CN105450792B - Port assignment method and apparatus for multinuclear forwarding network address port conversion - Google Patents
Port assignment method and apparatus for multinuclear forwarding network address port conversion Download PDFInfo
- Publication number
- CN105450792B CN105450792B CN201510980638.0A CN201510980638A CN105450792B CN 105450792 B CN105450792 B CN 105450792B CN 201510980638 A CN201510980638 A CN 201510980638A CN 105450792 B CN105450792 B CN 105450792B
- Authority
- CN
- China
- Prior art keywords
- port numbers
- port
- cpu
- unappropriated
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/2517—Translation of Internet protocol [IP] addresses using port numbers
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention proposes a kind of port assignment method and apparatus for multinuclear forwarding NAPT, which includes:After receiving message, search whether that there are unappropriated port numbers in the independent resource pond that CPU is independently occupied;If it is present determining appropriate ports number in the unappropriated port numbers, and the appropriate ports number are distributed into the message;If it does not exist, then searching whether that there are unappropriated port numbers in the shared resource pond that multinuclear shares;If there are unappropriated port numbers in the shared resource pond, appropriate ports number are determined in the unappropriated port numbers, and the appropriate ports number are distributed into the message;If unappropriated port numbers are not present in the shared resource pond, selection can use CPU, and the message is transmitted to described can use CPU processing.This method can promote the performance of multinuclear forwarding NAPT.
Description
Technical field
The present invention relates to network communication technology field more particularly to a kind of forwarding network address port conversions of multinuclear
The port assignment method and apparatus of (Network Address Port Translation, NAPT).
Background technology
NAPT is to refer to source internet protocol (Internet Protocol, IP) address conversion of data packet at another
Fixed IP address, while port address conversion (Port Address Translation, PAT) is carried out to original source port, it is main
The case where acting on slave firewall internal network access external network, the IP address that hiding internal network uses, to a certain degree
Upper guarantee private network safety.
For network security manufacturer, the realization of NAPT is exactly mainly in network address translation (Network Address
Translation, NAT) IP resource pools in select a legitimate ip address, and select a unused port numbers (1024-
65535).How it is high performance search unused port numbers, be exactly the performance-critical point of NAPT.
With the continuous development of science and technology, present fire wall generally uses multi-core processor.In the related technology, in multinuclear
It is all the port assignment strategy that NAPT is determined using the mode of locking and common lookup algorithm to forward under scene, still, this
It is to be hoisted that kind port assignment strategy so that multinuclear forwarding NAPT performances have.
Invention content
The present invention is directed to solve at least some of the technical problems in related technologies.
For this purpose, an object of the present invention is to provide a kind of port assignment method forwarding NAPT for multinuclear, the party
Method can promote the performance of multinuclear forwarding NAPT.
It is another object of the present invention to propose a kind of port assignment device forwarding NAPT for multinuclear.
In order to achieve the above objectives, the port assignment side for multinuclear forwarding NAPT that first aspect present invention embodiment proposes
Method, including:After receiving message, search whether that there are unappropriated port numbers in the independent resource pond that CPU is independently occupied;Such as
There are unappropriated port numbers in independent resource pond described in fruit, then appropriate ports are determined in the unappropriated port numbers
Number, and the appropriate ports number are distributed into the message;If unappropriated port is not present in the independent resource pond
Number, then search whether that there are unappropriated port numbers in the shared resource pond that multinuclear shares;If in the shared resource pond
There are unappropriated port numbers, then appropriate ports number are determined in the unappropriated port numbers, and by the matched end
Slogan distributes to the message;If unappropriated port numbers are not present in the shared resource pond, selection can use CPU, and will
The message can use CPU processing described in being transmitted to.
The port assignment method for multinuclear forwarding NAPT that first aspect present invention embodiment proposes, by being each
CPU distributes independent resource pond, can not interfereing with each other in NAPT resource allocations between multinuclear, performance reaches every core and linearly increases
It is long;It, can be by lower multiple by the assignment of port numbers from shared resource pond again when inadequate resource in independent resource pond
Miscellaneous degree realizes the distribution of port resource, ensures that connection can be assigned to available resource in time, to promote multinuclear forwarding
NAPT performances.
In order to achieve the above objectives, the port assignment dress for multinuclear forwarding NAPT that second aspect of the present invention embodiment proposes
It sets, including:First searching module searches whether exist after receiving message in the independent resource pond that CPU is independently occupied
Unappropriated port numbers;First distribution module, in the independent resource pond there are when unappropriated port numbers, described
Appropriate ports number are determined in unappropriated port numbers, and the appropriate ports number are distributed into the message;Second searches
Module is looked into when for unappropriated port numbers to be not present in the independent resource pond in the shared resource pond that multinuclear shares
It looks for and whether there is unappropriated port numbers;Second distribution module, for there are unappropriated ports in the shared resource pond
Number when, appropriate ports number are determined in the unappropriated port numbers, and the appropriate ports number are distributed into the report
Text;Forwarding module, when for unappropriated port numbers to be not present in the shared resource pond, selection can use CPU, and will be described
Message can use CPU processing described in being transmitted to.
The port assignment device for multinuclear forwarding NAPT that second aspect of the present invention embodiment proposes, by being each
CPU distributes independent resource pond, can not interfereing with each other in NAPT resource allocations between multinuclear, performance reaches every core and linearly increases
It is long;It, can be by lower multiple by the assignment of port numbers from shared resource pond again when inadequate resource in independent resource pond
Miscellaneous degree realizes the distribution of port resource, ensures that connection can be assigned to available resource in time, to promote multinuclear forwarding
NAPT performances.
The additional aspect of the present invention and advantage will be set forth in part in the description, and will partly become from the following description
Obviously, or practice through the invention is recognized.
Description of the drawings
Above-mentioned and/or additional aspect and advantage of the invention will become from the following description of the accompanying drawings of embodiments
Obviously and it is readily appreciated that, wherein:
Fig. 1 is the flow diagram for the port assignment method for multinuclear forwarding NAPT that one embodiment of the invention proposes;
Fig. 2 is the flow diagram for determining appropriate ports number in the embodiment of the present invention in unappropriated port numbers;
Fig. 3 is the flow diagram for judging whether the assignment of port numbers in local field in the embodiment of the present invention;
Fig. 4 is the flow signal for the port assignment method for multinuclear forwarding NAPT that another embodiment of the present invention proposes
Figure;
Fig. 5 is that the structure for the port assignment device for multinuclear forwarding NAPT that another aspect of the present invention embodiment proposes is shown
It is intended to;
Fig. 6 is that the structure for the port assignment device for multinuclear forwarding NAPT that another aspect of the present invention embodiment proposes is shown
It is intended to.
Specific implementation mode
The embodiment of the present invention is described below in detail, examples of the embodiments are shown in the accompanying drawings, wherein from beginning to end
Same or similar label indicates same or similar module or module with the same or similar functions.Below with reference to attached
The embodiment of figure description is exemplary, and is only used for explaining the present invention, and is not considered as limiting the invention.On the contrary, this
The embodiment of invention includes all changes fallen within the scope of the spiritual and intension of attached claims, modification and is equal
Object.
Fig. 1 is the flow diagram for the port assignment method for multinuclear forwarding NAPT that one embodiment of the invention proposes,
This method includes:
S11:After receiving message, search whether that there are unappropriated ports in the independent resource pond that CPU is independently occupied
Number.
For example, each central processing unit (Central Processing Unit, CPU) in corresponding multinuclear, which connects
After receiving message, first it can search whether that there are unappropriated port numbers in itself corresponding independent resource pond.
In the present embodiment, resource pool may include:Independent resource pond and shared resource pond.The number in independent resource pond with
The sum of CPU is identical, corresponding with each CPU respectively.Shared resource pond is one, is the shared resource pools of multiple CPU.
The range of port numbers is 0 to 65535, still, is referred to due to giving 0 to 1023 this range assignment in relevant regulations
Fixed service.So for NAPT, the port numbers that can essentially be used for distributing are 1024 to 65535 this ranges.
In the present embodiment, 1024 to 65535 this range are divided into independent resource pond and shared resource pond, and independent resource
The number of the port numbers occupied in pond is identical.
Assuming that CPU number for participating in forwarding is 4, respectively CPU0-CPU3, the port numbers that they can distribute and use
For 1024-65536,64512 are shared, it is assumed that shared resource pond middle-end slogan is 15360, and port numbers in addition to this are total
49152, four CPU are assigned 12288, and therefore, the case where port numbers in each resource pool is respectively:
The corresponding independent resource ponds CPU0:1024-13111;
The corresponding independent resource ponds CPU1:13312-25599;
The corresponding independent resource ponds CPU2:25600-37887;
The corresponding independent resource ponds CPU3:37888-50175;
Shared resource pond:50176-65536.
It, can first in the corresponding independent resource ponds CPU0, (port numbers be 13312- thus, it is supposed that after CPU0 receives message
25599) search whether that there are unappropriated port numbers in.
S12:If there are unappropriated port numbers in the independent resource pond, in the unappropriated port numbers really
Determine appropriate ports number, and the appropriate ports number are distributed into the message.
For example, CPU0 judges in 13312-25599 there are unappropriated port numbers then may be used within the scope of this by lookup
Therefrom to select a unappropriated port number assignment to message.
In some embodiments, referring to Fig. 2, appropriate ports number are determined in the unappropriated port numbers, including:
S21:The port numbers of sub-distribution in acquisition determine the next port adjacent with the port numbers of upper sub-distribution
Number.
For example, can be recorded to the port numbers of every sub-distribution, therefore upper sub-distribution can be obtained in recording information
Port numbers.It can be distributed since the minimum port numbers in the corresponding independent resource ponds each CPU when initial.
It is for example, the port numbers of sub-distribution are 1024 in CPU0 acquisitions, then adjacent with the port numbers of upper sub-distribution next
Port numbers are 1025.
S22:If the next port number is unassigned, the next port number is determined as appropriate ports
Number.
For example, can be recorded with the distribution condition of port number, it may thereby determine that whether port numbers are assigned.
For example, port numbers 1025 are unassigned, then port numbers 1025 can be determined as appropriate ports number, by port
Numbers 1025 distribute to message.
S23:If the next port number has been assigned, next local field is selected, is judged whether in the part
Assignment of port numbers in domain, if it is judged that the assignment of port numbers in the local field, then determination is matched in the local field
Port numbers.
For example, port numbers 1025 have been assigned, then next local field can be selected, and be suitble in next local field
When assignment of port numbers, the assignment of port numbers in next local field.
Met by the local field method of salary distribution and arrange dimension theorem (Lindburg-Levy), row dimension theorem is independent same point
The central-limit theorem of cloth sequence of random variables is that a large amount of random value cumulative distribution function understands point-wise convergence to normal distribution letter
Several limiting values.In other words, local dense is distributed, and then jumps to a point to arrange dimension distribution, and this point is also careful minute
Match.
In the present embodiment, can each Energy Resources Service be divided into multiple local fields in advance.For example, due to 0-1024 not by
It uses, 0-1024 can be set to two 2 grades of bitmaps (bitmap), exactly 2 512bitmap respectively represent resource port end
Whether used.That is, each resource pool is divided into 512 local fields.
By taking independent resource pond as an example, since the port numbers number in each independent resource pond is 12288, then each local field
Including 12288/512=24 continuous port numbers.
Each local field can indicate the service condition of the port numbers of the local field with the field of two (bit).
Two fields are properly termed as bitmap, it is assumed that are expressed as【xy】, wherein x is indicated:If continuous 24 port numbers
If all unassigned, this position is just set to 0, is otherwise set to 1.In other words it is when continuous 24 ports are all not used by
0, as long as there are one be 1 as long as being used;
Y is indicated:If continuous 24 port numbers are all assigned, this position is just set to 1, is otherwise set to 0.Change speech
Continuous 24 ports be 1 when all being used, as long as there are one it is vacant be just 0.
Therefore, the bitmap of each local field【xy】The value and meaning that can have are as follows:
Bitmap (bitmap) is【00】:This 24 bit values are not assigned, and all of the port resource is in state to be allocated.
Bitmap is【11】:For this 24 bit values all using finishing, all of the port resource is in state to be released.
Bitmap is【10】:Most of situation indicates also have port resource that can distribute, has port resource to be released.
Correspondingly, referring to Fig. 3, judge whether the assignment of port numbers in the local field, including:
S31:The corresponding bitmap of the local field is obtained, the state that the bitmap indicates includes:Own in the local field
Port numbers are in that state to be allocated, all of the port number is in state to be released, local field inside points end in the local field
Slogan is in state to be allocated and section ports number are in state to be released.
For example, CPU0 can randomly choose a local field, and obtain the bitmap of the local field.Bitmap can distinguish table
Show:
All of the port number is in state to be allocated in the local field, for example, the value of bitmap is【00】;
All of the port number is in state to be released in the local field, for example, the value of bitmap is【11】;
The local field inside points port numbers are in state to be allocated and section ports number are in state to be released, for example,
The value of bitmap is【10】.
S32:If the state that the bitmap indicates is that all of the port number is in state to be allocated in the local field, or
Person, the local field inside points port numbers are in state to be allocated and section ports number are in state to be released, then judge
Assignment of port numbers in the local field.
For example, the value of the bitmap of the local field is【00】Or【10】, then can in local field assignment of port numbers.
In the local field when assignment of port numbers, for example, will sequentially go up the next of the port numbers of sub-distribution in the local field
A port numbers are determined as appropriate ports number.
S33:If the state that the bitmap indicates is that the local field inside points port numbers are in state to be allocated and portion
Divide port numbers to be in state to be released, then judges the not assignment of port numbers in the local field.
For example, the value of the bitmap of local field is【11】, then can reselect local field and repeat S31-S32.
S13:If unappropriated port numbers are not present in the independent resource pond, in the shared resource pond that multinuclear shares
In search whether that there are unappropriated port numbers.
For example, CPU0 judges that unappropriated port numbers are not present within the scope of this in 13312-25599 by lookup, then
Further it can search whether that there are unappropriated port numbers in shared resource pond (port numbers are 50176-65536).
S14:If there are unappropriated port numbers in the shared resource pond, in the unappropriated port numbers really
Determine appropriate ports number, and the appropriate ports number are distributed into the message.
For example, CPU0 judges in 50176-65536 there are unappropriated port numbers then may be used within the scope of this by lookup
Therefrom to select a unappropriated port number assignment to message.
The mode of assignment of port numbers is referred to the method for salary distribution in independent resource pond in shared resource pond, herein no longer
It repeats.
S15:If unappropriated port numbers are not present in the shared resource pond, selection can use CPU, and by the message
CPU processing can be used described in being transmitted to.
For example, all there is no unallocated in the corresponding independent resource ponds CPU0 and shared resource pond by lookup by CPU0
Port numbers, then can select that CPU can be used, for example, can be CPU1 with CPU, then CPU0 can forward the message to CPU1, and by
CPU1 processing.
After CPU1 receives message, above-mentioned S11-S15 can be executed.
In some embodiments, referring to Fig. 4, this method can also include:
S16:Record port service condition.
For example, each CPU is in independent resource pond after assignment of port numbers, alternatively, the assignment of port numbers in shared resource pond
Afterwards, allocated port numbers (such as 1024) can be recorded.
Correspondingly, selection can may include with CPU:
S151:If unappropriated port numbers are not present in the shared resource pond, according to the port service condition of record
Calculate the weighted value of each CPU.
For example, can using a CPU in CPU0-CPU3 as configuration core, it is assumed that CPU0 be configuration core, then CPU0 into
The port service condition of each resource pool can also be counted except the above-mentioned processing of row, and calculates the weighted value of each CPU.
For example, CPU0 can count the sum of the allocated port numbers in the corresponding independent resource ponds CPU1, furthermore it is also possible to
The sum of the allocated port numbers in shared resource pond is counted, CPU0 can be total according to the two and preconfigured every later
The corresponding coefficient of a sum, calculates the corresponding weighted values of CPU1.
S152:According to the weighted value of each CPU, selection can use CPU.
For example, CPU0 can calculate the corresponding weighted values of each CPU of CPU0-CPU3, the CPU for receiving message can be looked into
The weighted value for seeing the calculated each CPU of configuration core, to which CPU can be used according to weighted value selection.Assuming that the bigger expression of weighted value
Unappropriated port number is more, then the maximum CPU of weighted value can be determined as to available CPU.
S153:The message, which is transmitted to, described can use CPU processing.
For example, the CPU for receiving message is CPU0, the weighted value by checking CPU1 is maximum, then CPU0 can be by CPU1
As CPU can be used, and forward the message to CPU1.
When E-Packeting, the message can be put into it is described can use in the corresponding internuclear queues of CPU, so as to it is described can
With CPU the message is obtained from the internuclear queue.
For example, message can be put into the corresponding internuclear queues of CPU1 by CPU0, wherein each CPU correspondences one are internuclear
Queue, each CPU, which may be used polling mode and inquire, whether there is message in itself corresponding internuclear queue, and if so, from
Message is read in internuclear queue.
In addition, in above-mentioned flow, when being handled in independent resource pond, using without lock mode, handled in shared resource pond
Shi Caiyong locks mode.For example, searching whether, there are unappropriated port numbers, to determine appropriate ports number in independent resource pond
And appropriate ports number are distributed into message, and, the flows such as port release of message are all used without lock mode, and shared
It searches whether, there are unappropriated port numbers, to determine appropriate ports number and appropriate ports number are distributed to report in resource pool
Text, and, the flows such as port release of message all use locking mode.
In the present embodiment, by distributing independent resource pond for each CPU, it can make between multinuclear in NAPT resource allocations
When do not interfere with each other, performance reaches every core linear increase;By when inadequate resource in independent resource pond again from shared resource pond
Middle assignment of port numbers can realize the distribution of port resource by lower complexity, ensure that connection can be assigned in time
Available resource.Further, search performance can be promoted by bitmap lookup, it is equal by establishing internuclear queue proof load
Weighing apparatus.Therefore, above-mentioned flow processing can promote the performance of multinuclear forwarding NAPT.It is specific as follows:
It is possible, firstly, to realize that multinuclear NAPT port assignment performance linears increase.Since port resource each participates in forwarding
Cpu can be fair the port number for assigning to equivalent amount, and do not conflict mutually between these ports.In most cases, only
Intrinsic port number that will be per core is sufficient, then when NAPT is distributed and discharged the port numbers of these fixed allocations, just not
There is competitive relation when will appear multinuclear distribution port.
Briefly, all it is constantly to be assigned when being exactly NAPT port assignments and discharging, in the case of most of
Intrinsic port resource concentrate application and release, although these operations are that multinuclear concurrently executes, because of every nuclear resource independence,
Without locking operation so that the performance of multinuclear is not influenced by locking, overall performance with cpu number linear increase.
Herein it is however emphasized that once, say it is all in most cases resource using intrinsic port why.In design
Just, the port of equivalent amount is just assigned with for each cpu for participating in forwarding;And in true network environment, the fire prevention of more cpu
For wall in the flow in handling network, network interface card uses more queue forms, flow can be assigned to multiple cpu cores by rss algorithms
Processing.In other words, when load balancing, what is used is the fixed port resource of every core, because uncontested and conflict, performance can be with
Reach multinuclear linear increase.
Secondly, it carries out port using bitmap bitmap methods and searches storage, save memory headroom.NAPT algorithms, briefly
It is exactly port assignment.For an ip resource, its port numbers to be allocated are 1024-65536, in true network environment
In, ip resource pools have that much to need the port number distributed should be exactly ip number of resources * Number of Available/Faulty Ports.
For lookup algorithm, there are many algorithms such as array method, chain technique, Hash table method, red black tree etc..However
If a large amount of memory headrooms can be occupied using algorithm as above for searching available port number, cause the waste of memory space.This
It is bitmap methods also known as bitmap method to invent the algorithm used.Judge that this port numbers is in whether a bit is 1
State is used in state or to be allocated, not only saves space, but also judge conveniently.
Again, quick localized resource lookup method.The method of port assignment of the present invention based on First Principles be just
It is secondary to search continuously, it searches be based on Local resource phase method again.Can only sequentially judge for general lookup algorithm
Whether each bitmap is used, and by taking cpu0 as an example, in the case of worst, meeting every from 1024 to 62464bit is judged,
If beginning to be used from 1, need to judge 12288 times, time complexity is O (N).
First continuity method of searching is also to use continuity method recently, is exactly sequentially to be allocated port, stream normal in this way
Measure repeating process, the port numbers of distribution be nearly all be exactly often for needing according to the sequence of time by taking cpu0 as an example sequentially
One address ip of the nat ip resource pools to be distributed, from 1024,1025,1026, up to 62464, in initial procedure, it
Nearly all sequentially increase, and with the development of time, and for the release of resource, in the case of most of,
And the resource distributed at first is discharged at first, if according to this most of situation, the release of resource is also sequentially, most
1024 first distributed first discharge, and then 1025,1026, it is ordered into 62464 backward always.At this moment the complexity searched is O (1).
However the not absolute justice of true network environment, when always having non-uniform, but the same period is built-in
Vertical connection, strictly there is a high likelihood that simultaneously switching off connection, for example same user can surf the Internet in the same period, its Shen
Continuous and local resource please may be exactly intermediate continuous 5 resource sections, and after he is offline, this continuous 5 resource section
It is released simultaneously.If during the distribution of resource and release, there is more discontinuous situation.It mainly emphasizes just
It is conception of localization, for the section of part, time based on distribution and the method that we use, the release of resource is almost in logic
All concentrate.After first lookup failure, according to the bitmap of random value and 0-1024【00】It can select next available company
Continuous resource section, after finding this available resources section, its time complexity is also almost O (1).
Again, it in load imbalance, even if there is every core independent resource, still can be provided with the port of automatic adjusument napt
The distribution in source ensures the peak use rate of port.After homegrown resource and shared resource are assigned, calculated by calculating weighted value
Go out the cpu for being used port less, forwards the message to this cpu.Since message is the cpu for being given to this resource abundance,
When message is transferred to this cpu processing, it should it can be assigned to exclusive resource, without lock when the distribution of exclusive resource,
It is also ensured that there is higher performance.By this message between cpu in transfer realize port assignment load balancing, i.e.,
It can guarantee the peak use rate of port.
For example, since flow distribution is very uneven, the intrinsic distribution port resource of lucky cpuA has been used up soon,
There is shared resource for cpuA in the present invention first to distribute, shared resource use is added and finishes, it can also be according to every nuclear resource
Service condition calculates the cpuB that message is issued resource abundance by weighted value selection, to ensure that the adaptive of port assignment, no
Will appear because being all assigned intrinsic resource per core, the deficiency of shared resource and the case where lead to not be assigned to port numbers.
In addition, above-mentioned flow can specifically include following content:
First, the efficient napt lookup algorithms based on Local resource section of multistage bit label:
(1) space complexity of Bitmap method lookup algorithms is minimum, saves memory headroom.
(2) it is based on Local resource phase method, No. port of the napt of sub-distribution and oneself place resource section on record
Resource service condition (whether completely vacant, to be used up completely complete), according to row dimension module principle, to select available resource
Section, is greatly improved the performance of lookup.
Second, adaptive multinuclear port resource distribution method:
(1) it is first distributed using independent resource, ensures the high efficiency of whole resource allocation;Homegrown resource is used in each cpu
When, while distribution and the release conditions of every core port resource can be recorded, when load imbalance, to make by the port of every core
Weighted value is calculated with situation.
(2) design shared resource pond, when pico- uneven so that every core loads, i.e., when being finished per core independent resource use,
Then by the access of locking come with this shared resource pond of other cpu competitory assignments.This step can pass through lower complexity
The distribution for realizing port resource ensures that connection can be assigned to available resource in time;
(3) internuclear queue is established, adaptive resource allocation is realized by weighted value calculating:If the above two (first
The independent resource of step and second shared resource) all be assigned finish, that is, load extremely it is unbalanced when, according to the first step
Every nuclear resource utilization rate of record calculates weighted value to select to load less cpu, this is forwarded the packet to by internuclear queue
A cpu is allocated resource, carrys out proof load equilibrium.
It especially emphasizes down, load balancing of the invention, is not that the port number assignment load that most of designers use is equal
Weighing apparatus, as soon as that is, in the accessible port numbers deficiencies of cpuA, some ends this cpuB are lent by another cpu of resource abundance
Mouthful range uses, when these by by means of port be all used finish (after normal release) after return again.This is because borrowing
Port numbers be only completely released after can just gain, though and the application of resource however discharges it is believed that control sequence
Be according to real network environment, it is uncontrollable, it is more likely that have several fragments always in these source port numbers borrowed
It can not discharge, and lead to not be returned in time.If may result in this way cpuA because load middle-end slogan deficiency after from
Resource is borrowed in cpuB, cpuA loads slowly become smaller, but because the money that resource release portion rule can not will borrow always
CpuB is returned in source, and every cpuB load downs for a moment, resource is also not enough settled because cpuA can not be returned, and leads to cpuB
Resource can not be distributed, the fact may be that the source port numbers 95% borrowed of cpuA are all released, and only the 5% of intermediate distribution is because release
Put not in time, resource caused substantially to waste, the method for reducing waste is exactly that the port range lent out every time is few, in order to and
When the probability that discharges become larger, but Resource recovery and the implementation complexity of fragment resource in this way can increase.If using such as top
Method designs, then can also be related to controlling these releases and recurrence of borrowing port resource, not only algorithm will be sufficiently complex, important
Be that can also be caused a large amount of because very possible be released for borrowing resource cannot be satisfied adaptive resource allocation not in time
Waste.
The adaptive equalization distribution design scheme of the port resource of the present invention is the port resource service condition based on every core,
It calculates weighted value and selects cpu, cpu messages are transferred to by queue in the cpu of this sufficient resource and are handled, then are greatly reduced
The complexity realized, cleverly realizes the load balancing of port assignment;This design method simultaneously, ensure that port numbers model
The maximum utilization rate enclosed will not lead to have Local resource section that can not be utilized because of the port numbers fragment not discharged, almost without
Any waste.
Third, high performance napt multinuclears distribution method design:
It is referred in second point, the first step of algorithm is exactly the independent resource distribution of every core, and port segmentations are fixed to give
Mono- section of available port of each cpu, that is to say, that at most of conditions, the distribution of NAPT is all using independent resource point
Match, what this was independently mainly emphasized is all No Assets competition between multinuclear, no lock conflict.In true network environment, mostly
Number is all balanced situation, that is, can only almost go to the first step of second point and can be assigned to resource, is provided in this step
It is independent when the distribution in source, without ensureing the safety of resource allocation by locking, also because being operated without lock so that between multinuclear
It is not interfere with each other in NAPT resource allocations, performance has reached per core linear increase.
Fig. 5 is that the structure for the port assignment device for multinuclear forwarding NAPT that another aspect of the present invention embodiment proposes is shown
It is intended to, which includes:First searching module 51, the first distribution module 52, the second searching module 53, the second distribution module 54
With forwarding module 55.
First searching module 51 searches whether to deposit after receiving message in the independent resource pond that CPU is independently occupied
In unappropriated port numbers.
For example, each central processing unit (Central Processing Unit, CPU) in corresponding multinuclear, which connects
After receiving message, first it can search whether that there are unappropriated port numbers in itself corresponding independent resource pond.
In the present embodiment, resource pool may include:Independent resource pond and shared resource pond.The number in independent resource pond with
The sum of CPU is identical, corresponding with each CPU respectively.Shared resource pond is one, is the shared resource pools of multiple CPU.
The number for the port numbers that each independent resource pond includes is identical.
The range of port numbers is 0 to 65535, still, is referred to due to giving 0 to 1023 this range assignment in relevant regulations
Fixed service.So for NAPT, the port numbers that can essentially be used for distributing are 1024 to 65535 this ranges.
In the present embodiment, 1024 to 65535 this range are divided into independent resource pond and shared resource pond, and independent resource
The number of the port numbers occupied in pond is identical.
Assuming that CPU number for participating in forwarding is 4, respectively CPU0-CPU3, the port numbers that they can distribute and use
For 1024-65536,64512 are shared, it is assumed that shared resource pond middle-end slogan is 15360, and port numbers in addition to this are total
49152, four CPU are assigned 12288, and therefore, the case where port numbers in each resource pool is respectively:
The corresponding independent resource ponds CPU0:1024-13111;
The corresponding independent resource ponds CPU1:13312-25599;
The corresponding independent resource ponds CPU2:25600-37887;
The corresponding independent resource ponds CPU3:37888-50175;
Shared resource pond:50176-65536.
It, can first in the corresponding independent resource ponds CPU0, (port numbers be 13312- thus, it is supposed that after CPU0 receives message
25599) search whether that there are unappropriated port numbers in.
First distribution module 52, for, there are when unappropriated port numbers, not dividing described in the independent resource pond
Appropriate ports number are determined in the port numbers matched, and the appropriate ports number are distributed into the message.
For example, CPU0 judges in 13312-25599 there are unappropriated port numbers then may be used within the scope of this by lookup
Therefrom to select a unappropriated port number assignment to message.
Optionally, the first distribution module 52 is used to determine appropriate ports number in the unappropriated port numbers, including:
The port numbers of sub-distribution in acquisition determine the next port number adjacent with the port numbers of upper sub-distribution;
If the next port number is unassigned, the next port number is determined as appropriate ports number;
If the next port number has been assigned, next local field is selected, is judged whether in the local field
Assignment of port numbers, if it is judged that the assignment of port numbers in the local field, then determine appropriate ports in the local field
Number.
For example, can be recorded to the port numbers of every sub-distribution, therefore upper sub-distribution can be obtained in recording information
Port numbers.It can be distributed since the minimum port numbers in the corresponding independent resource ponds each CPU when initial.
It is for example, the port numbers of sub-distribution are 1024 in CPU0 acquisitions, then adjacent with the port numbers of upper sub-distribution next
Port numbers are 1025.
For example, can be recorded with the distribution condition of port number, it may thereby determine that whether port numbers are assigned.
For example, port numbers 1025 are unassigned, then port numbers 1025 can be determined as appropriate ports number, by port
Numbers 1025 distribute to message.
For example, port numbers 1025 have been assigned, then next local field can be selected, and be suitble in next local field
When assignment of port numbers, the assignment of port numbers in next local field.
Optionally, the first distribution module 52 judges whether the assignment of port numbers in the local field for described, including:
The corresponding bitmap of the local field is obtained, the state that the bitmap indicates includes:All of the port in the local field
Number in state to be allocated, in the local field, all of the port number is in state to be released, the local field inside points port numbers
It is in state to be released in state to be allocated and section ports number;
If the state that the bitmap indicates is that all of the port number is in state to be allocated in the local field, alternatively, institute
It states that local field inside points port numbers are in state to be allocated and section ports number are in state to be released, then judges in the office
Assignment of port numbers in portion domain.
The expression of bitmap and the associated description in embodiment of the method may refer to according to bitmap judgment mode, herein no longer
It repeats.
Second searching module 53, it is total in multinuclear when for unappropriated port numbers to be not present in the independent resource pond
Search whether that there are unappropriated port numbers in some shared resource ponds.
For example, CPU0 judges that unappropriated port numbers are not present within the scope of this in 13312-25599 by lookup, then
Further it can search whether that there are unappropriated port numbers in shared resource pond (port numbers are 50176-65536).
Second distribution module 54, for, there are when unappropriated port numbers, not dividing described in the shared resource pond
Appropriate ports number are determined in the port numbers matched, and the appropriate ports number are distributed into the message.
For example, CPU0 judges in 50176-65536 there are unappropriated port numbers then may be used within the scope of this by lookup
Therefrom to select a unappropriated port number assignment to message.
Forwarding module 55, when for unappropriated port numbers to be not present in the shared resource pond, selection can use CPU,
And it the message is transmitted to described can use CPU processing.
Second distribution module 54 is used to determine appropriate ports number in the unappropriated port numbers, including:
The port numbers of sub-distribution in acquisition determine the next port number adjacent with the port numbers of upper sub-distribution;
If the next port number is unassigned, the next port number is determined as appropriate ports number;
If the next port number has been assigned, next local field is selected, is judged whether in the local field
Assignment of port numbers, if it is judged that the assignment of port numbers in the local field, then determine appropriate ports in the local field
Number.
The mode of assignment of port numbers is referred to the method for salary distribution in independent resource pond in shared resource pond, herein no longer
It repeats.
In some embodiments, referring to Fig. 6, which further includes:
Logging modle 56, for recording port service condition.
For example, each CPU is in independent resource pond after assignment of port numbers, alternatively, the assignment of port numbers in shared resource pond
Afterwards, allocated port numbers (such as 1024) can be recorded.
Correspondingly, forwarding module 55 can use CPU for selecting, including:
The weighted value of each CPU is calculated according to the port service condition of record;
According to the weighted value of each CPU, determination can use CPU.
For example, can using a CPU in CPU0-CPU3 as configuration core, it is assumed that CPU0 be configuration core, then CPU0 into
The port service condition of each resource pool can also be counted except the above-mentioned processing of row, and calculates the weighted value of each CPU.
For example, CPU0 can count the sum of the allocated port numbers in the corresponding independent resource ponds CPU1, furthermore it is also possible to
The sum of the allocated port numbers in shared resource pond is counted, CPU0 can be total according to the two and preconfigured every later
The corresponding coefficient of a sum, calculates the corresponding weighted values of CPU1.
For example, CPU0 can calculate the corresponding weighted values of each CPU of CPU0-CPU3, the CPU for receiving message can be looked into
The weighted value for seeing the calculated each CPU of configuration core, to which CPU can be used according to weighted value selection.Assuming that the bigger expression of weighted value
Unappropriated port number is more, then the maximum CPU of weighted value can be determined as to available CPU.
Forwarding module be used for by the message be transmitted to it is described can use CPU processing, including:
By the message be put into it is described can use in the corresponding internuclear queues of CPU, so as to it is described with CPU from the internuclear team
The message is obtained in row.
The port number that the corresponding independent resource pond each CPU includes in multinuclear is identical.
For example, the CPU for receiving message is CPU0, the weighted value by checking CPU1 is maximum, then CPU0 can be by CPU1
As CPU can be used, and forward the message to CPU1.
When E-Packeting, the message can be put into it is described can use in the corresponding internuclear queues of CPU, so as to it is described can
With CPU the message is obtained from the internuclear queue.
For example, message can be put into the corresponding internuclear queues of CPU1 by CPU0, wherein each CPU correspondences one are internuclear
Queue, each CPU, which may be used polling mode and inquire, whether there is message in itself corresponding internuclear queue, and if so, from
Message is read in internuclear queue.
In addition, the first searching module and the first distribution module be in processing, using without lock mode, the second searching module and the
Two distribution modules use locking mode in processing.
In the present embodiment, by distributing independent resource pond for each CPU, it can make between multinuclear in NAPT resource allocations
When do not interfere with each other, performance reaches every core linear increase;By when inadequate resource in independent resource pond again from shared resource pond
Middle assignment of port numbers can realize the distribution of port resource by lower complexity, ensure that connection can be assigned in time
Available resource forwards NAPT performances to promote multinuclear.Further, search performance can be promoted by bitmap lookup, led to
It crosses and establishes internuclear queue proof load equilibrium.
It should be noted that in the description of the present invention, term " first ", " second " etc. are used for description purposes only, without
It can be interpreted as indicating or implying relative importance.In addition, in the description of the present invention, unless otherwise indicated, the meaning of " multiple "
Refer at least two.
Any process described otherwise above or method description are construed as in flow chart or herein, and expression includes
It is one or more for realizing specific logical function or process the step of executable instruction code module, segment or portion
Point, and the range of the preferred embodiment of the present invention includes other realization, wherein can not press shown or discuss suitable
Sequence, include according to involved function by it is basic simultaneously in the way of or in the opposite order, to execute function, this should be of the invention
Embodiment person of ordinary skill in the field understood.
It should be appreciated that each section of the present invention can be realized with hardware, software, firmware or combination thereof.Above-mentioned
In embodiment, software that multiple steps or method can in memory and by suitable instruction execution system be executed with storage
Or firmware is realized.It, and in another embodiment, can be under well known in the art for example, if realized with hardware
Any one of row technology or their combination are realized:With the logic gates for realizing logic function to data-signal
Discrete logic, with suitable combinational logic gate circuit application-specific integrated circuit, programmable gate array (PGA), scene
Programmable gate array (FPGA) etc..
Those skilled in the art are appreciated that realize all or part of step that above-described embodiment method carries
Suddenly it is that relevant hardware can be instructed to complete by program, the program can be stored in a kind of computer-readable storage medium
In matter, which includes the steps that one or a combination set of embodiment of the method when being executed.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing module, it can also
That each unit physically exists alone, can also two or more units be integrated in a module.Above-mentioned integrated mould
The form that hardware had both may be used in block is realized, can also be realized in the form of software function module.The integrated module is such as
Fruit is realized in the form of software function module and when sold or used as an independent product, can also be stored in a computer
In read/write memory medium.
Storage medium mentioned above can be read-only memory, disk or CD etc..
In the description of this specification, reference term " one embodiment ", " some embodiments ", " example ", " specifically show
The description of example " or " some examples " etc. means specific features, structure, material or spy described in conjunction with this embodiment or example
Point is included at least one embodiment or example of the invention.In the present specification, schematic expression of the above terms are not
Centainly refer to identical embodiment or example.Moreover, particular features, structures, materials, or characteristics described can be any
One or more embodiments or example in can be combined in any suitable manner.
Although the embodiments of the present invention has been shown and described above, it is to be understood that above-described embodiment is example
Property, it is not considered as limiting the invention, those skilled in the art within the scope of the invention can be to above-mentioned
Embodiment is changed, changes, replacing and modification.
Claims (8)
1. a kind of port assignment method for multinuclear forwarding NAPT, which is characterized in that including:
After receiving message, search whether that there are unappropriated port numbers in the independent resource pond that CPU is independently occupied;
If there are unappropriated port numbers in the independent resource pond, determination is matched in the unappropriated port numbers
Port numbers, and the appropriate ports number are distributed into the message;
If unappropriated port numbers are not present in the independent resource pond, being searched in the shared resource pond that multinuclear shares is
It is no that there are unappropriated port numbers;
If there are unappropriated port numbers in the shared resource pond, determination is matched in the unappropriated port numbers
Port numbers, and the appropriate ports number are distributed into the message;
If unappropriated port numbers are not present in the shared resource pond, selection can use CPU, and the message is transmitted to institute
State available CPU processing;
The appropriate ports number determining in the unappropriated port numbers, including:
The port numbers of sub-distribution in acquisition determine the next port number adjacent with the port numbers of upper sub-distribution;
If the next port number is unassigned, the next port number is determined as appropriate ports number;
If the next port number has been assigned, next local field is selected, judges whether to distribute in the local field
Port numbers, if it is judged that the assignment of port numbers in the local field, then determine appropriate ports number in the local field.
2. according to the method described in claim 1, it is characterized in that, described judge whether to distribute port in the local field
Number, including:
The corresponding bitmap of the local field is obtained, the state that the bitmap indicates includes:In the local field at all of the port number
In all of the port number in state to be allocated, the local field is in state to be released, the local field inside points port numbers are in
State to be allocated and section ports number are in state to be released;
If the state that the bitmap indicates is that all of the port number is in state to be allocated in the local field, alternatively, the office
Portion domain inside points port numbers are in state to be allocated and section ports number are in state to be released, then judge in the local field
Middle assignment of port numbers.
3. according to the method described in claim 1, it is characterized in that, by the appropriate ports number distribute to the message it
Afterwards, the method further includes:
Record port service condition;
The selection can use CPU, including:
The weighted value of each CPU is calculated according to the port service condition of record;
According to the weighted value of each CPU, selection can use CPU.
4. according to the method described in claim 1, it is characterized in that, described be transmitted to the message described can be carried out with CPU
Processing, including:
By the message be put into it is described can use in the corresponding internuclear queues of CPU, so as to it is described with CPU from the internuclear queue
Obtain the message.
5. according to claim 1-4 any one of them methods, which is characterized in that the corresponding independent resources of each CPU in multinuclear
The port number that pond includes is identical.
6. according to claim 1-4 any one of them methods, which is characterized in that when being handled in independent resource pond, using nothing
Lock mode uses locking mode when being handled in shared resource pond.
7. a kind of port assignment device for multinuclear forwarding NAPT, which is characterized in that including:
First searching module searches whether to exist in the independent resource pond that CPU is independently occupied and not divide after receiving message
The port numbers matched;
First distribution module, in the independent resource pond there are when unappropriated port numbers, at the unappropriated end
Appropriate ports number are determined in slogan, and the appropriate ports number are distributed into the message;
Second searching module when for unappropriated port numbers to be not present in the independent resource pond, is total to what multinuclear shared
Have and searches whether that there are unappropriated port numbers in resource pool;
Second distribution module, in the shared resource pond there are when unappropriated port numbers, at the unappropriated end
Appropriate ports number are determined in slogan, and the appropriate ports number are distributed into the message;
Forwarding module, when for unappropriated port numbers to be not present in the shared resource pond, selection can use CPU, and by institute
Stating message and being transmitted to described can use CPU processing;
First distribution module or second distribution module are used to determine matched end in the unappropriated port numbers
Slogan, including:
The port numbers of sub-distribution in acquisition determine the next port number adjacent with the port numbers of upper sub-distribution;
If the next port number is unassigned, the next port number is determined as appropriate ports number;
If the next port number has been assigned, next local field is selected, judges whether to distribute in the local field
Port numbers, if it is judged that the assignment of port numbers in the local field, then determine appropriate ports number in the local field.
8. device according to claim 7, which is characterized in that further include:
Logging modle, for recording port service condition;
The forwarding module can use CPU for selecting, including:
The weighted value of each CPU is calculated according to the port service condition of record;And the weighted value according to each CPU, selection can
Use CPU.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510980638.0A CN105450792B (en) | 2015-12-23 | 2015-12-23 | Port assignment method and apparatus for multinuclear forwarding network address port conversion |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510980638.0A CN105450792B (en) | 2015-12-23 | 2015-12-23 | Port assignment method and apparatus for multinuclear forwarding network address port conversion |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105450792A CN105450792A (en) | 2016-03-30 |
| CN105450792B true CN105450792B (en) | 2018-09-14 |
Family
ID=55560555
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510980638.0A Active CN105450792B (en) | 2015-12-23 | 2015-12-23 | Port assignment method and apparatus for multinuclear forwarding network address port conversion |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105450792B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105760235B (en) * | 2016-03-22 | 2019-05-07 | 新华三技术有限公司 | Message processing method and device |
| CN106131244A (en) * | 2016-08-29 | 2016-11-16 | 北京神州绿盟信息安全科技股份有限公司 | A kind of message transmitting method and device |
| CN106254577B (en) * | 2016-09-18 | 2019-04-19 | 东软集团股份有限公司 | The method and device of port assignment |
| CN108363621B (en) * | 2018-01-18 | 2020-09-01 | 东软集团股份有限公司 | Message forwarding method and device under numa architecture, storage medium and electronic equipment |
| CN108494623B (en) * | 2018-03-14 | 2020-07-10 | 东软集团股份有限公司 | Performance test method and device of network forwarding device |
| CN109167846B (en) * | 2018-08-02 | 2022-01-25 | 杭州迪普科技股份有限公司 | Communication port allocation method and device |
| CN111385363B (en) * | 2020-03-17 | 2020-12-22 | 杭州优云科技有限公司 | Resource allocation method and resource allocation device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101110043A (en) * | 2007-09-04 | 2008-01-23 | 杭州华三通信技术有限公司 | Resource management method of multiple nucleus system and its controlling nucleus |
| CN101510191A (en) * | 2009-03-26 | 2009-08-19 | 浙江大学 | Multi-core system structure with buffer window and implementing method thereof |
| CN103150217A (en) * | 2013-03-27 | 2013-06-12 | 无锡江南计算技术研究所 | Design method of multi-core processor operating system |
-
2015
- 2015-12-23 CN CN201510980638.0A patent/CN105450792B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101110043A (en) * | 2007-09-04 | 2008-01-23 | 杭州华三通信技术有限公司 | Resource management method of multiple nucleus system and its controlling nucleus |
| CN101510191A (en) * | 2009-03-26 | 2009-08-19 | 浙江大学 | Multi-core system structure with buffer window and implementing method thereof |
| CN103150217A (en) * | 2013-03-27 | 2013-06-12 | 无锡江南计算技术研究所 | Design method of multi-core processor operating system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105450792A (en) | 2016-03-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105450792B (en) | Port assignment method and apparatus for multinuclear forwarding network address port conversion | |
| US11005815B2 (en) | Priority allocation for distributed service rules | |
| US10135727B2 (en) | Address grouping for distributed service rules | |
| CN109587168B (en) | Network function deployment method based on mimicry defense in software defined network | |
| CN102752198B (en) | Multi-core message forwarding method, multi-core processor and network equipment | |
| CN110603559A (en) | System and method for parallel validation of blockchain transactions | |
| CN112669155B (en) | Block chain-based transaction distribution execution method, device server and storage medium | |
| US8527988B1 (en) | Proximity mapping of virtual-machine threads to processors | |
| CN106095531B (en) | A kind of dispatching method of virtual machine loaded based on grade and physical machine in cloud platform | |
| CN109040184A (en) | A kind of electoral machinery and server of host node | |
| CN108494685A (en) | Optimal embedding method of service chain in multicast routing | |
| CN108694083B (en) | Data processing method and device for server | |
| CN106936931A (en) | The implementation method of distributed lock, relevant device and system | |
| CN113242553B (en) | Malicious node detection method based on block chain fragmentation | |
| CN109245915B (en) | Method and system for realizing server set balanced allocation | |
| Bhuyan | Analysis of interconnection networks with different arbiter designs | |
| CN103414756B (en) | A kind of task distribution method, distribution node and system | |
| JP5969340B2 (en) | Resource management system, resource management method, and resource management program | |
| CN113034121A (en) | Red packet distribution method and device based on instant chat tool and server | |
| CN112748996A (en) | Load balancing strategy method and system of non-centralized topology system | |
| CN106878356B (en) | Scheduling method and computing node | |
| Balhara et al. | Leader election algorithms in distributed systems | |
| US10114567B1 (en) | Data processing system with efficient path selection for storage I/O operations | |
| Tkatek et al. | A hybrid heuristic method to solve an assignment problem of human resource | |
| US20170262316A1 (en) | Allocation of resources |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |