CN102185723A - Session management method and device - Google Patents

Session management method and device Download PDF

Info

Publication number
CN102185723A
CN102185723A CN2011101396411A CN201110139641A CN102185723A CN 102185723 A CN102185723 A CN 102185723A CN 2011101396411 A CN2011101396411 A CN 2011101396411A CN 201110139641 A CN201110139641 A CN 201110139641A CN 102185723 A CN102185723 A CN 102185723A
Authority
CN
China
Prior art keywords
session
message
tail
tuple
conversation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN2011101396411A
Other languages
Chinese (zh)
Inventor
汪庆权
万众
杨光
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou DPTech Technologies Co Ltd
Original Assignee
Hangzhou DPTech Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou DPTech Technologies Co Ltd filed Critical Hangzhou DPTech Technologies Co Ltd
Priority to CN2011101396411A priority Critical patent/CN102185723A/en
Publication of CN102185723A publication Critical patent/CN102185723A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention relates to a session management method, which is applied to network equipment and used for managing a session. The method comprises the following steps of: filtering a session tail message representative of a session end from a message of an established session according to preset message tail message characteristics; submitting the session characteristics of the tail message to a rapid release unit; and after the network equipment finishes processing a message service, searching for a corresponding session according to the session characteristics of the tail message, and aging the session to release system resources occupied by the session. In the method, a subsequent message of the session message is filtered to obtain the session tail message, and the session is triggered to be aged in advance to timely and effectively release the system resources occupied by the session; and particularly remarkable effects can be achieved when the method is applied to a domain name server (DNS) capable of generating a great number of user datagram protocol (UDP) sessions.

Description

A kind of conversation managing method and device
Technical field
The present invention relates to the network communications technology, relate in particular to a kind of conversation managing method and device.
Background technology
Along with the progress of the network communications technology, be used as public function in order to realize that at the network equipment (switch, router and fire compartment wall etc.) the dialogue-based service needed of handling such as NAT, ASPF, attack-defending take out the session management.Session management is session (usually with five-tuple as session characteristics) in transport layer the interactive relation between the message is abstract, and according to the message information of initiator or response side state renewal and overtime wearing out is carried out in session.
Session management adopts the mode of computer software to realize usually, and it need take system resources such as the CPU of key of system and internal memory usually.For above-mentioned Business Processing needs, system often needs to safeguard a large amount of sessions.In order to alleviate consumption to system resource, need wear out to session, promptly there is not the session of message interaction to wear out immediately for a long time, with free system resources.Usually adopt regularly aging method in the session management, ageing time uses the keeper of the network equipment to dispose voluntarily often, such as the ageing time of UDP session often is configured to 180 seconds.
If the long system resource that may cause that is provided with of conversation aging time too much takies, especially when having attack, resource consumption is very big.But on the other hand, too short if session is provided with, may have influence on the normal use of some network communication applications.In the last few years, some new technology had been appearred in the management of session, such as the aging management of supporting based on different application.Can carry different application according to TCP/UDP different ageing times is provided.For instance, can different ageing times be set, the aging characteristics that meet business model that make session respectively at different application such as SIP, FTP, DNS, MSN, QQ.This technology appear at the setting of having alleviated the conversation aging time to a certain extent.Yet this alleviation is expanded less than network traffics far away and diverse network is attacked the pressure that increases the network equipment system resource consumption that brought.
Summary of the invention
In view of this, a kind of session management device of the present invention, it is applied in the network equipment, is used for session is managed, and wherein this device comprises:
The packet filtering unit is used for filtering out the session tail message that characterizes conversation end from the message of setting up session according to default session tail message characteristic; And the session characteristics of this tail message submitted to the rapid release unit;
The rapid release unit is used for searching corresponding session also with this conversation aging, to discharge the shared system resource of this session according to the session characteristics of this tail message after the network equipment is finished the message traffic processing.
Preferably, described default session tail message characteristic comprises the message port numbers, and described session characteristics is the five-tuple of message; The five-tuple of wherein said message is source IP address, purpose IP address, source port, destination interface and protocol type.
Preferably, the described session tail message that filters out is the DNS back message using, and described default session tail message characteristic also comprises the QR flag bit of DNS message.
Preferably, described session is the UDP session.
Preferably, it is characterized in that, also comprise:
The conversation initial administrative unit is extracted the message five-tuple that receives, and searches conversational list according to five-tuple, if find the session that has existed, then upgrades Session Timer; If do not find, then create new session entry according to five-tuple;
Regularly aging unit is used for when Session Timer is overtime aging operation being carried out in session.
The present invention also provides a kind of conversation managing method, and it is applied in the network equipment, is used for session is managed, and wherein this method comprises:
A, the default session tail message characteristic of basis filter out the session tail message that characterizes conversation end from the message of setting up session; And the session characteristics of this tail message submitted to the rapid release unit;
B, the network equipment finish message traffic handled after, search corresponding session and with this conversation aging, to discharge the shared system resource of this session according to the session characteristics of this tail message.
Preferably, described default session tail message characteristic comprises the message port numbers, and described session characteristics is the five-tuple of message; The five-tuple of wherein said message is source IP address, purpose IP address, source port, destination interface and protocol type.
Preferably, the described session tail message that filters out is the DNS back message using, and described default session tail message characteristic also comprises the QR flag bit of DNS message.
Preferably, described session is the UDP session.
Preferably, also comprise:
The message five-tuple that C, extraction receive is searched conversational list according to five-tuple, if find the session that has existed, then upgrades Session Timer; If do not find, then create new session entry according to five-tuple;
D, when Session Timer is overtime, aging operation is carried out in session.
The present invention filters by the subsequent packet to the session message, therefrom filtering conversation tail message hits in case filter, the then aging in advance operation of triggering session, discharged session timely and effectively to the taking of system resource, especially obvious to this effect that can produce a large amount of UDP sessions of DNS.
Description of drawings
Fig. 1 is a typical session management flow process in the prior art.
Fig. 2 is a session management flow process of the present invention.
Fig. 3 is a session management device building-block of logic of the present invention.
Embodiment
The present invention proposes a kind of new session management implementation method, and it is on the basis of compatible prior art, and under the situation that does not influence the proper network communication service, rapid release falls the session of part occupying system resources.Its basic thinking is to find the sign of conversation end according to the feature of using, and just discharges the session that in fact can finish before ageing time arrives in advance.Introduce the typical implementation of the present invention in detail below in conjunction with Fig. 2 and Fig. 3.
Step 101, the session characteristics of the message that extraction receives is searched conversational list according to default session characteristics, if find the session that has existed, then upgrades Session Timer, changes step 102; If do not find, then create new session entry according to five-tuple, change the message traffic handling process then over to; This step is carried out by session matching unit 12;
Session management characteristic for the network equipment, it needs at first to determine that this message is the literary composition of reporting for the first time of certain session after receiving message, if, show that then this is a new session, need in conversational list, innovate a new list item with the recording conversation feature, and be that this newly-built session entry is created timer.Session characteristics is the foundation of searching, and popular realization at present is to adopt the five-tuple of message as session characteristics, and wherein said five-tuple comprises source IP address, purpose IP address, source port, destination interface and protocol type (also can be described as protocol number).Certainly in certain applications, also may adopt other implementations such as tlv triple.In general conversational list can leave in the middle of the buffer memory (Cache) of the network equipment, helps realizing searching fast of message session characteristics.
If find that by searching message is not the literary composition of reporting for the first time of session, promptly the five-tuple of message can match the record under certain list item in the conversational list; The processing of this moment then is the timer that upgrades the session entry correspondence.
Step 102 filters out the session tail message that characterizes conversation end from the message of setting up session according to default session tail message characteristic; Then the session characteristics of the tail message that filters out is submitted to the rapid release unit; This step is carried out by packet filtering unit 14.
If a message is not the literary composition of reporting for the first time of session, handle under its normal condition is to upgrade timer to change business processing flow (as transmitting processing and safe handling etc.) later on over to, step 102 of the present invention item further removes to mate this message with default session tail message characteristic, to determine whether this message is the end message of affiliated session, the subsequent packet (message after the literary composition of reporting for the first time) that is equivalent to here session once filters.
In many application, session has the message of typical sign conversation end, and this message is not that announcement session finishes, and does not have subsequent packet again but the appearance of saying this message means this session usually.Be applied as example with the most typical DNS based on the UDP host-host protocol.The sign of DNS conversation end is that dns server sends DNS response message (DNS Reply), and the appearance DNS session of this message finishes.
This step finds the such tail message of DNS Reply by default tail message characteristic.For DNS Reply, its typical message characteristic comprises the QR flag bit (0 expression request message, 1 expression response message) in well-known port number (port numbers is 53) and the message load etc.Suppose that this step finds that the port numbers of a message is 53, and QR to be masked as be 1, can think generally speaking that then this message is the DNS Reply message that DNS Server sends.For the DNS Reply message that filters out, its session characteristics need be submitted to the rapid release unit and carry out fast processing.
Step 103, according to the session characteristics of this tail message that session entry corresponding in the session table is aging, to discharge the shared system resource of this session.
Prior art still is to upgrade timer in the result of step 101, and whether remove to inquire about timer by regularly aging unit 18 overtime, if overtime then carry out burin-in process.Suppose that the timer ageing time was made as 100 seconds, that is to say that the many occupying system resources of this session meeting just were released in 100 seconds.DNS uses and can produce the very huge session of quantity, because nearly all subscriber's main station can frequently send the DNS request in last network process, causes will safeguarding a large amount of sessions on the network equipment.
Obviously DNS uses regularly and has agingly taken huge system resource and be difficult to rapid release in the prior art.The present invention then earlier carries out Business Processing by the network equipment to message after step 102, change 103 releases of carrying out resource after finishing dealing with at once over to and handle.Find according to the five-tuple of message and in conversational list, to find corresponding session entry, it is carried out aging operation, rather than this Session Timer is overtime just aging by the time.Wherein aging operation is specially from timer conversation aging chain deletes session.
The present invention filters by the subsequent packet to the session message, therefrom filtering conversation tail message hits in case filter, the then aging in advance operation of triggering session, discharged session timely and effectively to the taking of system resource, especially obvious to this effect that can produce a large amount of UDP sessions of DNS.The above only is the preferable implementation of the present invention, and any modification of making based on spirit of the present invention that is equal to all should be covered by in the claim scope of the present invention.

Claims (10)

1. session management device, it is applied in the network equipment, is used for session is managed, and wherein this device comprises:
The packet filtering unit is used for filtering out the session tail message that characterizes conversation end from the message of setting up session according to default session tail message characteristic; And the session characteristics of this tail message submitted to the rapid release unit;
The rapid release unit is used for searching corresponding session also with this conversation aging, to discharge the shared system resource of this session according to the session characteristics of this tail message after the network equipment is finished the message traffic processing.
2. device according to claim 1 is characterized in that, described default session tail message characteristic comprises the message port numbers, and described session characteristics is the five-tuple of message; The five-tuple of wherein said message is source IP address, purpose IP address, source port, destination interface and protocol type.
3. device according to claim 2 is characterized in that, the described session tail message that filters out is the DNS back message using, and described default session tail message characteristic also comprises the QR flag bit of DNS message.
4. device according to claim 1 is characterized in that, described session is the UDP session.
5. device according to claim 1 is characterized in that, also comprises:
The conversation initial administrative unit is extracted the message five-tuple that receives, and searches conversational list according to five-tuple, if find the session that has existed, then upgrades Session Timer; If do not find, then create new session entry according to five-tuple;
Regularly aging unit is used for when Session Timer is overtime aging operation being carried out in session.
6. conversation managing method, it is applied in the network equipment, is used for session is managed, and wherein this method comprises:
A, the default session tail message characteristic of basis filter out the session tail message that characterizes conversation end from the message of setting up session; And the session characteristics of this tail message submitted to the rapid release unit;
B, the network equipment finish message traffic handled after, search corresponding session and with this conversation aging, to discharge the shared system resource of this session according to the session characteristics of this tail message.
7. method according to claim 6 is characterized in that, described default session tail message characteristic comprises the message port numbers, and described session characteristics is the five-tuple of message; The five-tuple of wherein said message is source IP address, purpose IP address, source port, destination interface and protocol type.
8. method according to claim 7 is characterized in that, the described session tail message that filters out is the DNS back message using, and described default session tail message characteristic also comprises the QR flag bit of DNS message.
9. method according to claim 6 is characterized in that, described session is the UDP session.
10. method according to claim 6 is characterized in that, also comprises:
The message five-tuple that C, extraction receive is searched conversational list according to five-tuple, if find the session that has existed, then upgrades Session Timer; If do not find, then create new session entry according to five-tuple;
D, when Session Timer is overtime, aging operation is carried out in session.
CN2011101396411A 2011-05-27 2011-05-27 Session management method and device Pending CN102185723A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2011101396411A CN102185723A (en) 2011-05-27 2011-05-27 Session management method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2011101396411A CN102185723A (en) 2011-05-27 2011-05-27 Session management method and device

Publications (1)

Publication Number Publication Date
CN102185723A true CN102185723A (en) 2011-09-14

Family

ID=44571796

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2011101396411A Pending CN102185723A (en) 2011-05-27 2011-05-27 Session management method and device

Country Status (1)

Country Link
CN (1) CN102185723A (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102739683A (en) * 2012-06-29 2012-10-17 杭州迪普科技有限公司 Network attack filtering method and device
CN102932190A (en) * 2012-11-22 2013-02-13 杭州迪普科技有限公司 Method and device for solving single point of failure of equipment section
CN104486453A (en) * 2014-11-19 2015-04-01 中国联合网络通信集团有限公司 Ageing-time adjusting method and device
CN104539586A (en) * 2014-12-08 2015-04-22 中兴通讯股份有限公司 Session management method and device
CN106790556A (en) * 2016-12-26 2017-05-31 深圳市风云实业有限公司 A kind of NAT conversation managing methods based on distributed system
CN107257327A (en) * 2017-05-25 2017-10-17 中央民族大学 A kind of high concurrent SSL conversation managing methods
CN107547634A (en) * 2017-07-28 2018-01-05 新华三信息安全技术有限公司 A kind of conversation managing method and device
CN109451068A (en) * 2018-12-28 2019-03-08 杭州迪普科技股份有限公司 The insertion method and device of Set-Cookie value
CN111373715A (en) * 2017-11-21 2020-07-03 瑞典爱立信有限公司 Method and function for processing service of application

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101170517A (en) * 2007-12-06 2008-04-30 杭州华三通信技术有限公司 Method and device for aging of control session table
CN101409732A (en) * 2008-11-19 2009-04-15 福建星网锐捷网络有限公司 System and method for managing network address conversion information
CN101605018A (en) * 2009-06-17 2009-12-16 中兴通讯股份有限公司 A kind of decoding depth message detection protocol method, equipment and system based on stream

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101170517A (en) * 2007-12-06 2008-04-30 杭州华三通信技术有限公司 Method and device for aging of control session table
CN101409732A (en) * 2008-11-19 2009-04-15 福建星网锐捷网络有限公司 System and method for managing network address conversion information
CN101605018A (en) * 2009-06-17 2009-12-16 中兴通讯股份有限公司 A kind of decoding depth message detection protocol method, equipment and system based on stream

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102739683B (en) * 2012-06-29 2015-09-09 杭州迪普科技有限公司 A kind of network attack filter method and device
CN102739683A (en) * 2012-06-29 2012-10-17 杭州迪普科技有限公司 Network attack filtering method and device
CN102932190A (en) * 2012-11-22 2013-02-13 杭州迪普科技有限公司 Method and device for solving single point of failure of equipment section
CN104486453A (en) * 2014-11-19 2015-04-01 中国联合网络通信集团有限公司 Ageing-time adjusting method and device
CN104486453B (en) * 2014-11-19 2017-07-28 中国联合网络通信集团有限公司 The method of adjustment and device of a kind of ageing time
CN104539586A (en) * 2014-12-08 2015-04-22 中兴通讯股份有限公司 Session management method and device
CN106790556B (en) * 2016-12-26 2019-09-17 深圳市风云实业有限公司 A kind of NAT conversation managing method based on distributed system
CN106790556A (en) * 2016-12-26 2017-05-31 深圳市风云实业有限公司 A kind of NAT conversation managing methods based on distributed system
CN107257327A (en) * 2017-05-25 2017-10-17 中央民族大学 A kind of high concurrent SSL conversation managing methods
CN107547634A (en) * 2017-07-28 2018-01-05 新华三信息安全技术有限公司 A kind of conversation managing method and device
CN107547634B (en) * 2017-07-28 2020-11-03 新华三信息安全技术有限公司 Session management method and device
CN111373715A (en) * 2017-11-21 2020-07-03 瑞典爱立信有限公司 Method and function for processing service of application
US11419035B2 (en) 2017-11-21 2022-08-16 Telefonaktiebolaget Lm Ericsson (Publ) Method and function for handling traffic for an application
CN111373715B (en) * 2017-11-21 2022-11-18 瑞典爱立信有限公司 Method for processing applied service and network function entity
CN109451068A (en) * 2018-12-28 2019-03-08 杭州迪普科技股份有限公司 The insertion method and device of Set-Cookie value
CN109451068B (en) * 2018-12-28 2021-11-23 杭州迪普科技股份有限公司 Method and device for inserting Set-Cookie value

Similar Documents

Publication Publication Date Title
CN102185723A (en) Session management method and device
EP3297213B1 (en) Method and apparatus for identifying application information in network traffic
CN104137491B (en) By the method for gateway management service and management service system
CN104219338B (en) The generation method and device of the safe list item of authorized address analysis protocol
CN102685006A (en) Method and device for forwarding data messages
TW201640405A (en) Method and device for defending against network attacks
WO2017050117A1 (en) Network load balance processing system, method, and apparatus
CN103248724A (en) SDN (Software-Defined Networking) controller-based DHCP (Dynamic Host Configuration Protocol) broadcast processing method
CN100563245C (en) A kind of prevention method at the ARP overflowing attack
WO2013177891A1 (en) Public network address allocation method and device
CN102882894A (en) Method and device for identifying attack
CN101409654B (en) Method for processing SNMP information in network management system
CN101582791B (en) Method and system for monitoring real-time messaging session
CN105490872A (en) Real-time monitoring system and monitoring method of internet instant messaging information
CN102333080A (en) Method and device for preventing message from attacking
CN101272254A (en) Method for generating attack characteristic database, method for preventing network attack and device thereof
CN107682267B (en) Network data forwarding method and system of Linux equipment
CN101883054B (en) Multicast message processing method and device and equipment
CN104463670A (en) Websocket-based bank preposition transaction system construction method
CN101562567B (en) Method and server for processing messages
CN107547523A (en) Message processing method, device, the network equipment and machinable medium
CN102035750A (en) Peer-to-peer (P2P) flow recognizing method and device
CN104579753B (en) User data statistical method, access stratum server and statistical server
CN101582880B (en) Method and system for filtering messages based on audited object
CN106230649B (en) Session resource management method and device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C12 Rejection of a patent application after its publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20110914