CN115834498B - Service acceleration method, device, equipment and medium - Google Patents
Service acceleration method, device, equipment and medium Download PDFInfo
- Publication number
- CN115834498B CN115834498B CN202310015509.2A CN202310015509A CN115834498B CN 115834498 B CN115834498 B CN 115834498B CN 202310015509 A CN202310015509 A CN 202310015509A CN 115834498 B CN115834498 B CN 115834498B
- Authority
- CN
- China
- Prior art keywords
- service
- acceleration
- fpga
- session
- services
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a service acceleration method, a device, equipment and a medium, which relate to the technical field of information processing and comprise the steps of setting corresponding acceleration zone bits according to service types of different services when the different services are started; when a session corresponding to the service is created, controlling an FPGA (field programmable gate array) acceleration flow table of the service to issue according to an acceleration zone bit corresponding to the service, wherein the FPGA acceleration flow table comprises target service flow information, and the target service flow information is service flow which can be intercepted by an FPGA and directly forwarded to realize service function acceleration.
Description
Technical Field
The present invention relates to the field of information processing technologies, and in particular, to a service acceleration method, apparatus, device, and medium.
Background
Currently, the CPU and network card processing performance of the network hardware equipment of the traditional firewall is limited, especially the complex service processing capability is proved to be the best, and the situation of network congestion or blocking is caused due to packet loss caused by low performance frequently, so that the user experience is greatly influenced.
Therefore, how to solve the network congestion or delay that often occurs in the firewall is a problem that needs to be solved in the current industry.
Disclosure of Invention
The invention provides a service acceleration method, device, equipment and medium, which are used for solving the defect of low performance when a firewall processes complex services in the prior art, realizing acceleration of different services and improving the performance.
The invention provides a service acceleration method, which comprises the following steps:
when different services are started, setting corresponding acceleration zone bits according to service types of the services;
when a session corresponding to the service is created, controlling an FPGA (field programmable gate array) acceleration flow table of the service to issue according to an acceleration zone bit corresponding to the service, wherein the FPGA acceleration flow table comprises target service flow information, and the target service flow information is service flow which can be intercepted by an FPGA and directly forwarded to realize service function acceleration.
According to the service acceleration method, setting a corresponding acceleration flag bit according to the service type of the service, including:
under the condition that the service is a service which is not mounted to a session by a Target or is a service which starts to be processed before the session is established, in a service flow before the session is established, setting an FPGA (field programmable gate array) acceleration flag bit for a single PKB (public key bus) message in the service by a newly added interface function Fpga_SetPkbFlag.
The service acceleration method according to the present invention further comprises:
and under the condition of closing or deleting the service, carrying out clearing on all the service which has been called Fpga_SetPkbFlag according to the service ID cycle through a first clearing zone bit interface function.
According to the service acceleration method, setting a corresponding acceleration flag bit according to the service type of the service, including:
and when the session is established, adding ullTargetButFlag as an acceleration zone bit of the service in a session data structure body of the service.
The service acceleration method according to the present invention further comprises:
and under the condition of releasing the session, calling a second clearing flag bit interface function to clear the acceleration flag bit in the session data structure body.
The invention also provides a service acceleration device, which comprises:
the setting module is used for setting corresponding acceleration zone bits according to service types of different services when the different services are started;
and the issuing module is used for controlling the FPGA acceleration flow table of the service to issue according to the acceleration zone bit corresponding to the service when the session corresponding to the service is created, wherein the FPGA acceleration flow table comprises target service flow information, and the target service flow information is service flow which can be intercepted by the FPGA and directly forwarded to realize service function acceleration.
The invention also provides an electronic device comprising a memory, a processor and a computer program stored in the memory and capable of running on the processor, wherein the processor implements the service acceleration method according to any one of the above when executing the program.
The present invention also provides a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements a business acceleration method as described in any of the above.
The invention also provides a computer program product comprising a computer program which, when executed by a processor, implements a business acceleration method as described in any one of the above.
According to the service acceleration method, device, equipment and medium, corresponding acceleration zone bits are set for different service types, whether an FPGA acceleration flow table is issued is judged according to the corresponding acceleration zone bits, the FPGA acceleration flow table is issued to a DDR3 memory of an FPGA in the form of an FPGA flow table message, and the FPGA acceleration flow table stored in the DDR3 memory is updated; the FPGA receives the flow of the corresponding session, extracts the five-tuple information in the flow, queries the flow table in the DDR3 memory of the FPGA, hits the flow table, is intercepted by the FPGA, does not walk the conventional forwarding flow, and is directly forwarded to the external interface of the FPGA, so that the hardware limitation of the traditional firewall is avoided, the original performance bottleneck is broken, the forwarding speed is effectively improved, the forwarding performance of the firewall is improved, the problems of network blocking or delay caused by low performance of the firewall in the prior art are solved, and the user experience is greatly improved.
Drawings
In order to more clearly illustrate the invention or the technical solutions of the prior art, the following description will briefly explain the drawings used in the embodiments or the description of the prior art, and it is obvious that the drawings in the following description are some embodiments of the invention, and other drawings can be obtained according to the drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram of an FPGA structure described in an embodiment of the present application;
FIG. 2 is a flow chart of a method for accelerating business according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of a service acceleration device provided in an embodiment of the present application;
fig. 4 is a schematic structural diagram of an electronic device provided by the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the present invention more apparent, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is apparent that the described embodiments are some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
In the embodiment of the application, in order to improve the forwarding performance of the network equipment, an FPGA (Field Programmable Gate Array ) device is introduced, which is a semi-custom circuit in an application-specific integrated circuit, is a programmable logic array, can be matched with a traditional network card for use, and is matched with a special custom program to realize multiple services and realize the whole flow acceleration forwarding function.
Fig. 1 is a schematic structural diagram of an FPGA according to an embodiment of the present application, as shown in fig. 1, where the FPGA includes a plurality of external interfaces and a plurality of internal interfaces, and the external interfaces are physical interfaces of a network device panel, which may be 10Gbps optical ports, where the FPGA may correspond to 4 external interfaces; the internal interfaces are network card drive registration interfaces such as XL710 and the like, and can be 10Gbps internal interfaces, wherein the FPGA can correspond to 4 internal interfaces, and each internal interface is respectively connected with one network card. The FLASH is used for storing the FPGA customized logic program, the FPGA program and the internal interface software of the network card are communicated through a custom special protocol message, and the internal interface software can be installed on an operating system of the terminal. The DDR3 memory is used for storing a flow table, an FPGA acceleration flow table and a flow matching result. Devices integrated with the FPGA and the network card, such as PCIE3.0, are inserted into the slot.
Fig. 2 is a flowchart of a service acceleration method described in an embodiment of the present application, as shown in fig. 2, including:
in the embodiment of the application, the service may refer to a security service performed by a firewall, for example, a service for establishing a blocking point, and may monitor, filter and check all incoming and outgoing information; recording network activity service, and providing alarm function; limiting network exposure traffic, creating a protected border around the internal network, hiding information of the internal network from the external or public network, etc.
Specifically, it is possible to divide services that cannot be accelerated and services that can be accelerated according to different service types.
Specifically, the service that cannot be accelerated is a special security service that needs to be detected for each message.
Specifically, the service that can be accelerated is a service that does not have any service function or that does not require detection per message. And, the services that can be accelerated are further divided into services that can be accelerated in all traffic and services that can be accelerated in part of traffic.
Specifically, the service that the full traffic can be accelerated is the service that the first packet security detection is completed and the subsequent traffic is not required to be sent to the internal software for processing.
Wherein, the first packet refers to the first received message by the firewall in a service.
And the service with partial flow capable of being accelerated is the service that the first few or a part of messages need to be sent to internal software for processing and the subsequent flow does not need to be sent to the software for processing.
Specifically, uploading to the internal software process refers to a process that a message is uploaded to the internal interface software through the internal interface of the network card.
In the embodiment of the present application, service types may be classified into: traffic that starts to be processed before the session is created, traffic that is no Target mounted to the session, and traffic that is Target mounted to the session.
Specifically, the session is established in the following case: after receiving the message through the external interface, the FPGA obtains a flow table address according to the five-tuple information of the message, matches the information in the flow table stored in the DDR3 memory of the FPGA, and if the matching is successful, the FPGA can be considered that the table lookup hit is directly intercepted and forwarded; if the matching is unsuccessful, the message is identified as a first packet, and the first packet or the first several messages are sent to software for processing through the network card, and the conventional forwarding flow is executed. When the sent message passes through a service flow which is started to be processed before the session is established and no Target is mounted to the service flow of the session, an FPGA (field programmable gate array) acceleration flag bit is set for a single PKB (public key bus) message in the service through the encapsulated interface function Fpga_SetPkbFlag, and then the corresponding session is established; when the uploading message is mounted to the service flow of the session through the Target, the corresponding session is established, and then the ullTargetButFlag acceleration zone bit is added in the session data structure of the service according to the bit position through the encapsulated interface function.
The PKB (Packet Buffer) is a data structure of a message buffer, and includes a message data pointer, message header information, custom members necessary for service processing, and the like.
After the conventional forwarding flow of three service types is executed, a corresponding session is established, in a session confirmation function, whether a flow table needs to be issued or not is judged according to an FPGA acceleration flag bit set by a PKB message and a TargetButFlag acceleration flag bit set in the session, and if the flow table needs to be issued, the information of the session is synchronized to a flow table stored in a DDR3 memory of the FPGA in the form of an FPGA flow table message, wherein the stored content comprises a corresponding flow address and forwarding address information. The forwarding address information may include: MAC, NAT, PASS, five-tuple, etc.
In the embodiment of the application, a corresponding acceleration flag bit is set according to the service type of the service, and for the service which starts to be processed before the session is created, the acceleration flag bit is required to be set for each PKB message in the service flow before the session is created; for the service that is not mounted to the session by the Target, the acceleration flag bit is set for each PKB message in the service flow before the session is created; for the service with the Target mounted to the session, an acceleration flag bit is set for the session when the session is established, and the acceleration flag bit value is a service ID value. And for special security service in which each message is detected, no acceleration flag bit is set.
Specifically, for the completion of the security detection of the first packet, the subsequent flow does not need to be sent to the service processed by the internal software, and the acceleration zone bit can be set in the first packet; for the services that the first few or part of messages need to be sent to internal software for processing, the subsequent flow does not need to be sent to the software for processing, the acceleration zone bit can be set after accumulation and statistics. In the embodiment of the application, the acceleration zone bit is a zone bit added to the accelerated service, and the acceleration flow can be issued when the acceleration zone bit is detected.
And 220, controlling an FPGA (field programmable gate array) acceleration flow table of the service to issue according to an acceleration zone bit corresponding to the service when a session corresponding to the service is created, wherein the FPGA acceleration flow table comprises target service flow information, and the target service flow information is service flow which can be intercepted by an FPGA and directly forwarded to realize service function acceleration.
In the embodiment of the application, the FPGA program reads the corresponding acceleration zone bit according to different services. For the service which starts to be processed before the session is established, reading the acceleration zone bit of a single PKB message; for the service which is not mounted to the session by the Target, the acceleration zone bit of a single PKB message is read; and for the business with the Target mounted to the session, reading the acceleration zone bit of the session.
Specifically, when the acceleration zone bit is read to be not 0, the FPGA acceleration flow table corresponding to the service is issued, and when the acceleration zone bit is 0, the FPGA acceleration flow table is not issued.
Specifically, if the acceleration flag bit is read in the first packet, the acceleration flow table can be issued in the first packet; if the acceleration zone bit is read in the first few or a part of messages, the acceleration flow table is issued after the acceleration zone bit is read; and for some special safety services, an acceleration zone bit is not set, and an acceleration flow table is not issued.
In the embodiment of the application, when a session corresponding to a service is created, after a corresponding non-zero acceleration zone bit is read, session information of the service of the read acceleration zone bit is packaged into an FPGA (field programmable gate array) flow table message and is issued to a DDR3 memory of the FPGA, and meanwhile, an FPGA acceleration flow table stored in the DDR3 memory is updated, wherein the FPGA acceleration flow table comprises a flow address of a target service and information of a corresponding packaged forwarding message.
The stream table address is the address written into the stream table content in DDR3 memory of the FPGA, and is obtained through an algorithm according to five-tuple information of the message, wherein the algorithm can be a Hash algorithm, an exclusive OR algorithm and the like. The flow table content is the information content of the package forwarding message.
Specifically, after the session confirmation point reads the message with the acceleration flag bit, the session message header information is issued to the DDR3 memory of the FPGA in the form of an FPGA stream table message, the FPGA acceleration stream table stored in the DDR3 memory is updated, the subsequent flow of the service corresponding to the session is taken as target service flow information, the FPGA receives the flow of the session, five-tuple information in the flow table is extracted, the stream table in the DDR3 memory of the FPGA is queried and hit, the flow table is not required to be directly forwarded to an external interface through a conventional forwarding flow, and the forwarding speed is improved by the FPGA.
In the embodiment of the application, corresponding acceleration zone bits are set for different service types, whether an FPGA acceleration flow table is issued is judged according to the corresponding acceleration zone bits, the FPGA acceleration flow table is issued to a DDR3 memory of an FPGA in the form of an FPGA flow table message, and the FPGA acceleration flow table stored in the DDR3 memory is updated; the FPGA receives the flow of the corresponding session, extracts the five-tuple information in the flow, queries the flow table in the DDR3 memory of the FPGA, hits the flow table, is intercepted by the FPGA, does not walk the conventional forwarding flow, and is directly forwarded to the external interface of the FPGA, so that the hardware limitation of the traditional firewall is avoided, the original performance bottleneck is broken, the forwarding speed is effectively improved, the forwarding performance of the firewall is improved, the problems of network blocking or delay caused by low performance of the firewall in the prior art are solved, and the user experience is greatly improved.
Optionally, according to the service acceleration method, setting a corresponding acceleration flag bit according to a service type of the service includes:
under the condition that the service is a service which is not mounted to a session by a Target or is a service which starts to be processed before the session is established, in a service flow before the session is established, setting an FPGA (field programmable gate array) acceleration flag bit for a single PKB (public key bus) message in the service by a newly added interface function Fpga_SetPkbFlag.
In the embodiment of the application, the method for setting the FPGA acceleration flag bit for a single PKB message in a service is that in the process flow of setting two different services corresponding to the PKB acceleration flag bit, an interface function fpga_setpkbflag (sop_xxx_id, pstPkb) is newly added, a service ID value is used as a subscript of a data array, an FPGA acceleration flow table flag bit is set for the single PKB message, and the FPGA acceleration flow table flag bit is synchronously stored in a global variable array g_ulfpgafunctypepkbflag [ sop_fpgaid_max ].
Specifically, the default value of the global variable array g_ulfpgafunctypekbflag [ sop_fpgaid_max ] is 0, which is used for querying for opening service usage, and the global variable array is the maximum value declaration variable array of the PKB service enumeration structure sop_funcid_max.
Specifically, the PKB service enumeration structure sop_function_max records all services for which a PKB acceleration flag bit needs to be set.
Specifically, SOP refers to a service module, and the sop_xxx_id corresponds to the ID of the service module.
In the embodiment of the application, the FPGA acceleration zone bit is set for each PKB message in the two types of services by mounting the service without the Target to the session and starting to process the service before the session is created, so that the FPGA acceleration flow table is conveniently issued according to the corresponding acceleration zone bit, and the forwarding efficiency is effectively improved.
Optionally, according to the service acceleration method, the method further includes:
and under the condition of closing or deleting the service, carrying out clearing on all the service which has been called Fpga_SetPkbFlag according to the service ID cycle through a first clearing zone bit interface function.
In this embodiment of the present application, the first clear flag interface function refers to a packed clear flag interface function fpga_clearpkblflag (), which can clear an acceleration flag of a PKB packet.
In this embodiment of the present application, under the condition of closing or deleting the service, for the service that has already called fpga_setpkbflag, that is, the service that has already set the Fpga acceleration flag bit in the PKB packet, the encapsulated emptying flag bit interface function fpga_clearpkblflag () is called, and the value of the global variable of g_ulfpgafunctyppkblflag is circularly emptied according to the closed or deleted service ID, so that the value of the global variable becomes a default value 0.
Specifically, when the acceleration zone bit in the service is cleared, the session created by the service and the acceleration flow table issued to the FPGA are synchronously cleared, so that the FPGA can upload the software again to process the message.
In the embodiment of the application, the acceleration zone bit in the service which needs to be closed or deleted is emptied through the first emptying zone bit interface function, and simultaneously the session created by the service is synchronously emptied and the acceleration flow table in the FPGA is issued, so that the FPGA is enabled to upload the software again to process the message, the situation that the service does not contain the acceleration zone bit any more is effectively ensured, and the follow-up service is not influenced.
Optionally, according to the service acceleration method, setting a corresponding acceleration flag bit according to a service type of the service includes:
and when the session is established, adding ullTargetButFlag as an acceleration zone bit of the service in a session data structure body of the service.
In the embodiment of the application, for the service with the Target mounted to the Session, when the Session is established, the ulldgetbit flag is set as the acceleration flag bit by an ssp_setbit_id (Session- > ulldgetbit flag) function.
The sop_target_id corresponds to the service ID of the TARGET mounted in the session in the SOP service module.
In the embodiment of the application, when the session is established, the service with the Target mounted to the session is added with the ulTargetButFlag as the acceleration zone bit of the service in the session data structure body, so that the FPGA acceleration zone bit is effectively set for the session of the service, the subsequent issuing of the FPGA acceleration flow table according to the corresponding acceleration zone bit is facilitated, and the forwarding efficiency is effectively improved.
Optionally, according to the service acceleration method, the method further includes:
and under the condition of releasing the session, calling a second clearing flag bit interface function to clear the acceleration flag bit in the session data structure body.
In this embodiment of the present application, releasing the session refers to releasing the session of the service when the corresponding service is closed.
In this embodiment of the present application, the second clearing flag interface function refers to an ssp_clear bit (sop_target_id) & Session- > ulltagetflag) function, which can clear the acceleration flag of the Session.
Specifically, when the service is closed and the Session of the service is released, an ssp_clearbit (sop_target_id) function is called, and the Session- > ultargetbit flag is cleared.
Specifically, the acceleration zone bit in the session is cleared, and simultaneously, the acceleration flow table correspondingly issued to the FPGA by the service session is cleared, so that the FPGA can upload the software again to process the message.
In the embodiment of the application, when the session of the service to be closed is released through the second clearing flag bit interface function, the accelerating flag bit in the session is cleared, and meanwhile, the accelerating flow table in the FPGA is correspondingly issued by the service session, so that the FPGA can send the message again to the software to process the message, and the condition that the accelerating flag bit is not contained in the service is effectively ensured, so that the follow-up service is not influenced.
Optionally, the embodiment of the application encapsulates a query function of the service acceleration method.
Specifically, for a PKB message, packaging and obtaining a PKB message service acceleration flag interface function fpga_getpkbflag (sop_xxx_id, pstPkb), preferentially judging whether a u8FpgaSyncFlag service function is set by fpga_getpkbflag () or not, and if an acceleration flag bit of the PKB message is not set, circularly traversing a global variable array g_ulfpgafunctypepblflag [ sop_fpgaid_max ] to judge whether the PKB service is started or not.
Specifically, for a Session, the package obtains a Session start Target service acceleration flag interface function ssp_testbit (sop_target_id, & Session- & gt ultargetbit flag), and confirms a service function start setting of the mounted Target by the ultargetbit flag of the Session being circularly traversed through ssp_testbit ().
Specifically, the interface functions of packaging and cleaning the FPGA single acceleration flow table and cleaning all the acceleration flow tables are used when the session and the corresponding acceleration flow table need to be cleaned when the service is deleted.
The full clear flow table function can be called when each service issues a flow table for the first time or when flow table information needs to be changed, and can enable all flow of the corresponding service to be sent to internal interface software for processing once.
And the traffic of the service needs to be accelerated, only the FPGA acceleration flow table can be emptied, and the session is not cleaned. And in addition, the message is allowed to be received and transmitted during the process of cleaning the flow table, the clock judgment is carried out, and the action of repeatedly calling and not repeatedly transmitting the flow table is repeatedly carried out within the threshold time.
Optionally, in the service acceleration method, the embodiment of the present application may print a value related to the opened service.
Specifically, for the opened service, the corresponding enumeration value of the acceleration service of PKB saved by the global variable g_ulfpgapkbflag [ sop_fpgaid_max ] may be printed, and the ullTargetBitFlag value of the session may be traversed to determine the corresponding opened acceleration service ID, which is used to check the situation that the FPGA flow table is not issued when the function acceleration is required to be judged and the acceleration cannot be performed.
Fig. 3 is a schematic structural diagram of a service acceleration device provided in an embodiment of the present application, including:
the setting module 310 sets corresponding acceleration zone bits according to service types of different services when the different services are started;
and the issuing module 320 is used for controlling the FPGA acceleration flow table of the service to issue according to the acceleration zone bit corresponding to the service when the session corresponding to the service is created, wherein the FPGA acceleration flow table comprises target service flow information, and the target service flow information is service flow which can be intercepted by the FPGA and directly forwarded to realize the acceleration of the service function.
In the embodiment of the application, the corresponding acceleration zone bits are set for different service types, whether the FPGA acceleration flow table is issued is judged according to the corresponding acceleration zone bits, the FPGA acceleration flow table stored in the DDR3 memory of the FPGA is updated according to the situation of the FPGA flow table message, the FPGA receives the session flow, the five-tuple information is extracted to inquire the flow table hit in the DDR3 memory of the FPGA and is intercepted by the FPGA, the conventional forwarding flow is not taken, and the flow table hit is directly forwarded to an FPGA external interface, so that the hardware limitation of the traditional firewall is avoided, the original performance bottleneck is broken, the forwarding speed is effectively improved, the forwarding performance of the firewall is improved, the problems of network blocking or delay caused by low performance of the firewall in the prior art are improved, and the user experience is greatly improved.
Fig. 4 is a schematic structural diagram of an electronic device according to the present invention, as shown in fig. 4, the electronic device may include: processor 410, communication interface (Communications Interface) 420, memory 430 and communication bus 440, wherein processor 410, communication interface 420 and memory 430 communicate with each other via communication bus 440. The processor 410 may invoke logic instructions in the memory 430 to perform a business acceleration method comprising: when different services are started, setting corresponding acceleration zone bits according to service types of the services;
when a session corresponding to the service is created, controlling an FPGA (field programmable gate array) acceleration flow table of the service to issue according to an acceleration zone bit corresponding to the service, wherein the FPGA acceleration flow table comprises target service flow information, and the target service flow information is service flow which can be intercepted by an FPGA and directly forwarded to realize service function acceleration.
Further, the logic instructions in the memory 430 described above may be implemented in the form of software functional units and may be stored in a computer-readable storage medium when sold or used as a stand-alone product. Based on this understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
In another aspect, the present invention also provides a computer program product, the computer program product comprising a computer program, the computer program being storable on a non-transitory computer readable storage medium, the computer program, when executed by a processor, being capable of executing a service acceleration method provided by the above methods, the method comprising: when different services are started, setting corresponding acceleration zone bits according to service types of the services;
when a session corresponding to the service is created, controlling an FPGA (field programmable gate array) acceleration flow table of the service to issue according to an acceleration zone bit corresponding to the service, wherein the FPGA acceleration flow table comprises target service flow information, and the target service flow information is service flow which can be intercepted by an FPGA and directly forwarded to realize service function acceleration.
In yet another aspect, the present invention also provides a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, is implemented to perform a service acceleration method provided by the above methods, the method comprising: when different services are started, setting corresponding acceleration zone bits according to service types of the services;
when a session corresponding to the service is created, controlling an FPGA (field programmable gate array) acceleration flow table of the service to issue according to an acceleration zone bit corresponding to the service, wherein the FPGA acceleration flow table comprises target service flow information, and the target service flow information is service flow which can be intercepted by an FPGA and directly forwarded to realize service function acceleration.
The apparatus embodiments described above are merely illustrative, wherein the elements illustrated as separate elements may or may not be physically separate, and the elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
From the above description of the embodiments, it will be apparent to those skilled in the art that the embodiments may be implemented by means of software plus necessary general hardware platforms, or of course may be implemented by means of hardware. Based on this understanding, the foregoing technical solution may be embodied essentially or in a part contributing to the prior art in the form of a software product, which may be stored in a computer readable storage medium, such as ROM/RAM, a magnetic disk, an optical disk, etc., including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method described in the respective embodiments or some parts of the embodiments.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.
Claims (8)
1. A service acceleration method, comprising:
setting corresponding acceleration zone bits according to service types of the services when different services are started, wherein the service types of the services comprise the services which are started to be processed before session creation and the services which are mounted to the session without a Target, and the acceleration zone bits are FPGA acceleration zone bits set for single PKB messages in the services;
and when the session corresponding to the service is created, controlling an FPGA (field programmable gate array) acceleration flow table of the service to issue according to an acceleration zone bit corresponding to the service, wherein the FPGA acceleration flow table comprises target service flow information, and the target service flow information is service flow which can be intercepted by an FPGA and directly forwarded to an external interface.
2. The service acceleration method according to claim 1, wherein setting a corresponding acceleration flag bit according to a service type of the service includes:
under the condition that the service is a service which is not mounted to a session by a Target or is a service which starts to be processed before the session is established, in a service flow before the session is established, setting an FPGA (field programmable gate array) acceleration flag bit for a single PKB (public key bus) message in the service by a newly added interface function Fpga_SetPkbFlag.
3. The traffic acceleration method according to claim 2, characterized in that the method further comprises:
and under the condition of closing or deleting the service, carrying out clearing on all the service which has been called Fpga_SetPkbFlag according to the service ID cycle through a first clearing zone bit interface function.
4. The service acceleration method according to claim 1, wherein setting a corresponding acceleration flag bit according to a service type of the service includes:
and when the session is established, adding ullTargetButFlag as an acceleration zone bit of the service in a session data structure body of the service.
5. The traffic acceleration method according to claim 4, characterized in that the method further comprises:
and under the condition of releasing the session, calling a second clearing flag bit interface function to clear the acceleration flag bit in the session data structure body.
6. A service accelerating device, characterized by comprising:
the system comprises a setting module, a setting module and a processing module, wherein the setting module is used for setting corresponding acceleration zone bits according to service types of the services when different services are started, the service types of the services comprise the services which start to be processed before a session is established, and the services which are mounted to the session without a Target, and the acceleration zone bits are FPGA acceleration zone bits set for single PKB messages in the services;
and the issuing module is used for controlling the FPGA acceleration flow table of the service to issue according to the acceleration zone bit corresponding to the service when the session corresponding to the service is created, wherein the FPGA acceleration flow table comprises target service flow information, and the target service flow information is service flow which can be intercepted by the FPGA and directly forwarded to realize service function acceleration.
7. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the service acceleration method of any one of claims 1 to 5 when executing the program.
8. A non-transitory computer readable storage medium having stored thereon a computer program, which when executed by a processor implements the traffic acceleration method according to any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310015509.2A CN115834498B (en) | 2023-01-06 | 2023-01-06 | Service acceleration method, device, equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310015509.2A CN115834498B (en) | 2023-01-06 | 2023-01-06 | Service acceleration method, device, equipment and medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115834498A CN115834498A (en) | 2023-03-21 |
| CN115834498B true CN115834498B (en) | 2023-05-02 |
Family
ID=85520232
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310015509.2A Active CN115834498B (en) | 2023-01-06 | 2023-01-06 | Service acceleration method, device, equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115834498B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105306241A (en) * | 2014-07-11 | 2016-02-03 | 华为技术有限公司 | Service deployment method and network function acceleration platform |
| CN107347033A (en) * | 2016-05-05 | 2017-11-14 | 中兴通讯股份有限公司 | The method and device of quick protective switch is realized in a kind of SDN frameworks |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9698791B2 (en) * | 2013-11-15 | 2017-07-04 | Scientific Concepts International Corporation | Programmable forwarding plane |
| CN105959254B (en) * | 2015-12-02 | 2019-09-06 | 杭州迪普科技股份有限公司 | The method and apparatus for handling message |
| US10630654B2 (en) * | 2017-03-22 | 2020-04-21 | Microsoft Technology Licensing, Llc | Hardware-accelerated secure communication management |
| CN110311866B (en) * | 2019-06-28 | 2021-11-02 | 杭州迪普科技股份有限公司 | Method and device for rapidly forwarding message |
| CN112737914B (en) * | 2020-12-28 | 2022-08-05 | 北京天融信网络安全技术有限公司 | Message processing method and device, network equipment and readable storage medium |
| US20220382944A1 (en) * | 2021-05-21 | 2022-12-01 | Intel Corporation | Extended inter-kernel communication protocol for the register space access of the entire fpga pool in non-star mode |
-
2023
- 2023-01-06 CN CN202310015509.2A patent/CN115834498B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105306241A (en) * | 2014-07-11 | 2016-02-03 | 华为技术有限公司 | Service deployment method and network function acceleration platform |
| CN107347033A (en) * | 2016-05-05 | 2017-11-14 | 中兴通讯股份有限公司 | The method and device of quick protective switch is realized in a kind of SDN frameworks |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115834498A (en) | 2023-03-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9015467B2 (en) | Tagging mechanism for data path security processing | |
| CN101019405B (en) | Method and system for mitigating denial of service in a communication network | |
| US7623450B2 (en) | Methods and apparatus for improving security while transmitting a data packet | |
| EP3119052B1 (en) | Method, device and switch for identifying attack flow in a software defined network | |
| CN109361606B (en) | Message processing system and network equipment | |
| JP2000332817A (en) | Packet processing unit | |
| JP7171904B2 (en) | packet processing | |
| GB2493129A (en) | Managing a SIP server | |
| CN100420197C (en) | Method for guarding against attack realized for networked devices | |
| US20220393908A1 (en) | Message Encapsulation Method and Apparatus, and Message Decapsulation Method and Apparatus | |
| CN107528923B (en) | Data transmission method of network adapter and network adapter | |
| CN112165460A (en) | Flow detection method and device, computer equipment and storage medium | |
| GB2493130A (en) | SIP server overload control | |
| US9680739B2 (en) | Information transmission system, information communication apparatus, and information transmission apparatus | |
| CN115834498B (en) | Service acceleration method, device, equipment and medium | |
| CN110224932B (en) | Method and system for rapidly forwarding data | |
| CN110602110A (en) | Method, device, equipment and storage medium for isolating ports of whole network | |
| CN113132270B (en) | Multi-protocol compatible data interaction method and device based on virtual switch | |
| KR100432167B1 (en) | Hidden-type intrusion detection and blocking control system and control method thereof | |
| CN108900383B (en) | Data mirroring method based on private HEAD | |
| US20170279638A1 (en) | Tunnel encapsulation | |
| CN110572330A (en) | method, device and medium for realizing compatibility of forwarding acceleration function and protocol stack function | |
| US20070297432A1 (en) | Host-Controlled Network Interface Filtering Based on Active Services, Active Connections and Active Protocols | |
| CN114157602B (en) | Method and device for processing message | |
| JP2018182618A (en) | Device, method and program for packet processing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |