CN103647718B - The treating method and apparatus of packet - Google Patents

The treating method and apparatus of packet Download PDF

Info

Publication number
CN103647718B
CN103647718B CN201310687011.7A CN201310687011A CN103647718B CN 103647718 B CN103647718 B CN 103647718B CN 201310687011 A CN201310687011 A CN 201310687011A CN 103647718 B CN103647718 B CN 103647718B
Authority
CN
China
Prior art keywords
matching
rule
domain
values
domains
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201310687011.7A
Other languages
Chinese (zh)
Other versions
CN103647718A (en
Inventor
丁万夫
林程勇
谢高岗
关洪涛
黄昆
李海涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN201310687011.7A priority Critical patent/CN103647718B/en
Publication of CN103647718A publication Critical patent/CN103647718A/en
Application granted granted Critical
Publication of CN103647718B publication Critical patent/CN103647718B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the present invention provides a kind for the treatment of method and apparatus of packet.This method includes:Received data packet;Single domain list table is inquired about, obtains the value of matching domain corresponding with the information in the packet;The index according to corresponding to the value of the matching domain, rule searching table, obtain matched rule corresponding to the list item at index place corresponding with the value of the matching domain;According to the matched rule, corresponding processing is performed to the packet.Lookup speed is slower in the prior art for the treating method and apparatus solution of the packet of the embodiment of the present invention, so as to result in the slower problem of the processing speed of packet.

Description

Data packet processing method and device
Technical Field
The present invention relates to communications technologies, and in particular, to a method and an apparatus for processing a data packet.
Background
With the continuous development of new technologies of network devices, the network devices are shifted to architectures with separate control and forwarding, where OpenFlow is a typical architecture of network devices with separate control and forwarding. Specifically, the OpenFlow network device mainly includes a switch and a Controller (Controller); the switches only operate the forwarding plane, and the control plane is operated in the remote controllers, that is, one or more controllers control the flow tables in the switches, thereby achieving the purpose of controlling the forwarding of the data packets.
At present, the number of flow tables in a switch may be one or more, and the flow tables may be specifically multi-domain single tables, where the multi-domain single table is formed by combining multiple matching domains into one entry and then linking multiple entries. In addition, after the data packet is received by the switch, each table entry in the multi-domain single table in the switch is traversed linearly to find a matching rule matched with the data packet, and the data packet is processed correspondingly according to the matching rule.
However, in the prior art, since each multi-domain single table in the switch needs to be linearly traversed after each packet is received, the lookup speed is slow, and the processing speed of the packet is slow.
Disclosure of Invention
The embodiment of the invention provides a method and a device for processing a data packet, which aim to solve the problem that the processing speed of the data packet is low due to the low searching speed in the prior art.
A first aspect of an embodiment of the present invention provides a method for processing a data packet, including:
receiving a data packet;
inquiring a single-domain single table to obtain a value of a matching domain corresponding to the information in the data packet;
inquiring a rule table according to the index corresponding to the value of the matching domain, and acquiring a matching rule corresponding to the table item where the index corresponding to the value of the matching domain is located;
and executing corresponding processing on the data packet according to the matching rule.
In a first possible implementation manner of the first aspect, before the receiving the data packet, the method further includes:
establishing the single domain list table and the rule table; each single-domain single table corresponds to one matching domain, and the matching domains among the single-domain single tables are different;
and respectively adding the values of the corresponding matching domains in the single-domain single table, adding the indexes of the values of the matching domains in the single-domain single table in the table entries in the rule table and configuring the matching rules corresponding to the table entries.
With reference to the first possible implementation manner of the first aspect, in a second possible implementation manner of the first aspect, when the matching type of the matching field in the single-field single table is an exact matching type, the querying the single-field single table to obtain the value of the matching field corresponding to the information in the data packet includes:
and inquiring the single-domain single table by adopting a Hash algorithm to obtain a value of a matching domain corresponding to the information in the data packet.
With reference to the first possible implementation manner of the first aspect, in a third possible implementation manner of the first aspect, when the matching type of the matching field in the single-field single table is a wildcard matching type, the querying the single-field single table to obtain the value of the matching field corresponding to the information in the data packet includes:
and querying the single-domain single table by adopting a HiCuts algorithm to obtain the value of the matching domain corresponding to the information in the data packet.
With reference to the third possible implementation manner of the first aspect, in a fourth possible implementation manner of the first aspect, when the number of the obtained matching rules is multiple, the performing corresponding processing on the data packet according to the matching rules includes:
and acquiring the matching rule with the highest priority in the matching rules, and carrying out corresponding processing on the data packet according to the matching rule with the highest priority.
With reference to any one of the first to fourth possible implementation manners of the first aspect, in a fifth possible implementation manner of the first aspect, the method further includes:
receiving a rule adding request, wherein the rule adding request comprises N values of matching domains to be added and matching rules to be added;
inquiring the single-domain single table, if the values of the N matching domains to be added do not exist, respectively adding the values of the corresponding matching domains in the single-domain single table corresponding to the N matching domains to be added, and respectively recording the reference counts corresponding to the values of the N matching domains to be added as 1;
recording indexes of the N values of the matching domains to be added in the single-domain single table in a first table entry in the rule table, and establishing an incidence relation between the first table entry and the matching rule to be added;
wherein N is an integer and is greater than or equal to 1.
With reference to the fifth possible implementation manner of the first aspect, in a sixth possible implementation manner of the first aspect, the method further includes:
if the values of i matching domains to be added exist in the single-domain single table, and the values of j matching domains to be added do not exist in the single-domain single table, respectively adding the values of the corresponding matching domains in the single-domain single table corresponding to the j matching domains to be added, respectively recording the reference counts corresponding to the values of the j matching domains to be added as 1, and respectively adding 1 to the reference counts corresponding to the values of the i matching domains to be added;
recording indexes of the j values of the matching domains to be added in the second single-domain single table and indexes of the i values of the matching domains to be added in the current single-domain single table in a second table entry in the rule table, and establishing an association relationship between the second table entry and the matching rule to be added;
wherein j and i are integers, both less than N, and i + j = N.
With reference to the fifth possible implementation manner of the first aspect, in a seventh possible implementation manner of the first aspect, the method further includes:
if the values of the N matching domains to be added all exist in the single domain single table, adding 1 to the reference counts corresponding to the values of the N matching domains to be added in the single domain single table;
and recording indexes of the N values of the matching domains to be added in the single-domain single table in a third table entry in the rule table, and establishing an association relationship between the third table entry and the matching rule to be added.
With reference to any one of the first to fourth possible implementation manners of the first aspect, in an eighth possible implementation manner of the first aspect, the method further includes:
receiving a deletion rule request, wherein the deletion rule request comprises values of N matching domains to be deleted;
inquiring the single-domain single table, and if the values of the N matching domains to be deleted exist, inquiring the rule table to obtain a fourth table entry corresponding to the index of the values of the N matching domains to be deleted in the single-domain single table;
if the fourth table entry corresponds to a matching rule, subtracting 1 from the reference count corresponding to the values of the N matching domains to be deleted, and deleting the fourth table entry and the corresponding matching rule;
wherein N is an integer and is greater than or equal to 1.
With reference to the eighth possible implementation manner of the first aspect, in a ninth possible implementation manner of the first aspect, the method further includes:
after subtracting 1 from the reference count corresponding to the values of the N matching domains to be deleted, if the reference count corresponding to the value of at least one matching domain among the values of the N matching domains to be deleted is 0, deleting the value of the matching domain with the reference count of 0.
With reference to any one of the first to fourth possible implementation manners of the first aspect, in a tenth possible implementation manner of the first aspect, the method further includes:
receiving an update rule request, wherein the update rule request comprises an original matching rule and a matching rule to be updated;
and inquiring the rule table, and if the original matching rule exists, replacing the original matching rule with the matching rule to be updated.
A second aspect of an embodiment of the present invention provides a device for processing a data packet, including:
the receiving module is used for receiving the data packet;
the matching domain processing module is used for inquiring the single-domain list table and acquiring the value of the matching domain corresponding to the information in the data packet;
the matching rule processing module is used for inquiring a rule table according to the index corresponding to the value of the matching domain and acquiring the matching rule corresponding to the table item of the index corresponding to the value of the matching domain;
and the data packet processing module is used for executing corresponding processing on the data packet according to the matching rule.
In a first possible implementation manner of the second aspect, the method further includes:
the establishing module is used for establishing the single-domain single table and the rule table; each single-domain single table corresponds to one matching domain, and the matching domains among the single-domain single tables are different;
the single-domain single-table processing module is used for respectively adding the values of the corresponding matching domains in the single-domain single table;
and the rule table processing module is used for increasing the index of the value of the matching domain in the single-domain single table in the table entry in the rule table and configuring the matching rule corresponding to the table entry.
With reference to the first possible implementation manner of the second aspect, in a second possible implementation manner of the second aspect, when the matching type of the matching field in the single-field single table is an exact matching type, the matching field processing module is specifically configured to query the single-field single table by using a hash algorithm, and obtain a value of the matching field corresponding to information in the data packet.
With reference to the first possible implementation manner of the second aspect, in a third possible implementation manner of the second aspect, when the matching type of the matching field in the single-field single table is a wildcard matching type, the matching field processing module is specifically configured to query the single-field single table by using a HiCuts algorithm, and obtain a value of the matching field corresponding to information in the data packet.
With reference to the third possible implementation manner of the second aspect, in a fourth possible implementation manner of the second aspect, when the number of the obtained matching rules is multiple, the packet processing module is specifically configured to obtain a matching rule with a highest priority among the multiple matching rules, and perform corresponding processing on the packet according to the matching rule with the highest priority.
With reference to any one of the first to fourth possible implementation manners of the second aspect, in a fifth possible implementation manner of the second aspect, the receiving module is further configured to receive an add rule request, where the add rule request includes values of the N matching fields to be added and the matching rule to be added;
the matching domain processing module is further configured to query the single-domain single table, if the values of the N matching domains to be added do not exist, add the values of the corresponding matching domains in the single-domain single table corresponding to the N matching domains to be added, and record reference counts corresponding to the values of the N matching domains to be added as 1;
the matching rule processing module is further configured to record, in a first entry in the rule table, indexes of the values of the N matching domains to be added in the single-domain single table, and establish an association relationship between the first entry and the matching rule to be added;
wherein N is an integer and is greater than or equal to 1.
With reference to the fifth possible implementation manner of the second aspect, in a sixth possible implementation manner of the second aspect, the matching domain processing module is further configured to, if i values of the matching domains to be added exist in the single domain single table, and j values of the matching domains to be added do not exist in the single domain single table, respectively add values of corresponding matching domains in the single domain single tables corresponding to the j matching domains to be added, respectively record that reference counts corresponding to the values of the j matching domains to be added are 1, and respectively add 1 to reference counts corresponding to the values of the i matching domains to be added;
the matching rule processing module is further configured to record, in a second entry in the rule table, indexes of the values of the j matching domains to be added in the second single-domain single table and indexes of the values of the i matching domains to be added in the current single-domain single table, and establish an association relationship between the second entry and the matching rule to be added;
wherein j and i are integers, both less than N, and i + j = N.
With reference to the fifth possible implementation manner of the second aspect, in a seventh possible implementation manner of the second aspect, the matching domain processing module is further configured to, if the values of the N matching domains to be added all exist in the single domain single table, add 1 to the reference counts corresponding to the values of the N matching domains to be added in the single domain single table;
the matching rule processing module is further configured to record, in a third entry in the rule table, indexes of the values of the N matching domains to be added in the single-domain single table, and establish an association relationship between the third entry and the matching rule to be added.
With reference to any one of the first to fourth possible implementation manners of the second aspect, in an eighth possible implementation manner of the second aspect, the receiving module is further configured to receive a deletion rule request, where the deletion rule request includes values of N matching domains to be deleted;
the matching rule processing module is further configured to query the single-domain list table by the matching domain processing module, and if the values of the N matching domains to be deleted exist, query the rule table to obtain a fourth table entry corresponding to an index of the value of the N matching domains to be deleted in the single-domain list table;
the matching domain processing module is further configured to subtract 1 from the reference counts corresponding to the values of the N matching domains to be deleted, if the matching rule processing module queries that there is no matching rule corresponding to the fourth entry;
the matching rule processing module is further configured to delete the fourth entry and the corresponding matching rule.
With reference to the eighth possible implementation manner of the second aspect, in a ninth possible implementation manner of the second aspect, the matching domain processing module is further configured to delete, after subtracting 1 from the reference count corresponding to the value of each of the N matching domains to be deleted, the value of the matching domain with the reference count of 0 if the reference count corresponding to the value of at least one of the N matching domains to be deleted is 0.
With reference to any one of the first to fourth possible implementation manners of the second aspect, in a tenth possible implementation manner of the second aspect, the receiving module is further configured to receive an update rule request, where the update rule request includes an original matching rule and a matching rule to be updated;
the matching rule processing module is further configured to query the rule table, and if the original matching rule exists, replace the original matching rule with the matching rule to be updated.
Compared with the prior art that after the data packet is received, each table entry in the multi-domain single table is traversed linearly, the method and the device for processing the data packet acquire the value of the matching domain corresponding to the information in the data packet through the single-domain single table, and then inquire the rule table according to the index corresponding to the value of the matching domain to acquire the corresponding matching rule, so that the problem that the processing speed of the data packet is slow due to the fact that the searching speed is slow in the prior art is solved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a flow chart of one embodiment of a method for processing data packets in accordance with the present invention;
FIG. 2 is a diagram of a prior art multi-domain single table;
FIG. 3a is a schematic diagram of a single domain single table according to the present invention;
FIG. 3b is a schematic diagram of a rule table according to the present invention;
FIG. 4 is a flow chart of another embodiment of a method for processing data packets in accordance with the present invention;
FIG. 5 is a flow chart of yet another embodiment of a method for processing data packets in accordance with the present invention;
FIG. 6 is a flow chart of yet another embodiment of a method for processing data packets in accordance with the present invention;
FIG. 7 is a block diagram of an embodiment of a packet processing apparatus according to the present invention;
fig. 8 is a schematic structural diagram of another embodiment of a packet processing apparatus according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a flowchart of an embodiment of a method for processing a data packet according to the present invention, and as shown in fig. 1, the method of this embodiment may include:
step 101, receiving a data packet.
In this embodiment, for example, the data packet may be: the data packet in OpenFlow is a multi-domain (dimension) data packet, and the like, but the invention is not limited thereto.
And 102, inquiring a single-domain single table to obtain a value of a matching domain corresponding to the information in the data packet.
In this embodiment, a plurality of values corresponding to a matching field in the single-field single table are different, and the value of each matching field is different; the matching fields between single-field single tables are also different. In addition, the information in the data packet specifically refers to information in a header of the data packet, and specifically may be: quintuple information (i.e., source IP address, source port, destination IP address, destination port, and transport layer protocol number) or ten-tuple information (i.e., ingress interface, Ethernet source address, destination address, type, vlan id, IP source address, destination address, protocol, TCP/UDP destination port, source port), etc.
Step 103, inquiring a rule table according to the index corresponding to the value of the matching domain, and obtaining the matching rule corresponding to the table entry where the index corresponding to the value of the matching domain is located.
In this embodiment, the rule table includes at least one entry and a matching rule corresponding to the entry, where the entry includes an index of a value of a matching field in the single-field single table.
And 104, executing corresponding processing on the data packet according to the matching rule.
In this embodiment, fig. 2 is a schematic diagram of a multi-domain single table in the prior art, fig. 3a is a schematic diagram of a single-domain single table in the present invention, and fig. 3b is a schematic diagram of a rule table in the present invention, as shown in fig. 2 and 3, p1, p2, q1, q2, r1 and r2 all represent values of matching domains, and a1 to a8 all represent matching rules, where p1 and p2 belong to one matching domain, q1 and q2 belong to one matching domain, r1 and r2 belong to one matching domain, and three matching domains are different. As can be seen from fig. 2, in the multi-domain single table, the values of each matching domain have repeated fields, i.e., are stored repeatedly, so that additional memory space is consumed, and if the single-domain single table and the rule table in fig. 3a and 3b are used, the single-domain single tables are independent from each other, and there is no problem of matching domain repetition, and in addition, only the index corresponding to the value of the matching domain is stored in the rule table, so that the problems of redundancy and large space consumption of the multi-domain single table due to matching domain repetition can be effectively solved.
In addition, for example, when a multi-domain single table in the prior art is adopted, taking 20 ten thousand ten-tuple table entries as an example, 10 × 10 ten thousand matches are required in a linear traversal manner. If the single-domain single table and the rule table of the invention are adopted, only 10 times of single-domain single table query needs to be carried out to obtain the value of the matching domain corresponding to the information in the data packet, the index corresponding to the value of the matching domain is obtained, and the rule table is queried according to the index to obtain the matching rule corresponding to the table item of the index corresponding to the value of the matching domain, wherein the query times are far less than 10 x 10 ten thousand times, so that the searching speed is effectively improved, and the processing speed of the data packet is effectively improved.
In this embodiment, by receiving a data packet, querying a single-domain single table, obtaining a value of a matching domain corresponding to information in the data packet, and querying a rule table according to an index corresponding to the value of the matching domain, obtaining a matching rule corresponding to an entry where the index corresponding to the value of the matching domain is located, and performing corresponding processing on the data packet according to the matching rule, compared with the prior art in which after the data packet is received, each entry in a multi-domain single table is traversed linearly, in the present invention, the value of the matching domain corresponding to the information in the data packet is obtained through the single-domain single table, and then the rule table is queried according to the index corresponding to the value of the matching domain, so as to obtain the corresponding matching rule, thereby solving the problem that the speed of searching is slow in the prior art, and the speed of processing the data packet is slow.
Further, in another embodiment of the present invention, on the basis of the embodiment shown in fig. 1, before step 101, the method may further include:
establishing the single domain list and the rule list; and the matching domain between the single-domain single tables is different.
And respectively adding the values of the corresponding matching domains in the single-domain single table, adding the indexes of the values of the matching domains in the single-domain single table in the table entry in the rule table and configuring the matching rule corresponding to the table entry.
Optionally, the specific implementation manners of step 102 include the following:
and when the matching type of the matching domain in the single-domain single table is the accurate matching type, inquiring the multiple single-domain single tables by adopting a Hash algorithm to obtain the matching domain corresponding to the information in the data packet. Or,
and when the matching type of the matching domain in the single-domain single table is the wildcard matching type, querying the multiple single-domain single tables by adopting a HiCuts algorithm to obtain the matching domain corresponding to the information in the data packet.
In this embodiment, taking OpenFlow as an example, the OpenFlow1.2 protocol supports 36 matching domains, and there may be 36 single-domain single tables, that is, each single-domain single table corresponds to one matching domain. In addition, according to the matching type of the matching field, the matching field can be divided into two types of matching fields, namely, an exact matching type (which may be specifically referred to as a normal matching type) and a wildcard matching type (which may be specifically referred to as a wildcard matching type of a hasmask), for example: the matching fields belonging to the exact match type are: OXM _ OF _ IN _ PORT, OXM _ OF _ IN _ PHY _ PORT, etc. The matching fields belonging to the wildcard matching type are: OXM _ OF _ IPV4_ SRC, OXM _ OF _ IPV4_ DST, and so on.
It should be noted that the present invention is not limited to using the hash algorithm or the HiCuts algorithm to query the single-domain list table to obtain the value of the matching domain corresponding to the information in the data packet, and may also use other methods to query the single-domain list table to obtain the value of the matching domain corresponding to the information in the data packet.
Optionally, when the matching type of the matching field in the single-field single table is a wildcard matching type, the number of the obtained matching rules is multiple, and then the specific implementation manner of step 104 is:
and acquiring the matching rule with the highest priority in the matching rules, and correspondingly processing the data packet according to the matching rule with the highest priority.
Optionally, a specific implementation manner of step 103 is:
and inquiring a rule table by adopting a Hash algorithm according to the index corresponding to the value of the matching domain to obtain the matching rule corresponding to the table item of the index corresponding to the value of the matching domain.
In this embodiment, when the matching type of the matching domain in the single domain single table is a wildcard matching type, taking the information in the data packet includes a port and an IP address as an example, after querying the multiple single domain single tables by using a HiCuts algorithm, the number of the matching domains corresponding to the obtained port may be multiple, and the number of the matching domains corresponding to the obtained IP address may also be multiple, according to the indexes of the multiple matching domains corresponding to the port and the indexes of the multiple matching domains corresponding to the IP address, the matching domains may be matched with the multiple matching rules in the rule table, and the matching rule with the highest priority is output.
For example, taking the single domain list table and the rule table shown in fig. 3a and 3b as examples, if the information in the data packet includes a port, an IP address, and a MAC address, after querying the multiple single domain list tables by using the HiCuts algorithm, the matching domains corresponding to the obtained port may be p1 and p2, the matching domain corresponding to the obtained IP address may be q1, and the matching domains corresponding to the obtained MAC address are r1 and r2, then, according to the indexes of p1, p2, q1, r1, and r2, the rule table is queried, and the matching rules corresponding to the table entry where the index of the matching domain is located are a1, a6, a2, and a5, it is necessary to select the highest-priority matching rule to perform corresponding processing on the data packet according to the priorities of a1, a6, a2, and a 5.
Fig. 4 is a flowchart of another embodiment of the method for processing a data packet according to the present invention, and on the basis of the above two embodiments, before step 101, the method may further include:
step 201, receiving a rule adding request, where the rule adding request includes values of N matching fields to be added and matching rules to be added.
Step 202, inquiring a single-domain single table, and judging whether the values of N matching domains to be added exist in the single-domain single table; if the values of the N matching fields to be added do not exist in the single-field single table, go to step 203; if the values of i matching fields to be added exist in the single-field single table, and the values of j matching fields to be added do not exist in the single-field single table, execute step 205; if the values of the N matching fields to be added all exist in the single-field single table, step 207 is executed.
Step 203, respectively adding the values of the corresponding matching domains in the single domain list tables corresponding to the N matching domains to be added, and respectively recording the reference counts corresponding to the values of the N matching domains to be added as 1.
Step 204, recording the index of the values of the N matching domains to be added in the single domain single table in the first table entry in the rule table, and establishing the association relationship between the first table entry and the matching rule to be added. And (6) ending.
Step 205, adding the values of the corresponding matching domains in the single domain list tables corresponding to the j matching domains to be added, respectively recording the reference counts corresponding to the values of the j matching domains to be added as 1, and respectively adding 1 to the reference counts corresponding to the values of the i matching domains to be added;
wherein N is an integer and is greater than or equal to 1.
Step 206, recording the indexes of the j values of the matching domains to be added in the second single domain single table and the indexes of the i values of the matching domains to be added in the current single domain single table in a second table entry in the rule table, and establishing the association relationship between the second table entry and the matching rule to be added. And (6) ending.
Wherein j and i are integers, both less than N, and i + j = N.
And step 207, adding 1 to the reference counts corresponding to the values of the N matching fields to be added in the single-field single table.
Step 208, recording the index of the values of the N matching domains to be added in the single-domain single table in the third table entry in the rule table, and establishing the association relationship between the third table entry and the matching rule to be added.
And the fourth index is the index of the N matching fields to be added in the current single-field single table.
Fig. 5 is a flowchart of a method for processing a data packet according to another embodiment of the present invention, and based on the embodiment shown in fig. 1, as shown in fig. 5, before step 101, the method may further include:
step 301, receiving a delete rule request, where the delete rule request includes values of N matching domains to be deleted.
Step 302, querying the single-domain single table, and if the values of the N matching domains to be deleted exist, querying the rule table to obtain a fourth table entry corresponding to the index of the values of the N matching domains to be deleted in the single-domain single table.
Step 303, if the fourth entry corresponds to a matching rule, subtracting 1 from the reference count corresponding to the values of the N matching fields to be deleted, and deleting the fourth entry and the corresponding matching rule.
In this embodiment, when the current single-domain single table is queried, if there are no N values of the matching domains to be added, it is indicated that there is no rule that needs to be deleted, and the deletion rule request is discarded. Or, in the query rule table, if the fourth entry does not exist, the deletion rule request is discarded.
Fig. 6 is a flowchart of a further embodiment of the method for processing a data packet according to the present invention, and based on the embodiment shown in fig. 1, as shown in fig. 6, before step 101, the method may further include:
step 401, receiving an update rule request, where the update rule request includes an original matching rule and a matching rule to be updated.
Step 402, inquiring the rule table, and if the original matching rule exists, replacing the original matching rule with the matching rule to be updated.
Those of ordinary skill in the art will understand that: all or a portion of the steps of implementing the above-described method embodiments may be performed by hardware associated with program instructions. The program may be stored in a computer-readable storage medium. When executed, the program performs steps comprising the method embodiments described above; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
Fig. 7 is a schematic structural diagram of an embodiment of a device for processing a data packet according to the present invention, and as shown in fig. 7, the device of the present embodiment includes: the device comprises a receiving module 11, a matching domain processing module 12, a matching rule processing module 13 and a data packet processing module 14; the receiving module 11 is configured to receive a data packet; the matching field processing module 12 is configured to query the single field list table, and obtain a value of a matching field corresponding to information in the data packet; the matching rule processing module 13 is configured to query a rule table according to the index corresponding to the value of the matching field, and obtain a matching rule corresponding to a table entry where the index corresponding to the value of the matching field is located; the data packet processing module 14 is configured to perform corresponding processing on the data packet according to the matching rule.
The processing apparatus of the data packet of this embodiment may execute the technical solution of the method embodiment shown in fig. 1, and the implementation principles thereof are similar, and are not described herein again.
In this embodiment, by receiving a data packet, querying a single-domain single table, obtaining a value of a matching domain corresponding to information in the data packet, and querying a rule table according to an index corresponding to the value of the matching domain, obtaining a matching rule corresponding to an entry where the index corresponding to the value of the matching domain is located, and performing corresponding processing on the data packet according to the matching rule, compared with the prior art in which after the data packet is received, each entry in a multi-domain single table is traversed linearly, in the present invention, the value of the matching domain corresponding to the information in the data packet is obtained through the single-domain single table, and then the rule table is queried according to the index corresponding to the value of the matching domain, so as to obtain the corresponding matching rule, thereby solving the problem that the speed of searching is slow in the prior art, and the speed of processing the data packet is slow.
Fig. 8 is a schematic structural diagram of another embodiment of a data packet processing apparatus according to the present invention, and based on the embodiment shown in fig. 7, as shown in fig. 8, the apparatus of this embodiment further includes: the system comprises an establishing module 15, a single-domain single-table processing module 16 and a rule table processing module 17; wherein, the establishing module 15 is configured to establish the single domain list and the rule list; each single-domain single table corresponds to one matching domain, and the matching domains among the single-domain single tables are different; the single-domain single-table processing module 16 is configured to add a value of a corresponding matching domain to the single-domain single table; the rule table processing module 17 is configured to add, to the entries in the rule table, an index of the value of the matching field in the single-field single table and configure the matching rule corresponding to the entry.
Optionally, when the matching type of the matching field in the single-field single table is an exact matching type, the matching field processing module 12 is specifically configured to query the single-field single table by using a hash algorithm, and obtain a value of the matching field corresponding to the information in the data packet.
Optionally, when the matching type of the matching field in the single-field single table is a wildcard matching type, the matching field processing module 12 is specifically configured to query the single-field single table by using a HiCuts algorithm, and obtain a value of the matching field corresponding to the information in the data packet.
In addition, when the number of the obtained matching rules is multiple, the packet processing module 14 is specifically configured to obtain a matching rule with the highest priority among the multiple matching rules, and perform corresponding processing on the packet according to the matching rule with the highest priority.
Further, in another embodiment of the present invention, on the basis of the embodiment shown in fig. 8, the receiving module 11 is further configured to receive an add rule request, where the add rule request includes values of N matching fields to be added and matching rules to be added; the matching domain processing module 12 is further configured to query the single-domain single table, if there are no values of the N matching domains to be added, add corresponding values of the matching domains to the single-domain single table corresponding to the N matching domains to be added, and record reference counts corresponding to the values of the N matching domains to be added as 1; the matching rule processing module 13 is further configured to record, in a first entry in the rule table, an index of the values of the N matching domains to be added in the single-domain single table, and establish an association relationship between the first entry and the matching rule to be added; wherein N is an integer and is greater than or equal to 1.
Optionally, the matching domain processing module 12 is further configured to, if i to-be-added matching domains have values in the single domain single table and j to-be-added matching domains have values not in the single domain single table, respectively add corresponding values of the matching domains in the single domain single table corresponding to the j to-be-added matching domains, respectively record that reference counts corresponding to the j to-be-added matching domains have values of 1, and respectively add 1 to the reference counts corresponding to the i to-be-added matching domains; the matching rule processing module 13 is further configured to record, in a second entry in the rule table, indexes of the j to-be-added matching fields in the second single-field single table and indexes of the i to-be-added matching fields in the current single-field single table, and establish an association relationship between the second entry and the to-be-added matching rule; wherein j and i are integers, both less than N, and i + j = N.
Optionally, the matching domain processing module 12 is further configured to, if the values of the N matching domains to be added all exist in the single domain single table, add 1 to the reference counts corresponding to the values of the N matching domains to be added in the single domain single table; the matching rule processing module 13 is further configured to record, in a third entry in the rule table, an index of the values of the N matching fields to be added in the single-field single table, and establish an association relationship between the third entry and the matching rule to be added.
Further, in a further embodiment of the present invention, on the basis of the embodiment shown in fig. 8, the receiving module 11 is further configured to receive a deletion rule request, where the deletion rule request includes values of N matching fields to be deleted; the matching rule processing module 13 is further configured to query the single-domain list table by the matching domain processing module 12, and if there are values of the N matching domains to be deleted, query the rule table to obtain a fourth table entry corresponding to an index of the N matching domains to be deleted in the single-domain list table; the matching domain processing module 12 is further configured to, if the matching rule processing module 13 queries that there is no matching rule corresponding to the fourth entry, subtract 1 from the reference count corresponding to the values of the N matching domains to be deleted; the matching rule processing module 13 is further configured to delete the fourth entry and the corresponding matching rule.
Optionally, the matching domain processing module 12 is further configured to delete the value of the matching domain with the reference count of 0 if the reference count corresponding to at least one of the values of the N matching domains to be deleted is 0 after subtracting 1 from the reference count corresponding to the value of the N matching domains to be deleted, respectively.
Further, in a further embodiment of the present invention, on the basis of the embodiment shown in fig. 8, the receiving module 11 is further configured to receive an update rule request, where the update rule request includes an original matching rule and a matching rule to be updated; the matching rule processing module 13 is further configured to query the rule table, and if the original matching rule exists, replace the original matching rule with the matching rule to be updated.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.

Claims (22)

1. A method for processing a data packet, comprising:
receiving a data packet;
inquiring a single-domain single table to obtain a value of a matching domain corresponding to the information in the data packet;
inquiring a rule table according to the index corresponding to the value of the matching domain, and acquiring a matching rule corresponding to the table item where the index corresponding to the value of the matching domain is located;
according to the matching rule, corresponding processing is carried out on the data packet;
and the matching domain between the single-domain single tables is different.
2. The method of claim 1, wherein prior to receiving the data packet, the method further comprises:
establishing the single domain list table and the rule table;
and respectively adding the values of the corresponding matching domains in the single-domain single table, adding the indexes of the values of the matching domains in the single-domain single table in the table entries in the rule table and configuring the matching rules corresponding to the table entries.
3. The method according to claim 2, wherein when the matching type of the matching field in the single-field single table is an exact matching type, the querying the single-field single table to obtain the value of the matching field corresponding to the information in the data packet comprises:
and inquiring the single-domain single table by adopting a Hash algorithm to obtain a value of a matching domain corresponding to the information in the data packet.
4. The method according to claim 2, wherein when the matching type of the matching field in the single-field single table is a wildcard matching type, the querying the single-field single table to obtain the value of the matching field corresponding to the information in the data packet comprises:
and querying the single-domain single table by adopting a HiCuts algorithm to obtain the value of the matching domain corresponding to the information in the data packet.
5. The method according to claim 4, wherein when the number of the obtained matching rules is multiple, the performing corresponding processing on the data packet according to the matching rules includes:
and acquiring the matching rule with the highest priority in the matching rules, and carrying out corresponding processing on the data packet according to the matching rule with the highest priority.
6. The method of any of claims 2 to 5, further comprising:
receiving a rule adding request, wherein the rule adding request comprises N values of matching domains to be added and matching rules to be added;
inquiring the single-domain single table, if the values of the N matching domains to be added do not exist, respectively adding the values of the corresponding matching domains in the single-domain single table corresponding to the N matching domains to be added, and respectively recording the reference counts corresponding to the values of the N matching domains to be added as 1;
recording indexes of the N values of the matching domains to be added in the single-domain single table in a first table entry in the rule table, and establishing an incidence relation between the first table entry and the matching rule to be added;
wherein N is an integer and is greater than or equal to 1.
7. The method of claim 6, further comprising:
if the values of i matching domains to be added exist in the single-domain single table, and the values of j matching domains to be added do not exist in the single-domain single table, respectively adding the values of the corresponding matching domains in the single-domain single table corresponding to the j matching domains to be added, respectively recording the reference counts corresponding to the values of the j matching domains to be added as 1, and respectively adding 1 to the reference counts corresponding to the values of the i matching domains to be added;
recording indexes of the j values of the matching domains to be added in the corresponding single-domain single table and indexes of the i values of the matching domains to be added in the single-domain single table in a second table entry in the rule table, and establishing an association relationship between the second table entry and the matching rule to be added;
wherein j and i are integers, both less than N, and i + j ═ N.
8. The method of claim 6, further comprising:
if the values of the N matching domains to be added all exist in the single domain single table, adding 1 to the reference counts corresponding to the values of the N matching domains to be added in the single domain single table;
and recording indexes of the N values of the matching domains to be added in the single-domain single table in a third table entry in the rule table, and establishing an association relationship between the third table entry and the matching rule to be added.
9. The method of any of claims 2 to 5, further comprising:
receiving a deletion rule request, wherein the deletion rule request comprises values of N matching domains to be deleted;
inquiring the single-domain single table, and if the values of the N matching domains to be deleted exist, inquiring the rule table to obtain a fourth table entry corresponding to the index of the values of the N matching domains to be deleted in the single-domain single table;
if the fourth table entry corresponds to a matching rule, subtracting 1 from the reference count corresponding to the values of the N matching domains to be deleted, and deleting the fourth table entry and the corresponding matching rule;
wherein N is an integer and is greater than or equal to 1.
10. The method of claim 9, further comprising:
after subtracting 1 from the reference count corresponding to the values of the N matching domains to be deleted, if the reference count corresponding to the value of at least one matching domain among the values of the N matching domains to be deleted is 0, deleting the value of the matching domain with the reference count of 0.
11. The method of any of claims 2 to 5, further comprising:
receiving an update rule request, wherein the update rule request comprises an original matching rule and a matching rule to be updated;
and inquiring the rule table, and if the original matching rule exists, replacing the original matching rule with the matching rule to be updated.
12. An apparatus for processing packets, comprising:
the receiving module is used for receiving the data packet;
the matching domain processing module is used for inquiring the single-domain list table and acquiring the value of the matching domain corresponding to the information in the data packet;
the matching rule processing module is used for inquiring a rule table according to the index corresponding to the value of the matching domain and acquiring the matching rule corresponding to the table item of the index corresponding to the value of the matching domain;
the data packet processing module is used for executing corresponding processing on the data packet according to the matching rule;
and the matching domain between the single-domain single tables is different.
13. The apparatus of claim 12, further comprising:
the establishing module is used for establishing the single-domain single table and the rule table;
the single-domain single-table processing module is used for respectively adding the values of the corresponding matching domains in the single-domain single table;
and the rule table processing module is used for increasing the index of the value of the matching domain in the single-domain single table in the table entry in the rule table and configuring the matching rule corresponding to the table entry.
14. The apparatus according to claim 13, wherein when the matching type of the matching field in the single-field single table is an exact matching type, the matching field processing module is specifically configured to query the single-field single table by using a hash algorithm to obtain a value of the matching field corresponding to the information in the data packet.
15. The apparatus according to claim 13, wherein when the matching type of the matching field in the single-field single table is a wildcard matching type, the matching field processing module is specifically configured to query the single-field single table by using HiCuts algorithm to obtain the value of the matching field corresponding to the information in the data packet.
16. The apparatus according to claim 15, wherein when the number of the obtained matching rules is multiple, the packet processing module is specifically configured to obtain a matching rule with a highest priority among the multiple matching rules, and perform corresponding processing on the packet according to the matching rule with the highest priority.
17. The apparatus according to any one of claims 13 to 16, wherein the receiving module is further configured to receive an add rule request, where the add rule request includes values of N matching fields to be added and matching rules to be added;
the matching domain processing module is further configured to query the single-domain single table, if the values of the N matching domains to be added do not exist, add the values of the corresponding matching domains in the single-domain single table corresponding to the N matching domains to be added, and record reference counts corresponding to the values of the N matching domains to be added as 1;
the matching rule processing module is further configured to record, in a first entry in the rule table, indexes of the values of the N matching domains to be added in the single-domain single table, and establish an association relationship between the first entry and the matching rule to be added;
wherein N is an integer and is greater than or equal to 1.
18. The apparatus according to claim 17, wherein the matching domain processing module is further configured to, if i values of the matching domains to be added exist in the single-domain single table, and j values of the matching domains to be added do not exist in the single-domain single table, add corresponding values of the matching domains in the single-domain single table corresponding to the j matching domains to be added, respectively record reference counts corresponding to the j values of the matching domains to be added as 1, and respectively add 1 to the reference counts corresponding to the i values of the matching domains to be added;
the matching rule processing module is further configured to record, in a second entry in the rule table, indexes of the values of the j matching domains to be added in the corresponding single-domain single table and indexes of the values of the i matching domains to be added in the single-domain single table, and establish an association relationship between the second entry and the matching rule to be added;
wherein j and i are integers, both less than N, and i + j ═ N.
19. The apparatus according to claim 17, wherein the matching field processing module is further configured to, if the values of the N matching fields to be added all exist in the single field single table, add 1 to the reference counts corresponding to the values of the N matching fields to be added in the single field single table;
the matching rule processing module is further configured to record, in a third entry in the rule table, indexes of the values of the N matching domains to be added in the single-domain single table, and establish an association relationship between the third entry and the matching rule to be added.
20. The apparatus according to any one of claims 13 to 16, wherein the receiving module is further configured to receive a delete rule request, where the delete rule request includes values of N matching fields to be deleted;
the matching rule processing module is further configured to query the single-domain list table by the matching domain processing module, and if the values of the N matching domains to be deleted exist, query the rule table to obtain a fourth table entry corresponding to an index of the value of the N matching domains to be deleted in the single-domain list table;
the matching domain processing module is further configured to subtract 1 from the reference counts corresponding to the values of the N matching domains to be deleted, if the matching rule processing module queries that there is no matching rule corresponding to the fourth entry;
the matching rule processing module is further configured to delete the fourth entry and the corresponding matching rule.
21. The apparatus according to claim 20, wherein the matching field processing module is further configured to delete the value of the matching field with the reference count of 0 if the reference count corresponding to the value of at least one of the N values of the matching field to be deleted is 0 after subtracting 1 from the reference count corresponding to the value of the N matching field to be deleted, respectively.
22. The apparatus according to any one of claims 13 to 16, wherein the receiving module is further configured to receive an update rule request, where the update rule request includes an original matching rule and a matching rule to be updated;
the matching rule processing module is further configured to query the rule table, and if the original matching rule exists, replace the original matching rule with the matching rule to be updated.
CN201310687011.7A 2013-12-13 2013-12-13 The treating method and apparatus of packet Active CN103647718B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310687011.7A CN103647718B (en) 2013-12-13 2013-12-13 The treating method and apparatus of packet

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310687011.7A CN103647718B (en) 2013-12-13 2013-12-13 The treating method and apparatus of packet

Publications (2)

Publication Number Publication Date
CN103647718A CN103647718A (en) 2014-03-19
CN103647718B true CN103647718B (en) 2018-02-13

Family

ID=50252877

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310687011.7A Active CN103647718B (en) 2013-12-13 2013-12-13 The treating method and apparatus of packet

Country Status (1)

Country Link
CN (1) CN103647718B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105100023B (en) * 2014-05-21 2018-10-16 腾讯科技(深圳)有限公司 Data packet feature extracting method and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101977177A (en) * 2010-07-30 2011-02-16 北京星网锐捷网络技术有限公司 Method and device for establishing table entry of flow table and method and device for querying table entry of flow table
CN103259718A (en) * 2013-04-18 2013-08-21 华为技术有限公司 Flow table conversion method and device
CN103354522A (en) * 2013-06-28 2013-10-16 华为技术有限公司 Method and device for searching multistage flow table

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120099591A1 (en) * 2010-10-26 2012-04-26 Dell Products, Lp System and Method for Scalable Flow Aware Network Architecture for Openflow Based Network Virtualization
CN103401777B (en) * 2013-08-21 2015-12-02 中国人民解放军国防科学技术大学 The parallel search method and system of Openflow

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101977177A (en) * 2010-07-30 2011-02-16 北京星网锐捷网络技术有限公司 Method and device for establishing table entry of flow table and method and device for querying table entry of flow table
CN103259718A (en) * 2013-04-18 2013-08-21 华为技术有限公司 Flow table conversion method and device
CN103354522A (en) * 2013-06-28 2013-10-16 华为技术有限公司 Method and device for searching multistage flow table

Also Published As

Publication number Publication date
CN103647718A (en) 2014-03-19

Similar Documents

Publication Publication Date Title
US10404592B2 (en) System and method to facilitate content forwarding using bit index explicit replication (BIER) in an information-centric networking (ICN) environment
US10148573B2 (en) Packet processing method, node, and system
US10237130B2 (en) Method for processing VxLAN data units
US9374294B1 (en) On-demand learning in overlay networks
US10791051B2 (en) System and method to bypass the forwarding information base (FIB) for interest packet forwarding in an information-centric networking (ICN) environment
US9967177B2 (en) Control apparatus, communication system, switch control method and program
US10313154B2 (en) Packet forwarding
CN104821890A (en) Realization method for OpenFlow multi-level flow tables based on ordinary switch chip
EP3179687B1 (en) Network flow information statistics method and apparatus
TW201501556A (en) Apparatus and method for uniquely enumerating paths in a parse tree
US20180351878A1 (en) Multicast data packet forwarding
WO2018001020A1 (en) Aggregated link based message forwarding method and device
US9473395B2 (en) Ultra low latency multi-protocol network device
CN113810337B (en) Method, device and storage medium for network message deduplication
CN106487769B (en) Method and device for realizing Access Control List (ACL)
EP3384642B1 (en) Forwarding table compression
US9749262B2 (en) Packet processing method and forwarding element
CN103647718B (en) The treating method and apparatus of packet
US20150381775A1 (en) Communication system, communication method, control apparatus, control apparatus control method, and program
US9912581B2 (en) Flow inheritance
JP2016006942A (en) Table management device and table management method
CN115134298A (en) Message processing method and network equipment
WO2016045316A1 (en) Method and apparatus for controlling soft-reset data recovery, and packet transport network device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant