CN103209187B - A kind of method improving ike negotiation speed - Google Patents
A kind of method improving ike negotiation speed Download PDFInfo
- Publication number
- CN103209187B CN103209187B CN201310124261.XA CN201310124261A CN103209187B CN 103209187 B CN103209187 B CN 103209187B CN 201310124261 A CN201310124261 A CN 201310124261A CN 103209187 B CN103209187 B CN 103209187B
- Authority
- CN
- China
- Prior art keywords
- core
- service rate
- average service
- threshold value
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a kind of method improving ike negotiation speed, described method comprises: S1: in the multi-core CPU network equipment, m core is set as control core, for the treatment of control message, n core is set as data core, for carrying out forward process to message, 1 core is set for realizing message distribution; S2: arrange and control core average service rate threshold value and data core average service rate threshold value; S3: when controlling core average service rate and being more than or equal to described control core average service rate threshold value, then data core is converted to control core successively, until control core average service rate to be less than described control core average service rate threshold value.The present invention, by providing a kind of method improving ike negotiation speed, takes full advantage of the multinuclear advantage of device for multi-core, substantially increases ike negotiation speed.
Description
Technical field
The present invention relates to network security technology, particularly one improves IKE(Internetkeyexchange, IKE) method of negotiation speed.
Background technology
IKE performance testing index comprises: IPSEC(Internet protocol safety) tunnel negotiation speed, IKESA(Security Association) complete machine negotiated amount and IPSECSA complete machine negotiated amount.Current large multiple network equipment uses multicore architecture to strengthen overall performance, mainly in order to optimize the forward process function of message, seldom architecturally consider the optimization to negotiation packet processing speed, a core is fixed to process negotiation packet in multinuclear so be usually used alone when design architecture, now the forwarding performance of complete machine is higher, but command speed will be very low, cause IKE performance testing index far below monokaryon equipment.The such as core of 16 1HZ, the forwarding performance of complete machine is greater than the core of a 3HZ, if but process negotiation packet only uses a core in 16 cores, then and command speed is just well below monokaryon equipment.
Summary of the invention
(1) technical problem solved
The technical problem that the present invention solves is the multinuclear advantage how providing a kind of method can make full use of device for multi-core, particularly when tester uses high number of concurrent to consult IKE tunnel, improves ike negotiation speed.
(2) technical scheme
The invention provides a kind of method improving ike negotiation speed, described method comprises:
S1: in the multi-core CPU network equipment, arranging and controlling core number is m, and for the treatment of control message, setting data core number is n, for carrying out forward process to message, arranges 1 core for realizing message distribution; Wherein, m and n is and is greater than 0 and the difference being less than the total check figure of multi-core CPU and 1, and, m, n and 1 and be the total check figure of multi-core CPU;
S2: arrange and control core average service rate threshold value and data core average service rate threshold value;
S3: when controlling core average service rate and being more than or equal to described control core average service rate threshold value, then data core is converted to control core successively, until control core average service rate to be less than described control core average service rate threshold value; Wherein, data core is converted to successively control core for each conversion data core.
Preferably, also comprise after step S2: when data core average service rate is more than or equal to described data core average service rate threshold value, then control core is converted to data core successively, until data core average service rate is less than described data core average service rate threshold value; Wherein, control core is converted to successively data core for each conversion one control core.
Preferably, when controlling core average service rate and being more than or equal to described control core average service rate threshold value, data core average service rate is more than or equal to described data core average service rate threshold value simultaneously, then recovering to control core number is m, and data core number is n.
(3) beneficial effect
The present invention, by providing a kind of method improving ike negotiation speed, takes full advantage of the multinuclear advantage of device for multi-core, substantially increases ike negotiation speed.
Accompanying drawing explanation
Fig. 1 is method flow diagram provided by the invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described.
The invention provides a kind of method improving ike negotiation speed, as shown in Figure 1, described method comprises:
S1: in the multi-core CPU network equipment, arranging and controlling core number is m, and for the treatment of control message, realize ike negotiation, setting data core number is n, for carrying out forward process to message, arranges 1 core for realizing message distribution; Wherein, m and n is and is greater than 0 and the difference being less than the total check figure of multi-core CPU and 1, and, m, n and 1 and be the total check figure of multi-core CPU;
S2: arrange and control core average service rate threshold value and data core average service rate threshold value;
S3: when controlling core average service rate and being more than or equal to described control core average service rate threshold value, then data core is converted to control core successively, until control core average service rate to be less than described control core average service rate threshold value; Wherein, data core is converted to successively control core for each conversion data core.
Also comprise after step S2: when data core average service rate is more than or equal to described data core average service rate threshold value, then control core is converted to data core successively, until data core average service rate is less than described data core average service rate threshold value; Wherein, control core is converted to successively data core for each conversion one control core.
When controlling core average service rate and being more than or equal to described control core average service rate threshold value, data core average service rate is more than or equal to described data core average service rate threshold value simultaneously, then recovering to control core number is m, and data core number is n.
For the 16 core CPU network equipments, arranging and controlling core number is 5, setting data core number is 10, arrange 1 core for realizing message distribution, arranging and controlling core average service rate threshold value is 50%, and setting data core average service rate threshold value is 50%, when in ike negotiation process, control core average service rate and be more than or equal to 50%, then data core is converted to control core successively, until control core average service rate to be less than 50%; When data core average service rate is more than or equal to 50%, then control core is converted to data core successively, until data core average service rate is less than 50%; When control core average service rate is more than or equal to while 50%, data core average service rate is also more than or equal to 50%, then control core and data core are reverted to 5 and 10 respectively.
Above execution mode is only for illustration of the present invention; and be not limitation of the present invention; the those of ordinary skill of relevant technical field; without departing from the spirit and scope of the present invention; can also make a variety of changes and modification; therefore all equivalent technical schemes also belong to category of the present invention, and scope of patent protection of the present invention should be defined by the claims.
Claims (1)
1. improve a method for ike negotiation speed, it is characterized in that, described method comprises:
S1: in the multi-core CPU network equipment, arranging and controlling core number is m, and for the treatment of control message, setting data core number is n, for carrying out forward process to message, arranges 1 core for realizing message distribution; Wherein, m and n is and is greater than 0 and the difference being less than the total check figure of multi-core CPU and 1, and, m, n and 1 and be the total check figure of multi-core CPU;
S2: arrange and control core average service rate threshold value and data core average service rate threshold value;
S3: when controlling core average service rate and being more than or equal to described control core average service rate threshold value, then data core is converted to control core successively, until control core average service rate to be less than described control core average service rate threshold value; Wherein, data core is converted to successively control core for each conversion data core;
Also comprise after step S2: when data core average service rate is more than or equal to described data core average service rate threshold value, then control core is converted to data core successively, until data core average service rate is less than described data core average service rate threshold value; Wherein, control core is converted to successively data core for each conversion one control core;
When controlling core average service rate and being more than or equal to described control core average service rate threshold value, data core average service rate is more than or equal to described data core average service rate threshold value simultaneously, then recovering to control core number is m, and data core number is n.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310124261.XA CN103209187B (en) | 2013-04-11 | 2013-04-11 | A kind of method improving ike negotiation speed |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310124261.XA CN103209187B (en) | 2013-04-11 | 2013-04-11 | A kind of method improving ike negotiation speed |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103209187A CN103209187A (en) | 2013-07-17 |
| CN103209187B true CN103209187B (en) | 2016-01-06 |
Family
ID=48756271
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310124261.XA Expired - Fee Related CN103209187B (en) | 2013-04-11 | 2013-04-11 | A kind of method improving ike negotiation speed |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103209187B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108449252B (en) * | 2018-02-26 | 2020-11-06 | 杭州迪普科技股份有限公司 | Dump method and device for access log |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1791098A (en) * | 2004-12-13 | 2006-06-21 | 华为技术有限公司 | Method for realizing safety coalition synchronization |
| CN101197664A (en) * | 2008-01-03 | 2008-06-11 | 杭州华三通信技术有限公司 | Method, system and device for key management protocol negotiation |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100447681B1 (en) * | 2001-12-27 | 2004-09-08 | 한국전자통신연구원 | method and recorded media for union key management using IPsec |
-
2013
- 2013-04-11 CN CN201310124261.XA patent/CN103209187B/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1791098A (en) * | 2004-12-13 | 2006-06-21 | 华为技术有限公司 | Method for realizing safety coalition synchronization |
| CN101197664A (en) * | 2008-01-03 | 2008-06-11 | 杭州华三通信技术有限公司 | Method, system and device for key management protocol negotiation |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103209187A (en) | 2013-07-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102104544B (en) | Order preserving method for fragmented message flow in IP (Internet Protocol) tunnel of multi-nuclear processor with accelerated hardware | |
| CN104253767B (en) | A kind of implementation method of virtual burst network and a kind of interchanger | |
| CN103209187B (en) | A kind of method improving ike negotiation speed | |
| CN104767664B (en) | Method, apparatus and system of a kind of ring-type communication network increase and decrease from node | |
| CN108039041A (en) | A kind of high speed 4G concentrators communication module, power information acquisition system and method | |
| CN104393985A (en) | Cipher machine based on multi-NIC (network interface card) technology | |
| CN103955445B (en) | A kind of data processing method, processor and data handling equipment | |
| CN106487718A (en) | A kind of independently controlled router controls exchange system | |
| CN103036879A (en) | Method for auditing QQ chat contents | |
| CN105843046A (en) | Intelligent household electrical appliance master control communication method and system thereof | |
| CN106464990A (en) | Data processing method and apparatus | |
| CN103810142B (en) | Reconfigurable system and construction method thereof | |
| CN103188355B (en) | A kind of by judging the method for message being carried out to Dynamic Matching in advance | |
| CN105187770B (en) | A kind of image processing platform of high security | |
| CN102780642A (en) | Multichannel network message transmission method | |
| CN204168329U (en) | IAD business bidirectional protective system | |
| CN108881258B (en) | Intelligent system for safe transmission of network files | |
| CN207623968U (en) | A kind of data communication apparatus | |
| CN108062033B (en) | Industrial protocol automatic simulation test system and method based on Linux system | |
| CN202759470U (en) | Communication device for MPLS VPN data transmission | |
| CN104052748A (en) | Safety configuration method of remote control server group | |
| CN202406145U (en) | Shield programmable logic controller (PLC) remote debugging system based on virtual private network | |
| CN205249276U (en) | Data encryption management system | |
| CN103747011A (en) | High-bandwidth network safety system | |
| CN206283532U (en) | A kind of data acquisition device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20160106 Termination date: 20180411 |