CN1238996C - Network filtering processor - Google Patents
Network filtering processor Download PDFInfo
- Publication number
- CN1238996C CN1238996C CN 03117236 CN03117236A CN1238996C CN 1238996 C CN1238996 C CN 1238996C CN 03117236 CN03117236 CN 03117236 CN 03117236 A CN03117236 A CN 03117236A CN 1238996 C CN1238996 C CN 1238996C
- Authority
- CN
- China
- Prior art keywords
- network
- network management
- key
- entity
- filtering processor
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The present invention relates to a network filtering processor which aims that no network filtering processor can satisfy a high-speed high-bandwidth requirement at present and provide a large flexible network management function, especially, no network filtering processor can satisfy more and more users' management characteristics, and can be used on an exchanger chip in a local area network. Thus, the present invention provides the network filtering processor which can solve the problems, and can satisfy Chinese market needs and safety requirements. The present invention uses an improved DP-HASHING algorithm to realize a network filter for fast looking for a table, and a safe intelligent structure SS-NFP which can be inserted in a two to three-layer exchanger chip with high performance of an Ethernet is designed for realizing a network filtering function on the basis of the improved DP-HASHING algorithm to satisfy the high-speed high-bandwidth requirement; meanwhile, the present invention can support more users, and satisfy more and more users' management characteristics.
Description
Technical field
The present invention relates to a kind of network filtering processor, a kind of specifically LAN switch system chip that is built in is realized complicated subscriber management function easily and the very broadband network filtering treater of high bandwidth can be provided.
Background technology
New Access Network application requirements LAN switch has increasing user management characteristic.Traditional switch does not have the function of network filter, and the domestic network filter that does not also have independent intellectual property right.The network filter of external advanced person's the network switch uses BINARY SEARCH algorithm, this algorithm is whenever searched the entity of a network management table, the number of times of searching that needs is that Log2 (M) .[M is the number of network management table entity], cause speed slow, the entity of the network management table of management is few.So this way can not satisfy the requirement of high-speed high bandwidth, fail to provide powerful flexible net management, can not satisfy the needs of Chinese market and the demand of safety.More there is not a kind of network processing unit that is adapted at use in the network exchange machine chip (LANSWITH) that can satisfy increasing user management characteristic.And the present network switch need provide the management of flexible diversification to the data of exchange.
Summary of the invention
The present invention is intended at there not being a kind of network filtering processor that can satisfy high-speed high bandwidth requirement, powerful flexible Network Management Function can be provided at present, especially there is not a kind of defective that is adapted at the network processing unit of use in the LAN switch chip (LAN SWITCH) that can satisfy increasing user management characteristic, providing a kind of can address the above problem, and can satisfy the network filtering processor of Chinese market needs and demand for security.
For solving the problems of the technologies described above, the technical solution used in the present invention is as follows:
A kind of network filtering processor, it is characterized in that: this filtering treater is one and adopts the central centralized processing unit SS-NFP of the DP-HASHING algorithm of look-up table rapidly, this SS-NFP is the safe and intelligent structure of support multi-user's embedded Ethernet switch, comprising:
The mask module: input imports a packet into, and the mask module is selected the data that need length from this packet, the mask position section phase multiplication in these data and the mask table, obtains network management table entity valid key KEY;
The DP-HASHING engine: the network management table entity valid key KEY that the mask module obtains delivers to the DP-HASHING engine, and this DP-HASHING engine calculates network management table physical address according to above-mentioned valid key KEY;
The network management table: the network management table receives above-mentioned address information, manages entity according to this address information and tables look-up, and obtains the network management entity list item;
Comparator: comparator is KEY that KEY field in the rule and mask module the generate processing of making comparisons with the above-mentioned list item that checks in, the expression that equates is tabled look-up and is hit, otherwise represent miss, when a plurality of hitting arranged, send CPU, mirror image, abandon, transmit, transmit or change processed by ordering to make in the network management entity of hitting, and mail to CPU according to system requirements.
SS-NFP of the present invention uses multiplexer to import a packet into from input, and write down the portal number that imports into, use the data that the intelligent domain mask is selected needs length then from packet, mask position section phase multiplication in these data and the mask table obtains network management table entity valid key (KEY).
8K network management table is divided into 8, and the every degree of depth is 1K.Network management table physical address is found out a management entity from the network management table, the KEY field in this rule in the KEY of the previous generation processing of making comparisons.
The present invention from hitting a highest address of selecting the network billing table of backing wire network admin table entity, reads the network billing table when current message is handled, behind the network billing table that finds, deduct length of data package from the expense position section of network billing table.
Beneficial effect of the present invention is embodied in:
HASHING algorithm commonly used has Additive, Rotating, One-at-a-Time, Pearson, CRC, Generalized, Universal, Zobrist, MD4 etc.The collision probability of these HASHING algorithms and utilance about 20%, serious waste of resources, and the collision probability of the DP-HASING that invention is adopted and resource utilization are about 70%.Just because of this, the present networks filter utilizes improved DP-HASHING algorithm to realize that network filter reaches rapid look-up table, and based on this algorithm, design a kind of safe and intelligent structure that can embedded Ethernet switch and realize the function of present networks filter, to satisfy the requirement of high-speed high bandwidth, simultaneously can support more user, satisfy increasing user management characteristic;
The leading subscriber number that SS-NFP can realize can be expanded.The degree of depth of the safety regulation table rule table that current product provides is 8192.SS-NFP can support down the bandwidth up to 4.4GB/S, can support up to 24 high-speed Ethernet port and 2 gigabit ports.The present invention is the network processing unit that uses in a kind of LAN of being adapted at SWITH chip, has avoided using expensive data content addresses memory (CAM); It can be realized by the high density common memory, supports very wide data are compared, and can use resource seldom to reach the very high speed of service, and its advanced features is the disposal ability that has up to 4.4GB/S.
Description of drawings
Fig. 1 is the structure chart of data of the present invention
Fig. 2 is the structured flowchart of the centralized processing unit SS-NFP of the present invention central authorities
Fig. 3 HASHING algorithm commonly used and this DP-HASHING algorithm conflict contrast
Embodiment
As Fig. 1 Fig. 2, the present invention adopts improved DP-HASHING algorithm to realize that network filter reaches rapid look-up table, and based on this algorithm, design a kind of safe and intelligent structure SS-NFP that can embedded Ethernet layer 2-3 high-performance exchanger chip and realize the network filtering function, to satisfy the requirement of high-speed high bandwidth, simultaneously can support more user, satisfy increasing user management characteristic.
The analysis data P_DATA (hereinafter to be referred as P_DATA) of SS-NFP of the present invention intercepting 80 bytes from arrive packet sends into auxiliary data A-DATA (hereinafter to be referred as A-DATA) simultaneously.
At first use multiplexer to import a packet into from input, and write down the portal number that imports into, SS-NFP uses the intelligent domain mask to select the data that need length from packet then, specific practice is the mask position section phase multiplication in these data and the mask table, obtains network management table entity valid key (KEY).Two parallel 8 groups are sent to DP-HASHING engine (using the DP-HASHING algorithm) to two KEY, obtain network management table physical address, and 8K network management table is divided into 8, and the every degree of depth is 1K.(purpose is to solve the HASHING collision problem of address afterwards.) address finds out a management entity from the network management table, the KEY field in this rule in the KEY of the previous generation processing of making comparisons.
The above-mentioned KEY of the present invention relatively expression that equates of back tables look-up and hits, otherwise represent miss, when a plurality of hitting arranged, send CPU by ordering to make in the network management entity of hitting, mirror image abandons, transmit, transmit or the change processed, and mail to CPU according to system requirements.
The present invention from hitting a highest address of selecting the network billing table of backing wire network admin table entity, reads the network billing table when current message is handled, behind the network billing table that finds, deduct length of data package from the expense position section of network billing table.
SS-NFP of the present invention supports 2,400 million and 2 all gigabit networking ports simultaneously.
DH-HASHING generator polynomial of the present invention is:
x^32+x^26+x^23+x^20+x^10+x^7+x^4+x^1+1.
(the test gained is by probabilistic testing gained such as Fig. 3 of HASHING conflict)
The DH-HASHING algorithm that the present invention adopts 128 network management table entity valid key compressing mapping to 10 bit address space.Promptly 128 valid key is converted to 10 address, purpose be 10 bit address as much as possible mean allocation on 10 address space, make network filter look-up table rapidly.
DP-HASHING algorithm of the present invention need be finished DP-HASHING in the cycle at a hardware in the realization of chip hardware.
Claims (5)
1, a kind of network filtering processor, it is characterized in that: this filtering treater is one and adopts the central centralized processing unit SS-NFP of the DP-HASHING algorithm of look-up table rapidly, this SS-NFP is the safe and intelligent structure of support multi-user's embedded Ethernet switch, comprising:
The mask module: input imports a packet into, and the mask module is selected the data that need length from this packet, the mask position section phase multiplication in these data and the mask table, obtains network management table entity valid key KEY;
The DP-HASHING engine: the network management table entity valid key KEY that the mask module obtains delivers to the DP-HASHING engine, and this DP-HASHING engine calculates network management table physical address according to above-mentioned valid key KEY;
The network management table: the network management table receives above-mentioned address information, manages entity according to this address information and tables look-up, and obtains the network management entity list item;
Comparator: comparator is KEY that KEY field in the rule and mask module the generate processing of making comparisons with the above-mentioned list item that checks in, the expression that equates is tabled look-up and is hit, otherwise represent miss, when a plurality of hitting arranged, send CPU, mirror image, abandon, transmit, transmit or change processed by ordering to make in the network management entity of hitting, and mail to CPU according to system requirements.
2, a kind of network filtering processor according to claim 1 is characterized in that: input adopts multiplexer to import a packet into, and writes down the portal number that imports into, uses the data that the intelligent domain mask is selected from packet needs length then.
3, a kind of network filtering processor according to claim 1, it is characterized in that: 8K network management table is divided into 8, and the every degree of depth is 1K.
4, a kind of network filtering processor according to claim 1, it is characterized in that: when current message is handled, from hitting a highest address of selecting the network billing table of backing wire network admin table entity, read the network billing table, behind the network billing table that finds, deduct length of data package from the expense position section of network billing table.
5, a kind of network filtering processor according to claim 1, it is characterized in that: the DH-HASHING algorithm generator polynomial that is adopted is:
x^32+x^26+x^23+x^20+x^10+x^7+x^4+x^1+1,
The DH-HASHING algorithm 128 network management table entity valid key compressing mapping to 10 bit address space, promptly 128 valid key is converted to 10 address, purpose be 10 bit address as much as possible mean allocation on 10 address space, make network filter look-up table rapidly.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN 03117236 CN1238996C (en) | 2003-01-27 | 2003-01-27 | Network filtering processor |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN 03117236 CN1238996C (en) | 2003-01-27 | 2003-01-27 | Network filtering processor |
Publications (2)
Publication Number | Publication Date |
---|---|
CN1489336A CN1489336A (en) | 2004-04-14 |
CN1238996C true CN1238996C (en) | 2006-01-25 |
Family
ID=34152678
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN 03117236 Expired - Fee Related CN1238996C (en) | 2003-01-27 | 2003-01-27 | Network filtering processor |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN1238996C (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108664518A (en) * | 2017-03-31 | 2018-10-16 | 深圳市中兴微电子技术有限公司 | A kind of method and device for realizing processing of tabling look-up |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8045236B2 (en) | 2006-03-29 | 2011-10-25 | Research In Motion Limited | Apparatus, and associated method, for facilitating background processing of push content |
DE602006016401D1 (en) * | 2006-03-29 | 2010-10-07 | Research In Motion Ltd | Apparatus and associated method for facilitating the background processing of "push" content |
CN101483512B (en) * | 2009-02-10 | 2012-05-23 | 中兴通讯股份有限公司 | Packet filtering method and apparatus |
CN109088894B (en) * | 2018-10-25 | 2021-04-06 | 新华三技术有限公司合肥分公司 | ACL (access control list) issuing method and network equipment |
-
2003
- 2003-01-27 CN CN 03117236 patent/CN1238996C/en not_active Expired - Fee Related
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108664518A (en) * | 2017-03-31 | 2018-10-16 | 深圳市中兴微电子技术有限公司 | A kind of method and device for realizing processing of tabling look-up |
CN108664518B (en) * | 2017-03-31 | 2021-12-07 | 深圳市中兴微电子技术有限公司 | Method and device for realizing table look-up processing |
Also Published As
Publication number | Publication date |
---|---|
CN1489336A (en) | 2004-04-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11102120B2 (en) | Storing keys with variable sizes in a multi-bank database | |
You et al. | Dipit: A distributed bloom-filter based pit table for ccn nodes | |
US8433695B2 (en) | System architecture for integrated hierarchical query processing for key/value stores | |
Yuan et al. | Reliably scalable name prefix lookup | |
US7606236B2 (en) | Forwarding information base lookup method | |
Bando et al. | FlashTrie: beyond 100-Gb/s IP route lookup using hash-based prefix-compressed trie | |
WO2006099186A2 (en) | Information retrieval architecture for packet classification | |
Al-Hisnawi et al. | Deep packet inspection using cuckoo filter | |
WO2014169690A1 (en) | Method and device for processing address mapping | |
CN113315705B (en) | Flexible IP addressing method and device based on single Hash bloom filter | |
CN1238996C (en) | Network filtering processor | |
Villa et al. | Accelerating real-time string searching with multicore processors | |
Tianhua et al. | The design and implementation of zero-copy for linux | |
Vijay et al. | Implementation of memory-efficient linear pipelined IPv6 lookup and its significance in smart cities | |
CN114996023A (en) | Target cache assembly, processing assembly, network equipment and table item acquisition method | |
CN101079764A (en) | A high-speed searching method for contents in table | |
Hanna et al. | Progressive hashing for packet processing using set associative memory | |
CN113328947B (en) | Variable-length route searching method and device based on application of controllable prefix extension bloom filter | |
Lim et al. | High-speed IP address lookup using balanced multi-way trees | |
RU2304802C1 (en) | Device for processing addresses of commutator in a local area network, operating according to transparent bridge principle | |
Papaefstathiou et al. | A memory efficient, 100 Gb/sec MAC classification engine | |
Ke et al. | The analysis and design of fast route lookup algorithms for high performance router | |
Chen et al. | Scalable IPv 6 Lookup/Update Design for High-Throughput Routers | |
Wu et al. | A high-performance network monitoring platform for intrusion detection | |
Rajan et al. | A Heterogeneously Segmented Cache architecture for a packet forwarding engine |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
C19 | Lapse of patent right due to non-payment of the annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |