CN100550844C - The method of reducing redirected message characteristic information - Google Patents
The method of reducing redirected message characteristic information Download PDFInfo
- Publication number
- CN100550844C CN100550844C CNB2006101376173A CN200610137617A CN100550844C CN 100550844 C CN100550844 C CN 100550844C CN B2006101376173 A CNB2006101376173 A CN B2006101376173A CN 200610137617 A CN200610137617 A CN 200610137617A CN 100550844 C CN100550844 C CN 100550844C
- Authority
- CN
- China
- Prior art keywords
- message
- information
- nfc
- satellite information
- redirection message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
A kind of method of reducing redirected message characteristic information comprises: (1) first parts are redirected regular coupling to the message of our department's part of flowing through, the characteristic information of the storage redirection message that the match is successful; (2) first parts are redirected to second parts with described redirection message, and carrying is used for finding on first parts identification information of original redirected message characteristic information in the described redirection message when redirection message returns; (3) first parts receive the redirection message that is returned by second parts, reduce the characteristic information of described original redirection message according to the described identification information that carries in the redirection message.By the present invention, can solve the problem of bringing characteristic information to lose that is redirected.
Description
Technical field
The present invention relates to network field, relate in particular to OAA (Open Application Architecture, open application architecture) NFC (Network Forwarding Component in, the method of reduction characteristic information and IAC and the NFC that uses this method when being redirected the forwarded parts) and between the IAC (Independent Application Component, separate traffic parts).
Background technology
Along with the fast development of Network and progressively refinement, traditional network equipment becomes no longer handy when handling these business.Such as, require equipment can do data forwarding and not only can insert voice, require equipment can finish load balancing but also can carry out content safety and filter.At this moment, a family independently technology producer be difficult to offer simultaneously desired all services of user.For this reason, the user need buy the equipment of a plurality of producers usually, and those equipment are linked together.So not only interoperability often goes wrong, equipment room cooperates and to be not easy especially to consult, and the equipment of giving administer and maintain the burden of bringing on the cost.
With switching equipment (described switching equipment comprises switch and router) is example, and at present according to position in the network and effect, switching equipment is divided into low and middle-end switching equipment and core switching device usually.The major function of low and middle-end switching equipment is to compile and carry out service management, and the major function of core switching device is quick forwarding, makes packet pass through IP backbone as far as possible apace.The low and middle-end switching equipment generally is in the marginal position of network, and implementation is the centralized switching equipment of general uniprocessor (CPU).Because centralized switching equipment has Costco Wholesale advantage preferably, so obtain using comparatively widely.Centralized switching equipment can rely on the simple single-processor of built-in function to realize function of exchange, but, in the face of the traffic performance requirement that becomes increasingly abundant, as IPSec (IP Security agreement), IPS (Intrusion Protect System intrusion prevention system), voice and wireless etc., centralized switching equipment can not satisfy those professional demands.
In order to address the above problem, the applicant has proposed a kind of OAA framework, the equipment of different vendor is integrated into system's (seeing also Fig. 1) of a loose coupling.A system that meets the OAA framework comprises (the Interface Linkage Component by ILC, the interface link) NFC of Lian Jieing and IAC, wherein NFC is the main body of OAA system, being responsible for carrying out message transmits, the function that complete router and switch are arranged also is the core of user management control; IAC is the business service main body that is used to provide the additional function of various application, generally shows as a veneer or button card in the OAA system; ILC is integrated in respectively on NFC and the IAC as interface usually, transmits and the path of control information transmission for NFC and IAC provide message.
NFC need satisfy the message redirecting of specified conditions usually with certain some and handle for a certain IAC in the message forwarding process.Be redirected and be meant the flow direction of change message in the network equipment.See also Fig. 2, it is existing redirected realization schematic diagram.Message enters from interface A, should go out from interface D according to the destination address that message carries, and still, goes out from interface G after re-orientation processes.
Still be example with Fig. 2, if need returning from former road, the message after being redirected continues to cover normal flow process, be that message is returned from interface G, also go out from interface D, because when redirected, preserving message, prior art is not redirected preceding correlated characteristic information, after redirection message returns, owing to can't recover those characteristic informations, therefore the consequence that causes original message follow-up business to handle.
For example: NFC is redirected rule match to the message of our department's part of flowing through, if described message is the redirection message that coupling is redirected rule, NFC just need be to the source in the message, target MAC (Media Access Control) address is handled: the MAC Address that the MAC Address of purpose service port in the message is revised as the IAC side ports that IAC is connected with NFC, the MAC Address of the source service port in the message is revised as the NFC side ports MAC Address that NFC upward is connected with IAC, like this, NFC just can be redirected to described redirection message on the IAC of appointment, and IAC could be back to NFC with the redirection message after handling.Because in the redirection message that returns, source, the target MAC (Media Access Control) address of original business of message are lost, if follow-up business need be known the professional MAC Address of message source, the professional MAC Address of purpose, according to existing reorientation method, be professional MAC Address in the source of to reduce and the professional MAC Address of purpose, cause the interruption of follow-up business thus.
Summary of the invention
The invention discloses a kind of method of reducing redirected message characteristic information of open application architecture, lose easily and make the professional limited or technical problem of interrupting to solve the redirected message characteristic information that returns in the prior art.
In order to achieve the above object, the invention provides a kind of method of reducing redirected message characteristic information, be used for reducing the characteristic information of open application architecture redirection message, comprise: the forwarded parts NFC of (1) open applications framework is redirected regular coupling to the message of our department's part of flowing through, the characteristic information of the storage redirection message that the match is successful; (2) NFC is redirected to described redirection message the separate traffic parts IAC of the open applications framework of appointment, and carrying is used for finding on the NFC identification information of original redirected message characteristic information in the described redirection message when redirection message returns; (3) NFC receives the redirection message that is returned by IAC, reduces the characteristic information of described original redirection message according to the described identification information that carries in the redirection message.
Described characteristic information is the satellite information of described redirection message; Identification information in step (2) and the step (3) is for finding the identifying information of described satellite information on NFC.
Step (3) is reduced described satellite information according to the described identifying information that carries in the redirection message and is comprised: find according to described identifying information to be stored in the satellite information that NFC goes up original redirection message in advance; Described satellite information is copied to the satellite information district of the described redirection message that returns.
Preferably, step (2) also comprises: in the described redirection message also carrying be used for the check information whether described message of verification makes amendment; Step (3) also comprises: parse check information from the described redirection message that returns, whether the described message of verification carried out modification, if not by verification, then abandoned described message.
Preferably, check information is a Magic number described in the step (2); Whether the middle described message of verification of step (3) carried out modification by IAC: the relatively Magic number that obtains in the message and the corresponding Magic number of this satellite information of preservation in advance, if identical, then by verification, otherwise by verification.
Preferably, step (2) also comprises: in the described redirection message also the carrying show that NFC preserves the timestamp of described satellite information holding time; Step (3) also comprises: NFC parses timestamp from the described redirection message that returns, and NFC receives the difference of the described time of returning redirection message and described timestamp if surpass the default fixed time at interval, then abandons described message.
Preferably, the satellite information of the described redirection message of storage further comprises in the step (1): set up the satellite information Buffer Pool in advance, in described satellite information Buffer Pool, distribute the satellite information piece, be used for to find the sequence number of described satellite information piece for each satellite information piece distribution one; When NFC receives redirection message, the satellite information of redirection message is stored on the satellite information piece that a Status Flag is an idle condition, and the Status Flag of described satellite information piece is changed to the state of using; Described identifying information in the step (2) is described satellite information piece corresponding sequence number.
The present invention also comprises: NFC event-triggered or fixed cycle detect the described satellite information piece of having used state; When the satellite information of satellite information piece stored has surpassed default the natural duration of life, then described satellite information piece is set to idle condition.
The invention discloses a kind of forwarded parts NFC that uses said method, be used for reducing the characteristic information of open application architecture redirection message, described NFC comprises first processor, some Transmit-Receive Units, wherein: described Transmit-Receive Unit, be used to receive message and send message, wherein also comprise being used to set up and carry out the first redirected Transmit-Receive Unit that redirection message is communicated by letter with separate traffic parts IAC;
First processor further comprises: receiving element: be used to receive the message that Transmit-Receive Unit sends; Processing unit: be used for the message of our department's part of flowing through is redirected the coupling of rule, and the redirection message that the match is successful is sent to assigned I AC, and restore its characteristic information for the redirection message that returns; Transmitting element: be used to send message to Transmit-Receive Unit.
A kind of separate traffic parts IAC that uses said method, be used for reducing the characteristic information of open application architecture redirection message, described IAC comprises that second processor and second is redirected Transmit-Receive Unit, wherein, second is redirected Transmit-Receive Unit, is used for setting up carrying out redirection message with forwarded parts NFC and communicating by letter; Second processor: be used for according to predefined strategy decision message be back deletion by analysis or by analysis after intactly return.
A kind of method of reducing redirected message characteristic information, be used for reducing the characteristic information of open application architecture redirection message, comprise: the forwarded parts NFC of (1) open applications framework is redirected to the separate traffic parts IAC of open applications framework, load characteristic information in the described redirection message with described redirection message; (2) NFC receives the redirection message that is returned by IAC, parses characteristic information from the described redirection message that returns.
Described characteristic information is the satellite information of described redirection message; This method also comprises: the described satellite information that will parse copies to the satellite information district of the described redirection message that returns.
Compared with prior art, the present invention can be carried the identification information that is used for finding described characteristic information on NFC in redirection message; After receiving the redirection message return by IAC, can reduce the characteristic information of original redirection message according to the described identification information that carries in the redirection message, finish follow-up business.
For example: NFC if described message is the redirection message that coupling is redirected condition, then preserves the characteristic information of message earlier after receiving message, and described characteristic information comprises the MAC Address of purpose service port of message and the MAC Address of source service port.NFC is revised as the MAC Address of the IAC side ports that IAC is connected with NFC again to the MAC Address of purpose service port in the described message, the MAC Address of source service port is revised as NFC goes up the NFC side ports MAC Address that is connected with IAC.Subsequently, NFC is redirected to described redirection message on the IAC of appointment, and IAC is back to NFC with described redirection message.At last, NFC restores the characteristic information of original redirection message, comprise the MAC Address that restores in advance the purpose service port of preserving and the MAC Address of source service port, solved because the MAC Address of the MAC Address of service port and source service port is lost and can't be carried out the problem that follow-up business is handled.
The present invention can solve the problem of bringing characteristic information to lose that is redirected.Equally, when characteristic information more after a little while, characteristic information directly can be filled between the head or Ethernet heading and IP head of message, also can reduce and be redirected the risk bring characteristic information to lose.
Described characteristic information comprises satellite information, with the router is example, when a message flow during through this router, each layer all needs it is handled on this router, as link layer, network layer, normally the satellite information district with described message preserves some information of transmitting message between each floor, reaches to IAC at message redirecting to be back to the process of NFC from IAC, causes the problem of the contents lost in satellite information district easily.And the present invention, after NFC receives the redirection message that returns, can restore the satellite information of original redirection message, carry out the processing of subsequent packet, the satellite information that has solved thus in the satellite information district is lost at redirection process, thus the technical problem that causes the professional limited of subsequent treatment or interrupt.
And the present invention adopts before the message redirecting characteristic information of message being kept on the NFC in advance, only transmits the redirection message that carries described identification information to IAC.When IAC returned redirection message, NFC can restore the characteristic information of original redirection message by the identification information in the redirection message.By said method as can be known, the present invention need not full feature information is carried in redirection message, thereby reduces the time delay of transmission, improves the speed of transmission.
Description of drawings
Fig. 1 is a kind of typical structure of the OAA system of the present invention's application;
Fig. 2 is existing redirected flow process schematic diagram;
Fig. 3 realizes the structural principle schematic diagram of the NFC that is redirected for the present invention;
Fig. 4 is the theory structure schematic diagram of IAC of the present invention;
Fig. 5 is the schematic flow sheet of a kind of reducing redirected message characteristic information disclosed by the invention;
Fig. 6 is the schematic flow sheet of a kind of reducing redirected message satellite information disclosed by the invention;
Fig. 7 is a logical schematic of existing message data structure;
Fig. 8 is the structural representation of satellite information piece of the present invention;
Fig. 9 is the schematic flow sheet of another kind of reducing redirected message characteristic information disclosed by the invention.
Embodiment
Below in conjunction with accompanying drawing, specify the present invention.
Still please refer to Fig. 1, Figure 1 shows that a kind of typical structure of the OAA system that the present invention uses.The ILC that connects NFC and IAC among the OAA generally includes control interface and datum plane interface, control interface can be the interface that asynchronous serial port, synchronous serial interface etc. are supported stream mode, also may be an independent Ethernet physical port, perhaps shared physical port with datum plane.Control interface on the NFC is connected with control interface on the IAC, is used to carry out the communication of control information, and the datum plane interface on the NFC is connected with datum plane interface on the IAC, is used to carry out the communication of data message.In addition, can comprise a plurality of IAC that finish difference in functionality in an OAA system.
In the OAA system, the function of forwarding is finished by NFC, and professional additional treatments is finished by IAC.At different application, the applicant defines 4 kinds of mode of operations, can finish communicating by letter between NFC and the IAC by one of these 4 kinds of patterns or wherein several combinations.Below carry out exemplary introduction at various mode of operations:
1, main frame (Host) pattern
IAC resembles a main frame on the network, has the IP address of oneself, exists as the network tip.The IP message all is to transmit by the Ethernet interface of ILC.This mode, NFC only finishes simple message and transmits, and IAC then as the promoter and the recipient of data message, receives and dispatches various messages, and NFC is exactly the gateway of IAC.
2, mirror image (Mirror) pattern
Under this pattern, mirror image message also is to transmit by the Ethernet interface of ILC, and NFC as requested, duplicates a IAC of giving to specific message in the process that message is transmitted, and original message continues to finish normal forwarding.Analyze later on and handle and IAC receives this message, then message is abandoned according to specific strategy.This mode of operation often is applied to IDS (intruding detection system).
3, be redirected (Redirection) pattern
Under this pattern, redirection message also is to transmit by the Ethernet interface of ILC, and NFC as requested, gives IAC specific message redirecting in the message repeating process.After IAC handles, or abandon, or pass through.If pass through, then message is by the intact NFC that returns, and NFC then continues to handle from the place of interrupting originally, finishes follow-up forwarding work.This pattern is used for IPS (intrusion prevention system) more.
4, penetrate (Pass-Through) pattern
Under this pattern, IAC does not have configuration of IP address, and external Ethernet interface must be arranged, and data flow into from this external Ethernet interface, pass IAC, and the Ethernet interface of process ILC is to NFC, perhaps in the other direction.As if at NFC, external data similarly is the Ethernet interface that has directly arrived ILC, and IAC does not exist the same.Certainly, when flow passed through, IAC still can do relevant record analysis, and in the time of necessary, IAC also can make certain modification to finish relevant function at message.
Below introduce the present invention and how to realize redirection process.
See also Fig. 3, it realizes the structural principle schematic diagram of the NFC that is redirected for the present invention.Described NFC comprises first processor, some Transmit-Receive Units, wherein:
Described Transmit-Receive Unit is used to receive message and sends message, wherein also comprises being used to set up with separate traffic IAC carrying out the first redirected Transmit-Receive Unit that redirection message is communicated by letter.Described Transmit-Receive Unit can adopt the Ethernet card with simple forwarding capability usually.
First processor further comprises:
Receiving element: be used to receive the message that Transmit-Receive Unit sends;
Processing unit: be used for the message of our department's part of flowing through is redirected the coupling of rule, and the redirection message that the match is successful is sent to assigned I AC, and restore characteristic information for the redirection message that returns;
Transmitting element: be used to send message to Transmit-Receive Unit.
See also Fig. 4, it is the structural principle schematic diagram of IAC of the present invention.IAC comprises that second processor and second is redirected Transmit-Receive Unit.
Described second processor is used to handle message, according to predefined strategy decision message be back deletion by analysis or by analysis after intactly return.
Expansion is exactly particularly, when receiving message, by message being handled according to predefined strategy, such as, message is carried out analysis and judgement, and whether it is illegal message, if, dropping packets then, otherwise,, return message is intact according to the redirected rule that obtains the message coupling.
Second processor can carry out fine-grained management thus.Described fine-grained management is meant that IAC handles targetedly redirection message and NFC is controlled targetedly.Such as, IAC according to predefined strategy decision message be back deletion by analysis or by analysis after intactly return in, the number of statistics deletion message also.For another example, it is that the message of 192.168.1.1 all is the malicious attack message that IAC finds from the source IP that NFC interface A receives, and then can tell NFC by means such as interlock MIB, on interface A is that the message of 192.168.1.1 all abandons with the source IP that receives.
Second is redirected Transmit-Receive Unit: be used for being redirected Transmit-Receive Unit by first on the NFC and set up message communication between NFC and the IAC.
Based on above-mentioned disclosed OAA framework, the invention discloses a kind of method of reducing redirected message characteristic information.See also Fig. 5, it is for the schematic flow sheet of a kind of reducing redirected message characteristic information of the present invention.It comprises:
S11: the forwarded parts NFC of open applications framework is redirected regular coupling to the message of our department's part of flowing through, the characteristic information of the storage redirection message that the match is successful;
S12:NFC is redirected to described redirection message the separate traffic parts IAC of the open applications framework of appointment, and carrying is used for finding on the NFC identification information of original redirected message characteristic information in the described redirection message when redirection message returns;
S13:NFC receives the redirection message that is returned by IAC, reduces the characteristic information of described original redirection message according to the described identification information that carries in the redirection message.
Characteristic information of the present invention is meant the information that shows message characteristic, is mainly satellite information and/or context.Below be example just with the satellite information, the how characteristic information of reducing redirected message of the present invention is described.
See also Fig. 6, it is the schematic flow sheet of reducing redirected message satellite information among the present invention.
S110: the forwarded parts NFC of open applications framework is redirected regular coupling to the message of our department's part of flowing through, the characteristic information of the storage redirection message that the match is successful;
S120:NFC is redirected to described redirection message the separate traffic parts IAC of the open applications framework of appointment, and carrying is used for finding the identifying information of original redirection message satellite information in the described redirection message on NFC when redirection message returns;
S130:NFC receives the redirection message that is returned by IAC, reduces described satellite information according to the identifying information of the described original redirection message that carries in the redirection message.
Each step below is described.
(1), step S110
When a message enters this network equipment (as NFC), need handle the at all levels of software systems of NFC usually, such as data link layer, network layer.In order to prevent message obliterated data when handling, the data structure of message is mainly formed by two: the satellite information district of the content regions of stored messages actual content and stored messages satellite information, so that between each layer, transmit message between each module.See also Fig. 7, it is a logical schematic of message data structure.Content regions is meant the data content that carries in the message, and satellite information is to be used to the correlation attribute information that shows that message carries.Such as, message link layer address, the transmitting time of link layer type, message etc.
NFC is redirected regular coupling to the message of our department's part of flowing through, the characteristic information of the storage redirection message that the match is successful.The message of these parts of flowing through comprises the message that is sent by outside other service port, also comprises the message that is sent to NFC by other IAC.Receive the message of these parts of flowing through as NFC after, will be redirected the coupling of rule to it.Redirected rule can be issued to NFC by the interlock mode by IAC, also can be that directly configuration obtains to NFC by the network manager.From the redirection message that the match is successful, find characteristic information, and it is preserved.When preserving, record can find the sign of this characteristic information in memory cell, as memory address.
The present invention can set up a satellite information Buffer Pool in advance, distributes all satellite information pieces in this satellite information Buffer Pool.The size of each satellite information piece is fixed.And for each satellite information piece distributes a sequence number that is used for finding at the satellite information Buffer Pool this satellite information piece, this sequence number is identifying information.Manage the satellite information Buffer Pool for convenience, also can be in the status indicator that idle condition has still been used state for each satellite information piece setting shows that this satellite information piece is current.When the status indicator of satellite information piece when using status indicator, illustrate in this satellite information piece and preserved satellite information.When the satellite information of satellite information piece stored surpasses default the natural duration of life, the status indicator of satellite information piece from being changed to idle condition with state, is allowed in the new satellite information of this satellite information piece stored.
When NFC need store the satellite information of redirection message, from the satellite information Buffer Pool, find a satellite information piece that is in idle condition, described satellite information is saved in this satellite information piece again, then, write down the sequence number of this satellite information piece.
In addition, the present invention can also utilize dynamic assignment satellite information piece to come memory attaching information.Briefly, when NFC needs memory attaching information, from the satellite information Buffer Pool or directly from memory cell, distribute one with this satellite information big or small identical satellite information piece that takes up space, be used to preserve this satellite information, and with the initial address of this satellite information piece and its space size identification information as this satellite information.The satellite information of preserving in the satellite information piece surpasses the natural duration of life, then discharges the memory cell of this satellite information piece correspondence.
(2), step S120
The first processor of NFC is redirected the IAC that Transmit-Receive Unit is sent to appointment with redirection message by first, in this redirection message at least carrying be used for the identifying information that when redirection message returns NFC can find original redirection message satellite information.
NFC can be connected with a plurality of IAC, and when redirected rule was set on NFC, which IAC this was redirected regular message redirecting to also to need to specify coupling usually.A kind of implementation of the present invention is that each is redirected rule sets up one-to-one relationship with the IAC sign, and can know the interface message of the IAC side that IAC is connected with NFC by the IAC sign.Another kind of implementation of the present invention is that each is redirected rule interface message direct and assigned I AC side sets up one-to-one relationship.The interface message of described IAC side comprises the MAC Address of interface.
Where carrying of redirection message, can set in advance.Such as, carrying identifying information in the MAC Address field of redirection message (as SMAC or dmac field).
Whether can revise through IAC for the redirection message that can verification returns, the present invention can also be provided with check information, as check code, Magic number etc., where the carrying of redirection message to set in advance as for check information.
Below be that example illustrates how to carry out the verification redirection message with the Magic number.Magic number is to be used for checking redirection message whether to carry out modification in redirection process.NFC can dynamically distribute the Magic number of a unique correspondence to message.In this embodiment, in the time of step S110 memory attaching information, also memory allocation is given the Magic number of this message.In step S120, Magic number is carried on sequence number is forwarded to IAC in the redirection message.In step S130, NFC receives the redirection message that returns, and parses Magic number from the redirection message that returns, and described Magic number and the original Magic number of preserving are in advance compared, if identical, then by verification, otherwise, abandon the redirection message that this returns not by verification.Checking information can also be other checking informations except that Magic number, is value after the value of certain several field of message is calculated such as described check information.After redirection message returns, NFC recomputates the value of these several fields, if this value is identical with the checking information that parses from the redirection message that returns, illustrates that then this redirection message did not carry out modification in redirection process, otherwise abandon the described redirection message that returns.
Can also carry in the redirection message and show that NFC preserves the timestamp of described satellite information time, when NFC receives the redirection message that returns, obtain described timestamp, if receiving the time of described redirection message, NFC surpasses the default time interval, the difference of the timestamp that promptly receives the time of the redirection message that returns and preserve in advance surpasses the default time interval, then abandons described message., where the carrying of redirection message to set in advance equally as for timestamp.Such as, timestamp is connected identifying information and check information carries by the MAC Address field of message.
(3), step S130
Receive the redirection message that returns by IAC by NFC, reduce the described satellite information of original redirection message according to the described identifying information that carries in the redirection message.
After receiving the redirection message that returns as NFC, parse identification information earlier, on NFC, find the satellite information of the original redirection message of storage again by this identifying information, restore satellite information then.The reduction satellite information can directly copy to satellite information the former satellite information district of described message.
By said method, the present invention can thoroughly solve the problem of bringing original redirection message satellite information to lose that is redirected.
Below lift a specific embodiment reduction satellite information process is described.
Embodiment
Step 211: on NFC, set up the satellite information Buffer Pool, distribute all satellite information pieces, the sequence number that each satellite information piece is corresponding unique, the satellite information piece that initialization is all.
On NFC, open up a continuous memory space as the satellite information Buffer Pool.NFC is being divided into the satellite information Buffer Pool the identical satellite information piece of some memory spaces, and each satellite information piece is set a unique corresponding sequence number.And NFC is changed to idle condition with the status indicator of all satellite information pieces.
Step 212: when NFC is redirected rule match to the message of this NFC that flows through, if the match is successful one is redirected rule for described message, the satellite information of then preserving this redirection message, and described message is sent to the IAC of appointment.
NFC is to the message that the match is successful, and the satellite information with this message is saved on the satellite information piece that a status indicator is an idle condition earlier, and the status indicator of this satellite information piece is changed to the state of using.In addition, in the present embodiment, NFC is the Magic number and the timestamp of this satellite information time of recorded and stored of this message correspondence of dynamic assignment also, and this Magic number and timestamp also are saved in this satellite information piece.
Subsequently, NFC fills in this satellite information piece corresponding sequence number, timestamp, Magic number in the redirection message, sees also Fig. 8, and it is the structural representation of satellite information piece in the present embodiment.
Afterwards, NFC is redirected to described redirection message the separate traffic parts IAC of the open applications framework of appointment.
And, when the satellite information of satellite information piece stored surpasses default the natural duration of life, the status indicator of satellite information piece from being changed to idle condition with state, is allowed in the new satellite information of this satellite information piece stored.
Step 213:NFC receives the redirection message that returns.
After IAC receives this redirection message, according to predefined strategy decision message be back deletion by analysis or by analysis after intactly return.When IAC intactly returned message, NFC just received this redirection message that returns.
Step 214:NFC resolves the redirection message that returns, and therefrom parses sequence number, timestamp, Magic number.NFC searches satellite information piece corresponding in the satellite information Buffer Pool according to the sequence number that parses, if can not find, then dropping packets abandons.
Step 215: the Magic number that parses from message compares with the Magic number that is stored in the satellite information piece, if inequality, then with packet loss.
Two kinds of situations of Magic number main existence inequality, during first kind of situation, message was modified in redirection process, second kind of situation is, when the satellite information of satellite information piece stored surpasses default the natural duration of life, NFC with the status indicator of satellite information piece from being changed to idle condition with state, if in this satellite information piece, store new satellite information and the corresponding out of Memory that comprises Magic number again, in this case, the Magic number of preserving in Magic number that parses from the redirection message that returns and the satellite information piece is inequality, and the redirection message that returns need carry out discard processing.
Step 216: the timestamp that parses from message, the current then time and the described timestamp that return redirection message of receiving subtracts each other, if both differences surpass the fixed time at interval the time, with packet loss.
When NFC to handle message free limit or message itself to limited timing of processing time, can reach those purposes by above-mentioned steps.
Step 217: the satellite information on the satellite information piece is copied to the former satellite information district of the corresponding redirection message that returns, and the Status Flag of satellite information piece is changed to idle condition.
From the foregoing description as can be known, when IAC is redirected the redirection message of coming in processing, return except remaining untouched this message, also how described packet loss might be guaranteed that the satellite information of the redirection message that the last IAC of NFC abandons is also finished the work of abandoning.For this reason, NFC needs fixed cycle to detect interior all Status Flags of satellite information Buffer Pool for having used the satellite information piece of state, when the satellite information of storing in the satellite information piece surpass have been specified the natural duration of life, the Status Flag of this satellite information piece is changed to idle condition.
Can restore the satellite information of redirection message by above-mentioned flow process, thoroughly solve the problem of bringing satellite information to lose that is redirected, the follow-up redirection message that returns can be proceeded to handle, and then reduces service disconnection or the limited situation brought thus.And present embodiment can also improve operating factor of memory space.
In order to finish the scheme of the foregoing description, NFC need improve on hardware.
Open up a continuous memory space on the memory cell of NFC as the satellite information Buffer Pool, this satellite information Buffer Pool is divided into some satellite information pieces again.Be provided for the satellite information district of memory attaching information and other informations area that are used to store sequence number, timestamp, Magic number and Status Flag on each satellite information piece.
Host-processor to NFC carries out software programming, divides receiving element, processing unit and transmitting element from function.Wherein, described processing unit further is refined as:
Message redirecting pre-treatment subelement: be used for being redirected the satellite information piece that the successful message of rule finds an idle condition to coupling, and distribute a Magic number for this message, and the satellite information of this message is saved in the satellite information district of satellite information piece, and timestamp, the sequence number of described Magic number, the described message satellite information of current preservation are preserved;
Redirection message returns the processing subelement: be used for parsing sequence number from the described redirection message that returns earlier, Magic number, timestamp, utilize described sequence number to find the satellite information piece subsequently, the Magic number of preserving in Magic number that parses subsequently and the satellite information piece compares, when Magic number is inequality, abandon described message, when described Magic number is identical, carry out the timestamp preserved in time of the described redirection message that returns of current reception and the satellite information piece relatively, surpass the fixed time at interval, with described packet loss, otherwise reduce the satellite information of original redirection message;
The satellite information Buffer Pool is handled subelement: fixed cycle detects interior all Status Flags of satellite information Buffer Pool for having used the satellite information piece of state, when the satellite information of storing in the satellite information piece surpass have been specified the natural duration of life, the Status Flag of this satellite information piece is changed to idle condition.
Characteristic information also can directly be carried on and carry out redirection process in the redirection message.When NFC receives the redirection message that returns, directly from message, parse characteristic information.For this reason, the invention also discloses a kind of method of reducing redirected message characteristic information, be used for reducing the characteristic information of open application architecture redirection message.See also Fig. 9, it is the flow chart of the method for the another kind of reducing redirected message characteristic information of the present invention.It comprises:
The forwarded parts NFC of S210 open applications framework is redirected to the separate traffic parts IAC of open applications framework, load characteristic information in the heading of described redirection message with described redirection message;
S220NFC receives the redirection message that is returned by IAC, parses characteristic information by described redirection message.
Described characteristic information is the satellite information of described redirection message; This method comprises: the described satellite information that will parse from the redirection message that returns copies to the satellite information district of described message.
When characteristic information is considerably less, can directly characteristic information be filled in the head of message.Such as, Ethernet head source MAC, purpose MAC have 12 bytes, when characteristic information is less than when equaling 12 bytes, can directly it be filled in those fields.Certainly, also characteristic information can be filled between header and the IP head, store those characteristic informations.In fact, only needing to consult between IAC and the NFC position of placing characteristic information gets final product.
When characteristic information more after a little while, characteristic information is directly filled between the head or Ethernet heading and IP head of message, can reduce and be redirected the risk bring characteristic information to lose.
More than disclosed only be several specific embodiment of the present invention, but the present invention is not limited thereto, any those skilled in the art can think variation, all should drop in protection scope of the present invention.
Claims (12)
1, a kind of method of reducing redirected message characteristic information is used for reducing the characteristic information of open application architecture redirection message, is redirected being meant and changing the flow direction of message in the network equipment, it is characterized in that, comprising:
(1) the forwarded parts NFC of open applications framework is redirected regular coupling to the message of our department's part of flowing through, the characteristic information of the storage redirection message that the match is successful; Described characteristic information is a satellite information, and described satellite information is to be used to the correlation attribute information that shows that message carries;
(2) NFC is redirected to described redirection message the separate traffic parts IAC of the open applications framework of appointment, and carrying is used for finding on the NFC identification information of original redirected message characteristic information in the described redirection message when redirection message returns; Comprise the satellite information piece that is used to store described satellite information among the described NFC, described identification information is the identifying information that is used to find described satellite information piece;
(3) NFC receives the redirection message that is returned by IAC, reduces the characteristic information of described original redirection message according to the described identification information that carries in the redirection message; The redirection message that described IAC returns is identical with the aforementioned message that is redirected through NFC.
2, the method for claim 1 is characterized in that, described characteristic information is the satellite information of described redirection message;
Identification information in step (2) and the step (3) is for finding the identifying information of described satellite information on NFC.
3, method as claimed in claim 2 is characterized in that, step (3) is reduced described satellite information according to the described identifying information that carries in the redirection message and comprised:
The described identifying information of foundation finds and is stored in the satellite information that NFC goes up original redirection message in advance;
Described satellite information is copied to the satellite information district of the described redirection message that returns.
4, method as claimed in claim 2 is characterized in that,
Step (2) also comprises: in the described redirection message also carrying be used for the check information whether described message of verification makes amendment;
Step (3) also comprises: parse check information from the described redirection message that returns, whether the described message of verification carried out modification, if not by verification, then abandoned described message.
5, method as claimed in claim 4 is characterized in that,
Check information is a Magic number described in the step (2);
Whether the middle described message of verification of step (3) carried out modification by IAC: the relatively Magic number that obtains in the message and the corresponding Magic number of this satellite information of preservation in advance, if identical, then by verification, otherwise by verification.
6, as claim 2 or 4 described methods, it is characterized in that,
Step (2) also comprises: in the described redirection message also the carrying show that NFC preserves the timestamp of described satellite information holding time;
Step (3) also comprises: NFC parses timestamp from the described redirection message that returns, and NFC receives the difference of the described time of returning redirection message and described timestamp if surpass the default fixed time at interval, then abandons described message.
7, method as claimed in claim 2 is characterized in that,
The satellite information of the described redirection message of storage further comprises in the step (1):
Set up the satellite information Buffer Pool in advance, in described satellite information Buffer Pool, distribute the satellite information piece, be used for to find the sequence number of described satellite information piece for each satellite information piece distribution one;
When NFC receives redirection message, the satellite information of redirection message is stored on the satellite information piece that a Status Flag is an idle condition, and the Status Flag of described satellite information piece is changed to the state of using;
Described identifying information in the step (2) is described satellite information piece corresponding sequence number.
8, method as claimed in claim 7 is characterized in that, also comprises:
NFC event-triggered or fixed cycle detect the described satellite information piece of having used state;
When the satellite information of satellite information piece stored has surpassed default the natural duration of life, then described satellite information piece is set to idle condition.
9, a kind of use aforesaid right requirement 1 to 5, and 7,8 in the forwarded parts NFC of arbitrary method, be used for reducing the characteristic information of open application architecture redirection message, it is characterized in that described NFC comprises first processor, some Transmit-Receive Units, wherein:
Described Transmit-Receive Unit is used to receive message and sends message, wherein also comprises being used to set up with separate traffic parts IAC carrying out the first redirected Transmit-Receive Unit that redirection message is communicated by letter;
First processor further comprises:
Receiving element: be used to receive the message that Transmit-Receive Unit sends;
Processing unit: be used for the message of our department's part of flowing through is redirected the coupling of rule, and the redirection message that the match is successful is sent to assigned I AC, and restore its characteristic information for the redirection message that returns;
Transmitting element: be used to send message to Transmit-Receive Unit.
10, a kind of separate traffic parts IAC that uses aforesaid right requirement 1 to 5, reaches arbitrary method in 7,8, be used for reducing the characteristic information of open application architecture redirection message, it is characterized in that described IAC comprises that second processor and second is redirected Transmit-Receive Unit, wherein
Second is redirected Transmit-Receive Unit, is used for setting up carrying out redirection message with forwarded parts NFC and communicating by letter;
Second processor: be used for according to predefined strategy decision message be back deletion by analysis or by analysis after intactly return.
11, a kind of method of reducing redirected message characteristic information is used for reducing the characteristic information of open application architecture redirection message, is redirected being meant and changing the flow direction of message in the network equipment, it is characterized in that, comprising:
(1) the forwarded parts NFC of open applications framework is redirected to the separate traffic parts IAC of open applications framework, load characteristic information in the described redirection message with described redirection message; Described characteristic information is a satellite information, and described satellite information is to be used to the correlation attribute information that shows that message carries;
(2) NFC receives the redirection message that is returned by IAC, parses characteristic information from the described redirection message that returns; The redirection message that described IAC returns is identical with the aforementioned message that is redirected through NFC.
12, method as claimed in claim 11 is characterized in that, this method also comprises: the described satellite information that will parse copies to the satellite information district of the described redirection message that returns.
Priority Applications (5)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006101376173A CN100550844C (en) | 2006-10-31 | 2006-10-31 | The method of reducing redirected message characteristic information |
| US12/442,838 US9083565B2 (en) | 2006-09-25 | 2007-05-09 | Network apparatus and method for communication between different components |
| EP07721096.1A EP2068498B1 (en) | 2006-09-25 | 2007-05-09 | Method and network device for communicating between different components |
| PCT/CN2007/001523 WO2008037159A1 (en) | 2006-09-25 | 2007-05-09 | Method and network device for communicating between different components |
| US14/731,222 US9602391B2 (en) | 2006-09-25 | 2015-06-04 | Network apparatus and method for communication between different components |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006101376173A CN100550844C (en) | 2006-10-31 | 2006-10-31 | The method of reducing redirected message characteristic information |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1956415A CN1956415A (en) | 2007-05-02 |
| CN100550844C true CN100550844C (en) | 2009-10-14 |
Family
ID=38063519
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2006101376173A Active CN100550844C (en) | 2006-09-25 | 2006-10-31 | The method of reducing redirected message characteristic information |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100550844C (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101453466B (en) * | 2007-12-05 | 2011-12-28 | 华为技术有限公司 | Network bearing redirection method, apparatus and system |
| CN101252523B (en) * | 2008-04-18 | 2011-07-20 | 杭州华三通信技术有限公司 | Message redirecting method, method and device for reverting redirecting message feature information |
| CN102301663B (en) | 2011-07-06 | 2013-11-06 | 华为技术有限公司 | Message processing method and associated devices |
| CN104506548B (en) * | 2014-12-31 | 2018-05-04 | 北京天融信科技有限公司 | A kind of data packet redirection device, secure virtual machine guard method and system |
-
2006
- 2006-10-31 CN CNB2006101376173A patent/CN100550844C/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN1956415A (en) | 2007-05-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100477620C (en) | On-line intrusion detection using a single physical port | |
| CN102318291B (en) | Business flow processing method, device and system | |
| EP3352431B1 (en) | Network load balance processing system, method, and apparatus | |
| US20130155859A1 (en) | System and Method for Hierarchical Adaptive Dynamic Egress Port and Queue Buffer Management | |
| CN103210619A (en) | Lock-less and zero copy messaging scheme for telecommunication network applications | |
| US10050859B2 (en) | Apparatus for processing network packet using service function chaining and method for controlling the same | |
| CN100574249C (en) | virtual router redundancy protocol message transmission method and device | |
| CN105052087A (en) | Table items addressing method, switch, and controller based on flow table | |
| CN108063813B (en) | Method and system for parallelizing password service network in cluster environment | |
| CN101635702B (en) | Method for forwarding data packet using security strategy | |
| CN105939365A (en) | Method and device for obtaining data from service panel kernel mode by main control panel user mode | |
| US20070230469A1 (en) | Transmission apparatus | |
| US8539089B2 (en) | System and method for vertical perimeter protection | |
| CN101115010B (en) | Method for extending security system, security system and security processing equipment | |
| CN100446509C (en) | Method for realizing re-oriented message correctly repeat and first-part and second-part | |
| CN101635731A (en) | Method and equipment for defending MAC address deception attack | |
| CN100550844C (en) | The method of reducing redirected message characteristic information | |
| CN102164084A (en) | Multicast message forwarding method and equipment thereof | |
| CN101252523B (en) | Message redirecting method, method and device for reverting redirecting message feature information | |
| CN102209035B (en) | Traffic forwarding method and devices | |
| EP2439881B1 (en) | Cluster system and request message distribution method for processing multi-node transaction | |
| EP3224996A1 (en) | Methods, routing device and further routing device for managing data frames in switched networks | |
| CN112583655B (en) | Data transmission method and device, electronic equipment and readable storage medium | |
| EP1966950B1 (en) | Processing received data | |
| CN108768721B (en) | Primary and standby VNF switching technology based on temporary packet storage |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Patentee after: Xinhua three Technology Co., Ltd. Address before: 310053 Hangzhou hi tech Industrial Development Zone, Zhejiang province science and Technology Industrial Park, No. 310 and No. six road, HUAWEI, Hangzhou production base Patentee before: Huasan Communication Technology Co., Ltd. |