CN110601990A - Message distribution method and device - Google Patents
Message distribution method and device Download PDFInfo
- Publication number
- CN110601990A CN110601990A CN201911042602.2A CN201911042602A CN110601990A CN 110601990 A CN110601990 A CN 110601990A CN 201911042602 A CN201911042602 A CN 201911042602A CN 110601990 A CN110601990 A CN 110601990A
- Authority
- CN
- China
- Prior art keywords
- message
- fragment
- information
- table entry
- fragmentation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 42
- 239000012634 fragment Substances 0.000 claims abstract description 244
- 238000013467 fragmentation Methods 0.000 claims abstract description 93
- 238000006062 fragmentation reaction Methods 0.000 claims abstract description 93
- 238000012545 processing Methods 0.000 claims abstract description 38
- 230000008569 process Effects 0.000 description 7
- 238000010586 diagram Methods 0.000 description 6
- 238000004364 calculation method Methods 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 4
- 230000032683 aging Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000013507 mapping Methods 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000006978 adaptation Effects 0.000 description 1
- 230000002776 aggregation Effects 0.000 description 1
- 238000004220 aggregation Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000003111 delayed effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000018109 developmental process Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000003780 insertion Methods 0.000 description 1
- 230000037431 insertion Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000006798 recombination Effects 0.000 description 1
- 238000005215 recombination Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000002441 reversible effect Effects 0.000 description 1
- 230000001502 supplementing effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
- H04L45/745—Address table lookup; Address filtering
- H04L45/7453—Address table lookup; Address filtering using hashing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/20—Traffic policing
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application discloses a message shunting method, which is applied to network equipment, wherein the network equipment comprises an FPGA and a plurality of CPUs (central processing units) connected with the FPGA, and the method comprises the following steps: the FPGA receives a message through a service port of the network equipment and judges whether the message is a fragment message or not; if the message is a fragment message, searching a corresponding fragment table entry in the maintained fragment table entries based on the characteristic information of the fragment message; the fragmentation table entry comprises characteristic information carried in a fragmentation message; and source port information and destination port information carried in the first fragment message; the characteristic information at least comprises a source IP, a destination IP and a three-layer protocol number; acquiring quintuple information of a complete message corresponding to the fragment message from the searched fragment table entry, and determining a target CPU from the CPUs based on the quintuple information; and sending each fragment message forming the complete message to the target CPU for further processing.
Description
Technical Field
The present invention relates to the field of computer networks, and in particular, to a method and an apparatus for message distribution.
Background
With the development of internet technology, especially the popularization of mobile internet technology and applications, the processing bandwidth and performance requirements of network devices are higher and higher. These are all challenging to the processing power of the network device. In the face of network environments with ultrahigh throughput such as operators and data centers, the network equipment uses 1 physical CPU as a network service, and the processing performance of the network equipment cannot meet the corresponding application scenario. For this reason, each network device manufacturer is developing high performance devices, and each network device will include 2 or more physical CPUs for service processing.
In practical applications, network devices typically process services based on sessions, and for network devices including multiple physical CPUs, to ensure the integrity of forward and reverse data of a session, messages from the same source and the same destination are required to be sent to the same physical CPU for service processing. The homologous and homonymous messages generally refer to messages containing the same five-tuple; that is, the message includes the same source IP, destination IP, three-layer protocol number, four-layer source port, and four-layer destination port.
However, in a scenario of fragmenting a packet in the same session, since the fragmented packet may not carry five-tuple information of a complete packet, the fragmented packet may not be accurately sent to a CPU in the same source and destination as the non-fragmented packet for processing after being received.
Disclosure of Invention
In view of this, the present application discloses a method and an apparatus for message distribution.
According to a first aspect of an embodiment of the present application, a packet offloading method is disclosed, which is applied to a network device, where the network device includes an FPGA and a plurality of CPUs connected to the FPGA, and the method includes:
the FPGA receives a message through a service port of the network equipment and judges whether the message is a fragment message or not; if the message is a fragment message, searching a corresponding fragment table entry in the maintained fragment table entries based on the characteristic information of the fragment message; the fragmentation table entry comprises characteristic information carried in a fragmentation message; and source port information and destination port information carried in the first fragment message; the characteristic information at least comprises a source IP, a destination IP and a three-layer protocol number;
acquiring quintuple information of a complete message corresponding to the fragment message from the searched fragment table entry, and determining a target CPU from the CPUs based on the quintuple information;
and sending each fragment message forming the complete message to the target CPU for further processing.
According to a second aspect of the embodiments of the present application, a packet offloading device is disclosed, which is applied to a network device, where the network device includes an FPGA and a plurality of CPUs connected to the FPGA, and the device includes:
the table item searching module is used for receiving a message through a service port of the network equipment by using the FPGA and judging whether the message is a fragment message or not; if the message is a fragment message, searching a corresponding fragment table entry in the maintained fragment table entries based on the characteristic information of the fragment message; the fragmentation table entry comprises characteristic information carried in a fragmentation message; and source port information and destination port information carried in the first fragment message; the characteristic information at least comprises a source IP, a destination IP and a three-layer protocol number;
a target CPU determining module, configured to obtain quintuple information of a complete message corresponding to the fragment message from the searched fragment table entry, and determine a target CPU from the plurality of CPUs based on the quintuple information;
and the message uploading module is used for uploading each fragment message forming the complete message to the target CPU for further processing.
In the above technical solution, the FPGA maintains the fragment table entry storing the quintuple information of the complete message; therefore, when receiving the fragment message, the FPGA may search the corresponding fragment table entry according to the feature information of the fragment message, and obtain the quintuple information of the complete message to which the fragment message belongs from the searched fragment table entry, and further determine a target CPU from a plurality of CPUs connected to the FPGA according to the quintuple of the complete message, and then send all the fragment messages belonging to the complete message to the target CPU for processing, thereby implementing that the fragment messages under the same session can be directly sent to the same CPU for processing according to the same quintuple information.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present application and together with the description, serve to explain the principles of the application.
FIG. 1 is a diagram illustrating an exemplary architecture and functionality of a network device according to the present application;
fig. 2 is a flowchart illustrating a flow of a packet offloading method according to the present application;
FIG. 3 is a diagram illustrating an example structure of a sharded table entry organized as a hash table according to the present application;
FIG. 4 is a diagram illustrating an example structure of a hash table for dealing with hash collisions according to the present application;
FIG. 5 is a diagram illustrating an example of a structure of a fragmentation chain table according to the present application;
fig. 6 is a diagram illustrating a structure of a packet offloading device according to the present application.
Detailed Description
In order to make those skilled in the art better understand the technical solutions in one or more embodiments of the present disclosure, the technical solutions in one or more embodiments of the present disclosure will be clearly and completely described below with reference to the drawings in one or more embodiments of the present disclosure. It is to be understood that the described embodiments are only a few, and not all embodiments. All other embodiments that can be derived by one of ordinary skill in the art from one or more embodiments of the disclosure without making any creative effort shall fall within the protection scope of the present application.
When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present specification. Rather, they are merely examples of systems and methods consistent with certain aspects of the present description, as detailed in the appended claims.
The terminology used in the description herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the description. As used in this specification and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used herein to describe various information, these information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, the first information may also be referred to as second information, and similarly, the second information may also be referred to as first information, without departing from the scope of the present specification. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
Referring to fig. 1, fig. 1 is a hardware architecture diagram of a network device shown in this specification;
as shown in fig. 1, the network device includes an FPGA (Field Programmable Gate Array) and a plurality of CPUs (Central Processing units) respectively connected to the FPGA.
The FGPA is configured to receive a packet through a service port of a network device, and distribute the packet to the plurality of CPUs; specifically, the FPGA may preset a hash algorithm, perform hash calculation using five-tuple information (source IP, destination IP, three-layer protocol number, source port, and destination port) of the packet as source data, determine a target CPU of the packet according to a mapping relationship between the calculated hash value and the CPU, and finally send the packet to the target CPU to complete the shunting of the packet.
The CPU is used for receiving the message from the FPGA and processing various services according to the session to which the message belongs.
In the field of computer networks, five-tuple information of a packet, which usually includes a source IP, a destination IP, a three-layer protocol number, a source port and a destination port information of the packet, can be used to uniquely represent a session. However, in the scenario of message fragmentation, only the first fragmentation message (i.e. the first fragmentation message in all fragmentation messages of a complete message) carries complete quintuple information. For the non-first fragment packet, it usually only carries the information of source IP, destination IP, three-layer protocol number, etc. in the five-tuple information, but does not carry the source port and the destination port.
In practical application, for a complete message, the FPGA can determine a target CPU to be sent to complete message distribution according to the quintuple information carried by the complete message and in the manner described above; because the messages belonging to the same session usually carry the same five-tuple information, the messages under the same session can be sent to the same CPU for processing by the mode.
However, in a scenario of message fragmentation, when a message received by the FPGA through the service port is a fragmented message, although the first fragmented message includes complete quintuple information, for a non-first fragmented message, the non-first fragmented message carries incomplete quintuple information; therefore, the FPGA cannot determine the target CPU of the non-first fragment packet to complete the shunting of the packet according to the quintuple information in a manner of processing the complete packet.
In this case, the fragmented messages in the same session may not be sent to the same CPU for processing.
In the related art, in order to solve the above problem, a scheme of summarizing the fragmentation messages uploaded to the CPU by a plurality of CPUs through an internal data channel is generally adopted.
In this scheme, after the FGPA splits the fragment packet, at this time, because the quintuple information carried by the non-first fragment packet is missing, the FGPA may split the fragment packet under the same session to different CPUs for processing.
After receiving the fragment messages shunted by the FPGA, each CPU further interacts through data channels among the CPUs and collects the fragment messages belonging to the same session again.
For example, in implementation, the first slice packet carries complete quintuple information; therefore, for the first slice packet, the FPGA will normally shunt to the designated CPU for further processing according to the quintuple information.
Under the condition, each CPU receives complete quintuple information carried in the first fragment message, namely the quintuple information of the complete message which needs to be further processed by the CPU; therefore, when the CPU collects the fragment messages under the same session, the CPU mobile phones and the received non-first fragments of which the first fragment messages belong to the same complete message are collected only through data channels between the CPUs, and then the collected fragment messages are recombined into the complete message; and for the non-first fragment message which does not belong to the same complete message with the received first fragment message, the non-first fragment message can also be sent to other CPUs through data channels between the CPUs for summarizing and message recombination.
However, although the expected message distribution effect can be achieved by this method, the problem of increased message processing delay and wasted CPU performance may occur because extra fragmented message aggregation processing needs to be performed through the data channel between the CPUs.
Based on this, this specification proposes a technical scheme that, on a network device adopting a hardware architecture as shown in fig. 1, an FPGA may maintain a fragment table entry storing quintuple information of a complete message, and when receiving a fragment message, obtain, in a table look-up manner, a fragment table entry corresponding to feature information carried in the fragment message, and then perform a shunt processing on the fragment message according to the quintuple information of the complete message stored in the fragment table entry.
In the implementation of the method, the first and second electrodes are connected,
after receiving a message to be processed, the FPGA firstly judges whether the message is a fragment message, if the message to be processed is the fragment message, characteristic information of the message to be processed can be extracted to search a corresponding fragment table entry storing quintuple information of a complete message to which the fragment message belongs; after finding out the corresponding fragment table entry, the FPGA can obtain quintuple information from the fragment table entry, and a target CPU is determined for the fragment message according to the quintuple information; and finally, sending the fragmentation messages to respective target CPUs, and completing the distribution of the fragmentation messages according to the sessions to which the fragmentation messages belong.
In the above technical solution, on one hand, the FPGA maintains the fragment table entry storing the five-tuple information of the complete message; therefore, when receiving the fragment message, the FPGA may search the corresponding fragment table entry according to the feature information of the fragment message, and obtain the quintuple information of the complete message to which the fragment message belongs from the searched fragment table entry, and further determine a target CPU from a plurality of CPUs connected to the FPGA according to the quintuple of the complete message, and then send all the fragment messages belonging to the complete message to the target CPU for processing, thereby implementing that the fragment messages under the same session can be directly sent to the same CPU for processing according to the same quintuple information;
on the other hand, because the fragment messages under the same session can be directly sent to the same CPU for processing according to the same quintuple information, a plurality of CPUs connected with the FPGA do not need to exchange data through data channels among the CPUs any more, and the messages under the same session are gathered to the same CPU; therefore, the processing delay of extra data exchange between the CPUs can be effectively reduced, the processing performance of the CPUs is improved, and the processing delay of the message is reduced.
The present application is described below with reference to specific embodiments and specific application scenarios.
Referring to fig. 2, fig. 2 is a flowchart illustrating a packet offloading method provided in an embodiment of the present disclosure, which is applied to a network device, where the network device may adopt the hardware architecture shown in fig. 1; the method performs the steps of:
s201, the FPGA receives a message through a service port of the network equipment and judges whether the message is a fragment message; if the message is a fragment message, searching a corresponding fragment table entry in the maintained fragment table entries based on the characteristic information of the fragment message; the fragmentation table entry comprises characteristic information carried in a fragmentation message; and source port information and destination port information carried in the first fragment message; the characteristic information at least comprises a source IP, a destination IP and a three-layer protocol number;
s202, acquiring quintuple information of a complete message corresponding to the fragment message from the searched fragment table entry, and determining a target CPU from the CPUs based on the quintuple information;
s203, sending each fragment message forming the complete message to the target CPU for further processing.
The network device may specifically include a network security device; for example, in practical applications, the network device may be a firewall device that is equipped with a plurality of CPUs and can support processing of a plurality of network security services.
The characteristic information includes a message characteristic combination which is commonly possessed by the first fragmented message and the non-first fragmented message in all message characteristics of the complete message to which the fragmented message belongs and can be uniquely identified.
For example, in practical applications, after a complete packet is fragmented, quintuple information of the complete packet is split into a first fragmented packet and a non-first fragmented packet; for example, as described above, the first fragment message carries complete quintuple information, but the non-first fragment message does not carry source port information and destination port information; therefore, the characteristic information may include at least triple information of the source IP, the destination IP, and the three-layer protocol number.
Of course, in practical application, the characteristic information may include, in addition to the triplet information such as the source IP, the destination IP, and the three-layer protocol number, other types of message characteristics that the first segment message and the non-first segment message have in common, and is not particularly limited in this specification;
for example, in one embodiment shown, the characteristic information may include four-tuple information consisting of source IP information, destination IP information, three-layer protocol number, and the complete packet ID to which the characteristic information belongs.
The fragment table entry is a table entry which is created by the FPGA by collecting message characteristics carried in received fragment messages (including a first fragment message and a non-first fragment message) and stores quintuple information of a complete message to which the fragment messages belong; the fragment table entry may include two contents, i.e., feature information of the fragment packet, and source port information and destination port information carried in the first fragment packet.
In this specification, the FPGA may create and maintain a fragment table composed of a plurality of fragment table entries, where the fragment table entries in the fragment table correspond to different complete messages respectively.
The data structure of the above-mentioned fragment table is not particularly limited in this specification, and any data structure may be adopted based on actual needs.
For example, in practical application, in order to improve the efficiency of table lookup, the fragmentation table may include several fragmentation table entries; and a query index corresponding to the fragmentation table entry; the query index may be specifically an index established according to the feature information carried in the fragment message;
in an embodiment shown in fig. 3, the fragmentation table may be specifically a table created by FPGA initialization; in the table, a plurality of fragmentation table entries and index entries of the query index corresponding to the fragmentation table entries may be included; the index entry may specifically be the above-mentioned feature information included in the corresponding fragmentation table entry.
In an embodiment shown in fig. 3, the fragmentation table may be specifically a hash table created by FPGA initialization; in the hash table, a plurality of fragment entries and hash values (i.e. query index entries) corresponding to the fragment entries may be included; the hash value (i.e., query index entry) stored in the hash table may be a hash value of the above-mentioned feature information included in each fragment entry.
When the method is implemented, after the FPGA initializes and creates the hash table, the FPGA may create a corresponding fragment entry according to information carried in a received fragment message.
After the fragmentation table entry is created, a hash value of the feature information in the newly-created fragmentation table entry can be further calculated, and then the calculated hash value and the newly-created fragmentation table entry are stored in a correlation manner to serve as a query index item of the fragmentation table entry; subsequently, the corresponding fragmentation table entry can be queried through the query index entry.
In an illustrated embodiment, in the process of constructing the hash table according to the hash values of the feature information in the respective shard entries, hash collision may occur, and in this case, a scheme as shown in fig. 4 may be adopted, that is, in the hash table, each hash value no longer uniquely corresponds to one shard entry, but corresponds to a plurality of shard entries, and the plurality of shard entries may be stored in a linked list, or may be stored in an array or other data structure. Correspondingly, the specific construction process of the fragment table may include: calculating the hash value of the characteristic information in the newly-built fragment table entry; determining the storage position of the newly-built fragment table entry in the fragment table according to the calculation result; finding out the corresponding container according to the storage position, and storing the newly-built fragment table entry in the container. In this way, a slice table which can be indexed by the hash value of the characteristic information and can cope with hash collision can be obtained.
In this specification, after receiving a message, the FPGA may first determine whether the message is a fragment message; if the message is a fragment message, the corresponding fragment table entry can be further searched according to the characteristic information of the fragment message.
For example, taking the feature information as including quadruple information composed of source IP information, destination IP information, a three-layer protocol number, and an ID of a complete packet to which the feature information belongs as an example, the FPGA searches the fragmentation table entry corresponding to the fragmentation packet in the fragmentation table, where the feature information of the fragmentation table entry includes quadruple information identical to the fragmentation packet.
In an embodiment shown, when the fragmentation table is a hash table constructed according to hash values of the feature information in each fragmentation table entry, calculating the hash value of the feature information of the fragmentation message; and inquiring the fragment table entry corresponding to the hash value in the hash table according to the calculation result.
In an embodiment shown, when the fragmentation table is a hash table and each hash value therein may correspond to multiple fragmentation table entries, the process of searching for a corresponding fragmentation table entry according to a fragmentation packet may include: calculating the hash value of the characteristic information of the fragment message; according to the calculation result, a plurality of fragment table entries corresponding to the hash value are inquired in the hash table; and searching the fragmentation list items corresponding to the fragmentation message characteristic information in the plurality of fragmentation list items.
In this specification, an abnormal situation may also occur in the process of searching for a corresponding fragment entry according to the feature information of the fragment packet, for example, a fragment entry corresponding to the feature information of the fragment packet cannot be found, or a fragment entry corresponding to the feature information of the fragment packet is found but the fragment entry does not have source port information and destination port information, and the like. Generally, if the fragment table entry corresponding to the feature information of the fragment message cannot be found, it indicates that there is no fragment table entry record corresponding to the complete message to which the fragment message belongs in the fragment table; if the fragment table entry corresponding to the fragment message feature information is found but the fragment table entry does not have the source port information and the destination port information, it indicates that the first fragment message which is used for providing the source port information and the destination port information and belongs to the same complete message as the fragment message is not received.
In an embodiment shown, if the fragmentation table entry corresponding to the feature information of the fragmentation message cannot be found, the FPGA needs to create a new fragmentation table entry and record the feature information of the fragmentation message in the fragmentation table entry, and how to add the new fragmentation table entry to the fragmentation table may refer to other embodiments, which is not specifically limited herein.
In an embodiment shown in the present disclosure, if a fragment table entry corresponding to feature information of the fragment packet is found, but the fragment table entry does not have source port information and destination port information, the current fragment packet is cached in a storage space associated with the fragment table entry, and after the fragment table entry obtains the source port information and the destination port information, the cached fragment packet is taken out, and subsequent operations are performed.
In one embodiment shown, S201 further includes: judging whether the current fragment message is the first fragment message, if so, supplementing the source port information and the destination port information in the current fragment message to the fragment table entry after finding the fragment table entry in which the feature information same as that of the current fragment message is stored.
In an embodiment shown, when the FPGA employs the above scheme of caching the current fragment in a storage space associated with the fragment table entry, the method may include: establishing a fragmentation chain table, associating the fragmentation chain table with the fragmentation table entry, and adding a new fragmentation message to be cached to the chain table when the new fragmentation message comes, wherein examples of the data structure and the application method thereof are shown in fig. 5. Specifically, the insertion sequence may be time-wise, or may be randomly inserted, and fig. 5 shows an example of inserting according to the sequence of the fragment message components, which is not limited in the present application in the whole text.
In this specification, after acquiring the quintuple information from the corresponding fragment table entry, the FPGA may determine the target CPU of the fragment packet according to the quintuple information. Because the quintuple can uniquely determine the session, and each fragmented message belonging to the same session and the same complete message is corresponding to the same fragmented table entry, the target CPU of the fragmented message also needs to be the same target CPU. There are many ways to determine the target CPU according to the quintuple information, as long as it can be ensured that the target CPUs determined according to the same quintuple information are the same, and a person skilled in the art can decide by himself or herself according to specific situations, and the specification does not need to be limited.
In one embodiment shown, the target CPU is determined by the FPGA by way of a hash calculation. The method can comprise the following steps: and calculating the hash value of the obtained quintuple information, and determining a corresponding target CPU according to the mapping relation between the hash value and the CPU.
In an embodiment shown, if it is determined in S201 that the packet is not a fragment packet, the FPGA directly determines the target CPU according to the five-tuple information in the packet. It can be understood that, in order to ensure that the messages of the same session are distributed to the same CPU, when the target CPU is determined by the non-fragmented message, the method used should be consistent with the method for determining the target CPU by the fragmented message in the corresponding step. Therefore, whether the message received by the network equipment is a complete non-fragment message or a fragment message, the FPGA can use the same standard to ensure that the messages with the same session are sent to the same CPU.
In this specification, after determining a target CPU, the FPGA may send fragmented messages that constitute the same complete message to the same target CPU. It can be understood that the sending here may be sending after all the fragment messages are collected, or sending immediately after receiving the fragment message and determining its target CPU, or sending by using other organization methods, and this specification does not need to be limited.
In an embodiment shown, if the FPGA adopts a scheme of waiting for all fragment messages to be completely collected and then sending the fragment messages, the scheme of establishing the fragment chain table may be combined, and the sending process includes a step of checking whether the fragment messages are collected, specifically: determining whether each fragment message in the fragment linked list associated with the fragment table entry includes all fragment messages forming the complete message; if yes, each fragment message in the fragment linked list is uploaded to the target CPU for further processing.
In an embodiment shown, if the result of checking whether the fragmentation messages are collected is no, the method should continue to wait and repeat the check until the fragmentation messages are collected. Specifically, the repeated checking rule may be that the above-mentioned fragment chain table checks once every time a new fragment packet is received, or may be a timing check, or may be a check according to the capacity of the storage space, and those skilled in the art may freely select according to specific situations, and the present application does not need to be limited.
In an illustrated embodiment, if it is determined in S201 that the packet is not a fragmented packet, the FPGA may send the non-fragmented packet to the target CPU after determining the target CPU according to the above embodiment. Specifically, the transmission may be immediate transmission or delayed transmission according to information such as load conditions, and those skilled in the art may freely select the transmission according to specific conditions, and the present application is not limited thereto.
In this specification, the fragmentation table entry may be aged and deleted after being determined to be useless.
In an embodiment shown, after the FPGA sends all the fragment messages constituting the complete message to the target CPU, the fragment table entries corresponding to the complete message may be aged and deleted.
In an embodiment shown, when the time that a fragmentation table entry is not called exceeds a preset aging time, the fragmentation table entry may be aged and deleted.
In this specification, a fragmentation chain table may be aged and deleted after being confirmed to be useless.
In an embodiment, after the FPGA sends all the fragment messages constituting the complete message to the target CPU, the fragment linked list corresponding to the complete message may be aged and deleted.
In an embodiment shown, when the time that a fragmentation chain table is not called exceeds a preset aging time, the fragmentation chain table entry may be aged and deleted.
The foregoing contents are all embodiments of the present application for the packet offloading method. The application also provides an embodiment of a corresponding message distribution device as follows:
the present application provides a packet offloading device, which is applied to a network device shown in fig. 1, and a structural example of the packet offloading device is shown in fig. 6, and includes:
the table item searching module 601 is configured to receive a message through a service port of the network device by using the FPGA, and determine whether the message is a fragment message; if the message is a fragment message, searching a corresponding fragment table entry in the maintained fragment table entries based on the characteristic information of the fragment message; the fragmentation table entry comprises characteristic information carried in a fragmentation message; and source port information and destination port information carried in the first fragment message; the characteristic information at least comprises a source IP, a destination IP and a three-layer protocol number;
a target CPU determining module 602, configured to obtain five-tuple information of a complete message corresponding to the fragment message from the searched fragment table entry, and determine a target CPU from the multiple CPUs based on the five-tuple information;
a message uploading module 603, configured to upload each fragmented message constituting the complete message to the target CPU for further processing.
The above is a basic embodiment of the message splitting device in the present application, and on this basis, there are the following corresponding specific embodiments:
in an illustrated embodiment, the fragment table entry may be stored by using a hash table method to improve the execution efficiency of the entry lookup module 601, in this scheme, the fragment table entry is stored in the hash table in advance according to a hash value of the feature information of the fragment table entry, in other words, the hash table includes a correspondence between the hash value of the fragment table entry and the fragment table entry; the table entry lookup module 601 is configured to: calculating the hash value of the characteristic information of the fragment message according to the preset hash algorithm; and searching the corresponding fragmentation table entry in the hash table according to the hash value of the characteristic information of the fragmentation message.
In an embodiment shown, a linked list mode may be used to store a fragmentation message for which a corresponding fragmentation table entry is found but five-tuple information is not yet obtained, in this scheme, the fragmentation table entry is associated with a fragmentation linked list; wherein the storage content of the fragment linked list comprises each fragment message forming the complete message; the table entry searching module 601 is further configured to add a fragmentation message to a fragmentation chain table associated with the fragmentation table entry; the message uploading module 603 is configured to determine whether each fragment message in the fragment linked list associated with the fragment table entry includes all fragment messages constituting the complete message; and if so, uploading each fragment message in the fragment linked list to the target CPU for further processing.
The specific implementation of each module is described in detail in the above method embodiments, and the implementation process thereof is referred to only in the method embodiments, and is not described herein again. It will be appreciated that the above-described apparatus embodiments are merely illustrative, wherein the modules illustrated as separate components may or may not be physically separate, and the modules illustrated as parts may or may not be part of a module, i.e. may be located in one place, or may be distributed over a plurality of network parts. The components can be selected according to actual needs to achieve the purpose of the scheme in the specification. One of ordinary skill in the art can understand and implement it without inventive effort.
The embodiments in this specification are described in a progressive manner, and the same and similar parts in the embodiments are referred to each other, and the embodiments may be arranged or combined with each other, and the generated solution should be considered to be within the disclosure of this specification.
Other embodiments of the present disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This specification is intended to cover any variations, uses, or adaptations of the specification following, in general, the principles of the specification and including such departures from the present disclosure as come within known or customary practice within the art to which the specification pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the specification being indicated by the following claims.
It will be understood that the present description is not limited to the precise arrangements described above and shown in the drawings, and that various modifications and changes may be made without departing from the scope thereof. The scope of the present description is limited only by the appended claims.
Claims (12)
1. A message shunting method is applied to network equipment, the network equipment comprises an FPGA and a plurality of CPUs connected with the FPGA, and the method comprises the following steps:
the FPGA receives a message through a service port of the network equipment and judges whether the message is a fragment message or not; if the message is a fragment message, searching a corresponding fragment table entry in the maintained fragment table entries based on the characteristic information of the fragment message; the fragmentation table entry comprises characteristic information carried in a fragmentation message; and source port information and destination port information carried in the first fragment message; the characteristic information at least comprises a source IP, a destination IP and a three-layer protocol number;
acquiring quintuple information of a complete message corresponding to the fragment message from the searched fragment table entry, and determining a target CPU from the CPUs based on the quintuple information;
and sending each fragment message forming the complete message to the target CPU for further processing.
2. The method according to claim 1, before the obtaining five-tuple information of the complete packet corresponding to the fragmented packet from the searched fragmented table entry, the method further comprises:
determining whether the fragment message is a first fragment message;
if yes, extracting source port information and destination port information in the fragment message, and adding the extracted source port information and destination port information to the fragment table entry.
3. The method of claim 1, wherein the characteristic information comprises a quadruplet of information consisting of source IP information, destination IP information, a three-layer protocol number, and an affiliated complete packet ID.
4. The method of claim 1, the shard entry being stored in a hash table created by the FPGA; the hash table comprises a corresponding relation between the hash value of the characteristic information and a fragment table entry;
the searching for the corresponding fragmentation table entry based on the feature information of the fragmentation message comprises:
calculating the hash value of the characteristic information of the fragment message;
and inquiring a fragmentation table entry corresponding to the hash value in the hash table according to the hash value of the characteristic information of the fragmentation message.
5. The method of claim 1, wherein the fragmentation table entry is associated with a fragmentation chain table; wherein, the storage content of the fragment linked list comprises: forming each fragment message of the complete message;
the method further comprises the following steps: and adding the fragment message to a fragment linked list associated with the fragment table entry.
6. The method of claim 5, wherein the first and second light sources are selected from the group consisting of,
the step of sending each fragment message forming the complete message to the target CPU for further processing includes:
determining whether each fragment message in a fragment linked list associated with the fragment table entry includes all fragment messages forming the complete message; and if so, uploading each fragment message in the fragment linked list to the target CPU for further processing.
7. A message shunting device is applied to network equipment, the network equipment comprises an FPGA and a plurality of CPUs connected with the FPGA, and the device comprises:
the table item searching module is used for receiving a message through a service port of the network equipment by using the FPGA and judging whether the message is a fragment message or not; if the message is a fragment message, searching a corresponding fragment table entry in the maintained fragment table entries based on the characteristic information of the fragment message; the fragmentation table entry comprises characteristic information carried in a fragmentation message; and source port information and destination port information carried in the first fragment message; the characteristic information at least comprises a source IP, a destination IP and a three-layer protocol number;
a target CPU determining module, configured to obtain quintuple information of a complete message corresponding to the fragment message from the searched fragment table entry, and determine a target CPU from the plurality of CPUs based on the quintuple information;
and the message uploading module is used for uploading each fragment message forming the complete message to the target CPU for further processing.
8. The apparatus of claim 7, the target CPU determination module further to:
determining whether the fragment message is a first fragment message;
if yes, extracting source port information and destination port information in the fragment message, and adding the extracted source port information and destination port information to the fragment table entry.
9. The apparatus of claim 7, wherein the characteristic information comprises a quadruplet of information consisting of source IP information, destination IP information, a three-layer protocol number, and an affiliated full packet ID.
10. The apparatus according to claim 7, wherein the fragmentation table entry is stored in a hash table in advance according to a hash value of the feature information of the fragmentation table entry according to a preset hash algorithm; the table entry searching module is configured to:
calculating the hash value of the characteristic information of the fragment message according to the preset hash algorithm;
and searching the corresponding fragmentation table entry in the hash table according to the hash value of the characteristic information of the fragmentation message.
11. The apparatus of claim 7, the fragmentation table entry is associated with a fragmentation chain table; wherein, the storage content of the fragment linked list comprises: forming each fragment message of the complete message;
the table entry lookup module is further configured to: and adding the fragment message to a fragment linked list associated with the fragment table entry.
12. The apparatus of claim 11, the message upload module to:
determining whether each fragment message in a fragment linked list associated with the fragment table entry includes all fragment messages forming the complete message; and if so, uploading each fragment message in the fragment linked list to the target CPU for further processing.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911042602.2A CN110601990A (en) | 2019-10-30 | 2019-10-30 | Message distribution method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911042602.2A CN110601990A (en) | 2019-10-30 | 2019-10-30 | Message distribution method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110601990A true CN110601990A (en) | 2019-12-20 |
Family
ID=68851817
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911042602.2A Pending CN110601990A (en) | 2019-10-30 | 2019-10-30 | Message distribution method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110601990A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110572423A (en) * | 2018-06-06 | 2019-12-13 | 阿里巴巴集团控股有限公司 | Data processing method and device |
| CN111786905A (en) * | 2020-06-30 | 2020-10-16 | 北京天融信网络安全技术有限公司 | Message reassembly method and apparatus, processor, storage medium, and network device |
| CN111897791A (en) * | 2020-07-15 | 2020-11-06 | 银联商务股份有限公司 | Service distribution method, device, equipment and storage medium |
| CN112953841A (en) * | 2021-02-20 | 2021-06-11 | 杭州迪普信息技术有限公司 | Message distribution method and system |
| CN113872882A (en) * | 2021-09-18 | 2021-12-31 | 北京锐安科技有限公司 | Network traffic processing method and device, storage medium and electronic equipment |
| WO2022001287A1 (en) * | 2020-07-03 | 2022-01-06 | 华为技术有限公司 | Message processing method and device |
| CN115412308A (en) * | 2022-08-09 | 2022-11-29 | 北京天融信网络安全技术有限公司 | Message processing method and device and electronic equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102377640A (en) * | 2010-08-11 | 2012-03-14 | 杭州华三通信技术有限公司 | Message processing apparatus, message processing method and preprocessor |
| US20120210416A1 (en) * | 2011-02-16 | 2012-08-16 | Fortinet, Inc. A Delaware Corporation | Load balancing in a network with session information |
| CN104836741A (en) * | 2015-04-15 | 2015-08-12 | 国家计算机网络与信息安全管理中心 | Method and processing board for processing fragmented messages in network message diverting equipment |
| CN107888710A (en) * | 2017-12-26 | 2018-04-06 | 新华三信息安全技术有限公司 | A kind of message forwarding method and device |
| CN107995130A (en) * | 2017-12-05 | 2018-05-04 | 西安交大捷普网络科技有限公司 | A kind of fast shifting method of fragment message |
-
2019
- 2019-10-30 CN CN201911042602.2A patent/CN110601990A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102377640A (en) * | 2010-08-11 | 2012-03-14 | 杭州华三通信技术有限公司 | Message processing apparatus, message processing method and preprocessor |
| US20120210416A1 (en) * | 2011-02-16 | 2012-08-16 | Fortinet, Inc. A Delaware Corporation | Load balancing in a network with session information |
| CN104836741A (en) * | 2015-04-15 | 2015-08-12 | 国家计算机网络与信息安全管理中心 | Method and processing board for processing fragmented messages in network message diverting equipment |
| CN107995130A (en) * | 2017-12-05 | 2018-05-04 | 西安交大捷普网络科技有限公司 | A kind of fast shifting method of fragment message |
| CN107888710A (en) * | 2017-12-26 | 2018-04-06 | 新华三信息安全技术有限公司 | A kind of message forwarding method and device |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110572423A (en) * | 2018-06-06 | 2019-12-13 | 阿里巴巴集团控股有限公司 | Data processing method and device |
| CN111786905A (en) * | 2020-06-30 | 2020-10-16 | 北京天融信网络安全技术有限公司 | Message reassembly method and apparatus, processor, storage medium, and network device |
| WO2022001287A1 (en) * | 2020-07-03 | 2022-01-06 | 华为技术有限公司 | Message processing method and device |
| CN111897791A (en) * | 2020-07-15 | 2020-11-06 | 银联商务股份有限公司 | Service distribution method, device, equipment and storage medium |
| CN111897791B (en) * | 2020-07-15 | 2024-01-12 | 银联商务股份有限公司 | Service distribution method, device, equipment and storage medium |
| CN112953841A (en) * | 2021-02-20 | 2021-06-11 | 杭州迪普信息技术有限公司 | Message distribution method and system |
| CN112953841B (en) * | 2021-02-20 | 2022-05-27 | 杭州迪普信息技术有限公司 | Message distribution method and system |
| CN113872882A (en) * | 2021-09-18 | 2021-12-31 | 北京锐安科技有限公司 | Network traffic processing method and device, storage medium and electronic equipment |
| CN115412308A (en) * | 2022-08-09 | 2022-11-29 | 北京天融信网络安全技术有限公司 | Message processing method and device and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110601990A (en) | Message distribution method and device | |
| US10084713B2 (en) | Protocol type identification method and apparatus | |
| US10244537B2 (en) | Communication system, access control apparatus, switch, network control method, and program | |
| US10742722B2 (en) | Server load balancing | |
| US8392448B2 (en) | Method and apparatus for transmitting packets in the network | |
| CN106878194B (en) | Message processing method and device | |
| US20150215236A1 (en) | Method and apparatus for locality sensitive hash-based load balancing | |
| US20170237689A1 (en) | Two-Stage Port-Channel Resolution in a Multistage Fabric Switch | |
| EP3179687B1 (en) | Network flow information statistics method and apparatus | |
| CN113055127B (en) | Data message duplicate removal and transmission method, electronic equipment and storage medium | |
| CN115733784A (en) | Compressed routing header | |
| US10924533B2 (en) | System, apparatus and method for load balancing | |
| US20180302323A1 (en) | System and method to bypass the forwarding information base (fib) for interest packet forwarding in an information-centric networking (icn) environment | |
| EP2549698A2 (en) | Scalable forwarding table with overflow address learning | |
| CN107231269B (en) | Accurate cluster speed limiting method and device | |
| US10587516B1 (en) | Hash lookup table entry management in a network device | |
| CN108390954B (en) | Message transmission method and device | |
| WO2021008591A1 (en) | Data transmission method, device, and system | |
| US20130339540A1 (en) | Methods, systems, and computer readable media for load balancing stream control transmission protocol (sctp) messages | |
| US10693967B2 (en) | Data connection establishment method, server, and mobile terminal | |
| US9270593B2 (en) | Prediction based methods for fast routing of IP flows using communication/network processors | |
| CN113810337A (en) | Method, device and storage medium for network message duplicate removal | |
| KR20110044273A (en) | Message routing platform | |
| US7822056B2 (en) | LCR switch with header compression | |
| CN115842671A (en) | Rule processing method, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20191220 |