution modes that are redirected rule, IAC parses from the redirection message that receives and is redirected passage ID, and the redirected channel table that utilizes redirected passage ID to search local terminal can be known the redirected rule of this message coupling.Being redirected rule in configuration is under the third execution mode, IAC parses from the redirection message that receives and is redirected passage ID, utilize and be redirected the redirected channel table that passage ID searches local terminal, be redirected passage ID if can find, then can know the redirected rule of this message coupling, if search less than this redirected passage ID, then IAC visit NFC obtains corresponding redirected rule.
IAC utilizes the redirected rule that restores according to predefined strategy message to be handled again: be dropping packets or return described message.If return redirection message, IAC is redirected forwarding module by second message is returned.
Receive the message that returns when first of NFC is redirected forwarding module,, search the redirected channel table that local terminal is preserved, find corresponding redirected rule according to the redirected passage ID that carries in the message.When in being redirected rule, comprising source module information and object module information, can recover the original source module information of message (as the source module ID and the incoming interface at incoming interface place), object module information (outgoing interface place go out module ID and outgoing interface).First is redirected forwarding module reorganization message is sent to message the center forwarding module again, by the center forwarding module forwarding module that message is sent to object module ID correspondence is transmitted.The reorganization message comprises will be deleted redirected passage ID, the original source module information and the object module information of message will be added in the message in the message.
Below just above-mentioned flow process is described with a specific embodiment.
The first processor of a1:NFC one of configuration be redirected rule (such as, rule is: with the message incoming interface is that PortA1, outgoing interface are that the message redirecting of PortF2 is to PortD1) time can set up a redirected passage.
The first processor of a2:NFC is redirected passage ID of each redirected channel allocation (the redirected passage ID as distribution is 10), can find the information such as redirected outgoing interface of message incoming interface, message outgoing interface, message according to this redirected passage ID.
The first processor of a3:NFC will be redirected passage ID and redirected rule is issued the forwarding module (forwarding module A) at incoming interface place, and forwarding module A preserves described redirected passage ID and is redirected rule.
The first processor of a4:NFC issues redirected channel informations such as being redirected passage ID, incoming interface, outgoing interface, redirected outgoing interface and gives the first redirected forwarding module (forwarding module D) that is redirected the outgoing interface place; This module is kept at described redirected channel information in the redirected channel table of this module, and contents in table also can comprise source module ID, object module ID.
A5: the message that coupling is redirected rule can be forwarded module stamp an internal head after, be forwarded to first again by the center forwarding module and be redirected forwarding module, comprise in this internal head and be redirected passage ID (10), source module ID (1), object module ID (4).
A6: message is redirected forwarding module by first and is sent to IAC.
A7: after message arrived IAC, IAC parsed and is redirected passage ID, visited again NFC and obtained corresponding redirected rule.
A8: message by the IAC analyzing and processing after, if the result who handles is for returning, be redirected forwarding module by second and be forwarded to the first redirected forwarding module, first is redirected out forwarding module parses redirected passage ID from message, find out corresponding source module ID (1), object module ID (6), redirected channel informations such as message outgoing interface PortF2 are issued the center forwarding module again with its internal head of forming message, and the center forwarding module can be issued message the forwarding module at outgoing interface place.
A9: the forwarding module at outgoing interface place (forwarding module F) sends message from interface PortF2, finish forwarding.
First is redirected out the module forwarding module also can not safeguard redirected channel table, the contextual information of message is directly added in the message transmit.Based on above-mentioned thinking, the invention provides another kind of reorientation method.Consider that a lot of technology points are identical with above-mentioned disclosed reorientation method, follow-up disclosed reorientation method focuses on narration and preceding difference.
See also Fig. 6, it is the method that re-oriented message correctly is transmitted that realizes in the another kind of open application architecture disclosed by the invention, and it may further comprise the steps:
The redirection message that S210:NFC will mate described redirected rule provides the IAC to appointment, the direct described redirected rule of carrying in the described redirection message;
S220: when NFC receives the redirection message that is returned by IAC, from redirection message, directly parse and be redirected rule, transmit described message.
Step 210 is specially: the first processor of (11) NFC will comprise that the redirected channel information that is redirected rule is issued to first respectively and is redirected forwarding module and forwarding module; (12) forwarding module will mate the message that is redirected rule and be forwarded to first and be redirected forwarding module; (13) the described first redirected forwarding module is sent to IAC with the described redirected rule of carrying in the described message.
Also comprise between step S210 and the step S220: handle described redirection message, determine to abandon described message and still return.
Described heavy on rule can virtual LAN VLAN head and the routing information field (rif) between the content regions (data) at message.That is to say that when NFC was switch, the RIF route information field can be used for carrying redirected rule.
More than disclosed only be several specific embodiment of the present invention, but the present invention is not limited thereto, any those skilled in the art can think variation, all should drop in protection scope of the present invention.
Claims (11)
1, a kind of method that realizes that re-oriented message correctly is transmitted, the forwarded parts NFC that is used for open application architecture correctly transmits the redirection message that separate traffic parts IAC returns, and it is characterized in that, comprising:
(1) NFC sets up when configuration is redirected rule and is redirected passage, is redirected passage ID to each redirected channel allocation one;
(2) the NFC redirection message that will mate described redirected rule provides the IAC to appointment, the corresponding redirected passage ID of carrying in the described redirection message;
(3) when NFC receives the redirection message that is returned by IAC, from redirection message, parse and be redirected passage ID, obtain corresponding redirected rule, transmit described message.
2, the method for claim 1 is characterized in that, step (2) comprising:
(21) first processor of NFC will be redirected the forwarding module and the first redirected forwarding module that rule and redirected passage ID are issued to local terminal respectively;
(22) after forwarding module goes up internal head for the redirection message interpolation of the described redirected rule of coupling, provide, comprise at least in the described internal head and be redirected passage ID to the described first redirected forwarding module;
(23) described first be redirected forwarding module and will comprise the message that is redirected passage ID and be redirected.
3, method as claimed in claim 2 is characterized in that,
Internal head also comprises object module ID in the step (22), described object module ID is the first redirected forwarding module ID, described forwarding module provides center forwarding module to NFC, described center forwarding module to utilize object module ID that described message is sent to corresponding first redirection message and is redirected forwarding module.
4, the method for claim 1 is characterized in that, also comprises between step (2) and the step (3):
IAC parses from redirection message and is redirected passage ID, and NFC obtains corresponding redirected rule by visit, and IAC utilizes the described message of described redirected rule process, perhaps
IAC searches the redirected channel table of local terminal, if find the redirected rule of described redirected passage ID correspondence, then IAC utilizes the described message of described redirected rule process, otherwise visit NFC obtains corresponding redirected rule, and described redirected passage ID and redirected rule be saved in the described redirected channel table, utilize the described message of described redirected rule process.
5, the method for claim 1 is characterized in that,
Step (1) also comprises: IAC issues to described NFC and is redirected rule, and the redirected passage ID that NFC will distribute is back to IAC, and IAC preserves the corresponding relation of described redirected rule and redirected passage ID;
Also comprise between step (2) and the step (3): IAC parses and is redirected passage ID, after obtaining to be redirected rule, handles described redirection message, determines to abandon described message and still returns described message.
6, the method for claim 1 is characterized in that, transmit described message in the step (3) and comprise: know original object module information from be redirected rule, the forwarding module that described message is offered object module information correspondence is transmitted.
7, the method for claim 1 is characterized in that, step (1) is set up and is redirected passage for determining to be redirected channel information, determines to be redirected channel information and further comprises:
By being redirected the port information of port information that rule directly finds the NFC side that corresponding IAC is connected with NFC, IAC side that IAC is connected with NFC.
8, the method for claim 1 is characterized in that,
Step (1) also comprises: NFC sets up and is redirected the corresponding relation that channel table is preserved redirected rule and is redirected passage ID;
NFC obtains the redirected rule of described redirected passage ID correspondence by searching described redirected channel table in the step (3).
9, a kind of first parts of method of application rights requirement 1 is characterized in that described first parts are forwarded parts NFC, and described NFC comprises that first processor, some forwarding modules and some first are redirected forwarding module, wherein:
First processor is used for and will comprises the described first redirected forwarding module that the redirected channel information that is redirected rule and redirected passage ID is issued to described forwarding module and appointment;
Forwarding module: be used to receive message and send message, and the message of this module of flowing through is redirected regular coupling, and the redirection message that the match is successful is sent to the appointment first redirected forwarding module;
First is redirected forwarding module: be used for sending described redirection message to IAC, and restore to the redirection message that returns after the redirected rule of described message coupling, carry out message and transmit.
10, first parts as claimed in claim 9, it is characterized in that, NFC also comprises the center forwarding module, connects first processor, forwarding module and first respectively and is redirected forwarding module, is used to set up between each forwarding module, forwarding module and first communication that is redirected between the forwarding module.
11, a kind of method that realizes that re-oriented message correctly is transmitted, the forwarded parts NFC that is used for open application architecture correctly transmits the redirection message that separate traffic parts IAC returns, and it is characterized in that, comprising:
(1) NFC will mate the redirection message that is redirected rule provides IAC to appointment, directly carries described redirected rule in the described redirection message;
(2) when NFC receives the redirection message that is returned by IAC, from redirection message, directly parse and be redirected rule, transmit described message.
Priority Applications (5)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006101386207A CN100446509C (en) | 2006-11-08 | 2006-11-08 | Method for realizing re-oriented message correctly repeat and first-part and second-part |
| US12/442,838 US9083565B2 (en) | 2006-09-25 | 2007-05-09 | Network apparatus and method for communication between different components |
| EP07721096.1A EP2068498B1 (en) | 2006-09-25 | 2007-05-09 | Method and network device for communicating between different components |
| PCT/CN2007/001523 WO2008037159A1 (en) | 2006-09-25 | 2007-05-09 | Method and network device for communicating between different components |
| US14/731,222 US9602391B2 (en) | 2006-09-25 | 2015-06-04 | Network apparatus and method for communication between different components |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006101386207A CN100446509C (en) | 2006-11-08 | 2006-11-08 | Method for realizing re-oriented message correctly repeat and first-part and second-part |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1946060A CN1946060A (en) | 2007-04-11 |
| CN100446509C true CN100446509C (en) | 2008-12-24 |
Family
ID=38045278
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2006101386207A Active CN100446509C (en) | 2006-09-25 | 2006-11-08 | Method for realizing re-oriented message correctly repeat and first-part and second-part |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100446509C (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101997820B (en) * | 2009-08-31 | 2015-01-28 | 中兴通讯股份有限公司 | Centralized serial port redirection method and system |
| CN102761472B (en) * | 2011-04-29 | 2015-07-15 | 无锡江南计算技术研究所 | Communication port and routing method thereof, communication module and concurrent transaction level simulation system |
| EP2712128B1 (en) | 2011-07-06 | 2016-01-13 | Huawei Technologies Co., Ltd. | Message processing method and related device thereof |
| CN107995188A (en) * | 2017-11-30 | 2018-05-04 | 杭州迪普科技股份有限公司 | A kind of device and method for realizing test equipment and equipment under test data transfer |
| CN107995040A (en) * | 2017-12-12 | 2018-05-04 | 盛科网络(苏州)有限公司 | A kind of method and apparatus for preserving and analyzing dropping packets |
| CN110324241B (en) * | 2018-03-30 | 2022-05-31 | 北京华为数字技术有限公司 | Flow forwarding path adjusting method, message forwarding method and device |
| CN111147473A (en) * | 2019-12-23 | 2020-05-12 | 优刻得科技股份有限公司 | Network message forwarding method, device and system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030214960A1 (en) * | 2002-05-20 | 2003-11-20 | Jong-Sang Oh | Packet redirection method for a network processor |
| WO2005013582A2 (en) * | 2003-07-29 | 2005-02-10 | Thomson Licensing S.A. | Controlling access to a network using redirection |
| CN1588945A (en) * | 2004-08-18 | 2005-03-02 | 浙江工商大学 | Route management control protocol of open programmable structure |
| CN1852251A (en) * | 2006-02-17 | 2006-10-25 | 华为技术有限公司 | Terminal system route-selecting method |
-
2006
- 2006-11-08 CN CNB2006101386207A patent/CN100446509C/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030214960A1 (en) * | 2002-05-20 | 2003-11-20 | Jong-Sang Oh | Packet redirection method for a network processor |
| WO2005013582A2 (en) * | 2003-07-29 | 2005-02-10 | Thomson Licensing S.A. | Controlling access to a network using redirection |
| CN1588945A (en) * | 2004-08-18 | 2005-03-02 | 浙江工商大学 | Route management control protocol of open programmable structure |
| CN1852251A (en) * | 2006-02-17 | 2006-10-25 | 华为技术有限公司 | Terminal system route-selecting method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1946060A (en) | 2007-04-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100446509C (en) | Method for realizing re-oriented message correctly repeat and first-part and second-part | |
| EP2725749B1 (en) | Method, apparatus and system for processing service flow | |
| CN101635702B (en) | Method for forwarding data packet using security strategy | |
| CN102263774A (en) | Method and device for processing source role information | |
| US6272640B1 (en) | Method and apparatus employing an invalid symbol security jam for communications network security | |
| CN105591974A (en) | Message processing method, device and system | |
| CN106685827A (en) | Downlink message forwarding method and AP device | |
| CN111294291A (en) | Protocol message processing method and device | |
| US7203195B2 (en) | Method for packet transferring and apparatus for packet transferring | |
| US20040028058A1 (en) | Transmission system and method thereof | |
| US9553764B2 (en) | Migration of guest bridge | |
| CN101296168A (en) | Method for chip internal link list supporting policy routing | |
| CN101827366A (en) | Method, unit and device for isolating wireless network user | |
| CN100550844C (en) | The method of reducing redirected message characteristic information | |
| CN101577647B (en) | Alarm box in support of multi-VLAN and processing method of alarming thereof | |
| CN112866143B (en) | Device and chip for realizing 802.1CB protocol | |
| WO2018028592A1 (en) | Method and device for receiving and sending messages | |
| CN100495970C (en) | Method for opening application structure system and setting communication between components in the system | |
| KR102412933B1 (en) | System and method for providing network separation service based on software-defined network | |
| CN114268596A (en) | Method for stack system damage protection based on exchange chip and application | |
| EP3731497A1 (en) | Service processing method and network device | |
| US6999450B2 (en) | Ethernet based TDM switch | |
| CN100596145C (en) | Method for linkage with other separate systems and separate systems supporting linkage | |
| WO2004102880A1 (en) | A method of transmitting message | |
| CN110945847B (en) | Method, device and system for rapidly recovering service in path switching process |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Patentee after: Xinhua three Technology Co., Ltd. Address before: 310053 Hangzhou hi tech Industrial Development Zone, Zhejiang province science and Technology Industrial Park, No. 310 and No. six road, HUAWEI, Hangzhou production base Patentee before: Huasan Communication Technology Co., Ltd. |