CN101645852B - Equipment and method for classifying network packet - Google Patents

Equipment and method for classifying network packet Download PDF

Info

Publication number
CN101645852B
CN101645852B CN2009102036628A CN200910203662A CN101645852B CN 101645852 B CN101645852 B CN 101645852B CN 2009102036628 A CN2009102036628 A CN 2009102036628A CN 200910203662 A CN200910203662 A CN 200910203662A CN 101645852 B CN101645852 B CN 101645852B
Authority
CN
China
Prior art keywords
node
module
label
linear
keyword
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN2009102036628A
Other languages
Chinese (zh)
Other versions
CN101645852A (en
Inventor
王永纲
章涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
University of Science and Technology of China USTC
Original Assignee
University of Science and Technology of China USTC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by University of Science and Technology of China USTC filed Critical University of Science and Technology of China USTC
Priority to CN2009102036628A priority Critical patent/CN101645852B/en
Publication of CN101645852A publication Critical patent/CN101645852A/en
Application granted granted Critical
Publication of CN101645852B publication Critical patent/CN101645852B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本发明提出了一种网络包分类设备和方法。该设备包括:流水线树搜索模块,其用于接收网络包的关键字,对树结构的前K层进行搜索,将搜索得到的下一节点地址和线性比较信息以及关键字发送给分类核心和/或输出网络包标识符和流标识符,其中K为正整数;分类核心,其用于接收流水线树搜索模块输出的关键字、下一节点地址和线性比较信息,访问节点存储器和规则存储器,对树结构的K层以下的部分进行搜索并进行线性规则比较,输出网络包标识符和流标识符;节点存储器,其用于存储树结构的K层以后的节点信息;规则存储器,其用于存储线性比较规则。本发明所提出的网络包分类的设备和方法提高了存储器利用率和包分类速度。

Figure 200910203662

The invention provides a network packet classification device and method. The device includes: a pipeline tree search module, which is used to receive the keyword of the network packet, search the first K layers of the tree structure, and send the searched next node address and linear comparison information and keywords to the classification core and/or Or output network packet identifier and flow identifier, wherein K is a positive integer; Classification core, it is used to receive the key word that pipeline tree search module outputs, next node address and linear comparison information, access node memory and rule memory, to The part below the K layer of the tree structure is searched and compared with linear rules, and the network packet identifier and flow identifier are output; the node memory is used to store the node information after the K layer of the tree structure; the rule memory is used to store Linear comparison rules. The device and method for network packet classification proposed by the invention improve memory utilization and packet classification speed.

Figure 200910203662

Description

一种网络包分类的设备和方法Device and method for classifying network packets

技术领域technical field

本发明一般地涉及计算机网络通讯领域,更具体地涉及网络包的分类技术。The present invention generally relates to the field of computer network communication, and more specifically relates to the classification technology of network packets.

背景技术Background technique

包分类是计算机网络通讯和网络安全领域的一项基础技术。随着因特网的蓬勃发展,网络负载迅速增长,超过了路由器容量的增长速度,导致网络拥塞和报文丢失现象。传统路由器对每个网络包都“平等、尽力服务”的形式已经不再使所有网络用户满意,有的用户愿意花费更多的钱来获得更好的网络服务,这需要路由器提供差别服务、流量整形、流量计费等功能,这些要求直接促成了包分类技术的发展和应用。而随着多媒体业务,P2P应用的日益普及,以及恶意攻击和扫描,病毒和蠕虫等在因特网上的泛滥,要求防火墙设备能够以很高的速度处理大量的网络连接,并跟踪这些连接状态。所有这些背景和应用都要求设备要能对网络包进行分类,根据网络包的源地址、目的地址、源端口号、目的端口号等域的内容,与既定的规则集合匹配,识别不同的网络包,并对其特殊处理。Packet classification is a basic technology in the field of computer network communication and network security. With the vigorous development of the Internet, the network load increases rapidly, exceeding the growth rate of the router capacity, resulting in network congestion and packet loss. The form of "equal and best-effort service" for each network packet by traditional routers no longer satisfies all network users. Some users are willing to spend more money to obtain better network services, which requires routers to provide differentiated services, traffic Shaping, traffic accounting and other functions, these requirements directly contributed to the development and application of packet classification technology. With the increasing popularity of multimedia services and P2P applications, as well as the flooding of malicious attacks and scanning, viruses and worms on the Internet, firewall devices are required to handle a large number of network connections at a high speed and track the connection status. All these backgrounds and applications require the device to be able to classify network packets, and identify different network packets according to the content of the source address, destination address, source port number, destination port number and other fields of the network packet, matching with the established rule set , and treat it specially.

目前很多研究已经可以实现在OC-48(2.5Gbps)的情况下对网络包进行线速分类,但在更高的速度如OC-192(10Gbps),OC-384(20Gbps)以上,更多的规则数10k量级以上,实现线速包分类还是一个困难的事情。目前的实现主要是基于TCAM(Ternary Content Addressable Memory,三进制内容可寻址存储器)。TCAM有如下缺点:价格昂贵;功耗大;密度低。TCAM存在的种种问题促使人们探索新的包分类实现。At present, many studies have been able to classify network packets at a wire speed in the case of OC-48 (2.5Gbps), but at higher speeds such as OC-192 (10Gbps), OC-384 (20Gbps), more The number of rules is more than 10k, and it is still difficult to realize line-speed packet classification. The current implementation is mainly based on TCAM (Ternary Content Addressable Memory, ternary content addressable memory). TCAM has the following disadvantages: expensive; high power consumption; low density. Various problems in TCAM prompt people to explore new packet classification implementations.

HiCuts算法(Packet Classification using Hierarchical Intelligent Cuttings)是Pankaj Gupta和Nick Mckeown提出的一种有效的树型结构包分类算法。它将d个域的规则看作d维空间的矩形,对d维空间按一定原则不断分割,直到分布在各子空间的规则数小于一定数目。分割的过程可以用树来表示,树的节点存储每次分割的信息,如选择哪一维来分割,分割多少次等。规则分布在树的叶子节点下。包头搜索时从树的根节点开始,沿着树的路径进行直到叶子节点,然后将IP包和叶子节点下的少量规则线性比较,即可完成包分类。HiCuts algorithm (Packet Classification using Hierarchical Intelligent Cuttings) is an effective tree structure packet classification algorithm proposed by Pankaj Gupta and Nick Mckeown. It regards the rules of d domains as rectangles of d-dimensional space, and divides the d-dimensional space according to certain principles until the number of rules distributed in each subspace is less than a certain number. The process of splitting can be represented by a tree, and the nodes of the tree store the information of each split, such as which dimension to choose for splitting, how many times to split, and so on. The rules are distributed under the leaf nodes of the tree. Packet header search starts from the root node of the tree, proceeds along the path of the tree to the leaf node, and then compares the IP packet linearly with a small number of rules under the leaf node to complete the packet classification.

目前已经有一些基于HiCuts算法的包分类方法,例如在计算机系统的CPU或网络处理器中使用软件对HiCuts树进行搜索,但是受到设备运行效率和算法实现结构的影响,分类速度较低。At present, there are some packet classification methods based on HiCuts algorithm, such as using software in the CPU or network processor of the computer system to search the HiCuts tree, but due to the influence of equipment operating efficiency and algorithm implementation structure, the classification speed is low.

发明内容Contents of the invention

为了解决上述问题之一,本发明提出了一种网络包分类设备,包括流水线树搜索模块、分类核心、节点存储器和规则存储器。所述流水线树搜索模块用于接收网络包的关键字,对树结构的前K层进行搜索,将搜索得到的下一节点地址和线性比较信息以及所述关键字发送给所述分类核心和/或输出网络包标识符和流标识符,其中K为正整数;所述分类核心用于接收所述流水线树搜索模块输出的所述关键字、下一节点地址和线性比较信息,访问所述节点存储器和规则存储器,对所述树结构的K层以下的部分进行搜索并进行线性规则比较,输出所述网络包标识符和流标识符;所述节点存储器用于存储所述树结构的K层以后的节点信息;所述规则存储器用于存储线性比较规则。In order to solve one of the above problems, the present invention proposes a network packet classification device, which includes a pipeline tree search module, a classification core, a node memory and a rule memory. The pipeline tree search module is used to receive the keyword of the network packet, search the first K layers of the tree structure, and send the searched next node address and linear comparison information and the keyword to the classification core and/or Or output network packet identifier and flow identifier, wherein K is a positive integer; The classification core is used to receive the keyword, the next node address and linear comparison information output by the pipeline tree search module, and access the node Memory and rule memory, search the part below the K layer of the tree structure and perform linear rule comparison, output the network packet identifier and flow identifier; the node memory is used to store the K layer of the tree structure Subsequent node information; the rule memory is used to store linear comparison rules.

根据本发明的实施例,所述流水线树搜索模块包括根节点寄存器、K-1个单层节点存储器模块、根节点搜索模块、K-1个节点搜索模块以及控制模块。其中,所述根节点寄存器用于存放所述树结构的根节点信息;所述K-1个单层节点存储器模块包括第二层单层节点存储器模块到第K层单层节点存储器模块,其中每个所述单层节点存储器模块用于存储所述树结构的前K层除根节点之外的其中一层节点的节点信息;所述根节点搜索模块用于接收所述关键字,访问所述根节点寄存器,对根节点进行搜索,将所述关键字以及搜索得到的下一节点地址、线性比较信息和/或所述关键字的流标识符发送到所述第二层节点搜索模块;所述K-1个节点搜索模块包括相级联的第二层节点搜索模块到第K层节点搜索模块,每个所述节点搜索模块用于接收所述根节点搜索模块或上一层节点搜索模块发送的所述关键字以及下一节点地址、线性比较信息和/或所述关键字的流标识符,从相应的所述单层节点存储器模块中取出相应的节点,对其进行搜索,并将搜索结果发送到下一层节点搜索模块;其中所述第K层节点搜索模块用于将所述关键字以及搜索得到的下一节点地址、线性比较信息和/或流标识符发送给所述控制模块;所述控制模块用于接收所述第K层节点搜索模块发送的所述关键字以及下一节点地址、线性比较信息和/或流标识符,输出所述网络包标识符和流标识符和/或将所述关键字、下一节点地址和线性比较信息发送给所述分类核心。According to an embodiment of the present invention, the pipeline tree search module includes a root node register, K-1 single-layer node memory modules, a root node search module, K-1 node search modules and a control module. Wherein, the root node register is used to store the root node information of the tree structure; the K-1 single-layer node memory modules include the second layer single-layer node memory module to the Kth layer single-layer node memory module, wherein Each of the single-layer node memory modules is used to store the node information of one layer of nodes in the first K layers of the tree structure except the root node; the root node search module is used to receive the keyword, access the The root node register is used to search the root node, and send the keyword and the searched next node address, linear comparison information and/or the stream identifier of the keyword to the second layer node search module; The K-1 node search modules include cascaded second layer node search modules to the Kth layer node search module, each of the node search modules is used to receive the root node search module or the upper layer node search module The key and the next node address, linear comparison information and/or the stream identifier of the key are sent, and the corresponding node is taken out from the corresponding single-layer node memory module, searched for, and The search result is sent to the next-level node search module; wherein the K-th layer node search module is used to send the keyword and the searched next node address, linear comparison information and/or flow identifier to the control module; the control module is used to receive the keyword and the next node address, linear comparison information and/or flow identifier sent by the K-th layer node search module, and output the network packet identifier and flow identifier And/or sending the keyword, next node address and linear comparison information to the sorting core.

根据本发明的实施例,所述分类核心包括标签分配模块、并行树搜索模块、并行线性规则比较模块和核心分类结果池。其中,所述标签分配模块用于接收所述流水线树搜索模块输出的所述关键字、下一节点地址和线性比较信息,给每一个所述关键字分配一个标签,将所述标签、关键字和下一节点地址发送给所述并行树搜索模块,并将所述标签、关键字和线性比较信息发送给所述并行线性规则比较模块,以及接收所述核心分类结果池送回的标签并循环使用;所述并行树搜索模块用于接收所述标签分配模块发送的所述标签、关键字和下一节点地址,根据所述下一节点地址访问所述节点存储器,进行树搜索,找到叶子节点,如果所述叶子节点为空节点,则输出所述标签和默认流标识符,如果所述叶子节点为非空节点,则将所述标签和线性比较信息发送到所述并行线性规则比较模块;所述并行线性规则比较模块用于接收所述标签分配模块和所述并行树搜索模块发送的标签,关键字和线性比较信息,访问所述规则存储器,生成与所述关键字相匹配的流标识符,将所述标签、网络包标识符和流标识符发送到所述核心分类结果池;所述核心分类结果池用于接收所述并行树搜索模块和所述并行线性规则比较模块发送的所述标签、网络包标识符和流标识符,将所述标签发送到所述标签分配模块,并输出所述网络包标识符和流标识符。According to an embodiment of the present invention, the classification core includes a label assignment module, a parallel tree search module, a parallel linear rule comparison module and a core classification result pool. Wherein, the label allocation module is used to receive the keywords, next node address and linear comparison information output by the pipeline tree search module, assign a label to each of the keywords, and combine the labels, keywords and the next node address are sent to the parallel tree search module, and the label, keyword and linear comparison information are sent to the parallel linear rule comparison module, and the label sent back by the core classification result pool is received and circulated Use; the parallel tree search module is used to receive the label, keyword and next node address sent by the label allocation module, access the node memory according to the next node address, perform tree search, and find the leaf node , if the leaf node is an empty node, then output the label and a default flow identifier, if the leaf node is a non-empty node, then send the label and linear comparison information to the parallel linear rule comparison module; The parallel linear rule comparison module is used to receive the labels, keywords and linear comparison information sent by the label allocation module and the parallel tree search module, access the rule storage, and generate flow identifiers matching the keywords character, send the label, network packet identifier and flow identifier to the core classification result pool; the core classification result pool is used to receive the data sent by the parallel tree search module and the parallel linear rule comparison module the label, the network packet identifier and the flow identifier, send the label to the label allocation module, and output the network packet identifier and the flow identifier.

根据本发明的实施例,所述并行树搜索模块包括树搜索关键字缓存器、标签和下一节点地址队列模块、树搜索引擎调度器和多个树搜索引擎。其中,所述树搜索关键字缓存器用于存储所述标签分配模块发送的所述关键字;所述标签和下一节点地址队列模块用于存储所述标签分配模块发送的所述标签和下一节点地址;所述树搜索引擎调度器用于控制所述多个树搜索引擎,当存在空闲的树搜索引擎且所述标签和下一节点地址队列模块不为空时,读出所述标签和下一节点地址队列模块中的一个标签和下一节点地址发送到所述空闲的树搜索引擎,启动所述空闲的树搜索引擎;所述树搜索引擎用于在所述树搜索引擎调度器的控制下启动,根据所述标签和下一节点地址访问所述树搜索关键字缓存器和所述节点存储器,从所述树搜索关键字缓存器中读出所述关键字的域,搜索所述树结构直到叶子节点,如果所述叶子节点为空节点,则输出所述标签、网络包标识符和默认流标识符,如果叶子节点为非空节点,则输出所述标签和线性比较信息。According to an embodiment of the present invention, the parallel tree search module includes a tree search key buffer, a tag and next node address queue module, a tree search engine scheduler and multiple tree search engines. Wherein, the tree search key buffer is used to store the key sent by the label allocation module; the label and next node address queue module is used to store the label and the next node address sent by the label allocation module. Node address; the tree search engine scheduler is used to control the multiple tree search engines, when there is an idle tree search engine and the label and the next node address queue module are not empty, read the label and the next node address A label and the next node address in a node address queue module are sent to the idle tree search engine to start the idle tree search engine; the tree search engine is used for the control of the tree search engine scheduler Start up, access the tree search keyword buffer and the node memory according to the label and the next node address, read the domain of the keyword from the tree search keyword buffer, and search the tree The structure goes up to the leaf node, if the leaf node is an empty node, then output the label, network packet identifier and default flow identifier, if the leaf node is a non-empty node, then output the label and linear comparison information.

根据本发明的实施例,所述树搜索关键字缓存器为双端口存储器。According to an embodiment of the present invention, the tree search key buffer is a dual-port memory.

根据本发明的实施例,所述并行线性规则比较模块包括线性比较关键字缓存器、第一标签和线性比较信息队列模块、第二标签和线性比较信息队列模块、规则比较器、线性比较引擎调度器和多个线性比较引擎。其中,所述线性比较关键字缓存器用于接收所述并行树搜索模块发送的所述关键字;所述第一标签和线性比较信息队列模块用于存放所述标签分配模块发送的所述标签和线性比较信息;所述第二标签和线性比较信息队列模块用于存放所述树搜索模块发送的所述标签和线性比较信息;所述线性比较引擎调度器用于控制所述多个线性比较引擎,当存在空闲的线性比较引擎并且所述第一标签和线性比较信息队列模块和所述第二标签和线性比较信息队列模块中至少有一个非空时,将所述标签和线性比较信息发送到所述空闲的线性比较引擎,启动所述空闲的线性比较引擎;所述线性比较引擎用于在所述线性比较引擎调度器的控制下,根据所述标签访问所述线性比较关键字缓存器,根据所述线性比较信息访问所述线性规则存储器,接收所述规则比较器的比较结果,直到找到与所述关键字相匹配的规则或比较完叶子节点下的所有规则,得到与所述关键字相匹配的流标识符或默认流标识符,输出所述标签、网络包标识符和流标识符;所述规则比较器用于接收所述线性比较关键字缓存器发送的所述关键字,与所述线性规则存储器输出的规则相比较,将比较结果发送到所述线性比较引擎。According to an embodiment of the present invention, the parallel linear rule comparison module includes a linear comparison keyword buffer, a first label and a linear comparison information queue module, a second label and a linear comparison information queue module, a rule comparator, and a linear comparison engine scheduling registers and multiple linear comparison engines. Wherein, the linear comparison keyword buffer is used to receive the keyword sent by the parallel tree search module; the first tag and linear comparison information queue module is used to store the tag and the tag sent by the tag assignment module. Linear comparison information; the second label and linear comparison information queue module is used to store the label and linear comparison information sent by the tree search module; the linear comparison engine scheduler is used to control the multiple linear comparison engines, When there is an idle linear comparison engine and at least one of the first label and linear comparison information queue module and the second label and linear comparison information queue module is not empty, send the label and linear comparison information to the The idle linear comparison engine is used to start the idle linear comparison engine; the linear comparison engine is used to access the linear comparison keyword buffer according to the label under the control of the linear comparison engine scheduler, according to The linear comparison information accesses the linear rule storage, receives the comparison result of the rule comparator, until a rule matching the keyword is found or all the rules under the leaf nodes are compared, and a rule corresponding to the keyword is obtained. Matching flow identifier or default flow identifier, output the label, network packet identifier and flow identifier; the rule comparator is used to receive the keyword sent by the linear comparison keyword buffer, and the The rules output by the linear rule memory are compared, and the comparison result is sent to the linear comparison engine.

根据本发明的实施例,所述线性比较关键字缓存器为双端口存储器。According to an embodiment of the present invention, the linear comparison key register is a dual-port memory.

根据本发明的实施例,所述节点存储器和规则存储器中至少一个为双端口存储器。According to an embodiment of the present invention, at least one of the node memory and the rule memory is a dual-port memory.

根据本发明的实施例,所述设备还包括:分类结果汇总模块,其与所述流水线树搜索模块和所述分类核心连接,用于接收所述流水线树搜索模块和所述分类核心产生的所述关键字标识符和所述流标识符,输出分类结果。According to an embodiment of the present invention, the device further includes: a sorting result summarization module, which is connected to the pipeline tree search module and the sorting core, and is used to receive the results generated by the pipeline tree searching module and the sorting core. The keyword identifier and the stream identifier are used to output a classification result.

根据本发明的实施例,所述分类核心包括至少两个分类核心,所述流水线树搜索模块还用于将所述关键字、下一节点地址和线性比较信息发送给空闲的分类核心。According to an embodiment of the present invention, the sorting core includes at least two sorting cores, and the pipeline tree search module is further configured to send the keyword, next node address and linear comparison information to an idle sorting core.

根据本发明的实施例,所述网络包分类设备集成在单芯片中。According to an embodiment of the present invention, the network packet classification device is integrated in a single chip.

本发明还提出了一种网络包分类的方法,包括以下步骤:流水线树搜索模块接收网络包的关键字,对树结构的前K层进行搜索,将搜索得到的下一节点地址和线性比较信息以及所述关键字发送给分类核心和/或输出网络包标识符和流标识符,其中K为正整数;所述分类核心接收所述流水线树搜索模块输出的所述关键字、下一节点地址和线性比较信息,访问所述节点存储器和规则存储器,对所述树结构的K层以下的部分进行搜索并进行线性规则比较,输出所述网络包标识符和流标识符,其中,所述节点存储器用于存储所述树结构的K层以后的节点信息,所述规则存储器用于存储线性比较规则。The present invention also proposes a method for classifying network packets, comprising the following steps: the pipeline tree search module receives the keyword of the network packet, searches the first K layers of the tree structure, and searches the next node address and linear comparison information And the keyword is sent to the classification core and/or output network packet identifier and flow identifier, wherein K is a positive integer; the classification core receives the keyword and the next node address output by the pipeline tree search module and linear comparison information, accessing the node memory and rule memory, searching the part below the K layer of the tree structure and performing linear rule comparison, and outputting the network packet identifier and flow identifier, wherein the node The storage is used to store node information after the K level of the tree structure, and the rule storage is used to store linear comparison rules.

本发明所提出的网络包分类的设备和方法,避免了使用TCAM,提高了存储器利用率和包分类速度。The device and method for classifying network packets proposed by the invention avoids the use of TCAM and improves memory utilization and packet classification speed.

附图说明Description of drawings

本发明上述的和/或附加的方面和优点从下面结合附图对实施例的描述中将变得明显和容易理解,其中:The above and/or additional aspects and advantages of the present invention will become apparent and easy to understand from the following description of the embodiments in conjunction with the accompanying drawings, wherein:

图1为根据本发明的一个实施例的树节点的数据结构示意图;FIG. 1 is a schematic diagram of a data structure of a tree node according to an embodiment of the present invention;

图2为根据本发明的一个实施例的网络包分类设备的结构示意图;Fig. 2 is a schematic structural diagram of a network packet classification device according to an embodiment of the present invention;

图3为根据本发明的一个实施例的流水线树搜索模块的结构示意图;FIG. 3 is a schematic structural diagram of a pipeline tree search module according to an embodiment of the present invention;

图4为根据本发明的一个实施例的分类核心的结构示意图;FIG. 4 is a schematic structural diagram of a classification core according to an embodiment of the present invention;

图5为根据本发明的一个实施例的并行树搜索模块的结构示意图;FIG. 5 is a schematic structural diagram of a parallel tree search module according to an embodiment of the present invention;

图6为根据本发明的一个实施例的并行线性规则比较模块的结构示意图;6 is a schematic structural diagram of a parallel linear rule comparison module according to an embodiment of the present invention;

图7为根据本发明的一个实施例的占用空间随规则数的变化曲线示意图;Fig. 7 is a schematic diagram of the change curve of the occupied space with the rule number according to an embodiment of the present invention;

图8为根据本发明的一个实施例的分类速度随规则数的变化曲线示意图。Fig. 8 is a schematic diagram of the variation curve of classification speed with the number of rules according to an embodiment of the present invention.

具体实施方式Detailed ways

下面详细描述本发明的实施例,所述实施例的示例在附图中示出。下面通过参考附图描述的实施例是示例性的,仅用于解释本发明,而不能解释为对本发明的限制。Embodiments of the invention are described in detail below, examples of which are illustrated in the accompanying drawings. The embodiments described below by referring to the figures are exemplary only for explaining the present invention and should not be construed as limiting the present invention.

本发明进行包分类前首先要对原始规则进行分割建立HiCuts树,分割建树以后所有的原始规则被表示成范围形式,由规则上界和规则下界组成,为简便起见,将规则上界和规则下界统称规则。Before packet classification, the present invention first divides the original rules to establish a HiCuts tree. After the tree is divided, all original rules are expressed in a range form, which is composed of a rule upper bound and a rule lower bound. For simplicity, the rule upper bound and the rule lower bound collectively referred to as rules.

作为本发明的一个实施例,使用的关键字由源地址、目的地址、源端口号、目的端口号、IP层协议、TOS(Type of Service,服务类型)和网络包标识符组成。作为本发明的一个实施例,使用的规则由源地址、目的地址、源端口号、目的端口号、IP层协议、TOS(Type of Service,服务类型)和流标识符组成。网络包标识符用来在分类完成之后,找到网络包标识符对应的网络包,按设备输出的流标识符对其进行处理。作为本发明的一个实施例,如果没有找到与关键字相匹配的流标识符,则输出0XFFFF,在本说明书中称为默认流标识符。As an embodiment of the present invention, the keyword used is made up of source address, destination address, source port number, destination port number, IP layer protocol, TOS (Type of Service, service type) and network packet identifier. As an embodiment of the present invention, the rule used is made up of source address, destination address, source port number, destination port number, IP layer protocol, TOS (Type of Service, type of service) and stream identifier. The network packet identifier is used to find the network packet corresponding to the network packet identifier after the classification is completed, and process it according to the flow identifier output by the device. As an embodiment of the present invention, if no stream identifier matching the keyword is found, 0XFFFF is output, which is called a default stream identifier in this specification.

作为本发明的一个实施例,HiCuts树使用的节点结构如附图1所示,包括中间节点和叶子节点。节点宽度选取32位。其中中间节点和叶子节点用1位的标志F来区分,F为0则为中间节点,F为1则为叶子节点。除标志F外,中间节点还有以下四部分:分割域C、起始位S、掩码M、子节点地址A。分割域占用3位,是在对该节点进行分割时选取的域的序号;起始位占用5位,是分割该域时涉及的最低位的位置;掩码占用8位,对分割无关的位进行保护;子节点地址占用15位,是分割后产生的子节点在存储时的基址。除标志外,子节点还有以下部分:规则数RC和规则起始地址RA。规则数RC占用3位,表明该叶子节点下规则的数目。规则起始地址占用24位,是这些规则在规则存储器里存放的起始位置。当叶子节点的规则数RC等于0时,则称该叶子节点为空节点。As an embodiment of the present invention, the node structure used in the HiCuts tree is shown in Figure 1, including intermediate nodes and leaf nodes. Select 32 bits for the node width. Among them, the intermediate node and the leaf node are distinguished by a 1-bit flag F, if F is 0, it is an intermediate node, and if F is 1, it is a leaf node. In addition to the flag F, the intermediate node has the following four parts: segmentation field C, start bit S, mask M, child node address A. The split field occupies 3 bits, which is the serial number of the field selected when splitting the node; the start bit occupies 5 bits, which is the position of the lowest bit involved in splitting the field; the mask occupies 8 bits, which are irrelevant to the split For protection; the sub-node address occupies 15 bits, which is the base address of the sub-node generated after splitting when stored. In addition to the flag, the child node also has the following parts: the rule number RC and the rule start address RA. The rule number RC occupies 3 bits, indicating the number of rules under the leaf node. The rule starting address occupies 24 bits, which is the starting position where these rules are stored in the rule memory. When the rule number RC of a leaf node is equal to 0, the leaf node is called an empty node.

作为本发明的一个实施例,对树节点的搜索包括以下步骤:As an embodiment of the present invention, the search for tree nodes includes the following steps:

(1)根据下一节点地址从相应节点存储器中取出节点。如果是根节点则无需下一节点地址,直接从根节点寄存器中取出根节点。(1) Take out the node from the corresponding node memory according to the address of the next node. If it is the root node, the address of the next node is not needed, and the root node is directly taken out from the root node register.

(2)如果节点标志F为0,即该节点为中间节点,则跳转到第(3)步,如果节点标志F为1,即该节点为叶子节点,则跳转到第(4)步。(2) If the node flag F is 0, that is, the node is an intermediate node, then jump to step (3), if the node flag F is 1, that is, the node is a leaf node, then jump to step (4) .

(3)根据节点的分割域C选取关键字中的相应域,将该域高位补0扩展至32位后右移S位,取高8位和掩码M相与,然后和子节点地址A相加输出下一节点地址,然后跳转至(1)执行。(3) Select the corresponding field in the keyword according to the segmented field C of the node, expand the high bit of the field with 0 to 32 bits, then shift S bits to the right, take the high 8 bits and mask M, and then match with the child node address A Add and output the address of the next node, and then jump to (1) for execution.

(4)如果叶子节点的规则数RC不等于0,即该节点为非空叶子节点,则输出规则数RC和规则起始地址RA,下面将规则数RC和规则起始地址RA合称为线性比较信息。如果叶子节点的规则数RC等于0,即该节点为空节点,则输出网络包标识符和默认流标识符。(4) If the rule number RC of the leaf node is not equal to 0, that is, the node is a non-empty leaf node, the rule number RC and the rule start address RA are output. The rule number RC and the rule start address RA are collectively called linear Compare information. If the rule number RC of the leaf node is equal to 0, that is, the node is an empty node, then output the network packet identifier and the default flow identifier.

如图2所示为本发明的一个实施例的网络包分类设备的结构示意图,该网络包分类设备包括流水线树搜索模块、节点存储器、规则存储器、2个分类核心和分类结果汇总模块。As shown in Figure 2, it is a schematic structural diagram of a network packet classification device according to an embodiment of the present invention. The network packet classification device includes a pipeline tree search module, a node memory, a rule memory, 2 classification cores and a classification result summary module.

其中,流水线树搜索模块用于接收网络包的关键字,对树结构的前K层进行搜索。作为本发明的一个实施例,K可根据树的特点来选取,如果MAX_CUTS较小,而树深度较深,K可取稍大的值,如果MAX_CUTS较大,而树深度较浅,K可取较小的值,其中MAX_CUTS为树节点的最大等分数。Wherein, the pipeline tree search module is used to receive the keyword of the network packet, and search the first K layers of the tree structure. As an embodiment of the present invention, K can be selected according to the characteristics of the tree. If MAX_CUTS is small and the tree depth is deep, K can take a slightly larger value. If MAX_CUTS is large and the tree depth is shallow, K can be small. The value of , where MAX_CUTS is the maximum equal fraction of tree nodes.

如图3所示为根据本发明的一个实施例的K=2时的流水线树搜索模块的结构示意图,该实施包括:第一层节点寄存器;第二层节点存储器;第一层节点搜索模块;第二层节点搜索模块;以及控制模块。As shown in Figure 3, it is a schematic structural diagram of a pipeline tree search module when K=2 according to an embodiment of the present invention, the implementation includes: a first-level node register; a second-level node memory; a first-level node search module; a second layer node search module; and a control module.

其中,第一层节点寄存器用于存储第一层节点,因为第一层节点为根节点,只有一个节点,不需要地址,因此存放在寄存器中。Among them, the first-level node register is used to store the first-level node, because the first-level node is the root node, there is only one node, and no address is needed, so it is stored in the register.

第一层节点搜索模块用于接收网络包的关键字,访问第一层节点寄存器,对根节点进行搜索,将关键字、下一节点地址,线性比较信息和流标识符输出到第一层节点搜索模块。The first layer node search module is used to receive the keyword of the network packet, access the first layer node register, search the root node, and output the keyword, the next node address, the linear comparison information and the flow identifier to the first layer node Search for modules.

第二层节点搜索模块用于接收根节点搜索模块输出,访问第二层节点存储器模块,对第二层节点进行搜索,将关键字、下一节点地址和线性比较信息和/流标识符输出到控制模块。The second-layer node search module is used to receive the output of the root node search module, access the second-layer node memory module, search the second-layer node, and output keywords, next node addresses, linear comparison information and/or stream identifiers to control module.

控制模块用于接收第二层节点搜索模块的输出,输出网络包的网络包标识符和流标识符,或将关键字、下一节点地址和线性比较信息发送给空闲的分类核心。The control module is used to receive the output of the second layer node search module, output the network packet identifier and flow identifier of the network packet, or send the keyword, next node address and linear comparison information to the idle classification core.

作为本发明的一个实施例,节点存储器是双端口的存储器,其用于存储HiCuts树结构K层以后的节点信息。作为本发明的一个实施例,节点存储器两个端口都可读,至少一个端口可写,每个端口连接一个分类核心,其中一个可读可写的端口是复用的,在分类网络包时,与一个分类核心相连,输出树节点信息,在树结构进行更新时,与外部总线相连,接收外部输入的新的树结构信息。As an embodiment of the present invention, the node memory is a dual-port memory, which is used to store node information after the K level of the HiCuts tree structure. As an embodiment of the present invention, both ports of the node memory are readable, at least one port is writable, each port is connected to a classification core, and one of the readable and writable ports is multiplexed. When classifying network packets, It is connected with a sorting core to output tree node information, and when the tree structure is updated, it is connected to an external bus to receive new tree structure information input from the outside.

作为本发明的一个实施例,规则存储器是双端口的存储器,其用于存储线性规则。作为本发明的一个实施例,规则存储器需要两块存储器,包括规则上界存储器和规则下界存储器。规则上界存储器用于存储线性规则的上界。规则下界存储器用于存储线性规则的下界。每条规则上界的流标识符和规则下界的流标识符相同。为简便起见,将规则上界和规则下界统称线性规则。作为本发明的一个实施例,规则上界存储器和规则下界存储器两个端口都可读,至少一个端口可写,每个端口连接一个分类核心,其中一个可读可写的端口是复用的,在分类网络包时,与一个分类核心相连,输出规则。作为本发明的一个实施例,规则存储时同一子节点下的所有规则存储在线性规则存储器的一片连续的区域。规则存储器还可以包括规则更新模块,在添加或删除规则时,与外部总线相连,接收外部输入的新的线性规则。As an embodiment of the present invention, the rule memory is a dual-port memory for storing linear rules. As an embodiment of the present invention, the rule memory needs two memories, including a rule upper bound memory and a rule lower bound memory. The rule upper bound memory is used to store the upper bound of the linear rule. The rule lower bound memory is used to store the lower bound of the linear rule. The flow identifier of the upper bound of each rule is the same as the flow identifier of the lower bound of the rule. For simplicity, the rule upper bound and the rule lower bound are collectively referred to as linear rules. As an embodiment of the present invention, both ports of the rule upper bound memory and the rule lower bound memory are readable, at least one port is writable, each port is connected to a classification core, and one of the readable and writable ports is multiplexed. When classifying network packets, it is connected to a classification core and outputs rules. As an embodiment of the present invention, when the rules are stored, all the rules under the same child node are stored in a continuous area of the linear rule memory. The rule storage may also include a rule update module, which is connected to the external bus and receives new linear rules input from the outside when adding or deleting rules.

如图4所示为根据本发明的一个实施例的分类核心的结构示意图。该分类核心包括:标签分配模块、并行树搜索模块、并行线性规则比较模块和核心分类结果池。FIG. 4 is a schematic structural diagram of a classification core according to an embodiment of the present invention. The classification core includes: a label assignment module, a parallel tree search module, a parallel linear rule comparison module and a core classification result pool.

其中,标签分配模块用于接收流水线树搜索输出的关键字、下一节点地址和线性比较信息,给进入的每一个关键字分配一个标签,当关键字进入并行树搜索模块和并行线性规则比较模块时,存放在以标签为地址的缓存中,当需要读取关键字时,这个标签将作为缓存的地址。标签的总数是固定的,因此本模块也起着缓存控制功能,当标签分配完,表明缓存已满,不可再接收关键字。根据不同的输入,下一节点地址和相应的关键字及标签被送入并行树搜索模块中,线性比较信息和相应关键字及标签被送入并行线性比较模块中。作为本发明的一个示例,标签总数可以选取为16个,即标签的宽度为4位。Among them, the label allocation module is used to receive the keywords output by the pipeline tree search, the address of the next node and the linear comparison information, and assign a label to each keyword entered. When the keyword enters the parallel tree search module and the parallel linear rule comparison module When it is stored in the cache with the tag as the address, when the keyword needs to be read, the tag will be used as the address of the cache. The total number of tags is fixed, so this module also plays a cache control function. When the tags are allocated, it indicates that the cache is full and keywords can no longer be received. According to different inputs, the address of the next node and corresponding keywords and labels are sent to the parallel tree search module, and linear comparison information and corresponding keywords and labels are sent to the parallel linear comparison module. As an example of the present invention, the total number of tags can be selected as 16, that is, the width of the tag is 4 bits.

并行树搜索模块用于接收标签分配模块输出的标签、关键字和下一节点地址,根据下一节点地址访问节点存储器,进行树搜索,找到叶子节点,如果所述叶子节点为空节点,则将标签和默认流标识符输出到核心分类结果池,如果叶子节点为非空节点,则将标签和线性比较信息输出到并行线性规则比较模块。The parallel tree search module is used to receive the label, keyword and next node address output by the label distribution module, access the node memory according to the next node address, perform tree search, and find the leaf node, if the leaf node is an empty node, then the The label and default flow identifier are output to the core classification result pool, and if the leaf node is a non-empty node, the label and linear comparison information are output to the parallel linear rule comparison module.

并行线性规则比较模块用于接收标签分配模块和并行树搜索模块输出的标签、关键字和线性比较信息,访问规则存储器,生成与关键字相匹配的流标识符,将标签、网络包标识符和流标识符输出到核心分类结果池。The parallel linear rule comparison module is used to receive the labels, keywords and linear comparison information output by the label allocation module and the parallel tree search module, access the rule storage, generate flow identifiers that match keywords, and compare labels, network packet identifiers and Flow identifiers are output to the core classification result pool.

核心分类结果池接收并行树搜索模块输出的标签、网络包标识符和流标识符,将它们立即输出,接收并行线性规则比较模块输出的标签、网络包标识符和流标识符。作为本发明的一个实施例,核心分类结果池将它们暂存在一个FIFO(先入先出存储器)中,如可以为深度为16宽度为36位的FIFO,当并行树搜索模块不输出时,将FIFO中内容输出。标签被输出至标签分配模块,网络包标识符和流标识符被输出分类核心。The core classification result pool receives the labels, network packet identifiers and flow identifiers output by the parallel tree search module, outputs them immediately, and receives the labels, network packet identifiers and flow identifiers output by the parallel linear rule comparison module. As an embodiment of the present invention, the core classification result pool stores them temporarily in a FIFO (first-in-first-out memory), as can be the FIFO that depth is 16 and width is 36 bits, when parallel tree search module does not output, will FIFO content output. Labels are output to the label assignment module, and network packet identifiers and flow identifiers are output to the classification core.

在本发明的实施例中,并行树搜索模块和并行线性规则比较模块对存储器的访问都是只读方式,并且可编程逻辑器件或ASIC实现单端口和双端口存储器消耗的资源几乎相同。因此本发明的实施例将节点存储器和线性规则存储器设计为双端口的方式,采用两个相同的分类核心,在不增加存储器资源消耗的情况下提高了包处理能力一倍。当然,在其他的实施例中,也可以根据具体情况选择分类核心的数目。In the embodiment of the present invention, both the parallel tree search module and the parallel linear rule comparison module access the memory in a read-only manner, and the resources consumed by the single-port memory and the dual-port memory realized by the programmable logic device or ASIC are almost the same. Therefore, the embodiment of the present invention designs the node memory and the linear rule memory as a dual-port mode, uses two identical classification cores, and doubles the packet processing capability without increasing memory resource consumption. Of course, in other embodiments, the number of classification cores may also be selected according to specific conditions.

如图5所示为根据本发明的一个实施例的并行树搜索模块的结构示意图。并行树搜索模块用于根据输入的下一节点地址,继续进行树搜索,直到找到叶子节点,然后根据叶子节点的内容,输出流标识符或线性搜索信息。该并行树搜索模块包括树搜索关键字缓存器、标签和下一节点地址队列模块、树搜索引擎调度器和多个树搜索引擎。FIG. 5 is a schematic structural diagram of a parallel tree search module according to an embodiment of the present invention. The parallel tree search module is used to continue tree search according to the input next node address until a leaf node is found, and then output stream identifier or linear search information according to the content of the leaf node. The parallel tree search module includes a tree search keyword buffer, a label and next node address queue module, a tree search engine scheduler and multiple tree search engines.

其中,树搜索关键字缓存器用于接收并存储关键字。作为本发明的一个实施例,这是一个双端口的存储器,写入端口宽度为关键字域的最大宽度乘以关键字域的个数,读出端口宽度为关键字域的最大宽度,深度从写入端口计算,为标签的总数,它接收输入的关键字,将其每个域高位补零扩展为32位后存储在以标签为地址的位置。作为本发明的一个实施例,树搜索关键字缓存器为双端口存储器,写入端口宽度为256位,深度为16和标签总数相同,读出端口宽度为32位,深度为128。输入的关键字的域高位补零扩展为32位,6个域得到192位,再高位补64位零,得到256位。以标签为地址,写入树关键字缓存中。Wherein, the tree search keyword buffer is used to receive and store keywords. As an embodiment of the present invention, this is a dual-port memory, the write port width is the maximum width of the key field multiplied by the number of key fields, the read port width is the maximum width of the key field, and the depth is from The write port calculation is the total number of tags, it receives the input keyword, and expands the high bit of each field to 32 bits, and then stores it at the address of the tag. As an embodiment of the present invention, the tree search keyword buffer is a dual-port memory, the write port width is 256 bits, and the depth is 16 equal to the total number of tags, and the read port width is 32 bits, and the depth is 128. The high-order field of the input keyword is expanded to 32 bits with zero padding, and 192 bits are obtained for 6 fields, and 64-bit zeros are added to the high-order field to obtain 256 bits. Take the label as the address and write it into the tree key cache.

标签和下一节点地址队列模块用于存储标签和下一节点地址。作为本发明的一个实施例,标签和下一节点地址队列模块按先入先出的顺序存放输入的标签和下一节点地址。作为本发明的一个实施例,标签和下一节点地址队列模块为深度为16的FIFO,存放标签、下一节点地址和网络包标识符。The label and next node address queue module is used to store labels and next node addresses. As an embodiment of the present invention, the label and next node address queue module stores input labels and next node addresses in a first-in first-out order. As an embodiment of the present invention, the label and next node address queue module is a FIFO with a depth of 16, storing labels, next node addresses and network packet identifiers.

树搜索引擎调度器用于控制多个树搜索引擎,当存在空闲的树搜索引擎且标签和下一节点地址队列模块不为空时,将标签和下一节点地址输入至空闲的树搜索引擎,启动树搜索引擎。作为本发明的一个实施例,树搜索引擎调度器循环依次查询多个树搜索引擎的状态,如果引擎处于空闲状态,则从标签和下一节点地址队列模块中读取一个标签、下一节点地址和网络包标识符,送入该树搜索引擎中,并启动该树搜索引擎。The tree search engine scheduler is used to control multiple tree search engines. When there is an idle tree search engine and the label and the next node address queue module are not empty, the label and the next node address are input to the idle tree search engine to start Tree search engine. As an embodiment of the present invention, the tree search engine scheduler circulates and inquires the states of a plurality of tree search engines in turn, if the engine is in an idle state, then reads a label, the next node address from the label and the next node address queue module and the network packet identifier are sent to the tree search engine, and the tree search engine is started.

树搜索引擎用于在树搜索引擎调度器的控制下启动,根据输入的标签和下一节点地址访问树搜索关键字缓存器和节点存储器,从树搜索关键字缓存器中读出关键字的域,搜索树结构直到叶子节点,根据叶子节点的类型,输出标签、网络包标识符、默认流标识符或线性比较信息。在树搜索引擎调度器控制下,每个树搜索引擎错开访问树搜索关键字缓存和节点存储器。The tree search engine is used to start under the control of the tree search engine scheduler, accesses the tree search keyword buffer and node memory according to the input label and the next node address, and reads out the domain of the keyword from the tree search keyword buffer , search the tree structure until the leaf node, and output the label, network packet identifier, default flow identifier or linear comparison information according to the type of leaf node. Under the control of the tree search engine scheduler, each tree search engine staggers access to the tree search key cache and node memory.

作为本发明的一个实施例,图5中示出了6个树搜索引擎,但是这仅仅是本发明的一个示例,在实际应用中,可以根据情况增减树搜索引擎的数目。As an embodiment of the present invention, FIG. 5 shows 6 tree search engines, but this is only an example of the present invention. In practical applications, the number of tree search engines can be increased or decreased according to the situation.

以6个树搜索引擎作为示例进行说明,树搜索引擎1到树搜索引擎6是结构相同的六个树搜索引擎。内部有一个6位的循环移位寄存器,引擎停止时寄存器值为0x1,引擎被启动以后开始向高位循环移位,引擎在移位寄存器的控制下依次完成树搜索的各步骤。引擎工作过程如下:Taking six tree search engines as an example for illustration, tree search engine 1 to tree search engine 6 are six tree search engines with the same structure. There is a 6-bit circular shift register inside. When the engine is stopped, the register value is 0x1. After the engine is started, it starts to rotate to the high bit. The engine completes the steps of the tree search in sequence under the control of the shift register. The engine works as follows:

(1)寄存器为0x2时输出下一节点地址至节点存储器;(1) Output the next node address to the node memory when the register is 0x2;

(2)寄存器为0x4时输出标签。此时节点存储器输出节点。标签作为高4位,节点的分割域组合作为低3位,送至关键字缓存器作为读地址。节点同时也送至引擎,如果为非空叶子节点,则输出标签和线性比较信息,如果为空叶子节点则输出标签和默认流标识符,树搜索结束,引擎进入空闲状态,等待调度引擎的下一次启动。如果为中间节点,则继续(3)。(2) Output label when the register is 0x4. At this point the node memory outputs the node. The label is used as the upper 4 bits, and the combination of the split fields of the node is used as the lower 3 bits, which are sent to the key register as the read address. The node is also sent to the engine at the same time. If it is a non-empty leaf node, it will output the label and linear comparison information. If it is an empty leaf node, it will output the label and the default flow identifier. After the tree search is over, the engine enters an idle state and waits for the next step of the scheduling engine. Start once. If it is an intermediate node, continue with (3).

(3)寄存器为0x10时,关键字缓存输出的域被送入引擎,经过计算,得到下一节点地址,然后跳转到(1)执行。(3) When the register is 0x10, the field output by the keyword cache is sent to the engine, and after calculation, the address of the next node is obtained, and then jumps to (1) for execution.

由于对树的一层搜索需要访问节点存储器一次,然后花费多个时钟计算出下一节点地址,如果采用单个的树搜索引擎在计算下一节点地址时存储器处于空闲状态,导致存储器利用效率较低。本发明的实施例采用多个树搜索引擎,在各自的移位寄存器的控制下运行。引擎调度器启动它们的时刻不同,因此它们访问树存储器是错开的,在一个引擎计算下一节点地址的等待过程中可以让其他引擎访问存储器,这种设计提高了节点存储器的效率。Since the layer search of the tree needs to visit the node memory once, and then spend multiple clocks to calculate the address of the next node, if a single tree search engine is used to calculate the address of the next node, the memory is idle, resulting in low memory utilization efficiency . Embodiments of the present invention employ multiple tree search engines, operating under the control of respective shift registers. The engine scheduler starts them at different times, so their access to the tree memory is staggered, and other engines can access the memory while one engine is waiting to calculate the address of the next node. This design improves the efficiency of the node memory.

如图6所示为本发明的并行线性规则比较模块的一个实施例的结构示意图。并行线性规则比较模块根据输入的线性比较信息,找到叶子节点下规则在规则存储器存放位置,从中读出规则,和关键字一一比较,如果找到相匹配的规则,输出规则流标识符作为分类结果,否则输出默认的流标识符。该并行线性规则比较模块包括线性比较关键字缓存器、第一标签和线性比较信息队列模块、第二标签和线性比较信息队列模块、线性比较引擎调度器、多个线性比较引擎和规则比较器。FIG. 6 is a schematic structural diagram of an embodiment of the parallel linear rule comparison module of the present invention. The parallel linear rule comparison module finds the storage location of the rules under the leaf node in the rule memory according to the input linear comparison information, reads the rules from it, and compares them with keywords one by one. If a matching rule is found, the rule flow identifier is output as the classification result , otherwise output the default stream identifier. The parallel linear comparison module includes a linear comparison keyword buffer, a first label and linear comparison information queue module, a second label and linear comparison information queue module, a linear comparison engine scheduler, a plurality of linear comparison engines and a rule comparator.

其中,线性比较关键字缓存器用于接收输入的关键字,将其存储在以标签为地址的位置。作为本发明的一个实施例,线性比较关键字缓存器是一个双端口的存储器,写入端口和读出端口宽度相同,为关键字的宽度,如128位,深度为标签总数,如16,它接收输入的关键字,将其存储在以标签为地址的位置。Wherein, the linear comparison keyword buffer is used to receive the input keyword, and store it in the location with the label as the address. As an embodiment of the present invention, the linear comparison keyword register is a dual-port memory, and the write port and the read port width are the same, which is the width of the keyword, such as 128 bits, and the depth is the total number of labels, such as 16. Receives the entered keyword and stores it at the location addressed by the label.

第一标签和线性比较信息队列模块用于存放标签分配模块输入的标签和线性比较信息,按先入先出的顺序存放标签分配模块输入的标签和线性比较信息。The first label and linear comparison information queue module is used to store the label and linear comparison information input by the label allocation module, and store the label and linear comparison information input by the label allocation module in a first-in first-out order.

第二标签和线性比较信息队列模块用于存放树搜索模块输入的标签和线性比较信息,按先入先出的顺序存放树搜索模块输入的标签和线性比较信息。The second tag and linear comparison information queue module is used to store the tags and linear comparison information input by the tree search module, and store the tags and linear comparison information input by the tree search module in a first-in first-out order.

作为本发明的一个实施例,第一和第二标签和比较信息队列模块都是深度为16的FIFO。As an embodiment of the present invention, the first and second tag and comparison information queue modules are FIFOs with a depth of 16.

线性比较引擎调度器用于控制多个线性比较引擎,当存在空闲的线性比较引擎并且第一标签和线性比较信息队列模块或第二标签和线性比较信息队列模块中至少有一个非空时,将标签和线性比较信息输出至空闲的线性比较引擎,启动该空闲的线性比较引擎。The linear comparison engine scheduler is used to control multiple linear comparison engines. When there is an idle linear comparison engine and at least one of the first label and the linear comparison information queue module or the second label and the linear comparison information queue module is not empty, the label The sum linear comparison information is output to the idle linear comparison engine, and the idle linear comparison engine is started.

作为本发明的一个实施例,线性比较引擎调度器循环依次查询多个线性比较引擎的状态,如果线性比较引擎处于空闲状态,且队列模块中至少有一个不为空,则从队列模块中读取一个标签和线性比较信息送入该线性比较引擎中,并启动该线性比较引擎。读取队列模块时,先读取第一队列模块,如果第一队列模块为空才读取第二队列模块。As an embodiment of the present invention, the linear comparison engine scheduler loops and inquires the states of a plurality of linear comparison engines in turn, if the linear comparison engine is in an idle state, and at least one of the queue modules is not empty, then read from the queue module A tag and line comparison information are fed into the line comparison engine, and the line comparison engine is started. When reading the queue module, read the first queue module first, and only read the second queue module if the first queue module is empty.

线性比较引擎用于在线性比较引擎调度器控制下,根据标签访问线性比较关键字缓存器以及根据线性比较信息访问规则存储器,接收规则比较器的线性规则比较结果,直到找到与关键字相匹配的线性规则或比较完叶子节点下的所有规则,得到与关键字相匹配的流标识符,输出标签、网络包标识符和流标识符。作为本发明的一个实施例,线性比较引擎输出接收的标签作为线性比较关键字缓存器的读地址,根据线性比较信息输出线性规则存储器的读地址,接收规则比较器的比较结果,如果结果为规则不匹配关键字,则将线性规则存储器的读地址加1输出,直到找到匹配的规则或比较完叶子节点下的所有规则,得到分类结果,输出标签、网络包标识符和流标识符,在线性比较引擎调度器控制下每个引擎错开输出线性比较关键字缓存和线性规则存储器的读地址。The linear comparison engine is used to access the linear comparison keyword buffer according to the label and the rule storage according to the linear comparison information under the control of the linear comparison engine scheduler, and receive the linear rule comparison result of the rule comparator until finding the one matching the keyword Linear rules or all rules under the leaf nodes are compared to obtain the flow identifier matching the keyword, and output the label, network packet identifier and flow identifier. As an embodiment of the present invention, the linear comparison engine outputs the received label as the read address of the linear comparison keyword buffer, outputs the read address of the linear rule memory according to the linear comparison information, receives the comparison result of the rule comparator, and if the result is a rule If the keyword is not matched, the read address of the linear rule storage is increased by 1 and output until a matching rule is found or all rules under the leaf nodes are compared, the classification result is obtained, and the label, network packet identifier and flow identifier are output, and the online Under the control of the comparison engine scheduler, each engine staggers and outputs the read addresses of the linear comparison keyword cache and the linear rule memory.

规则比较器用于接收线性比较关键字缓存器输出的关键字,与规则存储器输出的线性规则相比较,如果关键字的各个域小于等于规则上界的各个域并且大于等于规则下界的各个域,则该关键字和该规则相匹配。将线性规则比较结果输出到线性比较引擎。The rule comparator is used to receive the keywords output by the linear comparison keyword buffer, compare them with the linear rules output by the rule memory, if each domain of the keyword is less than or equal to each domain of the upper bound of the rule and greater than or equal to each domain of the lower bound of the rule, then The keyword matches the rule. Output the linear rule comparison result to the linear comparison engine.

下面以6个线性比较引擎作为示例进行说明。线性比较引擎1到线性比较引擎6是结构相同的六个线性比较引擎。内部有一个6位的循环移位寄存器,引擎停止时寄存器为0x1,引擎被启动后开始向高位循环移位,引擎在移位寄存器的控制下依次完成线性比较的各步骤。引擎内部还有一个规则计数器记录已比较的规则个数,引擎停止时计数器值为0。引擎工作过程如下:The following uses six linear comparison engines as examples for illustration. Linear comparison engine 1 to linear comparison engine 6 are six linear comparison engines with the same structure. There is a 6-bit circular shift register inside. When the engine is stopped, the register is 0x1. After the engine is started, it starts to rotate to the high bit. The engine completes the steps of linear comparison in sequence under the control of the shift register. There is also a rule counter inside the engine to record the number of compared rules, and the counter value is 0 when the engine stops. The engine works as follows:

(1)寄存器为0x2时输出规则地址至线性规则存储器,输出标签作为关键字存储器的读端口地址,同时规则计数器加1。(1) When the register is 0x2, output the rule address to the linear rule memory, output the label as the read port address of the keyword memory, and increase the rule counter by 1 at the same time.

(2)寄存器为0x8时规则从规则存储器中送出,关键字从关键字缓存器中送出。网络包标识符和流标识符被送入引擎中暂存。规则和关键字送入规则比较器中比较。(2) When the register is 0x8, the rule is sent from the rule memory, and the keyword is sent from the keyword buffer. Network packet identifiers and flow identifiers are sent to the engine for staging. Rules and keywords are fed into the rule comparator for comparison.

(3)寄存器为0x10时,规则比较器结果输出,送入至引擎。如果规则匹配则执行4),否则将规则地址加1重复执行1)至3)。(3) When the register is 0x10, the result of the rule comparator is output and sent to the engine. If the rule matches, execute 4), otherwise add 1 to the rule address and execute 1) to 3) repeatedly.

(4)寄存器为0x20时,如果规则相匹配则输出网络包标识符和规则标识符,或则规则计数器等于叶子节点规则数,则输出网络包标识符和默认流标识符,同时输出标签。(4) When the register is 0x20, if the rule matches, output the network packet identifier and the rule identifier, or the rule counter is equal to the number of leaf node rules, then output the network packet identifier and the default flow identifier, and output the label at the same time.

如并行树搜索模块使用多个个树搜索引擎原理一样,使用多个线性比较引擎提高了规则上界存储器和规则下界存储器的效率。Just as the principle of using multiple tree search engines in the parallel tree search module, using multiple linear comparison engines improves the efficiency of the regular upper bound storage and the regular lower bound storage.

本发明的一个实施例提出了一种网络包分类的方法,包括以下步骤:One embodiment of the present invention proposes a kind of method of network packet classification, comprises the following steps:

流水线树搜索模块接收网络包的关键字,对树结构的前K层进行搜索,将搜索得到的下一节点地址和线性比较信息以及所述关键字发送给分类核心和/或输出网络包标识符和流标识符,其中K为正整数;The pipeline tree search module receives the keyword of the network packet, searches the first K layers of the tree structure, and sends the next node address and linear comparison information and the keyword obtained by the search to the classification core and/or output network packet identifier and stream identifier, where K is a positive integer;

分类核心接收流水线树搜索模块输出的关键字、下一节点地址和线性比较信息,访问节点存储器和规则存储器,对树结构的K层以下的部分进行搜索并进行线性规则比较,输出网络包标识符和流标识符,其中,节点存储器用于存储树结构的K层以后的节点信息,规则存储器用于存储线性比较规则。The classification core receives the keyword, next node address and linear comparison information output by the pipeline tree search module, accesses the node memory and the rule memory, searches the part below the K layer of the tree structure and performs linear rule comparison, and outputs the network packet identifier and stream identifiers, wherein the node storage is used to store node information after the K level of the tree structure, and the rule storage is used to store linear comparison rules.

本发明在分类时间和占用空间上有着很好的表现。如图7所示为根据本发明的一个实施例的占用空间随规则数增加而变化的曲线,该曲线呈线性增长,说明本发明的实施例的设备在规则增加时占用空间增长较缓。如图8所示为根据本发明的一个实施例的设备的分类速度随规则数增加而变化的曲线,可以看出在大量规则情况下,设备仍然有很高的包分类速度,如25K个规则时,达到了每秒90M个包头的分类速度,按平均包头长度330字节计算,包处理能力为237Gbps,最小包头长度40字节计算,包处理能力为28.8Gbps。The present invention has good performance in classification time and space occupation. As shown in FIG. 7 , the occupied space varies with the increase of the number of rules according to an embodiment of the present invention. The curve increases linearly, indicating that the occupied space of the device according to the embodiment of the present invention increases slowly when the rules increase. As shown in Figure 8, it is the curve that the classification speed of the device according to an embodiment of the present invention changes with the increase of the number of rules. It can be seen that in the case of a large number of rules, the device still has a very high packet classification speed, such as 25K rules At this time, the classification speed of 90M headers per second has been achieved. Calculated based on the average header length of 330 bytes, the packet processing capability is 237Gbps, and the minimum header length is 40 bytes, and the packet processing capability is 28.8Gbps.

尽管已经示出和描述了本发明的实施例,对于本领域的普通技术人员而言,可以理解在不脱离本发明的原理和精神的情况下可以对这些实施例进行多种变化、修改、替换和变型,本发明的范围由所附权利要求及其等同限定。Although the embodiments of the present invention have been shown and described, those skilled in the art can understand that various changes, modifications and substitutions can be made to these embodiments without departing from the principle and spirit of the present invention. and modifications, the scope of the invention is defined by the appended claims and their equivalents.

Claims (12)

1.一种网络包分类设备,其特征在于,包括流水线树搜索模块、分类核心、节点存储器和规则存储器,1. A network packet classification device, characterized in that, comprises a pipeline tree search module, a classification core, a node memory and a rule memory, 所述流水线树搜索模块用于接收网络包的关键字,对树结构的前K层进行搜索,将搜索得到的下一节点地址和线性比较信息以及所述关键字发送给所述分类核心或输出网络包标识符和流标识符,其中K为正整数;The pipeline tree search module is used to receive the keyword of the network packet, search the first K layers of the tree structure, and send the next node address and linear comparison information obtained by searching and the keyword to the classification core or output Network packet identifier and flow identifier, where K is a positive integer; 所述分类核心用于接收所述流水线树搜索模块输出的所述关键字、下一节点地址和线性比较信息,访问所述节点存储器和规则存储器,对所述树结构的K层以下的部分进行搜索并进行线性规则比较,输出所述网络包标识符和流标识符;The classification core is used to receive the keyword, the next node address and linear comparison information output by the pipeline tree search module, access the node memory and the rule memory, and perform Searching and performing linear rule comparison, outputting the network packet identifier and flow identifier; 所述节点存储器用于存储所述树结构的K层以后的节点信息;The node memory is used to store node information after the K layer of the tree structure; 所述规则存储器用于存储线性比较规则。The rule memory is used to store linear comparison rules. 2.根据权利要求1所述的网络包分类设备,其特征在于,所述流水线树搜索模块包括根节点寄存器、K-1个单层节点存储器模块、根节点搜索模块、K-1个节点搜索模块以及控制模块,其中,2. The network packet classification device according to claim 1, wherein the pipeline tree search module includes a root node register, K-1 single-layer node memory modules, a root node search module, and K-1 node search modules. module and control module, where, 所述根节点寄存器用于存放所述树结构的根节点信息;The root node register is used to store the root node information of the tree structure; 所述K-1个单层节点存储器模块包括第二层单层节点存储器模块到第K层单层节点存储器模块,其中每个所述单层节点存储器模块用于存储所述树结构的前K层除根节点之外的其中一层节点的节点信息;The K-1 single-layer node memory modules include the second-layer single-layer node memory module to the Kth layer single-layer node memory module, wherein each of the single-layer node memory modules is used to store the first K of the tree structure Node information of one of the layer nodes except the root node; 所述根节点搜索模块用于接收所述关键字,访问所述根节点寄存器,对根节点进行搜索,将所述关键字以及搜索得到的下一节点地址、线性比较信息和/或所述关键字的流标识符发送到所述K-1个节点搜索模块;The root node search module is configured to receive the keyword, access the root node register, search the root node, and search for the keyword, the next node address, linear comparison information and/or the key The flow identifier of the word is sent to the K-1 node search modules; 所述K-1个节点搜索模块包括相级联的第二层节点搜索模块到第K层节点搜索模块,每个所述节点搜索模块用于接收所述根节点搜索模块或上一层节点搜索模块发送的所述关键字以及下一节点地址、线性比较信息和/或所述关键字的流标识符,从相应的所述单层节点存储器模块中取出相应的节点,对其进行搜索,并将搜索结果发送到下一层节点搜索模块;其中所述第K层节点搜索模块用于将所述关键字以及搜索得到的下一节点地址、线性比较信息和/或流标识符发送给所述控制模块;The K-1 node search modules include cascaded second layer node search modules to the Kth layer node search module, each of the node search modules is used to receive the root node search module or the upper layer node search module The keyword and the next node address, linear comparison information and/or the stream identifier of the keyword sent by the module, fetch the corresponding node from the corresponding single-layer node memory module, search it, and Send the search result to the next layer node search module; wherein the Kth layer node search module is used to send the keyword and the searched next node address, linear comparison information and/or stream identifier to the control module; 所述控制模块用于接收所述第K层节点搜索模块发送的所述关键字以及下一节点地址、线性比较信息和/或流标识符,输出所述网络包标识符和流标识符或将所述关键字、下一节点地址和线性比较信息发送给所述分类核心。The control module is configured to receive the keyword and the next node address, linear comparison information and/or flow identifier sent by the K-th layer node search module, and output the network packet identifier and flow identifier or will The key, next node address and linear comparison information are sent to the sorting core. 3.根据权利要求1所述的网络包分类设备,其特征在于,所述分类核心包括标签分配模块、并行树搜索模块、并行线性规则比较模块和核心分类结果池,其中,3. The network packet classification device according to claim 1, wherein the classification core comprises a label assignment module, a parallel tree search module, a parallel linear rule comparison module and a core classification result pool, wherein, 所述标签分配模块用于接收所述流水线树搜索模块输出的所述关键字、下一节点地址和线性比较信息,给每一个所述关键字分配一个标签,将所述标签、关键字和下一节点地址发送给所述并行树搜索模块,并将所述标签、关键字和线性比较信息发送给所述并行线性规则比较模块,以及接收所述核心分类结果池送回的标签并循环使用;The label allocation module is used to receive the keywords, next node address and linear comparison information output by the pipeline tree search module, assign a label to each of the keywords, and combine the labels, keywords and next A node address is sent to the parallel tree search module, and the label, keyword and linear comparison information are sent to the parallel linear rule comparison module, and the label returned by the core classification result pool is received and recycled; 所述并行树搜索模块用于接收所述标签分配模块发送的所述标签、关键字和下一节点地址,根据所述下一节点地址访问所述节点存储器,进行树搜索,找到叶子节点,如果所述叶子节点为空节点,则输出所述标签和默认流标识符,如果所述叶子节点为非空节点,则将所述标签和线性比较信息发送到所述并行线性规则比较模块;The parallel tree search module is used to receive the label, keyword and next node address sent by the label allocation module, access the node memory according to the next node address, perform a tree search, and find a leaf node, if The leaf node is an empty node, then output the label and the default flow identifier, if the leaf node is a non-empty node, then send the label and linear comparison information to the parallel linear rule comparison module; 所述并行线性规则比较模块用于接收所述标签分配模块和所述并行树搜索模块发送的标签,关键字和线性比较信息,访问所述规则存储器,生成与所述关键字相匹配的流标识符,将所述标签、网络包标识符和流标识符发送到所述核心分类结果池;The parallel linear rule comparison module is used to receive the labels, keywords and linear comparison information sent by the label allocation module and the parallel tree search module, access the rule storage, and generate flow identifiers matching the keywords character, sending the label, network packet identifier and flow identifier to the core classification result pool; 所述核心分类结果池用于接收所述并行树搜索模块和所述并行线性规则比较模块发送的所述标签、网络包标识符和流标识符,将所述标签发送到所述标签分配模块,并输出所述网络包标识符和流标识符。The core classification result pool is used to receive the label, network packet identifier and flow identifier sent by the parallel tree search module and the parallel linear rule comparison module, and send the label to the label assignment module, And output the network packet identifier and flow identifier. 4.根据权利要求3所述的网络包分类设备,其特征在于,所述并行树搜索模块包括树搜索关键字缓存器、标签和下一节点地址队列模块、树搜索引擎调度器和多个树搜索引擎,其中,4. The network packet classification device according to claim 3, wherein the parallel tree search module includes a tree search keyword buffer, a label and a next node address queue module, a tree search engine scheduler and a plurality of tree search engines search engine, where 所述树搜索关键字缓存器用于存储所述标签分配模块发送的所述关键字;The tree search keyword buffer is used to store the keyword sent by the label assignment module; 所述标签和下一节点地址队列模块用于存储所述标签分配模块发送的所述标签和下一节点地址;The label and next node address queue module is used to store the label and the next node address sent by the label allocation module; 所述树搜索引擎调度器用于控制所述多个树搜索引擎,当存在空闲的树搜索引擎且所述标签和下一节点地址队列模块不为空时,读出所述标签和下一节点地址队列模块中的一个标签和下一节点地址发送到所述空闲的树搜索引擎,启动所述空闲的树搜索引擎;The tree search engine scheduler is used to control the plurality of tree search engines, and when there is an idle tree search engine and the label and the next node address queue module are not empty, read out the label and the next node address A label and the next node address in the queue module are sent to the idle tree search engine, and the idle tree search engine is started; 所述树搜索引擎用于在所述树搜索引擎调度器的控制下启动,根据所述标签和下一节点地址访问所述树搜索关键字缓存器和所述节点存储器,从所述树搜索关键字缓存器中读出所述关键字的域,搜索所述树结构直到叶子节点,如果所述叶子节点为空节点,则输出所述标签、网络包标识符和默认流标识符,如果叶子节点为非空节点,则输出所述标签和线性比较信息。The tree search engine is used to start under the control of the tree search engine scheduler, access the tree search key buffer and the node memory according to the label and the next node address, and search the key from the tree Read the domain of the keyword in the word buffer, search the tree structure until the leaf node, if the leaf node is an empty node, then output the label, network packet identifier and default flow identifier, if the leaf node is a non-empty node, then output the label and linear comparison information. 5.根据权利要求4所述的网络包分类设备,其特征在于,所述树搜索关键字缓存器为双端口存储器。5. The network packet classification device according to claim 4, wherein the tree search keyword buffer is a dual-port memory. 6.根据权利要求3所述的网络包分类设备,其特征在于,所述并行线性规则比较模块包括线性比较关键字缓存器、第一标签和线性比较信息队列模块、第二标签和线性比较信息队列模块、规则比较器、线性比较引擎调度器和多个线性比较引擎,其中,6. The network packet classification device according to claim 3, wherein the parallel linear rule comparison module comprises a linear comparison keyword cache, a first label and a linear comparison information queue module, a second label and a linear comparison information queue module, rule comparator, linear comparison engine scheduler and multiple linear comparison engines, where, 所述线性比较关键字缓存器用于接收所述并行树搜索模块发送的所述关键字;The linear comparison keyword buffer is used to receive the keyword sent by the parallel tree search module; 所述第一标签和线性比较信息队列模块用于存放所述标签分配模块发送的所述标签和线性比较信息;The first label and linear comparison information queue module is used to store the label and linear comparison information sent by the label allocation module; 所述第二标签和线性比较信息队列模块用于存放所述树搜索模块发送的所述标签和线性比较信息;The second label and linear comparison information queue module is used to store the label and linear comparison information sent by the tree search module; 所述线性比较引擎调度器用于控制所述多个线性比较引擎,当存在空闲的线性比较引擎并且所述第一标签和线性比较信息队列模块和所述第二标签和线性比较信息队列模块中至少有一个非空时,将所述标签和线性比较信息发送到所述空闲的线性比较引擎,启动所述空闲的线性比较引擎;The linear comparison engine scheduler is used to control the plurality of linear comparison engines, when there is an idle linear comparison engine and at least one of the first label and linear comparison information queue module and the second label and linear comparison information queue module When there is a non-empty one, send the label and linear comparison information to the idle linear comparison engine, and start the idle linear comparison engine; 所述线性比较引擎用于在所述线性比较引擎调度器的控制下,根据所述标签访问所述线性比较关键字缓存器,根据所述线性比较信息访问所述线性规则存储器,接收所述规则比较器的比较结果,直到找到与所述关键字相匹配的规则或比较完叶子节点下的所有规则,得到与所述关键字相匹配的流标识符或默认流标识符,输出所述标签、网络包标识符和流标识符;The linear comparison engine is configured to, under the control of the linear comparison engine scheduler, access the linear comparison keyword buffer according to the label, access the linear rule storage according to the linear comparison information, and receive the rule The comparison result of the comparator, until the rule matching the keyword is found or all the rules under the leaf node are compared, the flow identifier or default flow identifier matching the keyword is obtained, and the label, Network packet identifiers and flow identifiers; 所述规则比较器用于接收所述线性比较关键字缓存器发送的所述关键字,与所述线性规则存储器输出的规则相比较,将比较结果发送到所述线性比较引擎。The rule comparator is used to receive the key sent by the linear comparison key buffer, compare it with the rule output by the linear rule memory, and send the comparison result to the linear comparison engine. 7.根据权利要求6所述的网络包分类设备,其特征在于,所述线性比较关键字缓存器为双端口存储器。7. The network packet classification device according to claim 6, wherein the linear comparison key buffer is a dual-port memory. 8.根据权利要求1所述的网络包分类设备,其特征在于,所述节点存储器和规则存储器中至少一个为双端口存储器。8. The network packet classification device according to claim 1, wherein at least one of the node memory and the rule memory is a dual-port memory. 9.根据权利要求1所述的网络包分类设备,其特征在于,还包括:9. The network packet classification device according to claim 1, further comprising: 分类结果汇总模块,其与所述流水线树搜索模块和所述分类核心连接,用于接收所述流水线树搜索模块和所述分类核心产生的所述流标识符,输出分类结果。A classification result summarization module, connected to the pipeline tree search module and the classification core, for receiving the flow identifier generated by the pipeline tree search module and the classification core, and outputting a classification result. 10.根据权利要求1所述的网络包分类设备,其特征在于,所述分类核心包括至少两个分类核心,10. The network packet classification device according to claim 1, wherein the classification core comprises at least two classification cores, 所述流水线树搜索模块还用于将所述关键字、下一节点地址和线性比较信息发送给空闲的所述分类核心。The pipeline tree search module is also used to send the keyword, next node address and linear comparison information to the idle classification core. 11.根据权利要求1-10任一项所述的网络包分类设备,其特征在于,所述网络包分类设备集成在单芯片中。11. The network packet classification device according to any one of claims 1-10, characterized in that, the network packet classification device is integrated in a single chip. 12.一种网络包分类的方法,其特征在于,包括以下步骤:12. A method for network packet classification, characterized in that, comprising the following steps: 流水线树搜索模块接收网络包的关键字,对树结构的前K层进行搜索,将搜索得到的下一节点地址和线性比较信息以及所述关键字发送给分类核心或输出网络包标识符和流标识符,其中K为正整数;The pipeline tree search module receives the keyword of the network packet, searches the first K layers of the tree structure, and sends the next node address and linear comparison information and the keyword obtained by the search to the classification core or outputs the network packet identifier and flow Identifier, where K is a positive integer; 所述分类核心接收所述流水线树搜索模块输出的所述关键字、下一节点地址和线性比较信息,访问节点存储器和规则存储器,对所述树结构的K层以下的部分进行搜索并进行线性规则比较,输出所述网络包标识符和流标识符,其中,所述节点存储器用于存储所述树结构的K层以后的节点信息,所述规则存储器用于存储线性比较规则。The classification core receives the keyword, the next node address and the linear comparison information output by the pipeline tree search module, accesses the node memory and the rule memory, searches the part below the K layer of the tree structure and performs linear Rule comparison, outputting the network packet identifier and flow identifier, wherein the node storage is used to store node information after the K level of the tree structure, and the rule storage is used to store linear comparison rules.
CN2009102036628A 2009-06-09 2009-06-09 Equipment and method for classifying network packet Expired - Fee Related CN101645852B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2009102036628A CN101645852B (en) 2009-06-09 2009-06-09 Equipment and method for classifying network packet

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2009102036628A CN101645852B (en) 2009-06-09 2009-06-09 Equipment and method for classifying network packet

Publications (2)

Publication Number Publication Date
CN101645852A CN101645852A (en) 2010-02-10
CN101645852B true CN101645852B (en) 2011-06-15

Family

ID=41657574

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2009102036628A Expired - Fee Related CN101645852B (en) 2009-06-09 2009-06-09 Equipment and method for classifying network packet

Country Status (1)

Country Link
CN (1) CN101645852B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108491535B (en) * 2018-03-29 2023-04-07 北京小米移动软件有限公司 Information classified storage method and device
CN110830376B (en) * 2019-11-05 2021-11-09 苏州盛科科技有限公司 INT message processing method and device
CN116050956B (en) * 2022-06-17 2023-09-26 南京云次方信息技术有限公司 Cross-border E-commerce logistics freight calculation system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1674557A (en) * 2005-04-01 2005-09-28 清华大学 Parallel IP packet sorter matched with settling range based on TCAM and method thereof
CN101141389A (en) * 2007-09-29 2008-03-12 华为技术有限公司 Reinforcement multidigit Trie tree searching method and apparatus

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1674557A (en) * 2005-04-01 2005-09-28 清华大学 Parallel IP packet sorter matched with settling range based on TCAM and method thereof
CN101141389A (en) * 2007-09-29 2008-03-12 华为技术有限公司 Reinforcement multidigit Trie tree searching method and apparatus

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
戴雪龙等.层压缩树包分类算法研究.《小型微型计算机系统》.2006,第27卷(第6期),1023-1028. *
戴雪龙等.并行层压缩树包分类算法.《中国科学技术大学学报》.2006,第36卷(第3期),297-303. *

Also Published As

Publication number Publication date
CN101645852A (en) 2010-02-10

Similar Documents

Publication Publication Date Title
US10764181B2 (en) Pipelined evaluations for algorithmic forwarding route lookup
US7606236B2 (en) Forwarding information base lookup method
Taylor Survey and taxonomy of packet classification techniques
US6775737B1 (en) Method and apparatus for allocating and using range identifiers as input values to content-addressable memories
Van Lunteren et al. Fast and scalable packet classification
US10511532B2 (en) Algorithmic longest prefix matching in programmable switch
KR100477391B1 (en) Full match(fm) search algorithm implementation for a network processor
US8966152B2 (en) On-chip memory (OCM) physical bank parallelism
US7149216B1 (en) M-trie based packet processing
US10229144B2 (en) NSP manager
CN104050041B (en) Scheduling Method and Apparatus for Scheduling Rule Matching in a Processor
JP5518135B2 (en) Extensible multicast forwarding method and apparatus for data center
US7281085B1 (en) Method and device for virtualization of multiple data sets on same associative memory
US6529897B1 (en) Method and system for testing filter rules using caching and a tree structure
CN103428093A (en) Route prefix storing, matching and updating method and device based on names
US9985885B1 (en) Aggregating common portions of forwarding routes
CN101222434B (en) Storage policy control list, policy searching method and tri-state addressing memory
CN101645852B (en) Equipment and method for classifying network packet
Ma et al. Leveraging parallelism for multi-dimensional packetclassification on software routers
US20050262294A1 (en) Method for policy matching using a hybrid TCAM and memory-based scheme
Chang Efficient multidimensional packet classification with fast updates
Shen et al. Optimizing multi-dimensional packet classification for multi-core systems
Jia et al. FACL: A Flexible and High-Performance ACL engine on FPGA-based SmartNIC
Yang et al. FISE: A forwarding table structure for enterprise networks
CN102739550A (en) Multi-memory flow routing architecture based on random duplication allocation

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20110615

Termination date: 20150609

EXPY Termination of patent right or utility model