CN102055670B - Method for improving message classification rule capacity of hardware by coordination between software and hardware - Google Patents
Method for improving message classification rule capacity of hardware by coordination between software and hardware Download PDFInfo
- Publication number
- CN102055670B CN102055670B CN201010597300.4A CN201010597300A CN102055670B CN 102055670 B CN102055670 B CN 102055670B CN 201010597300 A CN201010597300 A CN 201010597300A CN 102055670 B CN102055670 B CN 102055670B
- Authority
- CN
- China
- Prior art keywords
- rule
- hardware
- sram
- hash
- message classification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention provides a method for improving message classification rule capacity of hardware by the coordination between software and hardware. In the hardware, a large-capacity SRAM (static random access memory with a capacity reaching several hundred MBs) is adopted to store message classification rules in a hash list format; and by establishing an expanded copy of the hash list of the hardware in the software and allowing the software to be responsible for constructing and maintaining the message classification rules, a hardware message classification system can configure a large number of rules. The use of the SRAM and the hash list makes the management of the rules in the SRAM quick and convenient and ensures the matching efficiency of the rules in the hardware; meanwhile, the capacity of the SRAM storage medium is high, so more rules can be stored.
Description
Technical field
The present invention relates to network data processing field, be specifically related to a kind of method that improves hardware message classification rule capacity by software-hardware synergism.
Background technology
In general hardware message classification system, message classification rule is generally used CAM (access to content memory) to preserve, and is convenient to hardware and carries out high speed coupling.But in some network flow monitoring system, often need jumbo accurate classifying rules, the capacity of CAM generally only has several MB, is difficult to meet the demands.
In network environment, different pieces of information bag adheres to separately different classes of according to some principles, and these principle of classification are exactly message classification rule.In traditional hardware message classification system, generally adopt CAM (access to content memory) to preserve these rules, so that hardware carries out high speed coupling.Hardware, by interface routine, is searched the rule in CAM, and is mated, and according to matching result, message classification, for the message of classifying, carries out feature processing.
In traditional hardware message classification system, process chip is connected with CAM (access to content memory), and this CAM has the advantages such as speed is fast, flexible, but capacity is generally smaller, only has several MB.But along with the requirement of system, rule capacity constantly increases, need the rule of storage usually to reach hundreds of MB, so just need jumbo storage medium to store these jumbo rules.Process chip is directly connected with CAM (access to content memory), by interface function, obtains CAM access handle, directly rule is write in CAM space.Because CAM capacity is little, general common algorithm gets final product simple-to-maintain.For large capacity, use CAM to solve.
Development along with application demand, there is the shortcoming that capacity is inadequate in prior art scheme, because a lot of systems need jumbo accurate classifying rules, should realize efficient rule match, meet again its capacity requirement, often need jumbo storage medium to meet the requirement of storing, in existing technical scheme, intelligence is satisfied with efficient coupling, and cannot solve the problem that needs jumbo accurate rule classification.
Summary of the invention
The object of the invention is to solve the shortcoming of above-mentioned prior art scheme, in hardware, adopt jumbo SRAM to preserve message classification rule, form storage with hash table, by set up the copy of the expansion of hardware hash table in software, by software, be responsible for structure and maintenance packet classifying rules, make hardware message classification system can configure jumbo rule.
A method that improves hardware message classification rule capacity by software-hardware synergism, is characterized in that: comprise the following steps:
A, at region of memory of main frame application, wherein a part is used for storage rule, another part is used for storing hash table;
B, by interface library, obtain hardware address, by mapping function, obtain SRAM buffer pointer, and initialization SRAM, be then each rule generation hash keyword, and according to hash keyword, rule added in main frame rule list and SRAM;
C, increase or during deletion rule, interface library, by hash function, is searched the position at the hash keyword place of this rule correspondence, searches and whether has conflict, if there is not conflict, directly this rule is put in rule list and rule conflict chain when needs; If there is conflict, this rule is dosed to a position of conflict chain place chained list;
D, interface library upgrade the storage rule in host memory, after storage rule upgrades in host memory, then according to the rule list after adjusting, upgrade the rule list of hardware end in SRAM;
E, when packets need matched rule, by hash function, search the rule in SRAM, according to hash keyword, at hash key position and collision position matched rule.
The present invention, according to regular characteristic, owing to having used SRAM and hash table, not only can fast, conveniently manage the rule in SRAM, has guaranteed the rule matching efficiency on hardware, simultaneously because the capacity of SRAM storage medium is larger, can store more rule.
Accompanying drawing explanation
Fig. 1 is work schematic diagram of the present invention
Specific embodiments
The present invention shows to search feature fast by hash, sets up a regular hash table in Installed System Memory, shows to realize the efficient coupling of hardware message classification by hash.
Concrete scheme is as follows:
(1) in host memory, apply for a region of memory, wherein in this piece region of memory, a part of storage rule, part storage hash table.
(2) by interface library, obtain hardware address, by mapping function, obtain SRAM buffer pointer, and initialization SRAM, be then that each rule generates hash number, and according to hash number, rule added in main frame rule list and SRAM.
(3) when needs increase, deletion rule, interface function is by hash function, and the hash that searches this rule correspondence counts the position at place, searches and whether has conflict, and if there is no conflict, directly puts this rule in rule list and rule conflict chain into; If there is conflict, this rule is added to a position of conflict chain place chained list.
(4) in order to prevent, in the process of operation rules, affect the message classification in SRAM, first interface library upgrades the storage rule of host side, after having upgraded host side rule, then according to the rule list after adjusting, upgrades the rule list of hardware end in SRAM.
(5) when packets need matched rule, by hash function, search the rule in SRAM, according to hash number, in hash numerical digit, put and collision position matched rule.
In the network security private server that the present invention has produced at dawn, use, prove that can realize SRAM stores large capacity rule, has improved the regular quantity of system.
Claims (1)
1. by software-hardware synergism, improve a method for hardware message classification rule capacity, it is characterized in that: comprise the following steps:
A, at region of memory of main frame application, wherein a part is used for storage rule, another part is used for storing hash table;
B, by interface library, obtain hardware address, by mapping function, obtain SRAM buffer pointer, and initialization SRAM, be then each rule generation hash keyword, and according to hash keyword, rule added in main frame rule list and SRAM;
C, when needs increase, interface library by hash function, is searched the position at the hash keyword place of this rule correspondence, searches and whether has conflict, if there is not conflict, directly this rule is put in rule list; If there is conflict, a position of this rule being added to the conflict chain of this rule;
D, interface library upgrade the storage rule in host memory, after storage rule upgrades in host memory, then according to the rule list after adjusting, upgrade the rule list of hardware end in SRAM;
E, when message needs matched rule, by hash function, search the rule in SRAM, according to hash keyword, at hash key position and collision position matched rule.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010597300.4A CN102055670B (en) | 2010-12-17 | 2010-12-17 | Method for improving message classification rule capacity of hardware by coordination between software and hardware |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010597300.4A CN102055670B (en) | 2010-12-17 | 2010-12-17 | Method for improving message classification rule capacity of hardware by coordination between software and hardware |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102055670A CN102055670A (en) | 2011-05-11 |
| CN102055670B true CN102055670B (en) | 2014-08-27 |
Family
ID=43959617
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010597300.4A Active CN102055670B (en) | 2010-12-17 | 2010-12-17 | Method for improving message classification rule capacity of hardware by coordination between software and hardware |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102055670B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1336915A1 (en) * | 2002-02-19 | 2003-08-20 | Broadcom Corporation | Method and apparatus for flexible frame processing and classification engine |
| CN101309216A (en) * | 2008-07-03 | 2008-11-19 | 中国科学院计算技术研究所 | IP packet classification method and apparatus |
| CN101753445A (en) * | 2009-12-23 | 2010-06-23 | 重庆邮电大学 | Fast flow classification method based on keyword decomposition hash algorithm |
-
2010
- 2010-12-17 CN CN201010597300.4A patent/CN102055670B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1336915A1 (en) * | 2002-02-19 | 2003-08-20 | Broadcom Corporation | Method and apparatus for flexible frame processing and classification engine |
| CN101309216A (en) * | 2008-07-03 | 2008-11-19 | 中国科学院计算技术研究所 | IP packet classification method and apparatus |
| CN101753445A (en) * | 2009-12-23 | 2010-06-23 | 重庆邮电大学 | Fast flow classification method based on keyword decomposition hash algorithm |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102055670A (en) | 2011-05-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2885728B1 (en) | Hardware implementation of the aggregation/group by operation: hash-table method | |
| KR20160046729A (en) | Key-value storage engine and efficient key collision handling method thereof | |
| CN107092439A (en) | A kind of method and apparatus of data storage | |
| US20200136971A1 (en) | Hash-table lookup with controlled latency | |
| US20160132541A1 (en) | Efficient implementations for mapreduce systems | |
| US11269956B2 (en) | Systems and methods of managing an index | |
| CN102629941A (en) | Caching method of a virtual machine mirror image in cloud computing system | |
| CN102754394B (en) | Method for hash table storage, method for hash table lookup, and devices thereof | |
| JP2015512604A (en) | Cryptographic hash database | |
| CN102467408A (en) | Method and device for accessing data of virtual machine | |
| CN104408163A (en) | Data hierarchical storage method and device | |
| US20150286414A1 (en) | Scanning memory for de-duplication using rdma | |
| CN102420814A (en) | Data access method and device, and server | |
| CN104020961A (en) | Distributed data storage method, device and system | |
| CN102420771B (en) | Method for increasing concurrent transmission control protocol (TCP) connection speed in high-speed network environment | |
| CN106599091B (en) | RDF graph structure storage and index method based on key value storage | |
| US9083725B2 (en) | System and method providing hierarchical cache for big data applications | |
| CN105183399A (en) | Data writing and reading method and device based on elastic block storage | |
| CN108268216A (en) | Data processing method, device and server | |
| CN103778120A (en) | Global file identification generation method, generation device and corresponding distributed file system | |
| US9836491B1 (en) | Method and apparatus for hardware-implemented AVL tree updates | |
| CN104035928A (en) | TCAM (telecommunication access method) table space recovery method and device | |
| CN102724301B (en) | Cloud database system and method and equipment for reading and writing cloud data | |
| CN101478482A (en) | Non-rule matching method, apparatus and system in packet classification | |
| CN104702508A (en) | Method and system for dynamically updating table items |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20221209 Address after: 430040 NO.666, Wuhuan Avenue, linkonggang economic and Technological Development Zone, Wuhan City, Hubei Province (10) Patentee after: Dawning Network Technology Co.,Ltd. Address before: 300384 Xiqing District, Tianjin Huayuan Industrial Zone (outside the ring) 15 1-3, hahihuayu street. Patentee before: DAWNING INFORMATION INDUSTRY Co.,Ltd. |
|
| TR01 | Transfer of patent right |