WO2015027374A1 - Data plane feature configuration method and apparatus - Google Patents

Data plane feature configuration method and apparatus Download PDF

Info

Publication number
WO2015027374A1
WO2015027374A1 PCT/CN2013/082268 CN2013082268W WO2015027374A1 WO 2015027374 A1 WO2015027374 A1 WO 2015027374A1 CN 2013082268 W CN2013082268 W CN 2013082268W WO 2015027374 A1 WO2015027374 A1 WO 2015027374A1
Authority
WO
WIPO (PCT)
Prior art keywords
data plane
message
rule
atomization
feature
Prior art date
Application number
PCT/CN2013/082268
Other languages
French (fr)
Chinese (zh)
Inventor
李彦
赵广
唐鹏合
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to CN201380000916.0A priority Critical patent/CN104584504B/en
Priority to PCT/CN2013/082268 priority patent/WO2015027374A1/en
Publication of WO2015027374A1 publication Critical patent/WO2015027374A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks

Definitions

  • the present invention relates to the field of communications, and in particular, to a method and apparatus for configuring a data plane. Background technique
  • control plane (English: control plane) sends the data plane (English: da ta plane ) to the data plane, and then the data plane forwards the packet according to the entry.
  • the strong coupling specifically refers to the inseparable and inseparable characteristics of the data plane and the control plane. Therefore, the characteristic configuration of the data plane is fixed, and the user cannot Configured.
  • a router forwards a packet, its forwarding process is fixed on the control plane. The user cannot extend the forwarding process.
  • the invention provides a method and device for configuring characteristics of a data surface, so as to realize data surface programming, and decompose the forwarding action into multiple characteristics for processing.
  • an embodiment of the present invention provides a method for configuring a feature of a data plane, where the method includes:
  • the data plane receives a configuration command sent by the control plane, where the configuration command includes characteristic data and a feature deployment, where the characteristic data includes an identifier of an atomization rule, an identifier of an atomization action, and atomizing the atomization rule and the atomization rule.
  • the action performs a processing instruction corresponding to the matching;
  • the data plane selects an atomization rule from a rule set of the data plane to form a classification rule, and the data plane
  • the action set selects the atomization action to form the action set;
  • the data plane performs corresponding matching processing with the action set to form a characteristic in the data plane according to the processing indication included in the characteristic data;
  • the data plane configures the feature at an execution timing of the data plane, so that the data plane processes the received packet at the execution timing, and the feature deployment Specifically, the configuration relationship between the characteristics and the execution timing.
  • the configuration command further includes the atomization rule and the atomization action
  • the data plane selects an atomization rule from a rule set of the data plane, and forms a classification rule, and selects an atomization action from the action set of the data plane, and further includes: The action is placed in the action set in the data plane.
  • the execution time is that when the data plane forwards the packet, it is determined whether the packet needs to be matched with the feature, and the judgment is carried according to the Forwarding the message process is strongly related to the key data structure.
  • the data plane configures the feature at an execution timing of the data plane, so that the data plane is in the
  • the processing of the received message at the execution timing is specifically as follows:
  • the data plane determines that the feature of the packet meets the classification rule
  • the data plane processes the packet by using the action set corresponding to the classification rule.
  • the data plane performs matching processing with the classification rule in the characteristic configured on the execution timing according to the execution timing of the data plane.
  • the determining, by the data plane, that the feature of the packet meets the classification rule includes:
  • the data plane determines that the feature of the message conforms to the classification rule.
  • processing the packet includes: using the classification
  • Each of the atomization actions in the set of actions corresponding to the rule processes the message at the execution time.
  • the classification rule The invention includes a message space feature, a 4-character time feature, a 4-character organization feature, a 4-character content feature, a 4-character traffic feature, and a message environment feature.
  • the action set includes a message feature acquisition class action and a user visible feature. Forwarded decomposition and nested policy support.
  • an embodiment of the present invention provides a data plane feature configuration apparatus, where the apparatus includes:
  • a receiving unit configured to receive a configuration command sent by the control plane, where the configuration command includes characteristic data and feature deployment, where the characteristic data includes an identifier of an atomization rule, and an identifier of an atomization action
  • a component unit configured to: according to the processing indication included in the characteristic data, the classification rule Corresponding matching processing with the action set to form a characteristic in the data plane; a configuration unit, configured to use the feature deployment, to configure the feature at an execution timing of the data plane, so as to be in the The received message is processed at the execution timing, and the characteristic deployment is specifically a configuration relationship between the feature and the execution timing.
  • the configuration command received by the receiving unit further includes the atomization rule and the atomization action
  • the apparatus further includes: a placing unit for placing the atomization rule into a rule set in the data plane, and placing the atomization action into an action set in the data plane.
  • the configuration unit performs the execution time of configuring the feature on the data plane, specifically, when forwarding the packet And determining whether the packet needs to match the characteristic, and the determining is carried in a key data structure that is strongly related to the forwarding packet process.
  • the device further includes:
  • a matching unit configured to perform, according to a feature of the packet, a matching process between the feature of the packet and the classification rule configured in the feature at the execution timing;
  • the processing unit is configured to process the packet by using the action set corresponding to the classification rule when determining that the feature of the packet meets the classification rule.
  • the processing unit is specifically configured to: according to the characteristics of the packet, follow the execution timing, and configure The classification rule in the characteristics on the execution timing performs matching processing.
  • the matching unit is further configured to: if the feature of the packet meets each atomization rule in the classification rule And determining that the characteristics of the message conform to the classification rule.
  • the processing unit is specifically configured to: use each of the action sets corresponding to the classification rule The atomization action processes the message at the execution timing.
  • the selecting The classification rule consisting of the unit includes the packet space feature, the packet time feature, the packet organization feature, the message content feature, the packet traffic feature, and the message environment feature. Text feature acquisition class action, user visible feature forwarding decomposition and nested policy support.
  • an embodiment of the present invention provides a data plane feature configuration apparatus, where the apparatus includes:
  • a first memory configured to store program code required by the first processor
  • a second memory configured to store program code required by the second processor
  • the interface is configured to receive a packet
  • the program code stored by the second memory includes instructions operable to cause the second processor to perform the following process:
  • a configuration command includes characteristic data and a feature deployment, where the feature data includes an identifier of an atomization rule, an identifier of an atomization action, and the atomization rule and the The atomization action performs a processing instruction corresponding to the matching;
  • Configuring, by using the feature deployment, the feature is configured at an execution timing of the data plane, so as to process the received packet at the execution timing, where the feature deployment is specifically The configuration relationship between the characteristics and the execution timing.
  • the configuration command received by the second processor further includes the atomization rule and the atomization action
  • the program code stored by the second memory further includes instructions operable to cause the second processor to perform the following process:
  • the atomization rules are placed in a rule set in the data plane, and the atomization action is placed in an action set in the data plane.
  • the performing, by the second processor, the execution timing of configuring the feature on the data plane refers to when forwarding a packet And determining whether the packet needs to match the characteristic, and the determining is carried in a key data structure that is strongly related to the forwarding packet process.
  • the program code that is stored by the second memory further includes, where the second processor is configured to perform the feature
  • the instructions configured at the execution timing of the data plane to facilitate the matching process on the received message at the execution timing are:
  • the packet is processed by using the action set corresponding to the classification rule.
  • the program code stored in the second memory is configured to enable the second processor to perform the packet
  • the instructions for performing the matching process with the classification rules in the characteristics configured in the execution timing are:
  • matching processing is performed with the classification rule among the characteristics configured on the execution timing in accordance with the execution timing of the data plane.
  • the program code stored in the second memory may be used to cause the second processor to execute an instruction to determine that a feature of the message conforms to the classification rule process is:
  • the program code stored in the second memory is used to enable the second processor to utilize the classification rule
  • the instruction of the action set to process the message is:
  • the message is processed at the execution timing by using the atomization action in each of the action sets corresponding to the classification rule.
  • the second memory is stored
  • the classification rule in the program code includes a message space feature, a message time feature, a message organization feature, a content feature, a text traffic feature, and a text environment feature; and the action set includes a text feature acquisition class action, User-visible feature forwarding decomposition and nested policy support.
  • the method and device for configuring the characteristics of the data plane provided by the embodiment of the present invention use a unified policy to configure the data plane, and use the classification rule and the action set of the characteristics in the data plane to forward and process the packet received on the data plane, thereby realizing the data plane. Programmable, ultimately separating the data plane from the control plane.
  • FIG. 1 is a flowchart of a method for configuring a data plane according to an embodiment of the present invention.
  • FIG. 2 is a schematic diagram of a nesting policy according to an embodiment of the present invention.
  • FIG. 3 is a schematic diagram of an execution timing according to an embodiment of the present invention.
  • FIG. 4 is a schematic diagram of modeling a packet forwarding feature according to an embodiment of the present invention.
  • FIG. 5 is a structural diagram of a device for configuring a characteristic of a data plane according to an embodiment of the present invention
  • FIG. 6 is a schematic structural diagram of a hardware configuration of a data plane according to an embodiment of the present invention
  • FIG. 7 is a schematic diagram of a system for configuring a feature of a data plane according to an embodiment of the present invention. detailed description
  • FIG. 1 is a flowchart of a method for configuring a data plane according to an embodiment of the present invention.
  • the implementation body is a data plane, and the data plane can be configured inside the router by means of a software module.
  • the embodiment specifically includes the following steps:
  • Step 110 The data plane receives a configuration command sent by the control plane, where the configuration command includes the feature data and the feature deployment, where the feature data includes an identifier of the atomization rule, an identifier of the atomization action, and a control plane generation configuration command.
  • the configuration command includes characteristic data and feature deployment.
  • the control plane can generate a configuration command by receiving an instruction input by the user, and send the configuration command to the data plane.
  • the data plane receives the configuration command.
  • Step 120 According to the identifier of the atomization rule included in the characteristic data and the identifier of the atomization action, the data plane selects an atomization rule from a rule set of the data plane, and forms a classification rule, from the The action of the data plane selects the atomization action to form the action set.
  • the data plane selects atomization rules from the rule set of the data plane to form a classification rule, and selects any atomization action from the action set of the data plane to form an action set.
  • the rule set and the action set are previously configured in the data plane, and the rule Sets, action sets include multiple atomization rules, atomization actions.
  • the characteristic data includes an atomization rule to be selected, an identification ID of the atomization action, and after the data surface extracts the characteristic data from the configuration command, the atomicization rule to be selected included in the analysis characteristic data, the atom
  • the identification ID of the action using the atomization rules and the identification ID of the atomization action, selects the corresponding atomization rule and atomization action from the rule set and the action set.
  • the characteristic data further includes sorting information for sorting the atomization rules in the classification rule, and the data is sorted by the atomization rules constituting the classification rules by using the sorting information.
  • Step 130 According to the processing indication included in the characteristic data, the data plane performs corresponding matching processing on the classification rule and the action set to form a characteristic in the data plane.
  • the data plane performs the corresponding processing on the classification rule formed in step 120 and the action set to form a characteristic in the data plane.
  • the characteristic data further includes a processing indication, where the processing indication specifically refers to an indication that the atomization rule in the classification rule is matched with the atomization action in the action set.
  • the matching of the atomization rules in the classification rule with the atomization actions in the action set specifically refers to the atomization actions corresponding to each atomization rule, which are sorted according to the order of the atomization rules.
  • Step 140 Deploying, by using the feature, the data plane configures the feature at an execution timing of the data plane, so that the data plane processes the received packet at the execution timing, where
  • the feature deployment is specifically a configuration relationship between the feature and the execution timing.
  • the data plane configures the characteristics formed in step 130 at the execution timing of the data plane, so that the data plane forwards the received packet at the execution timing.
  • the feature deployment is specifically a configuration relationship between the feature and the bearer point, and the data plane utilizes the feature deployment to configure the feature formed in step 130 at the execution time of the data plane, that is, the data plane passes Feature deployment, explicitly configuring the composed features at specific execution times.
  • the configuration command issued by the control plane further includes an atomization rule and an atomization action.
  • the data plane includes the atomization rules included in the configuration command, the atomization action into the rule set, and the action set.
  • the data plane is formed according to the configuration command issued by the control plane to form a rule set and an action set; and the atomization rules and atomization actions are selected from the rule set and the action set.
  • the execution time in the step 140 of the embodiment of the present invention is specifically: when the data plane forwards the packet, it is determined whether the packet needs to be matched with the configured feature.
  • the basis for the determination is contained in a key data structure that is strongly related to the process of forwarding the message.
  • the execution timing is also a bearer point, and the bearer point is specifically a key data structure existing in the data plane.
  • the data plane in step 140 of the embodiment of the present invention configures the characteristic at an execution timing of the data plane, so that the data plane processes the received packet at the execution timing. Specifically:
  • the data plane determines that the feature of the packet meets the classification rule
  • the data plane processes the packet by using the action set corresponding to the classification rule.
  • the data plane receives the packet to be forwarded, parses the packet, and obtains the feature of the packet, and the data plane matches the feature of the packet with the classification rule configured in the feature at the execution timing; When it is determined that the characteristics of the packet meet the classification rule, the data plane uses the action set corresponding to the classification rule to forward the packet.
  • the data plane matching the feature of the packet with the classification rule in the feature configured on the execution timing specifically includes:
  • the data plane is in accordance with the order of execution on the data plane, and the configuration is executed.
  • the classification rules in the characteristics on the line timing are matched.
  • Determining, by the data plane, that the feature of the packet meets the classification rule includes:
  • the data plane determines whether the feature of the message conforms to each atomization rule in the classification rule. If the feature of the message conforms to each atomization rule in the classification rule, the data plane determines that the feature of the message conforms to the classification rule. Otherwise, if The characteristics of the message do not conform to each atomization rule in the classification rule, and the data plane determines that the characteristics of the message do not conform to the classification rule.
  • the process of processing the packet by using the action set corresponding to the classification rule includes:
  • the data plane uses each atomization action in the action set corresponding to the classification rule to forward the message at the execution time.
  • each feature (or forwarding feature) of the message is Modeling, using a unified mechanism to achieve dynamic configuration.
  • the forwarding process of the packet is decomposed, and each forwarding process of the packet can be decomposed into a combination of different characteristics (that is, a combination of multiple characteristics forms a message for each message.
  • the forwarding process of the packet is visible to the user.
  • the feature is a process of packet processing in packet forwarding. And each feature is atomized, that is, the feature cannot be further decomposed.
  • the feature is divided into three elements: a classification rule (English: c las s if ier ), an action set (English: behavior ), and an execution timing (English: chance ). That is, each attribute consists of a classification rule, a set of actions corresponding to the classification rule, and an execution timing.
  • a classification rule English: c las s if ier
  • an action set English: behavior
  • an execution timing English: chance
  • classification rules can be used to determine the rules that the message conforms to and the actions that need to be performed in the action set in the feature.
  • Classification rules can be, but are not limited to, include the following features:
  • Message space feature (English: space): Interface for receiving or sending packets
  • Packet traffic characteristics (English: traffic): such as bandwidth attributes, flow policy behavior attributes (for example, delaying the transmission of packets), etc., the bandwidth attributes and behavior attributes are stored in the packet header or message data;
  • Packet environment characteristics If the router interface traffic exceeds 10M and the downstream device occupancy rate exceeds 80%, the router communicates with the downstream device to obtain the downstream device occupancy rate.
  • classification rules can be further divided into atomization rules.
  • the so-called atomization rules are defined non-separable rules. Different combinations of atomization rules can be combined into different classification rules. Therefore, the classification rules are composed of different atomization rules.
  • An action set (also referred to as an action action) refers to a specific process of forwarding a message.
  • the action set includes at least a message class acquisition action, a user visible feature forwarding decomposition, and a nested policy support.
  • the acquisition class action of the essay feature includes the following features:
  • Obtaining the characteristics of the packet space Obtaining the configuration domain, where the configuration domain is the domain where the source device that sends the packet to be forwarded is located;
  • Get the packet time feature Get the current time
  • Packets that are measured after the bandwidth is obtained and traffic policing is configured.
  • the packet dyeing behavior refers to the behavior of marking the packet forwarding level when the router forwards the packet. Behavior;
  • the user-disaggregated feature forwarding decomposition specifically means that each forwarding process of the packet can be decomposed. For the combination of different characteristics, that is, the combination of multiple characteristics, each time the packet is forwarded, the user's forwarding processing of the message is visible.
  • Nested policy support as an action refers to the implementation of an atomization action corresponding to the atomization rules included in the classification rule in a feature, that is, into another feature, which is usually used for hierarchical service quality (English: Hierarchical Quality of Service, referred to as: HqoS), as shown in Figure 2:
  • HqoS Hierarchical Quality of Service
  • the two atomization rules included in the classification rule in feature2 are: the first atomization rule (person belongs to enterprise 1), the second atomization rule (person belongs to enterprise 2); the atomization action corresponding to the first atomization rule is The feature feature3, the atomization action corresponding to the second atomization rule is the feature feature4, the feature feature3 and the feature feature2 belong to the enterprise 1 nested relationship; the feature feature4 and the feature feature2 belong to the enterprise 2 nested relationship.
  • the feature feature3 and the feature feature4 are nested in the feature feature 2, and the matching process distinguishes packets from the same port that have personal characteristics belonging to different enterprises, and therefore, the characteristics are related, and Non-decomposed.
  • the message is forwarded by the feature feature1, the feature feature2, the feature feature5, and the feature feature m, but since the feature feature2 is nested with the feature feature 3 and the special '1" element feature4, ⁇ "Life featurel, special”! Forwarding processing of "feature feature2, special 'f' feature 3 or feature feature4, feature feature5, and feature feature m.
  • the execution timing is the process of judging whether to match the feature in the process of forwarding processing, that is, whether it matches the classification rule in the feature, and whether the message matches the classification rule in the feature is generally carried in the forwarding process.
  • the key data structure of the strong correlation the key data structure exists in any layer of the Open System Interconnection.
  • the execution timing is also a bearer point.
  • L1i is the physical layer uplink bearer point
  • L2i is the data link layer uplink bearer point
  • L3i is the network layer uplink bearer point
  • L3f network layer forwarding plane bearer point
  • L3e is the network layer.
  • the downlink bearer point, L2e is the data link layer downlink direction bearer point, and Lie is the data layer downlink direction load point.
  • User i is the user's uplink load point and usere is the user's downlink load point.
  • L4 is the transport layer direction bearer point, and app is the application direction bearer point.
  • Ll i, L2 i, L3 i, L3f, L3e, L2e, Lie, user i and usere are bearer points in the data plane; L4, app are bearer points in the control plane.
  • the data plane After the data plane receives the packet, the data is forwarded to the packet.
  • the data plane determines whether the packet needs to be processed through the feature on the bearer point. If the feature is matched, the feature of the packet is matched with the classification rule of the feature at the bearer point. If the feature is disabled on the bearer point, the packet does not match the feature of the feature on the bearer point. The text is forwarded to the next bearer point.
  • the packet passes the L3f bearer point
  • the feature of the packet matches the classification rule of the feature on the bearer point
  • the feature of the packet and the bearer point are matched.
  • the data plane forwards the message by using the action set corresponding to the classification rule.
  • the atomization action included in the action set includes forwarding the message to the L4 bearer point in the control plane. , or forward the packet to the L3e bearer.
  • the user i load point and the usere load point are virtual load points.
  • the user i lifetime may exist in any one of Ll i, L2 i, L3 i; the usere bearer may exist in any one of L3e, L2e, Lie.
  • FIG. 4 is a schematic diagram of modeling a packet forwarding feature according to an embodiment of the present invention. As shown in Figure 4, the model includes data plane 1 and control plane 2.
  • the control surface 1 includes a programmable control surface portion 21 and a non-programmable control surface portion 22, and the control surface 2 generates a configuration command according to an instruction input by the user, and issues a configuration command to the data plane 1.
  • the configuration commands include feature data 15 and feature deployment 16.
  • Data plane 1 includes various characteristics, such as characteristic 10, characteristic 20, and characteristic 30, each characteristic It consists of classification rule 1 1, action set 12, and execution timing.
  • the classification rule 11 is composed of atomization rules selected from the rule set 13 , and the data plane combines different indivisible atomization rules in a certain order according to the characteristic data 15 to form a classification rule 11 .
  • the action set 12 is composed of atomization actions selected from the action set 14, and the data plane combines different indivisible atomization actions in a certain order according to the characteristic data 15 to form an action set 12.
  • the rule set 13 has previously existed in the data plane 1.
  • a plurality of atomization rules are included in the rule set 13 , and the data plane is selected according to the characteristic data 15 in the rule set 13
  • the partial atomization rule constitutes a classification rule in the characteristic, or, in another implementation manner, the data plane puts the atomization rule included in the configuration command into the rule set 13 and selects according to the characteristic data, and constitutes the characteristic Classification rules.
  • the action set 14 has previously existed in the data plane 1, and in one implementation, the action set 14 includes a plurality of atomization actions, and the data plane selects a partial atomization in the action set 14 according to the feature data 15.
  • the set of actions in the action composition feature, or in another implementation, the data plane puts the atomization action included in the configuration command into the action set 14, and then selects according to the feature data to form the action set in the feature.
  • the data plane uses the characteristic data 15 to process the classification rule 1 1 and the action set 12 to form the characteristic 10. In the same way, composition characteristics 20, characteristics 30.
  • the data plane is deployed according to the characteristics. 16
  • the constituent characteristics are configured on different bearer points of the data plane 1. Therefore, when the packet forwarding process is performed, the processing is performed according to different bearer points. When the feature 10 is configured on the bearer point, the corresponding processing is performed.
  • the user can control the data surface generation characteristics by using the control plane, configure the characteristics on different data points of the data plane through feature deployment, realize the configuration of the data plane using the unified strategy, and the data plane can be programmed, the data plane and the control plane. Separation, using the classification rules and action sets of the characteristics in the data plane to forward the message received on the data plane, and realize the programmable side of the data plane Reason.
  • the classification rule included in feature 1 is classifierl, classif ierl is composed of the first atomization rule and the second atomization rule, and the action set is actionl; the classification rule of feature 2 is classifie, classifie is composed only of the third atomization rule, action set It is act ion2; the classification rule of feature 3 is classified, the classification is composed of the fourth atomization rule and the fifth atomization rule, and the action set is action3.
  • the data plane is configured at the bearer point 1 configuration 1, the feature 2 is configured at the bearer point 2, and the feature 3 is configured at the bearer point 3.
  • the packet After the data plane receives the packet, the packet enters the bearer point 1, the bearer point 2, and the bearer point 3.
  • the feature 1 of the packet is matched, and the feature of the packet is matched with the classification rule of the feature 1 in the data.
  • the first atomization rule and the second atomization rule included in the classification rule the data plane forwards the message according to the atomization action included in the action set, that is, performs actionl processing, that is, in FIG. 4, the message
  • the dotted line of the forwarding process is indicated by the characteristic 1.
  • the feature 2 When the packet is processed by the actionl and enters the bearer 2, the feature 2 is deployed in the bearer 2, and the data is matched with the feature of the feature 2 and the feature of the feature 2 is matched.
  • the feature of the packet is If the classification rule of the feature 2 is not matched, the processing of the action set corresponding to the classification rule is not performed, that is, in FIG. 4, the dotted line of the message forwarding flow is not indicated by the characteristic 2.
  • the feature 3 When the packet enters the bearer point 3 through the actionl process, the feature 3 is deployed in the bearer point 3, and the feature of the packet is matched with the feature of the feature 3 in the data. In the embodiment of the present invention, the feature matching of the packet is matched.
  • the data plane forwards the message according to the atomization action included in the action set, that is, performs action3 processing, that is, in FIG. 4, the dotted line of the message forwarding flow is indicated by the characteristic 3.
  • the data plane is configured by using a unified policy, and the data received by the data plane is forwarded by using the classification rule and the action set of the characteristics in the data plane, and the data is realized.
  • Programmable, final data surface and control surface Separation are possible.
  • the embodiment of the present invention further provides a data plane feature configuration device, which is used to implement the feature configuration method of the data plane in the foregoing embodiment, such as As shown in FIG. 5, the apparatus includes: a receiving unit 510, a selecting unit 520, a component unit 530, and a configuration unit 540.
  • the receiving unit 51 0 is configured to receive a configuration command issued by the control plane, where the configuration command includes characteristic data and feature deployment, where the feature data includes an identifier of an atomization rule, an identifier of an atomization action, and a a processing indication that the atomization rule is matched with the atomization action; the identifier of the atomization action selects an atomization rule from a rule set of the data surface to form a classification rule 'J, an action from the data surface Centrally select atomic actions to form action sets;
  • the component unit 530 is configured to perform corresponding matching processing on the classification rule and the action set according to the processing indication included in the characteristic data, to form a characteristic in the data plane;
  • the configuration unit 540 is configured to use the feature deployment to configure the feature at an execution timing of the data plane, so as to process the received packet at the execution timing, where the feature deployment is specifically The configuration relationship between the characteristics and the execution timing.
  • the configuration command received by the receiving unit 510 further includes the atomization rule and the atomization action;
  • the apparatus further includes: a loading unit 550 for placing the atomization rule into a rule set in the data plane, and placing the atomization action into an action set in the data plane.
  • the configuration unit 540 performs the execution timing of configuring the feature on the data plane. Specifically, when the packet is forwarded, it is determined whether the packet needs to be matched with the feature, and the judgment is carried in the In the key data structure strongly related to the forwarding message process.
  • the device further includes: a matching unit 560, configured to match, according to the feature of the message, the feature of the message with the classification rule of the feature configured on the execution timing Reason
  • the processing unit 570 is configured to process the packet by using the action set corresponding to the classification rule when determining that the feature of the packet meets the classification rule.
  • the processing unit 570 is specifically configured to perform matching processing with the classification rule in the characteristics configured on the execution timing according to the characteristics of the message according to the execution timing.
  • the matching unit 560 is further configured to: if the feature of the packet meets each atomization rule in the classification rule, determine that the feature of the packet conforms to the classification rule.
  • the processing unit 570 is specifically configured to process the packet at the execution time by using each of the atomization actions in the action set corresponding to the classification rule.
  • the classification rule composed by the selecting unit 520 includes a message space feature, a message time feature, a text organization feature, a text content feature, a text traffic feature, and a text environment feature; and the action set consisting of the selection unit includes a message Feature acquisition class actions, user visible feature forwarding decomposition, and nested policy support.
  • the data plane is configured by using a unified policy, and the data received by the data plane is forwarded by using the classification rule and the action set of the characteristics in the data plane, and the data is realized.
  • the surface is programmable, and finally the separation of the data plane from the control plane is achieved.
  • the data plane feature configuration apparatus provided by the embodiment of the present invention may also be implemented as follows to implement the data plane feature configuration method in the foregoing embodiment of the present invention.
  • the data plane is The characteristic configuration device includes: an interface 610, a first processor 620, a second processor 630, a first memory 640, and a second memory 650.
  • the system bus 660 is used to connect the interface 610, the first processor 620, the second processor 630, the first memory 640, and the second memory 650.
  • the interface 610 can be one or more of the following: a network interface controller (English: network interface contro l ler, abbreviated: NIC) providing a wired interface, and an Ethernet NIC, which can provide a copper interface. Fiber optic interface or both copper and fiber optic interfaces; A NIC that provides a wireless interface, such as a wireless local area network (English: wireless local area network, abbreviation: WLAN) NIC.
  • a network interface controller (English: network interface contro l ler, abbreviated: NIC) providing a wired interface
  • an Ethernet NIC which can provide a copper interface.
  • a NIC that provides a wireless interface, such as a wireless local area network (English: wireless local area network, abbreviation: WLAN) NIC.
  • the first processor 620 is configured to execute a command related to the control plane. Further, the first processor 620 receives an instruction input by the user, generates a configuration command according to the instruction input by the user, and sends the configuration command to the second processor 630;
  • the second processor 630 is configured to execute a command related to the data plane and perform interactive communication with the first processor 620.
  • the first memory 640 stores the program code and transmits the stored program code to the first processor 620, which is required by the first processor 620.
  • the second memory 650 stores the program code, and the storage rule set, the action set, the classification rule, the action set, and the like, and transmits the stored program code to the second processor 630, where the program code is required by the second processor 630. of.
  • the first/second memory may be a volatile memory (English: volatile memory), such as a random access memory (English: random-access memory, abbreviation: RAM); or a non-volatile memory (English: non-volatile) Memory ) , such as flash memory (English: flash memory), hard disk (English: hard disk drive, abbreviation: HDD) or solid state drive (English: solid-state drive, abbreviation: SSD); or a combination of the above types of memory.
  • volatile memory such as a random access memory (English: random-access memory, abbreviation: RAM); or a non-volatile memory (English: non-volatile) Memory ) , such as flash memory (English: flash memory), hard disk (English: hard disk drive, abbreviation: HDD) or solid state drive (English: solid-state drive, abbreviation: SSD); or a combination of the above types of memory.
  • the interface 610 in the feature configuration device of the data plane is configured to receive a message.
  • the program code stored by the second memory 640 includes instructions that can be used to cause the second processor 630 to perform the following process:
  • a configuration command includes characteristic data and a feature deployment, where the feature data includes an identifier of an atomization rule, an identifier of an atomization action, and the atomization rule and the The atomization action performs a processing instruction corresponding to the matching;
  • Configuring, by the feature deployment, the feature is configured at an execution timing of the data plane, so as to process the received packet at the execution timing, where the feature deployment is specifically The configuration relationship between the execution timings.
  • the configuration command received by the second processor 630 further includes the atomization rule and the atomization action
  • the program code stored by the second memory 650 also includes instructions that can be used to cause the second processor 630 to perform the following process:
  • the atomization rules are placed in a rule set in the data plane, and the atomization action is placed in an action set in the data plane.
  • the program code stored by the second memory 650 further includes an operation timing that is operable to cause the second processor 630 to perform configuring the feature at the data plane, so as to be at the execution timing
  • the instruction to perform the matching process on the received message is:
  • the packet is processed by using the action set corresponding to the classification rule.
  • program code stored by the second memory 650 can be used to cause the second processor 630 to perform the classification of the feature of the message and the characteristic configured on the execution timing.
  • the instructions for the rule to perform the matching process are:
  • the program code stored by the second memory 650 can be used to enable the second processor 630 to execute an instruction that determines that the feature of the message conforms to the classification rule process:
  • program code stored by the second memory 650 can be used to enable the second processor 630 to process the message by using the action set corresponding to the classification rule:
  • the message is processed at the execution timing by using the atomization action in each of the action sets corresponding to the classification rule.
  • the classification rule in the program code stored by the second memory 650 includes a packet space feature, a packet time feature, a packet organization feature, a message content feature, a packet traffic feature, and a message environment.
  • the action set includes a message feature acquisition class action, a user visible feature forwarding decomposition, and a nested policy support.
  • the data plane is configured by using a unified policy, and the data received by the data plane is forwarded by using the classification rule and the action set of the characteristics in the data plane, and the data is realized.
  • the surface is programmable, and finally the separation of the data plane from the control plane is achieved.
  • the embodiment of the present invention further provides a data surface feature configuration system. As shown in FIG. 7, the system includes the message processing device provided by the foregoing embodiment.
  • system further includes: a control plane, wherein the control plane includes a control unit, and the control unit is implemented by a processor.
  • the control unit is configured to send a configuration command to the characteristic configuration device of the data plane, and the receiving unit in the characteristic configuration device of the data plane receives the configuration command delivered by the control unit, where the configuration command is Including atomization rules, atomization actions, feature data, and feature deployment, and transferring configuration commands to the selection unit, component unit, configuration unit, and into the unit, placing the unit into the unit according to the configuration command, placing the atomization rules included in the configuration command Into the rule set, put the atomization action In the action set; the selection unit selects the atomization rule from the rule set according to the configuration command, and uses the characteristic data included in the configuration command to form a classification rule, and selects an atomization action from the action set to form an action set; and the component is classified according to the characteristic data.
  • the rule and the action set are processed correspondingly to form a characteristic; the configuration unit is deployed according to the characteristics included in the configuration command, and the feature is configured at the execution timing of the data plane.
  • the data plane is configured by using a unified policy, and the data received by the data plane is forwarded by using the classification rule and the action set of the characteristics in the data plane, and the data is realized.
  • the surface is programmable, and finally the separation of the data plane from the control plane is achieved.
  • the steps of a method or algorithm described in connection with the embodiments disclosed herein can be implemented by a software module executed by a processor.
  • the software module can be placed in a random access memory (English: RAM), read only memory (English: ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, removable disk, or the like. Any other form of storage medium.

Abstract

Embodiments of the present invention relate to a data plane feature configuration method and an apparatus. The method comprises: a data plan receiving a configuration command delivered by a control plane, wherein the configuration command comprises feature data and feature deployment, wherein the feature data comprises an identifier of an atomic rule, an identifier of an atomic action and a processing instruction for performing corresponding matching on the atomic rule and the atomic action; based on the identifier of the atomic rule and the identifier of the atomic action, selecting the atomic rule from rules of the data plane in a centralized manner to form a categorization rule, and selecting the atomic action from actions of the data plane in a centralized manner to form an action set; based on the processing instruction, performing corresponding matching processing on the categorization rule and the action set to form a feature in the data plane; using the feature deployment to configure the feature at an execution time of the data plane so as to perform matching processing on packets received at the execution time, wherein the feature deployment is specifically a configuration relationship between the feature and the execution time.

Description

说 明 书 数据面的特性配置方法和装置 技术领域  Description of the characteristics of the data surface configuration method and device
本发明涉及通讯领域, 尤其涉及一种数据面的特性配置方法和装置。 背景技术  The present invention relates to the field of communications, and in particular, to a method and apparatus for configuring a data plane. Background technique
在通常的路由器实现方法中, 是控制面 (英文: control plane ) 向数据 面下发数据面 (英文: da ta plane ) 所需的表项, 然后数据面根据该表项转 发报文。  In the conventional router implementation method, the control plane (English: control plane) sends the data plane (English: da ta plane ) to the data plane, and then the data plane forwards the packet according to the entry.
因为控制面与数据面之间的强耦合性, 所述强耦合性具体是指数据面与 控制面的不可拆分、 不可分离的特性, 所以数据面的特性配置是固定的, 用 户是不可以进行配置的。 而路由器在转发报文时, 其转发过程均为控制面固 定配置的, 用户不可以进行转发过程的扩展。  Because of the strong coupling between the control plane and the data plane, the strong coupling specifically refers to the inseparable and inseparable characteristics of the data plane and the control plane. Therefore, the characteristic configuration of the data plane is fixed, and the user cannot Configured. When a router forwards a packet, its forwarding process is fixed on the control plane. The user cannot extend the forwarding process.
通常的数据面和控制面都无法完全分离, 而且数据面都不可以编程, 导 致报文的转发效率低。 发明内容  Normally, the data plane and the control plane cannot be completely separated, and the data plane cannot be programmed, resulting in low packet forwarding efficiency. Summary of the invention
本发明提供了一种数据面的特性配置方法和装置, 以实现数据面可编程, 将转发动作分解为多个特性进行处理。  The invention provides a method and device for configuring characteristics of a data surface, so as to realize data surface programming, and decompose the forwarding action into multiple characteristics for processing.
第一方面, 本发明实施例提供了一种数据面的特性配置方法, 所述方法 包括:  In a first aspect, an embodiment of the present invention provides a method for configuring a feature of a data plane, where the method includes:
数据面接收控制面下发的配置命令, 所述配置命令包括特性数据以及特 性部署, 所述特性数据包括原子化规则的标识、 原子化动作的标识和将所述 原子化规则与所述原子化动作进行对应匹配的处理指示; 根据所述特性数据包括的所述原子化规则的标识以及所述原子化动作的 标识, 所述数据面从所述数据面的规则集中选取原子化规则, 组成分类规则, 从所述数据面的动作集中选择原子化动作, 组成动作集合; The data plane receives a configuration command sent by the control plane, where the configuration command includes characteristic data and a feature deployment, where the characteristic data includes an identifier of an atomization rule, an identifier of an atomization action, and atomizing the atomization rule and the atomization rule. The action performs a processing instruction corresponding to the matching; And according to the identifier of the atomization rule included in the characteristic data and the identifier of the atomization action, the data plane selects an atomization rule from a rule set of the data plane to form a classification rule, and the data plane The action set selects the atomization action to form the action set;
根据所述特性数据包括的所述处理指示, 所述数据面将所述分类规则与 所述动作集合进行对应匹配处理, 组成所述数据面中的特性;  And the data plane performs corresponding matching processing with the action set to form a characteristic in the data plane according to the processing indication included in the characteristic data;
利用所述特性部署, 所述数据面将所述特性配置在所述数据面的执行时 机处, 以便于所述数据面在所述执行时机处对接收到的报文进行处理, 所述 特性部署具体为所述特性与所述执行时机之间的配置关系。  Deploying the feature, the data plane configures the feature at an execution timing of the data plane, so that the data plane processes the received packet at the execution timing, and the feature deployment Specifically, the configuration relationship between the characteristics and the execution timing.
在第一种可能的实现方式中, 所述配置命令还包括所述原子化规则以及 所述原子化动作;  In a first possible implementation manner, the configuration command further includes the atomization rule and the atomization action;
所述根据所述特性数据, 所述数据面从所述数据面的规则集中选取原子 化规则, 组成分类规则, 从所述数据面的动作集中选择原子化动作, 组成动 作集合之前还包括: 子化动作放入所述数据面中的动作集中。  According to the characteristic data, the data plane selects an atomization rule from a rule set of the data plane, and forms a classification rule, and selects an atomization action from the action set of the data plane, and further includes: The action is placed in the action set in the data plane.
在第二种可能的实现方式中, 所述执行时机是指所述数据面在转发报文 时, 判断所述报文是否需要与所述特性进行匹配, 所述判断的依据承载在与 所述转发报文过程强相关的关键数据结构中。  In a second possible implementation, the execution time is that when the data plane forwards the packet, it is determined whether the packet needs to be matched with the feature, and the judgment is carried according to the Forwarding the message process is strongly related to the key data structure.
结合第一方面的第二种可能的实现方式, 在第三种可能的实现方式中, 所述数据面将所述特性配置在所述数据面的执行时机处, 以便于所述数据面 在所述执行时机处对接收到的报文进行处理具体为:  In conjunction with the second possible implementation of the first aspect, in a third possible implementation, the data plane configures the feature at an execution timing of the data plane, so that the data plane is in the The processing of the received message at the execution timing is specifically as follows:
根据所述报文的特征, 所述数据面将所述报文的特征与配置在所述执行 时机上的所述特性中的所述分类规则进行匹配处理;  Determining, according to a feature of the packet, the data plane to match the feature of the packet with the classification rule configured in the feature at the execution timing;
当所述数据面确定所述报文的特征符合所述分类规则时, 所述数据面利 用所述分类规则对应的所述动作集合对所述报文进行处理。  When the data plane determines that the feature of the packet meets the classification rule, the data plane processes the packet by using the action set corresponding to the classification rule.
结合第一方面的第三种可能的实现方式, 在第四种可能的实现方式中, 所述根据所述报文的特征, 所述数据面将所述报文的特征与配置在所述执行 时机上的所述特性中的所述分类规则进行匹配处理具体包括: In conjunction with the third possible implementation of the first aspect, in a fourth possible implementation, And the matching, by the data plane, the matching of the feature of the packet with the classification rule of the feature configured on the execution timing, according to the feature of the packet, specifically:
根据所述报文的特征, 所述数据面按照所述数据面上的所述执行时机的 顺序, 与配置在所述执行时机上的所述特性中的分类规则进行匹配处理。  And according to the feature of the message, the data plane performs matching processing with the classification rule in the characteristic configured on the execution timing according to the execution timing of the data plane.
结合第一方面的第三种可能的实现方式, 在第五种可能的实现方式中, 所述数据面确定所述报文的特征符合所述分类规则具体包括:  With reference to the third possible implementation manner of the first aspect, in a fifth possible implementation, the determining, by the data plane, that the feature of the packet meets the classification rule includes:
如果所述报文的特征符合所述分类规则中的每一个原子化规则, 则所述 数据面确定所述报文的特征符合所述分类规则。  And if the feature of the message conforms to each atomization rule in the classification rule, the data plane determines that the feature of the message conforms to the classification rule.
结合第一方面的第三种可能的实现方式, 在第六种可能的实现方式中, 所述利用所述分类规则对应的所述动作集合对所述报文进行处理具体包括: 利用所述分类规则对应的所述动作集合中的每一个所述原子化动作, 在 所述执行时机对所述报文进行处理。  With reference to the third possible implementation manner of the foregoing aspect, in a sixth possible implementation, the processing, by using the action set corresponding to the classification rule, processing the packet includes: using the classification Each of the atomization actions in the set of actions corresponding to the rule processes the message at the execution time.
结合第一方面或第一方面第一种、 第二种、 第三种、 第四种、 第五种、 第六种可能的实现方式, 在第七种可能的实现方式中, 所述分类规则包括报 文空间特征、 4艮文时间特征、 4艮文组织特征、 4艮文内容特征、 4艮文流量特征 和报文环境特征; 所述动作集合包括报文特征获取类动作、 用户可见特性转 发分解和嵌套的策略支持。  With reference to the first aspect, or the first, second, third, fourth, fifth, and sixth possible implementation manners of the first aspect, in a seventh possible implementation manner, the classification rule The invention includes a message space feature, a 4-character time feature, a 4-character organization feature, a 4-character content feature, a 4-character traffic feature, and a message environment feature. The action set includes a message feature acquisition class action and a user visible feature. Forwarded decomposition and nested policy support.
在第二方面, 本发明实施例提供了一种数据面的特性配置装置, 所述装 置包括:  In a second aspect, an embodiment of the present invention provides a data plane feature configuration apparatus, where the apparatus includes:
接收单元, 用于接收控制面下发的配置命令, 所述配置命令包括特性数 据以及特性部署, 所述特性数据包括原子化规则的标识、 原子化动作的标识  a receiving unit, configured to receive a configuration command sent by the control plane, where the configuration command includes characteristic data and feature deployment, where the characteristic data includes an identifier of an atomization rule, and an identifier of an atomization action
述原子化动作的标识, 从数据面的规则集中选取原子化规则, 组成分类规则, 从所述数据面的动作集中选择原子化动作, 组成动作集合; The identification of the atomization action, selecting atomization rules from the rule set of the data surface, forming a classification rule, and selecting an atomization action from the action set of the data surface to form an action set;
组成单元, 用于根据所述特性数据包括的所述处理指示, 将所述分类规 则与所述动作集合进行对应匹配处理, 组成所述数据面中的特性; 配置单元, 用于利用所述特性部署, 将所述特性配置在所述数据面的执 行时机处, 以便于在所述执行时机处对接收到的报文进行处理, 所述特性部 署具体为所述特性与所述执行时机之间的配置关系。 a component unit, configured to: according to the processing indication included in the characteristic data, the classification rule Corresponding matching processing with the action set to form a characteristic in the data plane; a configuration unit, configured to use the feature deployment, to configure the feature at an execution timing of the data plane, so as to be in the The received message is processed at the execution timing, and the characteristic deployment is specifically a configuration relationship between the feature and the execution timing.
在第一种可能的实现方式中, 所述接收单元接收的所述配置命令还包括 所述原子化规则以及所述原子化动作;  In a first possible implementation manner, the configuration command received by the receiving unit further includes the atomization rule and the atomization action;
所述装置还包括: 放入单元, 用于将所述原子化规则放入所述数据面中 的规则集中, 将所述原子化动作放入所述数据面中的动作集中。  The apparatus further includes: a placing unit for placing the atomization rule into a rule set in the data plane, and placing the atomization action into an action set in the data plane.
结合第二方面的第一种可能的实现方式, 在第二种可能的实现方式中, 所述配置单元执行将所述特性配置在所述数据面的执行时机具体是指, 在转 发报文时, 判断所述报文是否需要与所述特性进行匹配, 所述判断的依据承 载在与所述转发报文过程强相关的关键数据结构中。  With reference to the first possible implementation manner of the second aspect, in a second possible implementation manner, when the configuration unit performs the execution time of configuring the feature on the data plane, specifically, when forwarding the packet And determining whether the packet needs to match the characteristic, and the determining is carried in a key data structure that is strongly related to the forwarding packet process.
结合第二方面的第二种可能的实现方式, 在第三种可能的实现方式中, 所述装置还包括:  With reference to the second possible implementation of the second aspect, in a third possible implementation, the device further includes:
匹配单元, 用于根据所述报文的特征, 将所述报文的特征与配置在所述 执行时机上的所述特性中的所述分类规则进行匹配处理;  a matching unit, configured to perform, according to a feature of the packet, a matching process between the feature of the packet and the classification rule configured in the feature at the execution timing;
处理单元, 用于当确定所述报文的特征符合所述分类规则时, 利用所述 分类规则对应的所述动作集合对所述报文进行处理。  The processing unit is configured to process the packet by using the action set corresponding to the classification rule when determining that the feature of the packet meets the classification rule.
结合第二方面的第三种可能的实现方式, 在第四种可能的实现方式中, 所述处理单元具体用于, 根据所述报文的特征, 按照所述执行时机的顺序, 与配置在所述执行时机上的所述特性中的所述分类规则进行匹配处理。  With the third possible implementation of the second aspect, in a fourth possible implementation, the processing unit is specifically configured to: according to the characteristics of the packet, follow the execution timing, and configure The classification rule in the characteristics on the execution timing performs matching processing.
结合第二方面的第三种可能的实现方式, 在第五种可能的实现方式中, 所述匹配单元还用于, 如果所述报文的特征符合所述分类规则中的每一个原 子化规则, 则确定所述报文的特征符合所述分类规则。  In conjunction with the third possible implementation of the second aspect, in a fifth possible implementation, the matching unit is further configured to: if the feature of the packet meets each atomization rule in the classification rule And determining that the characteristics of the message conform to the classification rule.
结合第二方面的第三种可能的实现方式, 在第六种可能的实现方式中, 所述处理单元具体用于, 利用所述分类规则对应的所述动作集合中的每一个 所述原子化动作, 在所述执行时机对所述报文进行处理。 With reference to the third possible implementation of the second aspect, in a sixth possible implementation, the processing unit is specifically configured to: use each of the action sets corresponding to the classification rule The atomization action processes the message at the execution timing.
结合第二方面或第一方面的第一种、 第二种、 第三种、 第四种、 第五种、 第六种可能的实现方式, 在第七种可能的实现方式中, 所述选取单元组成的 所述分类规则包括报文空间特征、 报文时间特征、 报文组织特征、 报文内容 特征、 报文流量特征和报文环境特征; 所述选取单元组成的所述动作集合包 括报文特征获取类动作、 用户可见特性转发分解和嵌套的策略支持。  With reference to the second aspect or the first, second, third, fourth, fifth, and sixth possible implementation manners of the first aspect, in the seventh possible implementation manner, the selecting The classification rule consisting of the unit includes the packet space feature, the packet time feature, the packet organization feature, the message content feature, the packet traffic feature, and the message environment feature. Text feature acquisition class action, user visible feature forwarding decomposition and nested policy support.
在第三方面, 本发明实施例提供了一种数据面的特性配置装置, 所述装 置包括:  In a third aspect, an embodiment of the present invention provides a data plane feature configuration apparatus, where the apparatus includes:
接口;  Interface
第一处理器;  First processor;
第二处理器;  Second processor;
第一存储器, 用于存储所述第一处理器所需的程序代码;  a first memory, configured to store program code required by the first processor;
第二存储器, 用于存储所述第二处理器所需的程序代码;  a second memory, configured to store program code required by the second processor;
所述接口用于接收报文;  The interface is configured to receive a packet;
所述第二存储器存储的所述程序代码包括可用于使所述第二处理器执行 以下过程的指令:  The program code stored by the second memory includes instructions operable to cause the second processor to perform the following process:
接收所述第一处理器下发的配置命令, 所述配置命令包括特性数据以及 特性部署, 所述特性数据包括原子化规则的标识、 原子化动作的标识和将所 述原子化规则与所述原子化动作进行对应匹配的处理指示;  And receiving, by the first processor, a configuration command, where the configuration command includes characteristic data and a feature deployment, where the feature data includes an identifier of an atomization rule, an identifier of an atomization action, and the atomization rule and the The atomization action performs a processing instruction corresponding to the matching;
根据所述特性数据包括的所述原子化规则的标识以及所述原子化动作的 标识, 从所述数据面的规则集中选取原子化规则, 组成分类规则, 从所述数 据面的动作集中选择原子化动作, 组成动作集合;  And selecting an atomization rule from the rule set of the data plane according to the identifier of the atomization rule included in the characteristic data and the identifier of the atomization action, forming a classification rule, and selecting an atom from the action set of the data plane Action, forming a set of actions;
根据所述特性数据包括的所述处理指示, 将所述分类规则与所述动作集 合进行对应匹配处理, 组成所述数据面中的特性;  And performing, according to the processing indication included in the characteristic data, the classification rule and the action set to perform corresponding matching processing to form a characteristic in the data plane;
利用所述特性部署, 将所述特性配置在所述数据面的执行时机处, 以便 于在所述执行时机处对接收到的所述报文进行处理, 所述特性部署具体为所 述特性与所述执行时机之间的配置关系。 Configuring, by using the feature deployment, the feature is configured at an execution timing of the data plane, so as to process the received packet at the execution timing, where the feature deployment is specifically The configuration relationship between the characteristics and the execution timing.
在第一种可能的实现方式中, 所述第二处理器接收的所述配置命令还包 括所述原子化规则以及所述原子化动作;  In a first possible implementation manner, the configuration command received by the second processor further includes the atomization rule and the atomization action;
所述第二存储器存储的所述程序代码还包括可用于使所述第二处理器执 行以下过程的指令:  The program code stored by the second memory further includes instructions operable to cause the second processor to perform the following process:
将所述原子化规则放入所述数据面中的规则集中, 将所述原子化动作放 入所述数据面中的动作集中。  The atomization rules are placed in a rule set in the data plane, and the atomization action is placed in an action set in the data plane.
结合第三方面的第一种可能的实现方式, 在第二种可能的实现方式中, 所述第二处理器执行将所述特性配置在所述数据面的执行时机是指在转发报 文时, 判断所述报文是否需要与所述特性进行匹配, 所述判断的依据承载在 与所述转发报文过程强相关的关键数据结构中。  With reference to the first possible implementation manner of the third aspect, in a second possible implementation manner, the performing, by the second processor, the execution timing of configuring the feature on the data plane refers to when forwarding a packet And determining whether the packet needs to match the characteristic, and the determining is carried in a key data structure that is strongly related to the forwarding packet process.
结合第三方面的第二种可能的实现方式, 在第三种可能的实现方式中, 所述第二存储器存储的所述程序代码还包括可用于使所述第二处理器执行将 所述特性配置在所述数据面的执行时机处, 以便于在所述执行时机处对接收 到的报文进行匹配处理过程的指令为:  With reference to the second possible implementation manner of the third aspect, in a third possible implementation, the program code that is stored by the second memory further includes, where the second processor is configured to perform the feature The instructions configured at the execution timing of the data plane to facilitate the matching process on the received message at the execution timing are:
根据所述报文的特征, 将所述报文的特征与配置在所述执行时机上的所 述特性中的所述分类规则进行匹配处理;  And performing, according to the feature of the packet, a matching process between the feature of the packet and the classification rule configured in the feature at the execution timing;
当确定所述报文的特征符合所述分类规则时, 利用所述分类规则对应的 所述动作集合对所述报文进行处理。  When it is determined that the feature of the packet meets the classification rule, the packet is processed by using the action set corresponding to the classification rule.
结合第三方面的第三种可能的实现方式, 在第四种可能的实现方式中, 所述第二存储器存储的所述程序代码可用于使所述第二处理器执行将所述报 文的特征与配置在所述执行时机上的所述特性中的所述分类规则进行匹配处 理过程的指令为:  In conjunction with the third possible implementation of the third aspect, in a fourth possible implementation, the program code stored in the second memory is configured to enable the second processor to perform the packet The instructions for performing the matching process with the classification rules in the characteristics configured in the execution timing are:
根据所述报文的特征, 按照所述数据面上的所述执行时机的顺序, 与配 置在所述执行时机上的所述特性中的所述分类规则进行匹配处理。  And according to the characteristics of the message, matching processing is performed with the classification rule among the characteristics configured on the execution timing in accordance with the execution timing of the data plane.
结合第三方面的第三种可能的实现方式, 在第五种可能的实现方式中, 所述第二存储器存储的所述程序代码可用于使所述第二处理器执行确定所述 报文的特征符合所述分类规则过程的指令为: In conjunction with the third possible implementation of the third aspect, in a fifth possible implementation manner, The program code stored in the second memory may be used to cause the second processor to execute an instruction to determine that a feature of the message conforms to the classification rule process is:
如果所述报文的特征符合所述分类规则中的每一个原子化规则, 则确定 所述报文的特征符合所述分类规则。  And if the feature of the message meets each atomization rule in the classification rule, determining that the feature of the message conforms to the classification rule.
结合第三方面的第三种可能的实现方式, 在第六种可能的实现方式中, 所述第二存储器存储的所述程序代码可用于使所述第二处理器利用所述分类 规则对应的所述动作集合对所述报文进行处理过程的指令为:  In conjunction with the third possible implementation of the third aspect, in a sixth possible implementation, the program code stored in the second memory is used to enable the second processor to utilize the classification rule The instruction of the action set to process the message is:
利用所述分类规则对应的所述动作集合中的每一个所述原子化动作, 在 所述执行时机对所述报文进行处理。  The message is processed at the execution timing by using the atomization action in each of the action sets corresponding to the classification rule.
结合第三方面的第一种、 第二种、 第三种、 第四种、 第五种、 第六种可 能的实现方式, 在第七种可能的实现方式中, 所述第二存储器存储的所述程 序代码中的所述分类规则包括报文空间特征、 报文时间特征、 报文组织特征、 才艮文内容特征、 文流量特征和 文环境特征; 所述动作集合包括 文特征 获取类动作、 用户可见特性转发分解和嵌套的策略支持。  With reference to the first, second, third, fourth, fifth, and sixth possible implementation manners of the third aspect, in a seventh possible implementation, the second memory is stored The classification rule in the program code includes a message space feature, a message time feature, a message organization feature, a content feature, a text traffic feature, and a text environment feature; and the action set includes a text feature acquisition class action, User-visible feature forwarding decomposition and nested policy support.
本发明实施例提供的数据面的特性配置方法和装置, 使用统一策略配置 数据面, 利用数据面中特性具有的分类规则以及动作集合对数据面接收的报 文进行转发处理, 实现了数据面的可编程, 最终实现数据面与控制面的分离。 附图说明  The method and device for configuring the characteristics of the data plane provided by the embodiment of the present invention use a unified policy to configure the data plane, and use the classification rule and the action set of the characteristics in the data plane to forward and process the packet received on the data plane, thereby realizing the data plane. Programmable, ultimately separating the data plane from the control plane. DRAWINGS
图 1为本发明实施例提供的数据面的特性配置方法流程图  1 is a flowchart of a method for configuring a data plane according to an embodiment of the present invention.
图 2为本发明实施例提供的嵌套策略示意图;  2 is a schematic diagram of a nesting policy according to an embodiment of the present invention;
图 3为本发明实施例提供的执行时机示意图;  FIG. 3 is a schematic diagram of an execution timing according to an embodiment of the present invention;
图 4为本发明实施例提供的报文转发特性的模型化示意图;  4 is a schematic diagram of modeling a packet forwarding feature according to an embodiment of the present invention;
图 5为本发明实施例提供的数据面的特性配置装置结构图;  FIG. 5 is a structural diagram of a device for configuring a characteristic of a data plane according to an embodiment of the present invention;
图 6为本发明实施例提供的数据面的特性配置装置硬件结构图; 图 7为本发明实施例提供的数据面的特性配置系统示意图。 具体实施方式 FIG. 6 is a schematic structural diagram of a hardware configuration of a data plane according to an embodiment of the present invention; FIG. 7 is a schematic diagram of a system for configuring a feature of a data plane according to an embodiment of the present invention. detailed description
为使本发明实施例的目的、 技术方案和优点更加清楚, 下面将结合本发 明实施例中的附图, 对本发明实施例中的技术方案进行清楚、 完整地描述, 显然, 所描述的实施例是本发明一部分实施例, 而不是全部的实施例。 基于 本发明中的实施例, 本领域普通技术人员在没有做出创造性劳动前提下所获 得的所有其他实施例, 都属于本发明保护的范围。  The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is a partial embodiment of the invention, and not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
为便于对本发明实时的理解, 下面将结合附图以具体实施例做进一步的 解释说明, 实施例并不构成对本发明实施例的限定。  In order to facilitate the understanding of the present invention, the embodiments of the present invention are not limited to the embodiments of the present invention.
下面以图 1为例详细说明本发明实施例提供的数据面的特性配置方法, 图 1 为本发明实施例提供的数据面的特性配置方法流程图, 在本发明实施例 中, 执行下述步骤的实施主体为数据面, 所述数据面可通过软件模块的方式 配置在路由器内部。 如图 1所示, 该实施例具体包括以下步骤:  The following is a detailed description of a method for configuring a data plane according to an embodiment of the present invention. FIG. 1 is a flowchart of a method for configuring a data plane according to an embodiment of the present invention. In the embodiment of the present invention, the following steps are performed. The implementation body is a data plane, and the data plane can be configured inside the router by means of a software module. As shown in FIG. 1, the embodiment specifically includes the following steps:
步骤 110、数据面接收控制面下发的配置命令,所述配置命令包括特性数 据以及特性部署, 所述特性数据包括原子化规则的标识、 原子化动作的标识 具体地, 控制面生成配置命令, 所述配置命令包括特性数据以及特性部 署。 在本发明实施例中, 由于控制面对用户是可见的, 控制面可通过接收用 户输入的指令生成配置指令, 并将配置命令下发至数据面。  Step 110: The data plane receives a configuration command sent by the control plane, where the configuration command includes the feature data and the feature deployment, where the feature data includes an identifier of the atomization rule, an identifier of the atomization action, and a control plane generation configuration command. The configuration command includes characteristic data and feature deployment. In the embodiment of the present invention, since the control is visible to the user, the control plane can generate a configuration command by receiving an instruction input by the user, and send the configuration command to the data plane.
数据面接收配置命令。  The data plane receives the configuration command.
步骤 120、根据所述特性数据包括的所述原子化规则的标识以及所述原子 化动作的标识, 所述数据面从所述数据面的规则集中选取原子化规则, 组成 分类规则, 从所述数据面的动作集中选择原子化动作, 组成动作集合。  Step 120: According to the identifier of the atomization rule included in the characteristic data and the identifier of the atomization action, the data plane selects an atomization rule from a rule set of the data plane, and forms a classification rule, from the The action of the data plane selects the atomization action to form the action set.
具体地, 根据配置命令包括的特性数据, 数据面从数据面的规则集中选 取原子化规则, 组成分类规则, 从数据面的动作集中选择任一个原子化动作, 组成动作集合。 所述规则集、 动作集为在先已配置在数据面中, 且所述规则 集、 动作集中包括多个原子化规则、 原子化动作。 Specifically, according to the characteristic data included in the configuration command, the data plane selects atomization rules from the rule set of the data plane to form a classification rule, and selects any atomization action from the action set of the data plane to form an action set. The rule set and the action set are previously configured in the data plane, and the rule Sets, action sets include multiple atomization rules, atomization actions.
在本发明实施例中, 所述特性数据包括待选取的原子化规则、 原子化动 作的标识 ID, 数据面从配置命令中提取特性数据后, 解析特性数据包括的待 选取的原子化规则、 原子化动作的标识 ID, 利用原子化规则、 原子化动作的 标识 ID, 从规则集、 动作集中选取对应的原子化规则、 原子化动作。  In the embodiment of the present invention, the characteristic data includes an atomization rule to be selected, an identification ID of the atomization action, and after the data surface extracts the characteristic data from the configuration command, the atomicization rule to be selected included in the analysis characteristic data, the atom The identification ID of the action, using the atomization rules and the identification ID of the atomization action, selects the corresponding atomization rule and atomization action from the rule set and the action set.
进一步地, 在所述特性数据中还包括对分类规则中原子化规则进行排序 的排序信息, 利用所述排序信息, 数据面对组成分类规则的原子化规则进行 排序。  Further, the characteristic data further includes sorting information for sorting the atomization rules in the classification rule, and the data is sorted by the atomization rules constituting the classification rules by using the sorting information.
步骤 130、根据所述特性数据包括的所述处理指示,所述数据面将所述分 类规则与所述动作集合进行对应匹配处理, 组成所述数据面中的特性。  Step 130: According to the processing indication included in the characteristic data, the data plane performs corresponding matching processing on the classification rule and the action set to form a characteristic in the data plane.
具体地, 根据配置命令包括的特性数据, 数据面将步骤 120中组成的分 类规则与动作集合进行对应处理, 组成数据面中的特性。  Specifically, according to the characteristic data included in the configuration command, the data plane performs the corresponding processing on the classification rule formed in step 120 and the action set to form a characteristic in the data plane.
在本发明实施例中, 所述特性数据还包括处理指示, 所述处理指示具体 是指将分类规则中的原子化规则与动作集合中的原子化动作进行对应匹配的 指示。  In the embodiment of the present invention, the characteristic data further includes a processing indication, where the processing indication specifically refers to an indication that the atomization rule in the classification rule is matched with the atomization action in the action set.
所述将分类规则中的原子化规则与动作集合中的原子化动作进行对应匹 配具体是指将每个原子化规则对应的原子化动作, 按照原子化规则的顺序进 行排序。  The matching of the atomization rules in the classification rule with the atomization actions in the action set specifically refers to the atomization actions corresponding to each atomization rule, which are sorted according to the order of the atomization rules.
步骤 140、利用所述特性部署,所述数据面将所述特性配置在所述数据面 的执行时机处, 以便于所述数据面在所述执行时机处对接收到的报文进行处 理 , 所述特性部署具体为所述特性与所述执行时机之间的配置关系。  Step 140: Deploying, by using the feature, the data plane configures the feature at an execution timing of the data plane, so that the data plane processes the received packet at the execution timing, where The feature deployment is specifically a configuration relationship between the feature and the execution timing.
具体地, 根据配置命令包括的特性部署, 数据面将步骤 130中组成的特 性配置在数据面的执行时机处, 以便于数据面在执行时机处对接收到的报文 进行转发处理。  Specifically, according to the characteristic deployment included in the configuration command, the data plane configures the characteristics formed in step 130 at the execution timing of the data plane, so that the data plane forwards the received packet at the execution timing.
所述特性部署具体为特性与承载点之间的配置关系, 数据面利用特性部 署将步骤 130 中组成的特性配置在数据面的执行时机处, 也即是数据面通过 特性部署, 明确将组成的特性配置在特定的执行时机处。 The feature deployment is specifically a configuration relationship between the feature and the bearer point, and the data plane utilizes the feature deployment to configure the feature formed in step 130 at the execution time of the data plane, that is, the data plane passes Feature deployment, explicitly configuring the composed features at specific execution times.
可选地, 在本发明实施例步骤 110 中控制面下发的配置命令中还包括原 子化规则以及原子化动作。 在步骤 120之前还包括数据面将配置命令包括的 原子化规则、 原子化动作放入规则集、 动作集中的步骤。 通过该步骤, 使得 数据面根据控制面下发的配置命令, 形成规则集、 动作集; 并从规则集、 动 作集中选取原子化规则、 原子化动作。  Optionally, in the step 110 of the embodiment of the present invention, the configuration command issued by the control plane further includes an atomization rule and an atomization action. Before step 120, the data plane includes the atomization rules included in the configuration command, the atomization action into the rule set, and the action set. Through this step, the data plane is formed according to the configuration command issued by the control plane to form a rule set and an action set; and the atomization rules and atomization actions are selected from the rule set and the action set.
可选地, 本发明实施例步骤 140中所述执行时机具体是指数据面在转发 报文时, 判断所述报文是否需要与配置的特性进行匹配。 所述判断的依据承 载在与转发报文过程强相关的关键数据结构中。  Optionally, the execution time in the step 140 of the embodiment of the present invention is specifically: when the data plane forwards the packet, it is determined whether the packet needs to be matched with the configured feature. The basis for the determination is contained in a key data structure that is strongly related to the process of forwarding the message.
在本发明实施例中, 所述执行时机也即是承载点, 所述承载点具体为存 在于数据面中的关键数据结构。  In the embodiment of the present invention, the execution timing is also a bearer point, and the bearer point is specifically a key data structure existing in the data plane.
可选地, 本发明实施例步骤 140 中所述数据面将所述特性配置在所述数 据面的执行时机处, 以便于所述数据面在所述执行时机处对接收到的报文进 行处理具体为:  Optionally, the data plane in step 140 of the embodiment of the present invention configures the characteristic at an execution timing of the data plane, so that the data plane processes the received packet at the execution timing. Specifically:
根据所述报文的特征, 所述数据面将所述报文的特征与配置在所述执行 时机上的所述特性中的所述分类规则进行匹配处理;  Determining, according to a feature of the packet, the data plane to match the feature of the packet with the classification rule configured in the feature at the execution timing;
当所述数据面确定所述报文的特征符合所述分类规则时, 所述数据面利 用所述分类规则对应的所述动作集合对所述报文进行处理。  When the data plane determines that the feature of the packet meets the classification rule, the data plane processes the packet by using the action set corresponding to the classification rule.
具体地, 数据面接收待转发的报文, 对报文进行解析, 获取报文的特征, 数据面将报文的特征与配置在执行时机上的特性中的分类规则进行匹配处 理; 当数据面确定报文的特征符合分类规则时, 数据面利用分类规则对应的 动作集合对报文进行转发处理。  Specifically, the data plane receives the packet to be forwarded, parses the packet, and obtains the feature of the packet, and the data plane matches the feature of the packet with the classification rule configured in the feature at the execution timing; When it is determined that the characteristics of the packet meet the classification rule, the data plane uses the action set corresponding to the classification rule to forward the packet.
进一步地, 所述根据所述报文的特征, 所述数据面将所述报文的特征与 配置在所述执行时机上的所述特性中的所述分类规则进行匹配处理具体包 括:  Further, according to the feature of the packet, the data plane matching the feature of the packet with the classification rule in the feature configured on the execution timing specifically includes:
根据报文的特征, 数据面按照数据面上的执行时机的顺序, 与配置在执 行时机上的所述特性中的分类规则进行匹配处理。 According to the characteristics of the message, the data plane is in accordance with the order of execution on the data plane, and the configuration is executed. The classification rules in the characteristics on the line timing are matched.
所述数据面确定所述报文的特征符合所述分类规则具体包括:  Determining, by the data plane, that the feature of the packet meets the classification rule includes:
数据面判断报文的特征是否符合分类规则中的每一个原子化规则, 如果 报文的特征符合分类规则中的每一个原子化规则, 则数据面确定报文的特征 符合分类规则, 否则, 如果报文的特征不符合分类规则中的每一个原子化规 贝' J , 则数据面确定报文的特征不符合分类规则。  The data plane determines whether the feature of the message conforms to each atomization rule in the classification rule. If the feature of the message conforms to each atomization rule in the classification rule, the data plane determines that the feature of the message conforms to the classification rule. Otherwise, if The characteristics of the message do not conform to each atomization rule in the classification rule, and the data plane determines that the characteristics of the message do not conform to the classification rule.
进一步地, 所述利用所述分类规则对应的所述动作集合对所述报文进行 处理具体包括:  Further, the process of processing the packet by using the action set corresponding to the classification rule includes:
如果数据面确定报文的特征符合分类规则, 则数据面利用分类规则对应 的动作集合中的每一个原子化动作, 在执行时机对报文进行转发处理。  If the data plane determines that the characteristics of the message conform to the classification rule, the data plane uses each atomization action in the action set corresponding to the classification rule to forward the message at the execution time.
可以理解的是, 报文是由数据面进行转发的, 报文具有统一的结构, 本 发明实施例为了实现数据面的可编程, 因此, 将报文的每一个特征(或称转 发特征)都进行模型化处理, 釆用统一的机制来实现动态配置。  It can be understood that the message is forwarded by the data plane, and the message has a unified structure. In order to implement the data plane, the embodiment of the present invention, therefore, each feature (or forwarding feature) of the message is Modeling, using a unified mechanism to achieve dynamic configuration.
在本发明实施例中, 将报文的转发处理进行分解, 报文的每一次转发处 理, 都可以分解为不同的特性的组合(也即是, 多个特性的组合形成每一次 对报文的转发处理, 用户对报文的转发处理是可见的) , 所述特性即在报文 转发中, 对报文处理的一个过程。 并且每一个特性都是原子化的, 也就是特 征不可以进一步的分解。  In the embodiment of the present invention, the forwarding process of the packet is decomposed, and each forwarding process of the packet can be decomposed into a combination of different characteristics (that is, a combination of multiple characteristics forms a message for each message. In the forwarding process, the forwarding process of the packet is visible to the user. The feature is a process of packet processing in packet forwarding. And each feature is atomized, that is, the feature cannot be further decomposed.
在本发明实施例中,将特性分为三个要素:分类规则(英文: c las s if ier )、 动作集合(英文: behavior )和执行时机(英文: chance ) 。 也就是, 每一 个特性由分类规则, 该分类规则对应的动作集合以及执行时机组成。  In the embodiment of the present invention, the feature is divided into three elements: a classification rule (English: c las s if ier ), an action set (English: behavior ), and an execution timing (English: chance ). That is, each attribute consists of a classification rule, a set of actions corresponding to the classification rule, and an execution timing.
分类规则可以用于确定报文符合的规则, 以及需要执行该特性中动作集 合中相关的动作。 分类规则可以但不限于包含如下几个特征:  The classification rules can be used to determine the rules that the message conforms to and the actions that need to be performed in the action set in the feature. Classification rules can be, but are not limited to, include the following features:
报文空间特征(英文: space ) : 报文接收或发送的接口  Message space feature (English: space): Interface for receiving or sending packets
报文时间特征(英文: t ime ) : 当前时间段 /某个时刻;  Message time characteristics (English: t ime ) : current time period / some time;
报文组织特征(英文: organiza t ion ) : 如某个人、 某个企业等; 报文内容特征(英文: content ) : 数据链路层 ( 12 ) /网络层 (L3 )缺 省包含、 传输层 (L4 )作为报文的业务属性、 报文应用类型属性、 报文内容 属性、 报文安全属性均合并到报文头部或者报文数据中; Organizational characteristics (English: organiza t ion ): such as a person, an enterprise, etc.; Message content feature (English: content): The data link layer (12) / network layer (L3) defaults to include, the transport layer (L4) as the service attribute of the packet, the packet application type attribute, the message content attribute, The packet security attributes are merged into the packet header or packet data.
报文流量特征(英文: traffic ) : 如带宽属性、 流策略行为属性(例如, 将报文延时发送)等, 所述带宽属性、 行为属性均存储在报文头部或者报文 数据中;  Packet traffic characteristics (English: traffic): such as bandwidth attributes, flow policy behavior attributes (for example, delaying the transmission of packets), etc., the bandwidth attributes and behavior attributes are stored in the packet header or message data;
报文环境特征:如路由器接口流量是否超过 10M、下游设备占用率是否超 过 80%等, 路由器通过与下游设备进行交互通信, 进而获取下游设备占用率。  Packet environment characteristics: If the router interface traffic exceeds 10M and the downstream device occupancy rate exceeds 80%, the router communicates with the downstream device to obtain the downstream device occupancy rate.
进一步的, 分类规则可以进一步进行划分, 划分为原子化规则。 所谓原 子化规则是定义的不可再分割的规则, 利用不同的原子化规则进行不同的组 合, 就可以组合成不同的分类规则。 因此, 分类规则是由不同的原子化规则 组合而成的。  Further, the classification rules can be further divided into atomization rules. The so-called atomization rules are defined non-separable rules. Different combinations of atomization rules can be combined into different classification rules. Therefore, the classification rules are composed of different atomization rules.
动作集合(也可以称为执行动作)是指对报文进行转发的具体相关处理, 动作集合至少包括报文特征的获取类动作、 用户可见特性转发分解和嵌套的 策略支撑。  An action set (also referred to as an action action) refers to a specific process of forwarding a message. The action set includes at least a message class acquisition action, a user visible feature forwarding decomposition, and a nested policy support.
•艮文特征的获取类动作包括以下特征:  • The acquisition class action of the essay feature includes the following features:
获取报文空间特征: 获取配置域, 所述配置域是指发送待转发报文的源 设备所在的域;  Obtaining the characteristics of the packet space: Obtaining the configuration domain, where the configuration domain is the domain where the source device that sends the packet to be forwarded is located;
获取报文时间特征: 获取当前时间;  Get the packet time feature: Get the current time;
获取报文组织特征: 获取用户关系树;  Obtain the packet organization characteristics: Obtain the user relationship tree;
获取报文内容特征: 三个类型 "传输层 (L4 ) 、 报文应用类型、 报文内 容,, ;  Get the content characteristics of the message: three types of "transport layer (L4), message application type, message content,,;
获取报文流量特征: 测量获得带宽、 配置流量监管 (英文: traffic policing ) 业务后的报文染色 (所述报文染色行为具体是指路由器将报文进 行转发的同时标记报文转发等级的行为)行为等;  Obtaining packet traffic characteristics: Packets that are measured after the bandwidth is obtained and traffic policing is configured. The packet dyeing behavior refers to the behavior of marking the packet forwarding level when the router forwards the packet. Behavior;
用户可见特性转发分解具体是指, 报文的每一次转发处理, 都可以分解 为不同的特性的组合, 也即是多个特性的组合形成每一次对报文的转发处理, 用户对报文的转发处理是可见的。 The user-disaggregated feature forwarding decomposition specifically means that each forwarding process of the packet can be decomposed. For the combination of different characteristics, that is, the combination of multiple characteristics, each time the packet is forwarded, the user's forwarding processing of the message is visible.
嵌套的策略支持作为一种动作, 是指执行一个特性中分类规则包括的原 子化规则对应的原子化动作时, 即进入另一个特性, 这通常用于分层服务质 量(英文: Hierarchical Quality of Service, 简称: HqoS ) 的情形, 如图 2所示:  Nested policy support as an action refers to the implementation of an atomization action corresponding to the atomization rules included in the classification rule in a feature, that is, into another feature, which is usually used for hierarchical service quality (English: Hierarchical Quality of Service, referred to as: HqoS), as shown in Figure 2:
特性之间是有策略关系的,符合特性 featurel中分类规则包括的原子化 规则 (经过以太网端口 (ethO) 的报文) 的报文, 执行与原子化规则对应的 原子化动作(获取用户树信息), 并进入特性 feature2。 特性 feature2中分 类规则包括的两个原子化规则为: 第一原子化规则 (个人属于企业 1 )、 第二 原子化规则(个人属于企业 2); 与第一原子化规则对应的原子化动作为特性 feature3, 与第二原子化规则对应的原子化动作为特性 feature4, 特性 feature3与特性 feature2中的个人属于企业 1存在嵌套关系;特性 feature4 与特性 feature2中的个人属于企业 2存在嵌套关系。也即是,在特性 feature 2 中嵌套了特性 feature3和特性 feature4,这个匹配过程区分出了来自同一端 口的具有属于不同企业的个人特征的报文, 因此, 特性之间是有关联的, 而 非分解。 在图 2中, 报文经过特性 featurel、 特性 feature2、 特性 feature5 以及特性 feature m的转发处理,但由于特性 feature2中嵌套了特性 feature 3 和特' 1"生 feature4, 因 才艮文经过特 'Ι"生 featurel, 特'! "生 feature2、 特' f生 feature 3或者特性 feature4、 特性 feature5以及特性 feature m的转发处 理。  There is a policy relationship between the attributes, which conforms to the atomization rules (messages that pass the Ethernet port (ethO)) included in the classification rules in the feature1, and performs atomization actions corresponding to the atomization rules (acquiring the user tree). Information), and enter the feature feature2. The two atomization rules included in the classification rule in feature2 are: the first atomization rule (person belongs to enterprise 1), the second atomization rule (person belongs to enterprise 2); the atomization action corresponding to the first atomization rule is The feature feature3, the atomization action corresponding to the second atomization rule is the feature feature4, the feature feature3 and the feature feature2 belong to the enterprise 1 nested relationship; the feature feature4 and the feature feature2 belong to the enterprise 2 nested relationship. That is, the feature feature3 and the feature feature4 are nested in the feature feature 2, and the matching process distinguishes packets from the same port that have personal characteristics belonging to different enterprises, and therefore, the characteristics are related, and Non-decomposed. In Figure 2, the message is forwarded by the feature feature1, the feature feature2, the feature feature5, and the feature feature m, but since the feature feature2 is nested with the feature feature 3 and the special '1" element feature4, Ι "Life featurel, special"! Forwarding processing of "feature feature2, special 'f' feature 3 or feature feature4, feature feature5, and feature feature m.
执行时机就是在转发处理的过程中判断是否与特性进行匹配处理的过 程, 也就是是否与特性中分类规则匹配的判断, 报文是否与特性中分类规则 匹配判断的判据一般承载在与转发过程强相关的关键数据结构中, 所述关键 数据结构存在于开放式系统互联参考模型 ( Open System Interconnection) 中的任一层中, 在本发明实施例中, 所述执行时机也即是承载点。 如图 3所示, Ll i为物理层上行方向承载点、 L2 i为数据链路层上行方向 承载点、 L3 i为网络层上行方向承载点、 L3f 网络层转发面承载点、 L3e为网 络层下行方向承载点、 L2e为数据链路层下行方向承载点、 Lie为数据层下行 方向 载点。 user i为用户上行方向 载点、 usere为用户下行方向 载点。 L4 为传输层方向承载点、 app为应用方向承载点。 在每个承载点上均配置有 特性。 其中, Ll i、 L2 i、 L3 i、 L3f、 L3e、 L2e、 Lie , user i 以及 usere为处 于数据面中的承载点; L4、 app为处于控制面中的承载点。 The execution timing is the process of judging whether to match the feature in the process of forwarding processing, that is, whether it matches the classification rule in the feature, and whether the message matches the classification rule in the feature is generally carried in the forwarding process. In the key data structure of the strong correlation, the key data structure exists in any layer of the Open System Interconnection. In the embodiment of the present invention, the execution timing is also a bearer point. As shown in Figure 3, L1i is the physical layer uplink bearer point, L2i is the data link layer uplink bearer point, L3i is the network layer uplink bearer point, L3f network layer forwarding plane bearer point, and L3e is the network layer. The downlink bearer point, L2e is the data link layer downlink direction bearer point, and Lie is the data layer downlink direction load point. User i is the user's uplink load point and usere is the user's downlink load point. L4 is the transport layer direction bearer point, and app is the application direction bearer point. Features are configured on each bearer point. Wherein, Ll i, L2 i, L3 i, L3f, L3e, L2e, Lie, user i and usere are bearer points in the data plane; L4, app are bearer points in the control plane.
数据面接收报文后, 数据面对报文进行转发处理, 当报文经过数据面中 各个承载点时, 数据面判断报文是否要经过该承载点上的特性处理, 如果该 承载点上开启了特性, 则对报文的特征与该承载点上特性的分类规则进行匹 配, 如果该承载点上关闭了特性, 则不对报文的特征与该承载点上特性的分 类规则进行匹配, 将报文转发至下一个承载点。  After the data plane receives the packet, the data is forwarded to the packet. When the packet passes through the bearer points in the data plane, the data plane determines whether the packet needs to be processed through the feature on the bearer point. If the feature is matched, the feature of the packet is matched with the classification rule of the feature at the bearer point. If the feature is disabled on the bearer point, the packet does not match the feature of the feature on the bearer point. The text is forwarded to the next bearer point.
在本发明实施例中, 当报文经过 L3f承载点时, 如果 L3f 上开启了特性, 则对报文的特征与该承载点上特性的分类规则进行匹配, 当报文的特征与该 承载点上特性的分类规则匹配时, 数据面利用分类规则对应的动作集合对报 文进行转发处理, 在图 3 中, 动作集合中包括的原子化动作包括将报文向控 制面中的 L4承载点转发, 或者将报文向 L3e承载点转发。  In the embodiment of the present invention, when the packet passes the L3f bearer point, if the feature is enabled on the L3f, the feature of the packet matches the classification rule of the feature on the bearer point, and the feature of the packet and the bearer point are matched. When the classification rule of the upper attribute matches, the data plane forwards the message by using the action set corresponding to the classification rule. In FIG. 3, the atomization action included in the action set includes forwarding the message to the L4 bearer point in the control plane. , or forward the packet to the L3e bearer.
需要说明的是, user i 载点与 usere 载点为虚拟的 载点。 user i寿 载点可存在于 Ll i、 L2 i、 L3 i 中的任一个承载点内; usere承载点可存在于 L3e、 L2e、 Lie中的任一个承载点内。  It should be noted that the user i load point and the usere load point are virtual load points. The user i lifetime may exist in any one of Ll i, L2 i, L3 i; the usere bearer may exist in any one of L3e, L2e, Lie.
图 4为本发明实施例提供的报文转发特性的模型化示意图。如图 4所示, 该模型包括数据面 1和控制面 2。  FIG. 4 is a schematic diagram of modeling a packet forwarding feature according to an embodiment of the present invention. As shown in Figure 4, the model includes data plane 1 and control plane 2.
控制面 1中包括可编程控制面部分 21和不可编程控制面部分 22 ,控制面 2根据用户输入的指令生成配置命令, 并向数据面 1下发配置命令。 所述配置 命令包括特性数据 15和特性部署 16。  The control surface 1 includes a programmable control surface portion 21 and a non-programmable control surface portion 22, and the control surface 2 generates a configuration command according to an instruction input by the user, and issues a configuration command to the data plane 1. The configuration commands include feature data 15 and feature deployment 16.
数据面 1中包括各种特性, 例如, 特性 10、 特性 20、 特性 30, 每个特性 由分类规则 1 1、 动作集合 12和执行时机组成。 Data plane 1 includes various characteristics, such as characteristic 10, characteristic 20, and characteristic 30, each characteristic It consists of classification rule 1 1, action set 12, and execution timing.
分类规则 11是由从规则集 1 3中选取的原子化规则组成的, 数据面根据 特性数据 15将不同的不可分割的原子化规则按照一定的顺序进行组合组成分 类规则 11。  The classification rule 11 is composed of atomization rules selected from the rule set 13 , and the data plane combines different indivisible atomization rules in a certain order according to the characteristic data 15 to form a classification rule 11 .
动作集合 12是由从动作集 14中选取的原子化动作组成的, 数据面根据 特性数据 15将不同的不可分割的原子化动作按照一定的顺序进行组合组成动 作集合 12。  The action set 12 is composed of atomization actions selected from the action set 14, and the data plane combines different indivisible atomization actions in a certain order according to the characteristic data 15 to form an action set 12.
其中, 规则集 1 3已在先存在于数据面 1中, 在一种实现方式中, 在规则 集 1 3中包括多个原子化规则, 数据面根据特性数据 15 , 在规则集 1 3中选取 部分原子化规则组成特性中的分类规则, 或者, 在另一种实现方式中, 数据 面将配置命令包括的原子化规则放入规则集 1 3中,再根据特性数据进行选取, 组成特性中的分类规则。  The rule set 13 has previously existed in the data plane 1. In an implementation manner, a plurality of atomization rules are included in the rule set 13 , and the data plane is selected according to the characteristic data 15 in the rule set 13 The partial atomization rule constitutes a classification rule in the characteristic, or, in another implementation manner, the data plane puts the atomization rule included in the configuration command into the rule set 13 and selects according to the characteristic data, and constitutes the characteristic Classification rules.
其中, 动作集 14已在先存在于数据面 1中, 在一种实现方式中, 在动作 集 14中包括多个原子化动作, 数据面根据特性数据 15 , 在动作集 14中选取 部分原子化动作组成特性中的动作集合, 或者, 在另一种实现方式中, 数据 面将配置命令包括的原子化动作放入动作集 14中,再根据特性数据进行选取, 组成特性中的动作集合。  The action set 14 has previously existed in the data plane 1, and in one implementation, the action set 14 includes a plurality of atomization actions, and the data plane selects a partial atomization in the action set 14 according to the feature data 15. The set of actions in the action composition feature, or in another implementation, the data plane puts the atomization action included in the configuration command into the action set 14, and then selects according to the feature data to form the action set in the feature.
数据面利用特性数据 15 , 将分类规则 1 1与动作集合 12进行对应处理, 组成特性 10。 同理, 组成特性 20、 特性 30。  The data plane uses the characteristic data 15 to process the classification rule 1 1 and the action set 12 to form the characteristic 10. In the same way, composition characteristics 20, characteristics 30.
数据面根据特性部署 16将组成的特性配置在数据面 1的不同承载点上。 由此实现了报文转发处理时按照不同承载点进行处理, 当承载点上配置有特 性 10的时候则进行相应处理。  The data plane is deployed according to the characteristics. 16 The constituent characteristics are configured on different bearer points of the data plane 1. Therefore, when the packet forwarding process is performed, the processing is performed according to different bearer points. When the feature 10 is configured on the bearer point, the corresponding processing is performed.
所以, 用户可以利用控制面来控制数据面生成特性, 通过特性部署将特 性配置在数据面的不同承载点上, 实现了使用统一策略配置数据面, 而且数 据面可以编程处理, 数据面与控制面分离, 利用数据面中特性具有的分类规 则以及动作集合对数据面接收的报文进行转发处理, 实现数据面的可编程处 理。 Therefore, the user can control the data surface generation characteristics by using the control plane, configure the characteristics on different data points of the data plane through feature deployment, realize the configuration of the data plane using the unified strategy, and the data plane can be programmed, the data plane and the control plane. Separation, using the classification rules and action sets of the characteristics in the data plane to forward the message received on the data plane, and realize the programmable side of the data plane Reason.
在一个例子中, 数据面中具有三个特性, 即特性 1、 特性 2和特性 3。 特 性 1包括的分类规则是 classifierl, classif ierl由第一原子化规则、 第二 原子化规则组成, 动作集合是 actionl; 特性 2的分类规则是 classifie , classifie 仅由第三原子化规则组成, 动作集合是 act ion2; 特性 3的分类 规则是 classified, classified由第四原子化规则、第五原子化规则组成, 动作集合是 action3。数据面在承载点 1配置特性 1, 在承载点 2配置特性 2, 在承载点 3配置特性 3。  In one example, there are three characteristics in the data plane, namely, Feature 1, Feature 2, and Feature 3. The classification rule included in feature 1 is classifierl, classif ierl is composed of the first atomization rule and the second atomization rule, and the action set is actionl; the classification rule of feature 2 is classifie, classifie is composed only of the third atomization rule, action set It is act ion2; the classification rule of feature 3 is classified, the classification is composed of the fourth atomization rule and the fifth atomization rule, and the action set is action3. The data plane is configured at the bearer point 1 configuration 1, the feature 2 is configured at the bearer point 2, and the feature 3 is configured at the bearer point 3.
当数据面接收到报文后, 报文按序进入承载点 1、 承载点 2、 承载点 3。 当报文进入承载点 1时, 因为承载点 1部署了特性 1, 进而数据面对报文的特 征与特性 1的分类规则进行匹配, 在本发明实施例中,报文的特征匹配特性 1 的分类规则包括的第一原子化规则以及第二原子化规则, 则数据面根据动作 集合包括的原子化动作对报文进行转发处理, 即进行 actionl处理, 也即是, 在图 4中, 报文转发流程的虚线穿过特性 1表示。  After the data plane receives the packet, the packet enters the bearer point 1, the bearer point 2, and the bearer point 3. When the packet enters the bearer point 1, the feature 1 of the packet is matched, and the feature of the packet is matched with the classification rule of the feature 1 in the data. The first atomization rule and the second atomization rule included in the classification rule, the data plane forwards the message according to the atomization action included in the action set, that is, performs actionl processing, that is, in FIG. 4, the message The dotted line of the forwarding process is indicated by the characteristic 1.
当报文通过 actionl处理后进入承载点 2时,由于承载点 2部署了特性 2, 进而数据面对报文的特征与特性 2的分类规则进行匹配, 在本发明实施例中, 报文的特征不匹配特性 2 的分类规则, 则不再进行与分类规则对应的动作集 合的处理, 也即是, 在图 4中, 报文转发流程的虚线未穿过特性 2表示。  When the packet is processed by the actionl and enters the bearer 2, the feature 2 is deployed in the bearer 2, and the data is matched with the feature of the feature 2 and the feature of the feature 2 is matched. In the embodiment of the present invention, the feature of the packet is If the classification rule of the feature 2 is not matched, the processing of the action set corresponding to the classification rule is not performed, that is, in FIG. 4, the dotted line of the message forwarding flow is not indicated by the characteristic 2.
当报文通过 actionl处理进入承载点 3时, 因为承载点 3部署了特性 3, 进而数据面对报文的特征与特性 3的分类规则进行匹配, 在本发明实施例中, 报文的特征匹配特性 3 的分类规则, 则数据面根据动作集合包括的原子化动 作对报文进行转发处理, 即进行 action3处理, 也即是, 在图 4 中, 报文转 发流程的虚线穿过特性 3表示。  When the packet enters the bearer point 3 through the actionl process, the feature 3 is deployed in the bearer point 3, and the feature of the packet is matched with the feature of the feature 3 in the data. In the embodiment of the present invention, the feature matching of the packet is matched. For the classification rule of feature 3, the data plane forwards the message according to the atomization action included in the action set, that is, performs action3 processing, that is, in FIG. 4, the dotted line of the message forwarding flow is indicated by the characteristic 3.
因此, 根据本发明实施例提供的数据面的特性配置方法, 使用统一策略 配置数据面, 利用对数据面中特性具有的分类规则以及动作集合对数据面接 收的报文进行转发处理, 实现了数据面的可编程, 最终实现数据面与控制面 的分离。 Therefore, according to the feature configuration method of the data plane provided by the embodiment of the present invention, the data plane is configured by using a unified policy, and the data received by the data plane is forwarded by using the classification rule and the action set of the characteristics in the data plane, and the data is realized. Programmable, final data surface and control surface Separation.
上述实施例描述的方法均可实现数据面的特性配置方法, 相应地, 本发 明实施例还提供了一种数据面的特性配置装置, 用以实现前述实施例中数据 面的特性配置方法, 如图 5 所示, 所述装置包括: 接收单元 51 0、 选取单元 520、 组成单元 530和配置单元 540。  The method described in the foregoing embodiments can implement the feature configuration method of the data plane. Correspondingly, the embodiment of the present invention further provides a data plane feature configuration device, which is used to implement the feature configuration method of the data plane in the foregoing embodiment, such as As shown in FIG. 5, the apparatus includes: a receiving unit 510, a selecting unit 520, a component unit 530, and a configuration unit 540.
所述装置中接收单元 51 0 , 用于接收控制面下发的配置命令, 所述配置命 令包括特性数据以及特性部署, 所述特性数据包括原子化规则的标识、 原子 化动作的标识和将所述原子化规则与所述原子化动作进行对应匹配的处理指 示; 所述原子化动作的标识, 从数据面的规则集中选取原子化规则, 组成分类规 贝' J , 从所述数据面的动作集中选择原子化动作, 组成动作集合;  The receiving unit 51 0 is configured to receive a configuration command issued by the control plane, where the configuration command includes characteristic data and feature deployment, where the feature data includes an identifier of an atomization rule, an identifier of an atomization action, and a a processing indication that the atomization rule is matched with the atomization action; the identifier of the atomization action selects an atomization rule from a rule set of the data surface to form a classification rule 'J, an action from the data surface Centrally select atomic actions to form action sets;
组成单元 530 , 用于根据所述特性数据包括的所述处理指示, 将所述分类 规则与所述动作集合进行对应匹配处理, 组成所述数据面中的特性;  The component unit 530 is configured to perform corresponding matching processing on the classification rule and the action set according to the processing indication included in the characteristic data, to form a characteristic in the data plane;
配置单元 540 , 用于利用所述特性部署, 将所述特性配置在所述数据面的 执行时机处, 以便于在所述执行时机处对接收到的报文进行处理, 所述特性 部署具体为所述特性与所述执行时机之间的配置关系。  The configuration unit 540 is configured to use the feature deployment to configure the feature at an execution timing of the data plane, so as to process the received packet at the execution timing, where the feature deployment is specifically The configuration relationship between the characteristics and the execution timing.
所述接收单元 51 0接收的所述配置命令还包括所述原子化规则以及所述 原子化动作;  The configuration command received by the receiving unit 510 further includes the atomization rule and the atomization action;
所述装置还包括: 放入单元 550 , 用于将所述原子化规则放入所述数据面 中的规则集中, 将所述原子化动作放入所述数据面中的动作集中。  The apparatus further includes: a loading unit 550 for placing the atomization rule into a rule set in the data plane, and placing the atomization action into an action set in the data plane.
所述配置单元 540执行将所述特性配置在所述数据面的执行时机具体是 指, 在转发报文时, 判断所述报文是否需要与所述特性进行匹配, 所述判断 的依据承载在与所述转发报文过程强相关的关键数据结构中。  The configuration unit 540 performs the execution timing of configuring the feature on the data plane. Specifically, when the packet is forwarded, it is determined whether the packet needs to be matched with the feature, and the judgment is carried in the In the key data structure strongly related to the forwarding message process.
所述装置还包括: 匹配单元 560 , 用于根据所述 ·艮文的特征, 将所述 ·艮文 的特征与配置在所述执行时机上的所述特性中的所述分类规则进行匹配处 理; The device further includes: a matching unit 560, configured to match, according to the feature of the message, the feature of the message with the classification rule of the feature configured on the execution timing Reason
处理单元 570, 用于当确定所述报文的特征符合所述分类规则时, 利用所 述分类规则对应的所述动作集合对所述报文进行处理。  The processing unit 570 is configured to process the packet by using the action set corresponding to the classification rule when determining that the feature of the packet meets the classification rule.
所述处理单元 570具体用于, 根据所述报文的特征, 按照所述执行时机 的顺序, 与配置在所述执行时机上的所述特性中的所述分类规则进行匹配处 理。  The processing unit 570 is specifically configured to perform matching processing with the classification rule in the characteristics configured on the execution timing according to the characteristics of the message according to the execution timing.
所述匹配单元 560还用于, 如果所述报文的特征符合所述分类规则中的 每一个原子化规则, 则确定所述报文的特征符合所述分类规则。  The matching unit 560 is further configured to: if the feature of the packet meets each atomization rule in the classification rule, determine that the feature of the packet conforms to the classification rule.
所述处理单元 570具体用于, 利用所述分类规则对应的所述动作集合中 的每一个所述原子化动作, 在所述执行时机对所述报文进行处理。  The processing unit 570 is specifically configured to process the packet at the execution time by using each of the atomization actions in the action set corresponding to the classification rule.
所述选取单元 520组成的所述分类规则包括报文空间特征、 报文时间特 征、 文组织特征、 文内容特征、 文流量特征和 文环境特征; 所述选 取单元组成的所述动作集合包括报文特征获取类动作、 用户可见特性转发分 解和嵌套的策略支持。  The classification rule composed by the selecting unit 520 includes a message space feature, a message time feature, a text organization feature, a text content feature, a text traffic feature, and a text environment feature; and the action set consisting of the selection unit includes a message Feature acquisition class actions, user visible feature forwarding decomposition, and nested policy support.
因此, 根据本发明实施例提供的数据面的特性配置装置, 使用统一策略 配置数据面, 利用对数据面中特性具有的分类规则以及动作集合对数据面接 收的报文进行转发处理, 实现了数据面的可编程, 最终实现数据面与控制面 的分离。  Therefore, according to the data plane characteristic configuration apparatus provided by the embodiment of the present invention, the data plane is configured by using a unified policy, and the data received by the data plane is forwarded by using the classification rule and the action set of the characteristics in the data plane, and the data is realized. The surface is programmable, and finally the separation of the data plane from the control plane is achieved.
另外, 本发明实施例提供的数据面的特性配置装置还可以釆用的实现方 式如下, 用以实现前述本发明实施例中的数据面的特性配置方法, 如图 6 所 示, 所述数据面的特性配置装置包括: 接口 610、 第一处理器 620、 第二处理 器 630、 第一存储器 640和第二存储器 650。 系统总线 660用于连接接口 610、 第一处理器 620、 第二处理器 630、 第一存储器 640和第二存储器 650。  In addition, the data plane feature configuration apparatus provided by the embodiment of the present invention may also be implemented as follows to implement the data plane feature configuration method in the foregoing embodiment of the present invention. As shown in FIG. 6, the data plane is The characteristic configuration device includes: an interface 610, a first processor 620, a second processor 630, a first memory 640, and a second memory 650. The system bus 660 is used to connect the interface 610, the first processor 620, the second processor 630, the first memory 640, and the second memory 650.
接口 610可以为以下一种或多种: 提供有线接口的网络接口控制器(英 文: network interface contro l ler , 缩写: NIC ) , 例 ¾口以太网 NIC, 该以 太网 NIC可以提供铜线接口, 光纤接口或既提供铜线接口也提供光纤接口; 提供无线接口的 NIC, 例如无线局域网(英文: wireless local area network, 缩写: WLAN) NIC。 The interface 610 can be one or more of the following: a network interface controller (English: network interface contro l ler, abbreviated: NIC) providing a wired interface, and an Ethernet NIC, which can provide a copper interface. Fiber optic interface or both copper and fiber optic interfaces; A NIC that provides a wireless interface, such as a wireless local area network (English: wireless local area network, abbreviation: WLAN) NIC.
第一处理器 620, 用于执行与控制面相关的命令。 进一步地, 第一处理器 620接收用户输入的指令,根据用户输入的指令生成配置命令, 并将配置命令 下发至第二处理器 630;  The first processor 620 is configured to execute a command related to the control plane. Further, the first processor 620 receives an instruction input by the user, generates a configuration command according to the instruction input by the user, and sends the configuration command to the second processor 630;
第二处理器 630, 用于执行与数据面相关的命令, 并与第一处理器 620 进行交互通信。  The second processor 630 is configured to execute a command related to the data plane and perform interactive communication with the first processor 620.
第一存储器 640, 存储程序代码, 将存储的程序代码传输给第一处理器 620, 所述程序代码为第一处理器 620所需的。  The first memory 640 stores the program code and transmits the stored program code to the first processor 620, which is required by the first processor 620.
第二存储器 650, 存储程序代码, 以及存储规则集、 动作集、 分类规则、 动作集合等, 并将存储的程序代码传输给第二处理器 630, 所述程序代码为第 二处理器 630所需的。  The second memory 650 stores the program code, and the storage rule set, the action set, the classification rule, the action set, and the like, and transmits the stored program code to the second processor 630, where the program code is required by the second processor 630. of.
第一 /第二存储器, 可以是易失性存储器(英文: volatile memory ) , 例如随机存取存储器(英文: random-access memory, 缩写: RAM) ; 或者非 易失性存储器(英文: non-volatile memory ) ,例如快闪存储器(英文: flash memory ) , 硬盘(英文: hard disk drive, 缩写: HDD)或固态硬盘(英文: solid-state drive, 缩写: SSD ) ; 或者上述种类的存储器的组合。  The first/second memory may be a volatile memory (English: volatile memory), such as a random access memory (English: random-access memory, abbreviation: RAM); or a non-volatile memory (English: non-volatile) Memory ) , such as flash memory (English: flash memory), hard disk (English: hard disk drive, abbreviation: HDD) or solid state drive (English: solid-state drive, abbreviation: SSD); or a combination of the above types of memory.
所述数据面的特性配置装置中的接口 610用于接收报文。  The interface 610 in the feature configuration device of the data plane is configured to receive a message.
所述第二存储器 640存储的所述程序代码包括可用于使所述第二处理器 630执行以下过程的指令:  The program code stored by the second memory 640 includes instructions that can be used to cause the second processor 630 to perform the following process:
接收所述第一处理器下发的配置命令, 所述配置命令包括特性数据以及 特性部署, 所述特性数据包括原子化规则的标识、 原子化动作的标识和将所 述原子化规则与所述原子化动作进行对应匹配的处理指示;  And receiving, by the first processor, a configuration command, where the configuration command includes characteristic data and a feature deployment, where the feature data includes an identifier of an atomization rule, an identifier of an atomization action, and the atomization rule and the The atomization action performs a processing instruction corresponding to the matching;
根据所述特性数据包括的所述原子化规则的标识以及所述原子化动作的 标识, 从所述数据面的规则集中选取原子化规则, 组成分类规则, 从所述数 据面的动作集中选择原子化动作, 组成动作集合; 根据所述特性数据包括的所述处理指示, 将所述分类规则与所述动作集 合进行对应匹配处理, 组成所述数据面中的特性; And selecting an atomization rule from the rule set of the data plane according to the identifier of the atomization rule included in the characteristic data and the identifier of the atomization action, forming a classification rule, and selecting an atom from the action set of the data plane Action, forming a set of actions; And performing, according to the processing indication included in the characteristic data, matching the classification rule and the action set to form a characteristic in the data plane;
利用所述特性部署, 将所述特性配置在所述数据面的执行时机处, 以便 于在所述执行时机处对接收到的所述报文进行处理, 所述特性部署具体为所 述特性与所述执行时机之间的配置关系。  Configuring, by the feature deployment, the feature is configured at an execution timing of the data plane, so as to process the received packet at the execution timing, where the feature deployment is specifically The configuration relationship between the execution timings.
进一步地, 所述第二处理器 630接收的所述配置命令还包括所述原子化 规则以及所述原子化动作;  Further, the configuration command received by the second processor 630 further includes the atomization rule and the atomization action;
所述第二存储器 650存储的所述程序代码还包括可用于使所述第二处理 器 630执行以下过程的指令:  The program code stored by the second memory 650 also includes instructions that can be used to cause the second processor 630 to perform the following process:
将所述原子化规则放入所述数据面中的规则集中, 将所述原子化动作放 入所述数据面中的动作集中。  The atomization rules are placed in a rule set in the data plane, and the atomization action is placed in an action set in the data plane.
进一步地, 所述第二处理器 630执行将所述特性配置在所述数据面的执 行时机是指在转发报文时, 判断所述报文是否需要与所述特性进行匹配, 所 述判断的依据承载在与所述转发报文过程强相关的关键数据结构中。  Further, the performing, by the second processor 630, the execution timing of configuring the feature on the data plane, when determining whether the packet needs to be matched with the feature, when the packet is forwarded, the determining According to the key data structure that is strongly related to the process of forwarding the message.
进一步地, 所述第二存储器 650存储的所述程序代码还包括可用于使所 述第二处理器 630执行将所述特性配置在所述数据面的执行时机处, 以便于 在所述执行时机处对接收到的报文进行匹配处理过程的指令为:  Further, the program code stored by the second memory 650 further includes an operation timing that is operable to cause the second processor 630 to perform configuring the feature at the data plane, so as to be at the execution timing The instruction to perform the matching process on the received message is:
根据所述报文的特征, 将所述报文的特征与配置在所述执行时机上的所 述特性中的所述分类规则进行匹配处理;  And performing, according to the feature of the packet, a matching process between the feature of the packet and the classification rule configured in the feature at the execution timing;
当确定所述报文的特征符合所述分类规则时, 利用所述分类规则对应的 所述动作集合对所述报文进行处理。  When it is determined that the feature of the packet meets the classification rule, the packet is processed by using the action set corresponding to the classification rule.
进一步地, 所述第二存储器 650存储的所述程序代码可用于使所述第二 处理器 630执行将所述报文的特征与配置在所述执行时机上的所述特性中的 所述分类规则进行匹配处理过程的指令为:  Further, the program code stored by the second memory 650 can be used to cause the second processor 630 to perform the classification of the feature of the message and the characteristic configured on the execution timing. The instructions for the rule to perform the matching process are:
根据所述报文的特征, 按照所述数据面上的所述执行时机的顺序, 与配 置在所述执行时机上的所述特性中的所述分类规则进行匹配处理。 进一步地, 所述第二存储器 650存储的所述程序代码可用于使所述第二 处理器 630执行确定所述报文的特征符合所述分类规则过程的指令为: And performing, according to the feature of the message, a matching process with the classification rule in the characteristic configured on the execution timing according to the execution timing of the data plane. Further, the program code stored by the second memory 650 can be used to enable the second processor 630 to execute an instruction that determines that the feature of the message conforms to the classification rule process:
如果所述报文的特征符合所述分类规则中的每一个原子化规则, 则确定 所述报文的特征符合所述分类规则。  And if the feature of the message meets each atomization rule in the classification rule, determining that the feature of the message conforms to the classification rule.
进一步地, 所述第二存储器 650存储的所述程序代码可用于使所述第二 处理器 630 利用所述分类规则对应的所述动作集合对所述报文进行处理过程 的指令为:  Further, the program code stored by the second memory 650 can be used to enable the second processor 630 to process the message by using the action set corresponding to the classification rule:
利用所述分类规则对应的所述动作集合中的每一个所述原子化动作, 在 所述执行时机对所述报文进行处理。  The message is processed at the execution timing by using the atomization action in each of the action sets corresponding to the classification rule.
进一步地, 所述第二存储器 650存储的所述程序代码中的所述分类规则 包括报文空间特征、 报文时间特征、 报文组织特征、 报文内容特征、 报文流 量特征和报文环境特征; 所述动作集合包括报文特征获取类动作、 用户可见 特性转发分解和嵌套的策略支持。  Further, the classification rule in the program code stored by the second memory 650 includes a packet space feature, a packet time feature, a packet organization feature, a message content feature, a packet traffic feature, and a message environment. The action set includes a message feature acquisition class action, a user visible feature forwarding decomposition, and a nested policy support.
因此, 根据本发明实施例提供的数据面的特性配置装置, 使用统一策略 配置数据面, 利用对数据面中特性具有的分类规则以及动作集合对数据面接 收的报文进行转发处理, 实现了数据面的可编程, 最终实现数据面与控制面 的分离。  Therefore, according to the data plane characteristic configuration apparatus provided by the embodiment of the present invention, the data plane is configured by using a unified policy, and the data received by the data plane is forwarded by using the classification rule and the action set of the characteristics in the data plane, and the data is realized. The surface is programmable, and finally the separation of the data plane from the control plane is achieved.
另外, 本发明实施例还提供了一种数据面的特性配置系统, 如图 7所示, 所述系统包括, 本发明前述实施例提供的报文的处理装置。  In addition, the embodiment of the present invention further provides a data surface feature configuration system. As shown in FIG. 7, the system includes the message processing device provided by the foregoing embodiment.
进一步地, 所述系统还包括: 控制面, 其中, 所述控制面包括控制单元, 所述控制单元可通过处理器实现。  Further, the system further includes: a control plane, wherein the control plane includes a control unit, and the control unit is implemented by a processor.
在图 7 中, 所述控制单元用于向所述数据面的特性配置装置下发配置命 令, 数据面的特性配置装置中的接收单元接收所述控制单元下发的配置命令, 所述配置命令包括原子化规则、 原子化动作、 特性数据以及特性部署, 并将 配置命令传输至选取单元、 组成单元、 配置单元以及放入单元, 放入单元根 据配置命令, 将配置命令包括的原子化规则放入规则集中, 将原子化动作放 入动作集中; 选取单元根据配置命令, 利用配置命令包括的特性数据从规则 集中选取原子化规则, 组成分类规则, 从动作集中选择原子化动作, 组成动 作集合; 组成该单元根据特性数据, 将分类规则与动作集合进行对应处理, 组成特性; 配置单元根据配置命令包括的特性部署, 将特性配置在数据面的 执行时机处。 In FIG. 7, the control unit is configured to send a configuration command to the characteristic configuration device of the data plane, and the receiving unit in the characteristic configuration device of the data plane receives the configuration command delivered by the control unit, where the configuration command is Including atomization rules, atomization actions, feature data, and feature deployment, and transferring configuration commands to the selection unit, component unit, configuration unit, and into the unit, placing the unit into the unit according to the configuration command, placing the atomization rules included in the configuration command Into the rule set, put the atomization action In the action set; the selection unit selects the atomization rule from the rule set according to the configuration command, and uses the characteristic data included in the configuration command to form a classification rule, and selects an atomization action from the action set to form an action set; and the component is classified according to the characteristic data. The rule and the action set are processed correspondingly to form a characteristic; the configuration unit is deployed according to the characteristics included in the configuration command, and the feature is configured at the execution timing of the data plane.
因此, 根据本发明实施例提供的数据面的特性配置系统, 使用统一策略 配置数据面, 利用对数据面中特性具有的分类规则以及动作集合对数据面接 收的报文进行转发处理, 实现了数据面的可编程, 最终实现数据面与控制面 的分离。  Therefore, according to the data plane feature configuration system provided by the embodiment of the present invention, the data plane is configured by using a unified policy, and the data received by the data plane is forwarded by using the classification rule and the action set of the characteristics in the data plane, and the data is realized. The surface is programmable, and finally the separation of the data plane from the control plane is achieved.
本领域技术人员应该还可以进一步意识到, 结合本文中所公开的实施例 描述的各示例的单元及步骤, 、 能够通过计算机软件来实现, , 在上述说明 中已经按照功能一般性地描述了各示例的组成及步骤。 这些功能究竟以硬件 还是软件方式来执行, 取决于技术方案的特定应用和设计约束条件。 本领域 技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能, 但是 这种实现不应认为超出本发明的范围。  Those skilled in the art should further appreciate that the elements and steps of the various examples described in connection with the embodiments disclosed herein can be implemented by computer software, which has been generally described in terms of function in the above description. Example composition and steps. Whether these functions are performed in hardware or software depends on the specific application and design constraints of the solution. Those skilled in the art can use different methods to implement the described functions for each particular application, but such implementation should not be considered to be beyond the scope of the present invention.
结合本文中所公开的实施例描述的方法或算法的步骤可以通过、 处理器 执行的软件模块来实施。 软件模块可以置于随机存储器(英文: RAM ) 、 只读 存储器(英文: ROM ) 、 电可编程 R0M、 电可擦除可编程 R0M、 寄存器、 硬盘、 可移动磁盘、 、 或技术领域内所公知的任意其它形式的存储介质中。  The steps of a method or algorithm described in connection with the embodiments disclosed herein can be implemented by a software module executed by a processor. The software module can be placed in a random access memory (English: RAM), read only memory (English: ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, removable disk, or the like. Any other form of storage medium.
以上所述的具体实施方式, 对本发明的目的、 技术方案和有益效果进行 了进一步详细说明, 所应理解的是, 以上所述仅为本发明的具体实施方式而 已, 并不用于限定本发明的保护范围, 凡在本发明的技术方案的基础上, 所 做的任何修改、 等同替换、 改进等, 均应包含在本发明的保护范围之内。  The above described embodiments of the present invention are further described in detail, and the embodiments of the present invention are intended to be illustrative only. The scope of the protection, any modifications, equivalent substitutions, improvements, etc., which are made on the basis of the technical solutions of the present invention, are included in the scope of the present invention.

Claims

权 利 要 求 书 claims
1、 一种数据面的特性配置方法, 其特征在于, 所述方法包括: 1. A data plane characteristic configuration method, characterized in that the method includes:
数据面接收控制面下发的配置命令, 所述配置命令包括特性数据以及特 性部署, 所述特性数据包括原子化规则的标识、 原子化动作的标识和将所述 原子化规则与所述原子化动作进行对应匹配的处理指示; The data plane receives the configuration command issued by the control plane. The configuration command includes characteristic data and characteristic deployment. The characteristic data includes the identification of the atomization rule, the identification of the atomization action and the combination of the atomization rule and the atomization The action performs corresponding matching processing instructions;
根据所述特性数据包括的所述原子化规则的标识以及所述原子化动作的 标识, 所述数据面从所述数据面的规则集中选取原子化规则, 组成分类规则, 从所述数据面的动作集中选择原子化动作, 组成动作集合; According to the identification of the atomization rule and the identification of the atomization action included in the characteristic data, the data plane selects the atomization rule from the rule set of the data plane to form a classification rule. The action set selects atomized actions to form an action set;
根据所述特性数据包括的所述处理指示, 所述数据面将所述分类规则与 所述动作集合进行对应匹配处理, 组成所述数据面中的特性; According to the processing instructions included in the characteristic data, the data plane performs corresponding matching processing on the classification rules and the action set to form characteristics in the data plane;
利用所述特性部署, 所述数据面将所述特性配置在所述数据面的执行时 机处, 以便于所述数据面在所述执行时机处对接收到的报文进行处理, 所述 特性部署具体为所述特性与所述执行时机之间的配置关系。 Utilizing the characteristic deployment, the data plane configures the characteristic at the execution timing of the data plane, so that the data plane processes the received message at the execution timing, and the characteristic deployment Specifically, it is the configuration relationship between the characteristics and the execution timing.
2、 根据权利要求 1所述的数据面的特性配置方法, 其特征在于, 所述配 所述根据所述特性数据, 所述数据面从所述数据面的规则集中选取原子 化规则, 组成分类规则, 从所述数据面的动作集中选择原子化动作, 组成动 作集合之前还包括: 子化动作放入所述数据面中的动作集中。 2. The characteristic configuration method of the data plane according to claim 1, characterized in that, the configuration is based on the characteristic data, and the data plane selects atomization rules from the rule set of the data plane to form a classification The rule selects an atomic action from the action set of the data plane, and before forming the action set, it also includes: placing the sub-action into the action set in the data plane.
3、 根据权利要求 1所述的数据面的特性配置方法, 其特征在于, 所述执 行时机是指所述数据面在转发报文时, 判断所述报文是否需要与所述特性进 行匹配, 所述判断的依据承载在与所述转发报文过程强相关的关键数据结构 中。 3. The data plane characteristic configuration method according to claim 1, wherein the execution timing refers to when the data plane forwards a message to determine whether the message needs to match the characteristic, The basis for the judgment is carried in a key data structure that is strongly related to the message forwarding process.
4、 根据权利要求 3所述的数据面的特性配置方法, 其特征在于, 所述数 据面将所述特性配置在所述数据面的执行时机处, 以便于所述数据面在所述 执行时机处对接收到的报文进行处理具体为: 4. The characteristic configuration method of the data plane according to claim 3, characterized in that the data plane configures the characteristics at the execution timing of the data plane, so that the data plane can The details of processing the received message at the execution timing are as follows:
根据所述报文的特征, 所述数据面将所述报文的特征与配置在所述执行 时机上的所述特性中的所述分类规则进行匹配处理; According to the characteristics of the message, the data plane matches the characteristics of the message with the classification rules configured in the characteristics of the execution timing;
当所述数据面确定所述报文的特征符合所述分类规则时, 所述数据面利 用所述分类规则对应的所述动作集合对所述报文进行处理。 When the data plane determines that the characteristics of the message conform to the classification rule, the data plane uses the action set corresponding to the classification rule to process the message.
5、 根据权利要求 4所述的数据面的特性配置方法, 其特征在于, 所述根 据所述报文的特征, 所述数据面将所述报文的特征与配置在所述执行时机上 的所述特性中的所述分类规则进行匹配处理具体包括: 5. The data plane characteristic configuration method according to claim 4, characterized in that, according to the characteristics of the message, the data plane combines the characteristics of the message with the characteristics configured on the execution timing. The matching processing of the classification rules in the characteristics specifically includes:
根据所述报文的特征, 所述数据面按照所述数据面上的所述执行时机的 顺序, 与配置在所述执行时机上的所述特性中的分类规则进行匹配处理。 According to the characteristics of the message, the data plane performs matching processing with the classification rules in the characteristics configured on the execution timing according to the order of the execution opportunities on the data plane.
6、 根据权利要求 4所述的数据面的特性配置方法, 其特征在于, 所述数 据面确定所述报文的特征符合所述分类规则具体包括: 6. The data plane characteristic configuration method according to claim 4, wherein the data plane determines that the characteristics of the message comply with the classification rules specifically includes:
如果所述报文的特征符合所述分类规则中的每一个原子化规则, 则所述 数据面确定所述报文的特征符合所述分类规则。 If the characteristics of the packet conform to each atomization rule in the classification rules, the data plane determines that the characteristics of the packet conform to the classification rules.
7、 根据权利要求 4所述的数据面的特性配置方法, 其特征在于, 所述利 用所述分类规则对应的所述动作集合对所述报文进行处理具体包括: 7. The data plane characteristic configuration method according to claim 4, wherein the processing of the message using the action set corresponding to the classification rule specifically includes:
利用所述分类规则对应的所述动作集合中的每一个所述原子化动作, 在 所述执行时机对所述报文进行处理。 Using each of the atomic actions in the action set corresponding to the classification rule, the message is processed at the execution timing.
8、根据权利要求 1-7任一项所述的数据面的特性配置方法,其特征在于, 所述分类规则包括报文空间特征、 报文时间特征、 报文组织特征、 报文内容 特征、 报文流量特征和报文环境特征; 所述动作集合包括报文特征获取类动 作、 用户可见特性转发分解和嵌套的策略支持。 8. The data plane characteristic configuration method according to any one of claims 1 to 7, characterized in that the classification rules include message space characteristics, message time characteristics, message organization characteristics, and message content characteristics. Message traffic characteristics and message environment characteristics; The action set includes message characteristic acquisition actions, user-visible characteristic forwarding decomposition and nested policy support.
9、 一种数据面的特性配置装置, 其特征在于, 所述装置包括: 9. A data plane characteristic configuration device, characterized in that the device includes:
接收单元, 用于接收控制面下发的配置命令, 所述配置命令包括特性数 据以及特性部署, 所述特性数据包括原子化规则的标识、 原子化动作的标识 述原子化动作的标识, 从数据面的规则集中选取原子化规则, 组成分类规则, 从所述数据面的动作集中选择原子化动作, 组成动作集合; A receiving unit, configured to receive configuration commands issued by the control plane. The configuration commands include feature data and feature deployment. The feature data includes the identifier of the atomization rule and the identifier of the atomization action. identify the atomic action, select the atomic rule from the rule set of the data plane to form a classification rule, select the atomic action from the action set of the data surface to form an action set;
组成单元, 用于根据所述特性数据包括的所述处理指示, 将所述分类规 则与所述动作集合进行对应匹配处理, 组成所述数据面中的特性; A component unit configured to perform corresponding matching processing on the classification rule and the action set according to the processing instructions included in the characteristic data, to form characteristics in the data plane;
配置单元, 用于利用所述特性部署, 将所述特性配置在所述数据面的执 行时机处, 以便于在所述执行时机处对接收到的报文进行处理, 所述特性部 署具体为所述特性与所述执行时机之间的配置关系。 A configuration unit configured to utilize the feature deployment and configure the feature at the execution timing of the data plane so as to process the received message at the execution timing. The feature deployment is specifically: The configuration relationship between the above characteristics and the execution timing.
10、 根据权利要求 9 所述的数据面的特性配置装置, 其特征在于, 所述 接收单元接收的所述配置命令还包括所述原子化规则以及所述原子化动作; 所述装置还包括: 放入单元, 用于将所述原子化规则放入所述数据面中 的规则集中, 将所述原子化动作放入所述数据面中的动作集中。 10. The data plane characteristic configuration device according to claim 9, wherein the configuration command received by the receiving unit further includes the atomization rule and the atomization action; the device further includes: A putting unit is used to put the atomization rule into a rule set in the data plane, and put the atomization action into an action set in the data plane.
1 1、 根据权利要求 9所述的数据面的特性配置装置, 其特征在于, 所述 配置单元执行将所述特性配置在所述数据面的执行时机具体是指, 在转发报 文时, 判断所述报文是否需要与所述特性进行匹配, 所述判断的依据承载在 与所述转发报文过程强相关的关键数据结构中。 1 1. The device for configuring data plane characteristics according to claim 9, wherein the execution timing of the configuration unit configuring the characteristics on the data plane specifically refers to, when forwarding a message, determining Whether the message needs to match the characteristics, the basis for the judgment is carried in a key data structure that is strongly related to the message forwarding process.
12、 根据权利要求 11所述的数据面的特性配置装置, 其特征在于, 所述 装置还包括: 12. The data plane characteristic configuration device according to claim 11, characterized in that the device further includes:
匹配单元, 用于根据所述报文的特征, 将所述报文的特征与配置在所述 执行时机上的所述特性中的所述分类规则进行匹配处理; A matching unit, configured to match the characteristics of the message with the classification rules configured in the characteristics of the execution timing according to the characteristics of the message;
处理单元, 用于当确定所述报文的特征符合所述分类规则时, 利用所述 分类规则对应的所述动作集合对所述报文进行处理。 A processing unit, configured to use the action set corresponding to the classification rule to process the message when it is determined that the characteristics of the message comply with the classification rule.
1 3、 根据权利要求 12所述的数据面的特性配置装置, 其特征在于, 所述 处理单元具体用于, 根据所述报文的特征, 按照所述执行时机的顺序, 与配 置在所述执行时机上的所述特性中的所述分类规则进行匹配处理。 13. The device for configuring characteristics of the data plane according to claim 12, characterized in that the processing unit is specifically configured to, according to the characteristics of the message, according to the order of the execution timing, and configure the Matching processing is performed on the classification rules in the characteristics on the execution time.
14、 根据权利要求 12所述的数据面的特性配置装置, 其特征在于, 所述 匹配单元还用于, 如果所述报文的特征符合所述分类规则中的每一个原子化 规则, 则确定所述报文的特征符合所述分类规则。 14. The data plane characteristic configuration device according to claim 12, characterized in that: The matching unit is also configured to determine that the characteristics of the message comply with the classification rules if the characteristics of the message comply with each atomization rule in the classification rules.
15、 根据权利要求 12所述的数据面的特性配置装置, 其特征在于, 所述 处理单元具体用于, 利用所述分类规则对应的所述动作集合中的每一个所述 原子化动作, 在所述执行时机对所述报文进行处理。 15. The data plane characteristic configuration device according to claim 12, wherein the processing unit is specifically configured to use each of the atomized actions in the action set corresponding to the classification rule, in The execution timing processes the message.
16、 根据权利要求 9-15任一项所述的数据面的特性配置装置, 其特征在 于, 所述选取单元组成的所述分类规则包括报文空间特征、 报文时间特征、 报文组织特征、 报文内容特征、 报文流量特征和报文环境特征; 所述选取单 元组成的所述动作集合包括报文特征获取类动作、 用户可见特性转发分解和 嵌套的策略支持。 16. The data plane characteristic configuration device according to any one of claims 9 to 15, characterized in that the classification rules composed of the selection unit include message space characteristics, message time characteristics, and message organization characteristics. , message content characteristics, message flow characteristics and message environment characteristics; the action set composed of the selection unit includes message feature acquisition actions, user-visible feature forwarding decomposition and nested policy support.
17、 一种数据面的特性配置装置, 其特征在于, 所述装置包括: 接口; 17. A data plane characteristic configuration device, characterized in that the device includes: an interface;
第一处理器; first processor;
第二处理器; second processor;
第一存储器, 用于存储所述第一处理器所需的程序代码; A first memory used to store program codes required by the first processor;
第二存储器, 用于存储所述第二处理器所需的程序代码; A second memory used to store program codes required by the second processor;
所述接口用于接收报文; The interface is used to receive messages;
所述第二存储器存储的所述程序代码包括可用于使所述第二处理器执行 以下过程的指令: The program code stored in the second memory includes instructions that may be used to cause the second processor to perform the following processes:
接收所述第一处理器下发的配置命令, 所述配置命令包括特性数据以及 特性部署, 所述特性数据包括原子化规则的标识、 原子化动作的标识和将所 述原子化规则与所述原子化动作进行对应匹配的处理指示; Receive a configuration command issued by the first processor. The configuration command includes characteristic data and characteristic deployment. The characteristic data includes an identifier of an atomization rule, an identifier of an atomization action, and a combination of the atomization rule and the atomization rule. Atomized actions perform corresponding matching processing instructions;
根据所述特性数据包括的所述原子化规则的标识以及所述原子化动作的 标识, 从所述数据面的规则集中选取原子化规则, 组成分类规则, 从所述数 据面的动作集中选择原子化动作, 组成动作集合; According to the identification of the atomization rule and the identification of the atomization action included in the characteristic data, select an atomization rule from the rule set of the data plane to form a classification rule, and select atoms from the action set of the data plane. Transform actions into action sets;
根据所述特性数据包括的所述处理指示, 将所述分类规则与所述动作集 合进行对应匹配处理, 组成所述数据面中的特性; According to the processing instructions included in the characteristic data, combine the classification rule and the action set The corresponding matching processing is performed together to form the characteristics in the data surface;
利用所述特性部署, 将所述特性配置在所述数据面的执行时机处, 以便 于在所述执行时机处对接收到的所述报文进行处理, 所述特性部署具体为所 述特性与所述执行时机之间的配置关系。 The characteristic deployment is used to configure the characteristic at the execution timing of the data plane so as to process the received message at the execution timing. The characteristic deployment is specifically the characteristics and The configuration relationship between the execution timings.
18、 根据权利要求 17所述的数据面的特性配置装置, 其特征在于, 所述 第二处理器接收的所述配置命令还包括所述原子化规则以及所述原子化动 作; 18. The data plane characteristic configuration device according to claim 17, wherein the configuration command received by the second processor further includes the atomization rule and the atomization action;
所述第二存储器存储的所述程序代码还包括可用于使所述第二处理器执 行以下过程的指令: The program code stored in the second memory also includes instructions that may be used to cause the second processor to perform the following processes:
将所述原子化规则放入所述数据面中的规则集中, 将所述原子化动作放 入所述数据面中的动作集中。 Put the atomization rules into the rule set in the data plane, and put the atomization actions into the action set in the data plane.
19、 根据权利要求 17所述的数据面的特性配置装置, 其特征在于, 所述 第二处理器执行将所述特性配置在所述数据面的执行时机是指在转发报文 时, 判断所述报文是否需要与所述特性进行匹配, 所述判断的依据承载在与 所述转发报文过程强相关的关键数据结构中。 19. The device for configuring characteristics of the data plane according to claim 17, characterized in that, the execution timing of the second processor to configure the characteristics on the data plane refers to when forwarding a message, determining the Whether the message needs to match the characteristics, the basis for the judgment is carried in a key data structure that is strongly related to the process of forwarding the message.
20、 根据权利要求 19所述的数据面的特性配置装置, 其特征在于, 所述 第二存储器存储的所述程序代码还包括可用于使所述第二处理器执行将所述 特性配置在所述数据面的执行时机处, 以便于在所述执行时机处对接收到的 报文进行匹配处理过程的指令为: 20. The device for configuring characteristics of the data plane according to claim 19, wherein the program code stored in the second memory further includes a program code that can be used to cause the second processor to execute configuring the characteristics at the location. At the execution timing of the data plane, the instruction to perform matching processing on the received message at the execution timing is:
根据所述报文的特征, 将所述报文的特征与配置在所述执行时机上的所 述特性中的所述分类规则进行匹配处理; According to the characteristics of the message, matching the characteristics of the message with the classification rule in the characteristics configured on the execution timing;
当确定所述报文的特征符合所述分类规则时, 利用所述分类规则对应的 所述动作集合对所述报文进行处理。 When it is determined that the characteristics of the message conform to the classification rule, the action set corresponding to the classification rule is used to process the message.
21、 根据权利要求 20所述的数据面的特性配置装置, 其特征在于, 所述 第二存储器存储的所述程序代码可用于使所述第二处理器执行将所述报文的 特征与配置在所述执行时机上的所述特性中的所述分类规则进行匹配处理过 程的指令为: 21. The device for configuring characteristics of the data plane according to claim 20, wherein the program code stored in the second memory can be used to cause the second processor to execute the configuration of the characteristics of the message. The classification rules in the characteristics on the execution timing are matched. The process instructions are:
根据所述报文的特征, 按照所述数据面上的所述执行时机的顺序, 与配 置在所述执行时机上的所述特性中的所述分类规则进行匹配处理。 According to the characteristics of the message, in accordance with the order of the execution timing on the data plane, matching processing is performed with the classification rules in the characteristics configured on the execution timing.
22、 根据权利要求 20所述的数据面的特性配置装置, 其特征在于, 所述 第二存储器存储的所述程序代码可用于使所述第二处理器执行确定所述报文 的特征符合所述分类规则过程的指令为: 22. The device for configuring characteristics of the data plane according to claim 20, characterized in that the program code stored in the second memory can be used to cause the second processor to execute the determination that the characteristics of the message meet the requirements. The instructions for the classification rule process are:
如果所述报文的特征符合所述分类规则中的每一个原子化规则, 则确定 所述报文的特征符合所述分类规则。 If the characteristics of the message comply with each atomization rule in the classification rules, it is determined that the characteristics of the message comply with the classification rules.
23、 根据权利要求 20所述的数据面的特性配置装置, 其特征在于, 所述 第二存储器存储的所述程序代码可用于使所述第二处理器利用所述分类规则 对应的所述动作集合对所述报文进行处理过程的指令为: 23. The data plane characteristic configuration device according to claim 20, wherein the program code stored in the second memory can be used to cause the second processor to use the action corresponding to the classification rule. The instructions for gathering and processing the packets are:
利用所述分类规则对应的所述动作集合中的每一个所述原子化动作, 在 所述执行时机对所述报文进行处理。 Using each of the atomic actions in the action set corresponding to the classification rule, the message is processed at the execution timing.
24、 根据权利要求 17-23任一项所述的数据面的特性配置装置, 其特征 在于, 所述第二存储器存储的所述程序代码中的所述分类规则包括报文空间 特征、 4艮文时间特征、 4艮文组织特征、 4艮文内容特征、 4艮文流量特征和 4艮文 环境特征; 所述动作集合包括报文特征获取类动作、 用户可见特性转发分解 和嵌套的策略支持。 24. The data plane characteristic configuration device according to any one of claims 17 to 23, wherein the classification rules in the program code stored in the second memory include message space characteristics, Text time characteristics, text organization characteristics, text content characteristics, text flow characteristics and text environment characteristics; the action set includes message feature acquisition actions, user-visible feature forwarding decomposition and nested strategies support.
PCT/CN2013/082268 2013-08-26 2013-08-26 Data plane feature configuration method and apparatus WO2015027374A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201380000916.0A CN104584504B (en) 2013-08-26 2013-08-26 The characteristic collocation method and device of data surface
PCT/CN2013/082268 WO2015027374A1 (en) 2013-08-26 2013-08-26 Data plane feature configuration method and apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2013/082268 WO2015027374A1 (en) 2013-08-26 2013-08-26 Data plane feature configuration method and apparatus

Publications (1)

Publication Number Publication Date
WO2015027374A1 true WO2015027374A1 (en) 2015-03-05

Family

ID=52585363

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2013/082268 WO2015027374A1 (en) 2013-08-26 2013-08-26 Data plane feature configuration method and apparatus

Country Status (2)

Country Link
CN (1) CN104584504B (en)
WO (1) WO2015027374A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11184238B1 (en) 2020-08-04 2021-11-23 Cisco Technology, Inc. Flexible policy enforcement and enablement in a software defined network with unified feature operations

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090052443A1 (en) * 2007-08-23 2009-02-26 Santosh Kolenchery Method and apparatus for managing dynamic filters for nested traffic flows
CN102480377A (en) * 2010-11-25 2012-05-30 中兴通讯股份有限公司 Management method and system of aggregation link
CN102783097A (en) * 2010-03-24 2012-11-14 日本电气株式会社 Packet transfer system, control apparatus, transfer apparatus, method of creating processing rules, and program

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1677952A (en) * 2004-03-30 2005-10-05 武汉烽火网络有限责任公司 Method and apparatus for wire speed parallel forwarding of packets
CN100512283C (en) * 2004-07-29 2009-07-08 国家数字交换系统工程技术研究中心 Method for separating control plane of router from hardware of data plane
CN101325597B (en) * 2008-07-30 2011-04-06 北京星网锐捷网络技术有限公司 Method, apparatus and system for processing data

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090052443A1 (en) * 2007-08-23 2009-02-26 Santosh Kolenchery Method and apparatus for managing dynamic filters for nested traffic flows
CN102783097A (en) * 2010-03-24 2012-11-14 日本电气株式会社 Packet transfer system, control apparatus, transfer apparatus, method of creating processing rules, and program
CN102480377A (en) * 2010-11-25 2012-05-30 中兴通讯股份有限公司 Management method and system of aggregation link

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11184238B1 (en) 2020-08-04 2021-11-23 Cisco Technology, Inc. Flexible policy enforcement and enablement in a software defined network with unified feature operations

Also Published As

Publication number Publication date
CN104584504B (en) 2017-09-26
CN104584504A (en) 2015-04-29

Similar Documents

Publication Publication Date Title
CN105765926B (en) Configurable service broker's mapping method, device and storage medium
US9438512B2 (en) Stacking metadata contexts for service chains
EP2995042B1 (en) Data plane learning of bi-directional service chains
US9819747B2 (en) Chirp networks
US9742667B2 (en) Packet processing method, device and system
US9397934B2 (en) Methods for packet forwarding though a communication link of a distributed link aggregation group using mesh tagging
CN103746911B (en) A kind of SDN structure and its communication means
US11196648B2 (en) Detecting and measuring microbursts in a networking device
CN104639512B (en) Network security method and equipment
CN107395440B (en) Internet topology detection node optimization deployment method based on complex network
US9800514B1 (en) Prioritizing data packets in a network
CN109936516A (en) System and method for promoting transparent service mapping across multiple network transmission options
CN108881328A (en) Packet filtering method, device, gateway and storage medium
US10044614B2 (en) System and method for dynamic and configurable L2/L3 data—plane in FPGA
KR20150086904A (en) Rate-adaptive data stream management system and method for controlling thereof
CN104160735A (en) Packet processing method, forwarder, packet processing device and packet processing system
CN104796281A (en) Network element and controller for managing network element
CN109861869A (en) A kind of generation method and device of configuration file
WO2015027374A1 (en) Data plane feature configuration method and apparatus
CN106921575A (en) For the devices, systems and methods for preventing multicast service from abandoning
WO2017198052A1 (en) Packet processing method and apparatus
CN104158743A (en) Method and device of cross-card forwarding of message of distributed router
WO2023072158A1 (en) Identifier generation method, in-situ flow detection method and communication device
CN104660506B (en) A kind of method, apparatus and system of data packet forwarding
CN104426777B (en) Route renewing method and routing device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13892512

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13892512

Country of ref document: EP

Kind code of ref document: A1