CN102209017A - Method and device for generating access control list - Google Patents
Method and device for generating access control list Download PDFInfo
- Publication number
- CN102209017A CN102209017A CN2010101370099A CN201010137009A CN102209017A CN 102209017 A CN102209017 A CN 102209017A CN 2010101370099 A CN2010101370099 A CN 2010101370099A CN 201010137009 A CN201010137009 A CN 201010137009A CN 102209017 A CN102209017 A CN 102209017A
- Authority
- CN
- China
- Prior art keywords
- keyword
- rule
- length
- realization
- original
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention disclose a method for generating an access control list, which comprises the following steps of: determining the length of realization keywords, wherein the length of realization keywords is the length of original keywords with utilization ratio higher than a threshold; and obtaining the original keywords, and transforming the original keywords into the realization keywords according to the determined length of the realization keywords. The invention also discloses a device for realizing an expandable ACL (Access Control List). Different from the prior art that the length of the keywords is equal to the length of the longest original keywords, the invention has the characteristics that the length of the realization keywords is reduced, and the consumption of hardware resources can be efficiently reduced. Meanwhile, the expandability of the ACL is also enhanced through transforming the original keywords into realization keywords with a determined length .
Description
Technical field
The present invention relates to communication technical field, relate in particular to the method and the device that generate Access Control List (ACL).
Background technology
ACL (Access Control List, Access Control List (ACL)) is a kind of instrument that defines stream, it is classified to message by a series of matching condition, these matching conditions can be purpose MAC (the Media Access Control of packet, media interviews control) address, source MAC, port numbers etc., what have also comprises the custom zone.ACL is applied in the route-exchanging device, is mainly used in business such as network security, QOS (Quality of Service, service quality), packet filtering.
Concerning product was used, the key length of various application requirements was different.Sometimes want the reference source MAC Address, sometimes will compare target MAC (Media Access Control) address, sometimes want reference source MAC Address and target MAC (Media Access Control) address simultaneously.To IPV4 (Internet Protocol Version 4, Internet protocol the 4th edition) message is IP (Internet Protocol relatively, Internet protocol) address, to IPV6 (InternetProtocol Version 6, the Internet protocol sixth version) message also will compare the IP address, but the length of IP address has just become 128 from 32 of IPV4.And because the ACL of custom zone can be used for expanding to unknown protocol or the support of the agreement that also is unrealized, therefore the length of the original keyword of supporting is long more flexible more, and the regular number of supporting is many more flexible more.
The hardware of ACL is realized, no matter be to use which kind of method, all costs very much the source.The keyword of supporting is long more, and is big more to resource consumption; The regular number of supporting is many more, and is also big more to resource consumption.In the product demand, original keyword major applications is relatively shorter, and small part requires long, and in order to keep extended capability, the longer the better to require original keyword.Hardware is in order to satisfy product demand, normally the longest original keyword is followed and realize the keyword equivalence, make the length of the realization keyword of supporting in the existing scheme just equal the length of the longest original keyword, realize that keyword be the territory of actual support in hard-wired coupling.
The inventor finds that there is following deficiency in above-mentioned prior art in realizing process of the present invention:
The length of the realization keyword of supporting in the existing scheme equals the length of the longest original keyword, causes realizing that keyword is longer, has consumed a large amount of hardware resources.If realize with register, area is very big, and therefore the regular number of supporting is limited; If realize that with CAM (Content Addressable Memory, Content Addressable Memory) can support more rule, but CAM costs an arm and a leg, area and power consumption are all bigger.And the length of the realization keyword of supporting in the existing scheme is fixed as the length of the longest original keyword, in case determine just can not change, can not support that then autgmentability is bad if occur longer keyword again.
Summary of the invention
The embodiment of the invention provides a kind of method that generates Access Control List (ACL), in order to the consumption of effective minimizing hardware resource, strengthens the extensibility of ACL, and this method comprises:
Determine to realize the length of keyword, the length of described realization keyword is the length that utilization rate is higher than the original keyword of threshold value;
Obtain original keyword, the length by described definite realization keyword is converted to the realization keyword with described original keyword.
The embodiment of the invention also provides a kind of device that generates Access Control List (ACL), in order to the consumption of effective minimizing hardware resource, strengthens the extensibility of ACL, and this device comprises:
Determination module is used for definite length that realizes keyword, and the length of described realization keyword is the length that utilization rate is higher than the original keyword of threshold value;
Modular converter is used to obtain original keyword, and the length by described definite realization keyword is converted to the realization keyword with described original keyword.
In the embodiment of the invention, determine to realize the length of keyword, the length of this realization keyword is the length that utilization rate is higher than the original keyword of threshold value; Be different from the length that will realize keyword in the prior art and be equal to the length of long original keyword, can reduce to realize the length of keyword, thereby effectively reduce the consumption of hardware resource; By obtaining original keyword, the length by described definite realization keyword is converted to the realization keyword with original keyword, can handle the original keyword of different length flexibly, thereby strengthen the extensibility of ACL.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art, to do to introduce simply to the accompanying drawing of required use in embodiment or the description of the Prior Art below, apparently, accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.In the accompanying drawings:
Fig. 1 is the method flow diagram that generates Access Control List (ACL) in the embodiment of the invention;
The flow chart that Fig. 2 conducts interviews and controls for the realization keyword that obtains with conversion in the embodiment of the invention;
Fig. 3 is the structural representation that generates the device of Access Control List (ACL) in the embodiment of the invention;
Fig. 4 is the structural representation of the instantiation of the device of generation Access Control List (ACL) in the embodiment of the invention;
Fig. 5 is the structural representation of the instantiation of the device of generation Access Control List (ACL) in the embodiment of the invention.
Embodiment
For the purpose, technical scheme and the advantage that make the embodiment of the invention is clearer, the embodiment of the invention is described in further details below in conjunction with accompanying drawing.At this, illustrative examples of the present invention and explanation thereof are used to explain the present invention, but not as a limitation of the invention.
As shown in Figure 1, in the embodiment of the invention, the method flow that generates Access Control List (ACL) can comprise:
Can learn by flow process shown in Figure 1, in the embodiment of the invention, determine to realize the length of keyword, realize that the length of keyword is the length that utilization rate is higher than the original keyword of threshold value; Be different from the length that will realize keyword in the prior art and be equal to the length of long original keyword, can reduce to realize the length of keyword, thereby effectively reduce the consumption of hardware resource; By obtaining original keyword, the length by the realization keyword of determining is converted to the realization keyword with original keyword, can handle the original keyword of different length flexibly, has strengthened the extensibility of ACL.
During concrete enforcement, the original keyword in the flow process shown in Figure 1 can be an arbitrary fields related when acl rule is handled, and can comprise: custom zone and/or fixed field.Wherein, the custom zone is configurable byte offset, and fixed field can comprise source MAC, source IP address etc.Original keyword is meant needs the keyword that mates in the practical application; Realize that keyword is meant the keyword that is actually used in coupling.The length that in the step 101 utilization rate is higher than the original keyword of threshold value is defined as realizing the length of keyword, in product is used, the length of the most frequently used original keyword can be defined as realizing the length of keyword.
During implementation step 102, after obtaining original keyword, by the length of the realization keyword of determining, original keyword is converted to the realization keyword can numerous embodiments, for example:
If the length of original keyword greater than the length of the realization keyword of determining, then is converted to the realization keyword by splitting with original keyword; That is, can split into a plurality of moderate length to the long original keyword of length but the realization keyword shorter than original keyword;
If the length of the realization keyword that the length of original keyword equals to determine then is defined as realizing keyword with original keyword; That is,, then do not need to tear open, directly as realizing keyword if original key length is moderate;
If the length of original keyword is then merged into the realization keyword with a plurality of original keywords, or by mask original keyword is converted to the realization keyword less than the length of the realization keyword of determining; That is,, then can merge into one to several short original keywords and realize keyword if original key length is shorter; Also can not split, directly as realizing keyword, insufficient section thinks that coupling gets final product.Insufficient section thinks that the method for coupling can realize by mask herein, can certainly realize by other method, thereby the original keyword that a plurality of length are short is combined into moderate length but than the realization keyword of original crucial word length.
By above-mentioned conversion, can under situation about satisfying the demands, provide higher flexibility, and save hardware table item space and resource requirement original keyword.Can also be between original keyword and the realization keyword by merging or split, conversion mutually.
Among the embodiment, the length that determine to realize keyword in step 101 is: after utilization rate is higher than the length of original keyword of threshold value, step 102 can also be embodied as:, determine to realize the number of keyword according to the length that realizes keyword, the length and the reserved resource of original keyword; Length and number by the realization keyword of determining are converted to the realization keyword with original keyword.
Among the embodiment, after original keyword being converted to the realization keyword, control can also conduct interviews with the realization keyword that conversion obtains.During concrete enforcement, can also determine the regular number of supporting according to default regular number and reserved resource; Then follow-up can be by the regular number of determining, with the control that conducts interviews of the realization keyword of conversion acquisition.The embodiment of the invention is satisfying under the prerequisite of product demand, can reduce the length that realizes keyword, hardware resource consumption is significantly reduced, thereby can realize more rule.
In the enforcement, default regular number can for example can be the regular number that the product normal use need be supported according to the actual conditions setting.Reserved resource can be according to the actual conditions setting, for example can be the resource that can accept of hardware etc.
During concrete enforcement, can before the realization keyword that obtains with conversion conducts interviews control, carry out following configuration, link to each other arbitrarily with implementation rule to rule:
Current rule is configured to the final jump of rule, or the rule of the final jump that links to each other with current rule is configured;
If there are a plurality of rules to link to each other, then dispose the rule of rule sensing final jump the preceding;
The matching result that each is regular is preset as coupling, disposes each rule after mating, and matching result is reflected in next jumping or the final jump of rule.
Lift a routine implementation rule and link to each other arbitrarily, as shown in the table, can carry out following configuration to rule:
In the enforcement,, realized naturally that then keyword links to each other arbitrarily if realized regular any linking to each other; But realized that keyword links to each other arbitrarily, might not link to each other arbitrarily by implementation rule.Such as, in the last table, if realized keyword 0 and realized that keyword 1 links to each other arbitrarily, then need rule 0 to link to each other with rule 4, rule 1 links to each other with rule 5, and rule 2 links to each other with rule 6, and rule 3 links to each other with rule 7, and rule is linked to each other arbitrarily; And link to each other when rule is any, linking to each other with rule 5 as rule 0, rule 1 links to each other with regular 6, and rule 2 links to each other with rule 7, when rule 3 links to each other with rule 4, can make realization keyword 0 and realize that keyword 1 links to each other arbitrarily.
During concrete enforcement, the aforementioned realization keyword that obtains with conversion conducts interviews to control to have can multiple implementation, for example:
Selection is mated and is the rule of the rule of final jump as coupling;
Or, select the rule that the list item position is positioned at last or assigned address in the final jump rule of all couplings, as the rule of coupling, promptly can realize the positional priority coupling;
Or the priority of the final jump rule of each coupling relatively selects priority maximum or minimum or be the rule of assigned priority, as the rule of coupling, can realize that promptly configurable priority mates.
Act one is for example shown in Figure 2, conducts interviews with the realization keyword of changing acquisition and controls and can comprise:
Step 201, strictly all rules is reset to coupling;
Embodiment to sum up, software can be converted into the realization keyword with original keyword according to practical application, and the realization keyword and the rule of configure hardware realize product demand.
Lift the realization of instantiation explanation embodiment of the invention method below:
In this example, suppose that product demand is to need coupling source MAC, purpose MAC, source IP and purpose IP, VLAN (Virtual Local Area Network, VLAN) ID, IP protocol fields, custom zone.Wherein source MAC, purpose MAC length are respectively 6Byte, and source IP and purpose IP are respectively 4Byte, and VLAN ID is 2Byte, and the IP protocol fields is 1Byte.And, sometimes need to mate simultaneously all territories.The custom zone mainly is the support to unknown protocol, comprises the support to IPV6, and the longer the better for the key length that hope can be supported.
To this demand, at first according to the demand of product, determine to realize the length and the number of keyword in this example.As mentioned above, realize that keyword is long more, product is used flexible more.But in the practical application, general length that needs to compare 4 Byte gets final product: the only relatively lower 4Byte of source/target MAC (Media Access Control) address, and source/purpose IP also compares 4 Byte, and the minority application need is their combination relatively, and length is uncertain.Therefore, in this example the length of the most frequently used original keyword is defined as realizing the length of keyword, the length that promptly realizes keyword is 4.All original key length summations are 23, add the original keyword in custom zone of uncertain length, and then all realize that the total length of keyword need be greater than 32.Because realize that key length is 4, required resource is fewer, so can support more realization keyword, is defined as 32 in this example.
Next determine the regular number of support.According to the resource that the regular number and the hardware of the support of product normal use needs can be accepted, determine the regular number of supporting.Because realize in this example that the length of keyword is 4, need resource less, so can support more regular number, realize keyword as each, support 8 rules, then can support 256 rules altogether.
Follow-up then the extraction realized keyword, supports 32 to realize keyword altogether, and each realizes 8 rules of keyword support.With realizing that keyword and rule compare, and realize rule-based continuous coupling.Concrete can carry out following configuration to rule earlier:
Current rule is configured to the final jump of rule, or the rule of the final jump that links to each other with current rule is configured;
If there are a plurality of rules to link to each other, then dispose the rule of rule sensing final jump the preceding;
The matching result that each is regular is preset as coupling, disposes each rule after mating, and matching result is reflected in next jumping or the final jump of rule.
After the configuration rule, the control that can conduct interviews with the realization keyword that conversion obtains, can select in this example to mate and for the rule of final jump as the rule of mating, also can realize coupling with priority:
If positional priority coupling, then can select list item position in the final jump rule of all couplings to be positioned at the rule of last or assigned address, as the rule of coupling;
If can join priority coupling, then can compare the priority of the final jump rule of each coupling, select priority maximum or minimum or be the rule of assigned priority, as the rule of mating.
Software is converted into the realization keyword to original keyword again according to practical application, and the realization keyword and the rule of configure hardware realize product demand.As needing reference source MAC Address and target MAC (Media Access Control) address simultaneously, then original keyword is 12Byte, need be converted into 3 and realize keyword.If realize the coupling of the 128 potential source IP addresses of IPV6, then need to be converted into 4 and realize that keyword is configured realization keyword and rule.
One of ordinary skill in the art will appreciate that all or part of step that realizes in the foregoing description method is to instruct relevant hardware to finish by program, described program can be stored in the computer read/write memory medium, this program is when carrying out, can comprise all or part of step in the foregoing description method, described storage medium can comprise: ROM, RAM, disk, CD etc.
Also provide a kind of device that generates Access Control List (ACL) in the embodiment of the invention, as described in the following examples.Because the principle of this device solves problem is similar to the method that generates Access Control List (ACL), so the enforcement of this device can repeat part and repeat no more referring to the enforcement of method.
The embodiment of the invention provides a kind of device that generates Access Control List (ACL), and its structure can comprise as shown in Figure 3:
Among the embodiment, described original keyword comprises: custom zone and/or fixed field.
Among the embodiment, modular converter 302 specifically can be used for:
If the length of original keyword greater than the length of the realization keyword of determining, then is converted to the realization keyword by splitting with original keyword;
If the length of the realization keyword that the length of original keyword equals to determine then is defined as realizing keyword with original keyword;
If the length of original keyword is then merged into the realization keyword with a plurality of original keywords, or by mask original keyword is converted to the realization keyword less than the length of the realization keyword of determining.
As shown in Figure 4, among the embodiment, the device of generation Access Control List (ACL) shown in Figure 3 can also comprise:
As shown in Figure 5, among the embodiment, the device of generation Access Control List (ACL) shown in Figure 4 can also comprise:
Current rule is configured to the final jump of rule, or the rule of the final jump that links to each other with current rule is configured;
If there are a plurality of rules to link to each other, then dispose the rule of rule sensing final jump the preceding;
The matching result that each is regular is preset as coupling, disposes each rule after mating, and matching result is reflected in next jumping or the final jump of rule.
Among the embodiment, described access control module 401 specifically can be used for:
Selection is mated and is the rule of the rule of final jump as coupling;
Or, select list item position in the final jump rule of all couplings to be positioned at the rule of last or assigned address, as the rule of coupling;
Or the priority of the final jump rule of each coupling relatively selects priority maximum or minimum or be the rule of assigned priority, as the rule of mating.
Among the embodiment, described modular converter 302 specifically can be used for:
According to the length that realizes keyword, the length and the reserved resource of original keyword, determine to realize the number of keyword;
Length and number by described definite realization keyword are converted to the realization keyword with original keyword.
Among the embodiment, described access control module 401 specifically can be used for:
According to default regular number and reserved resource, determine the regular number of supporting;
By described definite regular number, with the control that conducts interviews of the realization keyword of conversion acquisition.
In sum, in the embodiment of the invention, determine to realize the length of keyword, realize that the length of keyword is the length that utilization rate is higher than the original keyword of threshold value; Be different from the length that will realize keyword in the prior art and be equal to the length of long original keyword, can reduce to realize the length of keyword, thereby effectively reduce the consumption of hardware resource; By obtaining original keyword, the length by the realization keyword of determining is converted to the realization keyword with original keyword, can handle the original keyword of different length flexibly, thereby strengthen the extensibility of ACL.
Above-described specific embodiment; purpose of the present invention, technical scheme and beneficial effect are further described; institute is understood that; the above only is specific embodiments of the invention; and be not intended to limit the scope of the invention; within the spirit and principles in the present invention all, any modification of being made, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (14)
1. a method that generates Access Control List (ACL) is characterized in that, this method comprises:
Determine to realize the length of keyword, the length of described realization keyword is the length that utilization rate is higher than the original keyword of threshold value;
Obtain original keyword, the length by described definite realization keyword is converted to the realization keyword with described original keyword.
2. the method for claim 1 is characterized in that, the length by described definite realization keyword is converted to the realization keyword with described original keyword, comprising:
If the length of described original keyword then is converted to the realization keyword by splitting with described original keyword greater than the length of described definite realization keyword; Or
If the length of described original keyword equals the length of described definite realization keyword, then described original keyword is defined as realizing keyword; Or
If the length of described original keyword is less than the length of described definite realization keyword, then by merging or mask is converted to the realization keyword with described original keyword.
3. method as claimed in claim 1 or 2 is characterized in that, also comprises:
The realization keyword that obtains with the conversion control that conducts interviews.
4. method as claimed in claim 3 is characterized in that, the realization keyword that obtains with conversion conducts interviews before the control, comprises rule is carried out following configuration:
Current rule is configured to the final jump of rule, or the rule of the final jump that links to each other with current rule is configured;
If there are a plurality of rules to link to each other, then dispose the rule of rule sensing final jump the preceding;
The matching result that each is regular is preset as coupling, disposes each rule after mating, and matching result is reflected in next jumping or the final jump of rule.
5. method as claimed in claim 4 is characterized in that, the realization keyword that obtains with the conversion control that conducts interviews comprises:
Selection is mated and is the rule of the rule of final jump as coupling;
Or, select list item position in the final jump rule of all couplings to be positioned at the rule of last or assigned address, as the rule of coupling;
Or the priority of the final jump rule of each coupling relatively selects priority maximum or minimum or be the rule of assigned priority, as the rule of mating.
6. method as claimed in claim 3 is characterized in that, the length by described definite realization keyword is converted to the realization keyword with described original keyword, comprising:
According to the length that realizes keyword, the length and the reserved resource of original keyword, determine to realize the number of keyword;
Length and number by described definite realization keyword are converted to the realization keyword with described original keyword.
7. method as claimed in claim 3 is characterized in that, the realization keyword that obtains with the conversion control that conducts interviews comprises:
According to default regular number and reserved resource, determine the regular number of supporting;
By described definite regular number, with the control that conducts interviews of the realization keyword of conversion acquisition.
8. a device that generates Access Control List (ACL) is characterized in that, this device comprises:
Determination module is used for definite length that realizes keyword, and the length of described realization keyword is the length that utilization rate is higher than the original keyword of threshold value;
Modular converter is used to obtain original keyword, and the length by described definite realization keyword is converted to the realization keyword with described original keyword.
9. device as claimed in claim 8 is characterized in that, described modular converter specifically is used for:
If the length of described original keyword then is converted to the realization keyword by splitting with described original keyword greater than the length of described definite realization keyword; Or
If the length of described original keyword equals the length of described definite realization keyword, then described original keyword is defined as realizing keyword; Or
If the length of described original keyword is less than the length of described definite realization keyword, then by merging or mask is converted to the realization keyword with described original keyword.
10. install as claimed in claim 8 or 9, it is characterized in that, also comprise:
Access control module is used for the realization keyword that conversion the obtains control that conducts interviews.
11. device as claimed in claim 10 is characterized in that, also comprises:
Configuration module is used for before the realization keyword that described access control module obtains with conversion conducts interviews control rule being carried out following configuration:
Current rule is configured to the final jump of rule, or the rule of the final jump that links to each other with current rule is configured;
If there are a plurality of rules to link to each other, then dispose the rule of rule sensing final jump the preceding;
The matching result that each is regular is preset as coupling, disposes each rule after mating, and matching result is reflected in next jumping or the final jump of rule.
12. device as claimed in claim 11 is characterized in that, described access control module specifically is used for:
Selection is mated and is the rule of the rule of final jump as coupling;
Or, select list item position in the final jump rule of all couplings to be positioned at the rule of last or assigned address, as the rule of coupling;
Or the priority of the final jump rule of each coupling relatively selects priority maximum or minimum or be the rule of assigned priority, as the rule of mating.
13. device as claimed in claim 10 is characterized in that, described modular converter specifically is used for:
According to the length that realizes keyword, the length and the reserved resource of original keyword, determine to realize the number of keyword;
Length and number by described definite realization keyword are converted to the realization keyword with described original keyword.
14. device as claimed in claim 10 is characterized in that, described access control module specifically is used for:
According to default regular number and reserved resource, determine the regular number of supporting;
By described definite regular number, with the control that conducts interviews of the realization keyword of conversion acquisition.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010137009.9A CN102209017B (en) | 2010-03-29 | 2010-03-29 | Method and device for generating access control list |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010137009.9A CN102209017B (en) | 2010-03-29 | 2010-03-29 | Method and device for generating access control list |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102209017A true CN102209017A (en) | 2011-10-05 |
| CN102209017B CN102209017B (en) | 2014-09-03 |
Family
ID=44697687
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010137009.9A Active CN102209017B (en) | 2010-03-29 | 2010-03-29 | Method and device for generating access control list |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102209017B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108234455A (en) * | 2017-12-14 | 2018-06-29 | 北京东土科技股份有限公司 | A kind of message transmission control method, device, computer installation and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101364947A (en) * | 2008-09-08 | 2009-02-11 | 中兴通讯股份有限公司 | Rule matching method and system for control list access |
| CN101411136A (en) * | 2006-04-03 | 2009-04-15 | 极进网络股份有限公司 | Method of performing table lookup operation with table index that exceeds CAM key size |
| CN101667964A (en) * | 2009-09-18 | 2010-03-10 | 中兴通讯股份有限公司 | Collocation method and device of access control list (ACL) regulations |
-
2010
- 2010-03-29 CN CN201010137009.9A patent/CN102209017B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101411136A (en) * | 2006-04-03 | 2009-04-15 | 极进网络股份有限公司 | Method of performing table lookup operation with table index that exceeds CAM key size |
| CN101364947A (en) * | 2008-09-08 | 2009-02-11 | 中兴通讯股份有限公司 | Rule matching method and system for control list access |
| CN101667964A (en) * | 2009-09-18 | 2010-03-10 | 中兴通讯股份有限公司 | Collocation method and device of access control list (ACL) regulations |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108234455A (en) * | 2017-12-14 | 2018-06-29 | 北京东土科技股份有限公司 | A kind of message transmission control method, device, computer installation and storage medium |
| CN108234455B (en) * | 2017-12-14 | 2021-03-19 | 北京东土科技股份有限公司 | Message forwarding control method and device, computer device and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102209017B (en) | 2014-09-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9369375B2 (en) | Link-layer level link aggregation autoconfiguration | |
| US20110289517A1 (en) | Simple and dynamic configuration of network devices | |
| US20180241624A1 (en) | Virtual dedicated network and rule table generation method and apparatus, and routing method | |
| US8296774B2 (en) | Service-based endpoint discovery for client-side load balancing | |
| US8990492B1 (en) | Increasing capacity in router forwarding tables | |
| EP2332044A2 (en) | Directing data units to a core supporting tasks | |
| CN104168222A (en) | Message transmission method and device | |
| US9026704B2 (en) | Priority based connection arbitration in a SAS topology to facilitate quality of service (QoS) in SAS transport | |
| US20150381473A1 (en) | Communication device and multi-hop network | |
| US9807206B2 (en) | Aggregating physical network interfaces for peer-to-peer connections | |
| US8873527B2 (en) | System and method for managing routers and communication interfaces on a computing device | |
| EP3703342B1 (en) | Dynamic load balancing in network centric process control systems | |
| CN101599907B (en) | Method and system for forwarding flow | |
| CN102209017B (en) | Method and device for generating access control list | |
| Park et al. | An efficient dynamic integration middleware for cyber-physical systems in mobile environments | |
| Yi et al. | Optimised approach for VNF embedding in NFV | |
| CN106897137B (en) | Physical machine and virtual machine mapping conversion method based on virtual machine live migration | |
| US11005782B2 (en) | Multi-endpoint adapter/multi-processor packet routing system | |
| WO2019160164A1 (en) | Search device, search method, and search program | |
| CN102104602A (en) | Network resource accessing method and device | |
| US7624141B2 (en) | Deterministic rule-based dispatch of objects to code | |
| CN104486252A (en) | Method and device for thin clients to have access to standard clients | |
| US11223557B1 (en) | Multicast traffic disruption prevention system | |
| US11706293B1 (en) | Buffer profile assignment management based on peer network device data | |
| US20220321398A1 (en) | Aggregated networking device failover system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |