CN104486102B - A kind of multifunctional network equipment and flow processing method - Google Patents
A kind of multifunctional network equipment and flow processing method Download PDFInfo
- Publication number
- CN104486102B CN104486102B CN201410719040.1A CN201410719040A CN104486102B CN 104486102 B CN104486102 B CN 104486102B CN 201410719040 A CN201410719040 A CN 201410719040A CN 104486102 B CN104486102 B CN 104486102B
- Authority
- CN
- China
- Prior art keywords
- flow
- module
- hardware
- business processing
- functional module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of multifunctional network equipment and flow processing method.The equipment includes main control module, relay module and more than one functional module, and each functional module is obtained by more than one hardware virtualization with identical function;Main control module is used to receiving and storing the flow path configuration information of flow, according to the configuration information create-rule table and is issued to each functional module;The functional module is used to recognize the feature of flow, determines the need for carrying out the flow business processing according to the feature and the rule list and is to issue flow will also be intended for outgoing interface to the objective function module that the flow carries out business processing;The relay module is used to be currently located the hardware ID of functional module and the hardware ID of the objective function module according to the flow, carries out message encapsulation to the flow, the flow is issued into the objective function module using the message of encapsulation.It can simplify configuration process, reduction maintenance cost using the present invention.
Description
Technical field
The present invention relates to technical field of the computer network, more particularly to a kind of multifunctional network equipment and flow processing side
Method.
Background technology
In current network, the network equipment of difference in functionality is there is, such as fire wall (Firewall, FW), invasion are anti-
Imperial system (Intrusion Prevention System, IPS), Application control gateway (Application Control
Gateway, ACG) etc..Sometimes, needed in network while the network equipment of a variety of difference in functionalitys is used, to realize to many of flow
Function treatment.Now, the network equipment of each difference in functionality is typically subjected to series connection networking so that network includes each different work(
The network equipment of energy.
Prior art by the network equipment of each difference in functionality by carrying out multi-functional place of the series connection networking realization to flow
Reason, there is following defect in it:
Go out to carry out networking to the network equipment of each difference in functionality, it is necessary to which data are separately configured to each network equipment
Enter path, configuration is excessively complicated, once moreover, flow path changes, it is necessary to all be reconfigured to related network device
Data discrepancy path, flow path configuration underaction, maintenance cost is too high.
The content of the invention
In view of this, the present invention proposes a kind of multifunctional network equipment and flow processing method, can simplify and configure
Journey, reduction maintenance cost.
Technical scheme proposed by the present invention is:
A kind of multifunctional network equipment, the equipment includes main control module, relay (Relay) module and more than one function
Module, each functional module is obtained by more than one hardware virtualization with identical function;
The main control module, the flow path configuration information for receiving and storing flow is given birth to according to the configuration information
Into rule list, the rule list includes the corresponding relation of traffic characteristic and flow path, and the rule list is issued into each work(
Can module;
The functional module, the feature for recognizing flow is determined the need for according to the feature and the rule list
Business processing is carried out to the flow, if it is not needed, it is to issue flow to carry out business processing to the flow to judge
Objective function module be also intended for outgoing interface, if it is desired, business processing is carried out to the flow, after the completion of business processing,
Judgement is to issue flow will also be intended for outgoing interface to the objective function module that the flow carries out business processing;
The relay module, for the hardware ID of functional module being currently located according to the flow and the objective function
The hardware ID of module, carries out message encapsulation to the flow, the flow is issued into the objective function using the message of encapsulation
Module.
A kind of flow processing method, this method includes:
Functional module recognizes the feature of flow, and the rule list determination sent according to the feature and the main control module received is
It is no to need to carry out business processing to the flow, if it is not needed, it is to issue flow to enter industry to the flow to judge
The objective function module of business processing is also intended for outgoing interface, if it is desired, carry out business processing to the flow, and business processing is complete
Cheng Hou, judgement is to issue flow will also be intended for outgoing interface to the objective function module that the flow carries out business processing;
Wherein, functional module calls relay module to be currently located the hardware ID and the mesh of functional module according to the flow
The hardware ID of functional module is marked, message encapsulation is carried out to the flow, the flow is issued into the mesh using the message of encapsulation
Mark functional module;
The rule list is generated according to the flow path configuration information of flow, and the rule list includes traffic characteristic and stream
The corresponding relation in path is measured, the functional module is obtained by more than one hardware virtualization with identical function.
As seen from the above technical solution, in the embodiment of the present invention, by more than one hardware virtualization with identical function
For One function module, when there is the hardware of multiple difference in functionalitys, multiple functional modules, the embodiment of the present invention will be virtually obtained
Multifunctional network equipment also include main control module and relay module, pass through the mutual cooperation of above-mentioned module so that need not pair
Each hardware carries out networking, i.e., data discrepancy path each hardware need not be separately configured, it is possible to realize to many of flow
Function treatment.Specifically:
Main control module receives and stores the flow path configuration information of flow, according to the configuration information create-rule table,
The rule list includes the corresponding relation of traffic characteristic and flow path, and the rule list is issued into each functional module.
Each functional module is received after rule list, can be according to pair of traffic characteristic and flow path in the rule list
It should be related to, determine itself whether need to carry out the flow of reception the outlet of business processing and flow in the functional module
Information, specifically, functional module recognize the feature of flow, are determined the need for according to the feature and the rule list to described
Flow carries out business processing, if necessary to carry out business processing, then the hardware based on its virtualization carries out corresponding business processing,
Then the functional module is exported, if business processing need not be carried out, the functional module is directly exported, wherein, due to rule
The flow path of flow is specified in table, i.e., which functional module the flow at least specified for certain feature has need to it
Handled, therefore, it is that flow is issued into other functional modules to carry out further business processing that functional module, which is capable of determining that,
Still outgoing interface is directly issued.
Relay module is then specifically responsible for the drainage between each functional module, and functional module is by calling relay module to flow
Amount issues other functional modules, specifically, and relay module is currently located the hardware ID of functional module and described according to the flow
The hardware ID of objective function module, message encapsulation is carried out to the flow, and the flow is issued into described using the message of encapsulation
Objective function module.Due to carrying the mark ID of source hardware in the message after encapsulation and the flow will be handled
The ID of hardware, i.e. target hardware, therefore, it can according to the hardware id information carried in message, realization is drawn between each hardware
Stream, wherein, each hardware can identify this according to the ID of the hardware that will be handled the flow carried in message
Whether flow belongs to itself, and then the flow is further processed.
It can be seen that, pass through the mutual cooperation of modules in multifunctional network equipment, it is not necessary to which networking is carried out to each hardware,
Data discrepancy path each hardware need not be separately configured, it is possible to the multi-functional processing to flow is realized, compared to existing
Have in technology and the data discrepancy path of hardware itself is configured directly on each hardware, the embodiment of the present invention, which is simplified, matches somebody with somebody
Put process, reduce maintenance cost.
Brief description of the drawings
Fig. 1 is multifunctional network device structure schematic diagram provided in an embodiment of the present invention.
Fig. 2 is the flow path schematic diagram that multifunctional network equipment provided in an embodiment of the present invention handles flow.
Fig. 3 is the another flow path schematic diagram that multifunctional network equipment provided in an embodiment of the present invention handles flow.
Fig. 4 is the hardware configuration connection diagram of multifunctional network equipment provided in an embodiment of the present invention.
Fig. 5 is flow processing method flow chart provided in an embodiment of the present invention.
Embodiment
A kind of multi-functional network equipment is currently, there are, it is a kind of network equipment of many plug-in cards, such as, in interchanger
Containing functional cards such as FW, IPS, ACG in machine frame, but each functional cards is only powered by same machine frame, data
Import and export are directly connected by I/O plates, in actual applications, it is desired nonetheless to carry out networking to each board, for example, passing through two layers of friendship
The mode changed is directly connected to the mode of netting twine and carries out networking, and data are separately configured to each board and come in and go out path, flow
Initial data according to the data come in and go out path flowed between each board, therefore, its substantially with described in background technology
Scheme be consistent, there is also configuration is excessively complicated, the problem of maintenance cost is too high.
Moreover, in the network equipment of above-mentioned many plug-in cards, the business processing between the board of each difference in functionality is separate,
Mutual result can not realize multiplexing, can usually repeat many fundamental operations, therefore, business processing efficiency also compared with
It is low.
Based on above-mentioned analysis, the embodiments of the invention provide a kind of multifunctional network equipment, Fig. 1 is specifically referred to.
Fig. 1 is multifunctional network device structure schematic diagram provided in an embodiment of the present invention.
As shown in figure 1, the multifunctional network equipment includes main control module 101, relay module 102 and more than one function
Module, each functional module is obtained by more than one hardware virtualization with identical function.In Fig. 1, three functions are shown
Module, is respectively labeled as functional module 103-1, functional module 103-2 and functional module 103-3.
Main control module 101, the flow path configuration information for receiving and storing flow is generated according to the configuration information
Rule list, the rule list includes the corresponding relation of traffic characteristic and flow path, and the rule list is issued into each function
Module.In the network equipment shown in Fig. 1, rule list is handed down to functional module 103-1, functional module 103-2 by main control module 101
With functional module 103-3.
The functional module, the feature for recognizing flow is determined the need for according to the feature and the rule list
Business processing is carried out to the flow, if it is not needed, it is to issue flow to carry out business processing to the flow to judge
Objective function module be also intended for outgoing interface, if it is desired, business processing is carried out to the flow, after the completion of business processing,
Judgement is to issue flow will also be intended for outgoing interface to the objective function module that the flow carries out business processing.
Relay module 102, hardware ID and the objective function mould for being currently located functional module according to the flow
The hardware ID of block, carries out message encapsulation to the flow, the flow is issued into the objective function mould using the message of encapsulation
Block.
It can be seen that, in the embodiment shown in fig. 1, pass through the mutual cooperation of modules in multifunctional network equipment, it is not necessary to
Networking is carried out to each hardware, i.e., data discrepancy path each hardware need not be separately configured, it is possible to realize to flow
Multi-functional processing, is configured compared to direct in the prior art on each hardware to the data discrepancy path of hardware itself,
The embodiment of the present invention simplifies configuration process, reduces maintenance cost.
It is illustrative for a specific example below on the embodiment shown in Fig. 1:
Example one:The functional module of multifunctional network equipment includes FW modules, IPS modules and ACG modules, main control module 101
Indicate that the flow path of the flow with feature A includes FW modules and IPS modules in the flow path configuration information of storage, that is, need
FW processing and IPS processing are carried out to the flow with feature A, then the flow handling process of the multifunctional network equipment includes:
Rule list 1 is issued FW modules, IPS by main control module 101 according to the flow path configuration information create-rule table 1
Module and ACG modules.Main control module 101 can also receive and store drainage configuration file, be given birth to according to the drainage configuration file
Into drainage rule, the drainage rule is issued to I/O plates, I/O plates drain into flow accordingly according to drainage rule
Functional module.
In example one, flow is incorporated into FW modules by I/O plates according to drainage rule, and FW modules receive flow from I/O mouthfuls
1, identify that the flow 1 has feature A, rule searching table 1 determines that needs carry out business processing, therefore, FW to the flow 1
Module carries out business processing based on its hardware virtualized to the flow 1, after being disposed, and calls the 102 pairs of processing of relay module
Flow afterwards carries out message encapsulation, and the flow 1 after processing is exported into FW modules using the message after encapsulation, wherein, in the report
Objective function module information is carried in text, specifically, in example one, the objective function module is IPS modules.
IPS modules receive the flow 1 from FW modules, recognize the feature and rule searching table 1 of the flow 1, determine
Need to carry out business processing to flow 1, therefore, IPS modules carry out business processing based on its hardware virtualized to the flow 1,
After being disposed, the flow after processing is directly exported into outgoing interface.
In one embodiment, each functional module of multifunctional network equipment shown in Fig. 1 can be included into the tactful mould in direction
Block, Service Processing Module and outgoing direction policy module.The difference of each functional module is Service Processing Module, difference in functionality mould
The Service Processing Module of block performs different types of business processing, for example, FW modules perform FW class business processings, IPS modules are held
Row IPS class business processings.The direction policy module that enters of each functional module is issued according to the feature and main control module of flow
Rule list, it is ensured that flow correctly drainage between each functional module.Specifically:
It is described enter direction policy module, the feature for recognizing inbound traffics, according to the feature of inbound traffics and the rule list,
Determine the need for the business processing classification that inbound traffics are carried out with business processing and needs to carry out the flow, i.e., it is specific
Which business processing is done to the flow, when business processing need not be carried out to inbound traffics, it is determined that being that issue flow will
Outgoing interface is also intended for the objective function module that the flow carries out business processing.
Inbound traffics, for needing to carry out business processing to inbound traffics, are performed corresponding industry by the Service Processing Module
Business is handled.
The outgoing direction policy module, for the feature according to inbound traffics and/or the processing knot of the Service Processing Module
Fruit determines the feature of outflow, according to the feature of outflow and the rule list, it is determined that being that issue outflow will be to described
The objective function module that outflow carries out business processing is also intended for outgoing interface.
For example, in above-mentioned example one, it is assumed that IPS modules carry out business processing based on its hardware virtualized to the flow 1
Afterwards, mistakenly call relay module 102 that the flow 1 after processing is drained into ACG modules for some reason, ACG modules are received
To after flow 1, the feature of inbound traffics 1 is recognized by entering direction policy module first, according to the feature of inbound traffics 1 and the rule
Table 1, it is determined whether need to carry out business processing to inbound traffics, by inquiring about the rule list 1, it is described enter direction policy module hair
Need not now business processing be carried out to the flow 1, and flow 1 should be exported directly to outgoing interface, therefore, it is described enter direction plan
Slightly module directly invokes relay module 102, and the flow 1 is exported to outgoing interface.
Wherein, the outgoing direction policy module is except can be in addition to the characteristic matching rule list according to inbound traffics, due to warp
Cross after business processing, further traffic characteristic can also be generally extracted from result, therefore, the outgoing direction plan
Slightly module can also further determine the feature of outflow according to the result of the Service Processing Module, based on outflow
Characteristic matching rule list, it is determined that being to issue flow to carry out the flow objective function module or hair of business processing
To outgoing interface.
On relay module 102 it is specific how encapsulated message, in one embodiment, relay module 102 can be each report
Text encapsulation hardware header field, business information header field and data message domain, wherein:
The hardware header field, for storage source hardware ID and target hardware ID, the source hardware ID includes the flow most
The ID of the nearly hardware once flowed through, the target hardware ID include flow described in lower a pair carry out business processing hardware ID,
The ID for next hardware that i.e. described flow will be flowed through.
The business information header field, for store it is all and/or will to flow carry out business processing function mould
The information of block.
The data message domain, the primary data information (pdi) for storing flow.
For example, in above-mentioned example one, after FW modules are disposed to flow 1, the hard of the flow 1 will be handled in the FW modules
The ID of part board, such as HIG are first-class, are added to hardware header field as source hardware ID, by next functional module, i.e. IPS modules
The ID for handling the hardware board of flow 1 is added to hardware header field as target hardware ID, and the storage mark in business information header field
Know information, have been completed the processing to flow 1 for identifying FW modules, the primary data information (pdi) of flow is then stored in number
According to message domain.
Although applicant noted that each different functional module performs different types of business processing, having perhaps
Many fundamental operations are identicals, for example, being required for extracting five-tuple information etc., in order to avoid repeating fundamental operation, one
In embodiment, can also in the business information header field memory function module to the processing result information of the flow so that
The result multiplexing between each difference in functionality module is realized, business processing efficiency is improved.
Specifically, in embodiments of the present invention, it is described enter direction policy module can recognize inbound traffics whether come from other
Functional module, becomes a mandarin measure feature if it is, being extracted by parsing the business information header field of inbound traffics, otherwise, directly from it is described enter
Traffic characteristic is extracted in flow.Wherein, because the flow from other functional modules from the I/O mouthfuls of flows come up with directly using
Be different agreement, wherein, the flow from other functional modules is obtained by the drainage of relay module 102, therefore,
It is described enter direction policy module can recognize inbound traffics whether come from other functional modules.
From foregoing description, by multifunctional network equipment provided in an embodiment of the present invention, user is only needed in master control
Module configures the flow path configuration information of flow, without to hardware such as each functional cards, configuration data goes out approach one by one
Footpath, therefore, enormously simplify configuration operation, if necessary to change flow path, also only need on main control module modification flow road
Footpath configuration information, reduces maintenance cost, and flow path configuration becomes more flexible.
In the embodiment of the present invention, user can configure diversified flow path according to actual needs, for example, as a kind of
Extreme case, can configure the flow path and only include One function module, such as, in flow path only include FW modules,
Then flow is after FW modules are introduced, and FW modules are to directly exporting to the flow after processing after flow finishing service processing
Outgoing interface.Typically, can configure the flow path includes more than two functional modules.When including more than two functions
During module, the path can have sequencing between flowing through at least two functional modules, can also not have sequencing, specifically
Refer to Fig. 2 and Fig. 3.
Fig. 2 is the flow path schematic diagram that multifunctional network equipment provided in an embodiment of the present invention handles flow.
Referring to Fig. 2, two flow paths, respectively flow path A and flow path B are illustrated therein is, for spy
A flow is levied, according to flow path A processing, for the flow with feature B, according to flow path B processing.Wherein, flow road
Footpath A flows through FW modules and load balancing (Load Balancing, LB) module, flow path B flow through FW modules, IPS modules,
Have in ACG modules and LB modules, also, as shown in the direction of arrow in Fig. 2, flow path A and flow path B between each module
Sequencing, i.e., it is necessary to first carry out FW processing to the flow with feature A in flow path A, then LB processing is carried out, in stream
, it is necessary to first carry out FW processing to the flow with feature B in amount path B, IPS processing is then carried out, ACG processing is carried out afterwards,
Finally carry out LB processing.
Referring to Fig. 2, multifunctional network equipment is handled flow according to flow path A and flow path B
The course of work is illustrated:
First, main control module 101 receives the flow path configuration information of flow, in the configuration information, indicates for tool
There is feature A flow, according to flow path A processing, for the flow with feature B, according to flow path B processing.Wherein, flow
Amount path A flows through FW modules and LB modules, and flow path B flows through FW modules, IPS modules, ACG modules and LB modules, also, such as
Shown in the direction of arrow in Fig. 2, there is sequencing between each module in flow path A and flow path B.
Then, rule list is handed down to each by main control module 101 according to the flow path configuration information create-rule table
Functional module, if these functional modules are carried on physically separated multiple hardware, the rule list is issued to often
On individual hardware, to facilitate functional module matched rule table.
When flow is drained into after FW modules by I/O plates, FW modules recognize the feature of inbound traffics first, and according to becoming a mandarin
The characteristic matching rule list of amount, wherein, if inbound traffics have feature A, inbound traffics are carried out extraction five-tuple, packet filtering,
After the business processings such as access rule checking, call relay module 102 that the flow after processing is drained into LB modules, if inbound traffics
With feature B, then inbound traffics are carried out after business processing, call relay module 102 that the flow after processing is drained into IPS moulds
Block.IPS modules are also the feature for recognizing inbound traffics first, and according to the characteristic matching rule list of inbound traffics, to feature B's
Inbound traffics are carried out after the business processings such as depth detection, call relay module 102 that the flow after processing is drained into ACG modules, ACG
Module is directed to the inbound traffics with feature B, and functional module before depth detection result etc. is extracted from the business information head of message
Service processing result information, then in conjunction with the service processing result information of functional module before, carry out application behavior auditing etc.
After business processing, call relay module 102 that the flow after processing is drained into LB modules.LB modules are to feature A or feature B
Inbound traffics carry out business processing after, by matched rule table, learn needs the flow after processing is exported into outgoing interface, because
This, LB modules need not call relay module 102 but the flow after processing directly is exported into I/O plates.
Fig. 3 is the another flow path schematic diagram that multifunctional network equipment provided in an embodiment of the present invention handles flow.
Referring to Fig. 3, two flow paths, respectively flow path A and flow path B1 are illustrated therein is, for spy
A flow is levied, according to flow path A processing, for the flow with feature B1, according to flow path B1 processing.Wherein, flow
Path A flows through FW modules and LB modules, and flow path B1 flows through FW modules, IPS modules, ACG modules and LB modules, also, such as
Shown in the direction of arrow in Fig. 3, there is sequencing between two modules in flow path A, i.e., it is necessary to right in flow path A
Flow with feature A first carries out FW processing, then carries out LB processing, and in flow path B1, IPS modules and ACG modules it
Between there is no sequencing, i.e. FW processing is first carried out to the flow with feature B1, IPS processing or ACG processing are then carried out again,
After IPS processing and ACG processing are all completed, LB processing is finally carried out.
Referring to Fig. 3, multifunctional network equipment is entered according to the flow path B1 courses of work handled flow
Row explanation:
First, main control module 101 receives the flow path configuration information of flow, in the configuration information, indicates for tool
There is feature A flow, handled according to flow path A (Relay A), for the flow with feature B1, according to flow path B1
(Relay B1) processing.
Then, rule list is handed down to each by main control module 101 according to the flow path configuration information create-rule table
Functional module, if these functional modules are carried on physically separated multiple hardware, the rule list is issued to often
On individual hardware.
Wherein, when according to the flow path configuration information create-rule table, for not having that the flow path is included
There is the functional module of sequencing, the rule list that main control module 101 is generated includes the poly- of the functional module without sequencing
Heal up information, it is one of described functional module without sequencing that next objective function module is identified with aggregation port.
When the hardware ID of objective function module is the aggregation port information of two or more functional module, traversal aggregation port is represented
Each functional module so that each functional module that aggregation port is represented completes processing to flow.Specifically, this two with
On functional module with random or in the way of certain weight determines sequencing which functional module can be determined first to flow
Handled, then the functional module is after flow is disposed, when calling relay 102 encapsulated message of module, update industry
In business information header field it is all and/or the information of functional module that flow will be handled, so as to record the function mould
Block has completed the processing to flow, is continued to carry out business to flow as other functional modules representated by the aggregation port so as to subsequently
Processing.
Such as, multifunctional network equipment for the flow with feature B1 according to flow path B1 when handling, master control mould
In the rule list that block 101 is generated, objective function module mark of the flow with feature B1 after the processing of FW modules finishing service
Knowledge is the aggregation port information of IPS modules and ACG modules.
When flow is drained into after FW modules by I/O plates, FW modules recognize the feature of inbound traffics first, and according to becoming a mandarin
The characteristic matching rule list of amount, wherein, if inbound traffics have feature B1, to inbound traffics carry out business processing after, by
With rule list, it is IPS modules and the aggregation port information of ACG modules to find the hardware ID of objective function module, therefore, is connect calling
When power module 102 exports flow, relay module 102 seals the hardware ID of the aggregation port information as the objective function module
Dress is in messages.
Assuming that having feature B1 flow, the IPS representated by aggregation port derived from FW modules for a certain moment B1-1
Module and ACG modules first carry out business processing by determining at random or by certain weight by IPS modules, then are entered by ACG modules
Row business processing, i.e., according to the Relay B1-1 processing in Fig. 3, then IPS modules are exported to the B1-1 moment from FW modules
With feature B1 flow finishing service processing after, by matched rule table, when calling relay 102 encapsulated message of module,
Still using the aggregation port information of IPS modules and ACG modules as objective function module hardware ID, and in business information header field
It is interior update it is all and/or will to flow carry out business processing functional module information, so as to record the IPS function moulds
Block has completed the business processing to flow, is continued so as to after by ACG modules to flow progress business processing.
Assuming that having feature B1 flow, the IPS representated by aggregation port derived from FW modules for a certain moment B1-2
Module and ACG modules first carry out business processing by determining at random or by certain weight by ACG modules, then are entered by ACG modules
Row business processing, i.e., according to the Relay B1-2 processing in Fig. 3, then ACG modules are exported to the B1-2 moment from FW modules
With feature B1 flow finishing service processing after, by matched rule table, when calling relay 102 encapsulated message of module,
Still using the aggregation port information of IPS modules and ACG modules as objective function module hardware ID, and in business information header field
It is interior update it is all and/or will to flow carry out business processing functional module information, so as to record the ACG function moulds
Block has completed the business processing to flow, is continued so as to after by IPS modules to flow progress business processing.
On which kind of when flow path is configured, is preferably set up at least two function moulds that flow path is included in the case of
There is sequencing between block, be preferably set up in the case of which kind of between at least two functional modules that flow path is included without first
Afterwards sequentially, the embodiment of the present invention is proposed, if a certain functional module, which is first handled, can reduce the processing work of follow-up function module
The a certain module, then be set to be located at before the follow-up function module, if between certain at least two functional module by amount
Processing workload when sequencing changes always does not have significant change, then can set between at least two functional module
There is no sequencing.
According to the business processing feature of each functional module, there is elder generation by reasonably setting between at least two functional modules
Afterwards sequentially, it is possible to reduce the processing workload of the network equipment always, treatment effeciency is improved, by reasonably setting at least two functions
There is no sequencing between module, can be realized between same previous functional modules (each functional module of i.e. no sequencing)
The fully connected topology of flow, so as to load of the equilibrium with previous functional modules, it is to avoid a certain some functional modules of moment
Extremely busy and other functional modules are then relatively idle.
It is below, illustrative to multifunctional network equipment provided in an embodiment of the present invention from hardware view angle,
Specifically refer to Fig. 4.
Fig. 4 is the hardware configuration connection diagram of multifunctional network equipment provided in an embodiment of the present invention.
As shown in figure 4, the multifunctional network equipment includes 4 pieces of boards, every piece of board includes processor, network interface, interior
Deposit and nonvolatile memory, and above-mentioned each hardware is connected by bus, wherein:
Nonvolatile memory, for store instruction code;The operation that the instruction code is completed when being executed by processor
The function that corresponding module predominantly in internal memory is completed.
Processor, for being communicated with nonvolatile memory, reads and performs stored in nonvolatile memory described
Instruction code, completes the function that the corresponding module in above-mentioned internal memory is completed.
In internal memory, the operation completed when the instruction code in nonvolatile memory is performed predominantly internal memory
The function that corresponding module is completed.
Wherein, board 0 is used as master control board card, and the memory modules of board 0 include main control module, will based on virtualization technology
Board 1- boards 3 are used as functional cards, specifically, and functional module 1 and relay module are included in the internal memory of board 1 and board 2,
The internal memory of board 3 includes functional module 2 and relay module.
In another embodiment, functional module and relay module can also be many-to-one relations, that is, set a relay
Module, multiple functional modules all call a relay module.Such as, it is the relay module in board 1, board 2 and board 3 is only
It is vertical to come out, it is placed on another another piece of board physically separated with the board 1, board 2 and board 3;For another example, at one piece
Two functional modules are realized on board, two functional modules call one on same board with two functional modules
Relay module.
For software view, the connection knot of main control module, functional module and relay module in multifunctional network equipment
Structure and the specific detailed description for referring to foregoing embodiments of the action completed.
The embodiment of the present invention additionally provides a kind of flow processing method, specifically refers to Fig. 5.
Fig. 5 is flow processing method flow chart provided in an embodiment of the present invention.
As shown in figure 5, the flow includes:
Step 501, main control module receives and stores the flow path configuration information of flow, is generated according to the configuration information
Rule list, the rule list includes the corresponding relation of traffic characteristic and flow path, and the rule list is issued into each function
Module, the functional module is obtained by more than one hardware virtualization with identical function.
Step 502, functional module recognizes the feature of flow, is determined the need for pair according to the feature and the rule list
The flow carries out business processing and is to issue flow to carry out the flow objective function module of business processing
Also it is intended for outgoing interface.
Wherein, functional module be if it is judged that business processing need not be carried out, then determine whether be by flow issue by
Outgoing interface is also intended for the objective function module that the flow carries out business processing, if it is judged that needing at carry out business
Reason, then to flow progress business processing, after the completion of business processing, then judge to issue flow to enter the flow
The objective function module of row business processing is also intended for outgoing interface.
Step 503, according to the rule list matching result of step 502, flow is directly issued into outgoing interface, or, call and connect
Power module is currently located the hardware ID of functional module and the hardware ID of the objective function module according to the flow, to the stream
Amount carries out message encapsulation, and the flow is issued into the objective function module using the message of encapsulation.
Wherein, the functional module recognizes the feature of inbound traffics, is fitted into according to the feature of inbound traffics and the rule list
Direction strategy, when entering direction strategy matching result for business processing need not be carried out to the inbound traffics, according to inbound traffics
Feature and rule list matching outgoing direction strategy, are to need to carry out business to the inbound traffics when entering direction strategy matching result
During processing, corresponding business processing is performed, the feature of outflow is determined according to the feature and/or service processing result of inbound traffics,
According to the feature of outflow and rule list matching outgoing direction strategy;Wherein, it is to flow that matching outgoing direction strategy, which includes determination,
Amount, which will be issued, to be also intended for outgoing interface to the objective function module that the flow carries out business processing.
Wherein, the progress message encapsulation can include:For each message encapsulation hardware header field, business information header field sum
According to message domain.
The hardware header field, for storage source hardware ID and target hardware ID, the source hardware ID includes the flow most
The ID of the nearly hardware once flowed through, the target hardware ID include the ID for next hardware that the flow will be flowed through.
The business information header field, for store it is all and/or will to flow carry out business processing function mould
The information of block.
The data message domain, the primary data information (pdi) for storing flow.
The business information header field, can be also used for processing result information of the memory function module to the inbound traffics.
Whether the functional module identification inbound traffics come from other functional modules, if it is, by parsing the inbound traffics
Business information header field extract traffic characteristic, otherwise, directly extract traffic characteristic from the inbound traffics.
There can be sequencing between at least two functional modules that the flow path is flowed through.
Can also be without sequencing, when no priority is suitable between at least two functional modules that the flow path is flowed through
During sequence, the rule list includes the aggregation port information of the functional module without sequencing, and the carry out message encapsulation includes:
When objective function module is that two or more does not have the functional module of sequencing, the aggregation port information is regard as the target
Functional module hardware ID encapsulation in messages, update business information header field in it is all and/or will be to flow at
The information of the functional module of reason.
It can be seen that, by the embodiment of the present invention, when carrying out multi-functional processing to flow, due to board is abstracted into logic function
Module, it is more directly perceived for a user, using more convenient;It is additionally, since using relay module between each functional module
Drainage, therefore, is no longer influenced by networking limitation, business configuration is more flexible, and maintenance cost is substantially reduced;Further, when each
When using Relay mode drainages between individual functional module, if further the service processing result of functional module is carried in report
Wen Zhong, it is also possible that the result of upper One function module directly can be multiplexed by next functional module, greatlys save meter
Consumption is calculated, efficiency is improved;Moreover, the continuous integrating of multifunctional network equipment also becomes to be more prone to, if follow-up will increase new
Function, then directly new functional module can be added in relay mechanism.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all essences in the present invention
Any modification, equivalent substitution and improvements done within refreshing and principle etc., should be included within the scope of protection of the invention.
Claims (12)
1. a kind of multifunctional network equipment, it is characterised in that the equipment includes main control module, relay module and more than one work(
Energy module, each functional module is obtained by more than one hardware virtualization with identical function;
The main control module, the flow path configuration information for receiving and storing flow is generated according to the configuration information and advised
Then table, the rule list includes the corresponding relation of traffic characteristic and flow path, the rule list is issued into each function mould
Block;
The functional module, the feature for recognizing flow is determined the need for institute according to the feature and the rule list
State flow and carry out business processing, if it is not needed, it is to issue flow to carry out the flow in the mesh of business processing to judge
Mark functional module is also intended for outgoing interface, if it is desired, the flow is carried out after the completion of business processing, business processing, judged
It is to issue flow will also be intended for outgoing interface to the objective function module that the flow carries out business processing;
The relay module, for the hardware ID of functional module being currently located according to the flow and the objective function module
Hardware ID, to the flow carry out message encapsulation, the flow is issued into the objective function module using the message of encapsulation.
2. equipment according to claim 1, it is characterised in that the functional module is included into direction policy module, business
Processing module and outgoing direction policy module;
It is described enter direction policy module, the feature for recognizing inbound traffics, according to the feature of inbound traffics and the rule list, it is determined that
The business processing classification that inbound traffics are carried out with business processing and needs to carry out the inbound traffics is whether needed, is not being needed
When carrying out business processing to inbound traffics, it is determined that being to issue the inbound traffics to carry out the inbound traffics in the mesh of business processing
Mark functional module is also intended for outgoing interface;
The Service Processing Module, for when needing to carry out business processing to inbound traffics, corresponding business to be performed to inbound traffics
Processing;
The outgoing direction policy module, the result for the feature according to inbound traffics and/or the Service Processing Module is true
The feature of flow is made, according to the feature of outflow and the rule list, it is determined that being that issue the outflow will be to described
The objective function module that outflow carries out business processing is also intended for outgoing interface.
3. equipment according to claim 2, it is characterised in that
The relay module, for encapsulating hardware header field, business information header field and data message domain for each message;
The hardware header field, for storage source hardware ID and target hardware ID, the source hardware ID includes the flow nearest one
The ID of the secondary hardware flowed through, the target hardware ID include the ID for next hardware that the flow will be flowed through;
The business information header field, all the functional module of business processing will be carried out and/or to flow for storing
Information;
The data message domain, the primary data information (pdi) for storing flow.
4. equipment according to claim 3, it is characterised in that
The business information header field, is additionally operable to processing result information of the memory function module to the inbound traffics;
It is described enter direction policy module, for recognizing whether inbound traffics come from other functional modules, if it is, described by parsing
The business information header field of inbound traffics extracts traffic characteristic, otherwise, directly extracts traffic characteristic from the inbound traffics.
5. the equipment according to claim 3 or 4, it is characterised in that at least two function moulds that the flow path is flowed through
There is sequencing between block.
6. the equipment according to claim 3 or 4, it is characterised in that at least two function moulds that the flow path is flowed through
There is no sequencing between block, the rule list includes the aggregation port information of the functional module without sequencing;
The relay module, for when objective function module is that two or more does not have the functional module of sequencing, by described in
Aggregation port information as the objective function module hardware ID encapsulation in messages, update business information header field in it is all
And/or the information of the functional module of business processing will be carried out to flow.
7. a kind of flow processing method, it is characterised in that this method includes:
Functional module recognizes the feature of flow, and need are determined whether according to the rule list that the feature and the main control module received are sent
Business processing is carried out to the flow, if it is not needed, it is to issue flow the flow will be carried out at business to judge
The objective function module of reason is also intended for outgoing interface, if it is desired, business processing is carried out to the flow, and business processing is completed
Afterwards, judgement is to issue flow will also be intended for outgoing interface to the objective function module that the flow carries out business processing;
Wherein, functional module calls the hardware ID and the target for the functional module that relay module is currently located according to the flow
The hardware ID of functional module, carries out message encapsulation to the flow, the flow is issued into the target using the message of encapsulation
Functional module;
The rule list is generated according to the flow path configuration information of flow, and the rule list includes traffic characteristic and flow road
The corresponding relation in footpath, the functional module is obtained by more than one hardware virtualization with identical function.
8. method according to claim 7, it is characterised in that
The functional module recognizes the feature of inbound traffics, and direction strategy is fitted into according to the feature of inbound traffics and the rule list,
When entering direction strategy matching result for business processing need not be carried out to the inbound traffics, according to the feature of inbound traffics and described
Rule list matches outgoing direction strategy, when entering direction strategy matching result to need to carry out business processing to the inbound traffics, holds
The corresponding business processing of row, determines the feature of outflow, according to outflow according to the feature and/or service processing result of inbound traffics
Feature and the rule list matching outgoing direction strategy;
Wherein, matching outgoing direction strategy includes determining to be to issue flow to carry out the flow target work(of business processing
Energy module is also intended for outgoing interface.
9. method according to claim 8, it is characterised in that the carry out message encapsulation includes:
For each message encapsulation hardware header field, business information header field and data message domain;
The hardware header field, for storage source hardware ID and target hardware ID, the source hardware ID includes the flow nearest one
The ID of the secondary hardware flowed through, the target hardware ID include the ID for next hardware that the flow will be flowed through;
The business information header field, all the functional module of business processing will be carried out and/or to flow for storing
Information;
The data message domain, the primary data information (pdi) for storing flow.
10. method according to claim 9, it is characterised in that
The business information header field, is additionally operable to processing result information of the memory function module to the inbound traffics;
Whether the functional module identification inbound traffics come from other functional modules, if it is, the industry by parsing the inbound traffics
Information of being engaged in header field extracts traffic characteristic, otherwise, directly extracts traffic characteristic from the inbound traffics.
11. the method according to claim 9 or 10, it is characterised in that at least two functions that the flow path is flowed through
There is sequencing between module.
12. the method according to claim 9 or 10, it is characterised in that at least two functions that the flow path is flowed through
There is no sequencing between module, the rule list includes the aggregation port information of the functional module without sequencing;
The progress message encapsulation includes:, will when objective function module is that two or more does not have the functional module of sequencing
The aggregation port information is encapsulated in messages as the hardware ID of the objective function module, updates in business information header field and owns
And/or will to flow carry out business processing functional module information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410719040.1A CN104486102B (en) | 2014-12-02 | 2014-12-02 | A kind of multifunctional network equipment and flow processing method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410719040.1A CN104486102B (en) | 2014-12-02 | 2014-12-02 | A kind of multifunctional network equipment and flow processing method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104486102A CN104486102A (en) | 2015-04-01 |
| CN104486102B true CN104486102B (en) | 2017-10-27 |
Family
ID=52760610
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410719040.1A Active CN104486102B (en) | 2014-12-02 | 2014-12-02 | A kind of multifunctional network equipment and flow processing method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104486102B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109347985A (en) * | 2018-12-03 | 2019-02-15 | 群蜂信息技术(上海)有限公司 | A kind of multi-service processing method based on edge calculations, device and Edge Server |
| CN110673995B (en) * | 2019-09-24 | 2023-05-26 | 杭州迪普科技股份有限公司 | Method, device and equipment for testing drainage strategy configuration result |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1964273A (en) * | 2005-11-10 | 2007-05-16 | 华为技术有限公司 | A method to interact service configuration information |
| CN103095488A (en) * | 2012-12-14 | 2013-05-08 | 北京思特奇信息技术股份有限公司 | Condition monitoring system and condition monitoring method for self-service terminal peripheral hardware |
| CN103391211A (en) * | 2012-05-11 | 2013-11-13 | 中兴通讯股份有限公司 | Device and method for executing configuration management automatically according to strategies |
| WO2014153967A1 (en) * | 2013-03-28 | 2014-10-02 | 华为技术有限公司 | Method, apparatus and system for configuring flow table in openflow network |
-
2014
- 2014-12-02 CN CN201410719040.1A patent/CN104486102B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1964273A (en) * | 2005-11-10 | 2007-05-16 | 华为技术有限公司 | A method to interact service configuration information |
| CN103391211A (en) * | 2012-05-11 | 2013-11-13 | 中兴通讯股份有限公司 | Device and method for executing configuration management automatically according to strategies |
| CN103095488A (en) * | 2012-12-14 | 2013-05-08 | 北京思特奇信息技术股份有限公司 | Condition monitoring system and condition monitoring method for self-service terminal peripheral hardware |
| WO2014153967A1 (en) * | 2013-03-28 | 2014-10-02 | 华为技术有限公司 | Method, apparatus and system for configuring flow table in openflow network |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104486102A (en) | 2015-04-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106612225B (en) | Openstack-based agent deployment system and method | |
| CN107851109B (en) | The configuration of software defined network | |
| CN104253767B (en) | A kind of implementation method of virtual burst network and a kind of interchanger | |
| CN110401624A (en) | The detection method and system of source net G system mutual message exception | |
| CN103152197B (en) | Rule set layout processing method, device and cluster data system | |
| CN106341337A (en) | Flow detection and control mechanism capable of realizing application perception under SDN and method | |
| CN103067225B (en) | A kind of test system | |
| CN105049419B (en) | Based on the multifarious mimicry network of isomery switching route system step by step | |
| CN110213121A (en) | Test platform, test method and the test device of virtual communication product | |
| CN106685787A (en) | Power VM virtualized network management method and device based on Open Stack | |
| CN104486102B (en) | A kind of multifunctional network equipment and flow processing method | |
| CN103067218A (en) | High speed network data package content analysis device | |
| CN108347351A (en) | Method, device and system for compatibility of dual Ethernet cards of equipment | |
| CN109995639A (en) | A kind of data transmission method, device, interchanger and storage medium | |
| CN107645472A (en) | A kind of virtual machine traffic detecting system based on OpenFlow | |
| CN108712308A (en) | The method and apparatus that the network equipment is detected in virtual network | |
| CN107040405A (en) | Passive type various dimensions main frame Fingerprint Model construction method and its device under network environment | |
| CN107528715A (en) | The determination method and apparatus of fault type | |
| CN106059881B (en) | A kind of SDN and its flow lead-in and lead-out method | |
| CN107566236A (en) | For obtaining the methods, devices and systems in client's special line teleservice path | |
| CN103795603B (en) | A kind of edge based on many network interface cards virtual bridged implementation method and equipment | |
| CN106790411A (en) | The non-polymeric port cascade system and method for virtual switch and physical switches | |
| CN104052632B (en) | Equipment automatization method of testing and device based on virtual serial port server | |
| CN106878075B (en) | A kind of message processing method and device | |
| CN105357129B (en) | A kind of business sensing system and method based on software defined network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CB03 | Change of inventor or designer information | ||
| CB03 | Change of inventor or designer information |
Inventor after: Gao Jun Inventor after: Fan Lulu Inventor after: Li Mingyu Inventor before: Gao Jun Inventor before: Fan Lu Inventor before: Li Mingyu |
|
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Patentee after: Xinhua three Technology Co., Ltd. Address before: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Patentee before: Huasan Communication Technology Co., Ltd. |