CN106230649B - Session resource management method and device - Google Patents
Session resource management method and device Download PDFInfo
- Publication number
- CN106230649B CN106230649B CN201610834921.7A CN201610834921A CN106230649B CN 106230649 B CN106230649 B CN 106230649B CN 201610834921 A CN201610834921 A CN 201610834921A CN 106230649 B CN106230649 B CN 106230649B
- Authority
- CN
- China
- Prior art keywords
- session
- ipmax
- session resources
- threshold
- resources
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/142—Network analysis or design using statistical or mathematical methods
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0876—Network utilisation, e.g. volume of load or congestion level
- H04L43/0882—Utilisation of link capacity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/16—Threshold monitoring
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/70—Admission control; Resource allocation
- H04L47/76—Admission control; Resource allocation using dynamic resource allocation, e.g. in-call renegotiation requested by the user or requested by the network in response to changing network conditions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
Abstract
The application provides a kind of session resource management method and device, which comprises when the Session Resources occupancy of the network equipment reaches preset first threshold, counts the corresponding Session Resources occupancy of each initiation session IP address;When the Session Resources occupancy of the network equipment reaches second threshold, based on the corresponding Session Resources occupancy of each initiation session IP address counted, the maximum IP address of Session Resources occupancy (IPmax) is determined;Wherein, the second threshold is greater than the first threshold;Limitation reduces IPmax to the occupancy of the Session Resources, to accelerate this equipment recycling Session Resources.Using the embodiment of the present application, the service process performance of the network equipment can be effectively improved.
Description
Technical field
This application involves computer communication field more particularly to session resource management method and devices.
Background technique
Due to the continuous growth of the data traffic on various networks, the performance requirement of the network equipment is constantly promoted.Another party
Face, with the appearance of the various application demands including such as safety and access control, for the network equipment performance requirement into
One step improves.How reasonable management is carried out to the process resource of the existing network equipment and achievees the purpose that performance optimization is always industry
The direction of constant quest.
Summary of the invention
In view of this, the application provides a kind of session resource management method and device, to improve the business of the network equipment
Process performance.
Specifically, the application is achieved by the following technical solution:
According to the embodiment of the present application in a first aspect, a kind of session resource management method is provided, applied to the network equipment, institute
The method of stating includes:
When the Session Resources occupancy of the network equipment reaches preset first threshold, each initiation session IP address pair is counted
The Session Resources occupancy answered;
When the Session Resources occupancy of the network equipment reaches second threshold, based on each initiation session IP counted
The corresponding Session Resources occupancy in address, determines the maximum IP address of Session Resources occupancy (IPmax);Wherein, described second
Threshold value is greater than the first threshold;
Limitation reduces IPmax to the occupancy of the Session Resources, to accelerate this equipment recycling Session Resources.
According to the second aspect of the embodiment of the present application, a kind of session resource management device is provided, described device includes:
Statistic unit, for counting each hair when the Session Resources occupancy of the network equipment reaches preset first threshold
Play the corresponding Session Resources occupancy of session IP address;
Determination unit, for when the Session Resources occupancy of the network equipment reaches second threshold, based on the institute counted
The corresponding Session Resources occupancy of each initiation session IP address is stated, determines the maximum IP address of Session Resources occupancy (IPmax);
Wherein, the second threshold is greater than the first threshold;
Limiting unit, for limiting or reducing IPmax to the occupancy of the Session Resources, to accelerate the recycling session of this equipment
Resource.
A kind of method that the embodiment of the present application proposes new session resource management, the network equipment is by recycling Session Resources
The improvement of mechanism, when the Session Resources occupancy of the network equipment reaches first threshold, the network equipment can count each initiation
Session Resources occupancy corresponding to the IP address of session;When the Session Resources occupancy of the network equipment reaches second threshold,
Can the corresponding Session Resources occupancy of IP address based on each initiation session counted, obtain Session Resources occupancy most
Big IP address (IPmax);Network equipment limitation reduces IPmax to the occupancy of the Session Resources, is returned with accelerating this equipment
Receive Session Resources.Wherein, the second threshold is greater than the first threshold;
Since when the Session Resources occupancy of the network equipment is excessive, the network equipment can be to Session Resources occupancy most
Big IP address is limited, and discharges its occupied Session Resources, Session Resources are rationally recycled in time.Cause
This, can effectively improve the service process performance of equipment.
Detailed description of the invention
Fig. 1 is a kind of flow chart of session resource management method shown in one exemplary embodiment of the application;
Fig. 2 is a kind of hardware configuration of session resource management device place equipment shown in one exemplary embodiment of the application
Figure;
Fig. 3 is a kind of block diagram of session resource management device shown in one exemplary embodiment of the application.
Specific embodiment
Example embodiments are described in detail here, and the example is illustrated in the accompanying drawings.Following description is related to
When attached drawing, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements.Following exemplary embodiment
Described in embodiment do not represent all embodiments consistent with the application.On the contrary, they be only with it is such as appended
The example of the consistent device and method of some aspects be described in detail in claims, the application.
It is only to be not intended to be limiting the application merely for for the purpose of describing particular embodiments in term used in this application.
It is also intended in the application and the "an" of singular used in the attached claims, " described " and "the" including majority
Form, unless the context clearly indicates other meaning.It is also understood that term "and/or" used herein refers to and wraps
It may be combined containing one or more associated any or all of project listed.
It will be appreciated that though various information, but this may be described using term first, second, third, etc. in the application
A little information should not necessarily be limited by these terms.These terms are only used to for same type of information being distinguished from each other out.For example, not departing from
In the case where the application range, the first information can also be referred to as the second information, and similarly, the second information can also be referred to as
One information.Depending on context, word as used in this " if " can be construed to " ... when " or " when ...
When " or " in response to determination ".
Session Resources are the valuable sources of the network equipment, it can determine the service process performance of the network equipment, network
Equipment needs to distribute the process resource of considerable CPU and memory for a large amount of session, these process resources are in this application
Referred to as Session Resources.When Session Resources occupancy is excessively high, the service process performance of the network equipment may be declined.In reality
In the application of border, above-mentioned Session Resources generally include newly-built Session Resources and concurrent Session Resources.
Newly-built Session Resources are the newly-built occupied resource of newly-built session with session initiator of the network equipment, are relied primarily on
It is handled in the CPU of the network equipment.Under normal conditions, newly-built Session Resources can be characterized with the rate of newly-built session
Occupancy, such as newly-built session per second 100.When the newly-built rate of the network equipment meets or exceeds network equipment design rule
When maximum in lattice creates rate, CPU can be caused to be continuously in high-end trim, seriously affect CPU to the process performance of business.
Concurrent Session Resources are that the network equipment and session initiator keep the bipartite occupied process resource of session,
It changes for an angle, concurrent Session Resources refer to the process resource that the session that those have had built up needs to occupy, these processing
Resource is largely the memory source of the network equipment.Under normal conditions, concurrent Session Resources can be characterized with concurrent session number
Occupancy.When developer or network administrator according to business do not need rationally to be arranged the aging of concurrent session well
Between when, the memory source of the network equipment can be made to be occupied by a large amount of useless session, memory source is caused to waste, and then influence net
The performance of network equipment.
And in embodiments of the present invention, the network equipment can be by detecting itself resources occupation rate, when the network equipment
When resources occupation rate reaches first threshold, the corresponding Session Resources occupancy of each IP address of session setup side can be counted,
And Session Resources occupancy maximum can be limited or reduced when the Session Resources occupancy of the network equipment reaches second threshold
IP address to the occupancy of the network equipment Session Resources, the Session Resources of equipment are reasonably recycled in time, can
Effectively to limit or reduce the Session Resources occupancy of the network equipment, the service process performance of the network equipment is improved.
It is a kind of flow chart of session resource management method shown in one exemplary embodiment of the application referring to Fig. 1, Fig. 1,
The method of the Session Resources recycling is applied to the network equipment, specifically includes step as follows:
Step 101: when the Session Resources occupancy of the network equipment reaches preset first threshold, counting each initiation session
The corresponding Session Resources occupancy of IP address;
In embodiments of the present invention, the network equipment can be with shorter measurement period, or even almost mode is united in real time
Its Session Resources occupancy is counted, when the Session Resources occupancy of the network equipment reaches first threshold, each hair can be counted
Play Session Resources occupancy corresponding to the IP address of session.
For the statistics of the Session Resources occupancy of the network equipment, can be completed based on following steps.
When Session Resources are newly-built Session Resources, it is generally the case that characterize the type session to session with newly-built rate
The occupancy situation of resource.When the Session Resources occupancy to the network equipment counts, one can be set compared with ankle meter week
It phase, counts the number of newly-built session all in this period, and indicates to create rate in this this period with this.
Due to create rate calculating be based on measurement period, so when measurement period setting it is too long when, may nothing
Method accurately indicates the newly-built rate of each period in the period.Such as, it is assumed that measurement period is 10 seconds, in preceding 5s, creates meeting
Talking about number is 1000, and it is 100 that session number is created in latter five seconds, and is based on above-mentioned statistical method, each in this 10 seconds
The newly-built rate at a moment is 110/s, and the newly-built rate of the 110/s just can not accurately characterize after 5 seconds newly-built speed
Rate.And measurement period setting is too low, performance of network equipments possibly can not be supported for excessively short-period statistics.
In practical applications, for the setting of the measurement period of newly-built rate, generally with one second or lower period
For the period, and for measurement period more smaller than one second, generally determined according to the performance of the network equipment.Certainly, it is here
Illustratively, the setting of this measurement period also has relationship with the performance of the network equipment, and developer can be according to distinct device
Performance select different measurement periods.
When Session Resources are concurrent Session Resources, it is generally the case that characterize such with the concurrent session number at each moment
Occupancy situation of the session of type to Session Resources.When the Session Resources occupancy to the network equipment counts, the network equipment
The number of concurrent session can be counted based on the sampling period of setting.The number of the concurrent session counted can be with table
Show the concurrent session number at a moment.The sampling period indicates the time interval for counting the number of concurrent session twice.Than
Such as, it is assumed that sampling period 1s, then the network equipment can count the number of concurrent session at this time at 0 moment, 1s this
The number of concurrent session at this time can be counted when the moment again.
Setting for the sampling period works as the sampling period since the setting in sampling period will receive the restriction of equipment performance
When too small, the performance of the network equipment possibly can not support the sampling in too short sampling period.And the setting in sampling period it is excessive when, then
It is possible that the situation of collection result inaccuracy.In practical applications, will usually be set as in the sampling period one second or lower
Period generally determined according to the performance of the network equipment and for the sampling period more smaller than one second.Certainly, here only
It is exemplary, the setting in this sampling period also has relationship with the performance of the network equipment, and developer can set according to difference
Standby performance selects the different sampling periods.
The network equipment can by above-mentioned statistical method by almost in real time in a manner of count the Session Resources of the network equipment
Occupancy can count each IP for initiating session after the Session Resources occupancy for detecting the network equipment is more than first threshold
The occupancy of the corresponding Session Resources in address.
Herein, it is worth noting that, above-mentioned first threshold counts each IP address for initiating session for the network equipment and corresponds to
Session Resources occupancy trigger value.Such session money is generally indicated that when Session Resources occupancy reaches first threshold
The occupancy in source is excessively high, but overloads the case where can not handling other business completely still without the network equipment is reached.Net at this time
The remaining process resource of network equipment still is able to support the processing of above-mentioned statistical work.First threshold setting is excessively high to may cause net
The remaining process resource of network equipment can not complete statistical work in time, and subsequent step 102 etc. is caused not handle in time;It was arranged
Low possible shortage practical significance.In actual use, developer can make rational planning for according to the actual performance of the network equipment
The size of first threshold, for some high performance network equipments, first threshold can be properly increased, for some performances
The network equipment on the weak side, first threshold can be reduced suitably.
In the present embodiment, the network equipment can count the corresponding session money of IP address for initiating session in the following way
Source occupancy.
When above-mentioned Session Resources are newly-built Session Resources, it is generally the case that characterize the type session pair with newly-built rate
The occupancy situation of Session Resources.The newly-built session request message that the network equipment can be sent by receiving session setup side, obtains
Its source IP address carried, and the IP address is recorded.The network equipment can pass through the newly-built of above-mentioned statistics network equipment
The method of rate carrys out the newly-built rate of the IP address of each initiation session of statistic record, in other words, for initiating the IP of session
The statistics of the newly-built rate of address, statistical method is identical as the newly-built statistical method of rate of the above-mentioned network equipment, only counts
Unit no longer using the network equipment as unit, but with it is each initiate session IP address be a unit.
When above-mentioned Session Resources are concurrent Session Resources, when Session Resources are concurrent Session Resources, it is generally the case that
The occupancy situation of the session to Session Resources of the type is characterized with the concurrent session number at each moment.The network equipment can be by connecing
The session message that session setup side is sent is received, the source IP address of its carrying is obtained, and the IP address is recorded.The network equipment
Can by the method for the concurrent session number of above-mentioned statistics network equipment come the IP address of each initiation session of statistic record and
Session number is sent out, in other words, the statistics of the concurrent session number of the IP address for initiating session, statistical method is set with above-mentioned network
The statistical method of standby concurrent session number is identical, and only statistic unit is no longer using the network equipment as unit, but with each initiation
The IP address of session is a unit.
Step 102: when the Session Resources occupancy of the network equipment reaches second threshold, based on each hair counted
The corresponding Session Resources occupancy of session IP address is played, determines the maximum IP address of Session Resources occupancy (IPmax);Wherein,
The second threshold is greater than the first threshold;
Step 103: limitation reduces IPmax to the occupancy of the Session Resources, to accelerate this equipment recycling session money
Source.
In the present embodiment, the network equipment will come the service process performance of " early warning " network equipment by first threshold
It is affected or " early warning " network equipment can suffer from attack (under normal circumstances, when the network equipment is by attacking, to this
The occupied Session Resources of IP address that the network equipment initiates session are significantly larger than the meeting that the IP address that remaining initiates session occupies
Talk about resource) and the network equipment determines IPmax when its resources occupation rate reaches second threshold, and limit or reduce the IPmax
Occupied Session Resources are reduced or are limited the Session Resources occupancy of the network equipment with this.
The present embodiment does not use a threshold value while triggering statistics and limitation operation, and is set respectively using two threshold values
Fixed statistics and limitation or the trigger value for reducing operation, its object is to can also be preferably while optimizing equipment performance
Protect the regular traffic contact of session setup side.
It triggers statistics and limitation operation simultaneously with a threshold value, is exactly in other words, when the Session Resources of the network equipment
When occupancy reaches the threshold value, the network equipment can count each corresponding Session Resources occupancy of IP address for initiating session, and
Limit the Session Resources occupancy of IPmax.
If triggering statistics and limitation operation simultaneously with a threshold value, must be combined when threshold value setting
Statistical operation and limitation reduce by two aspect factors of operation, but when combining two aspect factors setting threshold value, tend not to
Achieve the effect that " perfection ", but " compromise " of two aspect factors, this means that the setting of threshold value is not very accurate.One side
Face, if threshold value setting is excessive, the network equipment possibly can not be counted and be limited operation and just " paralysed ", another party
Face, if threshold value setting is too small, the network equipment will be limited IPmax or be reduced in advance operation, such as send IPmax
Packet loss, this may will appear unnecessarily abandon session setup side's message situation, thus to a certain extent
Affect the regular traffic contact of session setup side.
And when being operated respectively to triggering statistical operation and limitation or reduce using two threshold values, in the setting of two threshold values
It waits, can consider statistical operation and limitation or the factor for reducing operation respectively.
Wherein, it when the resources occupation rate of the network equipment reaches second threshold, generally indicates that, the network equipment is without more
Resource handles session, and has seriously affected the traffic handing capacity of the network equipment.If second threshold setting is too low,
The resources occupation rate for being likely to occur the network equipment reaches " bottleneck " not yet, is just limited IPmax or reduced operation, than
The packet loss that such as IPmax is sent, it is possible to influence the regular traffic of session setup side.But if second threshold is arranged
Excessively high, second threshold may has not been reached yet in the resources occupation rate of the network equipment, which has just paralysed.So
In practical application, developer rationally can be set second threshold according to the performance and actual conditions of the network equipment.
In addition, the setting of second threshold can be greater than first threshold.First threshold is low relative to second threshold, it is meant that the
When one threshold value reaches, the process resource of equipment still has certain surplus, can support to count this to the biggish behaviour of resource consumption
Make;When second threshold reaches, surplus is extremely limited at this time, but fairly simple due to limiting or abandoning operation, to place
It is very low to manage resource consumption, therefore the remaining minimal amount of process resource of equipment utilization can still complete these operations.Thus may be used
See the application compared with general processing mode, it is higher to the reasonability of session resource management.
It is worth noting that in the present embodiment, first threshold corresponding to different type Session Resources is different;And/or
Second threshold corresponding to different type Session Resources is different.
In view of creating the performance of Session Resources and itself feature respectively of concurrent Session Resources and the network equipment,
Furtherly, each network equipment maximum newly-built rate allowed and maximum concurrent session number can be different, so
When first threshold and second threshold are set, one kind is achieved in that, is created the first threshold of Session Resources and concurrently can
The first threshold for talking about resource is also possible to second thresholds and concurrent Session Resources different, but that create Session Resources in setting
Second threshold setting when can be identical.
Another kind is achieved in that the second threshold of the second threshold and concurrent Session Resources that create session can in setting
To be different, but the first threshold of newly-built Session Resources and the first threshold of concurrent Session Resources are also possible to phase in setting
With.Another kind is achieved in that, creates the first threshold of Session Resources and the first threshold of concurrent Session Resources in setting
It is also possible to different, also, the second threshold of the second threshold of newly-built session and concurrent Session Resources can also be in setting
It is different.
In the present embodiment, after the network equipment determines IPmax, the IPmax can be limited or reduced to Session Resources
Occupancy, concrete mode is as follows:
When Session Resources are newly-built Session Resources, packet loss that the network equipment can send the IPmax.And works as and be somebody's turn to do
When Session Resources are Session Resources based on TCP, packet loss that the network equipment can not only send the IPmax.It can be with
RESET message further is sent to the IPmax, to terminate the TCP connection between session setup side corresponding with the IPmax.
When being the newly-built Session Resources for being not based on TCP for Session Resources, such as newly-built Session Resources based on UDP, often
Retransmission mechanism can be provided with.After the packet loss that the network equipment sends this IPmax, which does not receive in the given time
It to after response message, then will start Retransmission timeout mechanism, retransmit the message, and when subsequent network device performance recovery and stop
Only to the limitation of the IPmax after, the network equipment can receive the message of IPmax transmission, and normally be located to the message
Reason, therefore can guarantee the normal business contact in session setup side.
It is the newly-built Session Resources based on TCP for Session Resources, the network equipment sends RESET message to the IPmax, main
If in order to terminate the TCP semi-connection state between session setup side corresponding with the IPmax, the purpose for the arrangement is that in order to protect
Protect the regular traffic contact of session setup side.If not terminating the semi-connection state with it, which still can be to present networks
Equipment sends message, and present networks equipment can only carry out discard processing for the message that this IPmax is sent, this just will affect this
The normal business contact in the corresponding session setup side IPmax.And in this example, the network equipment is terminated and is somebody's turn to do by RESET message
The TCP connection of session setup side can promote session setup side that new link is selected to carry out business contact.
It can be seen that can not only optimize the performance of present networks equipment using the present embodiment, session setup can also be protected
The regular traffic contact of side.
When Session Resources are concurrent Session Resources, a kind of optional processing mode of the network equipment is based on preset aging
Duration, by the corresponding concurrent conversation aging of the IPmax.For example, network developer can the IPmax respective session aging when
Length is set as 5s, and after 5s, the network equipment can be by the corresponding all concurrent conversation agings of the IPmax.
Another optional processing mode is that the network equipment can traverse Session Resources table, determines that IPmax is corresponding concurrent
Session Resources, and determine that corresponding each the last of concurrent Session Resources of IPmax uses the time according to recording in Session Resources table,
Preset time range is determined do not occur in preset time range with last be compared using the time of each session
The concurrent session of data interaction, and by its aging immediately.For example, it is assumed that preset time range is 30min, current time is
13:30, then the network equipment can be by the corresponding last concurrent session aging immediately using the time before 13:00 of the IPmax.
Another optional processing mode is can also to use above two mode simultaneously, limit or reduce the IPmax
To the occupancy of Session Resources.For example, it is assumed that a length of 5s when default aging, preset time range are 30min, current time is
13:30.When simultaneously using above two method, in order to accelerate the recycling to network equipment Session Resources, the network equipment can be with
Above-mentioned second method is first used, by the corresponding last concurrent session aging immediately using the time before 13:00 of IPmax,
In conjunction with first method, based on default ageing time 5s, by the IPmax corresponding last use time in 13:00 to 13 after 5s:
Concurrent conversation aging between 30.
When Session Resources are the concurrent Session Resources based on TCP, the network equipment can not only take aforesaid way to limit
Or reduce the corresponding concurrent Session Resources occupancy of IPmax, can also further respectively to the IPmax for initiating session and with
The opposite end that IPmax conversates sends TCP RESET message, terminates between IPmax and the opposite end to conversate with the IPmax
TCP connection.The purpose done so and above-mentioned Session Resources are newly-built Session Resources, and the mesh of unidirectional RESET message is sent to IPmax
It is consistent, i.e. the regular traffic contact of protection session setup side while optimizing the service process performance of present networks equipment, here,
It repeats no more.
In the present embodiment, by the limitation of the above-mentioned Session Resources occupancy to IPmax or reduce operation after, when
When the corresponding Session Resources occupancy of IPmax is no more than third threshold value, the network equipment can stop limitation or drop to the IPmax
Reduction process allows the IPmax to create session.
It is worth noting that, the setting of third threshold value is the Session Resources occupancy for IPmax, rather than it is directed to network
The Session Resources rate of equipment.In other words, when the corresponding Session Resources occupancy of IPmax is reduced under third threshold value
When, it can not illustrate that the Session Resources occupancy of the network equipment can be reduced under first threshold.When the corresponding session of IPmax
When resources occupation rate is reduced under third threshold value, if the Session Resources occupancy of the network equipment is still higher than first threshold,
The above-mentioned statistic processes to the corresponding Session Resources occupancy of IP address for initiating session can then be continued, and in the network equipment
When Session Resources occupancy reaches second threshold, determine IPmax at this time, and the Session Resources that it is occupied carry out limitation or
Reduce operation.
When setting third threshold value, can be set according to the particular use of the present embodiment.For example, working as the present embodiment master
When being used to prevent attack, third threshold value can set smaller.Because launching a offensive when this equipment is by network attack
The Session Resources for the network equipment that IP is occupied are far longer than the Session Resources of other IP occupancy, in other words, what this was launched a offensive
IP address occupies most of Session Resources of the network equipment.For example, the newly-built rate for the IP address launched a offensive is per second 50,000
It is a, and the newly-built rate of other IP address is only 1000 per second, at this point, when setting third threshold value, by third threshold
Value is configured more as small as possible, is accounted for this to reduce the IP address launched a offensive rapidly to present networks equipment session resource
With.
And if the present embodiment is mainly used for the Session Resources that management occupies this equipment for regular traffic, third threshold value
Setting can be suitably big.Since when regular traffic occupies the Session Resources of this equipment, each IP address for initiating session
The Session Resources of occupancy be generally in a level, for example, IP1 occupy newly-built rate be 1000 per second, IP2's
Newly-built rate is 980 per second, and the order of magnitude of IP3 is 1500 per second.At this point, can be suitably by the setting of third threshold value
Ground suitably reduces the corresponding Session Resources occupancy of each IP address more greatly, with this.
By above embodiments it is found that the network equipment is by the improvement to session resource management mechanism, when the network equipment
When Session Resources occupancy reaches first threshold, the network equipment can count meeting corresponding to the IP address of each session setup side
Talk about resources occupation rate;It, can be based on each meeting counted when the Session Resources occupancy of the network equipment reaches second threshold
The corresponding Session Resources occupancy of IP address of initiator is talked about, the maximum IP address of Session Resources occupancy is obtained;When session provides
When source is newly-built Session Resources, the network equipment can lose the message received from the maximum IP address of Session Resources occupancy
It abandons.When above-mentioned Session Resources are concurrent Session Resources, the network equipment can be based on preset ageing time, and the session is provided
The corresponding concurrent conversation aging of the maximum IP address of source occupancy, or the maximum IP address of the Session Resources occupancy is corresponding
Do not occur the concurrent conversation aging of data interaction in preset time range.
On the one hand, when the Session Resources occupancy of equipment due to monitoring when the network equipment itself is excessive, network is set
It is standby the maximum IP address of Session Resources occupancy to be limited, its occupied Session Resources is discharged, so that session provides
Source is available reasonably to be recycled.
On the other hand, since the above-mentioned network equipment can be directed to different Session Resources, it is reduced in different ways
Resources occupation rate accelerates recycling of the network equipment to Session Resources.Therefore, it can effectively improve at the business of equipment
Rationality energy.
Below with reference to some specific application scenarios, application scheme is illustrated:
Scene one:
Be below newly-built Session Resources with Session Resources, Session Resources occupancy for creating the scene of rate characterization,
The above method is described in detail.
It is assumed that the network equipment and N number of session setup side have carried out session interaction.The IP address of this N number of session setup side point
Not Wei IP1, IP2, IP3 to IPN.The CPU of the network equipment maximum newly-built rate allowed is 500,000 per second, it is assumed that first
Threshold value is 350,000 per second, and second threshold is 450,000 per second, and third threshold value is that current maximum newly-built rate IP is corresponding newly-built
The 80% of rate.
When the newly-built rate that the network equipment checks this equipment reaches 350,000 per second, each initiation session can be counted
The corresponding newly-built rate of IP address.
In the newly-built rate of each IP address of the newly-built rate and initiation session of statistics network equipment, week can will be counted
Phase is set as 1s, counts the newly-built session number and each corresponding newly-built session number of IP for initiating session of the network equipment in 1s.
When the network equipment detects that the newly-built rate of this equipment reaches 450,000 per second, IP1 can be based respectively on extremely
The corresponding newly-built rate in the address IPN obtains the IP address of maximum newly-built rate.
Assuming that IP1, IP2, IP3 be into IPN, the corresponding newly-built rate of IP3 is maximum, for 20000 per second then the network set
It is standby available to IP3.
After getting IP3, which can limit or reduce the corresponding newly-built rate in the address IP3.Specifically
Ground mode of operation is as follows:
The network equipment can will be from the received newly-built session packet loss in the address IP3.
Alternatively, the network equipment is not when the corresponding Session Resources of the address IP3 are the newly-built Session Resources based on TCP
It can will can also only be sent out from the received newly-built session packet loss in the address IP3 to the corresponding session setup side in the address IP3
RESET message is sent, the TCP connection with the session setup side is terminated.
After above-mentioned limitation or reducing operation, when the network equipment detects the corresponding newly-built rate in the above-mentioned address IP3
When no more than third threshold value when (160,000,000 per second), the limitation of the address IP3 can be released, the address IP3 is allowed to establish
New session.
If after stopping to the limitation of this address IP3, when the newly-built rate of the network equipment is still above 350,000 per second,
It then repeats the above process, limits or reduce the current newly-built maximum IP address of rate to the occupancy of newly-built Session Resources, here,
It repeats no more.
It is new when the network equipment by above embodiments it is found that the network equipment can detecte the newly-built rate of equipment itself
When building rate and reaching first threshold, the network equipment can count newly-built rate corresponding to the IP address of each session setup side;
It, can be corresponding based on the IP address of each session setup side counted when the newly-built rate of the network equipment reaches second threshold
Newly-built rate, obtain the newly-built maximum IP address of rate;It is maximum that the network equipment can limit or reduce the newly-built rate
Occupancy of the IP address to the Session Resources.
Since when the newly-built rate of the network equipment is excessive, the network equipment is with can carrying out IP maximum to newly-built rate
Location limitation or reduction processing, discharge its occupied Session Resources, Session Resources are rationally recycled in time.Cause
This, can effectively improve the service process performance of equipment.
Scene two:
Below with Session Resources for concurrent Session Resources, Session Resources occupancy is with the scene that concurrent session number characterizes
Example, is described in detail the above method.
It is assumed that the network equipment and N number of session setup side have carried out session interaction.The IP address of this N number of session setup side point
Not Wei IP1, IP2, IP3 to IPN.The memory of the network equipment maximum concurrent session number allowed is 1,000,000, it is assumed that first
Threshold value is 700,000, and second threshold is 900,000, and third threshold value is the corresponding concurrent session number of the concurrent session number IP of current maximum
80%.Default ageing time is 5s, and preset time range is 30 minutes.
When the concurrent session number that the network equipment checks this equipment reaches 700,000, each session setup side can be counted
The corresponding concurrent session number of IP address.
In the concurrent session value of each IP address of the concurrent session value and initiation session of statistics network equipment, can will adopt
Sample cycle set is 1s, and corresponding simultaneously with the concurrent session number of the sampling period statistics network equipment and each IP for initiating session
Send out session number.
When the concurrent session number that the network equipment checks this equipment reaches 900,000, IP1 can be based respectively on to IPN
The corresponding concurrent session number in address obtains the IP address of maximum concurrent session number.Assuming that IP1, IP2, IP3 be into IPN, IP3 pairs
The newly-built rate answered is maximum, is 50000 per second, then the network equipment is available arrives IP3.
After getting the address IP3, a kind of optional processing mode of the network equipment is based on default ageing time 5s, in 5s
Afterwards by the corresponding concurrent conversation aging of IP3.
Another optional processing mode is that network equipment can traverse Session Resources table, is based on concurrent Session Resources table
The corresponding Session Resources of the IP3 of the middle record last use time, (i.e. 30 minutes) are determined in the corresponding preset time range of IP3
Do not occur the concurrent session of data interaction, and by the conversation aging.Assuming that current time is 13:30, then the network equipment can incite somebody to action
The corresponding last concurrent session aging immediately using the time before 13:00 of the IPmax.
Another optional processing mode is that the network equipment can also use above two mode simultaneously, limiting or
The address IP3 is reduced to the occupancy of its corresponding concurrent Session Resources.The network equipment can first use above-mentioned second method, will
The corresponding last concurrent session aging immediately using the time before 13:00 of IPmax, in conjunction with first method, based on pre-
If after ageing time 5s, 5s by IPmax it is corresponding it is last using the time in 13:00 to the concurrent conversation aging between 13:30.
When the corresponding session of IP3 is the concurrent session based on TCP, which can not only be based on aforesaid operations,
By its corresponding concurrent conversation aging, TCP RESET message can also be sent to IPmax and the opposite end to conversate with IPmax,
Terminate the TCP connection between the IPmax and the opposite end to conversate with the IPmax.
After above-mentioned limitation or reducing operation, when detecting that the corresponding concurrent session number in the above-mentioned address IP3 is no more than
When third threshold value when (40000 per second), the limitation of the address IP3 can be released, the address IP3 is allowed to establish new meeting
Words.
If the concurrent session number of the network equipment is still above 700,000 per second after releasing to the limitation of this address IP3
When, then it repeats the above process, limits or reduce the current concurrent maximum IP address of session number to the occupancy of concurrent Session Resources,
Here, repeating no more.
It is concurrent when the network equipment by above embodiments it is found that the network equipment can detecte the concurrent session number of itself
When session number reaches first threshold, the network equipment can count concurrent session number corresponding to each IP address for initiating session;
It, can be based on the IP address pair of each session setup side counted when the concurrent session number of the network equipment reaches second threshold
The concurrent session number answered obtains the maximum IP address of concurrent session number;The network equipment can limit or reduce the concurrent session
Occupancy of the maximum IP address of number to the Session Resources.
Due to when the concurrent session number of the network equipment is excessive, the network equipment can IP maximum to concurrent session number
Location is limited, and is discharged its occupied Session Resources, is reasonably recycled so that Session Resources are available.Therefore, may be used
To effectively improve the service process performance of equipment.
Corresponding with the embodiment of aforementioned session resource management method, present invention also provides session resource management devices
Embodiment.
The embodiment of the application session resource management device can be using on network devices.Installation practice can pass through
Software realization can also be realized by way of hardware or software and hardware combining.Taking software implementation as an example, it anticipates as a logic
Device in justice is by the processor of the network equipment where it by computer program instructions corresponding in nonvolatile memory
It is read into memory what operation was formed.For hardware view, as shown in Fig. 2, where the application session resource management device
A kind of hardware structure diagram of the network equipment, in addition to processor shown in Fig. 2, memory, network interface and nonvolatile memory
Except, the network equipment in embodiment where device can also include that other are hard generally according to the actual functional capability of the session management
Part repeats no more this.
Referring to FIG. 3, Fig. 3 is a kind of block diagram of session resource management device shown in one exemplary embodiment of the application.
Described device includes: statistical module 310, determining module 320 and limitation module 330.
Statistical module 310, for when the Session Resources occupancy of the network equipment reaches preset first threshold, statistics to be each
Initiate the corresponding Session Resources occupancy of session IP address;
Determining module 320, for when the Session Resources occupancy of the network equipment reaches second threshold, based on what is counted
The corresponding Session Resources occupancy of each initiation session IP address, determines the maximum IP address of Session Resources occupancy
(IPmax);Wherein, the second threshold is greater than the first threshold;
Module 330 is limited, for limiting or reducing IPmax to the occupancy of the Session Resources, to accelerate the recycling of this equipment
Session Resources.
In an optional implementation, the limitation module, comprising: first abandons submodule, for working as the meeting
When to talk about resource be newly-built Session Resources, the packet loss that will be sent from the IPmax.
In another optional implementation, the limitation module, comprising: second abandons submodule, for when described
When Session Resources are the newly-built Session Resources based on TCP, by the packet loss of IPmax transmission;First sending submodule, for
IPmax sends TCP RESET message.
In another optional implementation, the limitation module, comprising: the first aging submodule, for when described
When Session Resources are concurrent Session Resources, it is based on preset aging duration, by the corresponding concurrent conversation aging of the IPmax;With/
Or, the second aging submodule, for the corresponding concurrent session for not occurring data interaction in preset time range of IPmax is old
Change.
In another optional implementation, the second aging submodule, comprising: Traversal Unit, for traversing simultaneously
Session Resources table is sent out, determines the corresponding concurrent Session Resources of IPmax;Determination unit is remembered in concurrent Session Resources table for being based on
Corresponding the last of each concurrent Session Resources of the IPmax of record uses the time, and determination does not occur data in preset time range
Interactive concurrent session;Aged cell, for the concurrent session for not occurring data interaction in preset time range is old
Change.
In another optional implementation, the limitation module, comprising: the second sending submodule, for respectively to
IPmax and the opposite end to conversate with the IPmax send TCP RESET message, with terminate the IPmax and with the IPmax into
TCP connection between the opposite end of guild's words.
In another optional implementation, described device further include:
Stopping modular 340 when being no more than third threshold value for the corresponding Session Resources occupancy of the IPmax, stops
The limitation or reduction of IPmax is handled;Wherein, the third threshold value is less than second threshold.
In another optional implementation, first threshold corresponding to different type Session Resources is different;And/or not
Second threshold corresponding to same type Session Resources is different.
The function of each unit and the realization process of effect are specifically detailed in the above method and correspond to step in above-mentioned apparatus
Realization process, details are not described herein.
For device embodiment, since it corresponds essentially to embodiment of the method, so related place is referring to method reality
Apply the part explanation of example.The apparatus embodiments described above are merely exemplary, wherein described be used as separation unit
The unit of explanation may or may not be physically separated, and component shown as a unit can be or can also be with
It is not physical unit, it can it is in one place, or may be distributed over multiple network units.It can be according to actual
The purpose for needing to select some or all of the modules therein to realize application scheme.Those of ordinary skill in the art are not paying
Out in the case where creative work, it can understand and implement.
The foregoing is merely the preferred embodiments of the application, not to limit the application, all essences in the application
Within mind and principle, any modification, equivalent substitution, improvement and etc. done be should be included within the scope of the application protection.
Claims (16)
1. a kind of session resource management method is applied to the network equipment, which is characterized in that the described method includes:
When the Session Resources occupancy of the network equipment reaches preset first threshold, it is corresponding to count each initiation session IP address
Session Resources occupancy;
When the Session Resources occupancy of the network equipment reaches second threshold, based on each initiation session IP address counted
Corresponding Session Resources occupancy determines the maximum IP address of Session Resources occupancy (IPmax);Wherein, the second threshold
Greater than the first threshold;
Limitation reduces IPmax to the occupancy of the Session Resources, to accelerate this equipment recycling Session Resources.
2. the method according to claim 1, wherein the limitation or reduction IPmax are to the Session Resources
It occupies, comprising:
When the Session Resources are newly-built Session Resources, the packet loss that will be sent from the IPmax.
3. the method according to claim 1, wherein the limitation or reduction IPmax are to the Session Resources
It occupies, comprising:
When the Session Resources are the newly-built Session Resources based on TCP, by the packet loss of IPmax transmission;
TCP RESET message is sent to IPmax.
4. the method according to claim 1, wherein the limitation or reduction IPmax are to the Session Resources
It occupies, comprising:
When the Session Resources are concurrent Session Resources, it is based on preset aging duration, concurrently can the IPmax is corresponding
Talk about aging;
And/or by the corresponding concurrent conversation aging for not occurring data interaction in preset time range of IPmax.
5. according to the method described in claim 4, it is characterized in that, described that IPmax is corresponding in preset time range not
There is the concurrent conversation aging of data interaction, comprising:
Concurrent Session Resources table is traversed, determines the corresponding concurrent Session Resources of IPmax;
The time is used based on corresponding each the last of concurrent Session Resources of the IPmax recorded in concurrent Session Resources table, is determined
Do not occur the concurrent session of data interaction in preset time range;
By the concurrent conversation aging for not occurring data interaction in preset time range.
6. according to the method described in claim 4, it is characterized in that, the limitation or reduction IPmax are to the Session Resources
It occupies, comprising:
The opposite end to conversate respectively to IPmax and with the IPmax sends TCP RESET message, with terminate the IPmax and with
The TCP connection between opposite end that the IPmax conversates.
7. the method according to claim 1, wherein the method also includes:
When the corresponding Session Resources occupancy of the IPmax is no more than third threshold value, stop at the limitation or reduction of IPmax
Reason;Wherein, the third threshold value is less than second threshold.
8. the method according to claim 1, wherein first threshold corresponding to different type Session Resources is not
Together;And/or second threshold corresponding to different type Session Resources is different.
9. a kind of session resource management device, which is characterized in that described device includes:
Statistical module, for counting each initiation meeting when the Session Resources occupancy of the network equipment reaches preset first threshold
Talk about the corresponding Session Resources occupancy of IP address;
Determining module, it is described each based on what is counted for when the Session Resources occupancy of the network equipment reaches second threshold
The corresponding Session Resources occupancy of session IP address is initiated, determines the maximum IP address of Session Resources occupancy (IPmax);Its
In, the second threshold is greater than the first threshold;
Module is limited, for limiting or reducing IPmax to the occupancy of the Session Resources, to accelerate this equipment recycling session money
Source.
10. device according to claim 9, which is characterized in that the limitation module, comprising:
First abandons submodule, the message for will send from the IPmax when the Session Resources are newly-built Session Resources
It abandons.
11. device according to claim 9, which is characterized in that the limitation module, comprising:
Second abandons submodule, for when the Session Resources are the newly-built Session Resources based on TCP, IPmax to be sent
Packet loss;
First sending submodule, for sending TCP RESET message to IPmax.
12. device according to claim 9, which is characterized in that the limitation module, comprising:
First aging submodule, for preset aging duration being based on, by institute when the Session Resources are concurrent Session Resources
State the corresponding concurrent conversation aging of IPmax;
And/or the second aging submodule, for by IPmax it is corresponding do not occur in preset time range data interaction and
Send out conversation aging.
13. device according to claim 12, which is characterized in that the second aging submodule, comprising:
Traversal Unit determines the corresponding concurrent Session Resources of IPmax for traversing concurrent Session Resources table;
Determination unit, for based on the last of the corresponding each concurrent Session Resources of the IPmax recorded in concurrent Session Resources table
Using the time, determine do not occur the concurrent session of data interaction in preset time range;
Aged cell, for by the concurrent conversation aging for not occurring data interaction in preset time range.
14. device according to claim 12, which is characterized in that the limitation module, comprising:
Second sending submodule, for sending TCP RESET message to IPmax and the opposite end to conversate with the IPmax respectively,
To terminate the TCP connection between the IPmax and the opposite end to conversate with the IPmax.
15. device according to claim 9, which is characterized in that described device further include:
Stop unit, for stopping IPmax's when the corresponding Session Resources occupancy of the IPmax is no more than third threshold value
Limitation or reduction processing;Wherein, the third threshold value is less than second threshold.
16. device according to claim 9, which is characterized in that first threshold corresponding to different type Session Resources is not
Together;And/or second threshold corresponding to different type Session Resources is different.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610834921.7A CN106230649B (en) | 2016-09-20 | 2016-09-20 | Session resource management method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610834921.7A CN106230649B (en) | 2016-09-20 | 2016-09-20 | Session resource management method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106230649A CN106230649A (en) | 2016-12-14 |
CN106230649B true CN106230649B (en) | 2019-07-09 |
Family
ID=58075791
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610834921.7A Active CN106230649B (en) | 2016-09-20 | 2016-09-20 | Session resource management method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106230649B (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107547634B (en) * | 2017-07-28 | 2020-11-03 | 新华三信息安全技术有限公司 | Session management method and device |
CN110944004B (en) * | 2019-09-12 | 2021-09-10 | 腾讯科技(深圳)有限公司 | Data processing method, device, storage medium and equipment in block chain network |
CN113163029B (en) * | 2021-05-20 | 2023-06-30 | 厦门亿联网络技术股份有限公司 | Network session account deployment method, device, terminal, server and storage medium |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103823712A (en) * | 2014-03-17 | 2014-05-28 | 杭州华三通信技术有限公司 | Data flow processing method and device for multi-CPU virtual machine system |
CN103927230A (en) * | 2014-03-25 | 2014-07-16 | 优视科技有限公司 | Memory usage feedback method and device |
CN104778086A (en) * | 2015-04-15 | 2015-07-15 | 天脉聚源(北京)教育科技有限公司 | Method and device for releasing resources |
CN104991822A (en) * | 2015-06-30 | 2015-10-21 | 浪潮(北京)电子信息产业有限公司 | Memory management method and apparatus |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8582454B2 (en) * | 2010-04-08 | 2013-11-12 | Netscout Systems, Inc. | Real-time adaptive processing of network data packets for analysis |
-
2016
- 2016-09-20 CN CN201610834921.7A patent/CN106230649B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103823712A (en) * | 2014-03-17 | 2014-05-28 | 杭州华三通信技术有限公司 | Data flow processing method and device for multi-CPU virtual machine system |
CN103927230A (en) * | 2014-03-25 | 2014-07-16 | 优视科技有限公司 | Memory usage feedback method and device |
CN104778086A (en) * | 2015-04-15 | 2015-07-15 | 天脉聚源(北京)教育科技有限公司 | Method and device for releasing resources |
CN104991822A (en) * | 2015-06-30 | 2015-10-21 | 浪潮(北京)电子信息产业有限公司 | Memory management method and apparatus |
Also Published As
Publication number | Publication date |
---|---|
CN106230649A (en) | 2016-12-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106230649B (en) | Session resource management method and device | |
JP2004511930A5 (en) | ||
CN107547442B (en) | Data transmission buffer queue distribution method and device | |
WO2017035717A1 (en) | Distributed denial of service attack detection method and associated device | |
JP2016163180A (en) | Communication system, communication method, and program | |
CN102404206A (en) | Enqueueing processing method and device | |
US10033612B2 (en) | Adaptive signaling for network performance measurement, access, and control | |
CN102368729A (en) | Accurate network speed limit method at non-realtime system | |
CN110336759B (en) | RDMA (remote direct memory Access) -based protocol message forwarding method and device | |
CN109347760B (en) | Data sending method and device | |
Carlucci et al. | Making Google Congestion Control robust over Wi-Fi networks using packet grouping | |
US7694180B2 (en) | Collecting debug information according to user-driven conditions | |
CN103023723A (en) | Method for performing iSCSI (internet small computer system interface) multipath test in linux environment | |
EP3863234B1 (en) | Adaptive signaling for network performance measurement, access, and control | |
US11108656B1 (en) | Techniques for allocating and managing telecommunication resources | |
US8948211B2 (en) | Performance evaluation of a communications network using jitter parameter values | |
JP5128556B2 (en) | Traffic information collecting apparatus, traffic information collecting method and program thereof | |
CN105100297B (en) | A kind of method for processing resource and device | |
Yavas et al. | Strict prioritization of new requests over retransmissions for enhancing scalability of SIP servers | |
Li et al. | Session-aware congestion control for TCP Incast in datacenter networks | |
Tinnakornsrisuphap et al. | TCP traffic modeling via limit theorems | |
CN105959242A (en) | Message sending method and device | |
CN106330574B (en) | Flow analysis method and device | |
US11258712B2 (en) | Resource efficient forwarding of guaranteed and non-guaranteed data packets | |
Li et al. | Adaptive rate control for TCP Incast based on selective ECN-marking |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information | ||
CB02 | Change of applicant information |
Address after: Binjiang District and Hangzhou city in Zhejiang Province Road 310051 No. 68 in the 6 storey building Applicant after: Hangzhou Dipu Polytron Technologies Inc Address before: Binjiang District and Hangzhou city in Zhejiang Province Road 310051 No. 68 in the 6 storey building Applicant before: Hangzhou Dipu Technology Co., Ltd. |
|
GR01 | Patent grant | ||
GR01 | Patent grant |