CN104579805A - A novel network traffic identifying method - Google Patents
A novel network traffic identifying method Download PDFInfo
- Publication number
- CN104579805A CN104579805A CN201310472720.3A CN201310472720A CN104579805A CN 104579805 A CN104579805 A CN 104579805A CN 201310472720 A CN201310472720 A CN 201310472720A CN 104579805 A CN104579805 A CN 104579805A
- Authority
- CN
- China
- Prior art keywords
- session
- source
- address
- source port
- protocol
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The present invention is adapted to the technical field of networks, and provides a method for identifying and QOS a data stream in the network. The specific technical solution is: defining three elements, i.e., a protocol (tcp/udp), a source IP address, and a source port, as one session, adding a specific hash algorithm, and establishing a link for the session in an internal storage; and after identifying a certain message therein, tabbing the entire session, and subsequent messages matching with the tab. Such solution is adapted to a situation of multiple P2P links. When a conventional DPI is at P2P, the same P2P source port may be connected to a plurality of target IP addresses and ports at the same time. A conventional approach is to identify the protocol (tcp/udp), the source IP address, the source port, the target IP address, the target port as an link, while in the present invention, as long as the source IP, the source port, a basic protocol are the same, they are identified as one session, which greatly reduces items of the linking number and the problem of repeated identifications of the application protocol.
Description
Technical field
The present invention is suitable for network technology and the communications field, provide a kind of data flow in network is identified fast and QOS mark method.
Background technology
At present, known flow protocol recognition technology mainly DPI (DeepPacketInspection, deep-packet detection) and DFI (Deep/DynamicFlow Inspection, the degree of depth/dynamic flow detects) these two kinds of technology, DPI is by mating the keyword in the keyword in message and system protocol storehouse thus identify application protocol, agreement in general employing IP agreement, ip address, source, source port, object ip address, this 5 element of destination interface is as a session, when in session stream, any one up-downgoing message regards as application-specific agreement, then can assert that whole session is for this agreement, the session define method of 5 elements can cause linking number entry huge, agreement repeats the problem of the inefficiencies such as identification.
Summary of the invention
In order to overcome the inefficient deficiency of DPI, the invention provides and usually define a session by agreement, source IP address, source port ternary, can to solve in DPI session entry too much, agreement repeats the problems such as identification, reaches the object of Traffic identification and optimization.
Concrete technical scheme is: basic condition element being defined as a session, add certain hash algorithm, for this session sets up a connection in internal memory, when after identification wherein certain message, a mark is stamped to whole session, follow-up message mates this and marks, this kind of scheme is applicable to P2P when connecting more, traditional DPI is when P2P, same P2P source port may connect a lot of object IP addresses simultaneously, traditional way is that each different five elements combination is identified as a connection, as long as the present invention is then source IP, source port, basic agreement element, then be identified as a session, greatly reduce linking number and the problem repeating to identify.
The invention has the beneficial effects as follows: due to the minimizing of linking number, cause inquiry, distribute uniform velocity and significantly promote, the DPI that efficiency is more traditional has obvious lifting, and avoids the protocol identification of repetition.
Accompanying drawing explanation
Accompanying drawing 1 is the linking number curve chart under the traditional DPI pattern recognition of employing
Accompanying drawing 2 is the linking number curve chart under the pattern recognition of employing element, and under element pattern, linking number decreases about 2/3, and under this kind of pattern, efficiency significantly promotes.
Embodiment
Embodiment is by this algorithm of programming realization on flow-control equipment, generally realizes at kernel state, to obtain higher efficiency.
Claims (4)
1. one kind using agreement (tcp/udp), source IP address, source port element as the QOS method of a session, it is characterized in that: usually carry out HASH distribution by ternary, instead of traditional five elements, the method is applicable to ipv4/ipv6 network.
2. the QOS method in right 1, it is characterized in that: HASH algorithm preserves the record of session in internal memory, coordinate protocol identification time, identical source IP address and source port can be identified as identical SESSION within the close time period, though its object IP and destination interface inconsistent.
3. the QOS method in right 1, it is characterized in that, session has the time-to-live in internal memory, and pass through without movable message when exceeding this session of special time, then this session is by Automatic clearance.
4. the QOS method in right 1, is characterized in that, when showing IP address linking number entry, only showing source IP, agreement, source port, and not showing object IP address and destination interface.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310472720.3A CN104579805A (en) | 2013-10-12 | 2013-10-12 | A novel network traffic identifying method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310472720.3A CN104579805A (en) | 2013-10-12 | 2013-10-12 | A novel network traffic identifying method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN104579805A true CN104579805A (en) | 2015-04-29 |
Family
ID=53095070
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310472720.3A Pending CN104579805A (en) | 2013-10-12 | 2013-10-12 | A novel network traffic identifying method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104579805A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105591836A (en) * | 2015-09-09 | 2016-05-18 | 杭州华三通信技术有限公司 | Data flow detection method and device |
CN108123843A (en) * | 2016-11-28 | 2018-06-05 | 中国移动通信有限公司研究院 | Flow rate testing methods, detection data processing method and processing device |
CN109525587A (en) * | 2018-11-30 | 2019-03-26 | 新华三信息安全技术有限公司 | A kind of recognition methods of data packet and device |
CN110868358A (en) * | 2019-10-16 | 2020-03-06 | 武汉绿色网络信息服务有限责任公司 | Data packet processing method and device based on application identification self-learning |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101127690A (en) * | 2006-08-17 | 2008-02-20 | 王玉鹏 | Identification method for next generation of network service traffic |
CN101202652A (en) * | 2006-12-15 | 2008-06-18 | 北京大学 | Device for classifying and recognizing network application flow quantity and method thereof |
CN101656677A (en) * | 2009-09-18 | 2010-02-24 | 杭州迪普科技有限公司 | Message diversion processing method and device |
CN102780591A (en) * | 2011-05-12 | 2012-11-14 | 弗兰克公司 | Method and apparatus for distinguishing and sampling bi-directional network traffic at a conversation level |
CN103152340A (en) * | 2013-02-28 | 2013-06-12 | 汉柏科技有限公司 | Resource access-crossing protocol identification method |
CN103312565A (en) * | 2013-06-28 | 2013-09-18 | 南京邮电大学 | Independent learning based peer-to-peer (P2P) network flow identification method |
-
2013
- 2013-10-12 CN CN201310472720.3A patent/CN104579805A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101127690A (en) * | 2006-08-17 | 2008-02-20 | 王玉鹏 | Identification method for next generation of network service traffic |
CN101202652A (en) * | 2006-12-15 | 2008-06-18 | 北京大学 | Device for classifying and recognizing network application flow quantity and method thereof |
CN101656677A (en) * | 2009-09-18 | 2010-02-24 | 杭州迪普科技有限公司 | Message diversion processing method and device |
CN102780591A (en) * | 2011-05-12 | 2012-11-14 | 弗兰克公司 | Method and apparatus for distinguishing and sampling bi-directional network traffic at a conversation level |
CN103152340A (en) * | 2013-02-28 | 2013-06-12 | 汉柏科技有限公司 | Resource access-crossing protocol identification method |
CN103312565A (en) * | 2013-06-28 | 2013-09-18 | 南京邮电大学 | Independent learning based peer-to-peer (P2P) network flow identification method |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105591836A (en) * | 2015-09-09 | 2016-05-18 | 杭州华三通信技术有限公司 | Data flow detection method and device |
CN105591836B (en) * | 2015-09-09 | 2019-03-15 | 新华三技术有限公司 | Data-flow detection method and apparatus |
CN108123843A (en) * | 2016-11-28 | 2018-06-05 | 中国移动通信有限公司研究院 | Flow rate testing methods, detection data processing method and processing device |
CN109525587A (en) * | 2018-11-30 | 2019-03-26 | 新华三信息安全技术有限公司 | A kind of recognition methods of data packet and device |
CN110868358A (en) * | 2019-10-16 | 2020-03-06 | 武汉绿色网络信息服务有限责任公司 | Data packet processing method and device based on application identification self-learning |
CN110868358B (en) * | 2019-10-16 | 2022-11-08 | 武汉绿色网络信息服务有限责任公司 | Data packet processing method and device based on application identification self-learning |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102970227B (en) | The method and apparatus of VXLAN message repeating is realized in ASIC | |
JP2017123674A5 (en) | ||
WO2010054471A8 (en) | Method and apparatus for network port and network address translation | |
CN104579805A (en) | A novel network traffic identifying method | |
WO2014209901A3 (en) | Efficient communication for devices of a home network | |
MX2019007517A (en) | Wireless terminals, nodes of wireless communication networks, and methods of operating the same. | |
EP3624429A3 (en) | Reducing arp/nd flooding in cloud environment | |
FI20085193A0 (en) | Repeater node connection management | |
MX367548B (en) | Multicast group reuse in cellular network multicast transport. | |
CN103944867A (en) | Dynamic host configuration protocol (DHCP) message processing method, device and system | |
CN105490957A (en) | Load sharing method and device | |
CN103825760A (en) | Method and device for setting up neighborhood on basis of OSPF protocol | |
CN102307250A (en) | Method and device for searching IP (Internet Protocol) address | |
MX2016001926A (en) | Method and apparatus for accessing network. | |
CN102291305B (en) | Method and device for implementing 6 to 4 relay routing, and message forwarding method | |
CN104394082A (en) | Neighbor discovery and link status detecting method applicable to broadcast link | |
CN103414798A (en) | Communication method, device and system based on network address translation | |
CN204859201U (en) | Many gateways technical pattern of smart home systems sets up | |
CN107172573B (en) | zigbee terminal communication data processing method | |
CN105306619A (en) | Management method of AC for multiple AP in NAT | |
CN102404193A (en) | Method and edge device capable of generating forward list item, forwarding message and obtaining address | |
US10721213B1 (en) | IP source obfuscation | |
CN106506468A (en) | A kind of method that minimizing ACE entries are consumed | |
CN104348731A (en) | Community virtual network connection establishing method and network communication system | |
MY158580A (en) | Method of communicating data to multiple sensor networks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
EXSB | Decision made by sipo to initiate substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20150429 |