CN102761485A - Method and system for processing connections by network equipment - Google Patents

Method and system for processing connections by network equipment Download PDF

Info

Publication number
CN102761485A
CN102761485A CN2012102336997A CN201210233699A CN102761485A CN 102761485 A CN102761485 A CN 102761485A CN 2012102336997 A CN2012102336997 A CN 2012102336997A CN 201210233699 A CN201210233699 A CN 201210233699A CN 102761485 A CN102761485 A CN 102761485A
Authority
CN
China
Prior art keywords
holding time
static holding
network equipment
new connection
linking number
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2012102336997A
Other languages
Chinese (zh)
Other versions
CN102761485B (en
Inventor
陈海滨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Opzoon Technology Co Ltd
Original Assignee
Opzoon Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Opzoon Technology Co Ltd filed Critical Opzoon Technology Co Ltd
Priority to CN201210233699.7A priority Critical patent/CN102761485B/en
Publication of CN102761485A publication Critical patent/CN102761485A/en
Application granted granted Critical
Publication of CN102761485B publication Critical patent/CN102761485B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a method and a system for processing connections by a network equipment, relating to the technical field of network communications. The method comprises the following steps of: obtaining the number of current connections when the network equipment builds a new connection; judging whether the number of current connections is greater than a preset threshold, if so, reducing the static preservation time of the new connection. In the method provided by the invention, when building the new connection, the static preservation time of the new connection is judged to be reduced or not according to the number of connections of the network equipment, so that the network equipment can be prevented from breakdown when a larger number of connections is built in short time or being attacked.

Description

The method and system that network device processing connects
Technical field
The present invention relates to network communications technology field, the method and system that particularly a kind of network device processing connects.
Background technology
At present, when network equipment equipment such as (particularly) fire compartment walls need operation such as change to message, data message was sorted out through form convection current such as ip five-tuples mostly, to reach the purpose of fast processing.At this moment; UDP udp and transmission control protocol tcp etc. are connected list item provides 3 hours the static holding time of acquiescence (static holding time refer to not have under the situation of flow preserve the time that this connects list item for static); But a network equipment has maximum number of connections (for example 1,000,000 connections); If the network equipment is set up a large amount of connections at short notice or is attacked, can make linking number reach maximum number of connections, cause network equipment paralysis.
Summary of the invention
The technical problem that (one) will solve
The technical problem that the present invention will solve is: how when the network equipment is set up a large amount of connections at short notice or attacked, prevent network equipment paralysis.
(2) technical scheme
For solving the problems of the technologies described above, the invention provides the method that a kind of network device processing connects, said method comprises:
When the network equipment is set up new the connection, obtain the current linking number of the said network equipment;
Judge whether said current linking number has surpassed predetermined threshold value, if then shorten static holding time of said new connection.
Wherein, utilize said current linking number to shorten the said new static holding time that is connected with ratio between the said predetermined threshold value.
Wherein, the static holding time of said new connection is in the Preset Time scope.
Wherein, the static holding time of said new connection calculates through following formula,
t = min ( q , T w m / n )
Wherein, t is the static holding time of said new connection, and min () is the computing that gets the small value, and n is a predetermined threshold value, and m is current linking number, and q is the minimum value in the said Preset Time scope, and T is the maximum in the said Preset Time scope, and w is the constant greater than 1.
The invention also discloses the system that a kind of network device processing connects, said system comprises:
The linking number acquisition module is used for when the network equipment is set up new the connection, obtaining the current linking number of the said network equipment;
Time shortens module, is used to judge whether said current linking number has surpassed predetermined threshold value, if then shorten static holding time of said new connection.
Wherein, said time shortens and utilizes said current linking number to shorten the said new static holding time that is connected with ratio between the said predetermined threshold value in the module.
Wherein, the static holding time of said new connection is in the Preset Time scope.
Wherein, the static holding time of said new connection calculates through following formula,
t = min ( q , T w m / n )
Wherein, t is the static holding time of said new connection, and min () is the computing that gets the small value, and n is a predetermined threshold value, and m is current linking number, and q is the minimum value in the said Preset Time scope, and T is the maximum in the said Preset Time scope, and w is the constant greater than 1.
(3) beneficial effect
The present invention judges the static holding time of dwindling said new connection through when setting up new the connection according to the linking number that the network equipment has, and when the network equipment is set up a large amount of connections at short notice or attacked, can prevent network equipment paralysis.
Description of drawings
Fig. 1 is the method flow diagram according to the network device processing connection of one embodiment of the present invention;
Fig. 2 is the system architecture diagram according to the network device processing connection of one embodiment of the present invention.
Embodiment
Below in conjunction with accompanying drawing and embodiment, specific embodiments of the invention describes in further detail.Following examples are used to explain the present invention, but are not used for limiting scope of the present invention.
Fig. 1 is the method flow diagram according to the network device processing connection of one embodiment of the present invention; With reference to Fig. 1, said method comprises:
S101: when the network equipment is set up new the connection, obtain the current linking number of the said network equipment;
S102: judge whether said current linking number has surpassed predetermined threshold value, if then shorten static holding time of said new connection;
Among the step S102, if said current linking number does not surpass said predetermined threshold value, then the static holding time of said new connection is set to the normal static holding time.
For realizing adjusting the static holding time of said new connection, preferably, among the step S102, utilize said current linking number to shorten the said new static holding time that is connected with ratio between the said predetermined threshold value according to actual conditions.
When preventing to utilize said current linking number and ratio between the said predetermined threshold value to shorten said new static holding time that is connected; The static holding time of said new connection, too short situation occurred; Preferably, the static holding time of said new connection is in the Preset Time scope.
In this execution mode, preferably, the static holding time of said new connection calculates through following formula,
t = min ( q , T w m / n )
Wherein, T is the static holding time of said new connection, and min () is the computing that gets the small value, and n is a predetermined threshold value; M is current linking number; Q is the minimum value in the said Preset Time scope, and T is the maximum (general T is the normal static holding time) in the said Preset Time scope, and w is the constant greater than 1.
The maximum number of connections of supposing certain network equipment is 1,000,000; Then can predetermined threshold value n be made as 100,000, establishing normal static holding time T is 3 hours (can manually be provided with), and the w value is 10; The new establishment when connecting; Judge whether current linking number m (m is a natural number) has surpassed predetermined threshold value n, if < n then normally creates a static holding time and be 3 hours connection to m; If m>n, then calculate m/n, with the second unit with the static state holding time; If the value of m/n is 1; Then with T divided by 10, and whether judge t, if less than q second less than q second (for example 30 seconds); Then the static holding time with said new connection is made as q second, otherwise the static holding time of said new connection is made as t second; If multiple is 2, then with T divided by 100, and judge t whether less than q second, if less than q second, then the static holding time with said new connection is made as q second, otherwise the static holding time of said new connection is made as t second.
Can prevent through method of the present invention that the network equipment from being attacked (only connects when being attacked usually; And there is not data traffic; Suppose that this connection is arranged to 30 seconds, then do not preserved soon), suppose to connect when the network equipment can not be handled more than 500,000 simultaneously in 30 seconds; Just became the minimum value q of the static holding time of the said network equipment so in these 30 seconds; This q value is according to the concurrent ability of network device processing (usually the homologous series product is with cpu speed height judgment processing ability) and sizing, the network equipment that ability is strong more, and its q value is more little.
The invention also discloses the system that a kind of network device processing connects, with reference to Fig. 2, said system comprises:
Linking number acquisition module 201 is used for when the network equipment is set up new the connection, obtaining the current linking number of the said network equipment;
Time shortens module 202, is used to judge whether said current linking number has surpassed predetermined threshold value, if then shorten static holding time of said new connection.
Preferably, said time shortens and utilizes said current linking number to shorten the said new static holding time that is connected with ratio between the said predetermined threshold value in the module 202.
Preferably, the static holding time of said new connection is in the Preset Time scope.
Preferably, the static holding time of said new connection calculates through following formula,
t = min ( q , T w m / n )
Wherein, t is the static holding time of said new connection, and min () is the computing that gets the small value, and n is a predetermined threshold value, and m is current linking number, and q is the minimum value in the said Preset Time scope, and T is the maximum in the said Preset Time scope, and w is the constant greater than 1.
Above execution mode only is used to explain the present invention; And be not limitation of the present invention; The those of ordinary skill in relevant technologies field under the situation that does not break away from the spirit and scope of the present invention, can also be made various variations and modification; Therefore all technical schemes that are equal to also belong to category of the present invention, and scope of patent protection of the present invention should be defined by the claims.

Claims (8)

1. the method that connects of a network device processing is characterized in that said method comprises:
When the network equipment is set up new the connection, obtain the current linking number of the said network equipment;
Judge whether said current linking number has surpassed predetermined threshold value, if then shorten static holding time of said new connection.
2. the method for claim 1 is characterized in that, utilizes said current linking number to shorten the said new static holding time that is connected with ratio between the said predetermined threshold value.
3. method as claimed in claim 2 is characterized in that, the static holding time of said new connection is in the Preset Time scope.
4. method as claimed in claim 3 is characterized in that, the static holding time of said new connection calculates through following formula,
t = min ( q , T w m / n )
Wherein, t is the static holding time of said new connection, and min () is the computing that gets the small value, and n is a predetermined threshold value, and m is current linking number, and q is the minimum value in the said Preset Time scope, and T is the maximum in the said Preset Time scope, and w is the constant greater than 1.
5. the system that connects of a network device processing is characterized in that said system comprises:
The linking number acquisition module is used for when the network equipment is set up new the connection, obtaining the current linking number of the said network equipment;
Time shortens module, is used to judge whether said current linking number has surpassed predetermined threshold value, if then shorten static holding time of said new connection.
6. system as claimed in claim 5 is characterized in that, said time shortens utilizes said current linking number to shorten the said new static holding time that is connected with ratio between the said predetermined threshold value in the module.
7. system as claimed in claim 6 is characterized in that, the static holding time of said new connection is in the Preset Time scope.
8. system as claimed in claim 7 is characterized in that, the static holding time of said new connection calculates through following formula,
t = min ( q , T w m / n )
Wherein, t is the static holding time of said new connection, and min () is the computing that gets the small value, and n is a predetermined threshold value, and m is current linking number, and q is the minimum value in the said Preset Time scope, and T is the maximum in the said Preset Time scope, and w is the constant greater than 1.
CN201210233699.7A 2012-07-06 2012-07-06 Method and system for processing connections by network equipment Expired - Fee Related CN102761485B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210233699.7A CN102761485B (en) 2012-07-06 2012-07-06 Method and system for processing connections by network equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210233699.7A CN102761485B (en) 2012-07-06 2012-07-06 Method and system for processing connections by network equipment

Publications (2)

Publication Number Publication Date
CN102761485A true CN102761485A (en) 2012-10-31
CN102761485B CN102761485B (en) 2015-04-22

Family

ID=47055811

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210233699.7A Expired - Fee Related CN102761485B (en) 2012-07-06 2012-07-06 Method and system for processing connections by network equipment

Country Status (1)

Country Link
CN (1) CN102761485B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105227345A (en) * 2015-08-24 2016-01-06 北京汉柏科技有限公司 A kind of time-out time method to set up of connection and device
CN106060053A (en) * 2016-06-12 2016-10-26 上海携程商务有限公司 Method and system for automatically identifying and cleaning abnormal connection based on firewall
CN110519248A (en) * 2019-08-19 2019-11-29 光通天下网络科技股份有限公司 Ddos attack determines and the method, apparatus and electronic equipment of flow cleaning
CN115334136A (en) * 2022-07-05 2022-11-11 北京天融信网络安全技术有限公司 Connection aging control method, system, equipment and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020172199A1 (en) * 2000-12-14 2002-11-21 Scott Steven L. Node translation and protection in a clustered multiprocessor system
CN101292469A (en) * 2005-08-19 2008-10-22 意大利电信股份公司 Management of anonymous communications between customers based on short-distance wireless connection identifier
CN101547198A (en) * 2009-01-22 2009-09-30 联想网御科技(北京)有限公司 Method and device for controlling connections of network security equipment

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020172199A1 (en) * 2000-12-14 2002-11-21 Scott Steven L. Node translation and protection in a clustered multiprocessor system
CN101292469A (en) * 2005-08-19 2008-10-22 意大利电信股份公司 Management of anonymous communications between customers based on short-distance wireless connection identifier
CN101547198A (en) * 2009-01-22 2009-09-30 联想网御科技(北京)有限公司 Method and device for controlling connections of network security equipment

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105227345A (en) * 2015-08-24 2016-01-06 北京汉柏科技有限公司 A kind of time-out time method to set up of connection and device
CN106060053A (en) * 2016-06-12 2016-10-26 上海携程商务有限公司 Method and system for automatically identifying and cleaning abnormal connection based on firewall
CN110519248A (en) * 2019-08-19 2019-11-29 光通天下网络科技股份有限公司 Ddos attack determines and the method, apparatus and electronic equipment of flow cleaning
CN115334136A (en) * 2022-07-05 2022-11-11 北京天融信网络安全技术有限公司 Connection aging control method, system, equipment and storage medium
CN115334136B (en) * 2022-07-05 2024-02-02 北京天融信网络安全技术有限公司 Connection aging control method, system, equipment and storage medium

Also Published As

Publication number Publication date
CN102761485B (en) 2015-04-22

Similar Documents

Publication Publication Date Title
CN103326893B (en) A kind of method that limit tests the speed
US9959751B2 (en) Filter method for adapting a computing load
JP2010050857A (en) Route control apparatus and packet discarding method
WO2011103387A8 (en) Systems and methods for managing pdp contexts in a wireless data communications network
EP2461538A3 (en) Application layer security proxy for automation and control system networks
CN105100142A (en) Transmission control method and device of software defined network (SDN) protocol message
CN110784415B (en) ECN quick response method and device
US10142201B2 (en) Data acquisition using remote platform gateways
CN102761485A (en) Method and system for processing connections by network equipment
CN104836743B (en) A kind of jamming control method and device
CN104272654A (en) Method and apparatus for adaptive fast start in link aggregation
CN105307257A (en) Router signal automatic regulation method, router signal automatic regulation device and router
CN105745959B (en) Communication device and wireless communication system
CN102104552B (en) Message control method and device based on ECN (Explicit Congestion Notification) mechanism
CN105471722A (en) Message processing method and device
RU2014148333A (en) METHODS FOR ADAPTIVE CONTROLLED LIGHTING BASED ON TRANSPORT FLOW IN EXTERIOR LIGHTING NETWORKS
CN103888380A (en) Priority-based link scheduling method and device
CN104158683A (en) Cross-device aggregation group rapid convergence method, and cross-device aggregation group rapid convergence device
WO2015008315A1 (en) Message transmission and reception device, automatic meter reading system, and message transmission and reception method
CN107995199A (en) The port speed constraint method and device of the network equipment
CN103746842A (en) Method and system for detecting fault restarting of line card
CN102752208A (en) Method and system for preventing semi-joint attack
CN102694727A (en) Method and device for realizing transmission acceleration of network data packets
CN106027297A (en) Method and sever for implementing alarming
CN106209676A (en) The data processing method of cloud host computer systems based on many equipment and device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20150422

Termination date: 20180706

CF01 Termination of patent right due to non-payment of annual fee