CN101257458B - Method, apparatus and system for distributing and mounting filtering meter item - Google Patents

Method, apparatus and system for distributing and mounting filtering meter item Download PDF

Info

Publication number
CN101257458B
CN101257458B CN2008101032470A CN200810103247A CN101257458B CN 101257458 B CN101257458 B CN 101257458B CN 2008101032470 A CN2008101032470 A CN 2008101032470A CN 200810103247 A CN200810103247 A CN 200810103247A CN 101257458 B CN101257458 B CN 101257458B
Authority
CN
China
Prior art keywords
meter item
filtering
filter table
filtering meter
item
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN2008101032470A
Other languages
Chinese (zh)
Other versions
CN101257458A (en
Inventor
詹柱
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Star Net Ruijie Networks Co Ltd
Original Assignee
Beijing Star Net Ruijie Networks Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Star Net Ruijie Networks Co Ltd filed Critical Beijing Star Net Ruijie Networks Co Ltd
Priority to CN2008101032470A priority Critical patent/CN101257458B/en
Publication of CN101257458A publication Critical patent/CN101257458A/en
Application granted granted Critical
Publication of CN101257458B publication Critical patent/CN101257458B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a method, a device and a system to dispatch and equip the filter list item, to solve the problems of long set-up time and low efficiency in the existing art. In the method, when the host exchange is dispatching the filter list item, whether the filter rule of each filter list item in the current filter table is recored in the last one is judged, and dispatches the filter list item which is not recorded in the last table. Before the exchange is equipped with the filter list item, whether the filter rule in each filter list item of the to be quipped filter table is the same with that in the equipped one is judged, and the different filter list items are equipped. According to the project in the invention, the time of dispatching and equipping for each filter list item is shortened, and the efficiency is increased.

Description

Distribution, the method for mounting filtering meter item, Apparatus and system
Technical field
The present invention relates to field of computer technology, relate in particular to distribution, the method for mounting filtering meter item, Apparatus and system in the security switch.
Background technology
In the stack switching system, exist a host exchange and one (or a plurality of) from switch in the whole switching system, host exchange and from carrying out data interaction by pile system internal connection line cable between the switch.Wherein host exchange is responsible for arranging access control list (ACL, Access Control List), and according to the Access Control List (ACL) list item (ACE that is provided with, Access Control Entry) generates filtering meter item, then all filtering meter items are distributed to from switch, after receiving filtering meter item from switch, all filtering meter items are installed on the hardware, and return the information that a success is installed to host exchange.
Fig. 1 is, behind the host exchange configuration ACL, ACE generated filtering meter item, then all filtering meter items are distributed to belong in the pile system from switch.For example among Fig. 1, on switch A, dispose ACL, be applied to then on the port of switch C, switch A can generate filtering meter item, then filtering meter item is distributed to switch C, after switch C is received filtering meter item, all list items can be installed to hardware, return a return value after the success and give switch A, switch A just can be pointed out the ACL application success then.
Host exchange, all is distributed to all filtering meter items in the current filter table from switch during filtering meter item in distribution, makes in this switching system data interaction often, and the efficient of distribution is not high.
After the renewal of switch generation filtering meter item, need reinstall filtering meter item, the filtering meter item of new configuration is come into force.In the prior art, the method for filtering meter item being reinstalled employing is to delete full dress entirely, promptly earlier original filtering meter item is all deleted, the filtering meter item after reinstalling all then and upgrading.
Deletion filtering meter item and mounting filtering meter item all need access switch hardware, and when having a large amount of filtering meter item, the time of deleting and reinstalling needs is long, cause configuration order to need the very long time just can return, and efficient is low.
Summary of the invention
In view of this, the embodiment of the invention provides a kind of installation method of filtering meter item, in order to solve long, inefficient problem of the filtering meter item set-up time that exists in the prior art.
The embodiment of the invention also provides a kind of distribution method of filtering meter item, and data interaction often between principal and subordinate's switch when distributing in order to solve the filtering meter item that exists in the prior art, the time is long and the inefficient problem of distribution.
The method of a kind of filtering meter item distribution that the embodiment of the invention provides comprises:
Host exchange is after upgrading current filter table, whether the filtering rule of judging each filtering meter item in the described current filter table once has record in the filter table of generation on described host exchange, and distributes unwritten filtering meter item in the filter table that filtering rule once generates on described in the described current filter table.
A kind of host exchange that the embodiment of the invention provides comprises:
Judging unit is used for behind the filtering meter item that upgrades current filter table, judges whether the filtering rule of each filtering meter item in the described current filter table once has record in the filter table of generation on described host exchange;
Dispatching Unit is used for distributing the filtering meter item that record is arranged in the filter table that described current filter table filtering rule once generates on described host exchange.
The system of a kind of filtering meter item distribution that the embodiment of the invention provides, host exchange and from switch, wherein:
Described host exchange, be used for behind the filtering meter item that upgrades current filter table, in the filter table that the filtering rule of judging each filtering meter item in the described current filter table once generates whether record is arranged on described host exchange, and unwritten filtering meter item in the filter table that on described, once generates of distribution filtering rule;
Described from switch, be used to receive the filtering meter item of described host exchange distribution, and, upgrade filter table to be installed according to the information that receives.
The method of a kind of mounting filtering meter item that the embodiment of the invention provides, described filtering meter item is generated by host exchange, is distributed to from switch, describedly from switch described filtering meter item is installed, and comprising:
Judge the filtering rule of each filtering meter item in the filter table to be installed, whether identical with the filtering rule of the filtering meter item of the correspondence position of mounted filter table, and filtering rule filtering meter item inequality is installed.
What the embodiment of the invention provided is a kind of from switch, comprising:
Receiving element is used to receive the filtering meter item of host exchange distribution, and with the filtering meter item that receives, is saved in the filter table to be installed;
Whether judging unit is used for judging the filtering rule of described each filtering meter item of filter table to be installed, identical with the filtering rule of the filtering meter item of the correspondence position of mounted filter table;
Installation unit is used for the result according to described judgment unit judges, and filtering rule filtering meter item inequality in the described filter table to be installed is installed.
The system of a kind of mounting filtering meter item that the embodiment of the invention provides comprises: host exchange and from switch, wherein:
Described host exchange is used for distributing filtering meter item to described from switch, and to the described order that sends mounting filtering meter item from switch;
Described from switch, the filtering meter item that is used for will receiving from described host exchange distribution is saved in filter table to be installed, when the order of the mounting filtering meter item that receives described host exchange, judge the filtering rule of each filtering meter item in the described filter table to be installed, whether identical with the filtering rule of the filtering meter item of the correspondence position of mounted filter table, and filtering rule filtering meter item inequality is installed.
In the embodiment of the invention, host exchange is when the distribution filtering meter item, filtering rule according to each filtering meter item record in the current filtering meter item, whether the filtering rule of judging each filtering meter item record once has record in the filter table of generation on described host exchange, only distribute unwritten filtering rule in the last filter table that generates, rather than all filtering meter items are distributed to fully from switch, reduced the distribution of filtering meter item in a large number, thereby reduced the data interaction between principal and subordinate's switch in the switching system, shorten the filtering meter item time of distributing, improved the efficient of filtering meter item distribution.
In the embodiment of the invention from switch when the mounting filtering meter item, whether judge that the filtering rule of the filtering meter item of relevant position is compared in each filtering meter item and the mounted filter table in the filter table to be installed changes, the filtering meter item that changes only is installed, and the filtering meter item that does not change is not installed, thereby shortened the time that filtering meter item is installed, improved the efficient that filtering meter item is installed.
Description of drawings
Fig. 1 is the schematic diagram of existing a kind of stack switching system;
Fig. 2 A is a kind of network architecture instance graph;
Fig. 2 B is a filtering rule search order schematic diagram;
Fig. 2 C is the node structural representation of storage of linked list in the embodiment of the invention;
Fig. 3 is the method flow diagram of embodiment one distribution filtering meter item in the embodiment of the invention;
Fig. 4 is the method flow diagram of embodiment two distribution filtering meter items in the embodiment of the invention;
Fig. 5 is a kind of system configuration schematic diagram of distributing filtering meter item in the embodiment of the invention;
Fig. 6 is a kind of host exchange structural representation of distributing filtering meter item in the embodiment of the invention;
Fig. 7 is the method flow diagram of embodiment three mounting filtering meter items in the embodiment of the invention;
Fig. 8 is the method flow diagram of embodiment four mounting filtering meter items in the embodiment of the invention;
Fig. 9 is the system configuration schematic diagram of a kind of mounting filtering meter item in the embodiment of the invention;
Figure 10 be in the embodiment of the invention a kind of mounting filtering meter item from the switch architecture schematic diagram.
Embodiment
ACL is that network security is taken precautions against and the main policies of protection, and its main task is to guarantee that Internet resources are not illegally used and visit.It is to guarantee one of most important core strategy of network security.ACL uses the filtering rule inspection that pre-defines by each packet on the network device interface, so that determine its whether with a certain packet filtering rules coupling, thereby whether can control packet by present networks equipment: allow by (Permit) or abandon (Deny).To the type that data stream filters the communication data in can limiting network, the user of limiting network or the equipment of use strengthen network security.
ACL is made up of a series of filtering rule, is referred to as Access Control List (ACL) list item (Access ControlEntry:ACE).Each Access Control List (ACL) list item has all been declared matching condition and the behavior (Permit or Deny) of satisfying this list item.
Comprise in the filter rule information that mac source address, MAC destination address, ethernet type, IP (InternetProtocol) source address, IP destination address, host-host protocol are (such as TCP, Transfer Control Protocol, UDP, User Datagram Protocol, ICMP, Internet Control Messages Protocol etc.), TCP/UDP target port, icmp message type etc.By the different filtering rules and the behavior of the rule of correspondence are set, can realize authority and access control to the specific user.
Such as, in the system of Fig. 2 A, if the following filtering rule of configuration in the switch:
permit?ip?host?10.1.1.3?host?10.1.1.2
deny?ip?any?host?10.1.1.2
permit?ip?any?any
Promptly corresponding three ACE of these three statements.Article one, rule permission source ip=10.1.1.3, and the message of purpose ip=10.1.1.2 is by switch, and then PC1 just can visit privately owned server; Second is refused the message of all purpose ip=10.1.1.2 by switch, and other all pc all can not visit privately owned server like this; Article three, allow all ip messages by switch, this allows the visit of other addresses.
By the combination of different ACE, can realize control to security permission.
The controlled function of ACL realizes by filtering meter item.Filtering meter item has comprised the filter rule information among the ACE, the filtration behavior during this filtering meter item of a coupling of every filtering meter item correspondence; All filtering meter items are formed filter table.When data message arrives network device interface, if dispose filtering policy on this interface, then equipment can automatic inspection message whether with filter table in a certain filtering meter item coupling, way of search is from top to bottom, if occurrence is arranged, then directly return Search Results.Search Results is used to retrieve the filtration behavior of corresponding occurrence, if behavior is Permit, then message can pass through this interface; Otherwise directly abandon this message, thereby realize security control data flow.Can think the corresponding filtering meter item of ACE simply, and can know that from top elaboration the order of filtering meter item has strict precedence relationship.
The filtering meter item that filtering rule the generated search relation that disposes in the last example is shown in Fig. 2 B.After message that PC1 sends arrives port, begin search from the top of filtering meter item, when searching the 1st, mate, then directly return table item index number, the final decision action is Permit, so message can arrive privately owned server by switch; When the message of the purpose ip=10.1.1.2 that other PC send arrived port, the filtering meter item search can match the 2nd, so message is dropped, and can't visit privately owned server; Other messages then can match the 3rd.
In the stack switching system, many switches form an integral body, exist a host exchange and one (or a plurality of) from switch in the whole switching system, all configurations are all carried out on host exchange, host exchange is after having disposed ACL, ACE is generated filtering meter item, then all filtering meter items are distributed on the purpose switch that belongs in the pile system.
In the embodiment of the invention, host exchange is after reconfiguring ACL and causing filtering meter item to change, whether the filtering rule of judging each filtering meter item in the current filter table has record in the last filter table that once generates, only to unwritten filtering rule from the last filter table that generates of switch distribution, skip the filtering rule of existing record in the last filter table that generates, when in filter table, having only the minority filtering rule to change like this, can reduce the distribution of filtering meter item in a large number, thereby the data interaction in the minimizing switching system between principal and subordinate's switch, shorten the filtering meter item time of distributing, improve the efficient of filtering meter item distribution.
In the embodiment of the invention, from switch when the order of the mounting filtering meter item that receives host exchange, not that mounted filtering meter item of last time is all deleted, reinstall, but according to the relevant information of each filtering meter item in the filter table to be installed, whether judge that each filtering meter item is compared with the filtering meter item of relevant position in the mounted filter table changes, if the filtering meter item of current location changes, then deletion has been installed in the filtering meter item of this position, corresponding filtering meter item in the filter table to be installed is installed in this position, to the filtering meter item that does not change, then do not delete the filtering meter item that has been installed in this position, skip this filtering meter item.This mounting means has shortened the time that filtering meter item is installed, and has reduced the number of times that access switch is determined, improves the efficient that filtering meter item is installed.
The joint Figure of description is elaborated to the embodiment of the embodiment of the invention below.
As shown in Figure 3, the embodiment of the invention one host exchange is judged the situation of change of each filtering meter item in the current filter table item by item, behind filtering meter item of every judgement, determines whether to distribute this filtering meter item, and the key step of this method comprises:
Step 30: host exchange according to default algorithm, calculates the check code of each filtering meter item in the described current filter table after upgrading current filter table.
Host exchange can be according to the relevant information of each filtering meter item in its current filter table, and the relevant information of each filtering meter item in the last filter table that generates of this host exchange, judge in the filter table that the filtering rule of each filtering meter item record once generates whether record is arranged on host exchange.
In the present embodiment, can judge according to the check code of each filtering meter item.
Wherein, the computational methods of check code have multiple, can be the arbitrary algorithms that different data processing is obtained different results, its result, i.e. check code, but the processed filtering meter item of unique identification; Perhaps, default algorithm also can be that the result repetition rate is extremely low, the algorithm in tolerance interval.In specific implementation process, the algorithm of calculation check sign indicating number includes but not limited to cyclic redundancy check (CRC) (CyclicRedundancy Check) algorithm, hash algorithm.
Wherein, CRC algorithm commonly used is the CRC-32 algorithm, and this algorithm only has 1/ 2 32Possibility take place confirming the check errors of data change.
Hash algorithm can adopt md5-challenge (Message-Digest Algorithm, MD) 5, MD4, SHA (Secure Hash Algorithm, SHA), SHA (Secure HashStandard, SHS) scheduling algorithm is as formula, in the concrete computational process, choose the valid data field of filtering meter item record, utilize MD5, MD4, SHA or SHS to calculate the check code of this filtering meter item.
Wherein, the filtering rule of the first-selected filtering meter item record of valid data field.
In specific implementation process, filter table can be preserved by chained list, the content of certain node record comprises in this chained list: the check code of this filtering meter item, the installation site of this filtering meter item and the position in filter table thereof also comprise the filtering rule that this filtering meter item writes down alternatively.As Fig. 2 C is the structural representation of node, and wherein fore sensing last filtering rule, No. refers to that position, the Code of this filtering meter item in current filter table refers to that check code, Rule refer to that the filtering rule of this filtering meter item record, installation site, the next that Locality refers to this filtering meter item point to next bar filtering rule.
After finishing the check code calculating of each filtering meter item in the current filter table, first filtering meter item in the current filter table is set to current filtering meter item, continues subsequent step.
Step 31: judge in the last filter table that generates whether exist the check code of certain filtering meter item identical, if continue step 32, otherwise enter step 36 with the check code of current filtering meter item.
If filter table is preserved by chained list, the chained list of the filter table that generates of inquiry last time of preserving then, whether the check code of each node is identical in the chained list of more current filtering meter item node and the filter table of last time generation.
Because may there be certain error in check code, in order to make the result more accurate, the filtering rule that in the embodiment of the invention filtering meter item is write down is as the additional field of check code, and promptly under the check code same case of two filtering meter items, further relatively whether the filtering rule of their records is identical.Therefore, if in step 31, determine current filtering meter item with on once the check code of certain filtering meter item in the filter table of generation identical after, enter step 32.
Step 32: whether the filtering rule of this filtering meter item in the relatively more last filter table that generates is identical with the filtering rule of current filtering meter item, if identical, then continues step 33, otherwise enters step 36.
If inequality, determine that then described current filtering meter item does not once have record in the filter table of generation on described host exchange, otherwise, determine that current filtering meter item once has record in the filter table of generation on described host exchange.
When the filtering rule of the current filtering meter item record in determining current filter table exists in the last filter table that once generates, need also further relatively whether the installation site of these two filtering rules is identical, therefore, in step 32, if determine that the filtering rule of these two filtering meter items is identical, then continue step 33, relatively whether the installation site of these two filtering meter items is identical.
Step 33: whether the holding position of this filtering meter item in the relatively more last filter table that generates is identical with the installation site of current filtering meter item, if then continue step 34, otherwise enter step 35.
Step 34: host exchange is not distributed the current filtering meter item in the current filter table, enters step 37.
Because the filtering rule and the installation site of this filtering meter item all do not change, therefore, host exchange need not be distributed this filtering meter item once more, keeps filtering meter item corresponding the filter table to be installed from switch.
Step 35: host exchange sends to the primary index of current filtering meter item and the purpose index that moves from switch, enters step 37.
Current filtering meter item is identical with the filtering rule of the last a certain filtering meter item that generates, the installation site is inequality, host exchange writes down the primary index of described current filtering meter item and the purpose index that moves, wherein primary index is the installation site of this filtering meter item in the last filter table that once generates, and mobile purpose index is the installation site of this filtering meter item in current filter table.
When receiving the information that host exchange sends,, mobile purpose index position in the filtration to be installed is moved at the filtering meter item of primary index in installation site in the mounted filter table from switch according to described primary index and the purpose index that moves.
Step 36: host exchange is distributed to current filtering meter item from switch.
From switch after receiving this filtering meter item, if the installation position of this filtering meter item is equipped with filtering meter item in the filter table to be installed, then delete original filtering meter item earlier, again the filtering meter item that receives is saved in this installation site, if this installation site does not have filtering meter item, then directly this filtering meter item is saved in this installation site.
Step 37: the next filtering meter item of current filtering meter item is made as current filtering meter item.
Step 38: judge whether this filtering meter item is empty, if, then enter step 39, otherwise, step 31 returned.
Step 39: filtering meter item entry number in the filter table that whether the filtering meter item entry number generates less than the last time in the more current filter table of host exchange, if, continue step 310, otherwise, step 311 entered.
Step 310: filtering meter item entry number in the current filter table as the deletion index, is sent to from switch.
After receiving described deletion index, deleting should deletion index non-NULL filtering meter item afterwards in the filter table to be installed from switch.
Non-NULL filtering meter item after switch also can not deleted this deletion index, but these filtering meter items are carried out mark, these filtering meter items of when installing, once installing in the deletion.
Step 311: process ends.
As shown in Figure 4, in the embodiment of the invention two, the difference of all filtering meter items and the last filter table that generates in the current filter table of host exchange elder generation judgement, and according to the difference condition of each filtering meter item, the difference mark is set, distribute at the difference sign according to each filtering meter item then, this method mainly may further comprise the steps:
Step 40: host exchange according to default algorithm, calculates the check code of each filtering meter item after upgrading current filter table.And first filtering meter item in the current filter table is made as current filtering meter item.
Step 41: judge in the last filter table that generates whether exist certain filtering meter item identical, if continue step 42, otherwise enter step 46 with the check code of current filtering meter item.
Step 42: whether the filtering rule of this filtering meter item in the relatively more last filter table that generates is identical with the filtering rule of current filtering meter item, if identical, then continues step 43, otherwise enters step 46.
Step 43: whether the holding position of this filtering meter item in the relatively more last filter table that generates is identical with the installation site of current filtering meter item, if then continue step 44, otherwise enter step 45.
Step 44: the difference type of current filtering meter item is set to constant type, enters step 47.
Step 45: the difference type of current filtering meter item is set to mobile type, and write down the purpose index that promptly move the installation site of this filtering meter item in current filter table, with installation site in the last filter table that once generates, promptly primary index enters step 47.
Step 46: the difference type of current filtering meter item is set to newly-increased type, enters step 47.
Step 47: the next filtering meter item in the current filter table is set to current filtering meter item.
Step 48: judge whether current overanxious list item is empty, if, continue step 49, otherwise, step 41 returned.
Step 49, host exchange are distributed each filtering meter item in the current filter table according to the difference type of each filtering meter item in the current filter table.
If the difference type of filtering meter item is newly-increased type, then this filtering meter item is distributed to from switch, from switch when receiving this filtering meter item, whether the installation site of at first judging this filtering meter item appointment records filtering meter item, if, with original filtering meter item deletion, this filtering meter item that will receive again records the corresponding position of filter table to be installed earlier, and the difference type of this filtering meter item is set to newly-increased type;
If the difference type of filtering meter item is constant type, then skip this filtering meter item, this filtering meter item is not distributed to from switch, do not receive information from switch in the position of this filtering meter item setting, judge that then this filtering meter item is constant type, the difference type of this filtering meter item in the filter table to be installed of correspondence is set to constant type;
If the difference type of filtering meter item is a mobile type, then to primary index that sends this filtering meter item from switch and mobile purpose index, from switch behind the purpose index that receives described primary index and move, the described purpose index position of described filter table to be installed will be moved at the filtering meter item of described primary index in the mounted filter table, and the difference type of this filtering meter item is set to mobile type.
Step 410: filtering meter item entry number in the filter table that whether the filtering meter item entry number generates less than the last time in the more current filter table of host exchange, if, continue step 411, otherwise, step 412 entered.
Step 411: filtering meter item entry number in the current filter table as the deletion index, is sent to from switch.
After receiving described deletion index, delete the filtering meter item that to delete index described non-NULL afterwards in the filter table to be installed from switch.Perhaps, also can not delete these filtering meter items, but the difference type of these filtering meter items is set to delete type, when mounted, deletes the filtering meter item of mounted difference type for the deletion type from switch.
Step 412: process ends.
As shown in Figure 5, the system configuration schematic diagram of embodiment of the invention distribution filtering meter item comprises: host exchange 50 and from switch 51.
Described host exchange 50, be used for behind the filtering meter item that upgrades current filter table, in the filter table that the filtering rule of judging each filtering meter item in the described current filter table once generates whether record is arranged on described host exchange, and unwritten filtering meter item in the filter table that on described, once generates of distribution filtering rule.
Further, described host exchange 50 comprises: judging unit 500 and Dispatching Unit 501.Wherein:
Judging unit 500 is used for behind the filtering meter item that upgrades current filter table, judges whether the filtering rule of each filtering meter item in the described current filter table once has record in the filter table of generation on described;
Dispatching Unit 501 is used for distributing the filtering meter item that record is arranged in the filter table that described current filter table filtering rule once generates on described.
Described from switch 51, be used to receive the filtering meter item of described host exchange 50 distributions, and, upgrade filter table to be installed according to the information that receives.
As shown in Figure 6, the structural representation of a kind of host exchange of embodiment of the invention distribution filtering meter item comprises: judging unit 60 and Dispatching Unit 61.Wherein,
Judging unit 60 is used for behind the filtering meter item that upgrades current filter table, judges whether the filtering rule of each filtering meter item in the described current filter table once has record in the filter table of generation on described host exchange.
Dispatching Unit is used for distributing the filtering meter item that record is arranged in the filter table that described current filter table filtering rule once generates on described host exchange.
Particularly, described judging unit 60 comprises: computation subunit 600 and first is determined subelement 601.Wherein,
Computation subunit 600 is used for the valid data field according to described current each filtering meter item of filter table, according to default algorithm, calculates the check code of each filtering meter item in the described current filter table;
First determines subelement 601, the check code that is used for more described current each filtering meter item of filter table, whether identical with the check code of each filtering meter item of the described last filter table that generates, according to result relatively, determine whether the filtering rule of each filtering meter item in the described current filter table once has record in the filter table of generation on described.
Further, described first determines the check code of a filtering meter item in subelement 601 definite described current filter table, when identical with the check code of a filtering meter item in the described last filter table that generates, described first determines that subelement 601 is further used for
Whether the filtering rule of the described filtering meter item in the filtering rule of the described filtering meter item in the more described current filter table and the described last filter table that generates is identical, if identical, determine that then the filtering rule of the described filtering meter item in the described current filter table once has record in the filter table of generation on described.
And when in the filtration that the filtering rule of a filtering meter item in described first definite subelement 601 definite described current filter table once generates record being arranged on described, described first determines that subelement 601 is further used for,
Whether the installation site of the filtering meter item of the described filtering rule of record is identical in the installation site of more described filtering meter item and the described last filter table that generates, if inequality, writes down the primary index of described current filtering meter item and the purpose index that moves;
Then described Dispatching Unit 61 is further used for being distributed to described primary index and mobile purpose index described from switch; Wherein, described primary index is the installation site of the filtering meter item of the described filtering rule of record in the described last filter table that generates, and described purpose index is the installation site of described current filtering meter item.
Perhaps, judging unit 60 can specifically comprise: relatively subelement 602 and second is determined subelement 603.Wherein,
Relatively subelement 602 is used for the difference between more described current filter table and the described last filter table that generates;
Second determines subelement 603, is used for determining the difference type of each filtering meter item in the described current filter table according to described relatively subelement result relatively;
Then described Dispatching Unit 61 is further used for, and according to the difference type of the filtering meter item that is provided with and the corresponding relation of whether distributing this filtering meter item, determines whether to distribute each filtering meter item in the described current filter table.
After branch distributed all filtering meter items in the described current filter table, described judging unit 60 was further used for determining in the current filter table filtering meter item entry number less than filtering meter item entry number in the described last filter table that generates,
Then described Dispatching Unit 61 is further used for, and the entry number of current filter table as the deletion index, is sent to from switch.
The embodiment of the invention three provides the method for mounting filtering meter item, in this method from the difference type of switch according to the filtering meter item that receives, judge whether to install each filtering meter item in the described filter table to be installed, the flow process that this method is carried out mainly may further comprise the steps as shown in Figure 7:
Step 70: receive the filtering meter item that host exchange is distributed from switch, comprise the difference type of this filtering meter item in the described filtering meter item.
In specific implementation process, host exchange can all be distributed to all filtering meter items in its current filter table from switch, also can only the part filtering meter item be distributed to described according to the situation of change of the filtering rule that writes down in its current filter table from switch.
If host exchange all is distributed to all filtering meter items in its current filter table from switch, then should be when receiving the filtering meter item of host exchange distribution from switch, all filtering rules the filter table to be installed all can be deleted from switch, received filtering meter item and difference type are saved in the filter table to be installed, also can not delete the filtering meter item in the filter table to be installed, the filtering meter item of this filter table record is identical with mounted filter table, according to the filtering meter item and other information that receive, upgrade filter table to be installed from switch.
After the renewal of finishing filter table to be installed, judge whether to install each filtering meter item in the described filter table to be installed item by item, the order of judgement can be from article one filtering meter item of filter table to be installed.
Step 71: whether the difference type of judging current filtering meter item is constant type, if not, then continue step 72, otherwise, step 75 entered.
Wherein, described difference type can be from switch when receiving each filtering meter item of host exchange distribution, judge according to the information of host exchange transmission, also can be host exchange when sending to the described filtering meter item in the current filter table from switch, be carried at and send in the filtering meter item.
The difference type comprises: constant type, newly-increased type, mobile type also comprise the deletion type alternatively.
No matter owing to be the filtering rule or the installation site difference of filtering meter item, all need to reinstall this filtering meter item, therefore, only variant type is the filtering meter item of constant type, does not just need to reinstall.
Step 72: whether the installation site of judging current filtering meter item has filtering meter item, if continue step 73, otherwise enter step 74.
Step 73: the original filtering meter item in installation site of deleting current filtering meter item.
Step 74: current filtering meter item is installed in the installation site of current filtering meter item.Enter step 76.
Step 75: current filtering meter item is not installed.
Step 76: continue to judge the next filtering meter item in the filter table to be installed.
Step 77, judge that whether the difference type of current filtering meter item is the deletion type, if, continue step 78, otherwise, step 71 returned.
Step 78: delete all filtering meter items after the current filtering meter item, then process ends in the filter table to be installed that has been installed in hard disk.
If from switch when upgrading table to be installed, the deletion type is not set, but the filtering meter item that directly will need to delete deletes from filter table to be installed, then after step 76, judges whether current filtering meter item is empty, if for not empty, return step 71, if be empty, whether the index of more current filtering meter item in filter table to be installed be less than total entry number of mounted filter table, if then delete mounted this index all filtering meter items afterwards.
The embodiment of the invention four provides the method for mounting filtering meter item, host exchange can be distributed to all filtering meter items from switch according to existing method when distributing filtering meter item before this, also can only distribute filtering rule non-registered filtering meter item in the last filter table that once generates according to the method for above-mentioned distribution filtering meter item.Compare by filtering rule from switch in this method the filtering meter item of correspondence position in the filtering rule of each filtering meter item the filter table to be installed and the mounted filter table, whether the filtering rule of judging each filtering meter item in this filter table to be installed from switch changes, thereby determine whether to install each filtering meter item in the filter table to be installed, Fig. 8 is the method flow of the embodiment of the invention, mainly may further comprise the steps:
Step 80: the filtering meter item that receives the host exchange distribution from switch.
After receiving the filtering meter item that host exchange is distributed, upgrading filter table to be installed, travel through each filtering meter item in the filter table to be installed from switch, judge whether item by item to install.
Step 81: the filtering rule of the current filtering meter item of filter table more to be installed, whether identical with the filtering rule of the filtering meter item of the correspondence position of mounted filter table, if identical, then continue step 82, otherwise, enter step 83.
Whether in the detailed process, also can come the filtering rule of comparison filtering meter item identical by the check code that relatively is provided with, therefore, step is after 80s can also comprises step:
Step 80a:,, calculate the check code of each filtering meter item according to default algorithm according to the valid data field of each filtering meter item in the described filter table to be installed.
Then step 81 is:
Step 81 ': the check code of the more described current filtering meter item of filter table to be installed, whether identical with the check code of the filtering meter item of the correspondence position of described mounted filter table, if identical, then continue step 83, otherwise, enter step 84.
Wherein, if the check code of certain filtering meter item in the described filter table to be installed, inequality with the check code of the filtering meter item of the correspondence position of described mounted filter table, determine that then the filtering rule of filtering meter item of correspondence position of the filtering rule of this filtering meter item and mounted filter table is inequality.
Because check code has certain error, in order to ensure the result accurately, can adopt filtering rule to compare as additional field, therefore, at the check code of determining current filtering meter item, when identical with the check code of the filtering meter item of the correspondence position of described mounted filter table, step 81 ' further comprise:
Step 81 ' a: whether the filtering rule of more described current filtering meter item is identical with the filtering rule of the filtering meter item of the correspondence position of described mounted filter table, if identical, then continues step 82, otherwise, enter step 83.
If the filtering rule of these two filtering meter items is inequality, then the filtering rule of the filtering meter item of the correspondence position of the filtering rule of definite described filtering meter item and described mounted filter table is inequality.
Step 82: current filtering meter item is not installed, is continued to judge the next filtering meter item in the filter table to be installed, enter step 86.
Step 83: whether the installation site of judging the current filtering meter item of filter table to be installed has filtering meter item, if, then continue step 84, otherwise, step 85 entered.
Step 84: the original filtering meter item in installation site of deleting current filtering meter item.
Step 85: current filtering meter item is installed in the installation site of this filtering meter item,
Step 86: continue to judge the next filtering meter item in the filter table to be installed, enter step 87.
Step 87: judge whether current filtering meter item is empty, if, then continue step 88, otherwise, step 81 returned.
Step 88: whether the index of judging current filtering meter item less than the entry number of mounted filter table, if, continue step 89, otherwise process ends.
Step 89: delete index all filtering meter items afterwards of mounted current filter table, process ends.
If be the deletion type, whether be the deletion type then, thereby delete mounted unnecessary filtering meter item by the difference type of judging current filtering meter item by the marked difference type.
As shown in Figure 9, the system configuration schematic diagram of a kind of mounting filtering meter item of the embodiment of the invention comprises: host exchange 90 and from switch 91.
Described host exchange 90 is used for distributing filtering meter items to described from switch 91, and to the described order that sends mounting filtering meter items from switch 91;
Described from switch 91, the filtering meter item that is used for will receiving from described host exchange 90 distributions is saved in filter table to be installed, when the order of the mounting filtering meter item that receives described host exchange, judge the filtering rule of each filtering meter item in the described filter table to be installed, whether identical with the filtering rule of the filtering meter item of the correspondence position of mounted filter table, and filtering rule filtering meter item inequality is installed.
As shown in figure 10, the structural representation from switch of a kind of mounting filtering meter item that the embodiment of the invention provides comprises: receiving element 10, judging unit 11 and installation unit 12.
Receiving element 10 is used to receive the filtering meter item of host exchange distribution, and with the filtering meter item that receives, is saved in filter table to be installed.
Whether judging unit 11 is used to judge the filtering rule of described each filtering meter item of filter table to be installed, identical with the filtering rule of the filtering meter item of relevant position in the mounted filter table.
Further, described judging unit 11 comprises:
First judgment sub-unit 110, be used for according to the difference type that receives from the filtering meter item of host exchange, judge the filtering rule of each filtering meter item in the described filter table to be installed, whether identical with the filtering rule of the filtering meter item of the correspondence position of described mounted filter table;
Wherein, described difference type is the filtering rule of described host exchange according to each filtering meter item in its current filter table, filtering rule with the filtering meter item of the last filter table that generates of this host exchange, when the filtering rule of determining the filtering meter item in the described current filter table changes, for described filtering meter item is provided with.
Described difference type comprises: constant type, newly-increased type and mobile type, wherein, when the difference type of certain filtering meter item in the described filter table to be installed is constant type, describedly this overanxious list item is not installed from switch.
Or described judging unit 11 comprises:
Second judgment sub-unit 111, the filtering rule that is used for more described each filtering meter item of filter table to be installed, whether identical with the filtering rule of the filtering meter item of the correspondence position of described mounted filter table, according to comparative result, determine the filtering rule of each filtering meter item in the described filter table to be installed, whether identical with the filtering rule of the correspondence position filtering meter item of described mounted filter table.
Wherein, second judgment sub-unit 111 further comprises:
Computation subunit 1110 is used for the valid data field according to described each filtering meter item of filter table to be installed, according to default algorithm, calculates the check code of each filtering meter item.
Compare subelement 1111, the check code that is used for more described each filtering meter item of filter table to be installed, whether identical with the check code of the filtering meter item of the correspondence position of described mounted filter table, according to comparative result, determine the filtering rule of each filtering meter item in the described filter table to be installed, whether identical with the filtering rule of the filtering meter item of the correspondence position of described mounted filter table.
Further, the check code of the filtering meter item of described relatively subelement 1111 in determining described filter table to be installed, when identical with the check code of the filtering meter item of the correspondence position of described mounted filter table, described relatively subelement 1111 is further used for, whether the filtering rule of more described filtering meter item is identical with the filtering rule of the filtering meter item of the correspondence position of described mounted filter table, if inequality, then the filtering rule of the filtering meter item of the correspondence position of the filtering rule of definite described filtering meter item and described mounted filter table is inequality.
Installation unit 12 is used for the result according to described judging unit 11 judgements, and filtering rule filtering meter item inequality in the described filter table to be installed is installed.
Obviously, those skilled in the art should be understood that, above-mentioned each module of the present invention or each step can realize with the general calculation device, they can concentrate on the single calculation element, perhaps be distributed on the network that a plurality of calculation element forms, alternatively, they can be realized with the executable program code of calculation element, thereby, they can be stored in the storage device and carry out by calculation element, perhaps they are made into each integrated circuit modules respectively, perhaps a plurality of with in them.
Module or step are made into the single integrated circuit module and realize.Like this, the present invention is not restricted to any specific hardware and software combination.Should be understood that the variation in these concrete enforcements is conspicuous for a person skilled in the art, do not break away from spiritual protection range of the present invention.
From the foregoing description as can be seen: the embodiment of the invention, when reconfiguring Access Control List (ACL) in the host exchange and cause filtering meter item to change, host exchange compares the relevant information of each filtering meter item in the relevant information of each filtering meter item in the current filter table and the last filter table, result according to coupling, determine the difference type of each filtering meter item in the current filter table, then according to the difference type of the filtering meter item that is provided with and the corresponding relation of ways of distribution, determine the ways of distribution of each filtering meter item in the current filter table, and each filtering meter item is distributed to from switch in the filter table after will upgrading according to corresponding ways of distribution, rather than all filtering meter items are distributed to fully from switch, reduced the distribution operation of filtering meter item in a large number, thereby reduced the mutual of data in principal and subordinate's switch, shorten the filtering meter item time of distributing, improved the efficient of filtering meter item distribution.And, from switch after receiving host exchange distribution filtering meter item, filtering meter item is saved in the current filter table of this purpose switch, upgrade the current filter table of this purpose switch, and according to the difference type of each filtering meter item of host exchange distribution, setting Setup Type of each filtering meter item in the current filter table from switch, when this purpose switch receives the installation order of host exchange, according to this Setup Type of each filtering meter item in the current filter table from switch, adopt corresponding mounting means to install, reduced the fitting operation of filtering meter item in a large number, shortened the time that filtering meter item is installed, improve the efficient that filtering meter item is installed, thereby increased the reaction speed of system, improved user experience.And, the relevant information of the embodiment of the invention each filtering meter item in current filter table with on when once the relevant information of each filtering meter item compares in the filter table, elder generation's twin check sign indicating number, rather than the direct filtering rule of filtering meter item record relatively, reduce the direct relatively number of times of the required comparison of filtering rule of filtering meter item in a large number, further improved efficient.
Obviously, those skilled in the art can carry out various changes and modification to the present invention and not break away from the spirit and scope of the present invention.Like this, if of the present invention these are revised and modification belongs within the scope of claim of the present invention and equivalent technologies thereof, then the present invention also is intended to comprise these changes and modification interior.

Claims (31)

1. the method for a filtering meter item distribution is characterized in that, comprising:
Host exchange is after upgrading current filter table, whether the filtering rule of judging each filtering meter item in the described current filter table once has record in the filter table of generation on described host exchange, and distributes unwritten filtering meter item in the filter table that filtering rule once generates on described in the described current filter table.
2. method according to claim 1 is characterized in that, in the filter table that the described filtering rule of judging each filtering meter item in the described current filter table once generates on described host exchange whether record is arranged, and comprising:
According to the valid data field of each filtering meter item in the described current filter table,, calculate the check code of each filtering meter item according to default algorithm;
The check code of each filtering meter item in the more described current filter table, whether identical with the check code of each filtering meter item of the described last filter table that generates, according to result relatively, determine whether the filtering rule of each filtering meter item in the described current filter table once has record in the filter table of generation on described.
3. method according to claim 2 is characterized in that, the check code of a filtering meter item in determining described current filter table, and when identical with the check code of a filtering meter item in the described last filter table that generates, this method further comprises:
Whether the filtering rule of the described filtering meter item in the filtering rule of the described filtering meter item in the more described current filter table and the described last filter table that generates is identical, if identical, determine that then the filtering rule of the described filtering meter item in the described current filter table once has record in the filter table of generation on described; Otherwise,
The filtering rule of determining the described filtering meter item in the described current filter table does not once have record in the filter table of generation on described.
4. according to claim 2 or 3 described methods, it is characterized in that when in the filtration that the filtering rule of a filtering meter item in determining described current filter table once generates record being arranged on described, this method comprises:
Whether the installation site of the filtering meter item of the described filtering rule of record is identical in the installation site of more described filtering meter item and the described last filter table that generates, if it is inequality, write down the primary index of described current filtering meter item and the purpose index that moves, and described primary index and mobile purpose index are distributed to from switch;
Wherein, described primary index is the installation site of the filtering meter item of the described filtering rule of record in the described last filter table that generates, and described purpose index is the installation site of described current filtering meter item.
5. method according to claim 4 is characterized in that, described from switch before the filtering meter item that receives described host exchange distribution, described filter table to be installed from switch is identical with mounted filter table, then this method further comprises:
Describedly receive the filtering meter item of described host exchange distribution from switch, if current location receive be filtering meter item, then this filtering meter item is recorded in corresponding position in the described filter table to be installed;
If current location receives is the primary index of filtering meter item and purpose index, then the described purpose index position of described filter table to be installed will be moved at the filtering meter item of described primary index in the mounted filter table;
If current location does not receive information, then skip the filtering meter item of current location.
6. method according to claim 1 is characterized in that, when whether record being arranged in the filter table that the described filtering rule of judging each filtering meter item in the described current filter table once generates on described host exchange, this method further comprises:
Determine the difference type of each filtering meter item in the described current filter table;
Unwritten filtering meter item in the filter table that then described distribution filtering rule once generates on described comprises:
According to the difference type of the filtering meter item that is provided with and the corresponding relation of whether distributing this filtering meter item, determine whether to distribute each filtering meter item in the described current filter table.
7. method according to claim 6 is characterized in that, the described difference type of determining each filtering meter item in the described current filter table comprises:
According to the valid data field of each filtering meter item in the described current filter table,, calculate the check code of each filtering meter item according to default algorithm;
The check code of each filtering meter item in the more described current filter table, whether identical with the check code of each filtering meter item of the described last filter table that generates, if do not exist in the filter table that the check code of the filtering meter item in the described current filter table once generates, determine that then the difference type of this filtering meter item in the described current filter table is newly-increased type on described.
8. method according to claim 7 is characterized in that, the check code of a filtering meter item in determining described current filter table, and when identical with the check code of a filtering meter item in the described last filter table that generates, this method comprises:
Whether the filtering rule of the described filtering meter item in the filtering rule of the described filtering meter item in the more described current filter table and the described last filter table that generates is identical, if inequality, determine that the difference type of the described filtering meter item in the described current filter table is newly-increased type; Otherwise,
The installation site of the filtering meter item in the more described current filter table, whether identical with the installation site of filtering meter item identical in the described last filter table that generates with the filtering rule of this filtering meter item, if it is identical, the difference type of then determining the described filtering meter item in the described current filter table is constant type, otherwise, the difference type of determining the described filtering meter item in the described current filter table is a mobile type, and writes down the primary index of described current filtering meter item and the purpose index that moves;
Then described each filtering meter item that determines whether to distribute in the described current filter table comprises:
Judge the difference type of each filtering meter item in the described current filter table, if the difference type of filtering meter item is then distributed this filtering meter item for newly-increased type;
If the difference type of filtering meter item is constant type, then do not distribute this filtering meter item;
If the difference type mobile type of filtering meter item then sends the primary index of this filtering meter item and the purpose index that moves.
9. method according to claim 8 is characterized in that, before the filtering meter item that receives described host exchange distribution, described filter table to be installed from switch is identical with mounted filter table from switch, and then this method further comprises:
The described filtering meter item that receives described host exchange distribution from switch, if what current location received is filtering meter item, then this filtering meter item is recorded in corresponding position in the described filter table to be installed, and the difference type of this filtering meter item is set to newly-increased type;
If primary index and mobile purpose index that current location receives for filtering meter item, then the described purpose index position of described filter table to be installed will be moved at the filtering meter item of described primary index in the mounted filter table, and the difference type of this filtering meter item is set to mobile type;
If current location does not receive information, then skip the filtering meter item of current location, and the difference type of this filtering meter item is set to constant type.
10. according to arbitrary described method in claim 1~3 or 5~8, it is characterized in that this method further comprises:
Described host exchange determines that the filtering meter item entry number is less than filtering meter item entry number in the described last filter table that generates in the current filter table, with filtering meter item entry number in the current filter table as the deletion index, send to from switch, described from switch according to described deletion index, the difference type of deleting this deletion index non-NULL filtering meter item afterwards in non-NULL filtering meter item after this deletion index in the filter table to be installed or the filter table to be installed is set to delete type.
11. a host exchange is characterized in that, comprising:
Judging unit is used for behind the filtering meter item that upgrades current filter table, judges whether the filtering rule of each filtering meter item in the described current filter table once has record in the filter table of generation on described host exchange;
Dispatching Unit is used for distributing unwritten filtering meter item in the filter table that described current filter table filtering rule once generates on described host exchange.
12. host exchange according to claim 11 is characterized in that, described judging unit comprises:
Computation subunit is used for the valid data field according to described current each filtering meter item of filter table, according to default algorithm, calculates the check code of each filtering meter item in the described current filter table;
First determines subelement, the check code that is used for more described current each filtering meter item of filter table, whether identical with the check code of each filtering meter item of the described last filter table that generates, according to result relatively, determine whether the filtering rule of each filtering meter item in the described current filter table once has record in the filter table of generation on described.
13. host exchange according to claim 12, it is characterized in that, determine that described first subelement determines the check code of a filtering meter item in the described current filter table, when identical with the check code of a filtering meter item in the described last filter table that generates, described first determines that subelement is further used for
Whether the filtering rule of the described filtering meter item in the filtering rule of the described filtering meter item in the more described current filter table and the described last filter table that generates is identical, if identical, determine that then the filtering rule of the described filtering meter item in the described current filter table once has record in the filter table of generation on described.
14. according to claim 12 or 13 described host exchanges, it is characterized in that, when described first determined in subelement determines that the filtering rule of a filtering meter item in the described current filter table once generates on the described filtration record to be arranged, described first determined that subelement is further used for
Whether the installation site of the filtering meter item of the described filtering rule of record is identical in the installation site of more described filtering meter item and the described last filter table that generates, if inequality, writes down the primary index of described current filtering meter item and the purpose index that moves;
Then described Dispatching Unit is further used for being distributed to described primary index and mobile purpose index described from switch;
Wherein, described primary index is the installation site of the filtering meter item of the described filtering rule of record in the described last filter table that generates, and described purpose index is the installation site of described current filtering meter item.
15. host exchange according to claim 11 is characterized in that, described judging unit is further used for determining in the current filter table filtering meter item entry number less than filtering meter item entry number in the described last filter table that generates,
Then described Dispatching Unit is further used for, and the entry number of current filter table as the deletion index, is sent to from switch.
16. host exchange according to claim 11 is characterized in that, described judging unit comprises:
Relatively subelement is used for the difference between more described current filter table and the described last filter table that generates;
Second determines subelement, is used for determining the difference type of each filtering meter item in the described current filter table according to described relatively subelement result relatively;
Then described Dispatching Unit is further used for, and according to the difference type of the filtering meter item that is provided with and the corresponding relation of whether distributing this filtering meter item, determines whether to distribute each filtering meter item in the described current filter table.
17. a system that distributes filtering meter item is characterized in that, comprising: host exchange and from switch, wherein:
Described host exchange, be used for behind the filtering meter item that upgrades current filter table, in the filter table that the filtering rule of judging each filtering meter item in the described current filter table once generates whether record is arranged on described host exchange, and unwritten filtering meter item in the filter table that on described, once generates of distribution filtering rule;
Described from switch, be used to receive the filtering meter item of described host exchange distribution, and, upgrade filter table to be installed according to the information that receives.
18. system according to claim 17 is characterized in that, described host exchange comprises:
Judging unit is used for behind the filtering meter item that upgrades current filter table, judges whether the filtering rule of each filtering meter item in the described current filter table once has record in the filter table of generation on described;
Dispatching Unit is used for distributing unwritten filtering meter item in the filter table that described current filter table filtering rule once generates on described.
19. the installation method of a filtering meter item, described filtering meter item is generated by host exchange, is distributed to from switch, describedly from switch described filtering meter item is installed, and it is characterized in that, comprising:
Judge the filtering rule of each filtering meter item in the filter table to be installed, whether identical with the filtering rule of the filtering meter item of the correspondence position of mounted filter table, and filtering rule filtering meter item inequality is installed.
20. method according to claim 19 is characterized in that, whether the filtering rule of each filtering meter item in the described judgement filter table to be installed is identical with the filtering rule of the filtering meter item of the correspondence position of mounted filter table, comprising:
Described from the difference type of switch according to each filtering meter item the described filter table to be installed, judge the filtering rule of each filtering meter item in the described filter table to be installed, whether identical with the filtering rule of the filtering meter item of the correspondence position of described mounted filter table.
21. method according to claim 20 is characterized in that, described difference type comprises: constant type;
Then, the filtering rule of each filtering meter item in the described filter table to be installed of described judgement, whether identical with the filtering rule of the filtering meter item of the correspondence position of described mounted filter table, comprising:
If the difference type of the described filtering meter item that receives from switch is constant type, then determine the filtering rule of this filtering meter item in the described filter table to be installed, identical with the filtering rule of the filtering meter item of the correspondence position of described mounted filter table;
Otherwise, determine the filtering rule of this filtering meter item in the described filter table to be installed, inequality with the filtering rule of the filtering meter item of the correspondence position of described mounted filter table.
22. method according to claim 19 is characterized in that, whether the filtering rule of each filtering meter item in the described judgement filter table to be installed is identical with the filtering rule of the correspondence position filtering meter item of mounted filter table, comprising:
Describedly receive described host exchange distribution filtering meter item from switch, after upgrading described filter table to be installed, whether the filtering rule of each filtering meter item in the more described filter table to be installed is identical with the filtering rule of the filtering meter item of the correspondence position of described mounted filter table.
23. method according to claim 22 is characterized in that, whether the filtering rule of each filtering meter item in the filter table described to be installed is identical with the filtering rule of the filtering meter item of the correspondence position of described mounted filter table, comprising:
According to the valid data field of each filtering meter item in the described filter table to be installed,, calculate the check code of each filtering meter item according to default algorithm;
The check code of each filtering meter item in the more described filter table to be installed, whether identical with the check code of the filtering meter item of the correspondence position of described mounted filter table, according to comparative result, determine the filtering rule of each filtering meter item in the described filter table to be installed, whether identical with the filtering rule of the filtering meter item of the correspondence position of described mounted filter table.
24. method according to claim 23, it is characterized in that, the check code of a filtering meter item in determining described filter table to be installed, when identical with the check code of the filtering meter item of the correspondence position of described mounted filter table, this method further comprises:
Whether the filtering rule of more described filtering meter item is identical with the filtering rule of the filtering meter item of the correspondence position of described mounted filter table, if inequality, then the filtering rule of the filtering meter item of the correspondence position of the filtering rule of definite described filtering meter item and described mounted filter table is inequality.
25. method according to claim 19 is characterized in that, this method further comprises:
Whether the entry number of judging described filter table to be installed less than the entry number of described mounted filter table, if then the entry number with described filter table to be installed is an index, deletes the filtering meter item after mounted this index; Perhaps
If the difference type mark of the filtering meter item in the described filter table to be installed has the deletion type, then this method further comprises: delete that the difference type is the filtering meter item of deletion type in the mounted described filter table to be installed.
26. one kind from switch, it is characterized in that, comprising:
Receiving element is used to receive the filtering meter item of host exchange distribution, and with the filtering meter item that receives, is saved in the filter table to be installed;
Whether judging unit is used for judging the filtering rule of described each filtering meter item of filter table to be installed, identical with the filtering rule of the filtering meter item of the correspondence position of mounted filter table;
Installation unit is used for the result according to described judgment unit judges, and filtering rule filtering meter item inequality in the described filter table to be installed is installed.
27. according to claim 26 from switch, it is characterized in that described judging unit comprises:
First judgment sub-unit, be used for difference type according to described each filtering meter item of filter table to be installed, judge the filtering rule of each filtering meter item in the described filter table to be installed, whether identical with the filtering rule of the filtering meter item of the correspondence position of described mounted filter table;
Wherein, whether the filtering rule of the described filtering meter item of described difference type mark changes.
28. according to claim 27 from switch, it is characterized in that described judging unit comprises:
Second judgment sub-unit, the filtering rule that is used for more described each filtering meter item of filter table to be installed, whether identical with the filtering rule of the filtering meter item of the correspondence position of described mounted filter table, according to comparative result, determine the filtering rule of each filtering meter item in the described filter table to be installed, whether identical with the filtering rule of the correspondence position filtering meter item of described mounted filter table.
29. according to claim 28 from switch, it is characterized in that described second judgment sub-unit comprises:
Computation subunit is used for the valid data field according to described each filtering meter item of filter table to be installed, according to default algorithm, calculates the check code of each filtering meter item;
Compare subelement, the check code that is used for more described each filtering meter item of filter table to be installed, whether identical with the check code of the filtering meter item of the correspondence position of described mounted filter table, according to comparative result, determine the filtering rule of each filtering meter item in the described filter table to be installed, whether identical with the filtering rule of the filtering meter item of the correspondence position of described mounted filter table.
30. it is according to claim 29 from switch, it is characterized in that, the check code of the filtering meter item of described relatively subelement in determining described filter table to be installed is when identical with the check code of the filtering meter item of the correspondence position of described mounted filter table
Described relatively subelement is further used for, whether the filtering rule of more described filtering meter item is identical with the filtering rule of the filtering meter item of the correspondence position of described mounted filter table, if inequality, then the filtering rule of the filtering meter item of the correspondence position of the filtering rule of definite described filtering meter item and described mounted filter table is inequality.
31. the system of a mounting filtering meter item is characterized in that, comprising: host exchange and from switch, wherein:
Described host exchange is used for distributing filtering meter item to described from switch, and to the described order that sends mounting filtering meter item from switch;
Described from switch, the filtering meter item that is used for will receiving from described host exchange distribution is saved in filter table to be installed, when the order of the mounting filtering meter item that receives described host exchange, judge the filtering rule of each filtering meter item in the described filter table to be installed, whether identical with the filtering rule of the filtering meter item of the correspondence position of mounted filter table, and filtering rule filtering meter item inequality is installed.
CN2008101032470A 2008-04-01 2008-04-01 Method, apparatus and system for distributing and mounting filtering meter item Expired - Fee Related CN101257458B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2008101032470A CN101257458B (en) 2008-04-01 2008-04-01 Method, apparatus and system for distributing and mounting filtering meter item

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2008101032470A CN101257458B (en) 2008-04-01 2008-04-01 Method, apparatus and system for distributing and mounting filtering meter item

Publications (2)

Publication Number Publication Date
CN101257458A CN101257458A (en) 2008-09-03
CN101257458B true CN101257458B (en) 2010-07-07

Family

ID=39891938

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2008101032470A Expired - Fee Related CN101257458B (en) 2008-04-01 2008-04-01 Method, apparatus and system for distributing and mounting filtering meter item

Country Status (1)

Country Link
CN (1) CN101257458B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101534301B (en) * 2009-04-13 2012-09-05 北京星网锐捷网络技术有限公司 List item installation method and device as well as network equipment
CN102882812B (en) * 2012-09-19 2016-01-27 瑞斯康达科技发展股份有限公司 The arbitration device of a kind of territory processor application function, method and installation method
CN112702311B (en) * 2020-11-30 2022-10-14 锐捷网络股份有限公司 Port-based message filtering method and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1518289A (en) * 2003-01-17 2004-08-04 华为技术有限公司 Safety filtering method based on Ethernet exchanger
CN1545254A (en) * 2003-11-13 2004-11-10 中兴通讯股份有限公司 A method of fast data packet filtering
CN1848814A (en) * 2005-04-12 2006-10-18 富士通株式会社 Filtering frames at an input port of a switch

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1518289A (en) * 2003-01-17 2004-08-04 华为技术有限公司 Safety filtering method based on Ethernet exchanger
CN1545254A (en) * 2003-11-13 2004-11-10 中兴通讯股份有限公司 A method of fast data packet filtering
CN1848814A (en) * 2005-04-12 2006-10-18 富士通株式会社 Filtering frames at an input port of a switch

Also Published As

Publication number Publication date
CN101257458A (en) 2008-09-03

Similar Documents

Publication Publication Date Title
KR102577139B1 (en) Smart contract-based data processing methods, devices, and storage media
US9043622B2 (en) Energy management device and power management system
CN100454326C (en) Access controller and access control method
CN105183504B (en) Process white list updating method based on software server
EP2055049B1 (en) A push update system
US7836174B2 (en) Systems and methods for grid-based data scanning
JP4020912B2 (en) Unauthorized access detection device, unauthorized access detection program, and unauthorized access detection method
CN103634315A (en) Front end control method and system of domain name server (DNS)
CN111901705B (en) OMCI function virtualization system of OLT equipment
JP2008160803A (en) Access control system
CN103404093A (en) Communication system, database, control device, communication method and program
CN101345743A (en) Method and system for preventing network attack by utilizing address analysis protocol
CN101540755A (en) Method, system and device for recovering data
CN103457878A (en) Network accessing control method based on streams
CN110798459B (en) Multi-safety-node linkage defense method based on safety function virtualization
CN112187740B (en) Network access control method and device, electronic equipment and storage medium
CN101562558A (en) Method, system and device for terminal grade classification
CN101378329B (en) Distributed business operation support system and method for implementing distributed business
CN101257458B (en) Method, apparatus and system for distributing and mounting filtering meter item
CN103414641A (en) Neighbor table item release method, device and network equipment
CN110868392A (en) Block chain safety control method and device based on SDN and block chain network
CN101800752B (en) Method and system for improving safety and performance of domain name system (DNS)
CN101277302A (en) Apparatus and method for safety centralized protection of distributed network equipment
CN102231733B (en) Access control method, host device and identifier router
US10333792B2 (en) Modular controller in software-defined networking environment and operating method thereof

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
C17 Cessation of patent right
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20100707

Termination date: 20140401