CN105450792A - Port allocation method and device for converting multi-core forwarding network address port - Google Patents
Port allocation method and device for converting multi-core forwarding network address port Download PDFInfo
- Publication number
- CN105450792A CN105450792A CN201510980638.0A CN201510980638A CN105450792A CN 105450792 A CN105450792 A CN 105450792A CN 201510980638 A CN201510980638 A CN 201510980638A CN 105450792 A CN105450792 A CN 105450792A
- Authority
- CN
- China
- Prior art keywords
- port numbers
- port
- cpu
- unappropriated
- resource pond
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/2517—Translation of Internet protocol [IP] addresses using port numbers
Abstract
The invention provides a port allocation method and device for multi-core forwarding NAPT. The port allocation method for the multi-core forwarding NAPT comprises the following steps: after receiving a message, looking up whether unallocated port numbers exist in an independent resource pool occupied by a CPU independently; if so, determining a matched port number among the unallocated port numbers, and allocating the matched port number to the message; if not, looking up whether the unallocated port numbers exist in a shared resource pool shared by multiple cores; if the unallocated port numbers exist in the shared resource pool, determining the matched port number among the unallocated port numbers, and allocating the matched port number to the message; and if the unallocated port numbers do not exist in the shared resource pool, selecting an available CPU, and forwarding the message to the available CPU to be processed. The method can be used for improving the performance of multi-core forwarding NAPT.
Description
Technical field
The present invention relates to network communication technology field, particularly relate to a kind of port assignment method and apparatus of multinuclear transmission network address and port translation (NetworkAddressPortTranslation, NAPT).
Background technology
NAPT is by the source internet protocol (InternetProtocol of packet, IP) the address transition IP address that becomes another to specify, port address conversion (PortAddressTranslation is carried out to original source port simultaneously, PAT), mainly act on the situation of slave firewall internal network access external network, hide the IP address that internal network uses, ensure private network safety to a certain extent.
For network security manufacturer, the realization of NAPT is exactly mainly at network address translation (NetworkAddressTranslation, NAT) select a legitimate ip address in IP resource pool, and select a non-port numbers (1024-65535).How high performance searching does not use port numbers, is exactly the performance-critical point of NAPT.
Along with the development of science and technology, present fire compartment wall generally uses polycaryon processor.In correlation technique, be all use the mode and common lookup algorithm that lock to determine the port assignment strategy of NAPT under multinuclear forwards scene, but this port assignment strategy makes multinuclear forward NAPT performance to be had to be hoisted.
Summary of the invention
The present invention is intended to solve one of technical problem in correlation technique at least to a certain extent.
For this reason, one object of the present invention is to propose a kind of port assignment method forwarding NAPT for multinuclear, and the method can promote the performance that multinuclear forwards NAPT.
Another object of the present invention is to propose a kind of port assignment device forwarding NAPT for multinuclear.
For achieving the above object, the port assignment method forwarding NAPT for multinuclear that first aspect present invention embodiment proposes, comprising: after receiving message, in the independent resource pond that CPU independently takies, searches whether there is unappropriated port numbers; If there is unappropriated port numbers in described independent resource pond, then in described unappropriated port numbers, determine appropriate ports number, and described appropriate ports number are distributed to described message; If there is not unappropriated port numbers in described independent resource pond, then in the shared resource pond that multinuclear is total, search whether there is unappropriated port numbers; If there is unappropriated port numbers in described shared resource pond, then in described unappropriated port numbers, determine appropriate ports number, and described appropriate ports number are distributed to described message; If there is not unappropriated port numbers in described shared resource pond, select available CPU, and give described available CPU process by described message repeating.
The port assignment method forwarding NAPT for multinuclear that first aspect present invention embodiment proposes, by distributing independent resource pond for each CPU, can make not interfere with each other when NAPT Resourse Distribute between multinuclear, performance reaches every core linear growth; By assignment of port numbers from shared resource pond again during inadequate resource in independent resource pond, the distribution of port resource can be realized by lower complexity, ensure to connect and can be assigned to available resource in time, thus promote multinuclear and forward NAPT performance.
For achieving the above object, the port assignment device forwarding NAPT for multinuclear that second aspect present invention embodiment proposes, comprise: first searches module, after receiving message, in the independent resource pond that CPU independently takies, search whether there is unappropriated port numbers; First distribution module, during for there is unappropriated port numbers in described independent resource pond, determining appropriate ports number, and described appropriate ports number is distributed to described message in described unappropriated port numbers; Second searches module, during for there is not unappropriated port numbers in described independent resource pond, in the shared resource pond that multinuclear is total, searches whether there is unappropriated port numbers; Second distribution module, during for there is unappropriated port numbers in described shared resource pond, determining appropriate ports number, and described appropriate ports number is distributed to described message in described unappropriated port numbers; Forwarding module, during for there is not unappropriated port numbers in described shared resource pond, selects available CPU, and gives described available CPU process by described message repeating.
The port assignment device forwarding NAPT for multinuclear that second aspect present invention embodiment proposes, by distributing independent resource pond for each CPU, can make not interfere with each other when NAPT Resourse Distribute between multinuclear, performance reaches every core linear growth; By assignment of port numbers from shared resource pond again during inadequate resource in independent resource pond, the distribution of port resource can be realized by lower complexity, ensure to connect and can be assigned to available resource in time, thus promote multinuclear and forward NAPT performance.
The aspect that the present invention adds and advantage will part provide in the following description, and part will become obvious from the following description, or be recognized by practice of the present invention.
Accompanying drawing explanation
The present invention above-mentioned and/or additional aspect and advantage will become obvious and easy understand from the following description of the accompanying drawings of embodiments, wherein:
Fig. 1 is the schematic flow sheet forwarding the port assignment method of NAPT for multinuclear that one embodiment of the invention proposes;
Fig. 2 is the schematic flow sheet determining appropriate ports number in the embodiment of the present invention in unappropriated port numbers;
Fig. 3 is the schematic flow sheet judging whether assignment of port numbers in local field in the embodiment of the present invention;
Fig. 4 is the schematic flow sheet forwarding the port assignment method of NAPT for multinuclear that another embodiment of the present invention proposes;
Fig. 5 is the structural representation forwarding the port assignment device of NAPT for multinuclear that the present invention's another aspect embodiment proposes;
Fig. 6 is the structural representation forwarding the port assignment device of NAPT for multinuclear that the present invention's another aspect embodiment proposes.
Embodiment
Be described below in detail embodiments of the invention, the example of described embodiment is shown in the drawings, and wherein same or similar label represents same or similar module or has module that is identical or similar functions from start to finish.Being exemplary below by the embodiment be described with reference to the drawings, only for explaining the present invention, and can not limitation of the present invention being interpreted as.On the contrary, embodiments of the invention comprise fall into attached claims spirit and intension within the scope of all changes, amendment and equivalent.
Fig. 1 is the schematic flow sheet forwarding the port assignment method of NAPT for multinuclear that one embodiment of the invention proposes, and the method comprises:
S11: after receiving message, searches whether there is unappropriated port numbers in the independent resource pond that CPU independently takies.
Such as, each central processing unit (CentralProcessingUnit, CPU) in corresponding multinuclear, after this CPU receives message, first can search whether there is unappropriated port numbers in the independent resource pond of self correspondence.
In the present embodiment, resource pool can comprise: independent resource pond and shared resource pond.The number in independent resource pond is identical with the sum of CPU, corresponding with each CPU respectively.Shared resource pond is one, is the resource pool that multiple CPU has.
The scope of port numbers is 0 to 65535, but, due in relevant regulations by 0 to 1023 these range assignment to specified services.So for NAPT, the port numbers that in fact can be used for distributing is 1024 to 65535 these scopes.
In the present embodiment, 1024 to 65535 these scopes are divided into independent resource pond and shared resource pond, and the number of the port numbers taken in independent resource pond is identical.
Suppose that the CPU number participating in forwarding is 4, be respectively CPU0-CPU3, they can distribute and the port numbers used is 1024-65536, have 64512, suppose that shared resource pond middle-end slogan is 15360, port numbers in addition totally 49152, four CPU are all assigned with 12288, therefore, the situation of the port numbers in each resource pool is respectively:
The independent resource pond that CPU0 is corresponding: 1024-13111;
The independent resource pond that CPU1 is corresponding: 13312-25599;
The independent resource pond that CPU2 is corresponding: 25600-37887;
The independent resource pond that CPU3 is corresponding: 37888-50175;
Shared resource pond: 50176-65536.
Therefore, after supposing that CPU0 receives message, first can search whether there is unappropriated port numbers in the independent resource pond (port numbers is 13312-25599) that CPU0 is corresponding.
S12: if there is unappropriated port numbers in described independent resource pond, then determine appropriate ports number in described unappropriated port numbers, and described appropriate ports number are distributed to described message.
Such as, CPU0 judges to there is unappropriated port numbers at 13312-25599 within the scope of this through searching, then therefrom can select a unappropriated port number assignment to message.
In some embodiments, see Fig. 2, in described unappropriated port numbers, determine appropriate ports number, comprising:
S21: the port numbers of sub-distribution in acquisition, determines the next port number adjacent with the port numbers of described upper sub-distribution.
Such as, record can be carried out to the port numbers of every sub-distribution, therefore can obtain the port numbers of sub-distribution in recorded information.Can distribute from the smallest end slogan in independent resource pond corresponding to each CPU time initial.
Such as, in CPU0 acquisition, the port numbers of sub-distribution is 1024, then adjacent with the port numbers of upper sub-distribution next port number is 1025.
S22: if described next port number is not assigned with, then described next port number is defined as appropriate ports number.
Such as, the distribution condition of port number can carry out record, thus can determine whether port numbers is assigned with.
Such as, port numbers 1025 is not assigned with, then port numbers 1025 can be defined as appropriate ports number, so that port numbers 1025 is distributed to message.
S23: if described next port number is assigned with, select next local field, judge whether assignment of port numbers in described local field, if judge assignment of port numbers in described local field, then determines appropriate ports number in described local field.
Such as, port numbers 1025 is assigned with, then can select next local field, and when being applicable to assignment of port numbers in next local field, assignment of port numbers in next local field.
Row dimension theorem (Lindburg-Levy) are met by the local field method of salary distribution, row dimension theorem is the central-limit theorem of Independent identically distributed random sequence, is that a large amount of random value cumulative distribution functions understands the limiting value of point-wise convergence to normal distyribution function.In other words, local dense distributes, and then jump to a point and arrange dimension distribution, and this point is also careful distribution.
In the present embodiment, in advance each Energy Resources Service can be divided into multiple local field.Such as, because 0-1024 position is not used, 0-1024 can be set to two 2 grades bitmaps (bitmap), whether 2 512bitmap represent resource port end respectively and are used exactly.That is, each resource pool can be divided into 512 local fields.
For independent resource pond, the port numbers number due to each independent resource pond is 12288, then each local field comprises 12288/512=24 continuous print port numbers.
Each local field can represent the service condition of the port numbers of this local field by the field of two (bit).
This field of two can be called bitmap, and suppose to be expressed as [xy], wherein, x represents: if continuous 24 port numbers are not all assigned with, this position is just set to 0, otherwise is set to 1.In other words continuous 24 ports are not all 0 during use, as long as having one to be used is just 1;
Y represents: if continuous 24 port numbers are all assigned with, this position is just set to 1, otherwise is set to 0.In other words continuous 24 ports all by use time be 1, as long as have one vacant be just 0.
Therefore, the bitmap [xy] of each local field value that can have and implication as follows:
Bitmap (bitmap) is [00]: these 24 bit values are not all assigned, and all of the port resource is in state to be allocated.
Bitmap is [11]: these 24 bit values are all finished using, and all of the port resource is all in state to be released.
Bitmap is [10]: most situation, and represent and also have port resource to distribute, ports having resource is to be released.
Accordingly, see Fig. 3, judge whether assignment of port numbers in described local field, comprising:
S31: obtain the bitmap that described local field is corresponding, the state that described bitmap represents comprises: in described local field, all of the port number is in all of the port number in state to be allocated, described local field and is in part port numbers in state to be released, described local field and is in state to be allocated and section ports number is in state to be released.
Such as, CPU0 can Stochastic choice local field, and obtains the bitmap of this local field.Bitmap can represent respectively:
In described local field, all of the port number is in state to be allocated, and such as, the value of bitmap is [00];
In described local field, all of the port number is in state to be released, and such as, the value of bitmap is [11];
In described local field, part port numbers is in state to be allocated and section ports number is in state to be released, and such as, the value of bitmap is [10].
S32: if the state that described bitmap represents is that in described local field, all of the port number is in state to be allocated, or, in described local field, part port numbers is in state to be allocated and section ports number is in state to be released, then judge assignment of port numbers in described local field.
Such as, the value of the bitmap of this local field is [00] or [10], then can in local field assignment of port numbers.
In this local field during assignment of port numbers, such as, according to the order of sequence the next port number of the port numbers of sub-distribution upper in this local field is defined as appropriate ports number.
S33: if the state that described bitmap represents is that in described local field, part port numbers is in state to be allocated and section ports number is in state to be released, then judge not assignment of port numbers in described local field.
Such as, the value of the bitmap of local field is [11], then can reselect local field and repeat S31-S32.
S13: if there is not unappropriated port numbers in described independent resource pond, then search whether there is unappropriated port numbers in the shared resource pond that multinuclear is total.
Such as, CPU0 judges there is not unappropriated port numbers at 13312-25599 within the scope of this through searching, then can search whether there is unappropriated port numbers further in shared resource pond (port numbers is 50176-65536).
S14: if there is unappropriated port numbers in described shared resource pond, then determine appropriate ports number in described unappropriated port numbers, and described appropriate ports number are distributed to described message.
Such as, CPU0 judges to there is unappropriated port numbers at 50176-65536 within the scope of this through searching, then therefrom can select a unappropriated port number assignment to message.
In shared resource pond, the mode of assignment of port numbers with reference to the method for salary distribution in independent resource pond, can not repeat them here.
S15: if there is not unappropriated port numbers in described shared resource pond, select available CPU, and give described available CPU process by described message repeating.
Such as, there is not unappropriated port numbers through searching in CPU0, then can select available CPU in independent resource pond corresponding to CPU0 and shared resource pond, such as, available CPU is CPU1, then CPU0 can forward the packet to CPU1, and by CPU1 process.
After CPU1 receives message, above-mentioned S11-S15 can be performed.
In some embodiments, see Fig. 4, the method can also comprise:
S16: record port service condition.
Such as, each CPU in independent resource pond after assignment of port numbers, or, in shared resource pond after assignment of port numbers, the port numbers (as 1024 etc.) of having distributed can be recorded.
Accordingly, available CPU is selected to comprise:
S151: if there is not unappropriated port numbers in described shared resource pond, calculates the weighted value of each CPU according to the port service condition of record.
Such as, can using the CPU of in CPU0-CPU3 as configuration core, suppose that CPU0 is configuration core, then CPU0 is carrying out the port service condition can also adding up each resource pool outside above-mentioned process, and calculates the weighted value of each CPU.
Such as, CPU0 can add up the sum of the port numbers of having distributed in independent resource pond corresponding to CPU1, in addition, the sum of the port numbers of having distributed in shared resource pond can also be added up, CPU0 according to these two sums and pre-configured each total corresponding coefficient, can calculate the weighted value that CPU1 is corresponding afterwards.
S152: according to the weighted value of each CPU, selects available CPU.
Such as, CPU0 can calculate weighted value corresponding to each CPU of CPU0-CPU3, and the CPU receiving message can check that the weighted value of each CPU calculated is assessed in configuration, thus selects available CPU according to weighted value.Suppose that the unappropriated port number of the larger expression of weighted value is more, then CPU maximum for weighted value can be defined as available CPU.
S153: give described available CPU process by described message repeating.
Such as, the CPU receiving message is CPU0, and through checking that the weighted value of CPU1 is maximum, then CPU0 using CPU1 as available CPU, and can forward the packet to CPU1.
When E-Packeting, described message can be put into internuclear queue corresponding to described available CPU, so that described available CPU obtains described message from described internuclear queue.
Such as, message can be put into internuclear queue corresponding to CPU1 by CPU0, wherein, and the corresponding internuclear queue of each CPU, each CPU can adopt polling mode to inquire about in the internuclear queue of self correspondence whether there is message, if existed, from internuclear queue, reads message.
In addition, in above-mentioned flow process, when processing in independent resource pond, adopt without lock side formula, when processing in shared resource pond, adopt the mode that locks.Such as, search in independent resource pond and whether there is unappropriated port numbers, determine appropriate ports number and appropriate ports number are distributed to message, and, the flow processs such as the port release of message all adopt without lock side formula, and in shared resource pond, search whether there is unappropriated port numbers, determine appropriate ports number and appropriate ports number are distributed to message, and the flow processs such as the port release of message all adopt the mode of locking.
In the present embodiment, by distributing independent resource pond for each CPU, can make not interfere with each other when NAPT Resourse Distribute between multinuclear, performance reaches every core linear growth; By assignment of port numbers from shared resource pond again during inadequate resource in independent resource pond, the distribution of port resource can be realized by lower complexity, ensure to connect and can be assigned to available resource in time.Further, search can promote search performance by bitmap, balanced by setting up internuclear queue proof load.Therefore, above-mentioned flow processing can promote the performance that multinuclear forwards NAPT.Specific as follows:
First, multinuclear NAPT port assignment performance linear can be realized increase.The cpu participating in forwarding because port resource is each can be fair the port number assigning to equivalent amount, and not conflict mutually between these ports.In most of the cases, as long as the intrinsic port number of every core is sufficient, so when NAPT distributes and discharge the port numbers of these fixed allocation, when would not occur that multinuclear distributes port, there is competitive relation.
Briefly, be exactly that NAPT port assignment is with when discharging, all concentrate application and release at the continuous intrinsic port resource being assigned with in most situation, although these operations are multinuclear concurrence performance, but because every nuclear resource independence, without the need to adding latching operation, make the impact that the performance of multinuclear is not locked, overall performance is along with the number linear growth of cpu.
To underline herein, say it is all in most cases using the resource of intrinsic port why.At the beginning of design, be just assigned with the port of equivalent amount for each cpu participating in forwarding; And in real network environment, the fire compartment wall of many cpu is when processing the flow in network, network interface card adopts many queues form, by rss algorithm, flow can be assigned to the process of multiple cpu core.In other words, during load balancing, use are all fixed port resources of every core because uncontested and conflict, performance can reach multinuclear linear growth.
Secondly, use bitmap bitmap method to carry out port and search storage, save memory headroom.NAPT algorithm is exactly briefly port assignment.For an ip resource, its port numbers to be allocated is 1024-65536, and in real network environment, ip resource pool has a lot, needs the port number distributed should be exactly ip number of resources * Number of Available/Faulty Ports.
For lookup algorithm, there are a lot of algorithm such as array method, chain technique, Hash table method, RBTree etc.But for searching available port number, if use as above algorithm, a large amount of memory headroom can be taken, causing the waste of memory space.The algorithm that the present invention uses is bitmap method, has another name called bitmap method.Namely be whether 1 judge that this port numbers is in state or to be allocated just in using state with a bit, both saved space, and judged again conveniently.
Again, localized resource lookup method fast.The method of port assignment of the present invention based on First Principles be search for the first time continuously, again search based on Local resource phase method.For general lookup algorithm, can only be judge whether each bitmap is used according to the order of sequence, for cpu0, when the poorest, can judge from 1024 to 62464bit every, if from 1 just used, then need judgement 12288 times, time complexity is O (N).
Searching continuity method for the first time is also use continuity method recently, be exactly carry out distribution port according to the order of sequence, so normal traffic forwarding process, the port numbers of distributing is nearly all according to the order of sequence, for cpu0, according to the order of time, be exactly often for the ip address needing the natip resource pool distributed, from 1024, 1025, 1026, until 62464, in initial procedure, they increase nearly all according to the order of sequence, also be the development along with the time, and for the release of resource, in most situation, also be that the resource of distributing at first is discharged at first, if according to this most situation, the release of resource is also according to the order of sequence, distribute at first 1024 first discharge, then 1025, 1026, be ordered into 62464 backward always.The complexity of at this moment searching is O (1).
But real network environment does not have absolute justice, when always having uneven, but the connection of setting up in the same time period, really be have very large possibility to disconnect simultaneously, such as same user can section surf the Net at one time, the continuous and local resource of its application may be just in time middle continuous print 5 resource section, and after he rolls off the production line, this continuous print 5 resource section have also been released simultaneously.If in the distribution and dispose procedure of resource, there is comparatively discontinuous situation.What mainly emphasize is exactly conception of localization, and for the section of local, based on the method that the time of distributing uses with us, the release of resource is nearly all concentrated in logic.Searching for the first time unsuccessfully, the bitmap[00 according to random value and 0-1024] next available continuous resource section can be selected, after finding this available resources section, its time complexity is also almost O (1).
Again, when load imbalance, even if there is every core independent resource, still can the distribution of port resource of Automatic adjusument napt, ensure the peak use rate of port.After homegrown resource and shared resource are assigned, calculate by the cpu using port less by calculating weighted value, forwarding the packet to this cpu.Because message is the cpu being given to this resource abundance, when message transfers to this cpu process, exclusive resource should be assigned to, without lock during the distribution of exclusive resource, also can ensure higher performance.In this message is between cpu, transfers the load balancing realizing port assignment, the peak use rate of port can be ensured.
For example, because flow distribution is very uneven, the intrinsic distribution port resource of lucky cpuA has been used up soon, first shared resource is had to distribute for cpuA in the present invention, add shared resource to finish using, can also calculate according to the service condition of every nuclear resource the cpuB that weighted value selects message to issue resource abundance, thus ensure that the self adaptation of port assignment, there will not be because every core is all assigned with intrinsic resource, the deficiency of shared resource and cause the situation that cannot be assigned to port numbers.
In addition, above-mentioned flow process can specifically comprise following content:
The first, the efficient napt lookup algorithm based on Local resource section of multistage bit mark:
(1) space complexity of Bitmap position method lookup algorithm is minimum, economizes memory headroom.
(2) based on Local resource phase method, No. port of the napt of sub-distribution on record, and whether the resource service condition of oneself place resource section is (completely vacant, be used up completely complete), according to row dimension module principle, select available resource section, improve the performance of searching greatly.
The second, adaptive multinuclear port resource distribution method:
(1) first use independent resource to distribute, ensure the high efficiency of overall Resourse Distribute; When each cpu uses homegrown resource, distribution and the release conditions of every core port resource can be recorded simultaneously, during with convenient load imbalance, calculate weighted value by the port service condition of every core.
(2) design shared resource pond, so that when every core load is slightly uneven, when namely every core independent resource is finished using, then the access by locking comes and this shared resource pond of other cpu competitory assignments.Namely this step can realize the distribution of port resource by lower complexity, ensure to connect and can be assigned to available resource in time;
(3) internuclear queue is set up, calculated by weighted value and realize adaptive Resourse Distribute: if the above two the shared resource of second (independent resource of the first step and) are all assigned with complete, when namely load is extremely unbalanced, according to the cpu that every nuclear resource utilization rate calculating weighted value of first step record selects load less, forward the packet to this cpu by internuclear queue and carry out Resources allocation, carry out proof load equilibrium.
Under lay special stress on, load balancing of the present invention, it is not the port number assignment load balancing that most of designer uses, namely when an accessible port numbers of cpuA is not enough, just lend some port ranges of this cpuB by another cpu of resource abundance to use, return again after these are all finished using (after normal release) by the port borrowed.This is because the port numbers of borrowing just can gain after being only completely released, and though the application of resource can think control sequence, but release is but according to real network environment, uncontrollable, very possible these are had several fragment to discharge by the source port number of borrowing always, and cause being returned in time.If cpuA will be caused like this because having borrowed resource after load middle-end slogan deficiency from cpuB, cpuA load slowly diminishes, but because the resource of borrowing cannot be returned cpuB by resource release portion rule always, and every cpuB load down for a moment, resource is also settled because cpuA cannot return not, and cause cpuB cannot Resources allocation, the fact may be that the source port number 95% that cpuA borrows all is released, only 5% of intermediate distribution because discharge not in time, resource is caused significantly to be wasted, it is few that the method cut the waste is exactly the port range of at every turn lening out, so that the probability of release in time becomes large, but the implementation complexity of Resource recovery and burst resource can increase like this.If use as above method to design, so also can relate to and control these and borrow release and the recurrence of port resource, not only algorithm will very complicated, importantly probably be released not in time because of what borrow resource, adaptive Resourse Distribute cannot be met, also can cause a large amount of waste.
The adaptive equalization distribution design scheme of port resource of the present invention is the port resource service condition based on every core, calculate weighted value and select cpu, cpu message is transferred to by queue in the cpu of the resource of this abundance and process, then greatly reduce the complexity of realization, achieve the load balancing of port assignment cleverly; This method for designing, ensure that the maximum utilization rate of range of port number, can not cause having Local resource section cannot be utilized, almost without any waste because of the port numbers fragment do not discharged simultaneously.
3rd, high performance napt multinuclear distribution method design:
Refer in second point, the first step of algorithm is exactly the independent resource distribution of every core, port segmentation, fixedly give the port that each cpu mono-section is available, that is at most of conditions, the distribution of NAPT is all use independent resource to distribute, and what this was independently mainly emphasized is all No Assets competition between multinuclear, without lock conflict.In real network environment, great majority are all balanced situations, the first step namely almost can only going to second point just can be assigned to resource, in this step during the distribution of resource independently, without the need to being ensured the fail safe of Resourse Distribute by lock, also because without latching operation, make not interfere with each other when NAPT Resourse Distribute between multinuclear, performance reaches every core linear growth.
Fig. 5 is the structural representation forwarding the port assignment device of NAPT for multinuclear that the present invention's another aspect embodiment proposes, and this device 50 comprises: first searches module 51, first distribution module 52, second searches module 53, second distribution module 54 and forwarding module 55.
First searches module 51, after receiving message, in the independent resource pond that CPU independently takies, searches whether there is unappropriated port numbers.
Such as, each central processing unit (CentralProcessingUnit, CPU) in corresponding multinuclear, after this CPU receives message, first can search whether there is unappropriated port numbers in the independent resource pond of self correspondence.
In the present embodiment, resource pool can comprise: independent resource pond and shared resource pond.The number in independent resource pond is identical with the sum of CPU, corresponding with each CPU respectively.Shared resource pond is one, is the resource pool that multiple CPU has.
The number of the port numbers that each independent resource pond comprises is identical.
The scope of port numbers is 0 to 65535, but, due in relevant regulations by 0 to 1023 these range assignment to specified services.So for NAPT, the port numbers that in fact can be used for distributing is 1024 to 65535 these scopes.
In the present embodiment, 1024 to 65535 these scopes are divided into independent resource pond and shared resource pond, and the number of the port numbers taken in independent resource pond is identical.
Suppose that the CPU number participating in forwarding is 4, be respectively CPU0-CPU3, they can distribute and the port numbers used is 1024-65536, have 64512, suppose that shared resource pond middle-end slogan is 15360, port numbers in addition totally 49152, four CPU are all assigned with 12288, therefore, the situation of the port numbers in each resource pool is respectively:
The independent resource pond that CPU0 is corresponding: 1024-13111;
The independent resource pond that CPU1 is corresponding: 13312-25599;
The independent resource pond that CPU2 is corresponding: 25600-37887;
The independent resource pond that CPU3 is corresponding: 37888-50175;
Shared resource pond: 50176-65536.
Therefore, after supposing that CPU0 receives message, first can search whether there is unappropriated port numbers in the independent resource pond (port numbers is 13312-25599) that CPU0 is corresponding.
First distribution module 52, during for there is unappropriated port numbers in described independent resource pond, determining appropriate ports number, and described appropriate ports number is distributed to described message in described unappropriated port numbers.
Such as, CPU0 judges to there is unappropriated port numbers at 13312-25599 within the scope of this through searching, then therefrom can select a unappropriated port number assignment to message.
Optionally, the first distribution module 52, for determining appropriate ports number in described unappropriated port numbers, comprising:
The port numbers of sub-distribution in acquisition, determines the next port number adjacent with the port numbers of described upper sub-distribution;
If described next port number is not assigned with, then described next port number is defined as appropriate ports number;
If described next port number is assigned with, select next local field, judge whether assignment of port numbers in described local field, if judge assignment of port numbers in described local field, then in described local field, determine appropriate ports number.
Such as, record can be carried out to the port numbers of every sub-distribution, therefore can obtain the port numbers of sub-distribution in recorded information.Can distribute from the smallest end slogan in independent resource pond corresponding to each CPU time initial.
Such as, in CPU0 acquisition, the port numbers of sub-distribution is 1024, then adjacent with the port numbers of upper sub-distribution next port number is 1025.
Such as, the distribution condition of port number can carry out record, thus can determine whether port numbers is assigned with.
Such as, port numbers 1025 is not assigned with, then port numbers 1025 can be defined as appropriate ports number, so that port numbers 1025 is distributed to message.
Such as, port numbers 1025 is assigned with, then can select next local field, and when being applicable to assignment of port numbers in next local field, assignment of port numbers in next local field.
Optionally, the first distribution module 52 judges whether assignment of port numbers in described local field for described, comprising:
Obtain the bitmap that described local field is corresponding, the state that described bitmap represents comprises: in described local field, all of the port number is in all of the port number in state to be allocated, described local field and is in part port numbers in state to be released, described local field and is in state to be allocated and section ports number is in state to be released;
If the state that described bitmap represents is that in described local field, all of the port number is in state to be allocated, or, in described local field, part port numbers is in state to be allocated and section ports number is in state to be released, then judge assignment of port numbers in described local field.
The expression of bitmap and see the associated description in embodiment of the method, can not repeating them here according to bitmap judgment mode.
Second searches module 53, during for there is not unappropriated port numbers in described independent resource pond, in the shared resource pond that multinuclear is total, searches whether there is unappropriated port numbers.
Such as, CPU0 judges there is not unappropriated port numbers at 13312-25599 within the scope of this through searching, then can search whether there is unappropriated port numbers further in shared resource pond (port numbers is 50176-65536).
Second distribution module 54, during for there is unappropriated port numbers in described shared resource pond, determining appropriate ports number, and described appropriate ports number is distributed to described message in described unappropriated port numbers.
Such as, CPU0 judges to there is unappropriated port numbers at 50176-65536 within the scope of this through searching, then therefrom can select a unappropriated port number assignment to message.
Forwarding module 55, during for there is not unappropriated port numbers in described shared resource pond, selects available CPU, and gives described available CPU process by described message repeating.
Second distribution module 54, for determining appropriate ports number in described unappropriated port numbers, comprising:
The port numbers of sub-distribution in acquisition, determines the next port number adjacent with the port numbers of described upper sub-distribution;
If described next port number is not assigned with, then described next port number is defined as appropriate ports number;
If described next port number is assigned with, select next local field, judge whether assignment of port numbers in described local field, if judge assignment of port numbers in described local field, then in described local field, determine appropriate ports number.
In shared resource pond, the mode of assignment of port numbers with reference to the method for salary distribution in independent resource pond, can not repeat them here.
In some embodiments, see Fig. 6, this device 50 also comprises:
Logging modle 56, for recording port service condition.
Such as, each CPU in independent resource pond after assignment of port numbers, or, in shared resource pond after assignment of port numbers, the port numbers (as 1024 etc.) of having distributed can be recorded.
Accordingly, forwarding module 55, for selecting available CPU, comprising:
The weighted value of each CPU is calculated according to the port service condition of record;
According to the weighted value of each CPU, determine available CPU.
Such as, can using the CPU of in CPU0-CPU3 as configuration core, suppose that CPU0 is configuration core, then CPU0 is carrying out the port service condition can also adding up each resource pool outside above-mentioned process, and calculates the weighted value of each CPU.
Such as, CPU0 can add up the sum of the port numbers of having distributed in independent resource pond corresponding to CPU1, in addition, the sum of the port numbers of having distributed in shared resource pond can also be added up, CPU0 according to these two sums and pre-configured each total corresponding coefficient, can calculate the weighted value that CPU1 is corresponding afterwards.
Such as, CPU0 can calculate weighted value corresponding to each CPU of CPU0-CPU3, and the CPU receiving message can check that the weighted value of each CPU calculated is assessed in configuration, thus selects available CPU according to weighted value.Suppose that the unappropriated port number of the larger expression of weighted value is more, then CPU maximum for weighted value can be defined as available CPU.
Forwarding module, for giving described available CPU process by described message repeating, comprising:
Described message is put into internuclear queue corresponding to described available CPU, so that described available CPU obtains described message from described internuclear queue.
The port number that the independent resource pond that in multinuclear, each CPU is corresponding comprises is identical.
Such as, the CPU receiving message is CPU0, and through checking that the weighted value of CPU1 is maximum, then CPU0 using CPU1 as available CPU, and can forward the packet to CPU1.
When E-Packeting, described message can be put into internuclear queue corresponding to described available CPU, so that described available CPU obtains described message from described internuclear queue.
Such as, message can be put into internuclear queue corresponding to CPU1 by CPU0, wherein, and the corresponding internuclear queue of each CPU, each CPU can adopt polling mode to inquire about in the internuclear queue of self correspondence whether there is message, if existed, from internuclear queue, reads message.
In addition, first searches module and the first distribution module when processing, and adopts without lock side formula, and second searches module and the employing when processing of the second distribution module locks mode.
In the present embodiment, by distributing independent resource pond for each CPU, can make not interfere with each other when NAPT Resourse Distribute between multinuclear, performance reaches every core linear growth; By assignment of port numbers from shared resource pond again during inadequate resource in independent resource pond, the distribution of port resource can be realized by lower complexity, ensure to connect and can be assigned to available resource in time, thus promote multinuclear and forward NAPT performance.Further, search can promote search performance by bitmap, balanced by setting up internuclear queue proof load.
It should be noted that, in describing the invention, term " first ", " second " etc. only for describing object, and can not be interpreted as instruction or hint relative importance.In addition, in describing the invention, except as otherwise noted, the implication of " multiple " refers at least two.
Describe and can be understood in flow chart or in this any process otherwise described or method, represent and comprise one or more for realizing the module of the code of the executable instruction of the step of specific logical function or process, fragment or part, and the scope of the preferred embodiment of the present invention comprises other realization, wherein can not according to order that is shown or that discuss, comprise according to involved function by the mode while of basic or by contrary order, carry out n-back test, this should understand by embodiments of the invention person of ordinary skill in the field.
Should be appreciated that each several part of the present invention can realize with hardware, software, firmware or their combination.In the above-described embodiment, multiple step or method can with to store in memory and the software performed by suitable instruction execution system or firmware realize.Such as, if realized with hardware, the same in another embodiment, can realize by any one in following technology well known in the art or their combination: the discrete logic with the logic gates for realizing logic function to data-signal, there is the application-specific integrated circuit (ASIC) of suitable combinational logic gate circuit, programmable gate array (PGA), field programmable gate array (FPGA) etc.
Those skilled in the art are appreciated that realizing all or part of step that above-described embodiment method carries is that the hardware that can carry out instruction relevant by program completes, described program can be stored in a kind of computer-readable recording medium, this program perform time, step comprising embodiment of the method one or a combination set of.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing module, also can be that the independent physics of unit exists, also can be integrated in a module by two or more unit.Above-mentioned integrated module both can adopt the form of hardware to realize, and the form of software function module also can be adopted to realize.If described integrated module using the form of software function module realize and as independently production marketing or use time, also can be stored in a computer read/write memory medium.
The above-mentioned storage medium mentioned can be read-only memory, disk or CD etc.
In the description of this specification, specific features, structure, material or feature that the description of reference term " embodiment ", " some embodiments ", " example ", " concrete example " or " some examples " etc. means to describe in conjunction with this embodiment or example are contained at least one embodiment of the present invention or example.In this manual, identical embodiment or example are not necessarily referred to the schematic representation of above-mentioned term.And the specific features of description, structure, material or feature can combine in an appropriate manner in any one or more embodiment or example.
Although illustrate and describe embodiments of the invention above, be understandable that, above-described embodiment is exemplary, can not be interpreted as limitation of the present invention, and those of ordinary skill in the art can change above-described embodiment within the scope of the invention, revises, replace and modification.
Claims (10)
1. forward a port assignment method of NAPT for multinuclear, it is characterized in that, comprising:
After receiving message, in the independent resource pond that CPU independently takies, search whether there is unappropriated port numbers;
If there is unappropriated port numbers in described independent resource pond, then in described unappropriated port numbers, determine appropriate ports number, and described appropriate ports number are distributed to described message;
If there is not unappropriated port numbers in described independent resource pond, then in the shared resource pond that multinuclear is total, search whether there is unappropriated port numbers;
If there is unappropriated port numbers in described shared resource pond, then in described unappropriated port numbers, determine appropriate ports number, and described appropriate ports number are distributed to described message;
If there is not unappropriated port numbers in described shared resource pond, select available CPU, and give described available CPU process by described message repeating.
2. method according to claim 1, is characterized in that, describedly in described unappropriated port numbers, determines appropriate ports number, comprising:
The port numbers of sub-distribution in acquisition, determines the next port number adjacent with the port numbers of described upper sub-distribution;
If described next port number is not assigned with, then described next port number is defined as appropriate ports number;
If described next port number is assigned with, select next local field, judge whether assignment of port numbers in described local field, if judge assignment of port numbers in described local field, then in described local field, determine appropriate ports number.
3. method according to claim 2, is characterized in that, described in judge whether assignment of port numbers in described local field, comprising:
Obtain the bitmap that described local field is corresponding, the state that described bitmap represents comprises: in described local field, all of the port number is in all of the port number in state to be allocated, described local field and is in part port numbers in state to be released, described local field and is in state to be allocated and section ports number is in state to be released;
If the state that described bitmap represents is that in described local field, all of the port number is in state to be allocated, or, in described local field, part port numbers is in state to be allocated and section ports number is in state to be released, then judge assignment of port numbers in described local field.
4. method according to claim 1, is characterized in that, after described appropriate ports number are distributed to described message, described method also comprises:
Record port service condition;
The available CPU of described selection, comprising:
The weighted value of each CPU is calculated according to the port service condition of record;
According to the weighted value of each CPU, select available CPU.
5. method according to claim 1, is characterized in that, described by described message repeating give described available CPU process, comprising:
Described message is put into internuclear queue corresponding to described available CPU, so that described available CPU obtains described message from described internuclear queue.
6. the method according to any one of claim 1-5, is characterized in that, the port number that the independent resource pond that in multinuclear, each CPU is corresponding comprises is identical.
7. the method according to any one of claim 1-5, is characterized in that, when processing in independent resource pond, adopts without lock side formula, adopts the mode that locks when processing in shared resource pond.
8. forward a port assignment device of NAPT for multinuclear, it is characterized in that, comprising:
First searches module, after receiving message, in the independent resource pond that CPU independently takies, searches whether there is unappropriated port numbers;
First distribution module, during for there is unappropriated port numbers in described independent resource pond, determining appropriate ports number, and described appropriate ports number is distributed to described message in described unappropriated port numbers;
Second searches module, during for there is not unappropriated port numbers in described independent resource pond, in the shared resource pond that multinuclear is total, searches whether there is unappropriated port numbers;
Second distribution module, during for there is unappropriated port numbers in described shared resource pond, determining appropriate ports number, and described appropriate ports number is distributed to described message in described unappropriated port numbers;
Forwarding module, during for there is not unappropriated port numbers in described shared resource pond, selects available CPU, and gives described available CPU process by described message repeating.
9. device according to claim 8, is characterized in that, described first distribution module or described second distribution module are used for determining appropriate ports number in described unappropriated port numbers, comprising:
The port numbers of sub-distribution in acquisition, determines the next port number adjacent with the port numbers of described upper sub-distribution;
If described next port number is not assigned with, then described next port number is defined as appropriate ports number;
If described next port number is assigned with, select next local field, judge whether assignment of port numbers in described local field, if judge assignment of port numbers in described local field, then in described local field, determine appropriate ports number.
10. device according to claim 8, is characterized in that, also comprises:
Logging modle, for recording port service condition;
Described forwarding module, for selecting available CPU, comprising:
The weighted value of each CPU is calculated according to the port service condition of record; And, according to the weighted value of each CPU, select available CPU.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510980638.0A CN105450792B (en) | 2015-12-23 | 2015-12-23 | Port assignment method and apparatus for multinuclear forwarding network address port conversion |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510980638.0A CN105450792B (en) | 2015-12-23 | 2015-12-23 | Port assignment method and apparatus for multinuclear forwarding network address port conversion |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105450792A true CN105450792A (en) | 2016-03-30 |
| CN105450792B CN105450792B (en) | 2018-09-14 |
Family
ID=55560555
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510980638.0A Active CN105450792B (en) | 2015-12-23 | 2015-12-23 | Port assignment method and apparatus for multinuclear forwarding network address port conversion |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105450792B (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105760235A (en) * | 2016-03-22 | 2016-07-13 | 杭州华三通信技术有限公司 | Message processing method and device |
| CN106131244A (en) * | 2016-08-29 | 2016-11-16 | 北京神州绿盟信息安全科技股份有限公司 | A kind of message transmitting method and device |
| CN106254577A (en) * | 2016-09-18 | 2016-12-21 | 东软集团股份有限公司 | The method and device of port assignment |
| CN108363621A (en) * | 2018-01-18 | 2018-08-03 | 东软集团股份有限公司 | Message forwarding method, device, storage medium under numa frameworks and electronic equipment |
| CN108494623A (en) * | 2018-03-14 | 2018-09-04 | 东软集团股份有限公司 | A kind of performance test methods and equipment of network forwarding equipment |
| CN109167846A (en) * | 2018-08-02 | 2019-01-08 | 杭州迪普科技股份有限公司 | A kind of distribution method and device of communication port |
| CN111385363A (en) * | 2020-03-17 | 2020-07-07 | 杭州圆石网络安全技术有限公司 | Resource allocation method and resource allocation device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101110043A (en) * | 2007-09-04 | 2008-01-23 | 杭州华三通信技术有限公司 | Resource management method of multiple nucleus system and its controlling nucleus |
| CN101510191A (en) * | 2009-03-26 | 2009-08-19 | 浙江大学 | Multi-core system structure with buffer window and implementing method thereof |
| CN103150217A (en) * | 2013-03-27 | 2013-06-12 | 无锡江南计算技术研究所 | Design method of multi-core processor operating system |
-
2015
- 2015-12-23 CN CN201510980638.0A patent/CN105450792B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101110043A (en) * | 2007-09-04 | 2008-01-23 | 杭州华三通信技术有限公司 | Resource management method of multiple nucleus system and its controlling nucleus |
| CN101510191A (en) * | 2009-03-26 | 2009-08-19 | 浙江大学 | Multi-core system structure with buffer window and implementing method thereof |
| CN103150217A (en) * | 2013-03-27 | 2013-06-12 | 无锡江南计算技术研究所 | Design method of multi-core processor operating system |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105760235A (en) * | 2016-03-22 | 2016-07-13 | 杭州华三通信技术有限公司 | Message processing method and device |
| CN106131244A (en) * | 2016-08-29 | 2016-11-16 | 北京神州绿盟信息安全科技股份有限公司 | A kind of message transmitting method and device |
| CN106254577A (en) * | 2016-09-18 | 2016-12-21 | 东软集团股份有限公司 | The method and device of port assignment |
| CN106254577B (en) * | 2016-09-18 | 2019-04-19 | 东软集团股份有限公司 | The method and device of port assignment |
| CN108363621A (en) * | 2018-01-18 | 2018-08-03 | 东软集团股份有限公司 | Message forwarding method, device, storage medium under numa frameworks and electronic equipment |
| CN108494623A (en) * | 2018-03-14 | 2018-09-04 | 东软集团股份有限公司 | A kind of performance test methods and equipment of network forwarding equipment |
| CN108494623B (en) * | 2018-03-14 | 2020-07-10 | 东软集团股份有限公司 | Performance test method and device of network forwarding device |
| CN109167846A (en) * | 2018-08-02 | 2019-01-08 | 杭州迪普科技股份有限公司 | A kind of distribution method and device of communication port |
| CN111385363A (en) * | 2020-03-17 | 2020-07-07 | 杭州圆石网络安全技术有限公司 | Resource allocation method and resource allocation device |
| CN111385363B (en) * | 2020-03-17 | 2020-12-22 | 杭州优云科技有限公司 | Resource allocation method and resource allocation device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105450792B (en) | 2018-09-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105450792A (en) | Port allocation method and device for converting multi-core forwarding network address port | |
| CN102752198B (en) | Multi-core message forwarding method, multi-core processor and network equipment | |
| US7280481B2 (en) | Shortest path search method “Midway” | |
| US20210034269A1 (en) | Method and system for reconfigurable parallel lookups using multiple shared memories | |
| CN102981912B (en) | Method and system for resource distribution | |
| CN113553375B (en) | Partitioned storage device and method for image type block chain | |
| CN102880628A (en) | Hash data storage method and device | |
| CN111770477A (en) | Deployment method and related device of protected resources of MEC network | |
| CN102420771A (en) | Method for increasing concurrent transmission control protocol (TCP) connection speed in high-speed network environment | |
| CN105468619A (en) | Resource distribution method and device used for database connection pool | |
| CN104506669A (en) | IP address distribution system and method facing distributed network simulation platform | |
| CN107113323B (en) | Data storage method, device and system | |
| US11694014B2 (en) | Logical node layout method and apparatus, computer device, and storage medium | |
| CN112748996A (en) | Load balancing strategy method and system of non-centralized topology system | |
| CN109729731B (en) | Accelerated processing method and device | |
| CN110515564B (en) | Method and device for determining input/output (I/O) path | |
| CN114140115B (en) | Block chain transaction pool fragmentation method, system, storage medium and computer system | |
| CN100359886C (en) | Method for establishing and searching improved multi-stage searching table | |
| CN106411892A (en) | DDOS system address information transmission, access request filtering method, device and server | |
| CN113395183B (en) | Virtual node scheduling method and system for network simulation platform VLAN interconnection | |
| CN115904626A (en) | Method and system for deploying cloud resource pool architecture | |
| CN103024092B (en) | Method, system and device for blocking domain | |
| CN112104565B (en) | Method, system and equipment for realizing message forwarding | |
| GB2415855A (en) | Variable network address lengths | |
| US20170262316A1 (en) | Allocation of resources |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |