CN1486036A - Method for high-speed calssification and filtration of mass information - Google Patents
Method for high-speed calssification and filtration of mass information Download PDFInfo
- Publication number
- CN1486036A CN1486036A CNA031538185A CN03153818A CN1486036A CN 1486036 A CN1486036 A CN 1486036A CN A031538185 A CNA031538185 A CN A031538185A CN 03153818 A CN03153818 A CN 03153818A CN 1486036 A CN1486036 A CN 1486036A
- Authority
- CN
- China
- Prior art keywords
- classified
- class
- port
- ports
- high speed
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The invention provides a kind of mass information quick-speed classifications and filter method. The invention includes: allocates the monitoring port group and monitored port group on the exchanger, classifies the data packages of monitored port according to special word in data frame, sets one or several class, each class corresponds the first class net flow with the same special word, sets reorienting action to each class, reorients to some fixed port of monitoring ports, and carries on above setting to the monitored ports. The classification and reorientation of data package may set through fast filter process device of each port.
Description
Affiliated technical field
The invention belongs to computer network communication field, be specifically related to the method that the magnanimity information on the backbone network is carried out classification at a high speed and filters.
Background technology
The Internet enters the high-speed developing period in China, and network applications such as surfing on the net, Email, Internet chat, ecommerce become the important component part of people's life day by day.Yet the huge advantage of network is also brought great social safety hidden danger simultaneously.Because the opening of internet information, individualized, various " being harmful to " information that prevails on network is very big to social harm.If we do not have efficient and powerful monitoring means on cyberspace, various flames and reaction information will be unbridled, spread everywhere.We must adopt high-tech means to construct security perimeter in cyberspace, guarantee the public goodization of the network information.
Message transmission on the Internet is to be based upon on the identical technical foundation with interception monitoring, that is to say, we utilize also is monitoring and the interception that the standard technique of the Internet realizes harmful information.But monitoring and interception technology are the inverse process that raw information is handled, and its difficulty mainly shows following three aspects:
1, the network equipment technological core of the Internet is grasped in the hand of company abroad, and these network equipments are handled only to be the content of transport network layer, and the content of application layer is basic just not to be handled, and is impossible so directly utilize these equipment.
2, the broadband trend that progressively become of network, the information monitoring of backbone network and interception difficulty obviously strengthen.
3, the filtering technique of relevant information in the magnanimity information.
Summary of the invention
The present invention solves the difficult problem of monitoring of above-mentioned the Internet and interception technology, provide a kind of based on quick filtering treater (fast filter processor, FFP) magnanimity information with traffic classification and redirection function is classified at a high speed and filter method, to realize the efficient monitoring of special services on the backbone network.
Technology contents of the present invention: the method that a kind of magnanimity information is classified at a high speed and filtered comprises:
(1) on switch, specifies controlled ports group and policing port group;
(2) according to the feature field that is comprised in the Frame packet that flows into arbitrary controlled ports is classified, set one or more class, each class correspondence has class network traffics of same characteristic features field;
(3) each class is provided with redirect action, is redirected to certain designated port of policing port group.
Step (2) is described to be provided with mask to the packet quick filtering treater (FFP) that can be every port of classifying to feature field, carries out the coupling of tagged word segment value then.
Described redirect action can be and in quick filtering treater (FFP) IRULE.ACTION=is set and is redirected.
Described feature field comprises the protocol type of priority, IP of source/target MAC (Media Access Control) address, 802.1p priority, VLAN ID, source/purpose IP address (comprising IP MASK part), IP precedence, DSCP and TCP/UDP source/destination slogan one or multinomial.
Technique effect of the present invention: the packet to each controlled ports of controlled ports group is classified according to the feature field that is comprised in preceding 80 bytes in the Frame, form different network traffics, and be mapped to respectively on the different outbound ports, realized the efficient classification and the filtration of network traffics.The classification of above-mentioned packet and redirect action can be provided with by the quick filtering treater (FFP) of every port, the present invention neither influences the normal forwarding of Network, and filtration and classification are based on hardware operation fully, therefore can realize the efficient monitoring to backbone network.
Description of drawings
A specific embodiment of the present invention.
Embodiment
With reference to the accompanying drawings, the 6802nd, the switch of realization monitoring function is specified controlled ports group and policing port group on 6802, and the controlled ports group connects the hub (HUB) that has the different types of data bag, and 3,4 ports are controlled ports group (simulation internet data); 5,6,7 ports are the policing port group; The data that require 5 ports are maps of all pop3 data of 3,4 ports; The data of 6 ports are maps of all smtp data of 3,4 ports; The data of 7 ports are maps of all http data of 3,4 ports.
Utilize the business chip 5690 of BROADCOM company at present, at first the packet that enters the port is classified, and each class is carried out redirect action by the quick filtering treater (FFP) of every port.As requested, can classify according to the port numbers that TCP connects: the first kind is the packet (POP3) of source or destination interface=110, second class is the packet (SMTP) of source or destination interface=25, and the 3rd class is the packet (HTTP) of source or destination interface=80.Concrete steps are:
1, in the FFP of 3,4 port correspondences of controlled ports group, carry out following setting:
(1) RULE.FILTER=IP agreement (0x0800)+Transmission Control Protocol (6)+source port number (110, expression POP3), three respective field of corresponding IMASK.FMASK fill 1, and IRULE.ACTION=is redirected (outlet is set to 5);
(2) RULE.FILTER=IP agreement (0x0800)+Transmission Control Protocol (6)+destination slogan (110, expression POP3), three respective field of corresponding IMASK.FMASK fill 1, and IRULE.ACTION=is redirected (outlet is set to 5);
2, in the FFP of 3,4 port correspondences of controlled ports group, carry out following setting:
(1) RULE.FILTER=IP agreement (0x0800)+Transmission Control Protocol (6)+source port number (25, expression SMTP), three respective field of corresponding IMASK.FMASK fill 1, and IRULE.ACTION=is redirected (outlet is set to 6);
(2) RULE.FILTER=IP agreement (0x0800)+Transmission Control Protocol (6)+destination slogan (25, expression SMTP), three respective field of corresponding IMASK.FMASK fill 1, and IRULE.ACTION=is redirected (outlet is set to 6);
3, in the FFP of 3,4 port correspondences of controlled ports group, carry out following setting:
(1) RULE.FILTER=IP agreement (0x0800)+Transmission Control Protocol (6)+source port number (80, expression HTTP), three respective field of corresponding IMASK.FMASK fill 1, and IRULE.ACTION=is redirected (outlet is set to 7);
(2) RULE.FILTER=IP agreement (0x0800)+Transmission Control Protocol (6)+destination slogan (80, expression HTTP), three respective field of corresponding IMASK.FMASK fill 1, and IRULE.ACTION=is redirected (outlet is set to 7);
Switch after the configuration just can be classified and filters the service traffics on 3,4 ports, with all (POP3) data mappings on these ports to 5 ports, (SMTP) data mapping is to 6 ports, (HTTP) data mapping is to 7 ports, and do not influence the normal forwarding of packet, so just can realize the network traffics of numerous and complicated on these two ports are efficiently classified fast, filtered and monitor, reach the purification network information, the purpose that ensures information safety.
Claims (4)
1. method that magnanimity information is classified at a high speed and filtered comprises:
(1) on switch, specifies controlled ports group and policing port group;
(2) according to the feature field that is comprised in the Frame packet that flows into arbitrary controlled ports is classified, set one or more classes, each class correspondence has the network traffics of a class of same characteristic features field;
(3) each class is provided with redirect action, is redirected to certain designated port of policing port group.
2. the method that magnanimity information as claimed in claim 1 is classified at a high speed and filtered is characterized in that step
(2) the described quick filtering treater FFP that packet is categorized as every port is provided with mask to feature field, carries out the coupling of tagged word segment value then.
3. the method that magnanimity information as claimed in claim 1 or 2 is classified at a high speed and filtered is characterized in that described redirect action is redirected in quick filtering treater FFP IRULE.ACTION=being set.
4. the method that magnanimity information as claimed in claim 1 is classified at a high speed and filtered is characterized in that described feature field comprises the protocol type of priority, IP of source/target MAC (Media Access Control) address, 802.1p priority, VLAN ID, source/purpose IP address, IP precedence, DSCP and TCP/UDP source/destination slogan one or multinomial.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA031538185A CN1486036A (en) | 2003-08-22 | 2003-08-22 | Method for high-speed calssification and filtration of mass information |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA031538185A CN1486036A (en) | 2003-08-22 | 2003-08-22 | Method for high-speed calssification and filtration of mass information |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1486036A true CN1486036A (en) | 2004-03-31 |
Family
ID=34156762
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA031538185A Pending CN1486036A (en) | 2003-08-22 | 2003-08-22 | Method for high-speed calssification and filtration of mass information |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1486036A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100568200C (en) * | 2004-05-28 | 2009-12-09 | 国际商业机器公司 | The method and the computer system of virtual communication port are provided for server |
| CN101848134A (en) * | 2009-03-27 | 2010-09-29 | 中兴通讯股份有限公司 | Multi-service access node and data message forwarding method thereof |
| CN101296220B (en) * | 2007-04-29 | 2011-03-16 | 阿里巴巴集团控股有限公司 | Method and device for filtering information |
| CN103780435A (en) * | 2014-02-18 | 2014-05-07 | 迈普通信技术股份有限公司 | Method and system for classifying data streams with port number masks |
| CN110139300A (en) * | 2019-05-16 | 2019-08-16 | 西安电子科技大学 | Sensorcraft method based on the identification of wireless device configuration information |
| CN114095255A (en) * | 2021-11-22 | 2022-02-25 | 安徽健坤通信股份有限公司 | Network security monitoring method, device and storage medium |
-
2003
- 2003-08-22 CN CNA031538185A patent/CN1486036A/en active Pending
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100568200C (en) * | 2004-05-28 | 2009-12-09 | 国际商业机器公司 | The method and the computer system of virtual communication port are provided for server |
| CN101296220B (en) * | 2007-04-29 | 2011-03-16 | 阿里巴巴集团控股有限公司 | Method and device for filtering information |
| CN101848134A (en) * | 2009-03-27 | 2010-09-29 | 中兴通讯股份有限公司 | Multi-service access node and data message forwarding method thereof |
| CN101848134B (en) * | 2009-03-27 | 2014-09-10 | 中兴通讯股份有限公司 | Multi-service access node and data message forwarding method thereof |
| CN103780435A (en) * | 2014-02-18 | 2014-05-07 | 迈普通信技术股份有限公司 | Method and system for classifying data streams with port number masks |
| CN103780435B (en) * | 2014-02-18 | 2017-09-26 | 迈普通信技术股份有限公司 | The method and system classified using port numbers mask to data stream |
| CN110139300A (en) * | 2019-05-16 | 2019-08-16 | 西安电子科技大学 | Sensorcraft method based on the identification of wireless device configuration information |
| CN110139300B (en) * | 2019-05-16 | 2021-05-14 | 西安电子科技大学 | Unmanned aerial vehicle detection method based on wireless device configuration information identification |
| CN114095255A (en) * | 2021-11-22 | 2022-02-25 | 安徽健坤通信股份有限公司 | Network security monitoring method, device and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7031316B2 (en) | Content processor | |
| CN101160774B (en) | Next generation network service based firewall control system and method | |
| JP3993092B2 (en) | Methods to prevent denial of service attacks | |
| WO2001097427A1 (en) | Content aware network apparatus | |
| US20160014090A1 (en) | Integrated security switch | |
| CN102916901B (en) | Linux software based uplink QoS scheduling method and device | |
| WO2002019634A1 (en) | Method for enforcing service level agreements | |
| EP2566115A1 (en) | Method, network device and network system for data service processing | |
| CN105245555B (en) | One kind is used for electric power serial server communication protocol security protection system | |
| KR101106878B1 (en) | In-bound mechanism that verifies end-to-end service configuration with application awareness | |
| Nife et al. | Application-aware firewall mechanism for software defined networks | |
| CN103647716A (en) | A data packet rapid forwarding method and an apparatus | |
| CN101064672A (en) | Access equipment and its bandwidth control means | |
| US20090327514A1 (en) | Multi-layer hardware-based service acceleration (mhsa) | |
| JP2002044139A (en) | Router and priority control method used for it | |
| US20030229710A1 (en) | Method for matching complex patterns in IP data streams | |
| CN1889510A (en) | Method for raising network security via message processing | |
| CN1486036A (en) | Method for high-speed calssification and filtration of mass information | |
| CN1758625A (en) | Method for classification processing message | |
| WO2006094721A1 (en) | Processing realtime media streams | |
| CN112769597A (en) | Container network current limiting method and system for cloud-edge collaborative virtualization scene | |
| CN101227361B (en) | System and method for accessing client end to next network | |
| Kundel et al. | Queueing at the telco service edge: Requirements, challenges and opportunities | |
| CN108881940A (en) | A kind of data processing method and view networked server | |
| CN100542094C (en) | A kind of statistical method of Internet protocol message |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |