CN104348729B - A kind of Internet streaming sorting technique of software and hardware combining - Google Patents
A kind of Internet streaming sorting technique of software and hardware combining Download PDFInfo
- Publication number
- CN104348729B CN104348729B CN201410534323.9A CN201410534323A CN104348729B CN 104348729 B CN104348729 B CN 104348729B CN 201410534323 A CN201410534323 A CN 201410534323A CN 104348729 B CN104348729 B CN 104348729B
- Authority
- CN
- China
- Prior art keywords
- bitmap
- stream
- mobile
- address group
- internet streaming
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The present invention provides a kind of Internet streaming sorting technique of software and hardware combining, carries out cutting to Internet streaming by bitmap vector BV algorithms or polymerization bitmap vector ABV algorithms, and combine the pattern matching algorithm of admixture automatic machine HFA, carries out flow point class.The processing capacity of Hardware match engine is made full use of, the processing logic of software algorithm is simplified, to reach the stream maximized purpose of classification effectiveness.
Description
【Technical field】
The present invention relates to flow classification techniques fields.
【Background technology】
There are two types of traditional packet classification algorithm implementations, i.e. hardware realization and software realization.Hardware realization is mainly base
In the hardware searching of TCAM (ternary content addressable memory).The main algorithm of software realization has:With
BV (BitmapVector) and ABV (Aggregate Bitmap Vector) is the bit vectors algorithm of representative, is with HiCuts
The decision Tree algorithms of representative, and calculated with the recursive-flow category that RFC (Recursive Flow Classification) is representative
Method.
Traditional fixed network stream class condition has:1TCP/UDP port numbers;2URL and sub- URL;The addresses 3MAC;The addresses 4IP;
5IP priority;6 times etc..And as mobile internet access equipment, need to increase user mobile phone number as user identifier,
New requirement is also proposed to traditional packet classification algorithm in this way.
Packet classification algorithm based on software, on the evaluation index of the flow points class such as classification speed, memory space, renewal speed
Respectively have an advantage and disadvantage, but on the whole for, these algorithms have this qualitative difference, TCAM with based on hardware TCAM sorting algorithms
(ternary content addressable memory) is a kind of three-state content addressing memory, is mainly used for quickly searching
The list items such as ACL, routing.TCAM has the advantages that search speed is fast, easy to operate, but simultaneously it also have the shortcomings that 3 it is apparent:
It is of high cost, power consumption is big and routing update is complicated.And TCAM is realized mainly for fixed network, is not molded for mobile network cell-phone number
Solution.
【Invention content】
The present invention provides a kind of mobile Internet stream sorting techniques of software and hardware combining, can either make full use of hardware
The advantage matched, and can classify to the cell-phone number of mobile Internet.The method of the mobile Internet flow point class includes:
Cutting is carried out to Internet streaming by bitmap vector BV algorithms or polymerization bitmap vector ABV algorithms;And combine solidification
The pattern matching algorithm of admixture automatic machine HFA in the chips matches mobile Internet stream, according to matched knot
Fruit convection current is classified.
Preferably, the bitmap strategy determination be specially:DPI parsings are carried out to Internet streaming first, obtain application
Agreement, keyword content and user mobile phone number information carry out subscriber policy bitmap matching according to 8 tuples, will according to matching result
Internet streaming cutting is fixed network user's stream and mobile network users stream;Wherein, 8 tuple includes:Source IP address, destination IP
Location, source port, destination interface, protocol number, user mobile phone number, message carry keyword and to the action to be done of message.
Preferably, if Internet streaming flows for mobile subscriber, judge whether to get groups of mobile subscribers ID, if so,
Then calculative strategy bitmap is that the Internet streaming belongs to corresponding movable address group, and otherwise, which belongs to acquiescence movably
Location group.
Preferably, if Internet streaming flows for fixed network user, judge whether to get source address group, if it is, meter
It is that the Internet streaming belongs to corresponding source address group to calculate tactful bitmap, and otherwise, which belongs to default sources group of addresses.
Preferably, the method further includes:Judge whether to get destination address group, if it is, calculative strategy bitmap
For corresponding destination address group, otherwise, source address group policy bitmap is acquiescence destination address group bitmap.
The present invention is on the basis of traditional packet classification algorithm, by the hardware of the software realization of flow point class and pattern match
It is combined with engine, makes full use of the processing capacity of Hardware match engine, simplify the processing logic of software algorithm, to reach stream
The maximization of classification effectiveness;Traditional packet classification algorithm is mainly for fixed network IP five-tuples, and the present invention is by mobile network and fixed network
Flow point class is combined, and realizes the flow point class of mobile network, fixed network, mobile reinforcing network.
【Description of the drawings】
Fig. 1 is the chip structure that solidification has HFA matching algorithms;
Fig. 2 is the flow point class matching treatment flow of the present invention.
【Specific implementation mode】
2 kinds of general-purpose algorithms have been respectively adopted in the flow point class processing that this patent proposes:
1, software algorithm
The calculation that BV (Bitmap Vector, bitmap vector) algorithm is a kind of concurrency using hardware position level to accelerate
Method, ABV (Aggregated Bitmap Vector, polymerization bitmap vector) algorithm are the improvement to bitmap vector algorithm, mesh
Be by polymerization be further reduced memory access number to accelerate to classify.Its basic thought is " segmentation --- merge ", it is by a d
The stream classification problem of dimension is divided into d one-dimensional matched subproblems, then merges to the end by the result of subproblem
Matching rule.In being realized for the packet classification algorithm of fixed network, using ABV to d dimensions such as IP, the ports classified
Tuple build d non-fully binary tree, and hang in the endpoint node of binary tree (node corresponding with classification policy) corresponding
Tactful bitmap vector.
2, hardware algorithm
HFA (Hyper Finite Automata) is that one kind combining deterministic finite automaton (DFA) and uncertainty
The pattern matching algorithm of finite automata (NFA).The algorithm is solidificated in as matching engine on the chip of Cavium companies.Such as
Shown in Fig. 1.
It, can be in conjunction with the dimension cutting of the Hardware match ability and ABV algorithms of HFA pattern matching engines by analyzing above
Thought, the tuple of mobile Internet flow is subjected to cutting, and match using HFA engines.It is exactly than more typical application
Agreement, port numbers and cell-phone number.
For example, the processing method of mobile Internet:
Step 1:Groups of mobile subscribers is configured, multiple mobile phone number sections under mobile phone group are added.By mobile phone group binding to strategy ID
On.Step 2:Configurating mobile rule on software, such as all cell-phone numbers (with 138 beginnings) are matched under a certain number section, soft
Corresponding matching rule is made based on canonical on part, for search it is all with 138 beginning, followed by 8 bit digitals character string (as
13800001000)。
Step 3:By rule be handed down to HFA matching engine (hardware), generate figure, message come in after by HFA, have No. 138
Then HFA feeds back the number section successful match to section.
Step 4:Corresponding groups of mobile subscribers is found according to the cell-phone number of feedback, then corresponding plan is found by tactful bitmap
Slightly ID, to complete stream classification and matching.In this way after cell-phone number is matched, corresponding bitmap is obtained, to complete flow
Classification.
The process of flow point class is illustrated following primarily by mobile network cell-phone number flow:
When carrying out classification processing to message, it would be desirable to identify that message still moves for fixed network and (need to obtain message
Source, purpose ip, No. msisdn), then the application type of message, the keyword that message carries carries out certain class to the message of identification
Disposition.Material is thus formed the basic constitution elements of strategy:
The keyword that the application type of (source, purpose ip, msisdn)+message+message carries+to the action to be done of message.
One strategy corresponds to a kind of message, so the configuration composition of strategy:
Tactful ID (the smaller priority of ID is higher)+user group+apply class+content group+action group
Flow point class allocation plan:One strategy is user group (+one destination address group+movement of a source address group
User group)+one apply+one contents list+action group of class
This patent is based primarily upon user group classification and provides a solution:
Principle of classification of the user group in flow point class:
One source ip can belong to multiple one or more source address groups and a default sources group of addresses for representing all users,
One purpose ip can belong to multiple one or more destination address groups and an acquiescence purpose for representing all users
Group of addresses
One cell-phone number can belong to multiple one or more movable address groups and an acquiescence movement for representing mobile phone user
Group of addresses, a group of addresses can belong to one or more strategies.
Flow point class matching treatment flow is as shown in Figure 2:
Message progress DPI parsings to entrance, return application protocol, keyword content, user mobile phone number information, and according to
8 tuple informations do strategy matching;Wherein, 8 tuple includes:Source IP address, purpose IP address, source port, destination interface, association
View number, user mobile phone number are (such as:Msisdn), message carry keyword and to the action to be done of message.
Judge that user is fixed network user or mobile network users;
If it is fixed network user, then source IP is searched whether in source address group, if calculative strategy bitmap is corresponding
Source address group bitmap, if it was not then calculative strategy bitmap be default sources group of addresses bitmap;Next whether destination IP is searched
In destination address group, if calculative strategy bitmap is corresponding destination address group, if it was not then source address group plan
Slightly bitmap is acquiescence destination address group bitmap.
If it is mobile network users, then cell-phone number is searched whether in movable address group, if in calculative strategy bitmap
It is corresponding movable address group bitmap, if it was not then calculative strategy bitmap is acquiescence movable address group bitmap.
Then, according to application, user, action and keyword traversal strategies bitmap, acquisition strategy ID and relevant policy information,
Corresponding processing is done to message according to policy action.
Claims (5)
1. a kind of mobile Internet stream sorting technique, which is characterized in that including:
DPI parsings are carried out to Internet streaming, obtain application protocol, keyword content and user mobile phone number information, according to 8 tuples into
Row subscriber policy bitmap matches, and according to matching result, will be moved by bitmap vector BV algorithms or polymerization bitmap vector ABV algorithms
Internet streaming carries out cutting, and combines the pattern matching algorithm of the admixture automatic machine HFA of solidification in the chips mutual to movement
Networking stream is matched;The mobile Internet stream includes fixed network user's stream and mobile network users stream;
Mobile Internet stream is classified as fixed network user's stream and mobile network users stream according to matched result.
2. being based on method described in claim 1, which is characterized in that 8 tuple includes:Source IP address, purpose IP address, source
Port, destination interface, protocol number, user mobile phone number, message carry keyword and to the action to be done of message.
3. based on the method described in claim 2, which is characterized in that if Internet streaming flows for mobile subscriber, judge whether
Groups of mobile subscribers ID is got, if it is, calculative strategy bitmap, which is the Internet streaming, belongs to corresponding movable address group, it is no
Then, which belongs to acquiescence movable address group.
4. based on the method described in claim 2, which is characterized in that if Internet streaming flows for fixed network user, judge whether
Source address group is got, if it is, calculative strategy bitmap, which is the Internet streaming, belongs to corresponding source address group, otherwise, this is mutually
Networking stream belongs to default sources group of addresses.
5. based on the method described in claim 4, which is characterized in that further include:Judge whether to get destination address group, if
It is that then calculative strategy bitmap is corresponding destination address group, otherwise, source address group policy bitmap is acquiescence destination address group position
Figure.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410534323.9A CN104348729B (en) | 2014-10-11 | 2014-10-11 | A kind of Internet streaming sorting technique of software and hardware combining |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410534323.9A CN104348729B (en) | 2014-10-11 | 2014-10-11 | A kind of Internet streaming sorting technique of software and hardware combining |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104348729A CN104348729A (en) | 2015-02-11 |
| CN104348729B true CN104348729B (en) | 2018-08-21 |
Family
ID=52503571
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410534323.9A Active CN104348729B (en) | 2014-10-11 | 2014-10-11 | A kind of Internet streaming sorting technique of software and hardware combining |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104348729B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106686630B (en) * | 2016-12-30 | 2020-04-10 | 南京理工大学 | Mobile cellular network flow identification method based on network delay characteristics |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1688140A (en) * | 2005-06-03 | 2005-10-26 | 清华大学 | High-speed multi-dimension message classifying algorithm design and realizing based on network processor |
| CN102394827A (en) * | 2011-11-09 | 2012-03-28 | 浙江万里学院 | Hierarchical classification method for internet flow |
| CN103226551A (en) * | 2012-01-31 | 2013-07-31 | 中国科学技术大学 | Matching method and device based on TCAM (ternary content addressable memory) for NFA (non-deterministic finite automaton) |
| CN103746869A (en) * | 2013-12-24 | 2014-04-23 | 武汉烽火网络有限责任公司 | Data/mask and regular expression combined multistage deep packet detection method |
-
2014
- 2014-10-11 CN CN201410534323.9A patent/CN104348729B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1688140A (en) * | 2005-06-03 | 2005-10-26 | 清华大学 | High-speed multi-dimension message classifying algorithm design and realizing based on network processor |
| CN102394827A (en) * | 2011-11-09 | 2012-03-28 | 浙江万里学院 | Hierarchical classification method for internet flow |
| CN103226551A (en) * | 2012-01-31 | 2013-07-31 | 中国科学技术大学 | Matching method and device based on TCAM (ternary content addressable memory) for NFA (non-deterministic finite automaton) |
| CN103746869A (en) * | 2013-12-24 | 2014-04-23 | 武汉烽火网络有限责任公司 | Data/mask and regular expression combined multistage deep packet detection method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104348729A (en) | 2015-02-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9269411B2 (en) | Organizing data in a hybrid memory for search operations | |
| Kogan et al. | SAX-PAC (scalable and expressive packet classification) | |
| CN104580027B (en) | A kind of OpenFlow message forwarding methods and equipment | |
| Priya et al. | Hierarchical packet classification using a Bloom filter and rule-priority tries | |
| Lim et al. | Boundary cutting for packet classification | |
| CN102316040B (en) | The method and data stream classification device of a kind of access control list finding | |
| CN104579941A (en) | Message classification method in OpenFlow switch | |
| CN108710629B (en) | Top-k query method and system based on named data network | |
| CN110858823B (en) | Data packet classification method and device and computer readable storage medium | |
| WO2016201930A1 (en) | Traffic classification method and device, and storage medium | |
| CN1545254A (en) | A method of fast data packet filtering | |
| Meiners et al. | Hardware based packet classification for high speed internet routers | |
| CN103248573A (en) | Centralization management switch for OpenFlow and data processing method of centralization management switch | |
| Yang et al. | Fast OpenFlow table lookup with fast update | |
| CN103746919A (en) | Method for quickly classifying network packets through combining multi-way decision tree and Hash tables | |
| Pao et al. | A multi-pipeline architecture for high-speed packet classification | |
| CN106487769B (en) | Method and device for realizing Access Control List (ACL) | |
| Li et al. | An improved trie-based name lookup scheme for named data networking | |
| CN109754021B (en) | Online packet classification method based on range tuple search | |
| Lim et al. | Two-dimensional packet classification algorithm using a quad-tree | |
| CN104348729B (en) | A kind of Internet streaming sorting technique of software and hardware combining | |
| Kekely et al. | Packet classification with limited memory resources | |
| CN111950000A (en) | Access access control method and device | |
| Shen et al. | RVH: Range-vector hash for fast online packet classification | |
| KR20130093707A (en) | Packet classification apparatus and method for classfying packet thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |