CN106027393B - The classification method and device of net packet rule set - Google Patents

The classification method and device of net packet rule set Download PDF

Info

Publication number
CN106027393B
CN106027393B CN201610621506.3A CN201610621506A CN106027393B CN 106027393 B CN106027393 B CN 106027393B CN 201610621506 A CN201610621506 A CN 201610621506A CN 106027393 B CN106027393 B CN 106027393B
Authority
CN
China
Prior art keywords
significance bit
net packet
rule set
packet rule
division
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610621506.3A
Other languages
Chinese (zh)
Other versions
CN106027393A (en
Inventor
吴庆
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou DPtech Information Technology Co Ltd
Original Assignee
Hangzhou DPTech Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou DPTech Technologies Co Ltd filed Critical Hangzhou DPTech Technologies Co Ltd
Priority to CN201610621506.3A priority Critical patent/CN106027393B/en
Publication of CN106027393A publication Critical patent/CN106027393A/en
Application granted granted Critical
Publication of CN106027393B publication Critical patent/CN106027393B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/24Traffic characterised by specific attributes, e.g. priority or QoS
    • H04L47/2441Traffic characterised by specific attributes, e.g. priority or QoS relying on flow classification, e.g. using integrated services [IntServ]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/302Route determination based on requested QoS
    • H04L45/304Route determination for signalling traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/24Traffic characterised by specific attributes, e.g. priority or QoS
    • H04L47/2483Traffic characterised by specific attributes, e.g. priority or QoS involving identification of individual flows

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application is the classification method and device about net packet rule set, which comprises determines the division significance bit of preset quantity from the net packet rule set based on preset method;Division significance bit based on the preset quantity generates mask vector;The net packet rule set is divided according to the mask vector.Since multiple net packet rule sets can be converted to single net packet rule set by mask vector by the application, computation complexity is greatly reduced, therefore can solve the problem that net packet rule set classification speed is slow in the related technology.

Description

The classification method and device of net packet rule set
Technical field
This application involves field of communication technology more particularly to a kind of classification methods and device of net packet rule set.
Background technique
With the development of internet, traditional routing technology is no longer satisfied the demand of network service, therefore, net packet classification Technology is come into being.Net packet sorting technique refers to according to the information in net packet, according to preset net packet rule set (net packet rule set Including multiple net packet rules) process classified is wrapped to net.The division of net packet classifying rules by default rule collection into Row pretreatment, generates multiple rules subsets, can effectively improve search speed when net packet is classified to net packet rule, improve net Packet classification performance.
In the related technology, net packet rule set can be divided into multiple rules subsets by constructing suitable mask vector, In net packet matching, the relevant technologies can be matched only in the rules subset of hit.Since the relevant technologies can match When, filters out most of it is not possible that the matching effect of net packet can be improved in matched rule, therefore, the relevant technologies by mask vector Rate.
However, the relevant technologies are during constructing above-mentioned suitable mask vector, due to using full traversal selection Or random selection building method, there is the slow-footed disadvantage of building, therefore, when net packet rule set is excessive, the relevant technologies have very much can The classification to above-mentioned net packet rule set can not be completed within the acceptable time.
Summary of the invention
In view of this, the application provides the classification method and device of a kind of net packet rule set, to solve net in the related technology The slow problem of packet rule set classification speed.
Specifically, the application is achieved by the following technical solution:
The application provides a kind of classification method of net packet rule set, and the net packet rule set includes several net packet rules, institute Method is stated applied on the network equipment, which comprises
The division significance bit of preset quantity is determined from the net packet rule set based on preset method;
Division significance bit based on the preset quantity generates mask vector;
The net packet rule set is divided according to the mask vector.
Optionally, the division significance bit for determining preset quantity from the net packet rule set based on preset method, Include:
The division significance bit of preset quantity is successively determined from the net packet rule set based on preset method.
Optionally, described successively to determine that the division of preset quantity is effective from the net packet rule set based on preset method Position, comprising:
When the quantity of the division significance bit determined from the net packet rule set is not up to preset quantity, according to determining The net packet rule for dividing significance bit and several layers division successively being carried out to the net packet rule set, and divided from the several layers It is determined in subset and divides significance bit, until the quantity of the division significance bit determined reaches preset quantity.
Optionally, described successively to determine that the division of preset quantity is effective from the net packet rule set based on preset method Position, comprising:
The net packet rule set is divided according to each significance bit, and statistics divides obtained several nets every time respectively The subset difference of packet rules subset and the sum of the quantity of net packet rule;Wherein, the subset difference is the quantity of net packet rule The absolute value of difference;
It will be corresponding with the sum of the quantity of the smallest subset difference and the smallest net packet rule according to the statistical result Significance bit is determined as optimal significance bit;
When the existing division significance bit of the net packet rule set, subset is selected from the already present division significance bit The smallest significance bit of difference is candidate significance bit;
It is determined from the optimal significance bit and the candidate significance bit based on preset weighted factor and divides significance bit;
When in the net packet rule set there is no significance bit is divided, the optimal significance bit is determined to divide significance bit.
Optionally, it is described according to the mask vector to the net packet rule set carry out divide include:
The net packet rule in the net packet rule set is matched with the significance bit of the mask vector respectively;
The net packet rule is added in corresponding net packet rules subset according to matching result.
The application provides a kind of sorter of net packet rule set simultaneously, and the net packet rule set includes several net packet rule Then, described device is applied on the network equipment, and described device includes:
Significance bit determination unit is divided, for determining preset quantity from the net packet rule set based on preset method Divide significance bit;
Mask vector generation unit generates mask vector for the division significance bit based on the preset quantity;
Net packet rule set division unit, for being divided according to the mask vector to the net packet rule set.
Optionally, the division significance bit determination unit includes:
It divides significance bit and determines subelement, it is default for successively being determined from the net packet rule set based on preset method The division significance bit of quantity.
Optionally, the division significance bit determines that subelement is specifically used for:
When the quantity of the division significance bit determined from the net packet rule set is not up to preset quantity, according to determining The net packet rule for dividing significance bit and several layers division successively being carried out to the net packet rule set, and divided from the several layers It is determined in subset and divides significance bit, until the quantity of the division significance bit determined reaches preset quantity.
Optionally, the division significance bit determines that subelement is specifically used for:
The net packet rule set is divided according to each significance bit, and statistics divides obtained several nets every time respectively The subset difference of packet rules subset and the sum of the quantity of net packet rule;Wherein, the subset difference is the quantity of net packet rule The absolute value of difference;
It will be corresponding with the sum of the quantity of the smallest subset difference and the smallest net packet rule according to the statistical result Significance bit is determined as optimal significance bit;
When the existing division significance bit of the net packet rule set, subset is selected from the already present division significance bit The smallest significance bit of difference is candidate significance bit;
It is determined from the optimal significance bit and the candidate significance bit based on preset weighted factor and divides significance bit;
When in the net packet rule set there is no significance bit is divided, the optimal significance bit is determined to divide significance bit.
Optionally, the net packet rule set division unit is specifically used for:
The net packet rule in the net packet rule set is matched with the significance bit of the mask vector respectively;
The net packet rule is added in corresponding net packet rules subset according to matching result.
In this application, the network equipment can determine the division of preset quantity based on preset method from net packet rule set Significance bit, then, the network equipment can based on the division significance bit of the preset quantity generate mask vector, and according to the mask to Amount divides above-mentioned net packet rule set.Since multiple net packet rule sets can be converted to list by mask vector by the application A net packet rule set, greatly reduces computation complexity, slow so as to solve net packet rule set classification speed in the related technology The problem of.
Detailed description of the invention
Fig. 1 is a kind of embodiment flow chart of the classification method of net packet rule set shown in the application;
Fig. 2 is the process schematic that a kind of net packet rule set shown in the application is divided according to mask vector;
Fig. 3 is a kind of hardware structure diagram of equipment where the sorter of the application net packet rule set;
Fig. 4 is one embodiment block diagram of the sorter of the application net packet rule set.
Specific embodiment
Example embodiments are described in detail here, and the example is illustrated in the accompanying drawings.Following description is related to When attached drawing, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements.Following exemplary embodiment Described in embodiment do not represent all embodiments consistent with the application.On the contrary, they be only with it is such as appended The example of the consistent device and method of some aspects be described in detail in claims, the application.
It is only to be not intended to be limiting the application merely for for the purpose of describing particular embodiments in term used in this application. It is also intended in the application and the "an" of singular used in the attached claims, " described " and "the" including majority Form, unless the context clearly indicates other meaning.It is also understood that term "and/or" used herein refers to and wraps It may be combined containing one or more associated any or all of project listed.
It will be appreciated that though various information, but this may be described using term first, second, third, etc. in the application A little information should not necessarily be limited by these terms.These terms are only used to for same type of information being distinguished from each other out.For example, not departing from In the case where the application range, the first information can also be referred to as the second information, and similarly, the second information can also be referred to as One information.Depending on context, word as used in this " if " can be construed to " ... when " or " when ... When " or " in response to determination ".
It assume that some net packet rule set has n item net packet regular, every net packet rule has m bit, and the relevant technologies can Therefrom to select j bit, and n rule is divided into 2 according to the j bitjIn a rules subset, it is therefore an objective to so that Duplicate rule is few as much as possible in rules subset, thus 2jRule sum in a rules subset is minimum, occupied storage Space is also minimum.
For example, n=8, m=8 in above-mentioned net packet rule set, and the net packet rule set are as follows: R1:10*011*0;R2: 00011010;R3:1*1000*1;R4:11111000;R5:11*0*010;R6:11101100;R7:10*111*1;R8:1* 110001.If j=2, and that select is the 1st and the 4th, then it is available as follows after above-mentioned net packet rule set is divided As a result: 0 (bit 00) group: random;1 (bit 01) group: R2;2 (bit 10) groups: R1, R3, R5 and R6;3 (bits 11) Group: R4, R7 and R8.From this result, the net packet rule set regular sum divided at this time can be 8.
It equally assume that j=2, and that select is the 3rd and the 7th, then it, can be with after above-mentioned net packet rule set is divided Obtain following result: 0 (bit 00) group: R1 and R7;1 (bit 01) group: R1, R2, R5 and R7;2 (bit 10) groups: R1, R3, R4, R6, R7 and R8;3 (bit 11) groups: R1, R3, R5 and R7.From this result, the net packet rule set at this time by The regular sum of division can be 16.
As shown in the above, when selecting j different bits, the division for net packet rule set is also different 's.For above-mentioned net packet rule set, the 1st and the 4th bit selection rule sum is less than the 3rd and the 7th bit Selection rule sum, committed memory are less.Therefore for above-mentioned net packet rule set, the 1st and the 4th bit selection is better than the 3rd Position and the 7th bit select.
Selection for j bit, the relevant technologies give two methods: method one: 1 are first selected, so that entire net Two subsets as far as possible small that packet rule set cutting generates, then, continues to select 1 in remaining position, so that selecting at present All subsets that all cuttings out generate as far as possible small, finally selects enough position building mask vectors in this way;Method Two: first picking out the position of specified quantity at random to construct an initial vector, calculate the sub-set size under the vector cutting, so Subset situation after cutting is recalculated with the position in the position substituting vector not being selected at random afterwards, if regular number in subset Amount maximum value becomes smaller, then receives this replacement, otherwise randomly choose again, until certain the number of iterations or cutting subset meet Until it is required that.
Although the relevant technologies can be most of by filtering it is not possible that matched rule are actually needed to reduce in matched rule Complexity then, to improve matched efficiency.But there is the slow-footed feature that constructs in the relevant technologies, therefore very possible The classification to above-mentioned net packet rule set can not be completed within the acceptable time.
When the method one proposed using the relevant technologies is to select bit, the aggregate-value for dividing number is up toWith the m=104 of five-tuple (source IP address, purpose IP address, transport protocol, source port and destination port) For, it is assumed that n rule is then divided into 2 by j=1010When=1024 rules subsets, divide number add up beSince computation complexity is excessively high, it is advised when for the moment, will lead to net packet using method in the related technology The classification speed then collected is slow;When the method two proposed using the relevant technologies is to select bit, due to being j ratio of random selection Special position, then random selection result may haveKind, the dividing condition enumerated under various selections completely is extremely difficult, and same It needs largely to calculate, therefore, when using method two in the related technology, also results in the classification speed of net packet rule set Slowly.
In view of this, this application provides the classification methods and device of a kind of net packet rule set, to solve in the related technology The slow problem of net packet rule set classification speed.In this application, the network equipment can be based on preset method from net packet rule set The division significance bit of middle determining preset quantity, then, the network equipment can be generated based on the division significance bit of the preset quantity and be covered Code vector, and above-mentioned net packet rule set is divided according to the mask vector.Since the application can be incited somebody to action by mask vector Multiple net packet rule sets are converted to single net packet rule set, greatly reduce computation complexity, so as to solve the relevant technologies The slow problem of middle net packet rule set classification speed.
It referring to Figure 1, is a kind of embodiment flow chart of the classification method of net packet rule set shown in the application, the side Method is applied to the network equipment, comprising the following steps:
Step 101: determining the division significance bit of preset quantity from the net packet rule set based on preset method.
In this application, the network equipment can determine the division of preset quantity based on preset method from net packet rule set Significance bit, specifically, the network equipment can successively determine the division of preset quantity based on preset method from net packet rule set Significance bit.Wherein, which can be customized by the user setting or be network equipment default value.
In one embodiment, when the quantity of the division significance bit determined from net packet rule set is not up to preset quantity When, the network equipment successively can carry out several layers division to the net packet rule set according to determining division significance bit, and from several Layer, which divides, determines division significance bit in obtained net packet rules subset, until the quantity of the division significance bit determined reaches present count Until amount.
In the one embodiment shown, it can be assumed that above-mentioned net packet rule set are as follows: R1:10*011*0;R2: 00011010;R3:1*1000*1;R4:11110000;R5:11*0*010;R6:11101100;R7:10*111*1;R8:1* 110001.It assume that in net packet rule set there was only the 8th significance bit to divide significance bit, and preset quantity is 3, therefore have determined that The quantity of division significance bit be not up to preset quantity.At this point, the network equipment can advise above-mentioned net packet according to the 8th significance bit Then collection is divided, and obtains two net packet rules subsets: subset 1:R1:10*011*0;R2:00011010;R4: 11110000;R5:11*0*010;R6:11101100;Subset 2:R3:1*1000*1;R7:10*111*1;R8:1*110001.So Afterwards, the network equipment can determine corresponding division significance bit from subset 1 and subset 2 respectively.It assume that and determined from subset 1 Division significance bit be the 1st significance bit;The division significance bit determined from subset 2 is the 4th division significance bit, then by determining The quantity 3 of division significance bit reached preset quantity 3 it is found that the net packet rule set has determined that the division of preset quantity is effective Position, i.e., the 1st, the 4th and the 8th significance bit.
In one embodiment, the network equipment can determine net packet rule set or net packet rule according to preset method The division significance bit of collection.
The network equipment can first divide net packet rule set or net packet rules subset according to each significance bit, and respectively Statistics divides the subset difference of obtained several net packet rules subsets and the sum of the quantity of net packet rule every time, wherein subset Difference can be the absolute value of the number differences of net packet rule.
In the one embodiment shown, it can be assumed that the net packet rule set is the above-mentioned net packet rule set shown, works as root When being divided according to each significance bit to above-mentioned net packet rule set, if what the network equipment can be obtained in each division of statistics respectively After the sum of regular quantity of the subset difference and net packet of dry net packet rules subset, result as shown in Table 1 is obtained:
The serial number of the bit of division Subset difference The sum of the quantity of net packet rule
1 6 8
2 0 10
3 3 11
4 0 8
5 3 9
6 2 8
7 1 11
8 2 8
Table 1
After the statistics for completing the sum of regular quantity of subset difference and net packet to above-mentioned several net packet rules subsets, It is corresponding that the network equipment can will wrap the sum of quantity of rule according to the statistical result with the smallest subset difference and the smallest net Significance bit be determined as optimal significance bit.
In the one embodiment shown, when statistical result is as shown in table 1, it can learn that the 4th significance bit is optimal Significance bit.
After determining optimal significance bit, the network equipment may determine that the whether existing division significance bit of net packet rule set.
When the net packet rule set is there is no significance bit is divided, the network equipment can determine that the optimal significance bit has to divide Imitate position.
In the one embodiment shown, it can be assumed that it is not present in the above-mentioned net packet rule set shown and divides significance bit, Then the network equipment can determine optimal significance bit i.e. the 4th significance bit to divide significance bit.
When the existing division significance bit of the net packet rule set, the network equipment can be selected from already present division significance bit The smallest significance bit of subset difference is selected as candidate significance bit, then the network equipment can based on preset weighted factor from it is above-mentioned most It is determined in excellent significance bit and candidate significance bit and divides significance bit.
In one embodiment, the network equipment is being had based on preset weighted factor from above-mentioned optimal significance bit and candidate Imitate and determined in position when dividing significance bit, can first determine above-mentioned optimal significance bit and the corresponding subset difference of candidate significance bit with And net wraps the combined value of the sum of regular quantity, wherein the combined value can be by wrapping the sum of regular quantity point for subset difference and net Not with preset multiplied by weight, and the addition of two values that multiplied result obtains is obtained, certainly, the preset weight can by with The customized setting in family or the default value for the network equipment.
Determined above-mentioned optimal significance bit and the corresponding subset difference of candidate significance bit and net wrap regular quantity it After the combined value of sum, the network equipment can be corresponding to above-mentioned optimal significance bit or candidate significance bit according to preset weighted factor The combined value that subset difference and net wrap the sum of regular quantity is weighted.It should be noted that the preset weighted factor Weighting object and weighting size can be customized by the user setting or the default value for the network equipment.
For example, the weighting object that can preset the weighted factor is the corresponding subset difference of above-mentioned optimal significance bit and net The combined value of the sum of regular quantity is wrapped, then at this point, the size of the weighted factor can theoretically be greater than 1;It certainly, equally can be with Assuming that the weighting object of the weighted factor is that the corresponding subset difference of above-mentioned candidate significance bit and net wrap the sum of regular quantity Combined value, the then at this point, size of the weighted factor theoretically can be less than 1.According to weighted factor to it is above-mentioned it is optimal effectively After the combined value that position or the corresponding subset difference of candidate significance bit and net wrap the sum of regular quantity is weighted, net packet rule set The smaller in the two can be selected to divide significance bit.
In the one embodiment shown, it can be assumed that existing division significance bit in the above-mentioned net packet rule set shown, And the division significance bit is the 4th significance bit, then the network equipment can be according to the 4th significance bit to the above-mentioned net packet rule shown Collection is divided, and obtains following two nets packet rules subset: subset 1 ': R1:10*011*0;R3:1*1000*1;R5:11*0* 010;R6:11101100;And subset 2 ': R2:00011010;R4:11110000;R7:10*111*1;R8:1*110001.So Afterwards, the network equipment respectively can divide above-mentioned two net packet rules subset according to each significance bit, and statistics is every respectively The sum of the quantity of the secondary subset difference for dividing obtained several net packet rules subsets and net packet rule.
The network equipment is counting several net packet rules subsets for dividing obtain every time for subset 1 ' and subset 2 ' respectively Subset difference and net packet rule the sum of quantity after, the available result as shown in table 2 and table 3:
The serial number of the bit of division Subset difference The sum of the quantity of net packet rule
1 4 4
2 1 5
3 2 6
4 4 4
5 1 5
6 0 4
7 0 6
8 2 4
Table 2
The serial number of the bit of division Subset difference The sum of the quantity of net packet rule
1 2 4
2 1 5
3 1 5
4 4 4
5 2 4
6 2 4
7 1 5
8 0 4
Table 3
It when statistical result is as shown in table 2, can learn for subset 1 ', the 6th significance bit is optimal significance bit.Due to The existing division significance bit of net packet rule set, i.e. the 4th significance bit, therefore, the network equipment can determine the 4th significance bit For candidate significance bit.At this point, the network equipment can first determine optimal significance bit, i.e. the 6th significance bit, and candidate significance bit, That is the 4th significance bit, corresponding subset difference and net wrap the combined value of the sum of regular quantity.It assume that the combined value is to account for 40% net wraps the sum of regular quantity and obtains with the subset difference value for accounting for 60%, then the corresponding combined value of optimal significance bit at this time It is 1.6;The corresponding combined value of candidate significance bit is 4.
Determined above-mentioned optimal significance bit and the corresponding subset difference of candidate significance bit and net wrap regular quantity it After the combined value of sum, the network equipment can be corresponding to above-mentioned optimal significance bit or candidate significance bit according to preset weighted factor The combined value that subset difference and net wrap the sum of regular quantity is weighted.The size that assume that preset weighted factor is 1.5, weighting object is the combined value that the corresponding subset difference of above-mentioned optimal significance bit and net wrap the sum of regular quantity, then can be with Combined value after learning the corresponding weighting of optimal significance bit is 1.5*1.6=2.4.By the group after the corresponding weighting of optimal significance bit Conjunction value 2.4 is less than the corresponding combined value 4 of candidate significance bit it is found that net packet rule set can determine optimal significance bit, i.e., the 6th has Position is imitated, to divide significance bit.
After determining the 6th significance bit to divide significance bit, fixed in net packet rule set divide effectively can be determined Position is the 4th significance bit and the 6th significance bit.
It when statistical result is as shown in table 3, can learn for subset 2 ', the 8th significance bit is optimal significance bit.Due to The existing division significance bit of net packet rule set, i.e. the 4th significance bit and the 6th significance bit, therefore, the network equipment can be from Candidate's significance bit is determined in two significance bits.As shown in Table 3, son of the subset difference of the 6th significance bit than the 4th significance bit It is small to collect difference, hence, it can be determined that the 6th significance bit is candidate significance bit.Then, the network equipment can determine optimal effective Position, i.e. the 8th significance bit, and candidate significance bit, i.e. the 6th significance bit, corresponding subset difference and net wrap regular quantity The sum of combined value.It assume that the combined value is the subset difference value for accounting for the sum of 40% regular quantity of net packet with accounting for 60% It obtains, then the corresponding combined value of optimal significance bit is 1.6 at this time;The corresponding combined value of candidate significance bit is 2.8.
Determined above-mentioned optimal significance bit and the corresponding subset difference of candidate significance bit and net wrap regular quantity it After the combined value of sum, the network equipment can be corresponding to above-mentioned optimal significance bit or candidate significance bit according to preset weighted factor The combined value that subset difference and net wrap the sum of regular quantity is weighted.The size that assume that preset weighted factor is 0.6, weighting object is the combined value that the corresponding subset difference of above-mentioned candidate significance bit and net wrap the sum of regular quantity, then can be with Combined value after learning the corresponding weighting of candidate significance bit is 0.6*2.8=1.68.After the corresponding weighting of candidate significance bit Combined value 1.68 is greater than the corresponding combined value 1.6 of optimal significance bit it is found that net packet rule set can determine optimal significance bit, i.e., and the 8 significance bits, to divide significance bit.
After determining the 8th significance bit to divide significance bit, fixed in net packet rule set divide effectively can be determined Position is the 4th significance bit, the 6th significance bit and the 8th significance bit.
In the one embodiment shown, it can be assumed that the above-mentioned net packet rule set shown is corresponding to divide the pre- of significance bit If quantity is 4, then after determining the 4th, the 6th and the 8th significance bit to divide significance bit, also need to determine a division again Significance bit.At this point it is possible to first divide according to the 6th significance bit to subset 1 ', 1 ' A:R3:1*1000*1 of subset is obtained;R5: 11*0*010;And 1 ' B:R1:10*011*0 of subset;R6:11101100.Then, the network equipment can be according to each significance bit Above-mentioned two net packet rules subset is divided respectively, and statistics divides obtained several net packet rules subsets every time respectively The sum of the quantity of subset difference and net packet rule.
The network equipment is counting several net packet rules subsets for dividing obtain every time for 1 ' A of subset and 1 ' B of subset respectively Subset difference and net packet rule the sum of quantity after, the available result as shown in table 4 and table 5:
The serial number of the bit of division Subset difference The sum of the quantity of net packet rule
1 2 2
2 1 3
3 1 3
4 2 2
5 1 3
6 2 2
7 1 3
8 0 2
Table 4
Table 5
When statistical result is as shown in table 4, it can learn that, for 1 ' A of subset, the 8th significance bit is optimal significance bit.? It in the division significance bit of selection, can be learnt by table 4, the 8th significance bit is candidate significance bit, by optimal significance bit, i.e., the 8th Significance bit is identical it is found that the 8th significance bit can be determined to divide significance bit with candidate significance bit, i.e. the 8th significance bit.
Similarly, by statistical result table 5 it is found that for 1 ' B of subset, the 2nd significance bit is optimal significance bit, and the 4th Significance bit, the 6th significance bit and the 8th significance bit are all candidate significance bit, then also assume that the corresponding son of 4 significance bits The combined value that collection difference and net wrap the sum of rule quantity is the subset difference for accounting for 40% net and wrapping the sum of regular quantity and accounting for 60% Value addition obtains, then the corresponding combined value of optimal significance bit is 1.6 at this time, and the corresponding combined value of above-mentioned 3 candidate significance bits is all It is 2.
Determined above-mentioned optimal significance bit and the corresponding subset difference of candidate significance bit and net wrap regular quantity it After the combined value of sum, it can be assumed that the size of preset weighted factor is 1.2, and weighting object is that above-mentioned optimal significance bit is corresponding Subset difference and net wrap the combined value of the sum of regular quantity, the then combined value after can learning the corresponding weighting of optimal significance bit For 1.2*1.6=1.92.The corresponding combination of optimal significance bit is less than by the combined value 1.92 after the corresponding weighting of optimal significance bit Value 2 is it is found that net packet rule set can determine optimal significance bit, i.e. the 2nd significance bit, to divide significance bit.
As shown in the above, the division significance bit that above-mentioned net packet rule set determines be the 4th significance bit, the 6th effectively Position, the 8th significance bit and the 2nd significance bit.
Step 102: the division significance bit based on the preset quantity generates mask vector.
Step 103: the net packet rule set being divided according to the mask vector.
In this application, after the division significance bit of preset quantity has been determined, net packet rule can be according to the preset quantity Division significance bit generate mask vector, and net packet rule set is divided according to the mask vector.
In one embodiment, the network equipment can be respectively by the net packet rule and above-mentioned mask vector in net packet rule set Significance bit matched, and the net packet rule is added in corresponding net packet rules subset according to matching result.
In the one embodiment shown, it can be assumed that net packet rule set is the above-mentioned net packet rule set shown, then by upper Embodiment is stated it is found that the division significance bit that the net packet rule set determines is the 4th, the 6th, the 8th and the 2nd significance bit. Then net packet rule set can be as shown in Figure 2 according to the process that the mask vector that above-mentioned 4 significance bits generate is divided, wherein Fig. 2 is the process schematic that a kind of net packet rule set shown in the application is divided according to mask vector.
As shown in Figure 2, which can be divided into several from the net packet rule set comprising multiple net packet rules Net packet rule set comprising individually netting packet rule, so as to substantially reduce the complexity of calculating.
In this application, the network equipment can determine the division of preset quantity based on preset method from net packet rule set Significance bit, then, the network equipment can based on the division significance bit of the preset quantity generate mask vector, and according to the mask to Amount divides above-mentioned net packet rule set.Since multiple net packet rule sets can be converted to list by mask vector by the application A net packet rule set, greatly reduces computation complexity, slow so as to solve net packet rule set classification speed in the related technology The problem of.
Corresponding with the embodiment of classification method of aforementioned net packet rule set, present invention also provides points of net packet rule set The embodiment of class device.
The embodiment of the sorter of the application net packet rule set can be using on network devices.Installation practice can be with By software realization, can also be realized by way of hardware or software and hardware combining.Taking software implementation as an example, it is patrolled as one Device in volume meaning is by the processor of equipment where it by computer program instructions corresponding in nonvolatile memory It is read into memory what operation was formed.For hardware view, as shown in figure 3, being the sorter of the application net packet rule set A kind of hardware structure diagram of place equipment, in addition to processor shown in Fig. 3, memory, network interface and nonvolatile memory Except, the network equipment in embodiment where device can also include usually other hardware, such as be responsible for the forwarding core of processing message Piece etc..
Referring to FIG. 4, being one embodiment block diagram of the sorter of the application net packet rule set.
The apparatus may include: divide significance bit determination unit 410, mask vector generation unit 420 and net packet rule Collect division unit 430.
Wherein, significance bit determination unit 410 is divided, it is pre- for being determined from the net packet rule set based on preset method If the division significance bit of quantity;
Mask vector generation unit 420 generates mask vector for the division significance bit based on the preset quantity;
Net packet rule set division unit 430, for being divided according to the mask vector to the net packet rule set.
In an optional embodiment, the division significance bit determination unit 410 may include (not showing in Fig. 4 Out):
It divides significance bit and determines subelement, it is default for successively being determined from the net packet rule set based on preset method The division significance bit of quantity.
In an optional embodiment, the division significance bit determines that subelement can be specifically used for:
When the quantity of the division significance bit determined from the net packet rule set is not up to preset quantity, according to determining The net packet rule for dividing significance bit and several layers division successively being carried out to the net packet rule set, and divided from the several layers It is determined in subset and divides significance bit, until the quantity of the division significance bit determined reaches preset quantity.
In an optional implementation, the division significance bit determines that subelement can be specifically used for:
The net packet rule set is divided according to each significance bit, and statistics divides obtained several nets every time respectively The subset difference of packet rules subset and the sum of the quantity of net packet rule;Wherein, the subset difference is the quantity of net packet rule The absolute value of difference;
It will be corresponding with the sum of the quantity of the smallest subset difference and the smallest net packet rule according to the statistical result Significance bit is determined as optimal significance bit;
When the existing division significance bit of the net packet rule set, subset is selected from the already present division significance bit The smallest significance bit of difference is candidate significance bit;
It is determined from the optimal significance bit and the candidate significance bit based on preset weighted factor and divides significance bit;
When in the net packet rule set there is no significance bit is divided, the optimal significance bit is determined to divide significance bit.
In an optional implementation, the net packet rule set division unit 430 can be specifically used for:
The net packet rule in the net packet rule set is matched with the significance bit of the mask vector respectively;
The net packet rule is added in corresponding net packet rules subset according to matching result.
In this application, the network equipment can determine the division of preset quantity based on preset method from net packet rule set Significance bit, then, the network equipment can based on the division significance bit of the preset quantity generate mask vector, and according to the mask to Amount divides above-mentioned net packet rule set.Since multiple net packet rule sets can be converted to list by mask vector by the application A net packet rule set, greatly reduces computation complexity, slow so as to solve net packet rule set classification speed in the related technology The problem of.
The function of each unit and the realization process of effect are specifically detailed in the above method and correspond to step in above-mentioned apparatus Realization process, details are not described herein.
For device embodiment, since it corresponds essentially to embodiment of the method, so related place is referring to method reality Apply the part explanation of example.The apparatus embodiments described above are merely exemplary, wherein described be used as separation unit The unit of explanation may or may not be physically separated, and component shown as a unit can be or can also be with It is not physical unit, it can it is in one place, or may be distributed over multiple network units.It can be according to actual The purpose for needing to select some or all of the modules therein to realize application scheme.Those of ordinary skill in the art are not paying Out in the case where creative work, it can understand and implement.
The foregoing is merely the preferred embodiments of the application, not to limit the application, all essences in the application Within mind and principle, any modification, equivalent substitution, improvement and etc. done be should be included within the scope of the application protection.

Claims (6)

1. a kind of classification method of net packet rule set, which is characterized in that the net packet rule set includes several net packet rules, described Method is applied on the network equipment, which comprises
The division significance bit of preset quantity is successively determined from the net packet rule set based on preset method;
Division significance bit based on the preset quantity generates mask vector;
The net packet rule set is divided according to the mask vector, obtains the net packet that several include single net packet rule Rule set;
Wherein, the division significance bit for successively determining preset quantity from the net packet rule set based on preset method, packet It includes: the net packet rule set being divided according to each significance bit, and statistics divides obtained several net packets rule every time respectively Then the sum of the quantity of the subset difference of subset and net packet rule;Wherein, the subset difference is the number differences of net packet rule Absolute value;It will be corresponding effective with the sum of the quantity of the smallest subset difference and the smallest net packet rule according to statistical result Position is determined as optimal significance bit;It is effective from the already present division when the existing division significance bit of the net packet rule set Select the smallest significance bit of subset difference for candidate significance bit in position;Based on preset weighted factor from the optimal significance bit with And it is determined in the candidate significance bit and divides significance bit;When in the net packet rule set there is no significance bit is divided, institute is determined Optimal significance bit is stated to divide significance bit.
2. the method according to claim 1, wherein described be based on preset method from the net packet rule set Successively determine the division significance bit of preset quantity, comprising:
When the quantity of the division significance bit determined from the net packet rule set is not up to preset quantity, according to determining division Significance bit successively carries out several layers division, and the net packet rules subset divided from the several layers to the net packet rule set Middle determining division significance bit, until the quantity of the division significance bit determined reaches preset quantity.
3. the method according to claim 1, wherein it is described according to the mask vector to the net packet rule set Divide and includes:
The net packet rule in the net packet rule set is matched with the significance bit of the mask vector respectively;
The net packet rule is added in corresponding net packet rules subset according to matching result.
4. a kind of sorter of net packet rule set, which is characterized in that the net packet rule set includes several net packet rules, described Device is applied on the network equipment, and described device includes:
Significance bit determination unit is divided, for successively determining preset quantity from the net packet rule set based on preset method Divide significance bit;
Mask vector generation unit generates mask vector for the division significance bit based on the preset quantity;
Net packet rule set division unit obtains several for being divided according to the mask vector to the net packet rule set A net packet rule set comprising single net packet rule;
Wherein, the division significance bit determination unit includes:
It divides significance bit and determines subelement, for being divided according to each significance bit to the net packet rule set, and unite respectively Meter divides the subset difference of obtained several net packet rules subsets and the sum of the quantity of net packet rule every time;Wherein, the son Collection difference is the absolute value of the number differences of net packet rule;It will be with the smallest subset difference and the smallest net according to statistical result It wraps the corresponding significance bit of the sum of the quantity of rule and is determined as optimal significance bit;When the existing division significance bit of the net packet rule set When, select the smallest significance bit of subset difference for candidate significance bit from the already present division significance bit;Based on preset Weighted factor is determined from the optimal significance bit and the candidate significance bit divides significance bit;When in the net packet rule set When there is no dividing significance bit, the optimal significance bit is determined to divide significance bit.
5. device according to claim 4, which is characterized in that the division significance bit determines that subelement is specifically used for:
When the quantity of the division significance bit determined from the net packet rule set is not up to preset quantity, according to determining division Significance bit successively carries out several layers division, and the net packet rules subset divided from the several layers to the net packet rule set Middle determining division significance bit, until the quantity of the division significance bit determined reaches preset quantity.
6. device according to claim 4, which is characterized in that the net packet rule set division unit is specifically used for:
The net packet rule in the net packet rule set is matched with the significance bit of the mask vector respectively;
The net packet rule is added in corresponding net packet rules subset according to matching result.
CN201610621506.3A 2016-07-29 2016-07-29 The classification method and device of net packet rule set Active CN106027393B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610621506.3A CN106027393B (en) 2016-07-29 2016-07-29 The classification method and device of net packet rule set

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610621506.3A CN106027393B (en) 2016-07-29 2016-07-29 The classification method and device of net packet rule set

Publications (2)

Publication Number Publication Date
CN106027393A CN106027393A (en) 2016-10-12
CN106027393B true CN106027393B (en) 2019-06-07

Family

ID=57133723

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610621506.3A Active CN106027393B (en) 2016-07-29 2016-07-29 The classification method and device of net packet rule set

Country Status (1)

Country Link
CN (1) CN106027393B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1992674A (en) * 2005-12-31 2007-07-04 华为技术有限公司 Method of multi-dimensional Packet Classification based on muti-bit segmentation
CN101478551A (en) * 2009-01-19 2009-07-08 清华大学 Multi-domain network packet classification method based on multi-core processor
CN101577721A (en) * 2008-12-05 2009-11-11 湖南大学 Method for splitting Broome filter by indexes and inserting, deleting and inquiring methods thereof
CN102281196A (en) * 2011-08-11 2011-12-14 中兴通讯股份有限公司 Decision tree generating method and equipment, decision-tree-based message classification method and equipment

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7193997B2 (en) * 2001-03-19 2007-03-20 International Business Machines Corporation Packet classification

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1992674A (en) * 2005-12-31 2007-07-04 华为技术有限公司 Method of multi-dimensional Packet Classification based on muti-bit segmentation
CN101577721A (en) * 2008-12-05 2009-11-11 湖南大学 Method for splitting Broome filter by indexes and inserting, deleting and inquiring methods thereof
CN101478551A (en) * 2009-01-19 2009-07-08 清华大学 Multi-domain network packet classification method based on multi-core processor
CN102281196A (en) * 2011-08-11 2011-12-14 中兴通讯股份有限公司 Decision tree generating method and equipment, decision-tree-based message classification method and equipment

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
多维过滤规则无冲突的高速分组分类算法;杜德超 等;《电子学报》;20021130;第30卷(第11期);全文

Also Published As

Publication number Publication date
CN106027393A (en) 2016-10-12

Similar Documents

Publication Publication Date Title
CN105122745B (en) Efficient longest prefix match technology for the network equipment
US7684400B2 (en) Logarithmic time range-based multifield-correlation packet classification
US20030123456A1 (en) Methods and system for data packet filtering using tree-like hierarchy
CN110011876B (en) Sketch network measurement method based on reinforcement learning
CN109391549A (en) ECMP routing is carried out using consistency Hash
CN109766932A (en) A kind of Feature Selection method and Feature Selection device
CN104954270A (en) Techniques for aggregating hardware routing resources in a multi-packet processor networking system
Kadhe et al. Analyzing the download time of availability codes
CN104980462B (en) Distributed computing method, device and system
EP3562097B1 (en) Establishment for table entry of equal-cost path
CN108632235A (en) A kind of net packet categorised decision tree method for building up and device
CN104580202B (en) The matching process and device of message
CN106685749A (en) Network traffic checking method and network traffic checking device
US20040085911A1 (en) Method and apparatus to model routing performance
CN115297059A (en) P4-based transport layer load balancing system
CN106027393B (en) The classification method and device of net packet rule set
CN105426392A (en) Collaborative filtering recommendation method and system
CN106063228A (en) Consistent hashing using exact matching with application to hardware load balancing
CN109155008A (en) Enhanced using the feature set of knowledge engine
Wang et al. Hybrid metaheuristics for multi-objective design of water distribution systems
CN104156468B (en) API recommends method and API recommendation apparatus
CN105939266B (en) A kind of transmission method and device of message
CN114020455A (en) Arranging method and device of service functions and computer readable storage medium
CN116723143B (en) Network target range resource allocation method and system based on traffic affinity
CN110830499B (en) Network attack application detection method and system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: Binjiang District and Hangzhou city in Zhejiang Province Road 310051 No. 68 in the 6 storey building

Applicant after: Hangzhou Dipu Polytron Technologies Inc

Address before: Binjiang District and Hangzhou city in Zhejiang Province Road 310051 No. 68 in the 6 storey building

Applicant before: Hangzhou Dipu Technology Co., Ltd.

GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20210617

Address after: 310051 05, room A, 11 floor, Chung Cai mansion, 68 Tong Xing Road, Binjiang District, Hangzhou, Zhejiang.

Patentee after: Hangzhou Dip Information Technology Co.,Ltd.

Address before: 310051, 6 floor, Chung Cai mansion, 68 Tong he road, Binjiang District, Hangzhou, Zhejiang.

Patentee before: Hangzhou DPtech Technologies Co.,Ltd.