CN104618140A - ACL (access control list) table insertion sequencing method - Google Patents
ACL (access control list) table insertion sequencing method Download PDFInfo
- Publication number
- CN104618140A CN104618140A CN201410848497.2A CN201410848497A CN104618140A CN 104618140 A CN104618140 A CN 104618140A CN 201410848497 A CN201410848497 A CN 201410848497A CN 104618140 A CN104618140 A CN 104618140A
- Authority
- CN
- China
- Prior art keywords
- list item
- acl
- protocol number
- address
- range
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses an ACL (access control list) table insertion sequencing method. The ACL table insertion sorting method comprises the following steps: comparing protocol number range of every table, sequence every table according to size of the protocol number range, and give priority to sequence the table with small protocol number range. If the protocol number of the table is the same, comparing the original IP (internet protocol) address range in the table, and give priority to sequence the table with small original IP address range. The ACL table insertion sorting method can automatically sequence every table; configuration staff needs not to plan the order of every table in ACL in advance; when a new table is added, the ACL table insertion sorting method can automatically sequence according to the protocol number range in the table and the property of the other parameters and then insert to the ACL table.
Description
Technical field
The present invention relates to a kind of insertion sort method of switch A CL list item.
Background technology
ACL (Access Control List, Access Control List (ACL)) realizes the function of packet filtering to the matched rule of message and process operation by configuration.When the port accepts of switch device is after message, analyze according to the field of the acl rule that present port is applied to message, after identifying specific message, allow according to the strategy preset or forbid that this message passes through.
ACL is classified to packet by a series of matching condition, and often the list item organized in ACL is strictly orderly, and in existing ACL table, the sort method of each list item comprises following two kinds:
The first is the order that configuration personnel advance planning well often organizes list item in ACL, this kind of technology is higher to configuration personnel requirement, when needs during a newly-increased list item, need to delete other entries after this list item newly-increased in this group ACL, add again and go back, bother so very much and easily make mistakes.
The second is also the order needing configuration personnel advance planning well often to organize each list item in ACL, but gives the discontinuous numbering of every bar list item, and when the newly-increased list item of needs, that gives newly-increased list item to be numbered before and after it between two ACE, saves the trouble of deletion.Such as Article 1 list item is numbered 5, and Article 2 list item is numbered 10, by that analogy, when needs insert a list item between Article 1 and Article 2 list item, can be numbered the numeral between 5 to 10.The shortcoming of this kind of method is higher to the requirement of configuration personnel equally, and configure dumb, the entry number as inserted between two list items is too much, can cause numbering not enough situation.
Summary of the invention
The technical problem that the present invention need solve is to provide the trouble of a kind of province configure personnel, and there will not be the ACL list item insertion sort method of sequence error.
In order to solve the above problems, the present invention devises a kind of ACL list item insertion sort method, and it comprises the following steps:
Protocol number scope in more each list item, according to each list item of the arrangement of the size of protocol number scope, the list item priority ordering that protocol number scope is little.
Improve further as the present invention, if the protocol number of list item is identical, then compare the source IP address scope in list item, the list item priority ordering that source IP address scope is little.
Improve further as the present invention, if protocol number, source IP address are identical, then compare object IP address range in list item, the list item priority ordering that object IP address range is little.
Improve further as the present invention, if protocol number, source IP address, object IP address are identical, then compare four layers of range of port number in list item, the list item priority ordering that four layers of range of port number is little.
Improve further as the present invention, if protocol number, source IP address, object IP address, four layers of port numbers are identical, then compare the number of parameter in list item, the list item priority ordering that number of parameters is many.
The present invention is according to the feature auto-sequencing of each list item self, and configuration personnel are without the order of each list item in the good ACL of advance planning, and during newly-increased list item, the present invention is inserted in ACL table according to the characteristic auto-sequencing of the protocol number scope in list item and other parameters again.
Embodiment
Technical scheme of the present invention is understood better in order to make relevant technical staff in the field, below in conjunction with execution mode, technical scheme in embodiment of the present invention is clearly and completely described, obviously, described execution mode is only the present invention's part execution mode, instead of whole execution modes.
The invention provides a kind of ACL list item insertion sort method, do not need configuration personnel advance planning order well, but carry out auto-sequencing according to the parameter area of each list item self, in ACL table during a newly-increased list item, this list item finds suitable position to be inserted in ACL table according to the parameter area of self.
ACL list item insertion sort method of the present invention, the protocol number scope in first more each list item, according to each list item of the arrangement of the size of protocol number scope, the list item priority ordering that protocol number scope is little, according to this sequence, each list item inserts in ACL table.
During when the protocol number scope of appearance two list items or plural list item is identical, compare the source IP address scope in these list items, the list item priority ordering that source IP address scope is little.
There are two or more list items that protocol number is identical with source IP address, then compare object IP address range in these list items, the list item priority ordering that object IP address range is little.
There are two or more list items that protocol number, source IP address, object IP address are identical, then compare four layers of range of port number in these list items, the list item priority ordering that four layers of range of port number is little.
There are protocol number, source IP address, object IP address, two or more list items that four layers of port numbers is identical, then compare the number of parameter in these list items, the list item priority ordering that number of parameters is many.
The present invention realize each list item according to the attribute of self auto-sequencing, do not need the order of each list item in the good ACL of configuration personnel advance planning.During newly-increased list item, the present invention, according to the characteristic auto-sequencing of the protocol number scope in list item and other parameters, inserts suitable position.
Below only have expressed one embodiment of the present invention, it describes comparatively concrete and detailed, but therefore can not be interpreted as the restriction to the scope of the claims of the present invention.It should be pointed out that for the person of ordinary skill of the art, without departing from the inventive concept of the premise, can also make some distortion and improvement, these all belong to protection scope of the present invention.Therefore, the protection range of patent of the present invention should be as the criterion with claims.
Claims (5)
1. an ACL list item insertion sort method, is characterized in that, comprise the following steps:
Protocol number scope in more each list item, according to each list item of the arrangement of the size of protocol number scope, the list item priority ordering that protocol number scope is little.
2. ACL list item insertion sort method according to claim 1, is characterized in that, if the protocol number of list item is identical, then compares the source IP address scope in list item, the list item priority ordering that source IP address scope is little.
3. ACL list item insertion sort method according to claim 2, is characterized in that, if protocol number, source IP address are identical, then compares object IP address range in list item, the list item priority ordering that object IP address range is little.
4. ACL list item insertion sort method according to claim 3, is characterized in that, if protocol number, source IP address, object IP address are identical, then compares four layers of range of port number in list item, the list item priority ordering that four layers of range of port number is little.
5. ACL list item insertion sort method according to claim 4, is characterized in that, if protocol number, source IP address, object IP address, four layers of port numbers are identical, then compares the number of parameter in list item, the list item priority ordering that number of parameters is many.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410848497.2A CN104618140A (en) | 2014-12-26 | 2014-12-26 | ACL (access control list) table insertion sequencing method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410848497.2A CN104618140A (en) | 2014-12-26 | 2014-12-26 | ACL (access control list) table insertion sequencing method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104618140A true CN104618140A (en) | 2015-05-13 |
Family
ID=53152431
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410848497.2A Pending CN104618140A (en) | 2014-12-26 | 2014-12-26 | ACL (access control list) table insertion sequencing method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104618140A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108667644A (en) * | 2017-03-31 | 2018-10-16 | 华为数字技术(苏州)有限公司 | Configure the method and forwarding unit of ACL business |
| CN112311800A (en) * | 2020-11-02 | 2021-02-02 | 杭州安恒信息技术股份有限公司 | Method, system, equipment and readable storage medium for area access control |
| WO2021115160A1 (en) * | 2019-12-09 | 2021-06-17 | 中兴通讯股份有限公司 | Acl rule management method and apparatus, computer device, and computer readable medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1414757A (en) * | 2002-05-08 | 2003-04-30 | 华为技术有限公司 | Method of automatic sequential arranging access control list rule and its application |
| CN1725736A (en) * | 2005-06-30 | 2006-01-25 | 杭州华为三康技术有限公司 | Method for configuring access control list and its application |
-
2014
- 2014-12-26 CN CN201410848497.2A patent/CN104618140A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1414757A (en) * | 2002-05-08 | 2003-04-30 | 华为技术有限公司 | Method of automatic sequential arranging access control list rule and its application |
| CN1725736A (en) * | 2005-06-30 | 2006-01-25 | 杭州华为三康技术有限公司 | Method for configuring access control list and its application |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108667644A (en) * | 2017-03-31 | 2018-10-16 | 华为数字技术(苏州)有限公司 | Configure the method and forwarding unit of ACL business |
| WO2021115160A1 (en) * | 2019-12-09 | 2021-06-17 | 中兴通讯股份有限公司 | Acl rule management method and apparatus, computer device, and computer readable medium |
| CN113037681A (en) * | 2019-12-09 | 2021-06-25 | 中兴通讯股份有限公司 | ACL rule management method, device, computer equipment and computer readable medium |
| CN113037681B (en) * | 2019-12-09 | 2023-09-05 | 中兴通讯股份有限公司 | ACL rule management method, ACL rule management device, computer equipment and computer readable medium |
| CN112311800A (en) * | 2020-11-02 | 2021-02-02 | 杭州安恒信息技术股份有限公司 | Method, system, equipment and readable storage medium for area access control |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA2532189A1 (en) | Method and apparatus for providing network security using role-based access control | |
| US10411951B2 (en) | Network policy conflict detection and resolution | |
| CN104618140A (en) | ACL (access control list) table insertion sequencing method | |
| US9485659B2 (en) | Method and apparatus for monitoring network device | |
| CN105338003B (en) | A kind of method of realizing fireproof wall applied to software defined network | |
| CN104580027A (en) | OpenFlow message forwarding method and equipment | |
| CN103973673B (en) | The method and apparatus for dividing virtual firewall | |
| CN106789157A (en) | The hardware resource management method of pile system and stacked switch | |
| US20150242625A1 (en) | Pre-Delegation of Defined User Roles for Guiding User in Incident Response | |
| JP2010286891A5 (en) | ||
| CN104852909A (en) | Attack detection rule opening method, and equipment | |
| CN103780630B (en) | Virtual LAN port separation method and system | |
| CN108683617A (en) | Message diversion method, device and shunting interchanger | |
| CN106487683A (en) | A kind of processing method and processing device of message | |
| CN107733774A (en) | The correlating method and device of account | |
| CN106372977A (en) | Method and device for processing virtual account | |
| CN105530326B (en) | Method and device for detecting three-layer interface IP address conflict | |
| US20170187622A1 (en) | Data forwarding method and apparatus, and access device | |
| CN104378300A (en) | Processing method for achieving Vxlan two-layer forwarding table in chip | |
| US10795852B2 (en) | Data center management system and method | |
| CN105512001A (en) | Monitoring template realizing method for operation and maintenance management system | |
| CN104243487A (en) | Rule matching method and rule matching device of security gateway | |
| WO2010010436A8 (en) | Process for representing and handling multigraphs based on the use of bitmaps | |
| CN104023031B (en) | A kind of certification ONU method and system | |
| CN104079588B (en) | Installation method and network device for filtration table entry |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| EXSB | Decision made by sipo to initiate substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150513 |