Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
For the convenience of clearly describing the technical solutions of the embodiments of the present invention, in the embodiments of the present invention, the words "first", "second", and the like are used to distinguish the same items or similar items with basically the same functions or actions, and those skilled in the art can understand that the words "first", "second", and the like do not limit the quantity and execution order.
An embodiment of the present invention provides a network architecture, specifically referring to fig. 1, where the network architecture includes: the system comprises a server, a Wireless Access Point (AP) device and a terminal device, wherein: the AP devices include, but are not limited to, AP1 and AP2, and the terminal devices include, but are not limited to: terminal 1, terminal 2, terminal 3, terminal 4, and terminal 5. As is apparent from fig. 1, the terminals 1, 2, and 3 are in data connection with the AP1, the terminals 4 and 5 are in data connection with the AP2, and the data connection between the terminal device and the AP device may be wired or wireless. Taking AP1 as an example, terminal 1 is connected to AP1 by wire, and terminal 2 and terminal 3 are connected to AP1 by wireless.
Based on the network architecture diagram shown in fig. 1, the following describes forwarding of a downlink packet provided in the embodiment of the present invention, that is, forwarding of a packet from a server to a terminal through an AP1 or an AP2, where the forwarding methods of the downlink packet in the AP1 and the AP2 are the same, and the following description takes an AP1 as an example.
An embodiment of the present invention provides a method for forwarding a downlink packet, where as shown in fig. 2, the method includes:
201. and filtering the message to be forwarded from the received downlink message.
The destination MAC address of the filtered message to be forwarded points to the AP equipment or the terminal equipment in data connection with the AP equipment or the destination MAC address of the message to be forwarded is not a unicast address in the embodiment of the invention. For example, referring to the architecture diagram shown in fig. 1, taking AP1 as an example, the destination address of the packet to be forwarded is pointed to AP1 itself or terminal 1, terminal 2, or terminal 3 connected to AP1, or the packet to be forwarded is sent to the entire network or a network segment (i.e., the destination MAC address of the packet to be forwarded is not a unicast address).
Preferably, the step 201 includes the following steps:
201a, searching whether a destination MAC address of the downlink message exists in the terminal address interface table.
a1, if the destination MAC address exists in the terminal address interface table or the destination MAC address is the MAC address of the wireless AP equipment or the destination MAC address is not a unicast address, the downlink message is the message to be forwarded.
a2, if the destination MAC address does not exist in the terminal address interface table, and the destination MAC address is not the MAC address of the wireless AP device and the destination MAC is the unicast address, discarding the downlink message.
The terminal address interface table in the embodiment of the present invention includes an MAC address of a terminal in data connection with the AP device and an interface of the AP device corresponding to the MAC address of the terminal. The updating of the contents of the terminal address interface table is triggered by the action of the terminal connecting to or disconnecting from the AP device.
Exemplarily, in the above process, the to-be-forwarded message is filtered, taking AP1 in fig. 1 as an example, the destination MAC address of the downlink message is the MAC address of the terminal 4, and since the terminal 4 is not a terminal device on AP1, the destination MAC address does not exist in the terminal address interface table of AP1, and the destination MAC address is not AP1 itself, and the destination MAC address is a unicast address, the message needs to be discarded, so that the purpose of discarding the unknown message as soon as possible is achieved, and CPU resources are prevented from being wasted.
Optionally, when the downlink message is an ipv6 message, the step 201 may be replaced by: the ipv6 message is filtered by the message protocol number.
202. And determining a forwarding strategy of the message to be forwarded.
Preferably, the step 202 specifically includes the following steps:
202a1, looking up whether there is destination MAC address of message to be forwarded in the terminal address interface table.
202a2, if the destination MAC address of the message to be forwarded does not exist in the terminal address interface table, the message to be forwarded is forwarded by adopting a conventional forwarding strategy.
202a3, if the destination MAC address of the message to be forwarded exists in the terminal address interface table, matching the quintuple information of the message to be forwarded with a matching item in the flow table, and determining a target matching item successfully matched in the flow table, wherein the matching item comprises at least one item in the quintuple information; and acquiring a forwarding strategy corresponding to the target matching item from the flow table.
The message to be forwarded includes three types, which are respectively: a message to be forwarded to a terminal device in data connection with the AP device, a message to be forwarded to the AP device itself, and a message to be forwarded whose destination MAC address is not a unicast address, wherein: the latter two types of messages need to be forwarded by using a conventional forwarding policy, the first type of message needs to query the flow table to forward the type of message to be forwarded according to the forwarding policy corresponding to the matching entry in the flow table, and for example, the step 202 specifically includes the following contents:
202b1, if the destination MAC address of the message to be forwarded points to the AP device itself or the destination MAC address of the message to be forwarded is not a unicast address, forwarding the message to be forwarded by using a conventional forwarding policy.
202b2, if the destination MAC address of the to-be-forwarded packet points to the terminal device connected to the AP device, matching the five-tuple information of the to-be-forwarded packet with the matching entry in the flow table, and determining a target matching entry successfully matched in the flow table, where the matching entry includes at least one of the five-tuple information; and acquiring a forwarding strategy corresponding to the target matching item from the flow table.
Optionally, in the above steps 202a3 and 202b2, the forwarding policy may also be determined by using a triplet or other information of the packet to be forwarded. The matching using quintuple is just the best solution given here.
Optionally, the flow table is a basis for shunting the downlink packet, and the table entry records a matching entry and a forwarding policy of the packet. In order to improve the shunting efficiency, the message matching is only carried out according to the five-tuple (protocol, source IP, destination IP, source port and destination port) of the message, the forwarding method is also divided into three types, namely fast forwarding, original forwarding and discarding, and the more precise strategy control of the message is realized by a strategy control system in bridge forwarding.
Illustratively, the table entries in the flow table are related to the rules in the policy control system, so as to ensure that the messages to be forwarded, which need to be processed by the policy control system, are always forwarded according to the bridge, and thus the policy control on the messages will not be affected. Meanwhile, the flow table cannot control the message to be forwarded more finely, which inevitably causes part of the message which is not necessarily processed by the policy control system to be processed according to the bridge forwarding flow, for example when the policy control system needs to process a dns response message to the terminal associated with the wlan1 interface of the AP device, since the flow table just matches the packet quintuple, it may not be possible to determine whether the packet to be forwarded is to the wlan1 interface according to the packet quintuple, therefore, the dns response messages to other wlan interfaces can only be forwarded according to the bridge, although the flow table design principle is to make as few messages as possible forwarded according to the bridge forwarding flow on the premise of ensuring that the policy control function is not affected, and most of messages are still processed according to a fast forwarding mode, and the messages are not processed by the bridge forwarding, so that the messages are not influenced by a policy control system.
203. And if the forwarding strategy of the message to be forwarded is a quick forwarding strategy and the MAC address of the terminal matched with the destination MAC address of the message to be forwarded exists in the terminal address interface table, sending the message to be forwarded out of the interface of the AP equipment corresponding to the MAC address of the terminal.
For example, taking AP1 as an example, the specific contents in the terminal address interface table can refer to table 1 below.
TABLE 1
It should be noted that the content in table 1 is not limited to the above 3 terminals, and the interface of the AP1 corresponding to the MAC address of the terminal is only described by way of example here, and in a specific application, the number of terminal devices connected to the AP device is taken as the standard, and the interface of the AP1 corresponding to the MAC address of the terminal is also taken as the standard of the specifically connected interface.
Illustratively, when the determined forwarding policy of the to-be-forwarded message is a fast forwarding policy, and the MAC address of the terminal 1 is found to be matched with the destination MAC address of the to-be-forwarded message in table 1, the to-be-forwarded message is directly sent out according to the wired interface a1 of the AP device corresponding to the MAC address of the terminal 1, so that the to-be-forwarded message does not need to be forwarded through a lengthy bridge, thereby increasing the forwarding rate of the message.
204. If the forwarding strategy of the message to be forwarded is a conventional forwarding strategy, submitting the message to be forwarded to a protocol stack for bridge forwarding processing.
Illustratively, the bridge forwarding principle described above is as follows: the principle of the bridge forwarding is similar to that of a two-layer switch, a plurality of network interfaces are organized together to form a logical bridge, an AP device can create a plurality of bridges, but each network interface can only be added to one bridge, and each bridge has a respective bridge forwarding table. When a message enters a device from a certain network interface, whether the message enters a bridge for forwarding is determined according to whether the network interface is added with the bridge. In the process of bridge forwarding, firstly, a bridge forwarding table is updated according to an incoming interface and a source MAC address of a message, then an interface is found in the bridge forwarding table by using a destination MAC address of the message, if the outgoing interface is found successfully, the message is sent from the corresponding outgoing interface, and if the outgoing interface is not found, the other interfaces on the bridge except the incoming interface of the message all send a copy of the message. In order to meet some special requirements of clients, a message policy control system is generally introduced, and messages pass through the policy control system in the process of forwarding by a bridge. The policy control system processes the message at the entry point, forwarding point and exit point of the bridge forwarding, respectively. The entry point refers to when the message enters the bridge forwarding flow, the forwarding point refers to when the outgoing interface of the message is determined according to the bridge forwarding table, and the exit point refers to when the message is sent from the outgoing interface. Each processing point has some rules in the strategy control system, each rule represents a message control strategy, each strategy matches each message to be processed with some matching items, if all matching items are successfully matched, some strategy processing is carried out on the message, including discarding, marking, modifying the message or transmitting the message to an application layer for deep message analysis.
It should be noted that the bridge forwarding principle adopted in the embodiment of the present invention is bridge forwarding in the prior art, so that it can be ensured that a message requiring a special control policy can be completely forwarded, and the loss of the part of the message is avoided.
In the method for forwarding a downlink packet provided in the embodiment of the present invention, on one hand, a packet to be forwarded is filtered from a received downlink packet, so that the packet to be forwarded is sent to an AP device itself or a terminal device in data connection with the AP device or a destination MAC address of the packet to be forwarded is not a unicast address, and thus, an irrelevant packet can be filtered, thereby avoiding wasting a Central Processing Unit (CPU) resource of a system; on the other hand, on the basis of the conventional forwarding strategy in the prior art, a fast forwarding strategy is added, so that when the forwarding strategy of the message to be forwarded is determined to be the fast forwarding strategy and the MAC address of the terminal matched with the destination MAC address of the message to be forwarded exists in the terminal address interface table, the message to be forwarded is sent from the interface of the AP device corresponding to the MAC address of the terminal, so that most of the message to be forwarded reaches the terminal through the fast forwarding strategy processing, and a small part of the message reaches the terminal through the conventional forwarding strategy processing, thereby achieving the purpose of improving the message forwarding speed on the premise of ensuring that the message to be forwarded can be completely forwarded without affecting the strategy control function.
Optionally, in order to enable most of the messages sent to the terminal device connected to the AP device to be quickly forwarded, thereby improving the forwarding rate of the downlink message, the method further includes the following steps:
and if the target matching item matched with the quintuple information of the message to be forwarded is not determined, forwarding the message to be processed by adopting a rapid forwarding strategy.
Optionally, in order to filter the messages received by the AP device and sent to the AP device itself and the terminal device connected to the AP device, so as to complete a subsequent downlink message forwarding process, the method further includes the following steps:
when the downlink message is determined to be a capwap data message, analyzing the capwap data message through a capwap protocol, filtering an inner layer message obtained after analyzing the capwap data message, and filtering an inner layer message of which a target MAC address points to the AP equipment or a terminal equipment in data connection with the AP equipment or a target MAC address is not a unicast address to serve as a message to be forwarded.
Optionally, in order to ensure the integrity of the capwap data packet, so as to correctly analyze the inner layer packet, before analyzing the capwap data packet, the method further includes: and preprocessing the capwap data message, wherein the preprocessing mainly comprises checking the legality of the capwap data message and performing message recombination on the outer ip fragment of the capwap data message.
An AP device provided in the embodiment of the present invention will be described below based on the related description in the embodiment of the forwarding method for a downlink packet corresponding to fig. 2. Technical terms, concepts and the like related to the above embodiments in the following embodiments may refer to the above embodiments, and are not described in detail herein.
An embodiment of the present invention provides an AP device, as shown in fig. 3, where the AP device 3 includes: a filtering module 31, a shunting module 32 and a forwarding module 33, wherein:
and the filtering module 31 is configured to filter a message to be forwarded from the received downlink message.
The destination MAC address of the message to be forwarded in the embodiment of the invention points to the AP equipment or the terminal equipment in data connection with the AP equipment or the destination MAC address of the message to be forwarded is not a unicast address.
And the shunting module 32 is configured to determine a forwarding policy of the packet to be forwarded filtered by the filtering module.
The forwarding module 33 is configured to send the packet to be forwarded from the interface of the AP device corresponding to the MAC address of the terminal if the forwarding policy of the packet to be forwarded determined by the offloading module is a fast forwarding policy and the MAC address of the terminal matching the destination MAC address of the packet to be forwarded exists in the terminal address interface table; and if the forwarding strategy of the message to be forwarded determined by the shunting module is a conventional forwarding strategy, the shunting module is used for submitting the message to be forwarded to a protocol stack for bridge forwarding processing.
The terminal address interface table in the embodiment of the present invention includes an MAC address of a terminal in data connection with the AP device and an interface of the AP device corresponding to the MAC address of the terminal.
Illustratively, the filter module 31 described above is specifically configured to:
searching whether a destination MAC address of the downlink message exists in a terminal address interface table;
and if the destination MAC address exists in the terminal address interface table or is the MAC address of the wireless AP equipment or is not a unicast address, the downlink message is a message to be forwarded.
And if the destination MAC address does not exist in the terminal address interface table, the destination MAC address is not the MAC address of the wireless AP equipment, and the destination MAC address is a unicast address, discarding the downlink message.
Preferably, the shunting module 32 is specifically configured to:
and searching whether a destination MAC address of the message to be forwarded exists in a terminal address interface table.
And if the destination MAC address of the message to be forwarded does not exist in the terminal address interface table, forwarding the message to be forwarded by adopting a conventional forwarding strategy.
If the destination MAC address of the message to be forwarded exists in the terminal address interface table, matching the quintuple information of the message to be forwarded with a matching item in the flow table, and determining a target matching item successfully matched in the flow table, wherein the matching item comprises at least one item of quintuple information; and acquiring a forwarding strategy corresponding to the target matching item from the flow table.
Illustratively, the shunting module 32 described above is specifically configured to:
and if the destination MAC address of the message to be forwarded points to the AP equipment or the destination MAC address of the message to be forwarded is not a unicast address, forwarding the message to be forwarded by adopting a conventional forwarding strategy.
If the destination MAC address of the message to be forwarded points to the terminal equipment in data connection with the AP equipment, matching the quintuple information of the message to be forwarded with a matching item in the flow table, and determining a target matching item successfully matched in the flow table, wherein the matching item comprises at least one item of the quintuple information; and acquiring a forwarding strategy corresponding to the target matching item from the flow table.
Optionally, the shunting module 32 is further configured to forward the to-be-processed packet by using a fast forwarding policy when the target matching item matching with the five-tuple information of the to-be-forwarded packet is not determined.
Optionally, as shown in fig. 4, the AP device 3 further includes: a parsing module 34, wherein:
the parsing module 34 is configured to, when determining that the downlink packet is a capwap (chinese: tunneling protocol) data packet, parse the capwap data packet through the capwap protocol, and send an inner layer packet obtained after parsing the capwap data packet to the filtering module 31.
Optionally, as shown in fig. 4, the AP device 3 further includes a preprocessing module 35, where:
the preprocessing module 35 is mainly used for checking the validity of the capwap data packet and performing packet reassembly on the outer ip fragment of the capwap data packet.
In the AP device provided in the embodiment of the present invention, on one hand, by filtering a to-be-forwarded packet from a received downlink packet, a destination MAC address of the to-be-forwarded packet or a destination MAC address of the to-be-forwarded packet, which is sent to the AP device itself or a terminal device in data connection with the AP device, is not a unicast address, so that an irrelevant packet can be filtered out, thereby avoiding wasting a CPU resource of a system; on the other hand, on the basis of the conventional forwarding strategy in the prior art, a fast forwarding strategy is added, so that when the forwarding strategy of the message to be forwarded is determined to be the fast forwarding strategy and the MAC address of the terminal matched with the destination MAC address of the message to be forwarded exists in the terminal address interface table, the message to be forwarded is sent out from the interface of the AP device corresponding to the MAC address of the terminal, so that most of the message to be forwarded reaches the terminal through the fast forwarding strategy processing, and a small part of the message reaches the terminal through the conventional forwarding strategy processing, thereby achieving the purpose of improving the message forwarding speed on the premise of ensuring that the message to be forwarded can be completely forwarded without affecting the strategy control function.
The AP device provided by the embodiment of the present invention has the following 4 processing functions: preprocessing, analysis processing, message filtering processing and message forwarding processing. As shown in fig. 5, the downlink packet is first processed by the wired driver in fig. 5, and after receiving the downlink packet by the wired driver, the 4 major functions provided by the AP device are called to respectively process the downlink packet, and finally, data is shunted, so that a small part of the packet to be forwarded is still processed according to a conventional forwarding policy, that is, processed by the bridge forwarding and policy control system; most messages to be forwarded are processed according to a fast forwarding strategy, an outlet is directly found, and then the messages are sent out from the outlet after being processed by wireless driving and finally reach terminal equipment.
Compared with the conventional strategy forwarding, the rapid strategy forwarding has fewer processing flows, does not need to be processed by bridge forwarding or strategy control systems, and can be directly forwarded from a wired drive to a wireless drive, so that the forwarding rate of downlink messages can be obviously improved.
In the several embodiments provided in the present application, it should be understood that the disclosed AP device may be implemented in other manners. For example, the above-described embodiments of the AP device are merely illustrative, and for example, the division of the modules is only one logical functional division, and there may be other divisions when actually implemented, for example, a plurality of modules or components may be combined or may be integrated into another system, or some features may be omitted or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or modules, and may be in an electrical, mechanical or other form.
The modules described as separate parts may or may not be physically separate, and parts displayed as modules may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment.
In addition, each service board in each embodiment of the present invention may be integrated into one processing unit, or each module may be separately and physically included, or two or more modules may be integrated into one unit. The integrated unit can be realized in a hardware form, and can also be realized in a form of hardware and a software service board.
The integrated unit implemented in the form of a software service board may be stored in a computer-readable storage medium. The software service board is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to perform some steps of the methods according to the embodiments of the present invention. And the aforementioned storage medium includes: a U disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.