CN104660439A - Method and device for setting aging time of dialogue table item - Google Patents
Method and device for setting aging time of dialogue table item Download PDFInfo
- Publication number
- CN104660439A CN104660439A CN201310603298.0A CN201310603298A CN104660439A CN 104660439 A CN104660439 A CN 104660439A CN 201310603298 A CN201310603298 A CN 201310603298A CN 104660439 A CN104660439 A CN 104660439A
- Authority
- CN
- China
- Prior art keywords
- time
- session
- table entry
- aging
- maximum
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 230000032683 aging Effects 0.000 title claims abstract description 305
- 238000000034 method Methods 0.000 title claims abstract description 31
- 230000004083 survival effect Effects 0.000 claims abstract description 78
- 238000007667 floating Methods 0.000 claims description 13
- 230000000694 effects Effects 0.000 abstract description 3
- 238000004891 communication Methods 0.000 description 4
- 238000012544 monitoring process Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000002349 favourable effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
Landscapes
- Computer And Data Communications (AREA)
- Telephonic Communication Services (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the invention discloses a method and a device for setting the aging time of a dialogue table item and aims to solve the problem that the adaptability is poor when factory aging time is used as actual aging time. The method comprises the following steps: in a preset learning period, learning the maximum survival time of the dialogue table item until the learning period is over; using the maximum survival time learned in the learning period as an aging time reference value, and setting the aging time of the dialogue table item again. According to the embodiment of the invention, a firewall or a router learns the maximum survival time of the dialogue table item, and then, the aging time is set according to the learning result. In different scenes, the learned maximum survival time of the dialogue table item is different, so that the effect of dynamically adjusting the actual aging time according to the scenes can be realized when the aging time is set according to the learned maximum survival time of the dialogue table item, and the adaptability is strong.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a method and an apparatus for setting aging time of a session entry.
Background
A firewall with a session mechanism (e.g., a stateful firewall, an application-layer firewall, a next-generation firewall) or a router using a session mechanism maintains a session table locally, each session entry in the session table has a corresponding aging time, and a session entry that exceeds the aging time without a message hit is aged.
When the firewall or the router leaves the factory, different factory aging times are set for different protocols (different protocols correspond to different session table entries). In order not to affect the service, the factory aging time is set as long as possible.
And the factory aging time is adopted as the actual aging time, so that the adaptability is poorer. For example, in some application scenarios, the aging time is too long, which is not favorable for timely aging of sessions, causing a large number of redundant sessions to exist, and affecting concurrency capability and forwarding performance.
Disclosure of Invention
In view of the above, embodiments of the present invention provide a method and an apparatus for setting an aging time of a session entry, so as to solve the above problem.
In order to achieve the above purpose, the embodiments of the present invention provide the following technical solutions:
according to a first aspect of the embodiments of the present invention, a method for setting an aging time of a session entry is provided, including: learning the maximum survival time of the session table items within a preset learning time period until the learning time period is finished; and resetting the aging time aiming at the conversation table item by taking the maximum survival time learned in the learning time period as an aging time reference value.
With reference to the first aspect, in a first possible implementation manner, the learned maximum lifetime is a maximum lifetime recorded at the end of the learning time period; the session table entry comprises hit time and the maximum time interval of the message hitting the session table entry twice; the learning the maximum lifetime of the session entry comprises: and when the session table entry meets the first aging condition, comparing the maximum time interval recorded by the session table entry with the recorded maximum survival time, and recording the larger value of the maximum time interval and the recorded maximum survival time as the maximum survival time.
With reference to the first aspect, in a second possible implementation manner, the learned maximum lifetime is a maximum lifetime recorded at the end of the learning time period; the session table entry comprises hit time and the maximum time interval of the message hitting the session table entry twice; the learning the maximum lifetime of the session entry comprises: when a refreshing condition is met, refreshing records in the session aging time statistic table entry corresponding to the session table entry according to the records in the session table entry; the records in the session aging time statistic table entry comprise hit time and maximum message time interval; and when the session aging time statistic table entry meets a second aging condition and the corresponding session table entry is aged, comparing the maximum message time interval recorded in the session aging time statistic table entry with the recorded maximum survival time, and recording the larger value of the maximum message time interval and the recorded maximum survival time as the maximum survival time.
With reference to the second possible implementation manner of the first aspect, in a third possible implementation manner, the refresh condition includes a first refresh condition and a second refresh condition; the first refresh condition includes the session entry being created; the second refreshing condition comprises that the session table entry meets a first aging condition, or the session table entry is hit, or the session aging time statistic table entry meets a second aging condition and the session table entry is not aged; the updating the record in the session aging time statistic table entry corresponding to the session table entry includes: refreshing the maximum message time interval when the first refreshing condition is met; and refreshing the hit time and the maximum message time interval in the session aging time statistic table entry when the second refreshing condition is met.
With reference to the third possible implementation manner of the first aspect, in a fourth possible implementation manner, the refreshing the hit time and the maximum packet time interval in the session aging time statistic table entry includes: updating the hit time in the session aging time statistic table entry into the hit time recorded in the session table entry; comparing the maximum time interval recorded in the session table item with the maximum message time interval recorded in the session aging time statistic table item, and recording the larger value of the two as the maximum message time interval; the refreshing the maximum packet time interval includes: calculating the difference between the creation time of the session table item and the hit time in the session aging time statistic table item; and comparing the calculated difference with the recorded maximum message time interval in the session aging time statistic table entry, and recording the larger value of the two as the maximum message time interval.
With reference to the second possible implementation manner or the third possible implementation manner of the first aspect, in a fifth possible implementation manner, the second aging condition includes: the difference value between the current check time and the hit time recorded by the session aging time statistic table entry is greater than the aging time of the session aging time statistic table entry; and the aging time of the session aging time statistic table entry is the factory aging time of the protocol corresponding to the session table entry.
With reference to the first possible implementation manner or the second possible implementation manner of the first aspect, in a sixth possible implementation manner, the first aging condition includes: and the difference value between the current checking time and the hit time of the session table entry is larger than the aging time of the session table entry.
With reference to the sixth possible implementation manner of the first aspect, in a seventh possible implementation manner, the number of the learning time periods is one, or more than one; when the number of the learning time periods is one, the aging time of the session table entry is the factory aging time of the protocol corresponding to the session table entry; when the number of the learning time periods is more than one, in a first learning time period, the aging time of the session table entry is the factory aging time of the protocol corresponding to the session table entry; in the rest of the learning time periods, the aging time of the session table entry is the aging time reset at the end of the last learning time period.
With reference to the first aspect, in an eighth possible implementation manner, the resetting the aging time for the session entry includes: summing the aging time reference value and the aging time floating value, wherein the summation result is the aging time for the conversation table item; and the value of the aging time floating value is more than or equal to 0.
With reference to the second possible implementation manner or the third possible implementation manner of the first aspect, in a ninth possible implementation manner, the session aging time statistic table entry is created according to an index, where the index includes a source IP address, a destination IP address, a source port, a destination port, and a transport layer protocol number.
According to a second aspect of the embodiments of the present invention, there is provided a device for setting an aging time of a session table entry, including: the learning unit is used for learning the maximum survival time of the session table items within a preset learning time period until the learning time period is finished; and the setting unit is used for resetting the aging time aiming at the session table entry by taking the maximum survival time learned in the learning time period as an aging time reference value.
With reference to the second aspect, in a first possible implementation manner, the learned maximum lifetime is a maximum lifetime recorded at the end of the learning time period; the session table entry comprises hit time and the maximum time interval of the message hitting the session table entry twice; in terms of learning the maximum lifetime of the session entry, the learning unit is specifically configured to: and when the session table entry meets the first aging condition, comparing the maximum time interval recorded by the session table entry with the recorded maximum survival time, and recording the larger value of the maximum time interval and the recorded maximum survival time as the maximum survival time.
With reference to the second aspect, in a second possible implementation manner, the learned maximum lifetime is a maximum lifetime recorded at the end of the learning time period; the session table entry comprises hit time and the maximum time interval of the message hitting the session table entry twice; in terms of learning the maximum lifetime of the session entry, the learning unit is specifically configured to: when a refreshing condition is met, refreshing records in the session aging time statistic table entry corresponding to the session table entry according to the records in the session table entry; the records in the session aging time statistic table entry comprise hit time and maximum message time interval; and when the session aging time statistic table entry meets a second aging condition and the corresponding session table entry is aged, recording the maximum message time interval in the session aging time statistic table entry as the maximum survival time.
With reference to the second possible implementation manner of the second aspect, in a third possible implementation manner, the refresh condition includes a first refresh condition and a second refresh condition; the first refresh condition includes the session entry being created; the second refreshing condition comprises that the session table entry meets a first aging condition, or the session table entry is hit, or the session aging time statistic table entry meets a second aging condition and the corresponding session table entry is not aged; in terms of refreshing the record in the session aging time statistic entry corresponding to the session entry, the learning unit is specifically configured to: refreshing the maximum message time interval when a first refreshing condition is met; and refreshing the hit time and the maximum message time interval in the session aging time statistic table entry when a second refreshing condition is met.
With reference to the second aspect, in a fourth possible implementation manner, in terms of resetting the aging time for the session entry, the setting unit is specifically configured to: summing the aging time reference value and the aging time floating value, wherein the summation result is the aging time for the conversation table item; and the value of the aging time floating value is more than or equal to 0.
Therefore, in the embodiment of the present invention, the firewall or the router learns the maximum lifetime of the session entry, and then sets the aging time according to the learning result. Under different scenes, the maximum survival time of the learned session entries is different, so that the aging time is set according to the maximum survival time of the learned session entries, the effect of dynamically adjusting the actual aging time according to the scenes can be achieved, and the method has strong adaptability.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a flowchart of a method for setting aging time of a session entry according to an embodiment of the present invention;
fig. 2 is another flowchart of a method for setting aging time of a session entry according to an embodiment of the present invention;
fig. 3 is another flowchart of a method for setting aging time of a session entry according to an embodiment of the present invention;
fig. 4 is another flowchart of a method for setting aging time of a session entry according to an embodiment of the present invention;
fig. 5 is a structural diagram of a device for setting aging time of a session entry according to an embodiment of the present invention;
fig. 6 is a structural diagram of a device for setting aging time of a session table entry according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, a flowchart of a method for setting an aging time of a session entry according to an embodiment of the present invention may include:
s1, learning the maximum survival time of the session table items within a preset learning time period until the learning time period is finished;
and in the preset learning time period, the firewall or the router normally processes the incoming message. That is, in the process of processing the message normally, the firewall or the router learns the maximum lifetime of the session entry, and the maximum lifetime of the session entry corresponding to different application protocols can be obtained through learning.
And S2, resetting the aging time of the conversation table item by taking the maximum survival time learned in the learning time period as the aging time reference value.
For example, the aging time reference value and the aging time floating value can be summed (i.e. the aging time reference value + the aging time floating value), and the result of the summation is assigned as the aging time for the session entry, so as to reset the aging time for the session entry.
More specifically, the value of the aging time float value may be 0 or more.
Therefore, in the embodiment of the present invention, the firewall or the router learns the maximum lifetime of the session entry, and then sets the aging time according to the learning result. Under different scenes, the maximum survival time of the learned session entries is different, so that the aging time is set according to the maximum survival time of the learned session entries, the effect of dynamically adjusting the actual aging time according to the scenes can be achieved, and the method has strong adaptability.
In other embodiments of the present invention, the maximum survival time learned in step S2 may specifically be the maximum survival time recorded at the end of the learning time period.
More specifically, the firewall or router may create an array of storage maximum time-to-live. At the end of the learning period, the data stored in the array is the maximum learned lifetime.
In other embodiments of the present invention, the session table entry may include a hit time of the session table entry and a maximum time interval between two hits of the message on the session table entry.
The hit time of the session entry is recorded as follows: when the message enters the firewall or the router, the firewall or the router searches for the corresponding session table entry, and after the session table entry is searched, the hit time in the session table entry is modified into the time for finding the session table entry (namely, the time for the message to enter). If the session table entry is not found, the session table entry is created according to the index, and the time for finding the session table entry is assigned to the hit time in the created session table entry. Wherein the index includes a source IP address, a destination IP address, a source port, a destination port, and a transport layer protocol number.
For example, when a packet a enters, the firewall or the router searches for its corresponding session entry, and it is assumed that the time for finding the corresponding session entry is 12: 30: 12, the hit time (i.e. the time of the last message entering) recorded at this time by the session entry is 12: 30: 10, the hit time of the session entry is changed to 12: 30: 12.
if the session entry is not found, a session entry is created, and the creation time and the hit time of the session entry are both filled into 12: 30: 12.
it should be noted that the session table entry adopted in the prior art also records the hit time, but does not record the maximum time interval between two times of message hit on the session table entry.
The maximum time interval of the message hitting the session table entry twice is obtained as follows:
when a new message is hit (i.e. a message enters), calculating the difference between the hit time of the new message (i.e. the current time) and the hit time recorded by the session table entry (i.e. the hit time of the previous message), comparing the difference with the maximum hit time interval recorded by the session table entry, and recording the larger of the difference and the maximum hit time interval as the maximum time interval.
Still using the previous example, the time for the packet a to enter, and the firewall or router to find the corresponding session entry is 12: 30: 12 (i.e. the hit time of message a is 12: 30: 12), and the hit time recorded at this time of the session table entry is 12: 30: 10, calculate 12: 30: 12 and 12: 30: 10, difference of 2 seconds.
Assuming that the maximum time interval recorded by the session entry is 10 seconds, comparing 2 seconds with 10 seconds, it can be known that 10 seconds are larger, 10 seconds are recorded as the maximum time interval. Of course, if the session entry records a maximum time interval of 1 second, then 2 seconds are recorded as the maximum time interval.
In another special case, when the first message enters, a session table entry corresponding to the first message is created, and at this time, the session table entry has no record of the hit time, so that the difference between the hit time of the new message and the hit time of the previous message cannot be calculated, and the maximum time interval is not recorded. Of course, in this case, the maximum time interval may be considered to be 0.
In other embodiments of the present invention, one way of "learning the maximum lifetime of the session entry" in all the above embodiments may include:
step A, regularly checking whether a session table item meets a first aging condition;
and step B, when the first aging condition is met, comparing the maximum time interval recorded by the session table item with the recorded maximum survival time, and recording the larger value of the maximum time interval and the recorded maximum survival time as the maximum survival time.
Wherein the first aging condition may include: the difference between the current check time and the hit time of the session entry is greater than the aging time of the session entry.
For example, assuming that the aging time of the session entry is 10 minutes, the hit time of the session entry record is 12: 30: 10, current check time 12: 41: and 10, the difference between the two is 11 minutes, and the difference is greater than the aging time, and the step B is executed.
In performing step B, assuming that the maximum time-to-live recorded by the firewall or router is 9 minutes and the maximum time interval recorded by the session entry is 10 minutes, 10 is recorded as the maximum time-to-live. And may age the session entries.
A more detailed flow including step A and step B is shown in FIG. 2.
In other embodiments of the present invention, the number of the learning time periods in all the embodiments described above may be one, or may be more than one.
When the number of the learning time periods is one, the aging time of the session entry in the first aging condition may be factory aging time of a protocol corresponding to the session entry.
And when the number of the learning time periods is more than one, in the first learning time period, the aging time of the session table entry in the first aging condition is the factory aging time of the protocol corresponding to the session table entry. And in other learning time periods, the aging time of the session table entry in the first aging condition is the aging time reset when the last learning time period is ended.
For example, the aging time of the session entry used in the learning period 3 is the aging time reset at the end of the learning period 2. The aging time of the session entry adopted in the learning period 4 is the aging time reset at the end of the learning period 3. By analogy, the description is omitted.
It should be noted that, when the aging time is reset, the firewall or the router may automatically sum the aging time reference value (the learned maximum lifetime) and the aging time floating value, and assign the sum result as the aging time for the session table entry.
Manual settings may also be supported: upon expiration of the learning period, the firewall or router displays the learned maximum lifetime (aging time reference value) or an aging time setting suggestion value (aging time setting suggestion value is equal to the sum of the aging time reference value and the aging time float value). The user may manually reset the aging time for the session entry with reference to the aging time reference value or the aging time setting suggestion value.
As mentioned above, during the preset learning period, the firewall or the router normally processes the incoming packet. Next, referring to fig. 3, taking the number of learning time periods as 1 as an example, how to perform learning and reset the aging time for the session table entry when the message is normally processed is described:
and step 01, the message enters a firewall.
Step 02, according to the index (such as source address, source port, destination address, destination port, transport layer protocol number), searching the corresponding session table entry.
How to search according to the index is the prior art, and is not described herein.
And 03, if the session table entry is not found, creating a session table entry and recording creation time.
Because the learning time period is one, the aging time of the session table entry is the factory preset value of the corresponding protocol.
Step 04, if the session table entry is found or the session table entry is created, refreshing the hit time in the session table entry and the maximum time interval between two times of hitting the session table entry by the message.
The refreshing the hit time in the session entry may specifically include: the hit time in the session entry is changed to the time when the session entry is found.
The maximum time interval between two times of message refreshing hits on the session table entry may specifically include:
the difference between the current time (i.e. the time when the session entry is found) and the hit time of the previous message is calculated.
If it is the first calculation, the difference is directly recorded as the maximum time interval in the session table entry. Otherwise, the maximum time interval recorded in the session entry is compared, and the larger of the two is recorded as the maximum time interval.
And step 05, monitoring the whole session table in real time, and continuously checking whether the session table entries in the session table meet the first aging condition.
And step 06, if any session table entry meets the first aging condition, comparing the maximum time interval recorded in the session table entry with the recorded maximum survival time, and recording the larger value of the maximum time interval and the recorded maximum survival time as the maximum survival time.
For example, assuming that the maximum time-to-live that the firewall or router has recorded is 9 minutes and the maximum time interval recorded in the session table entry is 10 minutes, 10 is recorded as the maximum time-to-live.
And step 07, aging the session table entry meeting the first aging condition. That is, the session table entry satisfying the first aging condition is deleted to release the resource.
Step 08, judging whether the learning time period is expired. If not, the session table continues to be monitored and maximum time to live learned.
And 09, when the learning time period expires, resetting the aging time aiming at the session table entry by taking the maximum survival time learned in the learning time period as an aging time reference value.
After the aging time is reset, a message enters the firewall, and when the session table entry is created in step 03, the reset aging time is used as the aging time of the created session table entry.
Another way of learning the maximum lifetime of a session entry will be described below. In the method, the maximum survival time of the session table entry is periodically learned for a long time, and a session aging time statistical table entry (statistical table) is introduced.
The session aging time statistic table entry records hit time and maximum message time interval. The maximum message time interval comprises the maximum value of all messages entering the firewall or the router and the time intervals of adjacent messages since the session aging time statistic table entry is created.
In this embodiment, the maximum lifetime of the learning session entry may at least include:
step one, when a refreshing condition is met, according to the record in the conversation table item, refreshing the record in the conversation aging time statistic table item corresponding to the conversation table item.
The corresponding session table entry and the session aging time statistic table entry adopt the same index. For the introduction of the index, please refer to the above description, which is not repeated herein.
And step two, when the session aging time statistic table entry meets a second aging condition and the corresponding session table entry is aged, comparing the maximum message time interval recorded in the session aging time statistic table entry with the recorded maximum survival time, and recording the larger value of the maximum message time interval and the recorded maximum survival time as the maximum survival time.
For example, assuming that the maximum time to live recorded by the firewall or router is 9 minutes and the maximum time interval recorded in the session aging time statistics entry is 10 minutes, 10 is recorded as the maximum time to live.
More specifically, the refresh conditions may include a first refresh condition and a second refresh condition; wherein,
the first refresh condition may include that a session entry is created.
The second refreshing condition may include that the session entry satisfies the first aging condition, or the session entry is hit, or the session aging time statistic entry satisfies the second aging condition and the corresponding session entry is not aged;
it should be noted that, in order to avoid frequently updating the statistical table entry, the first refresh condition may only include that the session table entry satisfies the first aging condition, or that the session aging time statistical table entry satisfies the second aging condition and the corresponding session table entry is not aged.
In the first learning time period, the aging time of the session table entry in the first aging condition is the factory aging time of the protocol corresponding to the session table entry; in the rest of the learning time periods, the aging time of the session entry in the first aging condition is the aging time reset when the last learning time period ends. For the related description, please refer to the above description, which is not repeated herein.
The second aging condition may then include: and the difference value between the current check time and the hit time of the session aging time statistic table entry is greater than the aging time of the session aging time statistic table entry.
For example, assuming that the aging time of the statistic table entry is 12 minutes, the hit time recorded by the statistic table entry is 12: 30: 10, current check time 12: 43: and 10, if the difference value between the two is 13 minutes and is greater than the aging time, further judging whether the session table entry is aged, if the session table entry is also aged, comparing the maximum message time interval recorded in the session aging time statistic table entry with the recorded maximum survival time, and recording the larger value of the two as the maximum survival time.
It should be noted that the aging time of the session aging time statistic table entry is fixed and is the factory aging time of the protocol corresponding to the session table entry, and the purpose of the aging time is described in the following description.
Correspondingly, the "refreshing the record in the session aging time statistic table entry corresponding to the session table entry" may include:
refreshing the maximum message time interval when a first refreshing condition is met;
and refreshing the hit time and the maximum message time interval in the session aging time statistic table entry when a second refreshing condition is met.
Further, refreshing the maximum message time interval may include:
calculating the difference between the creation time of the session table entry and the hit time in the session aging time statistic table entry;
and comparing the calculated difference value with the recorded maximum message time interval in the session aging time statistic table entry, and recording the larger value of the calculated difference value and the recorded maximum message time interval as the maximum message time interval.
The "refreshing the hit time and the maximum message time interval in the session aging time statistic table entry" may include:
updating the hit time in the session aging time statistic table entry into the hit time recorded in the session table entry;
comparing the maximum time interval recorded in the session table item (the maximum time interval of the messages hitting the session table item twice) with the maximum message time interval recorded in the session aging time statistic table item, and recording the larger value of the two as the maximum message time interval.
A more specific flow of how to learn the maximum lifetime and reset the aging time for the session entries will be described below (see fig. 4):
and step 01, the message enters a firewall.
Step 02, according to the index (such as source address, source port, destination address, destination port, transport layer protocol number), searching the corresponding session table entry.
And 03, if the session table entry is not found, creating a session table entry and recording creation time.
The session table entry is created according to an index, and the index includes a source IP address, a destination IP address, a source port, a destination port, and a transport layer protocol number. How to create the session table entry is the prior art, and is not described herein in detail.
In this embodiment, the learning is performed periodically for a long period. The number of learning periods is more than one. In the first learning time period, the aging time of the session entry in the first aging condition is the factory aging time of the protocol corresponding to the session entry. And in other learning time periods, the aging time of the session table entry in the first aging condition is the aging time reset when the last learning time period is ended.
Step 04, if the session table entry is found or the session table entry is created, refreshing the hit time in the session table entry and the maximum time interval between two times of hitting the session table entry by the message.
The refreshing the hit time in the session entry may specifically include: the hit time in the session entry is changed to the time when the session entry is found.
The maximum time interval between two times of message refreshing hits on the session table entry may specifically include:
calculating the difference between the current time (i.e. the time when the session table item is found) and the hit time of the previous message;
if it is the first calculation, the difference is directly recorded as the maximum time interval in the session table entry. Otherwise, the greater of the two is recorded as the maximum time interval compared to the maximum time interval recorded.
Step 05, after creating a session table item, searching a corresponding session aging time statistic table item (which will be referred to as a statistic table item hereinafter);
step 06, if the statistical table entry is found, the maximum message time interval (corresponding to the first refresh condition) is refreshed.
The refreshing the maximum message time interval may include:
the time interval (i.e. the difference) between the current time (the creation time of the session entry) and the hit time of the statistical entry is calculated, and compared with the recorded maximum message time interval in the statistical entry, and the larger value of the two is stored in the statistical entry.
By way of example, assume that the current time is 12: 30: 12, the hit time of the statistic table entry record is 12: 30: 00, calculate 12: 30: 12 and 12: 30: 10, difference 12 seconds.
Assuming that the maximum message time interval recorded by the statistical table entry is 10 seconds, comparing 12 seconds with 10 seconds, if 12 seconds is greater, recording 10 seconds as the maximum message time interval.
And step 07, monitoring the whole session table in real time, and continuously checking whether the session table entries in the session table meet the first aging condition.
For the related content of the first aging condition, please refer to the above description, which is not repeated herein.
Step 08, if any session entry meets the first aging condition (corresponding to the session entry meeting the first aging condition in the second refreshing condition), searching for a statistical entry according to the session index.
And 9, if the statistical table entry is not found, creating the statistical table entry. And assigning the creation time of the session table entry to the hit time in the statistic table entry.
Similar to creating the session entry, the statistics entry is also created from an index that includes the source IP address, the destination IP address, the source port, the destination port, and the transport layer protocol number.
Step 10, if the statistic table entry is found or the statistic table entry is created, refreshing the hit time and the maximum message time interval in the statistic table entry.
More specifically, refreshing the hit time and the maximum packet time interval in the session aging time statistic table entry may include:
updating the hit time in the session aging time statistic table entry into the hit time recorded in the session table entry;
comparing the maximum time interval recorded in the session table item (the maximum time interval of the messages hitting the session table item twice) with the maximum message time interval recorded in the session aging time statistic table item, and recording the larger value of the two as the maximum message time interval.
And step 11, aging the session table entry meeting the first aging condition. That is, the session table entry satisfying the first aging condition is deleted to release the resource.
And step 12, traversing each statistical table entry in the monitoring statistical table.
And step 13, judging whether a statistical table item meets a second aging condition. And if not, re-counting the table entries.
For the second aging condition, please refer to the above description, which is not repeated herein.
And step 14, if the statistical table entry meeting the second aging condition exists, judging whether a session table entry corresponding to the statistical table entry exists.
Step 15, if there is a corresponding session entry (the session aging time statistic entry in the corresponding first refresh condition satisfies the second aging condition and the corresponding session entry is not aged), refreshing the hit time and the maximum message time interval in the session aging time statistic entry, and then continuing to monitor the session table and the statistic table.
For how to refresh the hit time and the maximum message time interval in the session aging time statistics table entry, please refer to the description in step 10, which is not described herein again.
And step 16, if the corresponding session table entry does not exist, comparing the maximum message time interval recorded by the statistical table entry with the recorded maximum survival time, and recording the larger value of the maximum message time interval and the recorded maximum survival time as the maximum survival time.
Step 17, determine whether the learning period has expired. If not, the session table continues to be monitored and maximum time to live learned.
And 18, when the learning time period expires, resetting the aging time aiming at the session table entry by taking the maximum survival time learned in the learning time period as an aging time reference value. The learning of the next cycle is continued.
After the aging time is reset, a message enters the firewall, and when the session table entry is created in step 03, the reset aging time is used as the aging time of the created session table entry.
It should be noted that, assuming that the factory aging time of the session entry is 12 minutes, and when the first learning time period is over, the aging time reset according to the learned maximum survival time is 9 minutes, since the second learning time period adopts the aging time set when the first learning time period is over, the maximum survival time that can be learned in the second learning time period is less than 9 minutes, and so on, the shorter the maximum survival time is, the shorter the learning is, the shorter the aging time that is reset becomes, and the too short aging time may cause the session entry to be frequently created and deleted.
In order to avoid that the maximum survival time is smaller more scientifically, the aging time of the session aging time statistic table entry is fixed as the factory aging time of the protocol corresponding to the session table entry. This is now exemplified.
Assume that the aging time used in the second learning period is 9 minutes, and the aging time of the statistical table entry is fixed to 12 minutes.
And (4) entering the message 1, and creating a session table entry by a firewall or a router and creating a corresponding statistical table entry. Then, a message 2-5 enters, and the hit time of the message 5 is 12: 30: 00.
and in the next 9 minutes, if no message enters, aging the session table entry, and modifying the hit time of the statistical table entry to 12: 30: 00.
then, the message 6 enters, the firewall or the router recreates the session table entry, and it is assumed that the hit time of the message 6 is 12: 40: 00. since the aging time of the statistical table entry is 12 minutes, the statistical table entry is not aged when the message 6 enters.
Because the session table entry is created again, if the session table entry meets the first refreshing condition, the maximum message time interval in the statistical table entry is refreshed:
the time interval between the current time (12: 40: 00) and the hit time of the statistics entry (12: 30: 00) is calculated to be 10 minutes. And compares it with the maximum recorded message time interval in the statistics table entry (assuming it is 9 minutes), and saves the greater of the two in the statistics table entry.
Assuming that the second learning period is over, the maximum message time interval (10 minutes) recorded in the statistical table entry is compared with the recorded maximum lifetime (9 minutes), and 10 minutes is recorded as the maximum lifetime.
It follows that even if the second learning period takes 9 minutes as the aging time, this does not result in the shorter the maximum lifetime and thus the shorter the reset aging time.
In addition, the previous example is still used, and it is assumed that after the session table entry is created again according to the message 6, a message enters continuously, and the session table entry is not aged. Since the hit time of the statistic table entry is refreshed only when the session table entry is aged, the hit time of the statistic table entry is still the hit time of the message 5 (12: 30: 00).
After 12 minutes, the statistical table entry meets the second aging condition, at this time, whether the session table entry exists or not needs to be judged, and if the session table entry exists, the hit time of the statistical table entry and the maximum message hit time interval are refreshed. Of course, after the hit time of the statistical table entry is refreshed, the statistical table entry will no longer meet the second aging condition, and the statistical table entry will not be aged. That is, as long as there is a session entry, the statistics entry will not age.
Correspondingly, an embodiment of the present invention further provides a device for setting the aging time of the session table entry, referring to fig. 5, where the device may include:
the learning unit 1 is used for learning the maximum survival time of the session table items within a preset learning time period until the learning time period is finished;
the session table entry includes the hit time of the session table entry and the maximum time interval between two times of message hit on the session table entry. For related matters, please refer to the above description, which is not repeated herein.
And the setting unit 2 is used for resetting the aging time aiming at the session table entry by taking the maximum survival time learned in the learning time period as an aging time reference value.
More specifically, the maximum lifetime learned as described above is the maximum lifetime recorded at the end of the learning period.
In learning the maximum lifetime of the session entry, the learning unit 1 may be specifically configured to:
when the session table entry meets the first aging condition, comparing the maximum time interval recorded by the session table entry with the recorded maximum survival time, and recording the larger value of the maximum time interval and the recorded maximum survival time as the maximum survival time.
For related matters, please refer to the above description, which is not repeated herein.
Alternatively, in terms of learning the maximum lifetime of the session entry, the learning unit 1 may be specifically configured to:
when the refreshing condition is met, refreshing the record in the session aging time statistic table entry corresponding to the session table entry according to the record in the session table entry; the records in the session aging time statistic table entry comprise hit time and maximum message time interval;
and when the session aging time statistic table entry meets the second aging condition and the corresponding session table entry is aged, recording the maximum message time interval in the session aging time statistic table entry as the maximum survival time.
For details, please refer to the above description, and further description is omitted here.
In another embodiment of the present invention, in terms of resetting the aging time for the session table entry, the setting unit may be specifically configured to: and summing the aging time reference value and the aging time floating value, wherein the summation result is the aging time for the conversation table entry. Wherein, the value of the aging time floating value is more than or equal to 0.
For details, please refer to the above description, and further description is omitted here.
Fig. 6 shows a hardware structure of the setting apparatus 600 (firewall, router) for setting the aging time of the session table entry, which may include at least one processor 601, such as a CPU, at least one network interface 604 or other user interface 603, a memory 605, and at least one communication bus 602. A communication bus 602 is used to enable connectivity communication between these components. The transmission timing apparatus 600 optionally comprises a user interface 603, a keyboard or pointing device, such as a trackball (trackball), a touch-sensitive pad or a touch-sensitive display. Memory 605 may comprise high-speed RAM memory, and may also include non-volatile memory, such as at least one disk memory. The memory 605 may optionally include at least one storage device located remotely from the processor 601.
In some embodiments, memory 605 stores the following elements, executable modules or data structures, or a subset thereof, or an expanded set thereof:
an operating system 6051 containing various system programs for implementing various basic services and for processing hardware-based tasks;
the application module 6052 contains various applications for implementing various application services.
The application module 6052 includes, but is not limited to, a learning unit 1 and a setting unit 2.
For concrete implementation of each module in the application module 6052, refer to corresponding modules in the embodiment shown in fig. 5, which are not described herein again.
In an embodiment of the present invention, processor 601, by invoking programs or instructions stored by memory 605, is configured to:
learning the maximum survival time of the session table items within a preset learning time period until the learning time period is finished;
and resetting the aging time aiming at the conversation table item by taking the maximum survival time learned in the learning time period as an aging time reference value.
In addition, the setting apparatus 600 may also perform other steps related to the setting method described in the method section herein, and details of each step are not described herein.
In the invention, the CPU and the memory can be integrated in the same chip or can be two independent devices.
The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (15)
1. A method for setting aging time of session table entry is characterized by comprising the following steps:
learning the maximum survival time of the session table items within a preset learning time period until the learning time period is finished;
and resetting the aging time aiming at the conversation table item by taking the maximum survival time learned in the learning time period as an aging time reference value.
2. The method of claim 1,
the maximum survival time learned is the maximum survival time recorded at the end of the learning time period;
the session table entry comprises hit time and the maximum time interval of the message hitting the session table entry twice;
the learning the maximum lifetime of the session entry comprises:
and when the session table entry meets the first aging condition, comparing the maximum time interval recorded by the session table entry with the recorded maximum survival time, and recording the larger value of the maximum time interval and the recorded maximum survival time as the maximum survival time.
3. The method of claim 1,
the maximum survival time learned is the maximum survival time recorded at the end of the learning time period; the session table entry comprises hit time and the maximum time interval of the message hitting the session table entry twice;
the learning the maximum lifetime of the session entry comprises:
when a refreshing condition is met, refreshing records in the session aging time statistic table entry corresponding to the session table entry according to the records in the session table entry; the records in the session aging time statistic table entry comprise hit time and maximum message time interval;
and when the session aging time statistic table entry meets a second aging condition and the corresponding session table entry is aged, comparing the maximum message time interval recorded in the session aging time statistic table entry with the recorded maximum survival time, and recording the larger value of the maximum message time interval and the recorded maximum survival time as the maximum survival time.
4. The method of claim 3,
the refresh conditions include a first refresh condition and a second refresh condition;
the first refresh condition includes the session entry being created;
the second refreshing condition comprises that the session table entry meets a first aging condition, or the session table entry is hit, or the session aging time statistic table entry meets a second aging condition and the session table entry is not aged;
the updating the record in the session aging time statistic table entry corresponding to the session table entry includes:
refreshing the maximum message time interval when the first refreshing condition is met;
and refreshing the hit time and the maximum message time interval in the session aging time statistic table entry when the second refreshing condition is met.
5. The method of claim 4, wherein said refreshing the hit time and the maximum packet time interval in the session aging time statistics entry comprises:
updating the hit time in the session aging time statistic table entry into the hit time recorded in the session table entry;
comparing the maximum time interval recorded in the session table item with the maximum message time interval recorded in the session aging time statistic table item, and recording the larger value of the two as the maximum message time interval;
the refreshing the maximum packet time interval includes:
calculating the difference between the creation time of the session table item and the hit time in the session aging time statistic table item;
and comparing the calculated difference with the recorded maximum message time interval in the session aging time statistic table entry, and recording the larger value of the two as the maximum message time interval.
6. The method of claim 3 or 4, wherein the second aging condition comprises: the difference value between the current check time and the hit time recorded by the session aging time statistic table entry is greater than the aging time of the session aging time statistic table entry;
and the aging time of the session aging time statistic table entry is the factory aging time of the protocol corresponding to the session table entry.
7. The method of claim 2 or 3,
the first aging condition includes: and the difference value between the current checking time and the hit time of the session table entry is larger than the aging time of the session table entry.
8. The method of claim 7, wherein the number of learning periods is one, or, more than one;
when the number of the learning time periods is one, the aging time of the session table entry is the factory aging time of the protocol corresponding to the session table entry;
when the number of the learning time periods is more than one, in a first learning time period, the aging time of the session table entry is the factory aging time of the protocol corresponding to the session table entry; in the rest of the learning time periods, the aging time of the session table entry is the aging time reset at the end of the last learning time period.
9. The method of claim 1, wherein the resetting the aging time for the session entry comprises:
summing the aging time reference value and the aging time floating value, wherein the summation result is the aging time for the conversation table item;
and the value of the aging time floating value is more than or equal to 0.
10. The method of claim 3, wherein the session aging time statistics entry is created from an index that includes a source IP address, a destination IP address, a source port, a destination port, and a transport layer protocol number.
11. An apparatus for setting aging time of session table entry, comprising:
the learning unit is used for learning the maximum survival time of the session table items within a preset learning time period until the learning time period is finished;
and the setting unit is used for resetting the aging time aiming at the session table entry by taking the maximum survival time learned in the learning time period as an aging time reference value.
12. The apparatus of claim 11,
the maximum survival time learned is the maximum survival time recorded at the end of the learning time period; the session table entry comprises hit time and the maximum time interval of the message hitting the session table entry twice;
in terms of learning the maximum lifetime of the session entry, the learning unit is specifically configured to:
and when the session table entry meets the first aging condition, comparing the maximum time interval recorded by the session table entry with the recorded maximum survival time, and recording the larger value of the maximum time interval and the recorded maximum survival time as the maximum survival time.
13. The apparatus of claim 11,
the maximum survival time learned is the maximum survival time recorded at the end of the learning time period; the session table entry comprises hit time and the maximum time interval of the message hitting the session table entry twice;
in terms of learning the maximum lifetime of the session entry, the learning unit is specifically configured to:
when a refreshing condition is met, refreshing records in the session aging time statistic table entry corresponding to the session table entry according to the records in the session table entry; the records in the session aging time statistic table entry comprise hit time and maximum message time interval;
and when the session aging time statistic table entry meets a second aging condition and the corresponding session table entry is aged, recording the maximum message time interval in the session aging time statistic table entry as the maximum survival time.
14. The apparatus of claim 13,
the refresh conditions include a first refresh condition and a second refresh condition; the first refresh condition includes the session entry being created; the second refreshing condition comprises that the session table entry meets a first aging condition, or the session table entry is hit, or the session aging time statistic table entry meets a second aging condition and the corresponding session table entry is not aged;
in terms of refreshing the record in the session aging time statistic entry corresponding to the session entry, the learning unit is specifically configured to:
refreshing the maximum message time interval when a first refreshing condition is met;
and refreshing the hit time and the maximum message time interval in the session aging time statistic table entry when a second refreshing condition is met.
15. The apparatus of claim 11, wherein in resetting the aging time for the session entry, the setting unit is specifically configured to: summing the aging time reference value and the aging time floating value, wherein the summation result is the aging time for the conversation table item; and the value of the aging time floating value is more than or equal to 0.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310603298.0A CN104660439B (en) | 2013-11-25 | 2013-11-25 | The setting method and device of session entry ageing time |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310603298.0A CN104660439B (en) | 2013-11-25 | 2013-11-25 | The setting method and device of session entry ageing time |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104660439A true CN104660439A (en) | 2015-05-27 |
| CN104660439B CN104660439B (en) | 2018-10-02 |
Family
ID=53251170
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310603298.0A Active CN104660439B (en) | 2013-11-25 | 2013-11-25 | The setting method and device of session entry ageing time |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104660439B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106131129A (en) * | 2016-06-23 | 2016-11-16 | 杭州迪普科技有限公司 | The method and apparatus of the data syn-chronization time management of GSLB |
| CN108234615A (en) * | 2017-12-25 | 2018-06-29 | 新华三技术有限公司 | Table entry processing method, mainboard and master network device |
| CN111711572A (en) * | 2020-05-26 | 2020-09-25 | 新华三信息安全技术有限公司 | Aging time synchronization method and device |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1315297C (en) * | 2003-07-12 | 2007-05-09 | 华为技术有限公司 | Method for timed processing of list item in communication equipment and apparatus thereof |
| CN1324481C (en) * | 2003-07-31 | 2007-07-04 | 华为技术有限公司 | Data aging method for network processor |
| ATE498963T1 (en) * | 2007-12-19 | 2011-03-15 | Alcatel Lucent | UPDATING A DYNAMIC LEARNING BOARD |
| CN101262446A (en) * | 2008-04-21 | 2008-09-10 | 北京星网锐捷网络技术有限公司 | A generation method and device for Hello packet |
| CN101370016B (en) * | 2008-10-17 | 2011-10-26 | 成都市华为赛门铁克科技有限公司 | Aging method, apparatus and system for data stream list |
| CN101860575B (en) * | 2010-07-02 | 2013-01-09 | 迈普通信技术股份有限公司 | UPnP (Universal Plug-n-Play) gateway equipment NAT (Network Address Translation) port mapping maintenance method and equipment thereof |
-
2013
- 2013-11-25 CN CN201310603298.0A patent/CN104660439B/en active Active
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106131129A (en) * | 2016-06-23 | 2016-11-16 | 杭州迪普科技有限公司 | The method and apparatus of the data syn-chronization time management of GSLB |
| CN106131129B (en) * | 2016-06-23 | 2019-05-07 | 杭州迪普科技股份有限公司 | The method and apparatus of management data synchronization time of global load balancing |
| CN108234615A (en) * | 2017-12-25 | 2018-06-29 | 新华三技术有限公司 | Table entry processing method, mainboard and master network device |
| CN108234615B (en) * | 2017-12-25 | 2021-05-07 | 新华三技术有限公司 | Table item processing method, mainboard and main network equipment |
| CN111711572A (en) * | 2020-05-26 | 2020-09-25 | 新华三信息安全技术有限公司 | Aging time synchronization method and device |
| CN111711572B (en) * | 2020-05-26 | 2023-03-31 | 新华三信息安全技术有限公司 | Aging time synchronization method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104660439B (en) | 2018-10-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3297213B1 (en) | Method and apparatus for identifying application information in network traffic | |
| US10938935B1 (en) | Reduction in redirect navigation latency via speculative preconnection | |
| US9100854B2 (en) | Quality of service application controller and user equipment application profiler | |
| CN102769549B (en) | The method and apparatus of network security monitoring | |
| US9866448B2 (en) | Electronic device and method for DNS processing | |
| US10154106B2 (en) | Method for sending heartbeat message and mobile terminal | |
| CN103944954A (en) | Reducing Buffer Usage For Tcp Proxy Session Based On Delayed Acknowledgment | |
| CN104137491A (en) | Methods to manage services over a service gateway | |
| US20150003449A1 (en) | Path maximum transmission unit learning | |
| CN105939361A (en) | Method and device for defensing CC (Challenge Collapsar) attack | |
| CN104660439B (en) | The setting method and device of session entry ageing time | |
| CN107402851B (en) | Data recovery control method and device | |
| US20190007303A1 (en) | Implementing forwarding behavior based on communication activity between a controller and a network device | |
| CN103916379A (en) | CC attack identification method and system based on high frequency statistics | |
| CN107465453A (en) | A kind of ONT Optical Network Terminal and its method of work and communication system | |
| US9350677B2 (en) | Controller based network resource management | |
| CN103475657A (en) | Method and device for processing SYN flood prevention | |
| CN105490824A (en) | Game server and mass message filtering method | |
| US9195805B1 (en) | Adaptive responses to trickle-type denial of service attacks | |
| US7860982B2 (en) | Internet connectivity verification | |
| CN110224932B (en) | Method and system for rapidly forwarding data | |
| US11075911B2 (en) | Group-based treatment of network addresses | |
| CN109474572B (en) | Method and system for monitoring and capturing horse release sites based on cluster botnet | |
| CN106487916B (en) | Statistical method and device for connection number | |
| CN104243395A (en) | High frequency write operation method, interface machine and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20211221 Address after: 215010 room 704, building 5, No. 556, Changjiang Road, high tech Zone, Suzhou, Jiangsu Patentee after: SUZHOU YUDESHUI ELECTRICAL TECHNOLOGY Co.,Ltd. Address before: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen Patentee before: HUAWEI TECHNOLOGIES Co.,Ltd. Effective date of registration: 20211221 Address after: Room 2011, building 1, No.35, Shishan Road, high tech Zone, Suzhou, Jiangsu 215000 Patentee after: SUZHOU XIQUAN SOFTWARE TECHNOLOGY Co.,Ltd. Address before: 215010 room 704, building 5, No. 556, Changjiang Road, high tech Zone, Suzhou, Jiangsu Patentee before: SUZHOU YUDESHUI ELECTRICAL TECHNOLOGY Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20221230 Address after: No. 155, Chemical Road, Boxing Economic Development Zone, Boxing County, Binzhou City, Shandong Province, 256599 Patentee after: Shandong rongzhixin Enterprise Consulting Service Co.,Ltd. Address before: Room 2011, building 1, No.35, Shishan Road, high tech Zone, Suzhou, Jiangsu 215000 Patentee before: SUZHOU XIQUAN SOFTWARE TECHNOLOGY Co.,Ltd. |