CN102377581A - Implementation method of multi-field flow classification pipeline - Google Patents
Implementation method of multi-field flow classification pipeline Download PDFInfo
- Publication number
- CN102377581A CN102377581A CN2010102482119A CN201010248211A CN102377581A CN 102377581 A CN102377581 A CN 102377581A CN 2010102482119 A CN2010102482119 A CN 2010102482119A CN 201010248211 A CN201010248211 A CN 201010248211A CN 102377581 A CN102377581 A CN 102377581A
- Authority
- CN
- China
- Prior art keywords
- territory
- search
- rule
- bits
- implementation method
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses an implementation method of a multi-field flow classification pipeline, which comprises the following steps: (1) receiving data packets, and then extracting information fields of the data packets; (2) establishing a plurality of search templates, wherein each search template has a multi-bit-field selector, a search field mask code and a combined mark; (3) selecting a search field having a 160-bit width through one search template established in the step (2) in a pipeline mode, wherein the search field is filtered by the mask code; (4) adding the search field in the step (3) to a serial number of the search template to obtain a new search field, and carrying out hash operation based on the new search field to check an RULE rule table so as to match an RULE behavior table; and (5) judging the ultimate rule behavior in accordance with the matching result. The method has the advantages of less power consumption, low cost and high processing bandwidth; and the RULE rule can be widened flexibly.
Description
Technical field
The invention belongs to computer network QoS (service quality) field, relate in particular to a kind of implementation method of multi-area stream classifying streamline.
Background technology
The QoS full name is " Quality of Service ", Chinese " service quality " by name.QoS is a kind of security mechanism of network, is with a kind of technology that solves problems such as network delay and obstruction.Traffic classification adopts certain rule identifier to close the message of certain category feature, and it is prerequisite and the basis of serving discretely.
As shown in Figure 1, the basic principle of traffic classification is exactly that a plurality of territories in the packet are gone to mate in the rule base according to sorting parameter and search engine.Just can reach the purpose of traffic classification through this coupling, this also is prerequisite and the basis of serving distinctively.Hardware commonly used is at present realized Ternary CAM.Ternary CAM (being called for short T-CAM, is a hardware device, and it can play and the complete the same function of associated memory) has the fastest classification time, but price comparison is high, and power consumption is big, only is fit to little rule base.
Summary of the invention
The technical problem that the present invention will solve provides a kind of implementation method of multi-area stream classifying streamline; With SRAM (SRAM is the abbreviation of English Static RAM, and it is a kind of internal memory with static access facility, does not need refresh circuit can preserve the data of its storage inside) replacement Ternary CAM; This method power consumption is little; Cost is low, and processing bandwidth is high, and the RULE rule can enlarge flexibly.
For solving the problems of the technologies described above, the implementation method of a kind of multi-area stream classifying streamline of the present invention comprises the steps:
(1) receives the extraction in the laggard line data package informatin of packet territory;
(2) set up a plurality of search patterns, this search pattern has many bit field selector, searches territory mask and combined mark;
(3) search pattern that adopts pipeline system to set up through step (2) is selected the territory of searching of 160 bit widths, and this is searched the territory and filters through mask;
(4) with step (3) search the close sequence number of search pattern of territory, obtain one and newly search the territory, newly search the territory with this and carry out Hash operation and remove to look into the RULE rule list, and then remove to mate RULE behavior table;
(5), judge final regular behavior according to matching result.
In step (1), said packet information territory comprises the IP head, VLAN and MAC Address; The said extraction of carrying out the packet information territory is specially: the packet to receiving is resolved, and obtains the form of this packet, thereby can obtain this packet information territory.
In step (1), search based on multidimensional and to convert the algorithm that one dimension is searched into, couple together each packet information territory of stream classification checking and form one and search the territory, this width of searching the territory is 160 bits.
In step (2), said many bit field selector is used to select the packet information territory of being correlated with; Saidly search the bit that the territory mask is used to remove regular unconcerned packet information territory; Said combined mark is used for representing that whether uniting next search pattern does search.
Step (3) is specially: adopt pipeline system to divide 4 clocks to select the territory of searching of 160 bits; The domain of dependence of first clock selecting from 24 bits to 19 bits; The domain of dependence of second clock selecting from 18 bits to 13 bits, the domain of dependence of the 3rd clock selecting from 12 bits to 7 bits, the domain of dependence of the 4th clock selecting from 6 bits to 1 bit; Each original position of filling that all writes down, searching the territory initial value is 0.
In step (3), the said territory of searching filter to be adopted through mask and is searched the territory and search the territory mask and do the method for logical AND and filter.
In step (4), the amount of bits of the sequence number of said search pattern decides according to the quantity of search pattern.
In step (4), if the combined mark of this search pattern is effective, so just keep the result of the Hash operation of this search pattern, iteration is gone into the Hash operation of next search pattern, obtains the result and removes to look into the RULE rule list, and then remove to mate RULE behavior table.
In step (5),, go to judge final regular behavior according to the priority of every rule so owing to there are a plurality of search patterns can hit many rules.
In step (5), judge that final regular behavior is concrete to adopt following method: every rule all disposes priority, just therefore judges according to the priority of every rule just, from high in the end; If priority is identical, just, judge from big to small according to the sequence number size of search pattern.
Beneficial effect of the present invention is: technical scheme of the present invention has been described the implementation method of multi-area stream classifying streamline; This method hardware is realized simple; Only need a similar Ternary CAM of clock (with SRAM replacement Ternary CAM) search time, power consumption is little, and cost is low; Processing bandwidth is high, and the RULE rule can enlarge flexibly.
Description of drawings
Fig. 1 is a traffic classification algorithm basic principle sketch map;
Fig. 2 is a traffic classification schematic flow sheet of the present invention;
Fig. 3 is that a kind of streamline realizes searching the sketch map in territory in the inventive method;
Fig. 4 is that another kind of streamline realizes searching the sketch map in territory in the inventive method;
Fig. 5 is a rule search and comparison sketch map among the present invention.
Embodiment
As shown in Figure 2, the implementation method of a kind of multi-area stream classifying streamline of the present invention specifically comprises the steps:
1. receive packet and begin traffic classification;
2. carry out the extraction (like IP head, VLAN, MAC Address or the like) in packet information territory to receiving bag; VLAN (Virtual Local Area Network) claim VLAN again, is meant on the basis of switched LAN, adopts the crossed over different segment of network management software structure, the logical network end to end of heterogeneous networks; MAC Address (Media Access Control address) or be called MAC address is used for defining the position of network equipment; Search based on multidimensional and to convert the algorithm that one dimension is searched into, promptly couple together each packet information territory of stream classification checking and form one and search territory (width 160 bits);
3. streamline realizes that search the territory removes the matched rule table: set up a plurality of search patterns, this search pattern has many bit field selector (be used to select be correlated with packet information territory), searches territory mask (being used to remove the bit in regular unconcerned packet information territory) and combined mark (be used for representing whether unite next search pattern and do search); Because many bit field selector is realized relatively difficulty in a clock, therefore adopt pipeline system to realize, promptly each clock is realized the selection in 6 kinds of territories; Can obtain a territory of searching that 160 bit widths are arranged through search pattern, and be to filter through mask;
4. rule search and comparison: search the close sequence number of search pattern of territory with this, obtain and newly search the territory.Newly searching the territory with this carries out hash algorithm and removes to look into RULE rule list (rule in this RULE rule list will compare with search pattern); And then remove to mate RULE behavior table (this RULE behavior table is to hit behind the RULE rule list behavior that need do packet), obtain final regular behavior.Hash algorithm is mapped as the less binary value of regular length with the binary value of random length, and this little binary value is called cryptographic hash.Hash table is according to the hash function H (key) that sets and handles collision method with on a set of keyword map to the limited address section; And with keyword resembling in address section as the memory location that is recorded in the table; This table is called Hash table or hash, and the gained memory location is called Hash address or hash address.Compare with formation etc. with form as linear data structure, it is more a kind of than faster that Hash table is undoubtedly seek rate.The RULE rule list is a Hash table.
Search for IP five-tuple (typically referring to by source IP address source port, purpose IP address, the set that numbers these five amounts of destination interface and transport layer protocol are formed) that (IPv6 is the upgraded edition of Internet protocol the 4th edition (IPv4) owing to IPV6 in addition; It is chosen at the IPng of IETF and is called the Internet IP next generation (IPng) when winning in the process at first; IPv6 is by formal widely used second edition Internet protocol); Therefore surpassed 160 bits, united with two search patterns and carry out hash algorithm and obtain the RULE rule.
Provide the embodiment of the present invention in the IPDSLAM-10G chip below, specifically comprise the steps:
1. receive packet and begin traffic classification;
2. the packet that receives is carried out the extraction (like IP head, VLAN, MAC Address or the like) in packet information territory.Packet to receiving is resolved, and obtains the form of this packet, thereby can obtain this packet information territory.Search the algorithm that converts one dimension into and search (multidimensional of promptly searching for a plurality of information fields is respectively searched the one dimension that algorithm converts a synthetic information field removal search into and searched algorithm) based on multidimensional, promptly couple together each packet information territory of stream classification checking and form one and search territory (width 160 bits).
3. set up 8 search patterns, this search pattern have 24 bits territory selector (be used to select be correlated with packet information territory), 160 bits search territory mask (being used to remove the bit in regular unconcerned packet information territory) and combined mark (be used for expression whether unite next search pattern do search).
Searching the territory initial value is 0 (seeing that the territory initial condition of searching among Fig. 3 and Fig. 4 is PAD ZERO).The territory of searching of adopting pipeline system to divide 4 clocks to select 160 bits, the domain of dependence (for example, the domain of dependence of first clock selecting 24 bits, 23 bits, 19 bits of first clock selecting from 24 bits to 19 bits; Be field24, field23, field19, see Fig. 3 and Fig. 4), the domain of dependence of second clock selecting from 18 bits to 13 bits is (for example; The domain of dependence of second clock selecting 18 bit, 13 bits, promptly field18, field13 see Fig. 3 and Fig. 4); The 3rd clock can be selected the domain of dependence (for example, the domain of dependence of the 3rd clock selecting 12 bit, 11 bits, i.e. field12, the field11 from 12 bits to 7 bits; See Fig. 3 and Fig. 4), the 4th clock can select the domain of dependence from 6 bits to 1 bit (for example, as shown in Figure 3; The domain of dependence of the 4th clock selecting 1 bit, i.e. field1; As shown in Figure 4, the domain of dependence of the 4th clock selecting 2 bits, i.e. field2), all write down the original position of filling at every turn.The selection principle of territory selector is the preferential selection of higher bit, is placed into a high position of searching the territory.If searching of 160 bits just do not recharged after the territory is filled.If search the part that domain space can only hold certain information field; So just reject the remainder of this information field (as shown in Figure 4; The domain of dependence (field2) higher bit of the 4th clock selecting 2 bits is filled; This searches the part that domain space can only hold the domain of dependence (field2) of this 2 bit, so just rejects the remainder of the domain of dependence of this 2 bit (field2)).If it is discontented to select relevant domain of information to fill out, then searches the territory subsequent bits and keep 0 (PAD ZERO) constant.In order to reduce the logic of territory selector, the territory selector of 24 bits is arranged according to the size of selected data package informatin field width degree from small to large simultaneously.
4. as shown in Figure 5; Rule search and comparison: search territory and territory mask (promptly searching the territory mask) with this and do logical AND (AND) (i.e. this search the territory filter) through searching the territory mask; Closing, (sequence number of how many bits of the search pattern that closes here is according to the decision of how many search patterns is arranged for the sequence number of 3 bits of search pattern again; What 8 search patterns were corresponding is exactly the sequence number of 3 bits, and what 16 search patterns were corresponding is exactly the sequence number of 4 bits, and what 32 search patterns were corresponding is exactly the sequence number of 5 bits; Therefore how many bit sequence number of closing should decide according to the quantity of search pattern), what obtain one 163 bit newly searches the territory.Newly searching the territory with this carries out Hash operation and removes to look into RULE TABLE (RULE rule list); Whether the rule of newly searching in territory and the RULE rule list matees; As in the RULE rule list matching rules being arranged, again and then remove to mate RULE behavior table (this RULE behavior table is to hit behind the RULE rule list behavior that need do packet).If the combined mark of this search pattern is effective, so just keep the result of the Hash operation of this search pattern, iteration is gone into the Hash operation of next search pattern, obtains the result and removes to look into the RULE rule list, and then remove to mate RULE behavior table.
5. owing to there are 8 templates can hit 8 RULE (rule) at most, go to judge final regular behavior according to the priority of every RULE (rule) so.Every RULE disposes priority, and therefore judgement just according to the priority height of every rule, from high in the end, is for example hit 8 RULE, selects the behavior of the highest RULE of its medium priority correspondence in RULE behavior table, promptly obtains final regular behavior.If priority is identical, just, judge from big to small according to the sequence number size of search pattern.For example, there is the priority of 2 RULE the highest and priority is identical among 8 RULE, then selects that big RULE of the sequence number of search pattern of this 2 RULE corresponding behavior in RULE behavior table, promptly obtain final regular behavior.
Claims (10)
1. the implementation method of a multi-area stream classifying streamline is characterized in that, comprises the steps:
(1) receives the extraction in the laggard line data package informatin of packet territory;
(2) set up a plurality of search patterns, this search pattern has many bit field selector, searches territory mask and combined mark;
(3) search pattern that adopts pipeline system to set up through step (2) is selected the territory of searching of 160 bit widths, and this is searched the territory and filters through mask;
(4) with step (3) search the close sequence number of search pattern of territory, obtain one and newly search the territory, newly search the territory with this and carry out Hash operation and remove to look into the RULE rule list, and then remove to mate RULE behavior table;
(5), judge final regular behavior according to matching result.
2. the implementation method of multi-area stream classifying streamline as claimed in claim 1 is characterized in that, in step (1), said packet information territory comprises the IP head, VLAN and MAC Address; The said extraction of carrying out the packet information territory is specially: the packet to receiving is resolved, and obtains the form of this packet, thereby can obtain this packet information territory.
3. according to claim 1 or claim 2 the implementation method of multi-area stream classifying streamline; It is characterized in that; In step (1); Search based on multidimensional and to convert the algorithm that one dimension is searched into, couple together each packet information territory of stream classification checking and form one and search the territory, this width of searching the territory is 160 bits.
4. the implementation method of multi-area stream classifying streamline as claimed in claim 1 is characterized in that, in step (2), said many bit field selector is used to select the packet information territory of being correlated with; Saidly search the bit that the territory mask is used to remove regular unconcerned packet information territory; Said combined mark is used for representing that whether uniting next search pattern does search.
5. the implementation method of multi-area stream classifying streamline as claimed in claim 1; It is characterized in that; Step (3) is specially: the territory of searching of adopting pipeline system to divide 4 clocks to select 160 bits, the domain of dependence of first clock selecting from 24 bits to 19 bits, the domain of dependence of second clock selecting from 18 bits to 13 bits; The domain of dependence of the 3rd clock selecting from 12 bits to 7 bits; The domain of dependence of the 4th clock selecting from 6 bits to 1 bit all writes down the original position of filling at every turn, and searching the territory initial value is 0.
6. the implementation method of multi-area stream classifying streamline as claimed in claim 1 is characterized in that, in step (3), the said territory of searching filter to be adopted through mask and searched the territory and search the territory mask and do the method for logical AND and filter.
7. the implementation method of multi-area stream classifying streamline as claimed in claim 5 is characterized in that, in step (4), the amount of bits of the sequence number of said search pattern decides according to the quantity of search pattern.
8. the implementation method of multi-area stream classifying streamline as claimed in claim 1; It is characterized in that, in step (4), if the combined mark of this search pattern is effective; The result who so just keeps the Hash operation of this search pattern; Iteration is gone into the Hash operation of next search pattern, obtains the result and removes to look into the RULE rule list, and then remove to mate RULE behavior table.
9. the implementation method of multi-area stream classifying streamline as claimed in claim 1 is characterized in that, in step (5), owing to there are a plurality of search patterns can hit many rules, goes to judge final regular behavior according to the priority of every rule so.
10. the implementation method of multi-area stream classifying streamline as claimed in claim 9; It is characterized in that in step (5), judge the following method of the concrete employing of final regular behavior: every rule all disposes priority; Therefore just judge just, from high in the end according to the priority of every rule; If priority is identical, just, judge from big to small according to the sequence number size of search pattern.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102482119A CN102377581A (en) | 2010-08-09 | 2010-08-09 | Implementation method of multi-field flow classification pipeline |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102482119A CN102377581A (en) | 2010-08-09 | 2010-08-09 | Implementation method of multi-field flow classification pipeline |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102377581A true CN102377581A (en) | 2012-03-14 |
Family
ID=45795603
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010102482119A Pending CN102377581A (en) | 2010-08-09 | 2010-08-09 | Implementation method of multi-field flow classification pipeline |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102377581A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103780460A (en) * | 2014-01-15 | 2014-05-07 | 珠海市佳讯实业有限公司 | System for realizing hardware filtering of TAP device through FPGA |
| CN104954200A (en) * | 2015-06-17 | 2015-09-30 | 国家计算机网络与信息安全管理中心 | Multi-type rule high-speed matching method and device of network data packet |
| CN107911315A (en) * | 2017-11-17 | 2018-04-13 | 成都西加云杉科技有限公司 | Packet classification method and the network equipment |
| CN111817978A (en) * | 2019-04-12 | 2020-10-23 | 华为技术有限公司 | Flow classification method and device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060002386A1 (en) * | 2004-06-30 | 2006-01-05 | Zarlink Semiconductor Inc. | Combined pipelined classification and address search method and apparatus for switching environments |
| CN1805435A (en) * | 2005-01-13 | 2006-07-19 | 中兴通讯股份有限公司 | IPv6 multi-domain classification processing method |
| CN101667964A (en) * | 2009-09-18 | 2010-03-10 | 中兴通讯股份有限公司 | Collocation method and device of access control list (ACL) regulations |
-
2010
- 2010-08-09 CN CN2010102482119A patent/CN102377581A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060002386A1 (en) * | 2004-06-30 | 2006-01-05 | Zarlink Semiconductor Inc. | Combined pipelined classification and address search method and apparatus for switching environments |
| CN1805435A (en) * | 2005-01-13 | 2006-07-19 | 中兴通讯股份有限公司 | IPv6 multi-domain classification processing method |
| CN101667964A (en) * | 2009-09-18 | 2010-03-10 | 中兴通讯股份有限公司 | Collocation method and device of access control list (ACL) regulations |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103780460A (en) * | 2014-01-15 | 2014-05-07 | 珠海市佳讯实业有限公司 | System for realizing hardware filtering of TAP device through FPGA |
| CN103780460B (en) * | 2014-01-15 | 2017-06-30 | 珠海市佳讯实业有限公司 | It is a kind of that the system that TAP device hardwares are filtered is realized by FPGA |
| CN104954200A (en) * | 2015-06-17 | 2015-09-30 | 国家计算机网络与信息安全管理中心 | Multi-type rule high-speed matching method and device of network data packet |
| CN107911315A (en) * | 2017-11-17 | 2018-04-13 | 成都西加云杉科技有限公司 | Packet classification method and the network equipment |
| CN107911315B (en) * | 2017-11-17 | 2020-09-11 | 成都西加云杉科技有限公司 | Message classification method and network equipment |
| CN111817978A (en) * | 2019-04-12 | 2020-10-23 | 华为技术有限公司 | Flow classification method and device |
| CN111817978B (en) * | 2019-04-12 | 2022-10-04 | 华为技术有限公司 | Flow classification method and device |
| US11882047B2 (en) | 2019-04-12 | 2024-01-23 | Huawei Technologies Co., Ltd. | Traffic classification method and apparatus |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Van Lunteren et al. | Fast and scalable packet classification | |
| CN100433715C (en) | Method for providing different service quality tactics to data stream | |
| Song et al. | Scalable name-based packet forwarding: From millions to billions | |
| CN102487374B (en) | Access control list realization method and apparatus thereof | |
| CN104580027B (en) | A kind of OpenFlow message forwarding methods and equipment | |
| CN101771627B (en) | Equipment and method for analyzing and controlling node real-time deep packet on internet | |
| US7706375B2 (en) | System and method of fast adaptive TCAM sorting for IP longest prefix matching | |
| CN100583812C (en) | Method and apparatus for two-stage packet classification using most specific filter matching and transport level sharing | |
| US7606236B2 (en) | Forwarding information base lookup method | |
| CN102377664B (en) | TCAM (ternary content addressable memory)-based range matching device and method | |
| Che et al. | DRES: Dynamic range encoding scheme for TCAM coprocessors | |
| CN1957573B (en) | Apparatus and method for two-stage packet classification using most specific filter matching and transport level sharing | |
| KR100920518B1 (en) | Apparatus and methdo for packet classification | |
| CN104348716A (en) | Message processing method and equipment | |
| US9356844B2 (en) | Efficient application recognition in network traffic | |
| CN105224692A (en) | Support the system and method for the SDN multilevel flow table parallel search of polycaryon processor | |
| CN111131084B (en) | QoS-aware OpenFlow flow table searching method | |
| CN105591914B (en) | Openflow flow table lookup method and device | |
| CN104579940A (en) | Method and apparatus for searching ACL | |
| CN103248573A (en) | Centralization management switch for OpenFlow and data processing method of centralization management switch | |
| CN102427428A (en) | Stream identifying method and device based on multi-domain longest match | |
| CN102377581A (en) | Implementation method of multi-field flow classification pipeline | |
| CN102316040A (en) | Access control list finding method and data stream classification device | |
| CN106713144A (en) | Read-write method of message exit information and forwarding engine | |
| US6970971B1 (en) | Method and apparatus for mapping prefixes and values of a hierarchical space to other representations |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| AD01 | Patent right deemed abandoned |
Effective date of abandoning: 20120314 |
|
| C20 | Patent right or utility model deemed to be abandoned or is abandoned |