CN114143265A - Network flow current limiting method, device, equipment and storage medium - Google Patents
Network flow current limiting method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN114143265A CN114143265A CN202111423041.8A CN202111423041A CN114143265A CN 114143265 A CN114143265 A CN 114143265A CN 202111423041 A CN202111423041 A CN 202111423041A CN 114143265 A CN114143265 A CN 114143265A
- Authority
- CN
- China
- Prior art keywords
- token
- target
- tokens
- bucket
- target token
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000000034 method Methods 0.000 title claims abstract description 56
- 238000004519 manufacturing process Methods 0.000 claims abstract description 86
- 230000000903 blocking effect Effects 0.000 claims abstract description 55
- 238000004590 computer program Methods 0.000 claims description 15
- 238000012544 monitoring process Methods 0.000 claims description 5
- 238000004891 communication Methods 0.000 description 8
- 230000008569 process Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000003032 molecular docking Methods 0.000 description 2
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 description 2
- 230000007123 defense Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 239000010453 quartz Substances 0.000 description 1
- 238000011897 real-time detection Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- VYPSYNLAJGMNEJ-UHFFFAOYSA-N silicon dioxide Inorganic materials O=[Si]=O VYPSYNLAJGMNEJ-UHFFFAOYSA-N 0.000 description 1
- 230000001052 transient effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/215—Flow control; Congestion control using token-bucket
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application discloses a method, a device, equipment and a storage medium for limiting network flow, which comprise the following steps: adding tokens to a target token bucket created by an application system based on a blocking queue according to a preset time period and a preset token production rate; when a user network access request aiming at the application system interface is obtained, judging whether a token exists in the target token bucket or not; and if the target token bucket has the token, acquiring the target token from the front end of the target token bucket, and sending the acquired target token to a user side so that the user side can access an interface of the application system by using the acquired target token. The method and the device realize the flow limitation of the token service by controlling the maximum token number in the target token bucket established based on the blocking queue, namely realize the flow limitation of network traffic by controlling the token production rate, and can improve the availability and stability of the token service under the high concurrency condition.
Description
Technical Field
The present application relates to the field of network communication technologies, and in particular, to a method, an apparatus, a device, and a storage medium for limiting network traffic.
Background
With the rapid development of internet technology and communication technology, more and more application scenes need to limit the speed of network access requests, and the excessive pressure of a back-end server caused by high concurrent large flow is avoided, so that the availability and stability of an application system are ensured, and the problems of slow operation or downtime of the application system caused by sudden increase of flow are prevented.
For example, with the increasing severity of the network security situation, in the face of a large number of threat events and higher security requirements, real-time detection of network security risks and threats can be realized by establishing a network security situation awareness platform, then prediction of future network security development trends is realized by comprehensively analyzing the network security situation, corresponding early warning and multiple response modes are provided to deal with the network security threats, and finally users are helped to construct a network security defense system. However, when the network security situation awareness platform interfaces with the user, the user needs to obtain the token to access the network security situation awareness platform interface. Under the condition of high concurrency, too many tokens are provided too frequently, so that a great load is caused on the service of the network security situation awareness platform, and further, the problems that the platform runs slowly or is down and the like can be caused, and therefore, the rate of network access requests of the network security situation awareness platform needs to be limited.
Token maintenance is currently typically performed by a relational database management system, such as MySQL (a relational database management system), which does not provide current limiting services. Therefore, in the case of high concurrency, the performance of the relational database management system will be greatly affected because the inability to control flow will not only greatly impact the stability and availability of the application system.
Therefore, how to reasonably configure the production rate of the token to realize the throttling of the network traffic and guarantee the availability and stability of the application system under high concurrency conditions is a problem to be solved by those skilled in the art.
Disclosure of Invention
In view of the above, an object of the present application is to provide a method, an apparatus, a device, and a storage medium for limiting network traffic, which can limit network traffic and improve availability and stability of an application system token service under a high concurrency condition. The specific scheme is as follows:
in a first aspect, the present application discloses a network traffic flow limiting method, including:
adding tokens to a target token bucket created by an application system based on a blocking queue according to a preset time period and a preset token production rate; the blocking queue is used for controlling the number of tokens in the target token bucket not to exceed the maximum number of tokens of the target token bucket;
when a user network access request aiming at the application system interface is obtained, judging whether a token exists in the target token bucket or not;
and if the target token bucket has the token, acquiring the target token from the front end of the target token bucket, and sending the acquired target token to a user side so that the user side can access an interface of the application system by using the acquired target token.
Optionally, adding tokens to a target token bucket created by the application system based on the blocking queue according to a preset time period and a preset token production rate includes:
determining the maximum token number of a target token bucket of an application system, which is created based on a blocking queue;
counting tokens existing in the current target token bucket to obtain a first token number;
judging whether the first token number is smaller than the maximum token number;
and if the first token number is smaller than the maximum token number, inserting tokens generated according to a preset token production rate into the rear end of the target token bucket according to a preset time period.
Optionally, after determining whether the first token number is smaller than the maximum token number, the method further includes:
and if the first token number is equal to the maximum token number, forbidding adding tokens to a target token bucket of the application system, and discarding new tokens generated based on the token production rate.
Optionally, the inserting the tokens generated according to the preset token production rate into the back end of the target token bucket according to the preset time period includes:
determining the production number of the target token corresponding to the preset token production rate in unit time;
counting tokens existing in the current target token bucket to obtain a second token number, and obtaining the number of tokens to be added according to the difference value between the maximum token number and the second token number;
judging whether the number of the tokens to be added is smaller than the production number of the target tokens;
if the number of the tokens to be added is not less than the target token production number, inserting all tokens generated according to a preset token production rate into the rear end of the target token bucket according to a preset time period;
and if the number of the tokens to be added is less than the target token production number, inserting a part of tokens generated according to a preset token production rate into the rear end of the target token bucket according to a preset time period, and discarding redundant tokens exceeding the maximum token number.
Optionally, when the user network access request for the application system interface is obtained, after determining whether the token exists in the target token bucket, the method further includes:
and if no token exists in the target token bucket, forbidding to obtain the token from the target token bucket, and continuously keeping in the forbidding state until a condition that the token can be obtained from the target token bucket is met.
Optionally, when the user network access request for the application system interface is obtained, after determining whether the token exists in the target token bucket, the method further includes:
if the target token bucket does not have the token, forbidding to obtain the token from the target token bucket, and counting the forbidding duration in the forbidding state;
and judging whether the forbidden time length exceeds the preset blocking time length, if so, returning a prompt of token acquisition overtime to the application system, and sending a prompt message of token acquisition failure to the user terminal.
Optionally, the network traffic limiting method further includes:
and monitoring the use condition of the token in the current target token bucket, and dynamically adjusting the token production rate according to the use condition of the token.
In a second aspect, the present application discloses a network traffic flow limiting device, including:
the token production module is used for adding tokens to a target token bucket created by the application system based on the blocking queue according to a preset time period and a preset token production rate; the blocking queue is used for controlling the number of tokens in the target token bucket not to exceed the maximum number of tokens of the target token bucket;
the token judgment module is used for judging whether a token exists in the target token bucket or not when a user network access request aiming at the application system interface is obtained;
and the token acquisition module is used for acquiring a target token from the front end of the target token bucket when the token exists in the target token bucket and transmitting the acquired target token to the user side so that the user side can access an interface of the application system by using the acquired target token.
In a third aspect, the present application discloses an electronic device comprising a processor and a memory; when the processor executes the computer program stored in the memory, the network traffic flow limiting method is realized.
In a fourth aspect, the present application discloses a computer readable storage medium for storing a computer program; wherein the computer program, when executed by a processor, implements the aforementioned network traffic throttling method.
It can be seen that, according to the present application, tokens are added to a target token bucket created by an application system based on a blocking queue according to a preset time period and a preset token production rate, when a user network access request for an application system interface is obtained, it is determined whether a token exists in the target token bucket, if a token exists in the target token bucket, a target token is obtained from a front end of the target token bucket, and the obtained target token is sent to a user side, so that the user side accesses the interface of the application system by using the obtained target token. Therefore, the maximum token number in the target token bucket established based on the blocking queue can be controlled, the token service can be limited, namely, the network traffic can be limited by controlling the token production rate, and the availability and the stability of the system token service under the high concurrency condition are improved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a flow chart of a network traffic flow limiting method disclosed in the present application;
fig. 2 is a flowchart of a network traffic flow limiting method for a network security situation platform according to the present disclosure;
fig. 3 is a flow chart of a specific network traffic flow limiting method disclosed in the present application;
FIG. 4 is a flow chart of a particular method for adding tokens to a token bucket as disclosed herein;
fig. 5 is a schematic structural diagram of a network traffic flow limiting device disclosed in the present application;
fig. 6 is a block diagram of an electronic device disclosed in the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The embodiment of the application discloses a network flow limiting method, and as shown in figure 1, the method comprises the following steps:
step S11: adding tokens to a target token bucket created by an application system based on a blocking queue according to a preset time period and a preset token production rate; the blocking queue is used for controlling the number of the tokens in the target token bucket not to exceed the maximum number of the tokens in the target token bucket.
In this embodiment, first, a newly-produced token needs to be added to a target token bucket created by an application system based on a Blocking Queue (i.e., Blocking Queue) according to a preset time period and a preset token production rate. It should be noted that the blocking queue is a special linear table having a blocking characteristic, the number of tokens in the target token bucket is counted in real time during the process of adding the tokens, and when the total number of tokens in the target token bucket reaches the preset maximum number of tokens in the target token bucket, the new tokens are prohibited from being continuously added into the target token bucket. Wherein the application system includes but is not limited to a network security situation awareness platform providing token service.
Specifically, the service can be developed through code in advance, the service is used for adding tokens to a token bucket created by the application system based on the blocking queue, and the number of the added tokens is controllable. For example, a token producer module is developed by Java (an object-oriented programming language) code, and Quartz (an open source job scheduling framework written entirely by Java) is used to implement the timed execution of the token producer module, i.e., control of the token production rate is implemented. It will be appreciated that in creating the above described token producer module, not only the rate of production of tokens needs to be set, but also the time period for transmission of the respective token. If the average production rate of the token bucket production module is set to be N/s and the time period for sending the preset token is 1 second, the token bucket production module adds N tokens to a target token bucket created based on a blocking queue at intervals of 1 second according to the preset time period for sending the tokens, counts the current token quantity of the target token bucket in real time in the process of adding the tokens to the target token bucket, and discards redundant tokens when the token quantity reaches the preset maximum token quantity of the target token bucket. And when the maximum token number is not reached, continuously adding newly generated tokens into the target token bucket until the target token bucket is filled up, namely reaching the maximum token number preset by the target token bucket.
Step S12: and when a user network access request aiming at the application system interface is acquired, judging whether the target token bucket has tokens or not.
In this embodiment, after adding tokens to a target token bucket created by an application system based on a blocking queue according to a preset time period and a preset token production rate, when a user network access request for the application system interface is monitored, it is first checked whether a token exists in the target token bucket.
In a specific implementation manner, after the determining whether the token exists in the target token bucket when the user network access request for the application system interface is obtained, the method specifically further includes: if no token exists in the target token bucket, the application system prohibits obtaining the token from the target token bucket and keeps in the prohibition state until the condition that the token can be obtained from the target token bucket is met. It can be understood that, if there is no token in the target token bucket, that is, a token for providing an interface access to the user terminal cannot be provided, the obtaining of the token from the target token bucket is prohibited according to the blocking characteristic of the blocking queue, and the prohibition state is continued until a newly-produced token is obtained in the target token bucket and a token for providing an interface access to the user terminal can be provided.
In another specific implementation, after the determining whether the token exists in the target token bucket when the user network access request for the application system interface is obtained, the method specifically further includes: if the target token bucket does not have the token, forbidding to obtain the token from the target token bucket, and counting the forbidding duration in the forbidding state; and judging whether the forbidden time length exceeds the preset blocking time length, if so, returning a prompt of token acquisition overtime to the application system, and sending a prompt message of token acquisition failure to the user terminal. It can be understood that, if no token exists in the target token bucket, the application system may continue to be in the prohibited state except for prohibiting the user from obtaining the token from the target token bucket, may further count the duration of the prohibited state, and compare the counted prohibited duration with a preset blocking duration, if the prohibited duration exceeds the preset blocking duration, then a prompt message indicating that the token is obtained overtime is returned to the application system, and after the application system obtains the overtime prompt message, a prompt message indicating that the token is not obtained is sent to the user.
Step S13: and if the target token bucket has the token, acquiring the target token from the front end of the target token bucket, and sending the acquired target token to a user side so that the user side can access an interface of the application system by using the acquired target token.
In this embodiment, after a user network access request for the application system interface is obtained, after whether a token exists in the target token bucket is determined, if an available token exists in the target token bucket, a required target token is obtained from the front end of the target token bucket, and the obtained target token is sent to the user side. It should be noted that, since the blocking queue is a special linear table, and only allows the deleting operation from the front end (front) of the linear table and the inserting operation from the back end (rear) of the linear table, the target token can be obtained only from the front end of the target token bucket in the process of obtaining the target token from the target token bucket.
In this embodiment, the method for limiting network traffic specifically further includes: and monitoring the use condition of the token in the current target token bucket, and dynamically adjusting the token production rate according to the use condition of the token. It can be understood that the application system can also monitor the usage of the tokens in the target token bucket in real time, and if the consumption rate of the tokens in the target token bucket in unit time is too fast and exceeds a preset consumption rate threshold, the token production rate can be properly adjusted according to the token consumption rate, that is, the number of new tokens added to the target token bucket in unit time is correspondingly increased, so as to better meet the requirement of a user terminal for obtaining the tokens.
Referring to fig. 2, fig. 2 shows a flow chart of a network traffic flow limiting service for a network security situation awareness platform, which specifically includes: the system comprises a token production module, a token bucket, a network security situation awareness platform and a butt-joint merchant. Firstly, a token production module can regularly produce new tokens, then the newly produced tokens are added into a token bucket established based on a blocking queue, before the new tokens are added, whether a corresponding linear table of the blocking queue is full or not is judged, namely whether a preset maximum threshold value of the linear table is reached or not is judged, if yes, the newly produced tokens are discarded, and if not, the newly produced tokens are added into the rear end of the blocking queue, namely the token bucket; wherein the rate at which the token production module produces tokens is controllable. When a network access request of a docking provider for a network security situation awareness platform interface is acquired, judging whether a token exists in the target token bucket or not, if so, acquiring a required target token from the front end of a blocking queue, returning the acquired target token to the network security situation awareness platform, and sending the target token acquired by the network security situation awareness platform to the docking provider; if the target token bucket does not have available tokens, the acquisition of the tokens from the token bucket is forbidden, whether the time in the forbidden state exceeds a preset time threshold value is judged, if yes, prompt information that the tokens are acquired overtime is returned to the network security situation awareness platform, and after the network security situation awareness platform acquires the overtime prompt information, prompt information that the token acquisition fails is continuously returned to the merchant terminal.
It can be seen that, in the embodiment of the present application, tokens are added to a target token bucket created by an application system based on a blocking queue according to a preset time period and a preset token production rate, when a user network access request for an interface of the application system is obtained, it is determined whether a token exists in the target token bucket, if a token exists in the target token bucket, a target token is obtained from a front end of the target token bucket, and the obtained target token is sent to a user side, so that the user side accesses the interface of the application system by using the obtained target token. Therefore, the current limitation of the token service can be realized by controlling the maximum token number in the target token bucket created based on the blocking queue, namely, the control of the network flow can be realized by controlling the token production rate, and the availability and the stability of the system token service under the high concurrency condition are improved.
The embodiment of the application discloses a specific network traffic flow limiting method, which is shown in fig. 3 and comprises the following steps:
step S21: determining the maximum token number of a target token bucket created by an application system based on a blocking queue; the blocking queue is used for controlling the number of the tokens in the target token bucket not to exceed the maximum number of the tokens in the target token bucket.
In the embodiment, the maximum token number preset by a target token bucket established based on a blocking queue in an application system is determined; the blocking queue is used for controlling the current token quantity in the target token bucket not to exceed the preset maximum token quantity of the target token bucket.
Step S22: and counting the tokens in the current target token bucket to obtain a first token number.
In this embodiment, after determining the maximum token number of the target token bucket created by the application system based on the blocking queue, further, counting all tokens currently existing in the target token bucket to obtain the total number of current tokens, that is, the first token number.
Step S23: and judging whether the first token number is smaller than the maximum token number.
In this embodiment, after counting tokens present in the current target token bucket to obtain a first token number, the first token number is compared with the maximum token number of the target token bucket, and whether the first token number is smaller than the maximum token number is determined.
In a specific implementation, after determining whether the first token count is smaller than the maximum token count, the method may further include: and if the first token number is equal to the maximum token number, forbidding adding tokens to a target token bucket of the application system, and discarding new tokens generated based on the token production rate. Specifically, if the first token number is equal to the maximum token number, it indicates that the current target token bucket has reached a preset maximum token number, and the application system prohibits to continue adding newly-produced tokens to the target token bucket based on the blocking characteristics of the blocking queue, and discards new tokens generated based on the token production rate, so as to implement control of the token number, i.e. throttling of network traffic.
Step S24: and if the first token number is smaller than the maximum token number, inserting tokens generated according to a preset token production rate into the rear end of a target token bucket created by the application system based on a blocking queue according to a preset time period.
In this embodiment, after determining whether the first token number is smaller than the maximum token number, if the first token number is smaller than the maximum token number, the application system inserts a newly generated token into a target token bucket created based on a blocking queue from a back end according to a preset time period and a preset token production rate.
In this embodiment, referring to fig. 4, the inserting tokens generated according to a preset token production rate into the back end of the target token bucket according to a preset time period may specifically include:
step S31: determining the production number of the target token corresponding to the preset token production rate in unit time;
step S32: counting tokens existing in the current target token bucket to obtain a second token number, and obtaining the number of tokens to be added according to the difference value between the maximum token number and the second token number;
step S33: judging whether the number of the tokens to be added is smaller than the production number of the target tokens;
step S34: if the number of the tokens to be added is not less than the target token production number, inserting all tokens generated according to a preset token production rate into the rear end of the target token bucket according to a preset time period;
step S35: and if the number of the tokens to be added is less than the target token production number, inserting a part of tokens generated according to a preset token production rate into the rear end of the target token bucket according to a preset time period, and discarding redundant tokens exceeding the maximum token number.
In this embodiment, if the first token number is smaller than the maximum token number, first determining a token number generated in a unit time corresponding to a preset token production rate, that is, the target token production number, then counting tokens currently existing in the target token bucket to obtain a second token number, subtracting the second token number from the maximum token number to obtain a number of tokens to be added to the target token bucket, that is, the number of tokens to be added, and determining whether the number of tokens to be added is smaller than the target token production number, if the number of tokens to be added is not smaller than the target token production number, adding all new tokens generated according to the preset token production rate from a back end to the target token bucket according to a preset time period, and if the number of tokens to be added is smaller than the target token production number, inserting a part of tokens generated according to a preset token production rate into the rear end of the target token bucket according to a preset time period until a preset maximum token number of the target token bucket is reached, and discarding redundant tokens exceeding the maximum token number. That is, if the tokens in the target token bucket are not consumed, or are consumed at a rate less than the rate of production, the tokens are continually increased until the target token bucket is filled, and subsequently reproduced tokens overflow from the target token bucket, so that the maximum number of tokens that can be held in the target token bucket will not exceed the size of the target token bucket, i.e., the preset maximum number of tokens.
Step S25: and when a user network access request aiming at the application system interface is acquired, judging whether the target token bucket has tokens or not.
Step S26: and if the target token bucket has the token, acquiring the target token from the front end of the target token bucket, and sending the acquired target token to a user side so that the user side can access an interface of the application system by using the acquired target token.
For more specific processing procedures of the steps S25 and S26, reference may be made to corresponding contents disclosed in the foregoing embodiments, and details are not repeated here.
As can be seen, in the embodiment of the present application, the maximum token number of a target token bucket created by an application system based on a blocking queue is first determined, then, the tokens existing in the current target token bucket are counted to obtain a first token number, and whether the first token number is smaller than the maximum token number is determined, and if the first token number is smaller than the maximum token number, the tokens generated according to a preset token production rate are inserted into the rear end of the target token bucket according to a preset time period. The method and the device have the advantages that the tokens are added into the token bucket at regular time, the number of the tokens in the token bucket is controlled not to exceed the preset maximum number of the tokens, so that the speed limit of the concurrent access/request is realized, the token service can be provided at a peak rate under the condition of ensuring the availability and stability of an application system, and the problems of slow running or downtime of the system caused by sudden increase of the flow are prevented.
Correspondingly, an embodiment of the present application further discloses a network traffic flow limiting device, as shown in fig. 5, the device includes:
the token production module 11 is configured to add tokens to a target token bucket created by the application system based on the blocking queue according to a preset time period and a preset token production rate; the blocking queue is used for controlling the number of tokens in the target token bucket not to exceed the maximum number of tokens of the target token bucket;
the token judgment module 12 is configured to judge whether a token exists in the target token bucket when a user network access request for the application system interface is obtained;
the token obtaining module 13 is configured to, when a token exists in the target token bucket, obtain a target token from the front end of the target token bucket, and send the obtained target token to a user side, so that the user side can access an interface of the application system by using the obtained target token.
For the specific work flow of each module, reference may be made to corresponding content disclosed in the foregoing embodiments, and details are not repeated here.
It can be seen that, in the embodiment of the present application, tokens are added to a target token bucket created by an application system based on a blocking queue according to a preset time period and a preset token production rate, when a user network access request for an interface of the application system is obtained, it is determined whether a token exists in the target token bucket, if a token exists in the target token bucket, a target token is obtained from a front end of the target token bucket, and the obtained target token is sent to a user side, so that the user side accesses the interface of the application system by using the obtained target token. Therefore, the current limitation of the token service can be realized by controlling the maximum token number in the target token bucket created based on the blocking queue, namely, the control of the network flow can be realized by controlling the token production rate, and the availability and the stability of the system token service under the high concurrency condition are improved.
In some embodiments, the token production module 11 may specifically include:
the first token determining unit is used for determining the maximum token number of a target token bucket created by the application system based on the blocking queue;
the first token counting unit is used for counting tokens existing in the current target token bucket to obtain a first token number;
a first token judging unit, configured to judge whether the first token number is smaller than the maximum token number;
and the first token inserting unit is used for inserting the tokens generated according to the preset token production rate into the rear end of the target token bucket according to a preset time period when the first token number is smaller than the maximum token number.
In some specific embodiments, after the first token determining unit, the method may further include:
a first prohibiting unit, configured to prohibit adding tokens to a target token bucket of the application system and discard new tokens generated based on the token production rate when the first token number is equal to the maximum token number.
In some specific embodiments, the first token inserting unit may specifically include:
the second token determining unit is used for determining the production number of the target token corresponding to the preset token production rate in unit time;
the second token counting unit is used for counting tokens existing in the current target token bucket to obtain a second token number, and obtaining the number of tokens to be added according to the difference value between the maximum token number and the second token number;
the second token judging unit is used for judging whether the number of the tokens to be added is less than the production number of the target tokens;
the second token inserting unit is used for inserting all tokens generated according to a preset token production rate into the rear end of the target token bucket according to a preset time period when the number of the tokens to be added is not less than the target token production number;
and the third token inserting unit is used for inserting a part of tokens generated according to a preset token production rate into the rear end of the target token bucket according to a preset time period when the number of the tokens to be added is less than the target token production number, and discarding redundant tokens exceeding the maximum token number.
In some specific embodiments, after the token determination module 12, the method may further include:
and a second forbidding unit, configured to forbid obtaining of tokens from the target token bucket when no token exists in the target token bucket, and continue to be in the forbidding state until a condition that the token can be obtained from the target token bucket is satisfied.
In some specific embodiments, after the token determination module 12, the method may further include:
a third forbidding unit, configured to forbid obtaining of tokens from the target token bucket when no token exists in the target token bucket, and count a forbidding duration in the forbidding state;
and the duration judging unit is used for judging whether the forbidden duration exceeds the preset blocking duration, if so, returning a prompt of token acquisition overtime to the application system, and sending a prompt message of token acquisition failure to the user side.
In some specific embodiments, the network traffic limiting apparatus may further include:
and the token use monitoring unit is used for monitoring the use condition of the tokens in the current target token bucket and dynamically adjusting the token production rate according to the use condition of the tokens.
Further, an electronic device is disclosed in the embodiments of the present application, and fig. 6 is a block diagram of an electronic device 20 according to an exemplary embodiment, which should not be construed as limiting the scope of the application.
Fig. 6 is a schematic structural diagram of an electronic device 20 according to an embodiment of the present disclosure. The electronic device 20 may specifically include: at least one processor 21, at least one memory 22, a power supply 23, a communication interface 24, an input output interface 25, and a communication bus 26. The memory 22 is configured to store a computer program, and the computer program is loaded and executed by the processor 21 to implement relevant steps in the network traffic throttling method disclosed in any of the foregoing embodiments. In addition, the electronic device 20 in the present embodiment may be specifically an electronic computer.
In this embodiment, the power supply 23 is configured to provide a working voltage for each hardware device on the electronic device 20; the communication interface 24 can create a data transmission channel between the electronic device 20 and an external device, and a communication protocol followed by the communication interface is any communication protocol applicable to the technical solution of the present application, and is not specifically limited herein; the input/output interface 25 is configured to obtain external input data or output data to the outside, and a specific interface type thereof may be selected according to specific application requirements, which is not specifically limited herein.
In addition, the storage 22 is used as a carrier for resource storage, and may be a read-only memory, a random access memory, a magnetic disk or an optical disk, etc., and the resources stored thereon may include an operating system 221, a computer program 222, etc., and the storage manner may be a transient storage or a permanent storage.
The operating system 221 is used for managing and controlling each hardware device on the electronic device 20 and the computer program 222, and may be Windows Server, Netware, Unix, Linux, or the like. The computer program 222 may further include a computer program that can be used to perform other specific tasks in addition to the computer program that can be used to perform the network traffic throttling method performed by the electronic device 20 disclosed in any of the foregoing embodiments.
Further, the present application also discloses a computer-readable storage medium for storing a computer program; wherein the computer program when executed by a processor implements the network traffic throttling method disclosed above. For the specific steps of the method, reference may be made to the corresponding contents disclosed in the foregoing embodiments, which are not described herein again.
The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The above detailed description is given to a network traffic flow limiting method, apparatus, device and storage medium provided by the present application, and a specific example is applied in the present application to explain the principle and implementation of the present application, and the description of the above embodiment is only used to help understanding the method and core ideas of the present application; meanwhile, for a person skilled in the art, according to the idea of the present application, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application.
Claims (10)
1. A method for limiting network traffic, comprising:
adding tokens to a target token bucket created by an application system based on a blocking queue according to a preset time period and a preset token production rate; the blocking queue is used for controlling the number of tokens in the target token bucket not to exceed the maximum number of tokens of the target token bucket;
when a user network access request aiming at the application system interface is obtained, judging whether a token exists in the target token bucket or not;
and if the target token bucket has the token, acquiring the target token from the front end of the target token bucket, and sending the acquired target token to a user side so that the user side can access an interface of the application system by using the acquired target token.
2. The method for throttling network traffic according to claim 1, wherein the adding tokens to the target token bucket created by the application system based on the blocking queue according to the preset token production rate and the preset time period comprises:
determining the maximum token number of a target token bucket created by an application system based on a blocking queue;
counting tokens existing in the current target token bucket to obtain a first token number;
judging whether the first token number is smaller than the maximum token number;
and if the first token number is smaller than the maximum token number, inserting tokens generated according to a preset token production rate into the rear end of the target token bucket according to a preset time period.
3. The method of claim 2, wherein after determining whether the first token count is less than the maximum token count, further comprising:
and if the first token number is equal to the maximum token number, forbidding adding tokens to a target token bucket of the application system, and discarding new tokens generated based on the token production rate.
4. The method of network traffic throttling according to claim 2, wherein said inserting tokens generated according to a preset token production rate into a back end of the target token bucket according to a preset time period comprises:
determining the production number of the target token corresponding to the preset token production rate in unit time;
counting tokens existing in the current target token bucket to obtain a second token number, and obtaining the number of tokens to be added according to the difference value between the maximum token number and the second token number;
judging whether the number of the tokens to be added is smaller than the production number of the target tokens;
if the number of the tokens to be added is not less than the target token production number, inserting all tokens generated according to a preset token production rate into the rear end of the target token bucket according to a preset time period;
and if the number of the tokens to be added is less than the target token production number, inserting a part of tokens generated according to a preset token production rate into the rear end of the target token bucket according to a preset time period, and discarding redundant tokens exceeding the maximum token number.
5. The method according to claim 1, wherein after the determining whether the token exists in the target token bucket when the user network access request for the application system interface is obtained, further comprising:
and if no token exists in the target token bucket, forbidding to obtain the token from the target token bucket, and continuously keeping in the forbidding state until a condition that the token can be obtained from the target token bucket is met.
6. The method according to claim 1, wherein after the determining whether the token exists in the target token bucket when the user network access request for the application system interface is obtained, further comprising:
if the target token bucket does not have the token, forbidding to obtain the token from the target token bucket, and counting the forbidding duration in the forbidding state;
and judging whether the forbidden time length exceeds the preset blocking time length, if so, returning a prompt of token acquisition overtime to the application system, and sending a prompt message of token acquisition failure to the user terminal.
7. The method of network traffic throttling according to any one of claims 1 to 6, further comprising:
and monitoring the use condition of the token in the current target token bucket, and dynamically adjusting the token production rate according to the use condition of the token.
8. A network traffic flow limiting device, comprising:
the token production module is used for adding tokens to a target token bucket created by the application system based on the blocking queue according to a preset time period and a preset token production rate; the blocking queue is used for controlling the number of tokens in the target token bucket not to exceed the maximum number of tokens of the target token bucket;
the token judgment module is used for judging whether a token exists in the target token bucket or not when a user network access request aiming at the application system interface is obtained;
and the token acquisition module is used for acquiring a target token from the front end of the target token bucket when the token exists in the target token bucket and transmitting the acquired target token to the user side so that the user side can access an interface of the application system by using the acquired target token.
9. An electronic device comprising a processor and a memory; wherein the processor, when executing the computer program stored in the memory, implements the network traffic throttling method of any of claims 1 to 7.
10. A computer-readable storage medium for storing a computer program; wherein the computer program when executed by a processor implements the method of network traffic throttling according to any of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111423041.8A CN114143265A (en) | 2021-11-26 | 2021-11-26 | Network flow current limiting method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111423041.8A CN114143265A (en) | 2021-11-26 | 2021-11-26 | Network flow current limiting method, device, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114143265A true CN114143265A (en) | 2022-03-04 |
Family
ID=80388368
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111423041.8A Withdrawn CN114143265A (en) | 2021-11-26 | 2021-11-26 | Network flow current limiting method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114143265A (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114826774A (en) * | 2022-06-02 | 2022-07-29 | 天翼数字生活科技有限公司 | Terminal device log request control method, server and system |
| CN115174485A (en) * | 2022-05-27 | 2022-10-11 | 中国经济信息社有限公司 | Play control management method, system, device and storage medium |
| CN115189973A (en) * | 2022-09-13 | 2022-10-14 | 以见科技(苏州)有限公司 | Method and system for software security and encryption |
| CN115378656A (en) * | 2022-07-26 | 2022-11-22 | 青岛海尔科技有限公司 | Token backfill method, storage medium and electronic device |
| CN115396377A (en) * | 2022-07-29 | 2022-11-25 | 天翼云科技有限公司 | Method, device and equipment for optimizing service quality of object storage and storage medium |
| CN115412503A (en) * | 2022-08-29 | 2022-11-29 | 中国工商银行股份有限公司 | Cloud disk pushing method and device for electronic receipt, storage medium and electronic equipment |
| CN115408153A (en) * | 2022-08-26 | 2022-11-29 | 海光信息技术股份有限公司 | Instruction distribution method, apparatus and storage medium for multithreaded processor |
| CN115473852A (en) * | 2022-07-26 | 2022-12-13 | 青岛海尔科技有限公司 | Current limiting method for user side input request, storage medium and electronic device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108804043A (en) * | 2018-06-26 | 2018-11-13 | 郑州云海信息技术有限公司 | Distributed block storage system bandwidth traffic control method, device, equipment and medium |
| CN111447150A (en) * | 2020-02-29 | 2020-07-24 | 中国平安财产保险股份有限公司 | Access request current limiting method, server and storage medium |
| CN112350953A (en) * | 2019-08-07 | 2021-02-09 | 亿度慧达教育科技(北京)有限公司 | Flow limiting method and device, electronic equipment and computer readable storage medium |
-
2021
- 2021-11-26 CN CN202111423041.8A patent/CN114143265A/en not_active Withdrawn
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108804043A (en) * | 2018-06-26 | 2018-11-13 | 郑州云海信息技术有限公司 | Distributed block storage system bandwidth traffic control method, device, equipment and medium |
| CN112350953A (en) * | 2019-08-07 | 2021-02-09 | 亿度慧达教育科技(北京)有限公司 | Flow limiting method and device, electronic equipment and computer readable storage medium |
| CN111447150A (en) * | 2020-02-29 | 2020-07-24 | 中国平安财产保险股份有限公司 | Access request current limiting method, server and storage medium |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115174485A (en) * | 2022-05-27 | 2022-10-11 | 中国经济信息社有限公司 | Play control management method, system, device and storage medium |
| CN114826774A (en) * | 2022-06-02 | 2022-07-29 | 天翼数字生活科技有限公司 | Terminal device log request control method, server and system |
| CN114826774B (en) * | 2022-06-02 | 2024-01-30 | 天翼数字生活科技有限公司 | Log request control method, server side and system for terminal equipment |
| CN115378656A (en) * | 2022-07-26 | 2022-11-22 | 青岛海尔科技有限公司 | Token backfill method, storage medium and electronic device |
| CN115473852A (en) * | 2022-07-26 | 2022-12-13 | 青岛海尔科技有限公司 | Current limiting method for user side input request, storage medium and electronic device |
| CN115396377A (en) * | 2022-07-29 | 2022-11-25 | 天翼云科技有限公司 | Method, device and equipment for optimizing service quality of object storage and storage medium |
| CN115396377B (en) * | 2022-07-29 | 2024-03-12 | 天翼云科技有限公司 | Method, device, equipment and storage medium for optimizing service quality of object storage |
| CN115408153A (en) * | 2022-08-26 | 2022-11-29 | 海光信息技术股份有限公司 | Instruction distribution method, apparatus and storage medium for multithreaded processor |
| CN115408153B (en) * | 2022-08-26 | 2023-06-30 | 海光信息技术股份有限公司 | Instruction distribution method, device and storage medium of multithreaded processor |
| CN115412503A (en) * | 2022-08-29 | 2022-11-29 | 中国工商银行股份有限公司 | Cloud disk pushing method and device for electronic receipt, storage medium and electronic equipment |
| CN115189973A (en) * | 2022-09-13 | 2022-10-14 | 以见科技(苏州)有限公司 | Method and system for software security and encryption |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN114143265A (en) | Network flow current limiting method, device, equipment and storage medium | |
| CN108494703B (en) | Access frequency control method, device and storage medium | |
| US9794421B2 (en) | Method, system and apparatus for adaptive quota determination for shared resources | |
| RU2523962C2 (en) | Method and device for monitoring amount of usage of services | |
| CN106713168B (en) | Flow control method and system | |
| US10320991B2 (en) | Policy and charging enforcement function apparatus, online charging apparatus, and online charging method | |
| CN113381944B (en) | System current limiting method, apparatus, electronic device, medium, and program product | |
| CN108874324B (en) | Access request processing method, device, equipment and readable storage medium | |
| CN107402851B (en) | Data recovery control method and device | |
| CN115277577B (en) | Data processing method, apparatus, computer device, and computer readable storage medium | |
| CN106302421B (en) | A kind of information intercepting processing method and device | |
| CN109450869B (en) | Service safety protection method based on user feedback | |
| EP3499818A1 (en) | Method and device for load processing | |
| CN113238861A (en) | Task execution method and device | |
| CN113220723A (en) | Flow control method and device, computer equipment and storage medium | |
| CN111078386A (en) | Control method and control device of distributed scheduling system | |
| CN112585904B (en) | Background data transmission processing | |
| CN114448988A (en) | Node load balancing method, device, equipment and storage medium | |
| CN102137444A (en) | Overload control method and device | |
| US11477040B1 (en) | System, method, and computer program for dynamic switching between online and offline charging for a network session | |
| CN110381537B (en) | QoE-based bandwidth speed limiting method, device, equipment and storage medium | |
| KR102025426B1 (en) | Traffic control method and apparatus for solving service quality degradation according to traffic overhead in sdn-based communication node | |
| CN113747506A (en) | Resource scheduling method, device and network system | |
| CN111314347A (en) | Illegal traffic processing method, device, system and storage medium | |
| CN110955579A (en) | Ambari-based large data platform monitoring method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20220304 |