CN102195868A - Method and device for dynamically classifying network messages at high efficiency - Google Patents
Method and device for dynamically classifying network messages at high efficiency Download PDFInfo
- Publication number
- CN102195868A CN102195868A CN2010106090200A CN201010609020A CN102195868A CN 102195868 A CN102195868 A CN 102195868A CN 2010106090200 A CN2010106090200 A CN 2010106090200A CN 201010609020 A CN201010609020 A CN 201010609020A CN 102195868 A CN102195868 A CN 102195868A
- Authority
- CN
- China
- Prior art keywords
- rule
- network interface
- message
- interface card
- classification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention provides a method and a device for dynamically classifying network messages at high efficiency. The device is a system with the integration of software and hardware, and includes hardware and software, wherein a message classification rule is stored in the hardware; and the management of the rule is carried out in the software. The dynamic classification can be achieved through the cooperation of the software and the hardware, wherein the hardware only uses the rule to ensure the rule matching efficiency; and the software is used for constructing an expanded mirror image for the hardware rule table in the memory of a computer to ensure flexible and dynamic rule modification. When the message classification rule needs updating, the software can adjust the rule table in the memory of the computer, and only load the adjusted result to an onboard memory of the hardware. The entire system can ensure the high efficiency while meeting the requirement of dynamic flexibility.
Description
Technical field
The present invention relates to the network data processing field, be specifically related to a kind of method and apparatus that is used for the classification of network message high-efficiency dynamic.
Background technology
Message classification is the header information according to message, generally is the five-tuple information that agreement, ip, port constitute, and message is divided into the dissimilar different disposal of doing respectively, such as router to the message of different segment to the different sub-network forwarding etc.In express network, software realizes that the efficient of message classification is not high, and therefore a lot of message classification equipment adopt hardware (network processing unit or special chip) to realize.
In order to guarantee rule matching efficiency, generally use TCAM stored messages classifying rules, when each message arrives, can from TCAM, match the classification of message fast.
Application number 200910000608.3 discloses non-rule matching method, device and the network system in a kind of message classification, this method comprises: the keyword of described message and the list item among the Ternary Content Addressable Memory TCAM are mated, described TCAM list item is corresponding with the whole piece rule, and the match is successful for part acquiescence corresponding with non-rule field in the list item of described TCAM; If the match is successful for the keyword of described message and TCAM list item, then, know the non-rule field in the whole piece rule by the non-rule field identification information in the SRAM record corresponding with this TCAM list item; The forward keyword that the keyword of the non-rule field in the described message is corresponding with the non-rule field in the described SRAM record mates, if coupling is all unsuccessful, then judges the success of this message and whole piece rule match.
Application number 200610011455.9 discloses a kind of unified processing method of three-folded content addressable memory message classification, it is characterized in that, comprising: step 1, generation one unified ACL Policy Table, a unified action schedule; Step 2, deposit described unified ACL Policy Table in TCAM, deposit described unified action schedule in memory; Step 3, carry out according to the form structure search key of setting that message is searched, message classification; Wherein said unified ACL Policy Table is made of one group of TCAM clauses and subclauses of depositing message classification information; Described unified action schedule is made of the action corresponding with each described TCAM clauses and subclauses; The form of described TCAM clauses and subclauses is divided into: control information, 2 layers of information, 3 layers of information and 4 layers of information.
Application number 200610011453.X discloses a kind of method that improves the three-folded content addressable memory message classification seek rate, be applicable to the coupling that on the network equipment, realizes based on the access control list ACL of TCAM, it is characterized in that, usage space exchanges time method for and improves TCAM message classification searching speed, specifically can be by buffer memory keyword technology, parallel search technology and/or logic submeter technology realizes.
Application number 200610011466.7 discloses a kind of rule update method of three-folded content addressable memory message classification, it is characterized in that, rule is extended to a plurality of rule entries to be stored in the entry space of memory, when adding new regulation, judge whether last idle entry space that accounts for after the entry space that stores described rule entries can hold the new regulation that will add, be then described last accounted for entry space after the direct described new regulation of storage, otherwise with described memory tighten with remove described last accounted for idle entry space before the entry space, and then store described new regulation; During deletion rule, the entry space that accounts for that directly will store this deleted rule is arranged to idle entry space.
Unified shortcoming is that the update efficiency of TCAM chip is low in these technical schemes, upgrades complicated operation, causes rule to be difficult to realize on-the-fly modifying in real time flexibly, frequently revises in the system of classifying rules at needs, is difficult to meet the demands.
Summary of the invention
The object of the invention provides a kind of equipment and processing method that realizes that hardware message classification rule can dynamic flexible be revised, and when utilizing hardware message classification performance, makes classifying rules real-time update flexibly.
A kind of equipment that is used for the classification of network message high-efficiency dynamic comprises software section and network interface card;
Described software section comprises that network interface card drives and the classifying rules management software;
Described network interface card comprises that network interface, special chip and plate carry internal memory.
A kind of method that is used for the classification of network message high-efficiency dynamic comprises following steps:
When A, driving loading, the rule list that is stored among the network interface card SARM is constructed an identical mirror image in host memory; The hash of rule of correspondence table table storage organization is expanded a management data structures to mirror image simultaneously;
B, when management software need be revised rule, the rule list mirror image in directly revise driving;
After C, modification finish,, amended list item is copied to the position that the network interface card plate carries the sram memory correspondence by driving the memory-mapped that realizes;
After D, network interface card received message, the master control special chip extracted five-tuple information from message, searched in the hash of network interface card sram memory table, to hitting the action that regular message executing rule is formulated.
A kind of optimal technical scheme of the present invention is: described special chip is the network interface card main control chip, moves all message classification processing logics.
Another optimal technical scheme of the present invention is: described plate carries internal memory can adopt the high-speed SRAM internal memory, as QDR etc.
Also a kind of optimal technical scheme of the present invention is: the management data structures of expanding in the described steps A comprises conflict anchor point and conflict queue chain.
Whole system of the present invention has guaranteed very high efficient again when having satisfied the dynamic flexible requirement.
Description of drawings
Fig. 1 is the system configuration of present device
Fig. 2 is the method that the present invention realizes dynamic message classification
Specific embodiments
The technical scheme of present device is the equipment of a software and hardware one, hardware be with special chip for the network interface card that main devices designs, comprise network interface, special chip, plate carry internal memory and constitute; Software is driven by network interface card and the classifying rules management software constitutes.
The function of the every part of system is as follows:
(1) network interface: network message Data Receiving network access card.
(2) special chip: the main control chip of network interface card, move all message classification processing logics.
(3) plate carries internal memory: adopt the high-speed SRAM internal memory, preserve the message classification rule list.
(4) network interface card drives: the administration configuration network interface card, give the table of classification rules in the network interface card, mirror image of structure in host memory.
(5) management software: the instrument of configuration network interface card is configured to the message classification rule in the network interface card hardware.
Implementation method and process are as follows:
(1) the network interface card driving is established mirror image for the rule list in the hardware
Drive when loading the rule list of corresponding stored in network interface card SRAM, identical mirror image of structure in host memory, the hash table storage organization of rule of correspondence table, to mirror-image structure expansion management data,, form the mirror image rule list of expansion such as the anchor point etc. that conflicts.
(2) the rule list mirror image during managing software updates drives
When management software need be revised rule, revise the rule list mirror image in driving earlier.Because the rule list mirror image in the host memory has the managerial structure of expansion, and the operating host internal memory carries fast many of sram memory than the plate of operation network interface card, so management software can be revised the rule list mirror image rapidly.
(3) management software is implemented into the change of mirror image rule list in the hardware rule list
Which list item management software determines finally to have revised in the mirror image rule list, by driving the memory-mapped that realizes, the content of these list items is copied to the correspondence position that the network interface card plate carries sram memory.
(4) after network interface card hardware receives message, carry out rule match.
After network interface card was received message, the master control special chip extracted five-tuple information from message, carried to plate in the hash table of sram internal memory to search, to the action of the message executing rule appointment of hitting rule.
Claims (5)
1. an equipment that is used for the classification of network message high-efficiency dynamic is characterized in that: comprise software section and network interface card;
Described software section comprises that network interface card drives and the classifying rules management software;
Described network interface card comprises that network interface, special chip and plate carry internal memory.
2. method that is used for network message high-efficiency dynamic classification, it is characterized in that: step is as follows:
When A, driving loading, the rule list that is stored among the network interface card SARM is constructed an identical mirror image in host memory; The hash of rule of correspondence table table storage organization is expanded a management data structures to mirror image simultaneously;
B, when management software need be revised rule, the rule list mirror image in directly revise driving;
After C, modification finish,, amended list item is copied to the position that the network interface card plate carries the sram memory correspondence by driving the memory-mapped that realizes;
After D, network interface card received message, the master control special chip extracted five-tuple information from message, searched in the hash of network interface card sram memory table, to hitting the action that regular message executing rule is formulated.
3. as a kind of method that is used for the classification of network message high-efficiency dynamic as described in the claim 2, it is characterized in that: described special chip is the network interface card main control chip, moves all message classification processing logics.
4. as a kind of method that is used for the classification of network message high-efficiency dynamic as described in the claim 2, it is characterized in that: described plate carries internal memory can adopt the high-speed SRAM internal memory, as QDR etc.
5. as a kind of method that is used for the classification of network message high-efficiency dynamic as described in the claim 2, it is characterized in that: the management data structures of expanding in the described steps A comprises conflict anchor point and conflict queue chain.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010609020.0A CN102195868B (en) | 2010-12-17 | 2010-12-17 | Method and device for dynamically classifying network messages at high efficiency |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010609020.0A CN102195868B (en) | 2010-12-17 | 2010-12-17 | Method and device for dynamically classifying network messages at high efficiency |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102195868A true CN102195868A (en) | 2011-09-21 |
| CN102195868B CN102195868B (en) | 2015-05-20 |
Family
ID=44603279
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010609020.0A Active CN102195868B (en) | 2010-12-17 | 2010-12-17 | Method and device for dynamically classifying network messages at high efficiency |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102195868B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102497298A (en) * | 2011-12-19 | 2012-06-13 | 曙光信息产业(北京)有限公司 | Network audit equipment and method based on flow statistic network card |
| CN104008130A (en) * | 2014-04-28 | 2014-08-27 | 开网科技(北京)有限公司 | System and method for classifying network messages on basis of hybrid computation hardware |
| CN105306481A (en) * | 2015-11-12 | 2016-02-03 | 北京锐安科技有限公司 | Method for operating access control policy rule |
| CN110912714A (en) * | 2019-10-30 | 2020-03-24 | 中国船舶重工集团公司第七一六研究所 | Network message fast forwarding method based on improved network card driving software |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101150527A (en) * | 2007-11-09 | 2008-03-26 | 杭州华三通信技术有限公司 | A PCIE data transmission method, system and device |
| CN101227296A (en) * | 2007-12-27 | 2008-07-23 | 杭州华三通信技术有限公司 | Method, system for transmitting PCIE data and plate card thereof |
| CN101719692A (en) * | 2009-12-22 | 2010-06-02 | 江西省电力科学研究院 | Method for acquiring network data and analyzing network performance for digital substation |
-
2010
- 2010-12-17 CN CN201010609020.0A patent/CN102195868B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101150527A (en) * | 2007-11-09 | 2008-03-26 | 杭州华三通信技术有限公司 | A PCIE data transmission method, system and device |
| CN101227296A (en) * | 2007-12-27 | 2008-07-23 | 杭州华三通信技术有限公司 | Method, system for transmitting PCIE data and plate card thereof |
| CN101719692A (en) * | 2009-12-22 | 2010-06-02 | 江西省电力科学研究院 | Method for acquiring network data and analyzing network performance for digital substation |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102497298A (en) * | 2011-12-19 | 2012-06-13 | 曙光信息产业(北京)有限公司 | Network audit equipment and method based on flow statistic network card |
| CN102497298B (en) * | 2011-12-19 | 2015-04-01 | 曙光信息产业(北京)有限公司 | Network audit equipment and method based on flow statistic network card |
| CN104008130A (en) * | 2014-04-28 | 2014-08-27 | 开网科技(北京)有限公司 | System and method for classifying network messages on basis of hybrid computation hardware |
| CN104008130B (en) * | 2014-04-28 | 2017-07-14 | 开网科技(北京)有限公司 | A kind of network message categorizing system and method based on mixing computing hardware |
| CN105306481A (en) * | 2015-11-12 | 2016-02-03 | 北京锐安科技有限公司 | Method for operating access control policy rule |
| CN105306481B (en) * | 2015-11-12 | 2018-06-19 | 北京锐安科技有限公司 | A kind of operating method of access control policy rules |
| CN110912714A (en) * | 2019-10-30 | 2020-03-24 | 中国船舶重工集团公司第七一六研究所 | Network message fast forwarding method based on improved network card driving software |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102195868B (en) | 2015-05-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9262500B2 (en) | Memory system including key-value store | |
| CN1311363C (en) | Methods and apparatus for generating a content address to indicate data units written to a storage system proximate in time | |
| CN101669092B (en) | Managing object lifetime for native/managed peers | |
| CN100517335C (en) | Distributed file system file writing system and method | |
| CN102629941A (en) | Caching method of a virtual machine mirror image in cloud computing system | |
| CN101841473B (en) | Method and apparatus for updating MAC (Media Access Control) address table | |
| CN103918230B (en) | Synchronizing forwarding databases in a network device background | |
| US20200257732A1 (en) | Systems and methods of managing an index | |
| CN111736982B (en) | Data forwarding processing method and server of 5G data forwarding plane | |
| CN102420814A (en) | Data access method and device, and server | |
| CN108491332A (en) | A kind of real-time buffering updating method and system based on Redis | |
| CN103020255A (en) | Hierarchical storage method and hierarchical storage device | |
| CN102195868A (en) | Method and device for dynamically classifying network messages at high efficiency | |
| US10073878B1 (en) | Distributed deduplication storage system with messaging | |
| CN110597630B (en) | Method and system for processing content resources in distributed system | |
| CN102880628A (en) | Hash data storage method and device | |
| CN102708197A (en) | Multimedia file management method and device | |
| CN103546380A (en) | Message forwarding method and device based on strategy routing | |
| CN105138649A (en) | Data search method and device and terminal | |
| CN108932271A (en) | A kind of file management method and device | |
| CN102736986A (en) | Content-addressable memory and data retrieving method thereof | |
| CN102724301B (en) | Cloud database system and method and equipment for reading and writing cloud data | |
| CN202218254U (en) | Equipment for efficiently and dynamically classifying network messages | |
| Wang et al. | Scaleg: A distributed disk-based system for vertex-centric graph processing | |
| CN101256524A (en) | Method for maintaining file system caching compatibility |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20171214 Address after: 300384 Tianjin city Xiqing District Huayuan Industrial Zone (outer ring) Haitai Huake Street No. 15 1-3 Patentee after: Sugon Information Industry Co., Ltd. Address before: 100084 Beijing Haidian District City Mill Street No. 64 Patentee before: Dawning Information Industry (Beijing) Co., Ltd. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20180408 Address after: 430040 Wuhuan Road No. 666 (10), economic and Technological Development Zone, Wuhan, Hubei Province Patentee after: Dawning Network Technology Co., Ltd. Address before: 300384 Tianjin city Xiqing District Huayuan Industrial Zone (outer ring) Haitai Huake Street No. 15 1-3 Patentee before: Sugon Information Industry Co., Ltd. |
|
| TR01 | Transfer of patent right |