CN1610335A - Safety filtering current shunt of exchange structure based on network processor and CPU array - Google Patents
Safety filtering current shunt of exchange structure based on network processor and CPU array Download PDFInfo
- Publication number
- CN1610335A CN1610335A CNA2004100845396A CN200410084539A CN1610335A CN 1610335 A CN1610335 A CN 1610335A CN A2004100845396 A CNA2004100845396 A CN A2004100845396A CN 200410084539 A CN200410084539 A CN 200410084539A CN 1610335 A CN1610335 A CN 1610335A
- Authority
- CN
- China
- Prior art keywords
- unit
- main control
- processing module
- control unit
- packet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The safe filtering flow divider consists of access unit, main control unit, safety examination unit and exchange output unit connected together. The access unit consists of 10G photoelectronic signal converting module, 2.5G POS photoelectronic signal converting module and frame forming chip; the main control unit consists of network processor unit and four channels of giga level physical interfaces; the safety examination unit consists of four standard CPU processing modules with giga level electric interface; and the exchange output unit consists of giga level main exchange control module, giga level electric interface module and giga level optical interface module. The safety examination unit returns the examining result to the main control unit, and the main control unit makes the data flow dividing policy based on the filtering result and distributes the data flow dividing policy to the exchange output unit for data transmission.
Description
Technical field
The present invention relates to the data processing equipment under a kind of high-speed network flow environment, the safety filtering current shunt of the architecture for exchanging of particularly a kind of processor Network Based and CPU array is used for network information technology field.
Background technology
In recent years, the development of China aspect the backbone network of broadband is very fast, and the bandwidth of most of regional backbone network reaches 2.5G at present, and the bandwidth of part backbone network reaches 10G even 40G.From nearly 10 years of past Internet development, the speed of processor was doubled in per 18 months, but the bandwidth that the Internet backbone connects will be doubled in per 12 months.As seen, the high-speed data processing demands how to reach broadband network based on existing processor performance is the key that ensures network service quality.Load balancing and data distribution technology are a solution of current raising network data processing performance, and many safety products all come the expansion servers bandwidth and increase throughput by these technology.According to the difference that realizes principle, load balancing and data distribution equipment mainly comprise following type:
1. adopt universal cpu (CPU, or central processing unit or microprocessor) to cooperate the technical scheme of software to realize.This framework based on X86 unit and network interface card is realized, owing to be subjected to the restriction of CPU disposal ability and pci bus speed, has been difficult to satisfy the high-speed data processing demands of the above backbone network of gigabit.
2. adopt ASIC (application-specific integrated circuit (ASIC)) to realize.Aspect the high-speed data processing, though ASIC is still the main flow of current network equipment and handles core technology, it is by being cured to instruction or computational logic in the hardware to realize very high processing speed, thereby finely satisfied the network equipment to performance demands, but ASIC lacks flexibility, the lead time is long, research and development expense height, early investment risk height particularly in data " intelligent handle " with to defectiveness aspect the customization service, becomes and limits the principal element that it further develops.
Normally will distribute at present the needed processing time of various service requests as the important performance indexes of weighing load balancing and data distribution equipment, and be indifferent to fail safe and the validity of these request data package to back-end processor, in fact a lot of equipment also all have been transmitted to the backend application system in the lump to a large amount of attack packets and invalid packets, and this makes backend application and safety system have in the face of bigger data processing load and security threat.
Find by prior art documents, people such as Zhu Fenqi are at " computer application research " vol.21 in 2004, No.5, p.149-151 deliver in " research that realizes the High Speed Network intrusion detection based on data distribution with put into practice ", a kind of method of data distribution is proposed, the network data of catching is forwarded to many checkout equipments by certain rule shunting to be handled, to reach the detection performance that improves whole system, solve the packet loss problem that express network lower network intrusion detection device brings because of performance deficiency.But the shunting device that this article proposes adopts ordinary PC as front-end processor, use PCI-Express to obtain network data, be the structure of typical " unit+network interface card ", be only applicable to the gigabit networking environment, can't satisfy data processing requirement under the 10G high flow capacity network environment at all.This shows, under the network bandwidth and the ever-increasing situation of security threat, all had higher requirement in the aspects such as real-time, fail safe and validity of the network equipment on data forwarding is handled, and existing technology and product also can't satisfy the requirement than high real-time and reliability that broadband network proposes mass data processing.
Summary of the invention
The objective of the invention is to overcome the defective that the available data separate system exists in the broadband network environment, propose the safety filtering current shunt of the architecture for exchanging of a kind of processor Network Based and CPU array.Make it at the data processing demand under the above broadband network environment of 10G, the characteristic in mass data processing according to network processing unit and universal cpu processor, to rationally decompose the filtration shunting work of treatment of network data, request msg wrapped in carry out on the different processors that with different levels data forwarding is handled and the safety examination, make two kinds of processors can bring into play separately advantage fully, and the framework that adopts data distribution policy development and data forwarding to be separated, thereby alleviated the work load of the core processing unit of safety filtering current shunt, under the broadband network environment, can reach the handling property of data filter shunting safely and efficiently, can use for various broadband networks the higher data cut-in quality is provided.
The present invention is achieved by the following technical solutions, the present invention is made up of access unit, main control unit, safety examination unit, exchange output unit, access unit and main control unit interconnection, main control unit and the interconnection of exchange output unit, safety examination unit and main control unit interconnection.
Access unit is by 10G (kilomegabit) photosignal modular converter, 2.5G POS photosignal modular converter and framing chip are formed, 10G photosignal modular converter and photosignal modular converter can not use simultaneously, two kinds of modules are connected with framing chip by SFI (and string/deserializer and framing chip interface), and framing chip is connected with main control unit by high speed SPI-4.2 (system's packet interface 4.2 types) interface; Described 10G photosignal modular converter can compatible 10G POS (based on the packet of Synchronous Digital Hierarchy SDH fiber optic network), 10G LAN (local area network (LAN)), WAN (Wide Area Network).
Access unit carries out opto-electronic conversion, serial/parallel conversion to coming in the automatic network various types of data flow, frame is handled, from SONET/SDH (Synchronous Optical Network agreement/Synchronous Digital Hierarchy SDH fiber optic network) data flow is reduced to PPP (peer-peer protocol) packet according to PPP/HDLC Over SONET/SDH (based on the point-to-point/High-Level Data Link Control of Synchronous Optical Network agreement/Synchronous Digital Hierarchy SDH fiber optic network) protocol specification, passes to main control unit by high speed SPI-4.2 interface then and handle.
Main control unit is made up of network processor unit and 4 tunnel gigabit physical interfaces, and network processor unit comprises frame head message processing module, classification searching processing module, forwarding decision processing module; The frame head message processing module links to each other with access unit by the SPI-4.2 interface, the classification searching processing module links to each other with the frame head message processing module, the forwarding decision processing module links to each other with the classification searching processing module, the forwarding decision processing module links to each other with safety examination unit by GMII (kilomegabit Media Independent Interface), and the forwarding decision processing module links to each other with the exchange output unit by XAUI (accessory unit interface).
Main control unit is a core processing unit of the present invention, and main being responsible for carried out the judgement of coarse filtration (checking rule by setting in advance the coarseness packet content) and data distribution strategy to access unit reception and data processed bag.
The integrality of the packet that described frame head message processing module sends over according to standard agreement standard check access unit is also handled basic protocol and is connected;
The classification searching processing module is carried out seven layer lines speed coupling according to the filtering rule that sets in advance to packet, the main header according to seven layer protocols of filtering item filters, belonging to coarseness filters, main filtering item comprises: regular number, source MAC, target MAC (Media Access Control) address, source IP address, source IP mask, purpose IP address, purpose IP mask, source port number, the destination slogan, the URL address, corresponding filter operation, wherein comprise the fine granularity processing in " corresponding filter operation " option, abandon, transmit three kinds of selections, the classification searching processing module is according to the rule match result, filter out invalid data bag and the abnormal data bag of label for " abandoning ", packet and the direct packet of transmitting that the further fine granularity of needs is handled are stamped " fine granularity processing " label and " transmit and handle " label respectively, send to the forwarding decision processing module;
The forwarding decision processing module is that the packet of " fine granularity processing " is forwarded to safety examination unit by built-in gigabit mouth with label, the packet that with label is " transmit and handle " is by general load-balancing algorithm, as minimum response time method, minimum connection method is carried out the calculating of distribution policy, guarantee that all data keep the complete connection of its TCP on any link, the forwarding decision processing module sends to the exchange output unit with the distribution policy that calculates by the SPI-4.2 interface.
Safety examination unit is made up of the standard C PU processing module of 4 band gigabit electricity mouthful interfaces, described 4 CPU processing modules adopt the mode of operation of parallel processing, realization has improved system greatly packet has been carried out the treatment effeciency that fine granularity is checked the fine granularity inspection of packet content.The fine granularity inspection mainly is the examination needs of using at variety classes, according to the definition in the application layer protocol specification, by fields offset amount, field length, field contents and the filter operation of wanting matching content is set, utilize the method for keyword coupling that packet is carried out Content Advisor.Safety examination unit has conversation-based packet content audit function, and the information that will extract from a plurality of packets the session is spliced, and carries out content match again, can find to be dispersed in the abnormal conditions in a plurality of packets.Safety examination unit feeds back to main control unit with check result, and main control unit is formulated distributing strategy according to the fine granularity filter result for this packet, and will formulate good data distribution policy distribution and carry out concrete data forwarding operation for the exchange output unit.
The exchange output unit mainly is made up of gigabit exchange main control module, gigabit electricity mouthful interface module, gigabit light mouth interface module, the exchange output unit is totally 8 gigabit electricity mouths and 4 gigabit light mouths, gigabit exchange main control module links to each other with gigabit light mouth interface module with a gigabit electricity mouthful interface module respectively by GMII (kilomegabit Media Independent Interface) interface, and the distribution policy that the exchange output unit is formulated according to main control unit is finished the data forwarding operation.
Forwarding to the service request in the local area network (LAN) is handled, in order to alleviate the processing burden of main control unit, main control unit only carries out the judgement of data distribution strategy to first packet of each session, handle operation for the concrete strategy judgement of forwarding strategy execution that the follow-up data bag that belongs to same session is formulated and issued according to main control unit by the exchange output unit with data forwarding.
The present invention has substantive distinguishing features and marked improvement: (1) adopts the multistage architecture design, the mass data processing task is rationally disassembled, be assigned to different processing units and be responsible for, alleviated the operating pressure of the data distribution processing unit of core, improved the handling property of entire system; (2) adopt high performance network processing unit technology to realize the data distribution processing, support 10,000,000,000 data processing performance; (3) adopt the design of architecture for exchanging, the formulation of data distribution strategy of the service request in the local area network (LAN) and the concrete enforcement of data forwarding are separated, improved the operating efficiency of system core processing unit; (4) fine granularity of utilizing the universal cpu array to carry out packet content is filtered, improved the safe handling performance of described safety filtering current shunt in application layer, make network processing unit can better bring into play its bag below network layer and handle advantage, deep application layer data analysis has improved the fail safe and the validity of data forwarding strategy.
The safety filtering current shunt that the present invention proposes can be realized the linear speed of 2.5G, 10G high flow capacity background lower network data is exhaustively obtained, making full use of the network processing unit technology realizes the seven layer lines speed preliminary treatment of packet and the content safety of intelligence are filtered in conjunction with the general processor technology, effectively solved under the high speed network environment mass data has been carried out the demand of cluster processing in real-time and fail safe, be applicable to the enforcement of multiple Secure Application such as the online network monitor of high-speed backbone, intrusion detection, traffic statistics, content auditing.
Description of drawings
Fig. 1 structured flowchart of the present invention
Fig. 2 access unit is formed structured flowchart
Fig. 3 main control unit is formed structured flowchart
Structured flowchart is formed in Fig. 4 safety examination unit
Fig. 5 exchanges output unit and forms structured flowchart
Embodiment
As shown in Figure 1, described system adopts multichannel input/output interface structural design, access unit 1 comprises the 2.5GPOS interface, 10G pos interface and gigabit interface, pass through SPI (system's packet interface) bus interconnection between access unit 1 and the main control unit 2, the bandwidth resources of spi bus are 10G, carry out data communication by PCI (external apparatus interface) bus between main control unit 2 and the safety examination unit 3, the bandwidth resources of pci bus are 1000MBps, by SPI (system's packet interface) bus interconnection, the bandwidth resources of spi bus are 10G between main control unit 2 and the exchange output unit 4.
As shown in Figure 2, access unit is by 10G photosignal modular converter, 2.5G POS photosignal modular converter CP-3395 and framing chip IXF19301 form, 10G photosignal modular converter and 2.5G modular converter can not use simultaneously, two kinds of modules are connected with framing chip by the SFI interface, and framing chip is connected with main control unit by high speed SPI-4.2 interface; Described 10G photosignal modular converter can compatible 10G POS (based on the packet of Synchronous Digital Hierarchy SDH fiber optic network), 10G LAN (local area network (LAN)), WAN (Wide Area Network).
As shown in Figure 3, main control unit is made up of network processor unit NP-1322 and 4 tunnel gigabit physical interface c8304, and network processor unit comprises frame head message processing module, classification searching processing module, forwarding decision processing module; The frame head message processing module links to each other with access unit by the SPI-4.2 interface, the classification searching processing module links to each other with the frame head message processing module, the forwarding decision processing module links to each other with the classification searching processing module, the forwarding decision processing module links to each other with safety examination unit by GMII (kilomegabit Media Independent Interface), and the forwarding decision processing module links to each other with the exchange output unit by XAUI (accessory unit interface).Main control unit is the core processing unit of described safety filtering current shunt, and main being responsible for carried out the judgement of coarse filtration (checking rule by setting in advance the coarseness packet content) and data distribution strategy to access unit reception and data processed bag.Main control unit adopts the network processing unit realization, because network processing unit has programmable characteristic, therefore can select suitable load-balancing algorithm flexibly according to the needs of practical application.
As shown in Figure 4, safety examination unit is made up of the standard C PU processing module of 4 band gigabit electricity mouthful interfaces, and described 4 CPU processing modules adopt the mode of operation of parallel processing, realize the fine granularity inspection to packet content.Though comparing with general processor, network processing unit on data processing, has remarkable advantages, but the advantage of network processing unit mainly is the following bag of network layer and handles, has certain complexity owing to packet is carried out the fine granularity filtration of application layer, if the contents processing that adopts network processing unit to carry out application layer then can cause the network processing unit performance decrease, therefore safety examination unit adopts the universal cpu processor to realize.
As shown in Figure 5, the exchange output unit mainly is made up of gigabit exchange main control module, gigabit electricity mouthful interface module, gigabit light mouth interface module, the exchange output unit is totally 8 gigabit electricity mouths and 4 gigabit light mouths, gigabit exchange main control module links to each other with gigabit light mouth interface module with a gigabit electricity mouthful interface module respectively by gmii interface, and the distribution policy that the exchange output unit is formulated according to main control unit is finished the data forwarding operation.
Groundwork flow process of the present invention is as follows:
Come the various types of data flow in the automatic network to carry out opto-electronic conversion, serial/parallel conversion by 1 pair of access unit, frame is handled, data flow is reduced to the PPP information bag according to PPP/HDLC Over SONET/SDH standard from the SONET/SDH data flow, passes to main control unit 2 by high-speed interface then;
The integrality of the packet that main control unit 2 sends over according to standard agreement standard check access unit then, is carried out seven layer lines speed according to the filtering rule that sets in advance to packet and is filtered, and filters out invalid data bag and abnormal data bag;
The packet that main control unit 2 carries out the depth content inspection to needs is submitted to safety examination unit and is done further fine-grained content analysis, for the packet that does not need to carry out the fine granularity Content Advisor, main control unit 2 is arranged, and computing draws the distributing strategy of this packet according to load-balancing algorithm, and will formulate good data distribution policy distribution and carry out concrete data forwarding operation for exchange output unit 4;
Safety examination unit 3 carries out deep filtration according to the fine granularity filtering rule to the content of packet, filter result is fed back to main control unit 2, main control unit 2 is formulated distributing strategy according to the fine granularity filter result for this packet, and will formulate good data distribution policy distribution and carry out concrete data forwarding operation for exchange output unit 4;
Forwarding to the service request in the local area network (LAN) is handled, judge by the value of " SYN " field in the check data packet header whether this packet is first message segment of newly setting up session by exchange output unit 4, first packet of newly-established session is sent to the distributing strategy judgement that main control unit 2 carries out new session.Main control unit 2 only carries out the judgement of data distribution strategy to first packet of each session, judge by the value of check data end-of-packet sign " FIN " whether current session finishes by exchange output unit 4, the strategy that the data distribution strategy execution of being formulated and issuing according to main control unit 2 by exchange output unit 4 for the follow-up data bag that belongs to same session is concrete is judged and data forwarding is handled operation.
Claims (8)
1, the safety filtering current shunt of the architecture for exchanging of a kind of processor Network Based and CPU array, form by access unit, main control unit, safety examination unit, exchange output unit, it is characterized in that, access unit and main control unit interconnection, main control unit and the interconnection of exchange output unit, safety examination unit and main control unit interconnection
Wherein: described access unit is by 10G photosignal modular converter, 2.5G POS photosignal modular converter and framing chip are formed, 10G photosignal modular converter is connected with framing chip by SFI with the photosignal modular converter, and framing chip is connected with main control unit by high speed SPI-4.2 interface;
Described main control unit is made up of network processor unit and 4 tunnel gigabit physical interfaces, network processor unit comprises frame head message processing module, classification searching processing module, forwarding decision processing module, the frame head message processing module links to each other with access unit by the SPI-4.2 interface, the classification searching processing module links to each other with the frame head message processing module, the forwarding decision processing module links to each other with the classification searching processing module, the forwarding decision processing module links to each other with safety examination unit by GMII, and the forwarding decision processing module links to each other with the exchange output unit by XAUI;
Described safety examination unit is made up of the standard C PU processing module of 4 band gigabit electricity mouthful interfaces, safety examination unit feeds back to main control unit with check result, main control unit is formulated distributing strategy according to the fine granularity filter result for this packet, and will formulate good data distribution policy distribution and carry out concrete data forwarding operation for the exchange output unit;
Described exchange output unit by gigabit exchange main control module, gigabit electricity mouthful interface module, gigabit light mouth interface module is formed, the exchange output unit is totally 8 gigabit electricity mouths and 4 gigabit light mouths, and gigabit exchange main control module links to each other with gigabit light mouth interface module with a gigabit electricity mouthful interface module respectively by gmii interface.
2, the safety filtering current shunt of the architecture for exchanging of processor Network Based according to claim 1 and CPU array is characterized in that, described 10G photosignal modular converter, its compatible 10G POS, 10G LAN, WAN.
3, the safety filtering current shunt of the architecture for exchanging of processor Network Based according to claim 1 and CPU array, it is characterized in that, described access unit, carry out opto-electronic conversion, serial/parallel conversion to coming in the automatic network various types of data flow, frame is handled, from SONET/SDH data flow is reduced to the PPP information bag according to PPP/HDLC Over SONET/SDH protocol specification, passes to main control unit by high speed SPI-4.2 interface then and handle.
4, the safety filtering current shunt of the architecture for exchanging of processor Network Based according to claim 1 and CPU array, it is characterized in that, described main control unit, main being responsible for carried out the judgement of coarse filtration and data distribution strategy to access unit reception and data processed bag.
5, the safety filtering current shunt of the architecture for exchanging of processor Network Based according to claim 1 and CPU array, it is characterized in that, described frame head message processing module, the integrality of the packet that sends over according to standard agreement standard check access unit is also handled basic protocol and is connected.
6, the safety filtering current shunt of the architecture for exchanging of processor Network Based according to claim 1 and CPU array, it is characterized in that, described classification searching processing module, according to the filtering rule that sets in advance packet is carried out seven layer lines speed coupling, the main header according to seven layer protocols of filtering item filters, belonging to coarseness filters, main filtering item comprises: regular number, source MAC, target MAC (Media Access Control) address, source IP address, source IP mask, purpose IP address, purpose IP mask, source port number, the destination slogan, the URL address, corresponding filter operation, wherein comprise the fine granularity processing in " corresponding filter operation " option, abandon, transmit three kinds of selections, the classification searching processing module is according to the rule match result, filter out invalid data bag and the abnormal data bag of label for " abandoning ", packet and the direct packet of transmitting that the further fine granularity of needs is handled are stamped " fine granularity processing " label and " transmit and handle " label respectively, send to the forwarding decision processing module.
7, the safety filtering current shunt of the architecture for exchanging of processor Network Based according to claim 1 and CPU array, it is characterized in that, described forwarding decision processing module, label for being forwarded to safety by built-in gigabit mouth, the packet of " fine granularity processings " is examined the unit, the packet that with label is " transmit and handle " carries out the calculating of distribution policy by general load-balancing algorithm, guarantee that all data keep the complete connection of its TCP on any link, the forwarding decision processing module sends to the exchange output unit with the distribution policy that calculates by the SPI-4.2 interface.
8, the safety filtering current shunt of the architecture for exchanging of processor Network Based according to claim 1 and CPU array, it is characterized in that, described 4 standard C PU processing modules, adopt the mode of operation of parallel processing, realization is to the fine granularity inspection of packet content, the fine granularity inspection mainly is at the examination needs of using, according to the definition in the application layer protocol specification, by the fields offset amount of wanting matching content is set, field length, field contents and filter operation, utilize the method for keyword coupling that packet is carried out Content Advisor, the conversation-based packet content examination in safety examination unit, the information that will extract from a plurality of packets the session is spliced, carry out content match again, find to be dispersed in the situation in a plurality of packets.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100845396A CN1321516C (en) | 2004-11-25 | 2004-11-25 | Safety filtering current shunt of exchange structure based on network processor and CPU array |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100845396A CN1321516C (en) | 2004-11-25 | 2004-11-25 | Safety filtering current shunt of exchange structure based on network processor and CPU array |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1610335A true CN1610335A (en) | 2005-04-27 |
| CN1321516C CN1321516C (en) | 2007-06-13 |
Family
ID=34765905
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2004100845396A Expired - Fee Related CN1321516C (en) | 2004-11-25 | 2004-11-25 | Safety filtering current shunt of exchange structure based on network processor and CPU array |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1321516C (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101064597B (en) * | 2006-04-25 | 2010-09-08 | Lgcns株式会社 | Network security device and method for processing packet data using the same |
| CN101902469A (en) * | 2010-07-12 | 2010-12-01 | 江苏华丽网络工程有限公司 | Intelligent security defense method based on two-layer network equipment |
| CN101217455B (en) * | 2007-01-05 | 2011-07-27 | 上海复旦光华信息科技股份有限公司 | A secure content filtering shunt based on the integration of useful connecting data |
| CN102420752A (en) * | 2011-11-28 | 2012-04-18 | 曙光信息产业(北京)有限公司 | Dynamic distribution device under 10Gbps flow |
| CN101764741B (en) * | 2009-11-27 | 2012-06-06 | 上海恒为信息科技有限公司 | Filtering and shunting device and method supporting multi-service function |
| CN101553798B (en) * | 2005-09-30 | 2012-07-18 | 洛克威尔自动控制技术股份有限公司 | device and method for utilizing data view graph in control system and production management systems |
| CN102624726A (en) * | 2012-03-07 | 2012-08-01 | 上海盖奇信息科技有限公司 | Multi-core intelligent network card platform-based ultrahigh-bandwidth network security audit method |
| US8559423B2 (en) | 2007-07-27 | 2013-10-15 | Hangzhou H3C Technologies Co., Ltd. | Method and apparatus for packet processing |
| CN103428114A (en) * | 2013-08-08 | 2013-12-04 | 曙光信息产业股份有限公司 | ATCA (advanced telecom computing architecture) 10-gigabit switching board and system |
| CN103634175A (en) * | 2013-12-02 | 2014-03-12 | 曙光信息产业(北京)有限公司 | Hybrid network access system |
| CN107749826A (en) * | 2017-09-15 | 2018-03-02 | 深圳市盛路物联通讯技术有限公司 | A kind of data packet forwarding method and system |
| CN108650215A (en) * | 2018-03-19 | 2018-10-12 | 山东超越数控电子股份有限公司 | A kind of net based on label installs standby network data flow preprocess method |
| CN111277517A (en) * | 2020-01-19 | 2020-06-12 | 长沙星融元数据技术有限公司 | Programmable switching chip-based convergence and shunt method and device, storage medium and electronic equipment |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2782683B2 (en) * | 1989-10-19 | 1998-08-06 | 三菱電機株式会社 | Communication method and node device in LAN |
| CN1450758A (en) * | 2003-05-16 | 2003-10-22 | 上海金诺网络安全技术发展股份有限公司 | High performance network intrusion detecting system and detecting method |
| CN100499451C (en) * | 2003-08-26 | 2009-06-10 | 中兴通讯股份有限公司 | Network communication safe processor and its data processing method |
-
2004
- 2004-11-25 CN CNB2004100845396A patent/CN1321516C/en not_active Expired - Fee Related
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101553798B (en) * | 2005-09-30 | 2012-07-18 | 洛克威尔自动控制技术股份有限公司 | device and method for utilizing data view graph in control system and production management systems |
| CN101064597B (en) * | 2006-04-25 | 2010-09-08 | Lgcns株式会社 | Network security device and method for processing packet data using the same |
| CN101217455B (en) * | 2007-01-05 | 2011-07-27 | 上海复旦光华信息科技股份有限公司 | A secure content filtering shunt based on the integration of useful connecting data |
| US8559423B2 (en) | 2007-07-27 | 2013-10-15 | Hangzhou H3C Technologies Co., Ltd. | Method and apparatus for packet processing |
| CN101764741B (en) * | 2009-11-27 | 2012-06-06 | 上海恒为信息科技有限公司 | Filtering and shunting device and method supporting multi-service function |
| CN101902469A (en) * | 2010-07-12 | 2010-12-01 | 江苏华丽网络工程有限公司 | Intelligent security defense method based on two-layer network equipment |
| CN102420752B (en) * | 2011-11-28 | 2015-02-04 | 曙光信息产业(北京)有限公司 | Dynamic distribution device under 10Gbps flow |
| CN102420752A (en) * | 2011-11-28 | 2012-04-18 | 曙光信息产业(北京)有限公司 | Dynamic distribution device under 10Gbps flow |
| CN102624726A (en) * | 2012-03-07 | 2012-08-01 | 上海盖奇信息科技有限公司 | Multi-core intelligent network card platform-based ultrahigh-bandwidth network security audit method |
| CN103428114A (en) * | 2013-08-08 | 2013-12-04 | 曙光信息产业股份有限公司 | ATCA (advanced telecom computing architecture) 10-gigabit switching board and system |
| CN103634175A (en) * | 2013-12-02 | 2014-03-12 | 曙光信息产业(北京)有限公司 | Hybrid network access system |
| CN107749826A (en) * | 2017-09-15 | 2018-03-02 | 深圳市盛路物联通讯技术有限公司 | A kind of data packet forwarding method and system |
| CN107749826B (en) * | 2017-09-15 | 2021-10-08 | 深圳市盛路物联通讯技术有限公司 | Data packet forwarding method and system |
| CN108650215A (en) * | 2018-03-19 | 2018-10-12 | 山东超越数控电子股份有限公司 | A kind of net based on label installs standby network data flow preprocess method |
| CN111277517A (en) * | 2020-01-19 | 2020-06-12 | 长沙星融元数据技术有限公司 | Programmable switching chip-based convergence and shunt method and device, storage medium and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1321516C (en) | 2007-06-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1321516C (en) | Safety filtering current shunt of exchange structure based on network processor and CPU array | |
| CN1287570C (en) | High speed filtering and stream dividing method for keeping connection features | |
| CN101217455B (en) | A secure content filtering shunt based on the integration of useful connecting data | |
| DE602004003611T2 (en) | Traffic monitoring system | |
| US6385209B1 (en) | Method and apparatus for mapping data packets between lines of differing capacity at a router interface | |
| US6768716B1 (en) | Load balancing system, apparatus and method | |
| CN103392317B (en) | Router and exchange board structure | |
| EP1063818B1 (en) | System for multi-layer provisioning in computer networks | |
| DE60034353T2 (en) | RULES-BASED IP DATA PROCESSING | |
| CA2546624C (en) | Apparatus and method for improved fibre channel oversubscription over transport | |
| CN1806466A (en) | Architecture, method and system of multiple high-speed servers for WDM based photonic burst-switched networks | |
| CN1579075A (en) | Method and systems for ordered dynamic distribution of packet flows over network processing means | |
| CN109089029B (en) | FPGA-based Gige Vision interface image transmission system and method | |
| CN101729573B (en) | Dynamic load balancing method of network intrusion detection | |
| CN102468899B (en) | Channelizing STM-1 access distribution method of and system thereof | |
| US20020049862A1 (en) | Method and apparatus for providing optical internetworking to wide area networks, metropolitan area networks, and local area networks using modular components | |
| CN109510973A (en) | A kind of 10,000,000,000 fiber optic Ethernets based on FPGA turn RapidIO multiway images transmission process system | |
| CN101051948A (en) | System and method for realizing multiple link point-to-point silent interception by port image | |
| CN103457824A (en) | Message processing method and device | |
| CN1638385A (en) | Parallel data link layer controllers in a network switching device | |
| CN101800777A (en) | Open network data acquisition method and device, and monitoring system based on device | |
| CN1501622A (en) | Network traffic statistical method of IP device | |
| CN108768810B (en) | A kind of transient state big data high-efficiency transmission method based on FC | |
| CN113377051B (en) | Network safety protection equipment based on FPGA | |
| JPS62233951A (en) | Multiplex packet transmission system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20070613 Termination date: 20131125 |