CN102185723A - Session management method and device - Google Patents
Session management method and device Download PDFInfo
- Publication number
- CN102185723A CN102185723A CN2011101396411A CN201110139641A CN102185723A CN 102185723 A CN102185723 A CN 102185723A CN 2011101396411 A CN2011101396411 A CN 2011101396411A CN 201110139641 A CN201110139641 A CN 201110139641A CN 102185723 A CN102185723 A CN 102185723A
- Authority
- CN
- China
- Prior art keywords
- session
- message
- tail
- tuple
- conversation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention relates to a session management method, which is applied to network equipment and used for managing a session. The method comprises the following steps of: filtering a session tail message representative of a session end from a message of an established session according to preset message tail message characteristics; submitting the session characteristics of the tail message to a rapid release unit; and after the network equipment finishes processing a message service, searching for a corresponding session according to the session characteristics of the tail message, and aging the session to release system resources occupied by the session. In the method, a subsequent message of the session message is filtered to obtain the session tail message, and the session is triggered to be aged in advance to timely and effectively release the system resources occupied by the session; and particularly remarkable effects can be achieved when the method is applied to a domain name server (DNS) capable of generating a great number of user datagram protocol (UDP) sessions.
Description
Technical field
The present invention relates to the network communications technology, relate in particular to a kind of conversation managing method and device.
Background technology
Along with the progress of the network communications technology, be used as public function in order to realize that at the network equipment (switch, router and fire compartment wall etc.) the dialogue-based service needed of handling such as NAT, ASPF, attack-defending take out the session management.Session management is session (usually with five-tuple as session characteristics) in transport layer the interactive relation between the message is abstract, and according to the message information of initiator or response side state renewal and overtime wearing out is carried out in session.
Session management adopts the mode of computer software to realize usually, and it need take system resources such as the CPU of key of system and internal memory usually.For above-mentioned Business Processing needs, system often needs to safeguard a large amount of sessions.In order to alleviate consumption to system resource, need wear out to session, promptly there is not the session of message interaction to wear out immediately for a long time, with free system resources.Usually adopt regularly aging method in the session management, ageing time uses the keeper of the network equipment to dispose voluntarily often, such as the ageing time of UDP session often is configured to 180 seconds.
If the long system resource that may cause that is provided with of conversation aging time too much takies, especially when having attack, resource consumption is very big.But on the other hand, too short if session is provided with, may have influence on the normal use of some network communication applications.In the last few years, some new technology had been appearred in the management of session, such as the aging management of supporting based on different application.Can carry different application according to TCP/UDP different ageing times is provided.For instance, can different ageing times be set, the aging characteristics that meet business model that make session respectively at different application such as SIP, FTP, DNS, MSN, QQ.This technology appear at the setting of having alleviated the conversation aging time to a certain extent.Yet this alleviation is expanded less than network traffics far away and diverse network is attacked the pressure that increases the network equipment system resource consumption that brought.
Summary of the invention
In view of this, a kind of session management device of the present invention, it is applied in the network equipment, is used for session is managed, and wherein this device comprises:
The packet filtering unit is used for filtering out the session tail message that characterizes conversation end from the message of setting up session according to default session tail message characteristic; And the session characteristics of this tail message submitted to the rapid release unit;
The rapid release unit is used for searching corresponding session also with this conversation aging, to discharge the shared system resource of this session according to the session characteristics of this tail message after the network equipment is finished the message traffic processing.
Preferably, described default session tail message characteristic comprises the message port numbers, and described session characteristics is the five-tuple of message; The five-tuple of wherein said message is source IP address, purpose IP address, source port, destination interface and protocol type.
Preferably, the described session tail message that filters out is the DNS back message using, and described default session tail message characteristic also comprises the QR flag bit of DNS message.
Preferably, described session is the UDP session.
Preferably, it is characterized in that, also comprise:
The conversation initial administrative unit is extracted the message five-tuple that receives, and searches conversational list according to five-tuple, if find the session that has existed, then upgrades Session Timer; If do not find, then create new session entry according to five-tuple;
Regularly aging unit is used for when Session Timer is overtime aging operation being carried out in session.
The present invention also provides a kind of conversation managing method, and it is applied in the network equipment, is used for session is managed, and wherein this method comprises:
A, the default session tail message characteristic of basis filter out the session tail message that characterizes conversation end from the message of setting up session; And the session characteristics of this tail message submitted to the rapid release unit;
B, the network equipment finish message traffic handled after, search corresponding session and with this conversation aging, to discharge the shared system resource of this session according to the session characteristics of this tail message.
Preferably, described default session tail message characteristic comprises the message port numbers, and described session characteristics is the five-tuple of message; The five-tuple of wherein said message is source IP address, purpose IP address, source port, destination interface and protocol type.
Preferably, the described session tail message that filters out is the DNS back message using, and described default session tail message characteristic also comprises the QR flag bit of DNS message.
Preferably, described session is the UDP session.
Preferably, also comprise:
The message five-tuple that C, extraction receive is searched conversational list according to five-tuple, if find the session that has existed, then upgrades Session Timer; If do not find, then create new session entry according to five-tuple;
D, when Session Timer is overtime, aging operation is carried out in session.
The present invention filters by the subsequent packet to the session message, therefrom filtering conversation tail message hits in case filter, the then aging in advance operation of triggering session, discharged session timely and effectively to the taking of system resource, especially obvious to this effect that can produce a large amount of UDP sessions of DNS.
Description of drawings
Fig. 1 is a typical session management flow process in the prior art.
Fig. 2 is a session management flow process of the present invention.
Fig. 3 is a session management device building-block of logic of the present invention.
Embodiment
The present invention proposes a kind of new session management implementation method, and it is on the basis of compatible prior art, and under the situation that does not influence the proper network communication service, rapid release falls the session of part occupying system resources.Its basic thinking is to find the sign of conversation end according to the feature of using, and just discharges the session that in fact can finish before ageing time arrives in advance.Introduce the typical implementation of the present invention in detail below in conjunction with Fig. 2 and Fig. 3.
Step 101, the session characteristics of the message that extraction receives is searched conversational list according to default session characteristics, if find the session that has existed, then upgrades Session Timer, changes step 102; If do not find, then create new session entry according to five-tuple, change the message traffic handling process then over to; This step is carried out by session matching unit 12;
Session management characteristic for the network equipment, it needs at first to determine that this message is the literary composition of reporting for the first time of certain session after receiving message, if, show that then this is a new session, need in conversational list, innovate a new list item with the recording conversation feature, and be that this newly-built session entry is created timer.Session characteristics is the foundation of searching, and popular realization at present is to adopt the five-tuple of message as session characteristics, and wherein said five-tuple comprises source IP address, purpose IP address, source port, destination interface and protocol type (also can be described as protocol number).Certainly in certain applications, also may adopt other implementations such as tlv triple.In general conversational list can leave in the middle of the buffer memory (Cache) of the network equipment, helps realizing searching fast of message session characteristics.
If find that by searching message is not the literary composition of reporting for the first time of session, promptly the five-tuple of message can match the record under certain list item in the conversational list; The processing of this moment then is the timer that upgrades the session entry correspondence.
Step 102 filters out the session tail message that characterizes conversation end from the message of setting up session according to default session tail message characteristic; Then the session characteristics of the tail message that filters out is submitted to the rapid release unit; This step is carried out by packet filtering unit 14.
If a message is not the literary composition of reporting for the first time of session, handle under its normal condition is to upgrade timer to change business processing flow (as transmitting processing and safe handling etc.) later on over to, step 102 of the present invention item further removes to mate this message with default session tail message characteristic, to determine whether this message is the end message of affiliated session, the subsequent packet (message after the literary composition of reporting for the first time) that is equivalent to here session once filters.
In many application, session has the message of typical sign conversation end, and this message is not that announcement session finishes, and does not have subsequent packet again but the appearance of saying this message means this session usually.Be applied as example with the most typical DNS based on the UDP host-host protocol.The sign of DNS conversation end is that dns server sends DNS response message (DNS Reply), and the appearance DNS session of this message finishes.
This step finds the such tail message of DNS Reply by default tail message characteristic.For DNS Reply, its typical message characteristic comprises the QR flag bit (0 expression request message, 1 expression response message) in well-known port number (port numbers is 53) and the message load etc.Suppose that this step finds that the port numbers of a message is 53, and QR to be masked as be 1, can think generally speaking that then this message is the DNS Reply message that DNS Server sends.For the DNS Reply message that filters out, its session characteristics need be submitted to the rapid release unit and carry out fast processing.
Step 103, according to the session characteristics of this tail message that session entry corresponding in the session table is aging, to discharge the shared system resource of this session.
Prior art still is to upgrade timer in the result of step 101, and whether remove to inquire about timer by regularly aging unit 18 overtime, if overtime then carry out burin-in process.Suppose that the timer ageing time was made as 100 seconds, that is to say that the many occupying system resources of this session meeting just were released in 100 seconds.DNS uses and can produce the very huge session of quantity, because nearly all subscriber's main station can frequently send the DNS request in last network process, causes will safeguarding a large amount of sessions on the network equipment.
Obviously DNS uses regularly and has agingly taken huge system resource and be difficult to rapid release in the prior art.The present invention then earlier carries out Business Processing by the network equipment to message after step 102, change 103 releases of carrying out resource after finishing dealing with at once over to and handle.Find according to the five-tuple of message and in conversational list, to find corresponding session entry, it is carried out aging operation, rather than this Session Timer is overtime just aging by the time.Wherein aging operation is specially from timer conversation aging chain deletes session.
The present invention filters by the subsequent packet to the session message, therefrom filtering conversation tail message hits in case filter, the then aging in advance operation of triggering session, discharged session timely and effectively to the taking of system resource, especially obvious to this effect that can produce a large amount of UDP sessions of DNS.The above only is the preferable implementation of the present invention, and any modification of making based on spirit of the present invention that is equal to all should be covered by in the claim scope of the present invention.
Claims (10)
1. session management device, it is applied in the network equipment, is used for session is managed, and wherein this device comprises:
The packet filtering unit is used for filtering out the session tail message that characterizes conversation end from the message of setting up session according to default session tail message characteristic; And the session characteristics of this tail message submitted to the rapid release unit;
The rapid release unit is used for searching corresponding session also with this conversation aging, to discharge the shared system resource of this session according to the session characteristics of this tail message after the network equipment is finished the message traffic processing.
2. device according to claim 1 is characterized in that, described default session tail message characteristic comprises the message port numbers, and described session characteristics is the five-tuple of message; The five-tuple of wherein said message is source IP address, purpose IP address, source port, destination interface and protocol type.
3. device according to claim 2 is characterized in that, the described session tail message that filters out is the DNS back message using, and described default session tail message characteristic also comprises the QR flag bit of DNS message.
4. device according to claim 1 is characterized in that, described session is the UDP session.
5. device according to claim 1 is characterized in that, also comprises:
The conversation initial administrative unit is extracted the message five-tuple that receives, and searches conversational list according to five-tuple, if find the session that has existed, then upgrades Session Timer; If do not find, then create new session entry according to five-tuple;
Regularly aging unit is used for when Session Timer is overtime aging operation being carried out in session.
6. conversation managing method, it is applied in the network equipment, is used for session is managed, and wherein this method comprises:
A, the default session tail message characteristic of basis filter out the session tail message that characterizes conversation end from the message of setting up session; And the session characteristics of this tail message submitted to the rapid release unit;
B, the network equipment finish message traffic handled after, search corresponding session and with this conversation aging, to discharge the shared system resource of this session according to the session characteristics of this tail message.
7. method according to claim 6 is characterized in that, described default session tail message characteristic comprises the message port numbers, and described session characteristics is the five-tuple of message; The five-tuple of wherein said message is source IP address, purpose IP address, source port, destination interface and protocol type.
8. method according to claim 7 is characterized in that, the described session tail message that filters out is the DNS back message using, and described default session tail message characteristic also comprises the QR flag bit of DNS message.
9. method according to claim 6 is characterized in that, described session is the UDP session.
10. method according to claim 6 is characterized in that, also comprises:
The message five-tuple that C, extraction receive is searched conversational list according to five-tuple, if find the session that has existed, then upgrades Session Timer; If do not find, then create new session entry according to five-tuple;
D, when Session Timer is overtime, aging operation is carried out in session.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011101396411A CN102185723A (en) | 2011-05-27 | 2011-05-27 | Session management method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011101396411A CN102185723A (en) | 2011-05-27 | 2011-05-27 | Session management method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102185723A true CN102185723A (en) | 2011-09-14 |
Family
ID=44571796
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011101396411A Pending CN102185723A (en) | 2011-05-27 | 2011-05-27 | Session management method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102185723A (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102739683A (en) * | 2012-06-29 | 2012-10-17 | 杭州迪普科技有限公司 | Network attack filtering method and device |
| CN102932190A (en) * | 2012-11-22 | 2013-02-13 | 杭州迪普科技有限公司 | Method and device for solving single point of failure of equipment section |
| CN104486453A (en) * | 2014-11-19 | 2015-04-01 | 中国联合网络通信集团有限公司 | Ageing-time adjusting method and device |
| CN104539586A (en) * | 2014-12-08 | 2015-04-22 | 中兴通讯股份有限公司 | Session management method and device |
| CN106790556A (en) * | 2016-12-26 | 2017-05-31 | 深圳市风云实业有限公司 | A kind of NAT conversation managing methods based on distributed system |
| CN107257327A (en) * | 2017-05-25 | 2017-10-17 | 中央民族大学 | A kind of high concurrent SSL conversation managing methods |
| CN107547634A (en) * | 2017-07-28 | 2018-01-05 | 新华三信息安全技术有限公司 | A kind of conversation managing method and device |
| CN109451068A (en) * | 2018-12-28 | 2019-03-08 | 杭州迪普科技股份有限公司 | The insertion method and device of Set-Cookie value |
| CN111373715A (en) * | 2017-11-21 | 2020-07-03 | 瑞典爱立信有限公司 | Method and function for processing service of application |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101170517A (en) * | 2007-12-06 | 2008-04-30 | 杭州华三通信技术有限公司 | Method and device for aging of control session table |
| CN101409732A (en) * | 2008-11-19 | 2009-04-15 | 福建星网锐捷网络有限公司 | System and method for managing network address conversion information |
| CN101605018A (en) * | 2009-06-17 | 2009-12-16 | 中兴通讯股份有限公司 | A kind of decoding depth message detection protocol method, equipment and system based on stream |
-
2011
- 2011-05-27 CN CN2011101396411A patent/CN102185723A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101170517A (en) * | 2007-12-06 | 2008-04-30 | 杭州华三通信技术有限公司 | Method and device for aging of control session table |
| CN101409732A (en) * | 2008-11-19 | 2009-04-15 | 福建星网锐捷网络有限公司 | System and method for managing network address conversion information |
| CN101605018A (en) * | 2009-06-17 | 2009-12-16 | 中兴通讯股份有限公司 | A kind of decoding depth message detection protocol method, equipment and system based on stream |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102739683B (en) * | 2012-06-29 | 2015-09-09 | 杭州迪普科技有限公司 | A kind of network attack filter method and device |
| CN102739683A (en) * | 2012-06-29 | 2012-10-17 | 杭州迪普科技有限公司 | Network attack filtering method and device |
| CN102932190A (en) * | 2012-11-22 | 2013-02-13 | 杭州迪普科技有限公司 | Method and device for solving single point of failure of equipment section |
| CN104486453A (en) * | 2014-11-19 | 2015-04-01 | 中国联合网络通信集团有限公司 | Ageing-time adjusting method and device |
| CN104486453B (en) * | 2014-11-19 | 2017-07-28 | 中国联合网络通信集团有限公司 | The method of adjustment and device of a kind of ageing time |
| CN104539586A (en) * | 2014-12-08 | 2015-04-22 | 中兴通讯股份有限公司 | Session management method and device |
| CN106790556B (en) * | 2016-12-26 | 2019-09-17 | 深圳市风云实业有限公司 | A kind of NAT conversation managing method based on distributed system |
| CN106790556A (en) * | 2016-12-26 | 2017-05-31 | 深圳市风云实业有限公司 | A kind of NAT conversation managing methods based on distributed system |
| CN107257327A (en) * | 2017-05-25 | 2017-10-17 | 中央民族大学 | A kind of high concurrent SSL conversation managing methods |
| CN107547634A (en) * | 2017-07-28 | 2018-01-05 | 新华三信息安全技术有限公司 | A kind of conversation managing method and device |
| CN107547634B (en) * | 2017-07-28 | 2020-11-03 | 新华三信息安全技术有限公司 | Session management method and device |
| CN111373715A (en) * | 2017-11-21 | 2020-07-03 | 瑞典爱立信有限公司 | Method and function for processing service of application |
| US11419035B2 (en) | 2017-11-21 | 2022-08-16 | Telefonaktiebolaget Lm Ericsson (Publ) | Method and function for handling traffic for an application |
| CN111373715B (en) * | 2017-11-21 | 2022-11-18 | 瑞典爱立信有限公司 | Method for processing applied service and network function entity |
| CN109451068A (en) * | 2018-12-28 | 2019-03-08 | 杭州迪普科技股份有限公司 | The insertion method and device of Set-Cookie value |
| CN109451068B (en) * | 2018-12-28 | 2021-11-23 | 杭州迪普科技股份有限公司 | Method and device for inserting Set-Cookie value |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102185723A (en) | Session management method and device | |
| EP3297213B1 (en) | Method and apparatus for identifying application information in network traffic | |
| CN104137491B (en) | By the method for gateway management service and management service system | |
| CN104219338B (en) | The generation method and device of the safe list item of authorized address analysis protocol | |
| CN102685006A (en) | Method and device for forwarding data messages | |
| TW201640405A (en) | Method and device for defending against network attacks | |
| CN103248724A (en) | SDN (Software-Defined Networking) controller-based DHCP (Dynamic Host Configuration Protocol) broadcast processing method | |
| CN100563245C (en) | A kind of prevention method at the ARP overflowing attack | |
| JP4692776B2 (en) | Method for protecting SIP-based applications | |
| CN102882894A (en) | Method and device for identifying attack | |
| CN101409654B (en) | Method for processing SNMP information in network management system | |
| CN101582791B (en) | Method and system for monitoring real-time messaging session | |
| CN105490872A (en) | Real-time monitoring system and monitoring method of internet instant messaging information | |
| CN102333080A (en) | Method and device for preventing message from attacking | |
| CN101272254A (en) | Method for generating attack characteristic database, method for preventing network attack and device thereof | |
| CN107682267B (en) | Network data forwarding method and system of Linux equipment | |
| Li et al. | An effective SDN controller scheduling method to defence DDoS attacks | |
| CN101883054B (en) | Multicast message processing method and device and equipment | |
| CN104463670A (en) | Websocket-based bank preposition transaction system construction method | |
| CN101562567B (en) | Method and server for processing messages | |
| CN107547523A (en) | Message processing method, device, the network equipment and machinable medium | |
| CN102035750A (en) | Peer-to-peer (P2P) flow recognizing method and device | |
| CN104579753B (en) | User data statistical method, access stratum server and statistical server | |
| CN101582880B (en) | Method and system for filtering messages based on audited object | |
| CN106230649B (en) | Session resource management method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20110914 |