CN103475598A - Method for partitioning user priorities through SPI (serial peripheral interface) - Google Patents

Method for partitioning user priorities through SPI (serial peripheral interface) Download PDF

Info

Publication number
CN103475598A
CN103475598A CN 201310371327 CN201310371327A CN103475598A CN 103475598 A CN103475598 A CN 103475598A CN 201310371327 CN201310371327 CN 201310371327 CN 201310371327 A CN201310371327 A CN 201310371327A CN 103475598 A CN103475598 A CN 103475598A
Authority
CN
Grant status
Application
Patent type
Prior art keywords
spi
esp
queue
message
priorities
Prior art date
Application number
CN 201310371327
Other languages
Chinese (zh)
Inventor
陈海滨
Original Assignee
天津汉柏汉安信息技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date

Links

Abstract

The invention discloses a method for partitioning user priorities through an SPI (serial peripheral interface). The method comprises the following steps: S1, partitioning the range of SPI values of an ESP (electronic stability program) message into N segments by firewall equipment, setting the priorities to be decreased successively from the first segment to the Nth segment, enabling an IP address to correspond to the range of the SPI values of each segment according to user requirements, determining one SPI value from the range of the SPI values corresponding to the IP address of the message, allocating the SPI value to the ESP message, encrypting the ESP message and then transmitting the encrypted ESP message to forwarding firewall equipment; and S2, uniformly placing the received ESP messages in a message forwarding queue by the forwarding firewall equipment, deleting the messages with lower priorities from the queue when the queue is full, and placing the messages with higher priorities into the queue. By differentiating the priorities of users, when the network traffic explodes, the problem that the user messages with higher priorities are lost can be effectively avoided.

Description

一种通过SPI划分用户优先级的方法 By dividing one kind of user priority SPI method

技术领域 FIELD

[0001] 本发明涉及网络通信技术领域,特别涉及一种通过SPI划分用户优先级的方法。 [0001] The present invention relates to network communication technology field, and particularly relates to a user priority SPI dividing method. 背景技术 Background technique

[0002]目前,当网络流量暴增时,由于防火墙设备处理能力有限,因此会造成丢包问题,然而,如果可以对报文的优先级进行预先设置,则可以根据用户的优先级对报文进行分类处理,比如,将网络视频报文的优先级设置的高一些,访问网站的优先级设定的低一些,因为用户访问网站时,HTTP连接超时时都会自动重新发送连接请求,而且用户一般都会在点击连接之后停留一段时间,因此对实时性的要求不高。 [0002] Currently, when network traffic surge, due to the limited firewall processing power, it will cause packet loss, however, if the priority can be pre-set messages, it is possible for packets according to priority users priority setting for categorization, for example, the network video packets higher priority setting, visit the web site is lower, because when a user accesses the site, HTTP connection time-out will automatically resend connection requests, and users in general It will stay for some time after the click the link, and therefore less demanding real-time. 通过以上举例,可以看出区分用户优先级的重要性。 By way of example above, it can be seen prioritized importance to the user. 这样就可以避免优先级较高的报文丢失所带来的损失问题。 This avoids loss issues a higher priority packet loss brings.

发明内容 SUMMARY

[0003]( 一)要解决的技术问题 [0003] (a) To solve technical problems

[0004] 本发明要解决的是提高网络设备中报文处理的安全性较低的问题,尤其是对于当网络流量暴增时,由于无法区分信息的重要性高低,造成优先级较高的信息丢失所带来的损失问题。 [0004] The present invention to solve is to improve the less secure network problems packet processing device, especially for when the network traffic surge, unable to distinguish the level of importance of the information, resulting in higher-priority information problems caused by the loss of loss.

[0005] ( 二)技术方案 [0005] (ii) Technical Solution

[0006] 为解决上述技术问题,本发明提供了一种通过SPI划分用户优先级的方法,其特征在于, [0006] In order to solve the above technical problem, the present invention provides a method for priority users by dividing SPI, wherein,

[0007] 包括以下步骤: [0007] comprising the steps of:

[0008] S1:防火墙设备将ESP报文的SPI值的范围分为N段,并设置从第I至第N段的优先级依次递减,根据用户需求将IP地址与各段的SPI值范围对应,根据报文IP地址从对应的SPI值范围中确定一个SPI值并分配给所述ESP报文,再对所述ESP报文进行加密后发送至转发防火墙设备; [0008] S1: The scope of the SPI firewall value of ESP packets into N segments, and set in descending order of priority segment from I to N, according to the needs of the user corresponding to the IP address with the SPI value range of each segment , determined according to the IP address of the packet from the SPI value in a range corresponding to the SPI value and assigned to the ESP packets sent to the firewall forwards again after the ESP encrypted packet;

[0009] S2:转发防火墙设备将接收到的ESP报文统一放在一个报文转发队列中,当队列满时,将队列中优先级较低的报文删除,优先级较高的报文继续放入队列。 [0009] S2: forwarding firewall received ESP packets in a packet forwarding unified queue, when the queue is full, the queue will be deleted lower priority packets higher priority packets continue placed in the queue.

[0010](三)有益效果 [0010] (c) beneficial effect

[0011] 本发明通过SPI区分服务类型的方法,对不同需求的用户进行分类,以此达到区分服务优先级的目的。 [0011] The present invention, on the different needs of users classified by service type distinguishing method SPI, in order to achieve the object of the DiffServ priority.

具体实施方式 detailed description

[0012] 下面对本发明的具体实施方式作进一步详细描述。 [0012] The following specific embodiments of the present invention will be further described in detail. 以下实施例用于说明本发明,但不用来限制本发明的范围。 The following examples serve to illustrate the present invention but are not intended to limit the scope of the present invention.

[0013] 本实施方式的方法包括以下步骤: [0013] The method according to the present embodiment comprises the steps of:

[0014] S1:防火墙设备将ESP报文的SPI值的范围分为N段,并设置从第I至第N段的优先级依次递减,根据用户需求将IP地址与各段的SPI值范围对应,根据报文IP地址从对应的SPI值范围中确定一个SPI值并分配给所述ESP报文,再对所述ESP报文进行加密后发送至转发防火墙设备; [0014] S1: The scope of the SPI firewall value of ESP packets into N segments, and set in descending order of priority segment from I to N, according to the needs of the user corresponding to the IP address with the SPI value range of each segment , determined according to the IP address of the packet from the SPI value in a range corresponding to the SPI value and assigned to the ESP packets sent to the firewall forwards again after the ESP encrypted packet;

[0015] S2:转发防火墙设备将接收到的ESP报文统一放在一个报文转发队列中,当队列满时,将队列中优先级较低的报文删除,优先级较高的报文继续放入队列。 [0015] S2: forwarding firewall received ESP packets in a packet forwarding unified queue, when the queue is full, the queue will be deleted lower priority packets higher priority packets continue placed in the queue.

[0016] 本发明通过SPI区分服务类型的方法,对不同需求的用户进行分类,以此达到区分服务优先级的目的。 [0016] The present invention, on the different needs of users classified by service type distinguishing method SPI, in order to achieve the object of the DiffServ priority.

[0017] 以上实施方式仅用于说明本发明,而并非对本发明的限制,有关技术领域的普通技术人员,在不脱离本发明的精神和范围的情况下,还可以做出各种变化和变型,因此所有等同的技术方案也属于本发明的范畴,本发明的专利保护范围应由权利要求限定。 [0017] The above embodiments are merely illustrative of the present invention, and are not restrictive of the invention, relating to ordinary skill in the art, without departing from the spirit and scope of the present invention, can make various changes and modifications , all equivalent technical solutions also within the scope of the present invention, the scope of the present invention patent is defined by the appended claims.

Claims (1)

  1. 1.一种通过SPI划分用户优先级的方法,其特征在于, 包括以下步骤: 51:防火墙设备将ESP报文的SPI值的范围分为N段,并设置从第I至第N段的优先级依次递减,根据用户需求将IP地址与各段的SPI值范围对应,根据报文IP地址从对应的SPI值范围中确定一个SPI值并分配给所述ESP报文,再对所述ESP报文进行加密后发送至转发防火墙设备; 52:转发防火墙设备将接收到的ESP报文统一放在一个报文转发队列中,当队列满时,将队列中优先级较低的报文删除,优先级较高的报文继续放入队列。 CLAIMS 1. A method of SPI division priority user, characterized by comprising the steps of: 51: SPI firewall device range values ​​of ESP packets into N segments, and set the priority from stage I to N level in descending order, according to the needs of the user corresponding to the IP address with the SPI value range of each segment, the SPI value is determined from a range of values ​​corresponding to the SPI packet according to the IP address and assigned to the ESP packet, then the packet ESP encrypt later sent to the forwarding firewall; 52: forward firewall received ESP packets in a packet forwarding unified queue, when the queue is full, the queue will be deleted lower priority packets priority continued high level message placed in the queue.
CN 201310371327 2013-08-23 2013-08-23 Method for partitioning user priorities through SPI (serial peripheral interface) CN103475598A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 201310371327 CN103475598A (en) 2013-08-23 2013-08-23 Method for partitioning user priorities through SPI (serial peripheral interface)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 201310371327 CN103475598A (en) 2013-08-23 2013-08-23 Method for partitioning user priorities through SPI (serial peripheral interface)

Publications (1)

Publication Number Publication Date
CN103475598A true true CN103475598A (en) 2013-12-25

Family

ID=49800303

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 201310371327 CN103475598A (en) 2013-08-23 2013-08-23 Method for partitioning user priorities through SPI (serial peripheral interface)

Country Status (1)

Country Link
CN (1) CN103475598A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7095716B1 (en) * 2001-03-30 2006-08-22 Juniper Networks, Inc. Internet security device and method
CN1917469A (en) * 2005-08-18 2007-02-21 中国长城计算机深圳股份有限公司 Method for controlling transmission of message based on priorities of message
CN101110672A (en) * 2006-07-19 2008-01-23 华为技术有限公司 Method and system for establishing ESP security alliance in communication system
CN102469087A (en) * 2010-11-17 2012-05-23 中兴通讯股份有限公司 Method and system for realizing control of quality of service,

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7095716B1 (en) * 2001-03-30 2006-08-22 Juniper Networks, Inc. Internet security device and method
CN1917469A (en) * 2005-08-18 2007-02-21 中国长城计算机深圳股份有限公司 Method for controlling transmission of message based on priorities of message
CN101110672A (en) * 2006-07-19 2008-01-23 华为技术有限公司 Method and system for establishing ESP security alliance in communication system
CN102469087A (en) * 2010-11-17 2012-05-23 中兴通讯股份有限公司 Method and system for realizing control of quality of service,

Similar Documents

Publication Publication Date Title
CN101483918A (en) Buffer condition report sending method and apparatus thereof
CN101309195A (en) Method and apparatus for guarantee quality of service of secure socket layer of virtual private network
CN103841044A (en) Bandwidth control method based on software-defined networking and oriented to different types of flow
CN101977146A (en) Intelligent network traffic controller and implementation method thereof
CN103200606A (en) Terminal and data service processing method
CN102791032A (en) Network bandwidth distribution method and terminal
CN102685904A (en) Bandwidth self-adaptive allocation method and bandwidth self-adaptive allocation system
CN101431473A (en) Method and apparatus for implementing network speed limit
CN102497322A (en) High-speed packet filtering device and method realized based on shunting network card and multi-core CPU (Central Processing Unit)
CN102297493A (en) Monitoring system and method of air conditioning units
CN102137169A (en) Method, network card and communication system for binding physical internet ports
CN102572939A (en) Heartbeat packet sending method, device thereof and system thereof
CN102158404A (en) Intelligent flow control system of interactive network and implementing method thereof
CN101170517A (en) Method and device for aging of control session table
CN102761856A (en) Method, device and system for sharing software between terminals
CN102158977A (en) Service class indication method, device and system
CN101924679A (en) Message rate-limiting method of Ethernet port, device and data communication device
CN103269282A (en) Method and device for automatically deploying network configuration
CN103560970A (en) Method for realizing downlink speed limitation of network device with multiple LAN ports
CN103346972A (en) Flow control device and method based on user terminal
CN102624889A (en) Mass data concurrency processing method based on receiving and processing separation
CN102469504A (en) Network congestion decision method and equipment for wireless communication system
US20150026324A1 (en) Notification normalization
CN103118134A (en) Method and device for quality guarantee on task-level-oriented large data distribution
CN103986715A (en) Network traffic control method and device

Legal Events

Date Code Title Description
C06 Publication
C10 Entry into substantive examination