CN106230649B - Session resource management method and device - Google Patents

Session resource management method and device Download PDF

Info

Publication number
CN106230649B
CN106230649B CN201610834921.7A CN201610834921A CN106230649B CN 106230649 B CN106230649 B CN 106230649B CN 201610834921 A CN201610834921 A CN 201610834921A CN 106230649 B CN106230649 B CN 106230649B
Authority
CN
China
Prior art keywords
session
ipmax
session resources
threshold
resources
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610834921.7A
Other languages
Chinese (zh)
Other versions
CN106230649A (en
Inventor
袁野
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou DPTech Technologies Co Ltd
Original Assignee
Hangzhou DPTech Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou DPTech Technologies Co Ltd filed Critical Hangzhou DPTech Technologies Co Ltd
Priority to CN201610834921.7A priority Critical patent/CN106230649B/en
Publication of CN106230649A publication Critical patent/CN106230649A/en
Application granted granted Critical
Publication of CN106230649B publication Critical patent/CN106230649B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/142Network analysis or design using statistical or mathematical methods
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0876Network utilisation, e.g. volume of load or congestion level
    • H04L43/0882Utilisation of link capacity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/16Threshold monitoring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/70Admission control; Resource allocation
    • H04L47/76Admission control; Resource allocation using dynamic resource allocation, e.g. in-call renegotiation requested by the user or requested by the network in response to changing network conditions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management

Abstract

The application provides a kind of session resource management method and device, which comprises when the Session Resources occupancy of the network equipment reaches preset first threshold, counts the corresponding Session Resources occupancy of each initiation session IP address;When the Session Resources occupancy of the network equipment reaches second threshold, based on the corresponding Session Resources occupancy of each initiation session IP address counted, the maximum IP address of Session Resources occupancy (IPmax) is determined;Wherein, the second threshold is greater than the first threshold;Limitation reduces IPmax to the occupancy of the Session Resources, to accelerate this equipment recycling Session Resources.Using the embodiment of the present application, the service process performance of the network equipment can be effectively improved.

Description

Session resource management method and device
Technical field
This application involves computer communication field more particularly to session resource management method and devices.
Background technique
Due to the continuous growth of the data traffic on various networks, the performance requirement of the network equipment is constantly promoted.Another party Face, with the appearance of the various application demands including such as safety and access control, for the network equipment performance requirement into One step improves.How reasonable management is carried out to the process resource of the existing network equipment and achievees the purpose that performance optimization is always industry The direction of constant quest.
Summary of the invention
In view of this, the application provides a kind of session resource management method and device, to improve the business of the network equipment Process performance.
Specifically, the application is achieved by the following technical solution:
According to the embodiment of the present application in a first aspect, a kind of session resource management method is provided, applied to the network equipment, institute The method of stating includes:
When the Session Resources occupancy of the network equipment reaches preset first threshold, each initiation session IP address pair is counted The Session Resources occupancy answered;
When the Session Resources occupancy of the network equipment reaches second threshold, based on each initiation session IP counted The corresponding Session Resources occupancy in address, determines the maximum IP address of Session Resources occupancy (IPmax);Wherein, described second Threshold value is greater than the first threshold;
Limitation reduces IPmax to the occupancy of the Session Resources, to accelerate this equipment recycling Session Resources.
According to the second aspect of the embodiment of the present application, a kind of session resource management device is provided, described device includes:
Statistic unit, for counting each hair when the Session Resources occupancy of the network equipment reaches preset first threshold Play the corresponding Session Resources occupancy of session IP address;
Determination unit, for when the Session Resources occupancy of the network equipment reaches second threshold, based on the institute counted The corresponding Session Resources occupancy of each initiation session IP address is stated, determines the maximum IP address of Session Resources occupancy (IPmax); Wherein, the second threshold is greater than the first threshold;
Limiting unit, for limiting or reducing IPmax to the occupancy of the Session Resources, to accelerate the recycling session of this equipment Resource.
A kind of method that the embodiment of the present application proposes new session resource management, the network equipment is by recycling Session Resources The improvement of mechanism, when the Session Resources occupancy of the network equipment reaches first threshold, the network equipment can count each initiation Session Resources occupancy corresponding to the IP address of session;When the Session Resources occupancy of the network equipment reaches second threshold, Can the corresponding Session Resources occupancy of IP address based on each initiation session counted, obtain Session Resources occupancy most Big IP address (IPmax);Network equipment limitation reduces IPmax to the occupancy of the Session Resources, is returned with accelerating this equipment Receive Session Resources.Wherein, the second threshold is greater than the first threshold;
Since when the Session Resources occupancy of the network equipment is excessive, the network equipment can be to Session Resources occupancy most Big IP address is limited, and discharges its occupied Session Resources, Session Resources are rationally recycled in time.Cause This, can effectively improve the service process performance of equipment.
Detailed description of the invention
Fig. 1 is a kind of flow chart of session resource management method shown in one exemplary embodiment of the application;
Fig. 2 is a kind of hardware configuration of session resource management device place equipment shown in one exemplary embodiment of the application Figure;
Fig. 3 is a kind of block diagram of session resource management device shown in one exemplary embodiment of the application.
Specific embodiment
Example embodiments are described in detail here, and the example is illustrated in the accompanying drawings.Following description is related to When attached drawing, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements.Following exemplary embodiment Described in embodiment do not represent all embodiments consistent with the application.On the contrary, they be only with it is such as appended The example of the consistent device and method of some aspects be described in detail in claims, the application.
It is only to be not intended to be limiting the application merely for for the purpose of describing particular embodiments in term used in this application. It is also intended in the application and the "an" of singular used in the attached claims, " described " and "the" including majority Form, unless the context clearly indicates other meaning.It is also understood that term "and/or" used herein refers to and wraps It may be combined containing one or more associated any or all of project listed.
It will be appreciated that though various information, but this may be described using term first, second, third, etc. in the application A little information should not necessarily be limited by these terms.These terms are only used to for same type of information being distinguished from each other out.For example, not departing from In the case where the application range, the first information can also be referred to as the second information, and similarly, the second information can also be referred to as One information.Depending on context, word as used in this " if " can be construed to " ... when " or " when ... When " or " in response to determination ".
Session Resources are the valuable sources of the network equipment, it can determine the service process performance of the network equipment, network Equipment needs to distribute the process resource of considerable CPU and memory for a large amount of session, these process resources are in this application Referred to as Session Resources.When Session Resources occupancy is excessively high, the service process performance of the network equipment may be declined.In reality In the application of border, above-mentioned Session Resources generally include newly-built Session Resources and concurrent Session Resources.
Newly-built Session Resources are the newly-built occupied resource of newly-built session with session initiator of the network equipment, are relied primarily on It is handled in the CPU of the network equipment.Under normal conditions, newly-built Session Resources can be characterized with the rate of newly-built session Occupancy, such as newly-built session per second 100.When the newly-built rate of the network equipment meets or exceeds network equipment design rule When maximum in lattice creates rate, CPU can be caused to be continuously in high-end trim, seriously affect CPU to the process performance of business.
Concurrent Session Resources are that the network equipment and session initiator keep the bipartite occupied process resource of session, It changes for an angle, concurrent Session Resources refer to the process resource that the session that those have had built up needs to occupy, these processing Resource is largely the memory source of the network equipment.Under normal conditions, concurrent Session Resources can be characterized with concurrent session number Occupancy.When developer or network administrator according to business do not need rationally to be arranged the aging of concurrent session well Between when, the memory source of the network equipment can be made to be occupied by a large amount of useless session, memory source is caused to waste, and then influence net The performance of network equipment.
And in embodiments of the present invention, the network equipment can be by detecting itself resources occupation rate, when the network equipment When resources occupation rate reaches first threshold, the corresponding Session Resources occupancy of each IP address of session setup side can be counted, And Session Resources occupancy maximum can be limited or reduced when the Session Resources occupancy of the network equipment reaches second threshold IP address to the occupancy of the network equipment Session Resources, the Session Resources of equipment are reasonably recycled in time, can Effectively to limit or reduce the Session Resources occupancy of the network equipment, the service process performance of the network equipment is improved.
It is a kind of flow chart of session resource management method shown in one exemplary embodiment of the application referring to Fig. 1, Fig. 1, The method of the Session Resources recycling is applied to the network equipment, specifically includes step as follows:
Step 101: when the Session Resources occupancy of the network equipment reaches preset first threshold, counting each initiation session The corresponding Session Resources occupancy of IP address;
In embodiments of the present invention, the network equipment can be with shorter measurement period, or even almost mode is united in real time Its Session Resources occupancy is counted, when the Session Resources occupancy of the network equipment reaches first threshold, each hair can be counted Play Session Resources occupancy corresponding to the IP address of session.
For the statistics of the Session Resources occupancy of the network equipment, can be completed based on following steps.
When Session Resources are newly-built Session Resources, it is generally the case that characterize the type session to session with newly-built rate The occupancy situation of resource.When the Session Resources occupancy to the network equipment counts, one can be set compared with ankle meter week It phase, counts the number of newly-built session all in this period, and indicates to create rate in this this period with this.
Due to create rate calculating be based on measurement period, so when measurement period setting it is too long when, may nothing Method accurately indicates the newly-built rate of each period in the period.Such as, it is assumed that measurement period is 10 seconds, in preceding 5s, creates meeting Talking about number is 1000, and it is 100 that session number is created in latter five seconds, and is based on above-mentioned statistical method, each in this 10 seconds The newly-built rate at a moment is 110/s, and the newly-built rate of the 110/s just can not accurately characterize after 5 seconds newly-built speed Rate.And measurement period setting is too low, performance of network equipments possibly can not be supported for excessively short-period statistics.
In practical applications, for the setting of the measurement period of newly-built rate, generally with one second or lower period For the period, and for measurement period more smaller than one second, generally determined according to the performance of the network equipment.Certainly, it is here Illustratively, the setting of this measurement period also has relationship with the performance of the network equipment, and developer can be according to distinct device Performance select different measurement periods.
When Session Resources are concurrent Session Resources, it is generally the case that characterize such with the concurrent session number at each moment Occupancy situation of the session of type to Session Resources.When the Session Resources occupancy to the network equipment counts, the network equipment The number of concurrent session can be counted based on the sampling period of setting.The number of the concurrent session counted can be with table Show the concurrent session number at a moment.The sampling period indicates the time interval for counting the number of concurrent session twice.Than Such as, it is assumed that sampling period 1s, then the network equipment can count the number of concurrent session at this time at 0 moment, 1s this The number of concurrent session at this time can be counted when the moment again.
Setting for the sampling period works as the sampling period since the setting in sampling period will receive the restriction of equipment performance When too small, the performance of the network equipment possibly can not support the sampling in too short sampling period.And the setting in sampling period it is excessive when, then It is possible that the situation of collection result inaccuracy.In practical applications, will usually be set as in the sampling period one second or lower Period generally determined according to the performance of the network equipment and for the sampling period more smaller than one second.Certainly, here only It is exemplary, the setting in this sampling period also has relationship with the performance of the network equipment, and developer can set according to difference Standby performance selects the different sampling periods.
The network equipment can by above-mentioned statistical method by almost in real time in a manner of count the Session Resources of the network equipment Occupancy can count each IP for initiating session after the Session Resources occupancy for detecting the network equipment is more than first threshold The occupancy of the corresponding Session Resources in address.
Herein, it is worth noting that, above-mentioned first threshold counts each IP address for initiating session for the network equipment and corresponds to Session Resources occupancy trigger value.Such session money is generally indicated that when Session Resources occupancy reaches first threshold The occupancy in source is excessively high, but overloads the case where can not handling other business completely still without the network equipment is reached.Net at this time The remaining process resource of network equipment still is able to support the processing of above-mentioned statistical work.First threshold setting is excessively high to may cause net The remaining process resource of network equipment can not complete statistical work in time, and subsequent step 102 etc. is caused not handle in time;It was arranged Low possible shortage practical significance.In actual use, developer can make rational planning for according to the actual performance of the network equipment The size of first threshold, for some high performance network equipments, first threshold can be properly increased, for some performances The network equipment on the weak side, first threshold can be reduced suitably.
In the present embodiment, the network equipment can count the corresponding session money of IP address for initiating session in the following way Source occupancy.
When above-mentioned Session Resources are newly-built Session Resources, it is generally the case that characterize the type session pair with newly-built rate The occupancy situation of Session Resources.The newly-built session request message that the network equipment can be sent by receiving session setup side, obtains Its source IP address carried, and the IP address is recorded.The network equipment can pass through the newly-built of above-mentioned statistics network equipment The method of rate carrys out the newly-built rate of the IP address of each initiation session of statistic record, in other words, for initiating the IP of session The statistics of the newly-built rate of address, statistical method is identical as the newly-built statistical method of rate of the above-mentioned network equipment, only counts Unit no longer using the network equipment as unit, but with it is each initiate session IP address be a unit.
When above-mentioned Session Resources are concurrent Session Resources, when Session Resources are concurrent Session Resources, it is generally the case that The occupancy situation of the session to Session Resources of the type is characterized with the concurrent session number at each moment.The network equipment can be by connecing The session message that session setup side is sent is received, the source IP address of its carrying is obtained, and the IP address is recorded.The network equipment Can by the method for the concurrent session number of above-mentioned statistics network equipment come the IP address of each initiation session of statistic record and Session number is sent out, in other words, the statistics of the concurrent session number of the IP address for initiating session, statistical method is set with above-mentioned network The statistical method of standby concurrent session number is identical, and only statistic unit is no longer using the network equipment as unit, but with each initiation The IP address of session is a unit.
Step 102: when the Session Resources occupancy of the network equipment reaches second threshold, based on each hair counted The corresponding Session Resources occupancy of session IP address is played, determines the maximum IP address of Session Resources occupancy (IPmax);Wherein, The second threshold is greater than the first threshold;
Step 103: limitation reduces IPmax to the occupancy of the Session Resources, to accelerate this equipment recycling session money Source.
In the present embodiment, the network equipment will come the service process performance of " early warning " network equipment by first threshold It is affected or " early warning " network equipment can suffer from attack (under normal circumstances, when the network equipment is by attacking, to this The occupied Session Resources of IP address that the network equipment initiates session are significantly larger than the meeting that the IP address that remaining initiates session occupies Talk about resource) and the network equipment determines IPmax when its resources occupation rate reaches second threshold, and limit or reduce the IPmax Occupied Session Resources are reduced or are limited the Session Resources occupancy of the network equipment with this.
The present embodiment does not use a threshold value while triggering statistics and limitation operation, and is set respectively using two threshold values Fixed statistics and limitation or the trigger value for reducing operation, its object is to can also be preferably while optimizing equipment performance Protect the regular traffic contact of session setup side.
It triggers statistics and limitation operation simultaneously with a threshold value, is exactly in other words, when the Session Resources of the network equipment When occupancy reaches the threshold value, the network equipment can count each corresponding Session Resources occupancy of IP address for initiating session, and Limit the Session Resources occupancy of IPmax.
If triggering statistics and limitation operation simultaneously with a threshold value, must be combined when threshold value setting Statistical operation and limitation reduce by two aspect factors of operation, but when combining two aspect factors setting threshold value, tend not to Achieve the effect that " perfection ", but " compromise " of two aspect factors, this means that the setting of threshold value is not very accurate.One side Face, if threshold value setting is excessive, the network equipment possibly can not be counted and be limited operation and just " paralysed ", another party Face, if threshold value setting is too small, the network equipment will be limited IPmax or be reduced in advance operation, such as send IPmax Packet loss, this may will appear unnecessarily abandon session setup side's message situation, thus to a certain extent Affect the regular traffic contact of session setup side.
And when being operated respectively to triggering statistical operation and limitation or reduce using two threshold values, in the setting of two threshold values It waits, can consider statistical operation and limitation or the factor for reducing operation respectively.
Wherein, it when the resources occupation rate of the network equipment reaches second threshold, generally indicates that, the network equipment is without more Resource handles session, and has seriously affected the traffic handing capacity of the network equipment.If second threshold setting is too low, The resources occupation rate for being likely to occur the network equipment reaches " bottleneck " not yet, is just limited IPmax or reduced operation, than The packet loss that such as IPmax is sent, it is possible to influence the regular traffic of session setup side.But if second threshold is arranged Excessively high, second threshold may has not been reached yet in the resources occupation rate of the network equipment, which has just paralysed.So In practical application, developer rationally can be set second threshold according to the performance and actual conditions of the network equipment.
In addition, the setting of second threshold can be greater than first threshold.First threshold is low relative to second threshold, it is meant that the When one threshold value reaches, the process resource of equipment still has certain surplus, can support to count this to the biggish behaviour of resource consumption Make;When second threshold reaches, surplus is extremely limited at this time, but fairly simple due to limiting or abandoning operation, to place It is very low to manage resource consumption, therefore the remaining minimal amount of process resource of equipment utilization can still complete these operations.Thus may be used See the application compared with general processing mode, it is higher to the reasonability of session resource management.
It is worth noting that in the present embodiment, first threshold corresponding to different type Session Resources is different;And/or Second threshold corresponding to different type Session Resources is different.
In view of creating the performance of Session Resources and itself feature respectively of concurrent Session Resources and the network equipment, Furtherly, each network equipment maximum newly-built rate allowed and maximum concurrent session number can be different, so When first threshold and second threshold are set, one kind is achieved in that, is created the first threshold of Session Resources and concurrently can The first threshold for talking about resource is also possible to second thresholds and concurrent Session Resources different, but that create Session Resources in setting Second threshold setting when can be identical.
Another kind is achieved in that the second threshold of the second threshold and concurrent Session Resources that create session can in setting To be different, but the first threshold of newly-built Session Resources and the first threshold of concurrent Session Resources are also possible to phase in setting With.Another kind is achieved in that, creates the first threshold of Session Resources and the first threshold of concurrent Session Resources in setting It is also possible to different, also, the second threshold of the second threshold of newly-built session and concurrent Session Resources can also be in setting It is different.
In the present embodiment, after the network equipment determines IPmax, the IPmax can be limited or reduced to Session Resources Occupancy, concrete mode is as follows:
When Session Resources are newly-built Session Resources, packet loss that the network equipment can send the IPmax.And works as and be somebody's turn to do When Session Resources are Session Resources based on TCP, packet loss that the network equipment can not only send the IPmax.It can be with RESET message further is sent to the IPmax, to terminate the TCP connection between session setup side corresponding with the IPmax.
When being the newly-built Session Resources for being not based on TCP for Session Resources, such as newly-built Session Resources based on UDP, often Retransmission mechanism can be provided with.After the packet loss that the network equipment sends this IPmax, which does not receive in the given time It to after response message, then will start Retransmission timeout mechanism, retransmit the message, and when subsequent network device performance recovery and stop Only to the limitation of the IPmax after, the network equipment can receive the message of IPmax transmission, and normally be located to the message Reason, therefore can guarantee the normal business contact in session setup side.
It is the newly-built Session Resources based on TCP for Session Resources, the network equipment sends RESET message to the IPmax, main If in order to terminate the TCP semi-connection state between session setup side corresponding with the IPmax, the purpose for the arrangement is that in order to protect Protect the regular traffic contact of session setup side.If not terminating the semi-connection state with it, which still can be to present networks Equipment sends message, and present networks equipment can only carry out discard processing for the message that this IPmax is sent, this just will affect this The normal business contact in the corresponding session setup side IPmax.And in this example, the network equipment is terminated and is somebody's turn to do by RESET message The TCP connection of session setup side can promote session setup side that new link is selected to carry out business contact.
It can be seen that can not only optimize the performance of present networks equipment using the present embodiment, session setup can also be protected The regular traffic contact of side.
When Session Resources are concurrent Session Resources, a kind of optional processing mode of the network equipment is based on preset aging Duration, by the corresponding concurrent conversation aging of the IPmax.For example, network developer can the IPmax respective session aging when Length is set as 5s, and after 5s, the network equipment can be by the corresponding all concurrent conversation agings of the IPmax.
Another optional processing mode is that the network equipment can traverse Session Resources table, determines that IPmax is corresponding concurrent Session Resources, and determine that corresponding each the last of concurrent Session Resources of IPmax uses the time according to recording in Session Resources table, Preset time range is determined do not occur in preset time range with last be compared using the time of each session The concurrent session of data interaction, and by its aging immediately.For example, it is assumed that preset time range is 30min, current time is 13:30, then the network equipment can be by the corresponding last concurrent session aging immediately using the time before 13:00 of the IPmax.
Another optional processing mode is can also to use above two mode simultaneously, limit or reduce the IPmax To the occupancy of Session Resources.For example, it is assumed that a length of 5s when default aging, preset time range are 30min, current time is 13:30.When simultaneously using above two method, in order to accelerate the recycling to network equipment Session Resources, the network equipment can be with Above-mentioned second method is first used, by the corresponding last concurrent session aging immediately using the time before 13:00 of IPmax, In conjunction with first method, based on default ageing time 5s, by the IPmax corresponding last use time in 13:00 to 13 after 5s: Concurrent conversation aging between 30.
When Session Resources are the concurrent Session Resources based on TCP, the network equipment can not only take aforesaid way to limit Or reduce the corresponding concurrent Session Resources occupancy of IPmax, can also further respectively to the IPmax for initiating session and with The opposite end that IPmax conversates sends TCP RESET message, terminates between IPmax and the opposite end to conversate with the IPmax TCP connection.The purpose done so and above-mentioned Session Resources are newly-built Session Resources, and the mesh of unidirectional RESET message is sent to IPmax It is consistent, i.e. the regular traffic contact of protection session setup side while optimizing the service process performance of present networks equipment, here, It repeats no more.
In the present embodiment, by the limitation of the above-mentioned Session Resources occupancy to IPmax or reduce operation after, when When the corresponding Session Resources occupancy of IPmax is no more than third threshold value, the network equipment can stop limitation or drop to the IPmax Reduction process allows the IPmax to create session.
It is worth noting that, the setting of third threshold value is the Session Resources occupancy for IPmax, rather than it is directed to network The Session Resources rate of equipment.In other words, when the corresponding Session Resources occupancy of IPmax is reduced under third threshold value When, it can not illustrate that the Session Resources occupancy of the network equipment can be reduced under first threshold.When the corresponding session of IPmax When resources occupation rate is reduced under third threshold value, if the Session Resources occupancy of the network equipment is still higher than first threshold, The above-mentioned statistic processes to the corresponding Session Resources occupancy of IP address for initiating session can then be continued, and in the network equipment When Session Resources occupancy reaches second threshold, determine IPmax at this time, and the Session Resources that it is occupied carry out limitation or Reduce operation.
When setting third threshold value, can be set according to the particular use of the present embodiment.For example, working as the present embodiment master When being used to prevent attack, third threshold value can set smaller.Because launching a offensive when this equipment is by network attack The Session Resources for the network equipment that IP is occupied are far longer than the Session Resources of other IP occupancy, in other words, what this was launched a offensive IP address occupies most of Session Resources of the network equipment.For example, the newly-built rate for the IP address launched a offensive is per second 50,000 It is a, and the newly-built rate of other IP address is only 1000 per second, at this point, when setting third threshold value, by third threshold Value is configured more as small as possible, is accounted for this to reduce the IP address launched a offensive rapidly to present networks equipment session resource With.
And if the present embodiment is mainly used for the Session Resources that management occupies this equipment for regular traffic, third threshold value Setting can be suitably big.Since when regular traffic occupies the Session Resources of this equipment, each IP address for initiating session The Session Resources of occupancy be generally in a level, for example, IP1 occupy newly-built rate be 1000 per second, IP2's Newly-built rate is 980 per second, and the order of magnitude of IP3 is 1500 per second.At this point, can be suitably by the setting of third threshold value Ground suitably reduces the corresponding Session Resources occupancy of each IP address more greatly, with this.
By above embodiments it is found that the network equipment is by the improvement to session resource management mechanism, when the network equipment When Session Resources occupancy reaches first threshold, the network equipment can count meeting corresponding to the IP address of each session setup side Talk about resources occupation rate;It, can be based on each meeting counted when the Session Resources occupancy of the network equipment reaches second threshold The corresponding Session Resources occupancy of IP address of initiator is talked about, the maximum IP address of Session Resources occupancy is obtained;When session provides When source is newly-built Session Resources, the network equipment can lose the message received from the maximum IP address of Session Resources occupancy It abandons.When above-mentioned Session Resources are concurrent Session Resources, the network equipment can be based on preset ageing time, and the session is provided The corresponding concurrent conversation aging of the maximum IP address of source occupancy, or the maximum IP address of the Session Resources occupancy is corresponding Do not occur the concurrent conversation aging of data interaction in preset time range.
On the one hand, when the Session Resources occupancy of equipment due to monitoring when the network equipment itself is excessive, network is set It is standby the maximum IP address of Session Resources occupancy to be limited, its occupied Session Resources is discharged, so that session provides Source is available reasonably to be recycled.
On the other hand, since the above-mentioned network equipment can be directed to different Session Resources, it is reduced in different ways Resources occupation rate accelerates recycling of the network equipment to Session Resources.Therefore, it can effectively improve at the business of equipment Rationality energy.
Below with reference to some specific application scenarios, application scheme is illustrated:
Scene one:
Be below newly-built Session Resources with Session Resources, Session Resources occupancy for creating the scene of rate characterization, The above method is described in detail.
It is assumed that the network equipment and N number of session setup side have carried out session interaction.The IP address of this N number of session setup side point Not Wei IP1, IP2, IP3 to IPN.The CPU of the network equipment maximum newly-built rate allowed is 500,000 per second, it is assumed that first Threshold value is 350,000 per second, and second threshold is 450,000 per second, and third threshold value is that current maximum newly-built rate IP is corresponding newly-built The 80% of rate.
When the newly-built rate that the network equipment checks this equipment reaches 350,000 per second, each initiation session can be counted The corresponding newly-built rate of IP address.
In the newly-built rate of each IP address of the newly-built rate and initiation session of statistics network equipment, week can will be counted Phase is set as 1s, counts the newly-built session number and each corresponding newly-built session number of IP for initiating session of the network equipment in 1s.
When the network equipment detects that the newly-built rate of this equipment reaches 450,000 per second, IP1 can be based respectively on extremely The corresponding newly-built rate in the address IPN obtains the IP address of maximum newly-built rate.
Assuming that IP1, IP2, IP3 be into IPN, the corresponding newly-built rate of IP3 is maximum, for 20000 per second then the network set It is standby available to IP3.
After getting IP3, which can limit or reduce the corresponding newly-built rate in the address IP3.Specifically Ground mode of operation is as follows:
The network equipment can will be from the received newly-built session packet loss in the address IP3.
Alternatively, the network equipment is not when the corresponding Session Resources of the address IP3 are the newly-built Session Resources based on TCP It can will can also only be sent out from the received newly-built session packet loss in the address IP3 to the corresponding session setup side in the address IP3 RESET message is sent, the TCP connection with the session setup side is terminated.
After above-mentioned limitation or reducing operation, when the network equipment detects the corresponding newly-built rate in the above-mentioned address IP3 When no more than third threshold value when (160,000,000 per second), the limitation of the address IP3 can be released, the address IP3 is allowed to establish New session.
If after stopping to the limitation of this address IP3, when the newly-built rate of the network equipment is still above 350,000 per second, It then repeats the above process, limits or reduce the current newly-built maximum IP address of rate to the occupancy of newly-built Session Resources, here, It repeats no more.
It is new when the network equipment by above embodiments it is found that the network equipment can detecte the newly-built rate of equipment itself When building rate and reaching first threshold, the network equipment can count newly-built rate corresponding to the IP address of each session setup side; It, can be corresponding based on the IP address of each session setup side counted when the newly-built rate of the network equipment reaches second threshold Newly-built rate, obtain the newly-built maximum IP address of rate;It is maximum that the network equipment can limit or reduce the newly-built rate Occupancy of the IP address to the Session Resources.
Since when the newly-built rate of the network equipment is excessive, the network equipment is with can carrying out IP maximum to newly-built rate Location limitation or reduction processing, discharge its occupied Session Resources, Session Resources are rationally recycled in time.Cause This, can effectively improve the service process performance of equipment.
Scene two:
Below with Session Resources for concurrent Session Resources, Session Resources occupancy is with the scene that concurrent session number characterizes Example, is described in detail the above method.
It is assumed that the network equipment and N number of session setup side have carried out session interaction.The IP address of this N number of session setup side point Not Wei IP1, IP2, IP3 to IPN.The memory of the network equipment maximum concurrent session number allowed is 1,000,000, it is assumed that first Threshold value is 700,000, and second threshold is 900,000, and third threshold value is the corresponding concurrent session number of the concurrent session number IP of current maximum 80%.Default ageing time is 5s, and preset time range is 30 minutes.
When the concurrent session number that the network equipment checks this equipment reaches 700,000, each session setup side can be counted The corresponding concurrent session number of IP address.
In the concurrent session value of each IP address of the concurrent session value and initiation session of statistics network equipment, can will adopt Sample cycle set is 1s, and corresponding simultaneously with the concurrent session number of the sampling period statistics network equipment and each IP for initiating session Send out session number.
When the concurrent session number that the network equipment checks this equipment reaches 900,000, IP1 can be based respectively on to IPN The corresponding concurrent session number in address obtains the IP address of maximum concurrent session number.Assuming that IP1, IP2, IP3 be into IPN, IP3 pairs The newly-built rate answered is maximum, is 50000 per second, then the network equipment is available arrives IP3.
After getting the address IP3, a kind of optional processing mode of the network equipment is based on default ageing time 5s, in 5s Afterwards by the corresponding concurrent conversation aging of IP3.
Another optional processing mode is that network equipment can traverse Session Resources table, is based on concurrent Session Resources table The corresponding Session Resources of the IP3 of the middle record last use time, (i.e. 30 minutes) are determined in the corresponding preset time range of IP3 Do not occur the concurrent session of data interaction, and by the conversation aging.Assuming that current time is 13:30, then the network equipment can incite somebody to action The corresponding last concurrent session aging immediately using the time before 13:00 of the IPmax.
Another optional processing mode is that the network equipment can also use above two mode simultaneously, limiting or The address IP3 is reduced to the occupancy of its corresponding concurrent Session Resources.The network equipment can first use above-mentioned second method, will The corresponding last concurrent session aging immediately using the time before 13:00 of IPmax, in conjunction with first method, based on pre- If after ageing time 5s, 5s by IPmax it is corresponding it is last using the time in 13:00 to the concurrent conversation aging between 13:30.
When the corresponding session of IP3 is the concurrent session based on TCP, which can not only be based on aforesaid operations, By its corresponding concurrent conversation aging, TCP RESET message can also be sent to IPmax and the opposite end to conversate with IPmax, Terminate the TCP connection between the IPmax and the opposite end to conversate with the IPmax.
After above-mentioned limitation or reducing operation, when detecting that the corresponding concurrent session number in the above-mentioned address IP3 is no more than When third threshold value when (40000 per second), the limitation of the address IP3 can be released, the address IP3 is allowed to establish new meeting Words.
If the concurrent session number of the network equipment is still above 700,000 per second after releasing to the limitation of this address IP3 When, then it repeats the above process, limits or reduce the current concurrent maximum IP address of session number to the occupancy of concurrent Session Resources, Here, repeating no more.
It is concurrent when the network equipment by above embodiments it is found that the network equipment can detecte the concurrent session number of itself When session number reaches first threshold, the network equipment can count concurrent session number corresponding to each IP address for initiating session; It, can be based on the IP address pair of each session setup side counted when the concurrent session number of the network equipment reaches second threshold The concurrent session number answered obtains the maximum IP address of concurrent session number;The network equipment can limit or reduce the concurrent session Occupancy of the maximum IP address of number to the Session Resources.
Due to when the concurrent session number of the network equipment is excessive, the network equipment can IP maximum to concurrent session number Location is limited, and is discharged its occupied Session Resources, is reasonably recycled so that Session Resources are available.Therefore, may be used To effectively improve the service process performance of equipment.
Corresponding with the embodiment of aforementioned session resource management method, present invention also provides session resource management devices Embodiment.
The embodiment of the application session resource management device can be using on network devices.Installation practice can pass through Software realization can also be realized by way of hardware or software and hardware combining.Taking software implementation as an example, it anticipates as a logic Device in justice is by the processor of the network equipment where it by computer program instructions corresponding in nonvolatile memory It is read into memory what operation was formed.For hardware view, as shown in Fig. 2, where the application session resource management device A kind of hardware structure diagram of the network equipment, in addition to processor shown in Fig. 2, memory, network interface and nonvolatile memory Except, the network equipment in embodiment where device can also include that other are hard generally according to the actual functional capability of the session management Part repeats no more this.
Referring to FIG. 3, Fig. 3 is a kind of block diagram of session resource management device shown in one exemplary embodiment of the application. Described device includes: statistical module 310, determining module 320 and limitation module 330.
Statistical module 310, for when the Session Resources occupancy of the network equipment reaches preset first threshold, statistics to be each Initiate the corresponding Session Resources occupancy of session IP address;
Determining module 320, for when the Session Resources occupancy of the network equipment reaches second threshold, based on what is counted The corresponding Session Resources occupancy of each initiation session IP address, determines the maximum IP address of Session Resources occupancy (IPmax);Wherein, the second threshold is greater than the first threshold;
Module 330 is limited, for limiting or reducing IPmax to the occupancy of the Session Resources, to accelerate the recycling of this equipment Session Resources.
In an optional implementation, the limitation module, comprising: first abandons submodule, for working as the meeting When to talk about resource be newly-built Session Resources, the packet loss that will be sent from the IPmax.
In another optional implementation, the limitation module, comprising: second abandons submodule, for when described When Session Resources are the newly-built Session Resources based on TCP, by the packet loss of IPmax transmission;First sending submodule, for IPmax sends TCP RESET message.
In another optional implementation, the limitation module, comprising: the first aging submodule, for when described When Session Resources are concurrent Session Resources, it is based on preset aging duration, by the corresponding concurrent conversation aging of the IPmax;With/ Or, the second aging submodule, for the corresponding concurrent session for not occurring data interaction in preset time range of IPmax is old Change.
In another optional implementation, the second aging submodule, comprising: Traversal Unit, for traversing simultaneously Session Resources table is sent out, determines the corresponding concurrent Session Resources of IPmax;Determination unit is remembered in concurrent Session Resources table for being based on Corresponding the last of each concurrent Session Resources of the IPmax of record uses the time, and determination does not occur data in preset time range Interactive concurrent session;Aged cell, for the concurrent session for not occurring data interaction in preset time range is old Change.
In another optional implementation, the limitation module, comprising: the second sending submodule, for respectively to IPmax and the opposite end to conversate with the IPmax send TCP RESET message, with terminate the IPmax and with the IPmax into TCP connection between the opposite end of guild's words.
In another optional implementation, described device further include:
Stopping modular 340 when being no more than third threshold value for the corresponding Session Resources occupancy of the IPmax, stops The limitation or reduction of IPmax is handled;Wherein, the third threshold value is less than second threshold.
In another optional implementation, first threshold corresponding to different type Session Resources is different;And/or not Second threshold corresponding to same type Session Resources is different.
The function of each unit and the realization process of effect are specifically detailed in the above method and correspond to step in above-mentioned apparatus Realization process, details are not described herein.
For device embodiment, since it corresponds essentially to embodiment of the method, so related place is referring to method reality Apply the part explanation of example.The apparatus embodiments described above are merely exemplary, wherein described be used as separation unit The unit of explanation may or may not be physically separated, and component shown as a unit can be or can also be with It is not physical unit, it can it is in one place, or may be distributed over multiple network units.It can be according to actual The purpose for needing to select some or all of the modules therein to realize application scheme.Those of ordinary skill in the art are not paying Out in the case where creative work, it can understand and implement.
The foregoing is merely the preferred embodiments of the application, not to limit the application, all essences in the application Within mind and principle, any modification, equivalent substitution, improvement and etc. done be should be included within the scope of the application protection.

Claims (16)

1. a kind of session resource management method is applied to the network equipment, which is characterized in that the described method includes:
When the Session Resources occupancy of the network equipment reaches preset first threshold, it is corresponding to count each initiation session IP address Session Resources occupancy;
When the Session Resources occupancy of the network equipment reaches second threshold, based on each initiation session IP address counted Corresponding Session Resources occupancy determines the maximum IP address of Session Resources occupancy (IPmax);Wherein, the second threshold Greater than the first threshold;
Limitation reduces IPmax to the occupancy of the Session Resources, to accelerate this equipment recycling Session Resources.
2. the method according to claim 1, wherein the limitation or reduction IPmax are to the Session Resources It occupies, comprising:
When the Session Resources are newly-built Session Resources, the packet loss that will be sent from the IPmax.
3. the method according to claim 1, wherein the limitation or reduction IPmax are to the Session Resources It occupies, comprising:
When the Session Resources are the newly-built Session Resources based on TCP, by the packet loss of IPmax transmission;
TCP RESET message is sent to IPmax.
4. the method according to claim 1, wherein the limitation or reduction IPmax are to the Session Resources It occupies, comprising:
When the Session Resources are concurrent Session Resources, it is based on preset aging duration, concurrently can the IPmax is corresponding Talk about aging;
And/or by the corresponding concurrent conversation aging for not occurring data interaction in preset time range of IPmax.
5. according to the method described in claim 4, it is characterized in that, described that IPmax is corresponding in preset time range not There is the concurrent conversation aging of data interaction, comprising:
Concurrent Session Resources table is traversed, determines the corresponding concurrent Session Resources of IPmax;
The time is used based on corresponding each the last of concurrent Session Resources of the IPmax recorded in concurrent Session Resources table, is determined Do not occur the concurrent session of data interaction in preset time range;
By the concurrent conversation aging for not occurring data interaction in preset time range.
6. according to the method described in claim 4, it is characterized in that, the limitation or reduction IPmax are to the Session Resources It occupies, comprising:
The opposite end to conversate respectively to IPmax and with the IPmax sends TCP RESET message, with terminate the IPmax and with The TCP connection between opposite end that the IPmax conversates.
7. the method according to claim 1, wherein the method also includes:
When the corresponding Session Resources occupancy of the IPmax is no more than third threshold value, stop at the limitation or reduction of IPmax Reason;Wherein, the third threshold value is less than second threshold.
8. the method according to claim 1, wherein first threshold corresponding to different type Session Resources is not Together;And/or second threshold corresponding to different type Session Resources is different.
9. a kind of session resource management device, which is characterized in that described device includes:
Statistical module, for counting each initiation meeting when the Session Resources occupancy of the network equipment reaches preset first threshold Talk about the corresponding Session Resources occupancy of IP address;
Determining module, it is described each based on what is counted for when the Session Resources occupancy of the network equipment reaches second threshold The corresponding Session Resources occupancy of session IP address is initiated, determines the maximum IP address of Session Resources occupancy (IPmax);Its In, the second threshold is greater than the first threshold;
Module is limited, for limiting or reducing IPmax to the occupancy of the Session Resources, to accelerate this equipment recycling session money Source.
10. device according to claim 9, which is characterized in that the limitation module, comprising:
First abandons submodule, the message for will send from the IPmax when the Session Resources are newly-built Session Resources It abandons.
11. device according to claim 9, which is characterized in that the limitation module, comprising:
Second abandons submodule, for when the Session Resources are the newly-built Session Resources based on TCP, IPmax to be sent Packet loss;
First sending submodule, for sending TCP RESET message to IPmax.
12. device according to claim 9, which is characterized in that the limitation module, comprising:
First aging submodule, for preset aging duration being based on, by institute when the Session Resources are concurrent Session Resources State the corresponding concurrent conversation aging of IPmax;
And/or the second aging submodule, for by IPmax it is corresponding do not occur in preset time range data interaction and Send out conversation aging.
13. device according to claim 12, which is characterized in that the second aging submodule, comprising:
Traversal Unit determines the corresponding concurrent Session Resources of IPmax for traversing concurrent Session Resources table;
Determination unit, for based on the last of the corresponding each concurrent Session Resources of the IPmax recorded in concurrent Session Resources table Using the time, determine do not occur the concurrent session of data interaction in preset time range;
Aged cell, for by the concurrent conversation aging for not occurring data interaction in preset time range.
14. device according to claim 12, which is characterized in that the limitation module, comprising:
Second sending submodule, for sending TCP RESET message to IPmax and the opposite end to conversate with the IPmax respectively, To terminate the TCP connection between the IPmax and the opposite end to conversate with the IPmax.
15. device according to claim 9, which is characterized in that described device further include:
Stop unit, for stopping IPmax's when the corresponding Session Resources occupancy of the IPmax is no more than third threshold value Limitation or reduction processing;Wherein, the third threshold value is less than second threshold.
16. device according to claim 9, which is characterized in that first threshold corresponding to different type Session Resources is not Together;And/or second threshold corresponding to different type Session Resources is different.
CN201610834921.7A 2016-09-20 2016-09-20 Session resource management method and device Active CN106230649B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610834921.7A CN106230649B (en) 2016-09-20 2016-09-20 Session resource management method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610834921.7A CN106230649B (en) 2016-09-20 2016-09-20 Session resource management method and device

Publications (2)

Publication Number Publication Date
CN106230649A CN106230649A (en) 2016-12-14
CN106230649B true CN106230649B (en) 2019-07-09

Family

ID=58075791

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610834921.7A Active CN106230649B (en) 2016-09-20 2016-09-20 Session resource management method and device

Country Status (1)

Country Link
CN (1) CN106230649B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107547634B (en) * 2017-07-28 2020-11-03 新华三信息安全技术有限公司 Session management method and device
CN110944004B (en) * 2019-09-12 2021-09-10 腾讯科技(深圳)有限公司 Data processing method, device, storage medium and equipment in block chain network
CN113163029B (en) * 2021-05-20 2023-06-30 厦门亿联网络技术股份有限公司 Network session account deployment method, device, terminal, server and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103823712A (en) * 2014-03-17 2014-05-28 杭州华三通信技术有限公司 Data flow processing method and device for multi-CPU virtual machine system
CN103927230A (en) * 2014-03-25 2014-07-16 优视科技有限公司 Memory usage feedback method and device
CN104778086A (en) * 2015-04-15 2015-07-15 天脉聚源(北京)教育科技有限公司 Method and device for releasing resources
CN104991822A (en) * 2015-06-30 2015-10-21 浪潮(北京)电子信息产业有限公司 Memory management method and apparatus

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8582454B2 (en) * 2010-04-08 2013-11-12 Netscout Systems, Inc. Real-time adaptive processing of network data packets for analysis

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103823712A (en) * 2014-03-17 2014-05-28 杭州华三通信技术有限公司 Data flow processing method and device for multi-CPU virtual machine system
CN103927230A (en) * 2014-03-25 2014-07-16 优视科技有限公司 Memory usage feedback method and device
CN104778086A (en) * 2015-04-15 2015-07-15 天脉聚源(北京)教育科技有限公司 Method and device for releasing resources
CN104991822A (en) * 2015-06-30 2015-10-21 浪潮(北京)电子信息产业有限公司 Memory management method and apparatus

Also Published As

Publication number Publication date
CN106230649A (en) 2016-12-14

Similar Documents

Publication Publication Date Title
CN106230649B (en) Session resource management method and device
JP2004511930A5 (en)
CN107547442B (en) Data transmission buffer queue distribution method and device
WO2017035717A1 (en) Distributed denial of service attack detection method and associated device
JP2016163180A (en) Communication system, communication method, and program
CN102404206A (en) Enqueueing processing method and device
US10033612B2 (en) Adaptive signaling for network performance measurement, access, and control
CN102368729A (en) Accurate network speed limit method at non-realtime system
CN110336759B (en) RDMA (remote direct memory Access) -based protocol message forwarding method and device
CN109347760B (en) Data sending method and device
Carlucci et al. Making Google Congestion Control robust over Wi-Fi networks using packet grouping
US7694180B2 (en) Collecting debug information according to user-driven conditions
CN103023723A (en) Method for performing iSCSI (internet small computer system interface) multipath test in linux environment
EP3863234B1 (en) Adaptive signaling for network performance measurement, access, and control
US11108656B1 (en) Techniques for allocating and managing telecommunication resources
US8948211B2 (en) Performance evaluation of a communications network using jitter parameter values
JP5128556B2 (en) Traffic information collecting apparatus, traffic information collecting method and program thereof
CN105100297B (en) A kind of method for processing resource and device
Yavas et al. Strict prioritization of new requests over retransmissions for enhancing scalability of SIP servers
Li et al. Session-aware congestion control for TCP Incast in datacenter networks
Tinnakornsrisuphap et al. TCP traffic modeling via limit theorems
CN105959242A (en) Message sending method and device
CN106330574B (en) Flow analysis method and device
US11258712B2 (en) Resource efficient forwarding of guaranteed and non-guaranteed data packets
Li et al. Adaptive rate control for TCP Incast based on selective ECN-marking

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: Binjiang District and Hangzhou city in Zhejiang Province Road 310051 No. 68 in the 6 storey building

Applicant after: Hangzhou Dipu Polytron Technologies Inc

Address before: Binjiang District and Hangzhou city in Zhejiang Province Road 310051 No. 68 in the 6 storey building

Applicant before: Hangzhou Dipu Technology Co., Ltd.

GR01 Patent grant
GR01 Patent grant