CN103384221A - Method for optimizing service precedence message fast forwarding - Google Patents
Method for optimizing service precedence message fast forwarding Download PDFInfo
- Publication number
- CN103384221A CN103384221A CN2013102574909A CN201310257490A CN103384221A CN 103384221 A CN103384221 A CN 103384221A CN 2013102574909 A CN2013102574909 A CN 2013102574909A CN 201310257490 A CN201310257490 A CN 201310257490A CN 103384221 A CN103384221 A CN 103384221A
- Authority
- CN
- China
- Prior art keywords
- fast forwarding
- message
- forwarding table
- service
- processed
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method for optimizing service precedence message fast forwarding. The method for optimizing service precedence message fast forwarding is characterized by including the following steps that S1, service is classified according to user needs, IP quintuple fast forwarding list items containing the specified service are placed into the same specified service fast forwarding list, and the IP quintuple fast forwarding list items which do not contain the specified service are placed into a common service fast forwarding list; S2, firewall equipment receives a message, each fast forwarding list item of the specified service fast forwarding list is matched first, if the matching is successful, the message is processed and forwarded, otherwise each fast forwarding list item of the common service fast forwarding list is matched, if the matching is successful, the message is processed and forwarded, and if not, the step S1 is returned and executed. After the firewall equipment receives the message, the fast forwarding lists are searched according to the service needing to be processed in the message, if the corresponding fast forwarding list containing the processing service is searched, the message is processed and forwarded, and therefore message processing efficiency is greatly improved.
Description
Technical field
The present invention relates to network communications technology field, particularly a kind of business prior message turns optimization method soon.
Background technology
In the network equipment, usually adopt quick connection table to carry out fast processing and forwarding to message, old packet-by-packet processing mode has been transformed into by the stream processing mode, greatly improved message and processed and forwarding speed.And the common network equipment is set up the fast-forwarding table by the IP five-tuple to message, this table is comprised of five elements such as the former IP address of message, purpose IP address, protocol type, former port numbers and destination slogans, judge that with this identical message of IP five-tuple carries out the processing of same action as one group of identical stream, same action has comprised message NAT transformation rule, TMA rule, AAA rule of conduct, IPSEC encryption and decryption rule etc.And concerning different users, the business that stresses is different, the user who for example has lays particular emphasis on the processing speed that TMA (flow control business) processing speed of business, the user who has lay particular emphasis on the IPSEC business, if all business are all put into same large question blank according to IP five-tuple position index, just can not distinguish each business to the speed of message, make average speed become very fast.If user's this moment only wishes fast to some Business Processing, the indifferent words of the processing speed of other business, that current network equipment just can't have been realized.
Summary of the invention
The technical problem that (one) will solve
What the present invention will solve is according to different user, and the different business demand improves the problem of message repeating efficient.
(2) technical scheme
For solving the problems of the technologies described above, the invention provides a kind of business prior message and turn soon optimization method, it is characterized in that,
Comprise the following steps:
S1: according to user's needs, business is classified, the fast forwarding table item that will comprise the IP five-tuple of specified services is put into same specified services fast forwarding table, and the IP five-tuple fast forwarding table item that does not comprise this specified services is put into the general service fast forwarding table;
S2: firewall box receives message, at first mates each the fast forwarding table item in described specified services fast forwarding table, if the match is successful, described message is processed and is forwarded; Otherwise each the fast forwarding table item in coupling general service fast forwarding table if the match is successful, is processed and is forwarded described message, otherwise, return to execution in step S1.
(3) beneficial effect
The present invention divides into groups the fast forwarding table in firewall box, according to the user, the processing speed without business module is required difference, and the IP five-tuple that will comprise specific transactions is put into same fast forwarding table, and each fast forwarding table can be carried out index according to the IP five-tuple.After receiving message, can search the IP five-tuple fast forwarding table that comprises this specific transactions according to the business of the required processing of message, search successfully this message of reprocessing, greatly save the message processing time, improve treatment effeciency.
Embodiment
The below is described in further detail the specific embodiment of the present invention.Following examples are used for explanation the present invention, but are not used for limiting the scope of the invention.
The method of present embodiment comprises the following steps:
S1: according to user's needs, business is classified, the fast forwarding table item that will comprise the IP five-tuple of specified services is put into same specified services fast forwarding table, and the IP five-tuple fast forwarding table item that does not comprise this specified services is put into the general service fast forwarding table;
S2: firewall box receives message, at first mates each the fast forwarding table item in described specified services fast forwarding table, if the match is successful, described message is processed and is forwarded; Otherwise each the fast forwarding table item in coupling general service fast forwarding table if the match is successful, is processed and is forwarded described message, otherwise, return to execution in step S1.
Such as, if the message that fire compartment wall receives need to carry out the IPSEC Business Processing, the IP five-tuple fast forwarding table that comprises whole process IP SEC business is searched, if successful search is to corresponding fast forwarding table, message is processed and forwarded, otherwise coupling general service fast forwarding table is if the match is successful, message is processed and forwarded, otherwise, set up corresponding new fast forwarding table item, newly-established fast forwarding table item is put into the fast forwarding table that comprises the IPSEC business.Again receive the message that need to carry out the IPSEC Business Processing when firewall box, directly mate the fast forwarding table that this comprises IPSEC, improved the efficient of successful coupling.
Business prior message of the present invention turns soon optimization method and adopts the method that fast forwarding table is classified and processed, after firewall box receives message, according to needing business to be processed in message, fast forwarding table is searched, if find the fast forwarding table that comprises accordingly this processing business, message is processed and forwarded, greatly improved the message treatment effeciency.
Above execution mode only is used for explanation the present invention; and be not limitation of the present invention; the those of ordinary skill in relevant technologies field; without departing from the spirit and scope of the present invention; can also make a variety of changes and modification; therefore all technical schemes that are equal to also belong to category of the present invention, and scope of patent protection of the present invention should be defined by the claims.
Claims (1)
1. a business prior message turns optimization method soon, it is characterized in that,
Comprise the following steps:
S1: according to user's needs, business is classified, the fast forwarding table item that will comprise the IP five-tuple of specified services is put into same specified services fast forwarding table, and the IP five-tuple fast forwarding table item that does not comprise this specified services is put into the general service fast forwarding table;
S2: firewall box receives message, at first mates each the fast forwarding table item in described specified services fast forwarding table, if the match is successful, described message is processed and is forwarded; Otherwise each the fast forwarding table item in coupling general service fast forwarding table if the match is successful, is processed and is forwarded described message, otherwise, return to execution in step S1.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013102574909A CN103384221A (en) | 2013-06-26 | 2013-06-26 | Method for optimizing service precedence message fast forwarding |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013102574909A CN103384221A (en) | 2013-06-26 | 2013-06-26 | Method for optimizing service precedence message fast forwarding |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103384221A true CN103384221A (en) | 2013-11-06 |
Family
ID=49491920
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2013102574909A Pending CN103384221A (en) | 2013-06-26 | 2013-06-26 | Method for optimizing service precedence message fast forwarding |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103384221A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104092612A (en) * | 2014-06-05 | 2014-10-08 | 汉柏科技有限公司 | Method and device for updating matching order of fast forwarding table |
| CN104618253A (en) * | 2015-01-22 | 2015-05-13 | 大唐移动通信设备有限公司 | Dynamically changed transmission message processing method and device |
| CN105591793A (en) * | 2015-07-07 | 2016-05-18 | 杭州华三通信技术有限公司 | Fast forwarding table item aging method and device |
| CN113132242A (en) * | 2021-03-19 | 2021-07-16 | 翱捷科技股份有限公司 | Network equipment and method for sharing sending and receiving cache |
| CN113645188A (en) * | 2021-07-07 | 2021-11-12 | 中国电子科技集团公司第三十研究所 | Data packet fast forwarding method based on security association |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1697397A (en) * | 2004-05-13 | 2005-11-16 | 华为技术有限公司 | Method for guarding against attack realized for networked devices |
| US20070133560A1 (en) * | 2005-12-07 | 2007-06-14 | Nam Kook J | Method and apparatus for processing packet in high speed router |
| CN1996948A (en) * | 2006-12-28 | 2007-07-11 | 杭州华为三康技术有限公司 | Message forwarding method and device based on the media access control layer |
| CN101753437A (en) * | 2008-12-02 | 2010-06-23 | 韩国电子通信研究院 | Method and apparatus for providing different next hop by service |
| CN101820392A (en) * | 2010-03-26 | 2010-09-01 | 中兴通讯股份有限公司 | Method for realizing multi-service forwarding and network processor |
| CN102148764A (en) * | 2011-05-09 | 2011-08-10 | 杭州华三通信技术有限公司 | Data processing method and equipment based on QoS (Quality of Service) traffic |
| CN102316012A (en) * | 2010-06-30 | 2012-01-11 | 杭州华三通信技术有限公司 | Method for realizing Internet protocol (IP) express forwarding and three-layer forwarding equipment |
| CN103095665A (en) * | 2011-11-07 | 2013-05-08 | 中兴通讯股份有限公司 | Method and device of improving firewall processing performance |
-
2013
- 2013-06-26 CN CN2013102574909A patent/CN103384221A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1697397A (en) * | 2004-05-13 | 2005-11-16 | 华为技术有限公司 | Method for guarding against attack realized for networked devices |
| US20070133560A1 (en) * | 2005-12-07 | 2007-06-14 | Nam Kook J | Method and apparatus for processing packet in high speed router |
| CN1996948A (en) * | 2006-12-28 | 2007-07-11 | 杭州华为三康技术有限公司 | Message forwarding method and device based on the media access control layer |
| CN101753437A (en) * | 2008-12-02 | 2010-06-23 | 韩国电子通信研究院 | Method and apparatus for providing different next hop by service |
| CN101820392A (en) * | 2010-03-26 | 2010-09-01 | 中兴通讯股份有限公司 | Method for realizing multi-service forwarding and network processor |
| CN102316012A (en) * | 2010-06-30 | 2012-01-11 | 杭州华三通信技术有限公司 | Method for realizing Internet protocol (IP) express forwarding and three-layer forwarding equipment |
| CN102148764A (en) * | 2011-05-09 | 2011-08-10 | 杭州华三通信技术有限公司 | Data processing method and equipment based on QoS (Quality of Service) traffic |
| CN103095665A (en) * | 2011-11-07 | 2013-05-08 | 中兴通讯股份有限公司 | Method and device of improving firewall processing performance |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104092612A (en) * | 2014-06-05 | 2014-10-08 | 汉柏科技有限公司 | Method and device for updating matching order of fast forwarding table |
| CN104618253A (en) * | 2015-01-22 | 2015-05-13 | 大唐移动通信设备有限公司 | Dynamically changed transmission message processing method and device |
| CN104618253B (en) * | 2015-01-22 | 2018-08-07 | 大唐移动通信设备有限公司 | A kind of transmitting message treating method and apparatus of dynamic change |
| CN105591793A (en) * | 2015-07-07 | 2016-05-18 | 杭州华三通信技术有限公司 | Fast forwarding table item aging method and device |
| CN105591793B (en) * | 2015-07-07 | 2019-01-18 | 新华三技术有限公司 | A kind of fast-turn construction list item aging method and device |
| CN113132242A (en) * | 2021-03-19 | 2021-07-16 | 翱捷科技股份有限公司 | Network equipment and method for sharing sending and receiving cache |
| CN113645188A (en) * | 2021-07-07 | 2021-11-12 | 中国电子科技集团公司第三十研究所 | Data packet fast forwarding method based on security association |
| CN113645188B (en) * | 2021-07-07 | 2023-05-09 | 中国电子科技集团公司第三十研究所 | Data packet rapid forwarding method based on security association |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103384221A (en) | Method for optimizing service precedence message fast forwarding | |
| CN104821890A (en) | Realization method for OpenFlow multi-level flow tables based on ordinary switch chip | |
| CN100531146C (en) | Method and device for updating stream forward table content based on the stream forward | |
| EP2849397A1 (en) | Communication system, control device, communication method, and program | |
| US9419910B2 (en) | Communication system, control apparatus, and communication method | |
| EP2858317B1 (en) | Control device, communication system, switch control method and program | |
| US20130144995A1 (en) | Control apparatus, a communication system, a communication method and a recording medium having recorded thereon a communication program | |
| CN103491095A (en) | Flow cleaning framework and device and flow lead and reinjection method | |
| US11616720B2 (en) | Packet processing method and system, and device | |
| CN105338003A (en) | Firewall implementation method applied to software defined networking | |
| CN104410541A (en) | Method and device for counting VXLAN inner layer virtual machine flux on intermediate switch | |
| US10069648B2 (en) | Communication system, control apparatus, communication control method and program | |
| CN106921572A (en) | A kind of method, apparatus and system for propagating qos policy | |
| CN103873441A (en) | Firewall safety rule optimization method and device thereof | |
| CN100484080C (en) | Routing access method, system and operator edge equipment for virtual private network | |
| CN104811384A (en) | Multilevel stream table priority adjustment method | |
| CN104202322A (en) | OpenFlow exchanger message security monitor and control method based on OpenFlow protocol | |
| CN104221335A (en) | Control device, communication device, communication system, communication method, and program | |
| CN105429881B (en) | A kind of method for forwarding multicast message and device | |
| CN102970239B (en) | Flow processing method, flow processing device, router and flow processing system | |
| CN102255816A (en) | Method and device for load sharing | |
| CN103475585A (en) | Method for refreshing fast forwarding table matching order at fixed time | |
| CN103297312A (en) | MPLS VPN (Multi-Protocol Label Switching Virtual Private Network) access method and device | |
| CN104125147B (en) | Method for realizing separation of next-hop configuration data | |
| CN103457854A (en) | Method and equipment for forwarding message |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20131106 |