CN105812164A - Rule index management implementation method and device based on TCAM multistage flow table - Google Patents
Rule index management implementation method and device based on TCAM multistage flow table Download PDFInfo
- Publication number
- CN105812164A CN105812164A CN201410852392.4A CN201410852392A CN105812164A CN 105812164 A CN105812164 A CN 105812164A CN 201410852392 A CN201410852392 A CN 201410852392A CN 105812164 A CN105812164 A CN 105812164A
- Authority
- CN
- China
- Prior art keywords
- rule
- index
- grades
- tcam
- order
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a rule index management implementation method and device based on a TCAM multistage flow table, and the method comprises the steps: building a corresponding sorting chain table based on a rule index, wherein the sorting chain table comprises a first-order rule index and/or a second-order rule index; adding the second-order rule index to the corresponding first-order rule index, wherein the second-order rule index comprises an action schedule index, a second-order lookup index, and a user customized rule index; querying the TCAM multistage flow table, judging whether to carry out second-order lookup or not according to a return value of the first-order rule index, carrying out the first-order lookup and/or second-order look-up according to a judgment result, and carrying out the corresponding processing operation. The method and device not only solve a problem of multistage lookup of equipment for processing a large flow and various types of complex businesses, but also overcome a difficulty, caused by a specified rule number, in index adding and query in the prior art.
Description
Technical field
The present invention relates to computer network communication technology field and industrial network security field, the method and apparatus that the mechanism of tabling look-up that is specifically related in Network Security Device device multilevel flow table realizes.
Background technology
Deepening continuously along with informationalized and popularize, network information security technology has been subjected to the most attention of countries in the world, network security switching equipment, fire wall, and the equipment such as gateway has very important status in filed of network information security.Under such overall situation, traditional one-level based on three-state content addressing memory (TCAM) mechanism of tabling look-up increasingly can not meet the demand improving information security performance.
The list items such as TCAM (Ternarycontentaddressablememory) is a kind of three-state content addressing memory, is mainly used in quickly searching to access controlling list (ACL), routing table.
Existing TCAM tables look-up in mechanism, and packet enters such as FPGA, FPGA meeting resolution data bag from Ethernet interface, data relevant in packet are tabled look-up in TCAM, in hit TCAM after list item, makes perform action accordingly according to searching end value, forward, abandon or enter CPU.
FPGA is tabled look-up TCAM by one-level, it is possible to quickly hit various types of tables.But being limit by TCAM search rule, most TCAM at most only support 576 and table look-up.Experiment prove along with the increase of figure place of tabling look-up, table look-up the required clock cycle also can linear increase, thus causing that routing performance declines.
For conventional equipment, the one-level based on TCAM is tabled look-up, tabling look-up of such as 12 tuples, it is already possible to meet the common performance requirement of user.
But for high-end devices, such as operate in network core and key position, huge flow must be processed, and process the business of Various Complex, such as ACL flow point class, policybased routing, Packet Filtering, packet content is changed, and User Defined rule etc., simple one-level is tabled look-up and be can not meet such demand.
Therefore the multilevel flow table used in the present invention is tabled look-up mechanism, meet the high performance demand of Network Security Device on the one hand, this multilevel flow table is tabled look-up mechanism, there are 12 tuple rule match, User Defined search rule, 4 byte User Defined Data Matching, the multiple function such as 12 tuple data changes.
Tabling look-up in equipment traditional based on TCAM, rule index is all the number needing user to specify, and then judges whether this number exists in chained list, if existing, adding rule failure, if there is no then adding new rule in TCAM.
This index management mechanism can not meet this multilevel flow table mechanism of tabling look-up, because the index of three Different Rule can be used in the multilevel flow table that relates to of invention tables look-up mechanism, if each needing user to specify, then can add much loaded down with trivial details operation to user, when deleting stream table entry operation still more, user operates with regard to more difficult.
Therefore another aspect of the present invention, the multiple rule index used in mechanism of tabling look-up to multilevel flow table, it is provided that a kind of convenient, succinct index managing method so that user, without being concerned about these rule indexs, has the function automatically generating and deleting.
Summary of the invention
In view of the above problems, it is proposed that the present invention is to provide a kind of and overcome the problems referred to above or solve a kind of rule index based on TCAM multilevel flow table of the problems referred to above at least in part and manage and realize method and apparatus.
The invention provides a kind of rule index management based on TCAM multilevel flow table and realize method, the method includes:
Setting up, based on described rule index, the chained list that sorts accordingly, described sequence chained list includes first-order rule index and/or two grades of rule indexs;
Described two grades of rule indexs are added on corresponding first-order rule index, described two grades of rule indexs include action schedule index (at_index), two grades of lookup table index (table_id) and User Defined rule index (ud_index);
Inquire about described CAM multilevel flow table, described first-order rule the return value indexed judges whether that needing two grades tables look-up, and carries out one-level according to judged result and tables look-up and/or two grades of execution respective handling actions of tabling look-up.
Further, the described CAM multilevel flow table of described inquiry, described first-order rule the return value indexed judges whether that needing two grades tables look-up, and carries out two grades of steps performing respective handling action of tabling look-up according to judged result and also includes:
S1, inquiry TCAM in many tuples regular data, this regular data last be many tuples rule list index, carry out one-level and table look-up, the return value that described one-level is tabled look-up located User Defined rule allocation index (ud_index);
S2, read User Defined rule according to described User Defined rule allocation index (ud_index), described User Defined rule is for positioning and read the data in network packet, last of described User Defined rule is described two grades of regular flow table indexs (table_id) of tabling look-up, according to described two grades regular flow table indexs of tabling look-up, carry out two grades and table look-up.
S3, regular flow table index (table_id) of tabling look-up according to described two grades are the data in network packet and User Defined stream table Data Matching, acquisition return value, described return value saves the action schedule allocation index (at_index) for finally performing.
S4, according to described action schedule allocation index (at_index) from SRAM relevant position read action table, perform respective handling action in described action schedule.
Further, described first-order rule index, by a chained list management of sorting, compares with each index in index chained list when described first-order rule index adds, exists when the first-order rule of described interpolation indexes, then add indexing unsuccessfully;When the first-order rule of described interpolation indexes not, just the first-order rule index to add is added in corresponding sequence chained list.
Further, described two grades of rule indexs are managed by from the sequence chained list of increasing type, just compare with described call number in the sequence chained list of increasing type when described two grades of rule indexs enumerate call number, when described call number of enumerating exists, then enumerate next call number, in the sequence chained list of increasing type, it is absent from this call number until described, then locks this call number and described in the sequence chained list of increasing type being added to.
Further, when deleting described rule index, it is intended that a first-order rule index, two grades of rule indexs associated with it can and then be deleted, and then reaches the purpose facilitating rule index to manage.
When the TCAM rule that deletion 12 tuples are corresponding, index according to this first-order rule, action schedule index (at_indeX) and the User Defined rule index (ud_indeX) of associated can be automatically deleted.
When the TCAM rule that deletion User Defined is corresponding, index according to this first-order rule, two grades of lookup table index (table_id) can be automatically deleted.
The invention provides a kind of rule index management based on TCAM multilevel flow table and realize device, described device includes:
Setting up sequence chained list module, for setting up, based on described rule index, the chained list that sorts accordingly, described sequence chained list includes first-order rule index and/or two grades of rule indexs;
Rule index relating module, for described two grades of rule indexs being added to corresponding first-order rule index, described two grades of rule indexs include action schedule index (at_indeX), two grades of lookup table index (table_id) and User Defined rule index (ud_index);
Stream table query actions module, is used for inquiring about described CAM multilevel flow table, described first-order rule the return value indexed judges whether that needing two grades tables look-up, and carries out one-level according to judged result and tables look-up and/or two grades of execution respective handling actions of tabling look-up.
Further, described stream table query actions module also includes, the described CAM multilevel flow table of described inquiry, described first-order rule the return value indexed judges whether that needing two grades tables look-up, and carries out two grades of steps performing respective handling action of tabling look-up according to judged result and also includes:
Inquiry TCAM in many tuples regular data, this regular data last be many tuples rule list index, carry out one-level and table look-up, the return value that described one-level is tabled look-up located User Defined rule allocation index (ud_index);
User Defined rule is read according to described User Defined rule allocation index (ud_index), described User Defined rule is for positioning and read the data in network packet, last of described User Defined rule is described two grades of regular flow table indexs (table_id) of tabling look-up, according to described two grades regular flow table indexs of tabling look-up, carry out two grades and table look-up.
According to described two grades regular flow table indexs (table_id) of tabling look-up the data in network packet and User Defined stream table Data Matching, acquisition return value, described return value saves the action schedule allocation index (at_index) for finally performing.
According to described action schedule allocation index (at_index) from SRAM relevant position read action table, perform respective handling action in described action schedule.
Further, described device also includes:
Described first-order rule index, by a chained list management of sorting, compares with each index in index chained list when described first-order rule index adds, exists when the first-order rule of described interpolation indexes, then add indexing unsuccessfully;When the first-order rule of described interpolation indexes not, just the first-order rule index to add is added in corresponding sequence chained list.
Further, described device also includes:
Described two grades of rule indexs are managed by from the sequence chained list of increasing type, just compare with described call number in the sequence chained list of increasing type when described two grades of rule indexs enumerate call number, when described call number of enumerating exists, then enumerate next call number, in the sequence chained list of increasing type, it is absent from this call number until described, then locks this call number and described in the sequence chained list of increasing type being added to.
Further, described device also includes:
When deleting described rule index, it is intended that a first-order rule index, two grades of rule indexs associated with it can and then be deleted, and then reaches the purpose facilitating rule index to manage.
When the TCAM rule that deletion 12 tuples are corresponding, index according to this first-order rule, action schedule index (at_indeX) and the User Defined rule index (ud_index) of associated can be automatically deleted.
When the TCAM rule that deletion User Defined is corresponding, index according to this first-order rule, two grades of lookup table index (table_id) can be automatically deleted.
Embodiments providing a kind of rule index management based on TCAM multilevel flow table and realize method, the method includes: set up, based on described rule index, the chained list that sorts accordingly, and described sequence chained list includes first-order rule index and/or two grades of rule indexs;Being added to by described two grades of rule indexs on corresponding first-order rule index, described two grades of rule indexs include action schedule index, two grades of lookup table index and User Defined rule index;Inquire about described TCAM multilevel flow table, described first-order rule the return value indexed judges whether that needing two grades tables look-up, and carries out one-level according to judged result and tables look-up and/or two grades of execution respective handling actions of tabling look-up.The multistage problem tabled look-up to the equipment processing big flow and Various Complex business, also solves the difficulty that the index that in prior art, specified rule numbering is brought adds and searches simultaneously.
Described above is only the general introduction of technical solution of the present invention, in order to better understand the technological means of the present invention, and can be practiced according to the content of description, and in order to above and other objects of the present invention, feature and advantage can be become apparent, below especially exemplified by the specific embodiment of the present invention.
Accompanying drawing explanation
By reading hereafter detailed description of the preferred embodiment, various other advantage and benefit those of ordinary skill in the art be will be clear from understanding.Accompanying drawing is only for illustrating the purpose of preferred implementation, and is not considered as limitation of the present invention.And in whole accompanying drawing, it is denoted by the same reference numerals identical parts.In the accompanying drawings:
Fig. 1 is the Organization Chart that the present invention relates to;
Fig. 2-1 manages the optimization procedure chart of the method that realizes for a kind of rule index based on TCAM multilevel flow table that the embodiment of the present invention provides;
The allocation flow figure of each two grades of rule indexs of Fig. 2-2:
Fig. 2-3 is the structure figure of first-order rule chained list;
For what the embodiment of the present invention provided, Fig. 3 judges whether that needs two grades perform the optimization procedure chart of respective handling action after tabling look-up;
Fig. 4 manages for a kind of rule index based on TCAM multilevel flow table that the embodiment of the present invention provides and realizes structure drawing of device.
Detailed description of the invention
In order to reduce the waste of TCAM space resources, it is ensured that packet is normally processed, embodiments provide optimization method and the device of a kind of regular list item for Message processing.
It is more fully described the exemplary embodiment of the disclosure below with reference to accompanying drawings.Although accompanying drawing showing the exemplary embodiment of the disclosure, it being understood, however, that may be realized in various forms the disclosure and should do not limited by embodiments set forth here.On the contrary, it is provided that these embodiments are able to be best understood from the disclosure, and complete for the scope of the present disclosure can be conveyed to those skilled in the art.
With reference to shown in Fig. 1, below will the present invention is described in detail by detailed description of the invention shown in the drawings.But these embodiments are not limiting as the present invention, those of ordinary skill in the art is all contained in protection scope of the present invention according to the made structure of these embodiments, method or conversion functionally.
Assembly of the invention framework is the core of action as it is shown in figure 1, FPGA is carried out tabling look-up, and one-level is tabled look-up and two grades of contents tabled look-up and return value all leave in TCAM, and User Defined tables look-up rule and the last action schedule performed is put in sram.
Below in conjunction with accompanying drawing is described, the embodiment of the present invention is illustrated.
Fig. 2-1 manages the optimization procedure chart of the method that realizes for a kind of rule index based on TCAM multilevel flow table that the embodiment of the present invention provides, and this process comprises the following steps:
S201: set up the chained list that sorts accordingly based on described rule index, described sequence chained list includes first-order rule index and/or two grades of rule indexs;
Specifically, here sequence chained list includes minimum 1 first-order rule, every 1 first-order rule should include again two grades of rule indexs (if do not need two grades table look-up just do not have two grades of rule indexs), wherein first-order rule index needs by artificial assigned indexes number, such as 1, and two grades of rule indexs needs employings are automatically enumerated mode and distributed, but the call number of whole two grades of rule index tables can be all from 2.
Further, such as Fig. 2-2, the distribution of each two grades of rule indexs.Device starts to enumerate from rule index minima, and is compared with the already present index value in chained list by each enumerated value, if existed in chained list, then enumerates next value, is incremented by gradually, until till in chained list, maximum is not enumerated in this value or arrival.If chained list is absent from this rule index value, just locks this rule index value, and assign them to rule index, and then be added in its corresponding sequence chained list, in order to next time travels through.Thus realizing automatically distributing the purpose of two grades of rule indexs.
S202: described two grades of rule indexs are associated with on corresponding first-order rule index, described two grades of rule indexs include action schedule index (at_indeX), two grades of lookup table index (table_id) and User Defined rule index (ud_index);
Specifically, all of two grades of rule indexs are all added in a structure with first-order rule index, is so easy to the deletion of two grades of rule indexs.Therefore, in such scheme, TCAM is tabled look-up every time and be accomplished by adding a first-order rule index.
Further, such as the structure figure that Fig. 2-3 is first-order rule chained list, the structure of described first-order rule chained list includes first-order rule call number, command-line string (for perform now well-regulated table look-up after process action command), action schedule index (at_index), two grades of rule indexs of tabling look-up (table_id) and User Defined rule index (ud_index), wherein action schedule index is included in action schedule index chained list, two grades of rule indexs of tabling look-up are included in bis-grades of lookup table index chained lists of TCAM, User Defined rule index is included in User Defined rule index chained list.
First-order rule index indexes chained list management by a first-order rule, and first-order rule index is labor management, and user assigned indexes number can be added TCAM rule or delete TCAM rule according to assigned indexes number.
This device has three two grades of rule indexs, respectively: be stored in User Defined rule allocation index (ud_index) of SRAM, two grades of TCAM table look-up rule list index (table_index), and are used for the action schedule allocation index (at_index) performed after inquire about stream table.
As Figure 2-3, each first-order rule index can be associated with his corresponding two grades of rule indexs to the relation of two grades of rule indexs and first-order rule index, and this can add this one-level to secondary index when adding rule and index the structure of rule.Only need to specifying a first-order rule index during deletion, device will be automatically deleted the two of associated grades of rule indexs automatically, and then realizes conveniently, succinctly, and quick index management.
S203: inquire about described TCAM multilevel flow table, described first-order rule the return value indexed judges whether that needing two grades tables look-up, and carries out one-level according to judged result and tables look-up and/or two grades of execution respective handling actions of tabling look-up.
Specifically, when the return value that described first-order rule indexes has user's custom rule index (ud_index), inquire about the return value in two grades of rule indexs of tabling look-up (table_id) and obtain described action schedule index (at_index), and perform respective handling action according to the content in the action schedule reading described action schedule index (at_index);When described first-order rule index return value does not have two grades of rule index of tabling look-up (table_id) numerical value, inquire about content in described action schedule index (at_index) read action table and perform respective handling action.
When the return value that described first-order rule indexes is described action schedule index (at_index), described action schedule indexes.
Further, as what the embodiment of the present invention provided, figure, Fig. 3 judge whether that needs two grades perform the optimization process of respective handling action after tabling look-up, the present embodiment is for 12 tuples, and this process comprises the following steps:
S301, one-level are tabled look-up, and FPGA inquires about 12 tuple regular data in TCAM, this regular data last be 12 tuple rule lists index (being fixed as 1);The return value that one-level is tabled look-up located User Defined rule allocation index (ud_index);
S302, FPGA read User Defined rule according to User Defined rule allocation index (ud_index), this rule is for positioning and read the data that in network packet, user wants, last of this rule is two grades of regular flow table indexs (table_id) of tabling look-up, according to two grades of regular flow table indexs of tabling look-up, carry out TCAM bis-grades and table look-up.
S303, two grades table look-up, FPGA according to two grades of regular flow table indexs (table_id) of tabling look-up data in network packet and User Defined stream table Data Matching, acquisition return value, saves the action schedule allocation index (at_index) for finally performing in this return value.
S304, FPGA are according to two grades of checking result, and namely action schedule allocation index (at_index), from SRAM relevant position read action table, execution action schedule content respective handling action.
Further, management for first-order rule index realizes method, first-order rule index needs artificial appointment, by a chained list management of sorting, when adding first-order rule index, can compare with each index in index chained list every time, if existed, then add and index unsuccessfully, if chained list does not have, just new first-order rule index is added to corresponding chained list.
Further, the management for two grades of rule indexs realizes method, and all two grades of rule indexs are all automatically distribute by enumerating, it is not necessary to manually specify, and this is to be sorted chained list management from increasing type by one of each index.When producing two grades of rule index, from index minima, enumerate call number, enumerate one just to compare with the call number in chained list every time, if call number exists, then enumerate next call number, until index chained list is absent from this call number, then lock this call number, and this call number is added to this rule index chained list.
Further, present invention offers the facility in deletion rule, as a further improvement on the present invention, during deletion rule index, having only to specify a first-order rule index, two grades of rule indexs associated with it can and then be deleted, and then reaches the purpose facilitating rule index to manage.
As a further improvement on the present invention, when deleting TCAM rule corresponding to 12 tuples, index according to this first-order rule, action schedule index (at_index) and the User Defined rule index (ud_index) of associated can be automatically deleted.
As a further improvement on the present invention, when deleting TCAM rule corresponding to User Defined, index according to this first-order rule, two grades of lookup table index (table_id) can be automatically deleted.
Fig. 4 manages for a kind of rule index based on TCAM multilevel flow table that the embodiment of the present invention provides and realizes structure drawing of device, and described device includes,
Setting up sequence chained list module 41, for setting up, based on described rule index, the chained list that sorts accordingly, described sequence chained list includes first-order rule index and/or two grades of rule indexs;
Specifically, here sequence chained list includes minimum 1 first-order rule, every 1 first-order rule should include again two grades of rule indexs (if do not need two grades table look-up just do not have two grades of rule indexs), wherein first-order rule index needs by artificial assigned indexes number, such as 1, and two grades of rule indexs needs employings are automatically enumerated mode and distributed, but the call number of whole two grades of rule index tables can be all from 2.
Further, such as Fig. 2-1, the distribution of each two grades of rule indexs.Device starts to enumerate from rule index minima, and each enumerating directly is compared with the already present index value in chained list, if existed in chained list, then enumerates next value, is incremented by gradually, until till in chained list, maximum is not enumerated in this value or arrival.If chained list is absent from this rule index value, just locks this rule index value, and assign them to rule index, and then be added in its corresponding sequence chained list, in order to next time travels through.Thus realizing automatically distributing the purpose of two grades of rule indexs.
Rule index relating module 42, for described two grades of rule indexs being added to corresponding first-order rule index, described two grades of rule indexs include action schedule index (at_index), two grades of lookup table index (table_id) and User Defined rule index (ud_index);
Specifically, all of two grades of rule indexs are all added in a structure with first-order rule index, is so easy to the deletion of two grades of rule indexs.Therefore, in such scheme, TCAM is tabled look-up every time and be accomplished by adding a first-order rule index.
Further, such as Fig. 2-2, the structure of described first-order rule chained list include first-order rule call number, command-line string (for perform now well-regulated table look-up after process action command), action schedule index (at_index), two grades of rule indexs of tabling look-up (table_id) and User Defined rule index (ud_index), wherein action schedule index is included in action schedule index chained list, two grades of rule indexs of tabling look-up are included in bis-grades of lookup table index chained lists of TCAM, and User Defined rule index is included in User Defined rule index chained list.
First-order rule index indexes chained list management by a first-order rule, and first-order rule index is labor management, and user assigned indexes number can be added TCAM rule or delete TCAM rule according to assigned indexes number.
This device has three two grades of rule indexs, respectively: be stored in User Defined rule allocation index (ud_index) of SRAM, two grades of TCAM table look-up rule list index (table_index), and are used for the action schedule allocation index (at_index) performed after inquire about stream table.
Two grades of rule indexs are with the relation that first-order rule indexes as it is shown on figure 3, each first-order rule index can be associated with his corresponding two grades of rule indexs, and this can add secondary index to the structure of this one-level index rule when adding rule.Only need to specifying a first-order rule index during deletion, device will be automatically deleted the two of associated grades of rule indexs automatically, and then realizes conveniently, succinctly, and quick index management.
Stream table query actions module 43, is used for inquiring about described CAM multilevel flow table, described first-order rule the return value indexed judges whether that needing two grades tables look-up, and carries out one-level according to judged result and tables look-up and/or two grades of execution respective handling actions of tabling look-up.
Specifically, when the return value that described first-order rule indexes has user's custom rule index (ud_index), inquire about the return value in two grades of rule indexs of tabling look-up (table_id) and obtain described action schedule index (at_index), and perform respective handling action according to the content in the action schedule reading described action schedule index (at_index);When described first-order rule index return value does not have two grades of rule index of tabling look-up (table_id) numerical value, inquire about content in described action schedule index (at_index) read action table and perform respective handling action.
Further, what the embodiment of the present invention provided judges whether that needs two grades perform the optimization process of respective handling action after tabling look-up, and described stream table query actions module also includes:
S1, inquiry TCAM in many tuples regular data, this regular data last be many tuples rule list index, carry out one-level and table look-up, the return value that described one-level is tabled look-up located User Defined rule allocation index (ud_index);
S2, read User Defined rule according to described User Defined rule allocation index (ud_index), described User Defined rule is for positioning and read the data in network packet, last of described User Defined rule is described two grades of regular flow table indexs (table_id) of tabling look-up, according to described two grades regular flow table indexs of tabling look-up, carry out two grades and table look-up.
S3, regular flow table index (table_id) of tabling look-up according to described two grades are the data in network packet and User Defined stream table Data Matching, acquisition return value, described return value saves the action schedule allocation index (at_index) for finally performing.
S4, according to described action schedule allocation index (at_index) from SRAM relevant position read action table, perform respective handling action in described action schedule.
Further, corresponding device also includes:
Described first-order rule index, by a chained list management of sorting, compares with each index in index chained list when described first-order rule index adds, exists when the first-order rule of described interpolation indexes, then add indexing unsuccessfully;When the first-order rule of described interpolation indexes not, just the first-order rule index to add is added in corresponding sequence chained list.
Further, corresponding device also includes:
Described two grades of rule indexs are managed by from the sequence chained list of increasing type, just compare with described call number in the sequence chained list of increasing type when described two grades of rule indexs enumerate call number, when described call number of enumerating exists, then enumerate next call number, in the sequence chained list of increasing type, it is absent from this call number until described, then locks this call number and described in the sequence chained list of increasing type being added to.
Further, described device also includes:
When deleting described rule index, it is intended that a first-order rule index, two grades of rule indexs associated with it can and then be deleted, and then reaches the purpose facilitating rule index to manage.
When the TCAM rule that deletion 12 tuples are corresponding, index according to this first-order rule, action schedule index (at_index) and the User Defined rule index (ud_indeX) of associated can be automatically deleted.
When the TCAM rule that deletion User Defined is corresponding, index according to this first-order rule, two grades of lookup table index (table_id) can be automatically deleted.
Not intrinsic to any certain computer, virtual bench or miscellaneous equipment relevant in algorithm and the display of this offer.Various fexible units can also with use based on together with this teaching.As described above, the structure constructed required by this kind of device is apparent from.Additionally, the present invention is also not for any certain programmed language.It is understood that, it is possible to utilize various programming language to realize the content of invention described herein, and the description above language-specific done is the preferred forms in order to disclose the present invention.
In description mentioned herein, describe a large amount of detail.It is to be appreciated, however, that embodiments of the invention can be put into practice when not having these details.In some instances, known method, structure and technology it are not shown specifically, in order to do not obscure the understanding of this description.
Similarly, it is to be understood that, one or more in order to what simplify that the disclosure helping understands in each inventive aspect, herein above in the description of the exemplary embodiment of the present invention, each feature of the present invention is grouped together in single embodiment, figure or descriptions thereof sometimes.But, the method for the disclosure should be construed to and reflect an intention that namely the present invention for required protection requires feature more more than the feature being expressly recited in each claim.More precisely, as the following claims reflect, inventive aspect is in that all features less than single embodiment disclosed above.Therefore, it then follows claims of detailed description of the invention are thus expressly incorporated in this detailed description of the invention, wherein each claim itself as the independent embodiment of the present invention.
Those skilled in the art are appreciated that, it is possible to carry out the module in the equipment in embodiment adaptively changing and they being arranged in one or more equipment different from this embodiment.Module in embodiment or unit or assembly can be combined into a module or unit or assembly, and multiple submodule or subelement or sub-component can be put them in addition.Except at least some in such feature and/or process or unit excludes each other, it is possible to adopt any combination that all processes or the unit of all features disclosed in this specification (including adjoint claim, summary and accompanying drawing) and so disclosed any method or equipment are combined.Unless expressly stated otherwise, each feature disclosed in this specification (including adjoint claim, summary and accompanying drawing) can be replaced by the alternative features providing purpose identical, equivalent or similar.
In addition, those skilled in the art it will be appreciated that, although embodiments more described herein include some feature included in other embodiments rather than further feature, but the combination of the feature of different embodiment means to be within the scope of the present invention and form different embodiments.Such as, in the following claims, the one of any of embodiment required for protection can mode use in any combination.
The all parts embodiment of the present invention can realize with hardware, or realizes with the software module run on one or more processor, or realizes with their combination.It will be understood by those of skill in the art that the some or all functions of the some or all parts optimized in device of the regular list item for Message processing that microprocessor or digital signal processor (DSP) can be used in practice to realize according to embodiments of the present invention.The present invention is also implemented as part or all the equipment for performing method as described herein or device program (such as, computer program and computer program).The program of such present invention of realization can store on a computer-readable medium, or can have the form of one or more signal.Such signal can be downloaded from internet website and obtain, or provides on carrier signal, or provides with any other form.
The present invention will be described rather than limits the invention to it should be noted above-described embodiment, and those skilled in the art can design alternative embodiment without departing from the scope of the appended claims.In the claims, any reference marks that should not will be located between bracket is configured to limitations on claims.Word " comprises " and does not exclude the presence of the element or step not arranged in the claims.Word "a" or "an" before being positioned at element does not exclude the presence of multiple such element.The present invention by means of including the hardware of some different elements and can realize by means of properly programmed computer.In the unit claim listing some devices, several in these devices can be through same hardware branch and specifically embody.Word first, second and third use do not indicate that any order.Can be title by these word explanations.
Obviously, the present invention can be carried out various change and modification without deviating from the spirit and scope of the present invention by those skilled in the art.So, if these amendments of the present invention and modification belong within the scope of the claims in the present invention and equivalent technologies thereof, then the present invention is also intended to comprise these change and modification.
Claims (10)
1. the rule index based on TCAM multilevel flow table manages and realizes method, it is characterised in that the method includes:
Setting up, based on described rule index, the chained list that sorts accordingly, described sequence chained list includes first-order rule index and/or two grades of rule indexs;
Being added to by described two grades of rule indexs on corresponding first-order rule index, described two grades of rule indexs include action schedule index, two grades of lookup table index and User Defined rule index;
Inquire about described TCAM multilevel flow table, described first-order rule the return value indexed judges whether that needing two grades tables look-up, and carries out one-level according to judged result and tables look-up and/or two grades of execution respective handling actions of tabling look-up.
2. a kind of rule index based on TCAM multilevel flow table according to claim 1 manages and realizes method, it is characterized in that, the described TCAM multilevel flow table of described inquiry, the return value indexed by described first-order rule judges whether that needing two grades tables look-up, and carries out two grades of steps performing respective handling action of tabling look-up according to judged result and also includes:
S1, inquiry TCAM in many tuples regular data, this regular data last be many tuples rule list index, carry out one-level and table look-up, the return value that described one-level is tabled look-up located User Defined rule allocation index;
S2, according to described User Defined rule allocation index read User Defined rule, described User Defined rule is for positioning and read the data in network packet, last of described User Defined rule is described two grades of regular flow table indexs of tabling look-up, according to described two grades regular flow table indexs of tabling look-up, carry out two grades and table look-up;
S3, regular flow table index of tabling look-up according to described two grades are the data in network packet and User Defined stream table Data Matching, it is thus achieved that return value, described return value saves the action schedule allocation index for finally performing;
S4, according to described action schedule allocation index from SRAM relevant position read action table, perform respective handling action in described action schedule.
3. a kind of rule index based on TCAM multilevel flow table according to claim 1 manages and realizes method, it is characterised in that
Described first-order rule index, by a chained list management of sorting, compares with each index in index chained list when described first-order rule index adds, exists when the first-order rule of described interpolation indexes, then add indexing unsuccessfully;When the first-order rule of described interpolation indexes not, just the first-order rule index to add is added in corresponding sequence chained list.
4. a kind of rule index based on TCAM multilevel flow table according to claim 1 manages and realizes method, it is characterised in that
Described two grades of rule indexs are managed by from the sequence chained list of increasing type, just compare with described call number in the sequence chained list of increasing type when described two grades of rule indexs enumerate call number, when described call number of enumerating exists, then enumerate next call number, in the sequence chained list of increasing type, it is absent from this call number until described, then locks this call number and add to described in the sequence chained list of increasing type.
5. a kind of rule index based on TCAM multilevel flow table according to claim 1 manages and realizes method, it is characterised in that
When deleting described rule index, it is intended that a first-order rule index, two grades of rule indexs associated with it can and then be deleted;
When the TCAM rule that deletion 12 tuples are corresponding, index according to this first-order rule, be automatically deleted action schedule index and the User Defined rule index of associated;
When the TCAM rule that deletion User Defined is corresponding, index according to this first-order rule, be automatically deleted two grades of lookup table index.
6. the rule index based on TCAM multilevel flow table manages and realizes device, it is characterised in that described device includes:
Setting up sequence chained list module, for setting up, based on described rule index, the chained list that sorts accordingly, described sequence chained list includes first-order rule index and/or two grades of rule indexs;
Rule index relating module, for described two grades of rule indexs add to corresponding first-order rule index, described two grades of rule indexs include action schedule index, two grades of lookup table index and User Defined rule index;
Stream table query actions module, is used for inquiring about described TCAM multilevel flow table, described first-order rule the return value indexed judges whether that needing two grades tables look-up, and carries out one-level according to judged result and tables look-up and/or two grades of execution respective handling actions of tabling look-up.
7. a kind of rule index based on TCAM multilevel flow table according to claim 6 manages and realizes device, it is characterised in that described stream table query actions module also includes:
Inquiry TCAM in many tuples regular data, this regular data last be many tuples rule list index, carry out one-level and table look-up, the return value that described one-level is tabled look-up located User Defined rule allocation index;
User Defined rule is read according to described User Defined rule allocation index, described User Defined rule is for positioning and read the data in network packet, last of described User Defined rule is described two grades of regular flow table indexs of tabling look-up, according to described two grades regular flow table indexs of tabling look-up, carry out two grades and table look-up;
According to described two grades regular flow table indexs of tabling look-up the data in network packet and User Defined stream table Data Matching, it is thus achieved that return value, described return value saves the action schedule allocation index for finally performing;
According to described action schedule allocation index from SRAM relevant position read action table, perform respective handling action in described action schedule.
8. a kind of rule index based on TCAM multilevel flow table according to claim 6 manages and realizes device, it is characterised in that described device also includes:
Described first-order rule index, by a chained list management of sorting, compares with each index in index chained list when described first-order rule index adds, exists when the first-order rule of described interpolation indexes, then add indexing unsuccessfully;When the first-order rule of described interpolation indexes not, just the first-order rule index to add is added in corresponding sequence chained list.
9. a kind of rule index based on TCAM multilevel flow table according to claim 6 manages and realizes device, it is characterised in that described device also includes:
Described two grades of rule indexs are managed by from the sequence chained list of increasing type, just compare with described call number in the sequence chained list of increasing type when described two grades of rule indexs enumerate call number, when described call number of enumerating exists, then enumerate next call number, in the sequence chained list of increasing type, it is absent from this call number until described, then locks this call number and described in the sequence chained list of increasing type being added to.
10. a kind of rule index based on TCAM multilevel flow table according to claim 6 manages and realizes device, it is characterised in that described device also includes:
When deleting described rule index, it is intended that a first-order rule index, two grades of rule indexs associated with it can and then be deleted, and then reaches the purpose facilitating rule index to manage;
When the TCAM rule that deletion 12 tuples are corresponding, index according to this first-order rule, action schedule index and the User Defined rule index of associated can be automatically deleted;
When the TCAM rule that deletion User Defined is corresponding, index according to this first-order rule, two grades of lookup table index can be automatically deleted.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410852392.4A CN105812164B (en) | 2014-12-31 | 2014-12-31 | Rule index management implementation method and device based on TCAM multilevel flow table |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410852392.4A CN105812164B (en) | 2014-12-31 | 2014-12-31 | Rule index management implementation method and device based on TCAM multilevel flow table |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105812164A true CN105812164A (en) | 2016-07-27 |
| CN105812164B CN105812164B (en) | 2019-07-23 |
Family
ID=56420892
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410852392.4A Active CN105812164B (en) | 2014-12-31 | 2014-12-31 | Rule index management implementation method and device based on TCAM multilevel flow table |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105812164B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106789706A (en) * | 2016-11-11 | 2017-05-31 | 天津光电通信技术有限公司 | A kind of network shunt system based on TCAM |
| CN110636012A (en) * | 2019-10-18 | 2019-12-31 | 南京贝伦思网络科技股份有限公司 | Method for adding multiple mask rules based on ZCAM chip |
| CN111163060A (en) * | 2019-12-11 | 2020-05-15 | 中盈优创资讯科技有限公司 | Application group-based forwarding method, device and system |
| CN114221849A (en) * | 2020-09-18 | 2022-03-22 | 芯启源(南京)半导体科技有限公司 | Method for realizing intelligent network card by combining FPGA with TCAM |
| CN115665051A (en) * | 2022-12-29 | 2023-01-31 | 北京浩瀚深度信息技术股份有限公司 | Method for realizing high-speed flow table based on FPGA + RLDRAM3 |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1896991A (en) * | 2006-03-02 | 2007-01-17 | 华为技术有限公司 | Dynamic-range matching listing maintenance |
| CN101247337A (en) * | 2008-02-18 | 2008-08-20 | 华为技术有限公司 | Packet forwarding method and equipment |
| CN102316040A (en) * | 2011-09-09 | 2012-01-11 | 中兴通讯股份有限公司 | Access control list finding method and data stream classification device |
| CN102811227A (en) * | 2012-08-30 | 2012-12-05 | 重庆大学 | Administration mechanism for standard way access control list (ACL) rule under internet protocol security (IPsec) protocol |
| CN102843299A (en) * | 2012-09-12 | 2012-12-26 | 盛科网络(苏州)有限公司 | Method and system for realizing Openflow multi-stage flow tables on basis of ternary content addressable memory (TCAM) |
| US20130007257A1 (en) * | 2011-06-30 | 2013-01-03 | Juniper Networks, Inc. | Filter selection and resuse |
| CN102957603A (en) * | 2012-11-09 | 2013-03-06 | 盛科网络(苏州)有限公司 | Multilevel flow table-based Openflow message forwarding method and system |
| CN103259718A (en) * | 2013-04-18 | 2013-08-21 | 华为技术有限公司 | Flow table conversion method and device |
| CN103729427A (en) * | 2013-12-25 | 2014-04-16 | 南京未来网络产业创新有限公司 | User-defined multistage flow table incremental updating based flow table transformation method |
| US20140126393A1 (en) * | 2012-11-02 | 2014-05-08 | Brocade Communications Systems, Inc. | Algorithm for long-lived large flow identification |
| WO2014179390A1 (en) * | 2013-05-03 | 2014-11-06 | Alcatel Lucent | Low-cost flow matching in software defined networks without tcams |
-
2014
- 2014-12-31 CN CN201410852392.4A patent/CN105812164B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1896991A (en) * | 2006-03-02 | 2007-01-17 | 华为技术有限公司 | Dynamic-range matching listing maintenance |
| CN101247337A (en) * | 2008-02-18 | 2008-08-20 | 华为技术有限公司 | Packet forwarding method and equipment |
| US20130007257A1 (en) * | 2011-06-30 | 2013-01-03 | Juniper Networks, Inc. | Filter selection and resuse |
| CN102316040A (en) * | 2011-09-09 | 2012-01-11 | 中兴通讯股份有限公司 | Access control list finding method and data stream classification device |
| CN102811227A (en) * | 2012-08-30 | 2012-12-05 | 重庆大学 | Administration mechanism for standard way access control list (ACL) rule under internet protocol security (IPsec) protocol |
| CN102843299A (en) * | 2012-09-12 | 2012-12-26 | 盛科网络(苏州)有限公司 | Method and system for realizing Openflow multi-stage flow tables on basis of ternary content addressable memory (TCAM) |
| US20140126393A1 (en) * | 2012-11-02 | 2014-05-08 | Brocade Communications Systems, Inc. | Algorithm for long-lived large flow identification |
| CN102957603A (en) * | 2012-11-09 | 2013-03-06 | 盛科网络(苏州)有限公司 | Multilevel flow table-based Openflow message forwarding method and system |
| CN103259718A (en) * | 2013-04-18 | 2013-08-21 | 华为技术有限公司 | Flow table conversion method and device |
| WO2014179390A1 (en) * | 2013-05-03 | 2014-11-06 | Alcatel Lucent | Low-cost flow matching in software defined networks without tcams |
| CN103729427A (en) * | 2013-12-25 | 2014-04-16 | 南京未来网络产业创新有限公司 | User-defined multistage flow table incremental updating based flow table transformation method |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106789706A (en) * | 2016-11-11 | 2017-05-31 | 天津光电通信技术有限公司 | A kind of network shunt system based on TCAM |
| CN106789706B (en) * | 2016-11-11 | 2020-08-07 | 天津光电通信技术有限公司 | Network shunting system based on TCAM |
| CN110636012A (en) * | 2019-10-18 | 2019-12-31 | 南京贝伦思网络科技股份有限公司 | Method for adding multiple mask rules based on ZCAM chip |
| CN110636012B (en) * | 2019-10-18 | 2023-05-02 | 南京贝伦思网络科技股份有限公司 | Method for adding multiple mask rules based on ZCAM chip |
| CN111163060A (en) * | 2019-12-11 | 2020-05-15 | 中盈优创资讯科技有限公司 | Application group-based forwarding method, device and system |
| CN111163060B (en) * | 2019-12-11 | 2021-12-24 | 中盈优创资讯科技有限公司 | Application group-based forwarding method, device and system |
| CN114221849A (en) * | 2020-09-18 | 2022-03-22 | 芯启源(南京)半导体科技有限公司 | Method for realizing intelligent network card by combining FPGA with TCAM |
| CN114221849B (en) * | 2020-09-18 | 2024-03-19 | 芯启源(南京)半导体科技有限公司 | Method for realizing intelligent network card by combining FPGA with TCAM |
| CN115665051A (en) * | 2022-12-29 | 2023-01-31 | 北京浩瀚深度信息技术股份有限公司 | Method for realizing high-speed flow table based on FPGA + RLDRAM3 |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105812164B (en) | 2019-07-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105812164A (en) | Rule index management implementation method and device based on TCAM multistage flow table | |
| US7885967B2 (en) | Management of large dynamic tables | |
| US9996581B2 (en) | Real-time saved-query updates for a large graph | |
| US8521741B1 (en) | Systems and methods for performing integrated searches with actions | |
| WO2010145575A1 (en) | Method and device for updating index in terminal and sequencing search results based on updated index | |
| CN102957617B (en) | Realize method and the device of multi-service superposition | |
| US10235476B2 (en) | Matching objects using match rules and lookup key | |
| US8386423B2 (en) | Scalable policy-based database synchronization of scopes | |
| WO2021169123A1 (en) | Cluster environment timing task processing method, system and device, and storage medium | |
| CN104268295A (en) | Data query method and device | |
| AU2011320744A1 (en) | Methods for indexing and searching based on language locale | |
| US9734178B2 (en) | Searching entity-key associations using in-memory objects | |
| CN103475584A (en) | Query method and query device for ternary content addressable memory (TCAM) | |
| CA2461871A1 (en) | An efficient index structure to access hierarchical data in a relational database system | |
| CN114090695A (en) | Query optimization method and device for distributed database | |
| CN104239337B (en) | Processing method and processing device of tabling look-up based on TCAM | |
| CN108304460B (en) | Improved database positioning method and system | |
| CN102207935A (en) | Method and system for establishing index | |
| US8015178B2 (en) | System and method to determine a single SQL BOM solve | |
| CN105376309A (en) | Access gateway distribution method and device | |
| CN103020285B (en) | Integration across database supports automatic coding and the system of multi-field combination | |
| CN104008191B (en) | A kind of data query method | |
| AU2020380362B2 (en) | System and methods for querying and updating databases | |
| CN111159285B (en) | Enterprise cross-system retrieval method based on distributed index service deployment | |
| EP2899924A1 (en) | System and method for determining an index of an object in a sequence of objects |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |