CN103475598A - Method for partitioning user priorities through SPI (serial peripheral interface) - Google Patents

Method for partitioning user priorities through SPI (serial peripheral interface) Download PDF

Info

Publication number
CN103475598A
CN103475598A CN 201310371327 CN201310371327A CN103475598A CN 103475598 A CN103475598 A CN 103475598A CN 201310371327 CN201310371327 CN 201310371327 CN 201310371327 A CN201310371327 A CN 201310371327A CN 103475598 A CN103475598 A CN 103475598A
Authority
CN
Grant status
Application
Patent type
Prior art keywords
spi
esp
queue
message
priorities
Prior art date
Application number
CN 201310371327
Other languages
Chinese (zh)
Inventor
陈海滨
Original Assignee
天津汉柏汉安信息技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date

Links

Abstract

The invention discloses a method for partitioning user priorities through an SPI (serial peripheral interface). The method comprises the following steps: S1, partitioning the range of SPI values of an ESP (electronic stability program) message into N segments by firewall equipment, setting the priorities to be decreased successively from the first segment to the Nth segment, enabling an IP address to correspond to the range of the SPI values of each segment according to user requirements, determining one SPI value from the range of the SPI values corresponding to the IP address of the message, allocating the SPI value to the ESP message, encrypting the ESP message and then transmitting the encrypted ESP message to forwarding firewall equipment; and S2, uniformly placing the received ESP messages in a message forwarding queue by the forwarding firewall equipment, deleting the messages with lower priorities from the queue when the queue is full, and placing the messages with higher priorities into the queue. By differentiating the priorities of users, when the network traffic explodes, the problem that the user messages with higher priorities are lost can be effectively avoided.

Description

一种通过SPI划分用户优先级的方法 By dividing one kind of user priority SPI method

技术领域 FIELD

[0001] 本发明涉及网络通信技术领域,特别涉及一种通过SPI划分用户优先级的方法。 [0001] The present invention relates to network communication technology field, and particularly relates to a user priority SPI dividing method. 背景技术 Background technique

[0002]目前,当网络流量暴增时,由于防火墙设备处理能力有限,因此会造成丢包问题,然而,如果可以对报文的优先级进行预先设置,则可以根据用户的优先级对报文进行分类处理,比如,将网络视频报文的优先级设置的高一些,访问网站的优先级设定的低一些,因为用户访问网站时,HTTP连接超时时都会自动重新发送连接请求,而且用户一般都会在点击连接之后停留一段时间,因此对实时性的要求不高。 [0002] Currently, when network traffic surge, due to the limited firewall processing power, it will cause packet loss, however, if the priority can be pre-set messages, it is possible for packets according to priority users priority setting for categorization, for example, the network video packets higher priority setting, visit the web site is lower, because when a user accesses the site, HTTP connection time-out will automatically resend connection requests, and users in general It will stay for some time after the click the link, and therefore less demanding real-time. 通过以上举例,可以看出区分用户优先级的重要性。 By way of example above, it can be seen prioritized importance to the user. 这样就可以避免优先级较高的报文丢失所带来的损失问题。 This avoids loss issues a higher priority packet loss brings.

发明内容 SUMMARY

[0003]( 一)要解决的技术问题 [0003] (a) To solve technical problems

[0004] 本发明要解决的是提高网络设备中报文处理的安全性较低的问题,尤其是对于当网络流量暴增时,由于无法区分信息的重要性高低,造成优先级较高的信息丢失所带来的损失问题。 [0004] The present invention to solve is to improve the less secure network problems packet processing device, especially for when the network traffic surge, unable to distinguish the level of importance of the information, resulting in higher-priority information problems caused by the loss of loss.

[0005] ( 二)技术方案 [0005] (ii) Technical Solution

[0006] 为解决上述技术问题,本发明提供了一种通过SPI划分用户优先级的方法,其特征在于, [0006] In order to solve the above technical problem, the present invention provides a method for priority users by dividing SPI, wherein,

[0007] 包括以下步骤: [0007] comprising the steps of:

[0008] S1:防火墙设备将ESP报文的SPI值的范围分为N段,并设置从第I至第N段的优先级依次递减,根据用户需求将IP地址与各段的SPI值范围对应,根据报文IP地址从对应的SPI值范围中确定一个SPI值并分配给所述ESP报文,再对所述ESP报文进行加密后发送至转发防火墙设备; [0008] S1: The scope of the SPI firewall value of ESP packets into N segments, and set in descending order of priority segment from I to N, according to the needs of the user corresponding to the IP address with the SPI value range of each segment , determined according to the IP address of the packet from the SPI value in a range corresponding to the SPI value and assigned to the ESP packets sent to the firewall forwards again after the ESP encrypted packet;

[0009] S2:转发防火墙设备将接收到的ESP报文统一放在一个报文转发队列中,当队列满时,将队列中优先级较低的报文删除,优先级较高的报文继续放入队列。 [0009] S2: forwarding firewall received ESP packets in a packet forwarding unified queue, when the queue is full, the queue will be deleted lower priority packets higher priority packets continue placed in the queue.

[0010](三)有益效果 [0010] (c) beneficial effect

[0011] 本发明通过SPI区分服务类型的方法,对不同需求的用户进行分类,以此达到区分服务优先级的目的。 [0011] The present invention, on the different needs of users classified by service type distinguishing method SPI, in order to achieve the object of the DiffServ priority.

具体实施方式 detailed description

[0012] 下面对本发明的具体实施方式作进一步详细描述。 [0012] The following specific embodiments of the present invention will be further described in detail. 以下实施例用于说明本发明,但不用来限制本发明的范围。 The following examples serve to illustrate the present invention but are not intended to limit the scope of the present invention.

[0013] 本实施方式的方法包括以下步骤: [0013] The method according to the present embodiment comprises the steps of:

[0014] S1:防火墙设备将ESP报文的SPI值的范围分为N段,并设置从第I至第N段的优先级依次递减,根据用户需求将IP地址与各段的SPI值范围对应,根据报文IP地址从对应的SPI值范围中确定一个SPI值并分配给所述ESP报文,再对所述ESP报文进行加密后发送至转发防火墙设备; [0014] S1: The scope of the SPI firewall value of ESP packets into N segments, and set in descending order of priority segment from I to N, according to the needs of the user corresponding to the IP address with the SPI value range of each segment , determined according to the IP address of the packet from the SPI value in a range corresponding to the SPI value and assigned to the ESP packets sent to the firewall forwards again after the ESP encrypted packet;

[0015] S2:转发防火墙设备将接收到的ESP报文统一放在一个报文转发队列中,当队列满时,将队列中优先级较低的报文删除,优先级较高的报文继续放入队列。 [0015] S2: forwarding firewall received ESP packets in a packet forwarding unified queue, when the queue is full, the queue will be deleted lower priority packets higher priority packets continue placed in the queue.

[0016] 本发明通过SPI区分服务类型的方法,对不同需求的用户进行分类,以此达到区分服务优先级的目的。 [0016] The present invention, on the different needs of users classified by service type distinguishing method SPI, in order to achieve the object of the DiffServ priority.

[0017] 以上实施方式仅用于说明本发明,而并非对本发明的限制,有关技术领域的普通技术人员,在不脱离本发明的精神和范围的情况下,还可以做出各种变化和变型,因此所有等同的技术方案也属于本发明的范畴,本发明的专利保护范围应由权利要求限定。 [0017] The above embodiments are merely illustrative of the present invention, and are not restrictive of the invention, relating to ordinary skill in the art, without departing from the spirit and scope of the present invention, can make various changes and modifications , all equivalent technical solutions also within the scope of the present invention, the scope of the present invention patent is defined by the appended claims.

Claims (1)

  1. 1.一种通过SPI划分用户优先级的方法,其特征在于, 包括以下步骤: 51:防火墙设备将ESP报文的SPI值的范围分为N段,并设置从第I至第N段的优先级依次递减,根据用户需求将IP地址与各段的SPI值范围对应,根据报文IP地址从对应的SPI值范围中确定一个SPI值并分配给所述ESP报文,再对所述ESP报文进行加密后发送至转发防火墙设备; 52:转发防火墙设备将接收到的ESP报文统一放在一个报文转发队列中,当队列满时,将队列中优先级较低的报文删除,优先级较高的报文继续放入队列。 CLAIMS 1. A method of SPI division priority user, characterized by comprising the steps of: 51: SPI firewall device range values ​​of ESP packets into N segments, and set the priority from stage I to N level in descending order, according to the needs of the user corresponding to the IP address with the SPI value range of each segment, the SPI value is determined from a range of values ​​corresponding to the SPI packet according to the IP address and assigned to the ESP packet, then the packet ESP encrypt later sent to the forwarding firewall; 52: forward firewall received ESP packets in a packet forwarding unified queue, when the queue is full, the queue will be deleted lower priority packets priority continued high level message placed in the queue.
CN 201310371327 2013-08-23 2013-08-23 Method for partitioning user priorities through SPI (serial peripheral interface) CN103475598A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 201310371327 CN103475598A (en) 2013-08-23 2013-08-23 Method for partitioning user priorities through SPI (serial peripheral interface)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 201310371327 CN103475598A (en) 2013-08-23 2013-08-23 Method for partitioning user priorities through SPI (serial peripheral interface)

Publications (1)

Publication Number Publication Date
CN103475598A true true CN103475598A (en) 2013-12-25

Family

ID=49800303

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 201310371327 CN103475598A (en) 2013-08-23 2013-08-23 Method for partitioning user priorities through SPI (serial peripheral interface)

Country Status (1)

Country Link
CN (1) CN103475598A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7095716B1 (en) * 2001-03-30 2006-08-22 Juniper Networks, Inc. Internet security device and method
CN1917469A (en) * 2005-08-18 2007-02-21 中国长城计算机深圳股份有限公司 Method for controlling transmission of message based on priorities of message
CN101110672A (en) * 2006-07-19 2008-01-23 华为技术有限公司 Method and system for establishing ESP security alliance in communication system
CN102469087A (en) * 2010-11-17 2012-05-23 中兴通讯股份有限公司 Method and system for realizing control of quality of service,

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7095716B1 (en) * 2001-03-30 2006-08-22 Juniper Networks, Inc. Internet security device and method
CN1917469A (en) * 2005-08-18 2007-02-21 中国长城计算机深圳股份有限公司 Method for controlling transmission of message based on priorities of message
CN101110672A (en) * 2006-07-19 2008-01-23 华为技术有限公司 Method and system for establishing ESP security alliance in communication system
CN102469087A (en) * 2010-11-17 2012-05-23 中兴通讯股份有限公司 Method and system for realizing control of quality of service,

Similar Documents

Publication Publication Date Title
CN101483918A (en) Buffer condition report sending method and apparatus thereof
CN103841044A (en) Bandwidth control method based on software-defined networking and oriented to different types of flow
CN101977146A (en) Intelligent network traffic controller and implementation method thereof
CN102685904A (en) Bandwidth self-adaptive allocation method and bandwidth self-adaptive allocation system
CN102791032A (en) Network bandwidth distribution method and terminal
CN103200606A (en) Terminal and data service processing method
CN102137169A (en) Method, network card and communication system for binding physical internet ports
CN102297493A (en) Monitoring system and method of air conditioning units
US20130318522A1 (en) Management of Virtual Desktop Infrastructure (VDI) Sessions Using Real-Time Network Conditions
CN102158404A (en) Intelligent flow control system of interactive network and implementing method thereof
CN101547150A (en) Method and device for scheduling data communication input port
CN102761856A (en) Method, device and system for sharing software between terminals
CN101924679A (en) Message rate-limiting method of Ethernet port, device and data communication device
CN103269282A (en) Method and device for automatically deploying network configuration
CN102469504A (en) Network congestion decision method and equipment for wireless communication system
CN103118134A (en) Method and device for quality guarantee on task-level-oriented large data distribution
CN103986715A (en) Network traffic control method and device
CN102685911A (en) Business scheduling method in LTE system
CN101719872A (en) Zero-copy mode based method and device for sending and receiving multi-queue messages
CN104113492A (en) Router based user access bandwidth adjusting method, device and system
CN103141058A (en) Network interface controller for virtual and distributed services
CN101374154A (en) Method and apparatus for processing remote procedure call request
CN103747059A (en) Method and system for guaranteeing cloud computing server cluster network
CN102739554A (en) Data management and control platform and data management and control method
CN103346972A (en) Flow control device and method based on user terminal

Legal Events

Date Code Title Description
C06 Publication
C10 Entry into substantive examination