CN106603302A - Method and device of ACL table item management - Google Patents

Method and device of ACL table item management Download PDF

Info

Publication number
CN106603302A
CN106603302A CN201611250006.XA CN201611250006A CN106603302A CN 106603302 A CN106603302 A CN 106603302A CN 201611250006 A CN201611250006 A CN 201611250006A CN 106603302 A CN106603302 A CN 106603302A
Authority
CN
China
Prior art keywords
acl
table item
acl table
item
subpattern
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201611250006.XA
Other languages
Chinese (zh)
Other versions
CN106603302B (en
Inventor
符志清
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou DPTech Technologies Co Ltd
Original Assignee
Hangzhou DPTech Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou DPTech Technologies Co Ltd filed Critical Hangzhou DPTech Technologies Co Ltd
Priority to CN201611250006.XA priority Critical patent/CN106603302B/en
Publication of CN106603302A publication Critical patent/CN106603302A/en
Application granted granted Critical
Publication of CN106603302B publication Critical patent/CN106603302B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/50Network service management, e.g. ensuring proper service fulfilment according to agreements
    • H04L41/5003Managing SLA; Interaction between SLA and QoS
    • H04L41/5019Ensuring fulfilment of SLA
    • H04L41/5022Ensuring fulfilment of SLA by giving priorities, e.g. assigning classes of service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]

Abstract

The invention provides a method and device of ACL table item management. The method comprises a step of obtaining an ACL mode configured for each area through a preset mode configuration interface and an ACL sub mode configured for each area through a preset sub mode configuration interface by a user, wherein at least one ACL sub mode is included in a same ACL mode, and the ACL sub mode comprises an ACL sub mode of with the support of priority and an ACL sub mode without the support of priority, a step of obtaining a target ACL table item configured through a preset ACL configuration interface by the user and an ACL mode and an ACL sub mode configured for the target ACL table item, a step of responding to the issuing instruction for the target ACL table item, and judging whether the sub mode of the target ACL table item is an ACL sub mode without the support of priority, and a step of adding the target ACL table item to an idle table item in an adding position corresponding to the ACL sub mode to which the ACL table item belongs if so. Thus the efficiency of adding the ACL table item is improved.

Description

A kind of method and apparatus of ACL table item management
Technical field
The application is related to network communication technology field, more particularly to a kind of method and apparatus of ACL table item management.
Background technology
ACL (Access Control List, accesses control list) is a kind of flow access control technology, its by A series of list item of specified message matching conditions and Message processing action is set in the message forwarding path in the network equipment, with reality The function of specific control is now carried out to special packet.
Acl feature can be realized by software and hardware, wherein, hardware ACL is also called ACL chips.ACL chips have Fireballing advantage, therefore be widely used in the network equipment.However, there being the storage resource of ACL table item in ACL chips Limit, therefore, the storage resource of ACL table item of making rational planning for seems particularly significant.
The content of the invention
In view of this, the application provides a kind of method and apparatus of ACL table item management, in being applied to the network equipment, is used for Improve the service efficiency of the storage resource of ACL table item.
Specifically, the application is achieved by the following technical solution:
A kind of method of ACL table item management, is applied to the network equipment, pre-configured in the ACL chips of the network equipment ACL table is divided into some sections, and each section includes some ACL table items, including:
It is the pre-configured ACL patterns in each section by default pattern configurations interface to obtain user, and by default Subpattern configuration interface is the pre-configured ACL subpatterns in each section;Wherein, at least one ACL is included under same ACL patterns Pattern, ACL subpatterns include the ACL subpatterns for supporting priority and the ACL subpatterns for not supporting priority;
The target ACL table item that user is configured by default ACL configuration interfaces is obtained, and is matched somebody with somebody for the target ACL table item The ACL patterns put and ACL subpatterns;
In response to for sending instructions under the target ACL table item, whether the subpattern for judging the target ACL table item is not prop up Hold the ACL subpatterns of priority;If it is, by the target ACL table item add to the ACL subpatterns pair belonging to the ACL table item Idle list item in the point of addition answered.
A kind of device of ACL table item management, is applied to the network equipment, pre-configured in the ACL chips of the network equipment ACL table is divided into some sections, and each section includes some ACL table items, including:
First acquisition unit, is the pre-configured ACL moulds in each section for obtaining user by default pattern configurations interface Formula, and be the pre-configured ACL subpatterns in each section by default subpattern configuration interface;Wherein, under same ACL patterns Including at least one ACL subpatterns, ACL subpatterns include the ACL subpatterns for supporting priority and the ACL for not supporting priority Subpattern;
Second acquisition unit, for obtaining the target ACL table item that user is configured by default ACL configuration interfaces, and ACL patterns and ACL subpatterns for the target ACL table item configuration;
Response unit, in response to for sending instructions under the target ACL table item, judging the son of the target ACL table item Whether pattern is the ACL subpatterns for not supporting priority;If it is, by the target ACL table item add to belonging to the ACL table item The corresponding point of addition of ACL subpatterns in idle list item.
The configuration of subpattern, the ACL table of different purposes are carried out by the ACL table item to different purposes in same functional module Item corresponds respectively to different subpatterns.When subpattern does not support priority, add the ACL table item corresponding to the subpattern When, it is only necessary to the ACL table item of free time is searched in the position corresponding to the subpattern, then adds ACL table item to be added To idle ACL table item, such that it is able to improve efficiency during addition ACL table item.
Description of the drawings
Fig. 1 is addition position of a kind of ACL table item in section in the prior art shown in the exemplary embodiment of the application one Put schematic diagram;
After Fig. 2 changes for section quantity in the prior art shown in the exemplary embodiment of the application one, a kind of ACL table item exists Point of addition schematic diagram in section;
Point of addition schematic diagrames of the Fig. 3 for a kind of ACL table item shown in the exemplary embodiment of the application one in section;
Fig. 4 is a kind of ACL table item adding in section after the section quantity shown in the exemplary embodiment of the application one changes Plus position view;
The method flow diagram that Fig. 5 is managed for ACL table item in a kind of ACL chips shown in the exemplary embodiment of the application one;
Fig. 6 is a kind of schematic diagram of the section pattern configurations shown in the exemplary embodiment of the application one;
Fig. 7 is the spermotype configuration interface schematic diagram shown in the exemplary embodiment of the application one;
Fig. 8 is another spermotype configuration interface schematic diagram shown in the exemplary embodiment of the application one;
Fig. 9 is a kind of ACL configuration interfaces schematic diagram shown in the exemplary embodiment of the application one;
Figure 10 is a kind of a kind of hardware structure diagram of the device place network equipment of ACL table item management of the application;
Figure 11 is a kind of device of the ACL table item management shown in the exemplary embodiment of the application one.
Specific embodiment
Here exemplary embodiment will be illustrated in detail, its example is illustrated in the accompanying drawings.Explained below is related to During accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represent same or analogous key element.Following exemplary embodiment Described in embodiment do not represent all embodiments consistent with the application.Conversely, they be only with it is such as appended The example of the consistent apparatus and method of some aspects described in detail in claims, the application.
It is, only merely for the purpose of description specific embodiment, and to be not intended to be limiting the application in term used in this application. " one kind ", " described " and " being somebody's turn to do " of singulative used in the application and appended claims is also intended to include majority Form, unless context clearly shows that other implications.It is also understood that term "and/or" used herein is referred to and wrapped Containing one or more associated any or all possible combinations for listing project.
It will be appreciated that though various information, but this may be described using term first, second, third, etc. in the application A little information should not necessarily be limited by these terms.These terms are only used for that same type of information is distinguished from each other out.For example, without departing from In the case of the application scope, the first information can also be referred to as the second information, and similarly, the second information can also be referred to as One information.Depending on linguistic context, word as used in this " if " can be construed to " ... when " or " when ... When " or " in response to determining ".
In the prior art, for the ease of the management to the ACL table item in ACL chips, generally by the ACL in ACL chips Table is divided, and ACL table is divided into into several sections, wherein, several ACL table items are included in each section.Each The quantity of the ACL table item in section can be with equal, it is also possible to unequal, usual manufacturer make ACL chips when, generally by each ACL quantity in area keeps equal.
Due to needing have much in the network equipment using the functional module of ACL table item, use between difference in functionality module ACL table item needs to make a distinction, therefore, when ACL table item resource is distributed, generally needs are distributed in the way of section makes With the functional module of ACL table item.Need to use the more module of ACL table item quantity, the quantity of the section of occupancy will more one Point;The module for using ACL table item quantity fewer is needed, the quantity chance of the section of occupancy is a little less.
In the prior art, user can pass through to start the configuration software loaded on the network equipment, right in configuration interface The pattern of the ACL table item of each section is configured, and issues configuration-direct, and equipment can automatically to the ACL table item of section Pattern configured.
In the prior art, each ACL table Xiang Jun being issued in ACL chips has priority, therefore often issues one When ACL table item adds into corresponding section, equipment is required to the ACL table item by having issued in relatively more corresponding section Priority, then finds the ACL table item of corresponding free time, and ACL table item to be added is added into the idle ACL table item. If not finding the ACL table item of corresponding free time, then need the priority that priority is not more than ACL table item to be added ACL table item move one by one.
Wherein, in the ACL table item of same functional module, also there is the ACL table item of different purposes, the ACL table of different purposes There is priority between, according to the height of the priority of the ACL table item of different purposes, by the high addition of priority to priority Before ground.
In the prior art, if the section quantity for distributing to a certain functional module is 1, the ACL table of the functional module Comprising the ACL table item of two kinds of different purposes, the ACL table of second purposes of priority ratio of the ACL table item of the first purposes in The priority of item is high, then the ACL table item of the first half in the section is distributed to the ACL table item of the first purposes and used, latter Half ACL table item is distributed to the ACL table item of second purposes and is used.If in the ACL table item of the functional module comprising three kinds not With the ACL table item of purposes, then according to priority order from high in the end, the ACL table item of various different purposes occupies three/ One ACL table item quantity, by that analogy.
In addition, in the network device, different functional module can't Jing often run simultaneously, and in different time sections, respectively The quantity of the ACL table item required for functional module is also unequal, therefore user would generally as needed to the section in ACL chips The pattern of ACL table item reconfigured.
In the prior art, after the pattern of the ACL table item of section is reconfigured, the ACL table for originally having issued Be accomplished by according to the pattern belonging to the ACL table item, mobile ACL table item will be partly needed in the ACL table item, move integrally to In section corresponding to the ACL table item.
Fig. 1 is referred to, Fig. 1 is that a kind of ACL table item is in section in the prior art shown in the exemplary embodiment of the application one In point of addition schematic diagram.
Fig. 2 is referred to, after Fig. 2 changes for section quantity in the prior art shown in the exemplary embodiment of the application one, one Plant point of addition schematic diagram of the ACL table item in section.
Can be seen that from Fig. 1 and Fig. 2 in prior art, when the corresponding section quantity of a certain functional module of change, The ACL table item that Jing is issued situation of change in section.
For example, when the ACL table item of a certain functional module occupies 1 section, and the ACL table item of the functional module includes two The ACL table item of kind of different purposes, the ACL table item of the first purposes occupies the first half ACL table item in the section, second purposes The later half ACL table item that ACL table item occupies in the section.The section occupied when the ACL table item of the functional module is from original 1 Section becomes 2 sections, then the ACL table item of every kind of purposes respectively occupies a section.Issue in so original section The ACL table item of second purposes is needed in the ACL table item of integral translation to second section of the present functional module.
In sum, in the prior art, there is problems with.
In due to prior art, when any bar ACL table item is issued, equipment is required to the priority according to the ACL table item Corresponding point of addition is found in corresponding section, when being occupied by another ACL table item in the point of addition, is needed The corresponding ACL table item of movement, makes the point of addition become idle ACL table item.But in the prior art, some ACL table items Between and need not distinguish between priority, for such ACL table item, add the free time into the section corresponding to the ACL table item ACL table item in, therefore, still provide using in prior art for these need not distinguish between ACL table items of priority Scheme, the operating efficiency of equipment is high.
On the other hand, in the prior art, in same functional module the ACL table item of different purposes according to the species number of purposes Amount, averagely occupies the ACL table item being allocated in the section of the functional module.When the section quantity for being allocated in the functional module changes When, the ACL table item for originally having issued needs to carry out integral translation.Therefore scheme of the prior art is adopted, function mould is adjusted During the section quantity that block occupies, equipment needs for the ACL table item for having issued to carry out integral translation, so as to increased the negative of equipment Load.
In order to solve the problems of the prior art, this application provides a kind of method that ACL table item is managed in ACL chips, The network equipment is applied to, is the pre-configured ACL patterns in each section by default pattern configurations interface by obtaining user, and It is the pre-configured ACL subpatterns in each section by default subpattern configuration interface;Wherein, include under same ACL patterns to A few ACL subpattern, ACL subpatterns include the ACL subpatterns for supporting priority and the ACL submodules for not supporting priority Formula;The target ACL table item that acquisition user is configured by default ACL configuration interfaces, and configure for the target ACL table item ACL patterns and ACL subpatterns;In response to for sending instructions under the target ACL table item, judging the submodule of the target ACL table item Whether formula is the ACL subpatterns for not supporting priority;If it is, by the target ACL table item add to belonging to the ACL table item Idle list item in the corresponding point of addition of ACL subpatterns.
On the one hand, the configuration of subpattern, different purposes are carried out by the ACL table item to different purposes in same functional module ACL table item correspond respectively to different subpatterns.When subpattern does not support priority, add corresponding to the subpattern During ACL table item, it is only necessary to the ACL table item of free time is searched in the position corresponding to the subpattern, then by ACL table to be added Item adds to idle ACL table item.Only when in the position corresponding to the subpattern without free time list item, just need into being about to The ACL table item for having issued is translated, therefore can be avoided in prior art, corresponding to also having time in the position of the subpattern Not busy ACL table item, but ACL table item to be added occupied due to point of addition corresponding with priority by other ACL table items, can only be by ACL table item is translated, and then the point of addition is become into idle ACL table item, and can not be added to corresponding to the subpattern Position in other idle ACL table items in situation, such that it is able to improve addition ACL table item when efficiency.
Refer to Fig. 3, addition positions of the Fig. 3 for a kind of ACL table item shown in the exemplary embodiment of the application one in section Put schematic diagram.
Fig. 4 is referred to, Fig. 4 is that a kind of ACL table item exists after the section quantity shown in the exemplary embodiment of the application one changes Point of addition schematic diagram in section.
As can be seen that in the technical scheme of the application offer, the section quantity of a certain functional mode changes from Fig. 3 and Fig. 4 After change, change situation of the ACL table item in section.
Using the technical scheme shown in the application, after the section quantity of a certain functional module changes, it is not necessary to it is mobile with And the ACL table item for issuing, the section of free time is there is likely to be in the section that sometimes functional module is occupied, in such situation Under, when another functional module needs more ACL table item resources, directly the idle section can be reconfigured, by this The functional module for needing more ACL table item resources is distributed in idle section, such that it is able to the ACL table item that avoids having issued It is mobile.
Refer to Fig. 5, the side that Fig. 5 is managed for ACL table item in a kind of ACL chips shown in the exemplary embodiment of the application one Method flow chart.
Step 501:It is the pre-configured ACL patterns in each section that user is obtained by default pattern configurations interface, Yi Jitong It is the pre-configured ACL subpatterns in each section to cross default subpattern configuration interface;Wherein, include at least under same ACL patterns One ACL subpattern, ACL subpatterns include the ACL subpatterns for supporting priority and the ACL subpatterns for not supporting priority.
Fig. 6 is referred to, Fig. 6 is a kind of schematic diagram of the section pattern configurations shown in the exemplary embodiment of the application one.
In this application, subpattern is defined as to the ACL table item of the different purposes of same functional module, in a pattern extremely Include a subpattern less.
In the embodiment shown in the application, user can on network devices load the plug-in unit of ACL table item configuration, so After start the plug-in unit.The plug-in unit starts after success, and the section pattern configurations interface shown in Fig. 6 can be shown in the user interface, Include section sequence number at the interface, and the pattern configurations option corresponding to each section and the subpattern corresponding to each pattern are matched somebody with somebody Put option.Then user can select the mould for needing configuration in the configuration interface midpoint blow mode option in the pattern for providing Formula.
After the completion of the pattern configurations to section, subpattern option can be clicked on, the subpattern to the section pattern is carried out Configuration.
For example, it is stream defining mode by the corresponding section pattern configurations of stream defined function module, then will be fixed corresponding to stream The subpattern of adopted pattern is configured to stream and defines white list subpattern and the definition subpattern of entrance stream.
In this application, there are two class functional modules, a class is the functional module that inside modules issue ACL table item automatically, This class functional module therefore corresponds to the ACL table item nothing of the functional module due to determining required ACL table item quantity Method is adjusted.Another kind of is that user can be with the functional module of manual configuration, and this class functional module can need flexible according to user ACL table item inside ground adjustment.
For the functional module that inside modules issue ACL table item automatically, subpattern is that system is pre-configured, and user can not be right The subpattern is modified, and can only be checked with by the priority relationship between subpattern, and is between each ACL table item in subpattern The no relation that there is priority.For user can be with the functional module of manual configuration, the subpattern corresponding to the functional module can With manual configuration, user not only can change the priority between subpattern, it is also possible to increase and decrease subpattern, it can in addition contain arrange son Relation in pattern between each ACL table item with the presence or absence of priority.
Fig. 7 is referred to, Fig. 7 is the spermotype configuration interface schematic diagram shown in the exemplary embodiment of the application one.
After user clicks on subpattern option, subpattern configuration interface as shown in Figure 7 can be shown in user interface.
Wherein, the subpattern for showing in the subpattern configuration interface shown in Fig. 7 is pre-configured with, belonging to the subpattern Functional module be pre-configured, user cannot modify to subpattern, can only check the relevant parameter of subpattern.
Fig. 8 is referred to, Fig. 8 is another spermotype configuration interface schematic diagram shown in the exemplary embodiment of the application one.
Wherein, the subpattern for showing in the subpattern configuration interface shown in Fig. 8 can be with manual configuration.User can specify son The title of pattern, can pass throughPull sub- subpattern to adjust the priority between subpattern, can pass throughTo create New subpattern, can pass throughTo delete unwanted subpattern, it is also possible to by selectingOrTo specify submodule Relation in formula between each ACL table item with the presence or absence of priority, whereinUnchecked state is represented,The shape that expression is chosen State.
When user completes to the pattern configurations of each section, and after the completion of also configuring to the subpattern in each pattern, user is just ACL table item can be configured.
Step 502:Obtain the target ACL table item that configures by default ACL configuration interfaces of user, and for the target The ACL patterns of ACL table item configuration and ACL subpatterns.
Fig. 9 is referred to, Fig. 9 is a kind of ACL configuration interfaces schematic diagram shown in the exemplary embodiment of the application one.
When user configures to the Pattern completion of each section, and after the completion of also configuring to the subpattern in each pattern, Yong Huke To start ACL configuration softwares, the ACL configuration interfaces shown in Fig. 9 then can be shown in the user interface.
User can carry out the configuration of target ACL table item in ACL configuration interfaces.Specifically, user can be to target ACL List item configures pattern corresponding with the target ACL table item and subpattern, if each in the subpattern belonging to the target ACL table item There is the relation of priority between ACL table item, then user can be to the size of the target ACL table item assigned priority numerical value; If there is no the relation of priority between each ACL table item in subpattern belonging to the target ACL table item, then user is just not Need the size to the target ACL table item assigned priority numerical value.
In the embodiment shown in the application, user completes with postponing to target ACL table item, and user can be by the target ACL table item is issued.Specifically, it is default in user can click on ACL configuration interfaces to issue button.Click on this and issue button Afterwards, the ACL configuration softwares of the network equipment send instructions under can triggering one.It can be addition target ACL table item to send instructions under this, Delete target ACL table item, changes target ACL table item, mobile target ACL table item etc..Mesh is added in main description in the present embodiment The situation of mark ACL table item.
Step 503:In response to for sending instructions under the target ACL table item, judging the subpattern of the target ACL table item is The no ACL subpatterns not support priority;If it is, by the target ACL table item add to the ACL belonging to the ACL table item Idle list item in the corresponding point of addition of subpattern.
Wherein, in this application, when the subpattern belonging to target ACL table item is not support the subpattern of priority, that The point of addition is the corresponding ACL table item region of subpattern belonging to the target ACL table item.When belonging to target ACL table item Subpattern be support priority subpattern when, then the point of addition is the subpattern pair belonging to the target ACL table item In the ACL table item region answered, a position corresponding with the target ACL table item.
After sending instructions under the ACL configuration softwares of the network equipment trigger one, the network equipment can be responded and sent instructions under this. Specifically, the network equipment can send instructions under this it is middle acquisition target ACL table item information, due to mainly describing in the present embodiment The situation of addition target ACL table item, therefore the addition letter of target ACL table item is got during the network equipment can send instructions under this Breath.
Then the network equipment may determine that the target ACL table item belongs to any pattern, and belonging to the target ACL table item Subpattern.After the network equipment determines the pattern belonging to the target ACL table item and subpattern, the network equipment can be in ACL Start anew in chip, the target ACL table item is matched with the ACL table item in ACL chips, find in ACL chips With the pattern identical ACL table item region belonging to the target ACL table item.
When the network equipment finds and the pattern identical ACL table item region belonging to the target ACL table item in ACL chips When, the network equipment can search ACL corresponding with the subpattern belonging to the target ACL table item in the ACL table item region found List item region.
Wherein, in this application, there is priority between each subpattern in same module, priority is higher, subpattern In the corresponding Position Number of ACL table item it is less.
If the network equipment is finding ACL table item region corresponding with the subpattern belonging to the target ACL table item, then Relation in the subpattern that the network equipment may determine that belonging to the target ACL table item between each ACL table item with the presence or absence of priority. If there is no the relation of priority, then the network equipment can be in the corresponding addition of subpattern belonging to the target ACL table item Search whether there is idle ACL table item in position.If it is present, the network equipment can be by the target ACL table item addition Into the idle ACL table item.
For example, table 1 is referred to, table 1 is ACL table item point in a kind of ACL chips shown in the exemplary embodiment of the application one The signal table of cloth position.
Table 1
It is assumed that the pattern belonging to the target ACL table item is IPv4, affiliated subpattern is in subpattern 2, and subpattern 2 There is no the relation of priority between each ACL table item, the entitled b8 of the target ACL table item.Now by target ACL table Xiang Tian In adding to ACL chips.
Table 2 is referred to, table 2 is a kind of signal table of the addition ACL table item shown in the exemplary embodiment of the application one.
Table 2 be the target ACL table item is added in the ACL shown in table 1 after, the distribution of each ACL table item in ACL chips Situation.
Table 2
Due to there is no priority relationship, Position Number between each ACL table item in the subpattern belonging to the target ACL table item To be just idle ACL table item where 3, therefore directly ACL table item can be issued in the idle ACL table item.
By such mode, the network equipment need not match the priority of the target ACL table item, as long as finding and the mesh The idle list item in the corresponding ACL table item of subpattern belonging to mark ACL table item, then adds the target ACL table item to the sky In not busy ACL table item, therefore the efficiency that the network equipment adds ACL table item can be improved.
In this application, if do not deposited in ACL table item region corresponding with the ACL subpatterns belonging to the target ACL table item In idle list item, the network equipment can start the counter for counting mobile number of times, then from the target ACL table item region First ACL table item starts, and traversal searches the first direction and the ACL table item in second direction;If the ACL for finding Priority is supported in subpattern belonging to list item, then add one by the counter;If the subpattern belonging to the ACL table item for finding is not Priority is supported, then after the completion of the ACL table item traversal under the subpattern, the counter is added one.
Then count to the first direction and move ACL table item to produce the first movement of idle list item in the point of addition Number of times;And, move ACL table item to produce the second movement number of times of idle list item in the point of addition to the second direction. Then the first movement number of times and the second movement number of times are compared.
If the first movement number of times can be moved more than the described second movement number of times, the network equipment to the second direction Dynamic ACL table item produces free time list item until the point of addition, and the target ACL table item is issued to into the idle list item.
If the first movement number of times can be moved less than the described second movement number of times, the network equipment to the second direction Dynamic ACL table item produces free time list item until the point of addition, and the target ACL table item is issued to into the idle list item.
Wherein, when the network equipment is in mobile ACL table item, the network equipment can check son belonging to ACL table item to be moved Whether pattern supports priority;If it is then the network equipment can one by one be moved all ACL table items under the subpattern It is dynamic;
If not, so when the moving direction of ACL table item is first direction, the network equipment can be to be moved by this ACL table item is moved to before under the subpattern first ACL table item;Or, first under the subpattern ACL table item it Front when there is no idle list item, the network equipment can be by the last item under other subpatterns of priority higher than the subpattern ACL table item is moved as ACL table item to be moved, is produced before first ACL table item under the subpattern empty Not busy list item.
When the moving direction of ACL table item is the second moving direction, the network equipment can move the ACL table item to be moved After moving the last item ACL table item to the subpattern;Or, after the last item ACL table item under the subpattern not When there is idle list item, the network equipment can be by first ACL table item under other subpatterns of priority less than the subpattern Move as ACL table item to be moved, after the last item ACL table item under the subpattern free list is produced .
In the present embodiment, the first direction is the high direction of subpattern priority, and the second direction is that subpattern is excellent The low direction of first level.
For example, table 3 is referred to, table 3 is ACL table item in another kind of ACL chips shown in the exemplary embodiment of the application one The signal table of distributing position.
Table 3
Assume that the pattern belonging to target ACL table item remains as IPv4, affiliated subpattern is in subpattern 2, and subpattern 2 There is no the relation of priority between each ACL table item, the entitled b8 of the target ACL table item.Now by target ACL table Xiang Tian In adding to the ACL chips shown in table 3.
There is no idle list item in the region of subpattern 2, it is first ACL table item that Position Number is 5 ACL table item.Net Network equipment can start counter, from the beginning of the ACL table item, to first direction ACL table item, the movement time of statistics first be begun stepping through Number, can count from table 3, and the first movement number of times is 3.Then the network equipment can begin stepping through ACL table to second direction , because subpattern 2 is not support the subpattern of priority, subpattern 3 is also the subpattern for not supporting priority, therefore, from Can count in table 3, the number of times of the second movement is 1.
Table 4 is referred to, table 4 is addition ACL table item in another kind of ACL chips shown in the exemplary embodiment of the application one Illustrate table.
Table 4
Because the second movement number of times is less than the first movement number of times, therefore, the network equipment can move ACL table to second direction .Specifically, the ACL table item of the entitled c1 of ACL table item can be moved into place the idle ACL table that numbering is 16 by the network equipment Xiang Zhong.Then Position Number is that 12 ACL table item becomes idle ACL table item, and the network equipment just can be by target ACL table Xiang Tian In adding to the idle ACL table item.
For example, table 5 is referred to, table 5 is ACL table item in another kind of ACL chips shown in the exemplary embodiment of the application one Distributing position signal table.
Table 5
Assume that the pattern belonging to target ACL table item remains as IPv4, affiliated subpattern is in subpattern 2, and subpattern 2 There is no the relation of priority between each ACL table item, the entitled b8 of the target ACL table item.Now by target ACL table Xiang Tian In adding to the ACL chips shown in table 5.
There is no idle list item in the region of subpattern 2, it is first ACL table item that Position Number is 5 ACL table item.Net Network equipment can start counter, from the beginning of the ACL table item, to first direction ACL table item, the movement time of statistics first be begun stepping through Number, because subpattern 1 is not support the subpattern of priority, therefore, can count from table 5, the first movement number of times is 1. Then the network equipment can begin stepping through ACL table item to second direction, because subpattern 2 is not support the subpattern of priority, Subpattern 3 is the subpattern for supporting priority, therefore, can count from table 5, the number of times of the second movement is 4.
Table 6 is referred to, table 6 is addition ACL table item in another kind of ACL chips shown in the exemplary embodiment of the application one Illustrate table.
Because the first movement number of times is less than the second movement number of times, therefore, the network equipment can move ACL table to first direction .Specifically, the ACL table item of the entitled a3 of ACL table item can be moved into place the idle ACL table that numbering is 1 by the network equipment Xiang Zhong.Then Position Number is that 4 ACL table item becomes idle ACL table item, and the network equipment just can be by target ACL table Xiang Tian In adding to the idle ACL table item.
In embodiments herein, if the network equipment does not find and the subpattern belonging to the target ACL table item Corresponding ACL table item region, then the network equipment can be in the institute higher than the priority of the subpattern belonging to target ACL table item After having the corresponding region of subpattern, idle list item is searched, then add the target ACL table item to the idle ACL table item In.
For example, table 7 is referred to, table 7 is ACL table item in another kind of ACL chips shown in the exemplary embodiment of the application one Distributing position schematic diagram.
Table 7
Assume that the pattern belonging to target ACL table item is IPv4, affiliated subpattern is subpattern 4, the priority of subpattern 4 Less than the relation that there is no priority in subpattern 3, and subpattern 4 between each ACL table item, the target ACL table item it is entitled d1.The target ACL table item is added into the ACL chips shown in table 7 now.
Table 8 is referred to, table 8 is addition ACL table item in another kind of ACL chips shown in the exemplary embodiment of the application one Illustrate table.
Table 8
Because the priority of the subpattern belonging to target ACL table item is less than the priority of subpattern 3, and Position Number is 16 ACL table item be idle list item.Therefore, the network equipment can add the target ACL table item into the idle list item.
Above the subpattern belonging to target ACL table item is the subpattern for not supporting priority, for target ACL table item institute The subpattern of category is the subpattern for supporting priority, and situation about adding into ACL chips looks at content as described below.
In the embodiment shown in the application, if the subpattern belonging to the target ACL table item is the son for supporting priority Pattern, then the network equipment can according to the priority of the target ACL table item, with the ACL submodules belonging to the target ACL table item The point of addition of the ACL table item is searched in the corresponding ACL table item region of formula;If the point of addition is idle list item, then The network equipment can add the target ACL table item to the idle list item.
For example, table 9 is referred to, table 9 is ACL table item in another kind of ACL chips shown in the exemplary embodiment of the application one Distributing position signal table.
Table 9
Assume that the pattern belonging to target ACL table item is IPv4, affiliated subpattern is each in subpattern 1, and subpattern 1 There is the relation of priority between ACL table item, the entitled a4 of the target ACL table item, numerical priority value is 4.Now by the mesh Mark ACL table item adds into the ACL chips shown in table 9.
Table 10 is referred to, table 10 is addition ACL table item in another kind of ACL chips shown in the exemplary embodiment of the application one Signal table.
Table 10
Because the priority of target ACL table item is 4, according to priority, can in the corresponding ACL table item region of subpattern 1 To find point of addition as the ACL table item that Position Number is 4, and the ACL table item is just idle list item, therefore the network equipment can So that target ACL table item to be added into the idle list item.
In the embodiment for illustrating of the application, if the point of addition that the network equipment finds is not idle list item, So the network equipment can start the counter for counting mobile number of times;Then from the corresponding addition position of target ACL table item Beginning is put, traversal searches the first direction and the ACL table item in second direction;If belonging to the ACL table item for finding Priority is supported in subpattern, then add one by the counter;If the subpattern belonging to the ACL table item for finding is not supported preferentially Level, then after the completion of the ACL table item traversal under the subpattern, add one by the counter.
Then the network equipment can compare the first movement number of times and the second movement number of times.If described first moves Dynamic number of times can move ACL table item until the addition position more than the described second movement number of times, the network equipment to the first direction The idle list item of generation is put, and the target ACL table item is added to the idle list item;If the first movement number of times is less than described Second movement number of times, ACL table item is moved until the point of addition is produced idle list item to the second direction, and by the target ACL table item is issued to the idle list item.
Wherein, when the network equipment is in mobile ACL table item, the network equipment can check son belonging to ACL table item to be moved Whether pattern supports priority;If it is then the network equipment can one by one be carried out all ACL table items that the subpattern is issued It is mobile;
If not, so when the moving direction of ACL table item is first direction, the network equipment can be to be moved by this ACL table item is moved to before under the subpattern first ACL table item;Or, first under the subpattern ACL table item it Front when there is no idle list item, the network equipment can be by the last item under other subpatterns of priority higher than the subpattern ACL table item is moved as ACL table item to be moved, is produced before first ACL table item under the subpattern empty Not busy list item.
When the moving direction of ACL table item is the second moving direction, the network equipment can move the ACL table item to be moved After moving the last item ACL table item to the subpattern;Or, after the last item ACL table item under the subpattern not When there is idle list item, the network equipment can be by first ACL table item under other subpatterns of priority less than the subpattern Move as ACL table item to be moved, after the last item ACL table item under the subpattern free list is produced .
For example, table 11 is referred to, table 11 is ACL table in another kind of ACL chips shown in the exemplary embodiment of the application one The signal table of the distributing position of item.
Table 11
Assume that the pattern belonging to target ACL table item is IPv4, affiliated subpattern is each in subpattern 2, and subpattern 2 There is the relation of priority between ACL table item, the entitled b8 of the target ACL table item, numerical priority value is 8.Now by the mesh Mark ACL table item adds into the ACL chips shown in table 11.
According to the priority of target ACL table item, the point of addition of the target ACL table item is position that Position Number is 12. Because subpattern 2 is the subpattern of support priority, when moving ACL table item to first direction, the first movement number of times is 7.Due to Subpattern 3 is the subpattern for not supporting priority, and when moving ACL table item to second direction, the second movement number of times is 1.
Table 12 is referred to, table 12 is addition ACL table item in another kind of ACL chips shown in the exemplary embodiment of the application one Signal table.
Table 12
Because the second movement number of times is less than the first movement number of times, moving direction is second direction, therefore the network equipment can be with It is subpattern 3 by subpattern, the ACL table item of the entitled c1 of ACL table item is moved to the position that Position Number is 16, and Position Number is 12 position reforms into the ACL table item of free time, and then the network equipment can just add target ACL table item to the idle list item.
Refer to table 13, table 13 be in another kind of ACL chips shown in the exemplary embodiment of the application one ACL table item point The signal table of cloth position.
Table 13
Assume that the pattern belonging to target ACL table item is IPv4, affiliated subpattern is each in subpattern 2, and subpattern 2 There is the relation of priority between ACL table item, the entitled b8 of the target ACL table item, numerical priority value is 2.Now by the mesh Mark ACL table item adds into the ACL chips shown in table 13.
According to the priority of target ACL table item, the point of addition of the target ACL table item is position that Position Number is 5.By It is the subpattern for supporting priority in subpattern 2, subpattern 1 is the subpattern for not supporting priority, and to first direction ACL is moved During list item, the first movement number of times is 2.Because subpattern 3 is not support the subpattern of priority, to second direction ACL table is moved Xiang Shi, the second movement number of times is 7.
Table 14 is referred to, table 14 is addition ACL table item in another kind of ACL chips shown in the exemplary embodiment of the application one Signal table.
Table 14
Because the first movement number of times is less than the second movement number of times, moving direction is first direction, therefore the network equipment can be with The ACL table item that Position Number is 5 is moved to first direction, due to no free time before first ACL table item under subpattern 2 List item, so needing the last item ACL table item (i.e. the ACL table item of the entitled a3 of list item) under subpattern 1 as to be moved List item, because subpattern 1 is not support the subpattern of priority, therefore the network equipment can be by the ACL table of the entitled a3 of list item Item is moved to before under subpattern 1 first ACL table item (i.e. the ACL table item of the entitled a1 of list item), and Position Number is 4 table Item has reformed into the list item of free time.Then the ACL table item of the entitled b1 of list item can be moved to Position Number for 4 by the network equipment Idle list item, Position Number be 5 list item reformed into free time list item.Then the network equipment can be by target ACL table item Add to the idle list item that Position Number is 5.
The technical scheme provided by above the application can be seen that by obtaining user by default pattern configurations interface For the ACL patterns that each section is pre-configured, and it is the pre-configured ACL submodules in each section by default subpattern configuration interface Formula;Wherein, at least one ACL subpatterns are included under same ACL patterns, ACL subpatterns include supporting ACL of priority Pattern and the ACL subpatterns of priority are not supported;The target ACL table item that user is configured by default ACL configuration interfaces is obtained, And the ACL patterns for the target ACL table item configuration and ACL subpatterns;In response to for bristling with anger under the target ACL table item Order, whether the subpattern for judging the target ACL table item is the ACL subpatterns for not supporting priority;If it is, by target ACL List item adds the idle list item into point of addition corresponding with the ACL subpatterns belonging to the ACL table item.
The configuration of subpattern, the ACL table of different purposes are carried out by the ACL table item to different purposes in same functional module Item corresponds respectively to different subpatterns.When subpattern does not support priority, add the ACL table item corresponding to the subpattern When, it is only necessary to the ACL table item of free time is searched in the position corresponding to the subpattern, then adds ACL table item to be added To idle ACL table item, such that it is able to improve efficiency during addition ACL table item.
It is corresponding with a kind of aforementioned embodiment of the method for ACL table item management, present invention also provides a kind of ACL table item pipe The embodiment of the device of reason.
A kind of embodiment of the device of ACL table item management of the application can be using on network devices.Device embodiment can To be realized by software, it is also possible to realized by way of hardware or software and hardware combining.As a example by implemented in software, as one Device on logical meaning, is by corresponding computer journey in nonvolatile memory by the processor of its place network equipment Sequence instruction reads what operation in internal memory was formed.It is a kind of ACL table item pipe of the application as shown in Figure 10 from for hardware view A kind of hardware structure diagram of the device place network equipment of reason, except the processor shown in Figure 10, internal memory, network interface and Outside nonvolatile memory, the actual functional capability that the network equipment that device is located in embodiment is managed generally according to the ACL table item, Other hardware can also be included, this is repeated no more.
Figure 11 is refer to, Figure 11 is a kind of device of the ACL table item management shown in the exemplary embodiment of the application one, is applied In the network equipment, described device includes:First acquisition unit 1110, second acquisition unit 1120, response unit 1130.
Wherein, the first acquisition unit 1110, is each section for obtaining user by default pattern configurations interface Pre-configured ACL patterns, and be the pre-configured ACL subpatterns in each section by default subpattern configuration interface;Wherein, together Include at least one ACL subpatterns under one ACL pattern, ACL subpatterns include supporting the ACL subpatterns of priority and do not prop up Hold the ACL subpatterns of priority;
The second acquisition unit 1120, for obtaining the target ACL table that user is configured by default ACL configuration interfaces , and the ACL patterns for the target ACL table item configuration and ACL subpatterns;
The response unit 1130, in response to for sending instructions under the target ACL table item, judging target ACL Whether the subpattern of list item is the ACL subpatterns for not supporting priority;If it is, by the target ACL table item add to the ACL The idle list item in the corresponding point of addition of ACL subpatterns belonging to list item.
In embodiments herein, the response unit 1130 specifically for:
Whether subpattern belonging to checking ACL table item to be moved supports priority;
If it is, all ACL table items under the subpattern are moved one by one;
If not, when moving direction is first direction, the ACL table item to be moved is moved under the subpattern Before one ACL table item;Or, when there is no idle list item before first ACL table item under the subpattern, by priority Move as ACL table item to be moved higher than the last item ACL table item under other subpatterns of the subpattern, Zhi Dao Idle list item is produced before first ACL table item under the subpattern;
When moving direction is second direction, the last item ACL table item to be moved being moved under the subpattern After ACL table item;Or, it is when there is no idle list item after the last item ACL table item under the subpattern, priority is low First ACL table item under other subpatterns of the subpattern is moved as ACL table item to be moved, until in the son Idle list item is produced after the last item ACL table item under pattern.
Meanwhile, the response unit 1130 also specifically for:
Start the counter for counting mobile number of times;
From the beginning of the corresponding point of addition of target ACL table item, traversal is searched in the first direction and second direction ACL table item;If priority is supported in the subpattern belonging to the ACL table item for finding, the counter is added one;If searched To ACL table item belonging to subpattern do not support priority, then under the subpattern ACL table item traversal after the completion of, this is counted Number device adds one.
The response unit 1130 is further used for:
If there is no idle list item in point of addition corresponding with the ACL subpatterns belonging to the target ACL table item, from this First ACL table item in point of addition starts, and counts to the first direction and moves ACL table item to produce in the point of addition First movement number of times of raw free time list item;And, move ACL table item to the second direction empty to produce in the point of addition Second movement number of times of not busy list item;
The comparison first movement number of times and the second movement number of times;
If the first movement number of times moves ACL table Xiang Zhi more than the described second movement number of times to the first direction Idle list item is produced in the point of addition, and the target ACL table item is issued to into the idle list item;
If the first movement number of times moves ACL table Xiang Zhi less than the described second movement number of times to the second direction Idle list item is produced in the point of addition, and the target ACL table item is issued to into the idle list item.
The response unit 1130 is further used for:
If the ACL subpatterns belonging to the target ACL table item are the ACL subpatterns for supporting priority, according to the ACL table item Priority, search adding for the ACL table item in ACL table item region corresponding with the ACL subpatterns belonging to the target ACL table item Plus position;
If the point of addition is idle list item, the ACL table item is added to the idle list item.
The response unit 1130 is further used for:
If the point of addition is not idle list item, from the beginning of the point of addition, counts and moved to the first direction Dynamic ACL table item moves number of times with idle list item is produced in the point of addition first;And, to second direction movement ACL table item moves number of times with idle list item is produced in the point of addition second;
The comparison first movement number of times and the second movement number of times;
If the first movement number of times moves ACL table Xiang Zhi more than the described second movement number of times to the first direction Idle list item is produced in the point of addition, and the target ACL table item is issued to into the idle list item;
If the first movement number of times moves ACL table Xiang Zhi less than the described second movement number of times to the second direction Idle list item is produced in the point of addition, and the target ACL table item is issued to into the idle list item.
The function of unit and effect realizes that process specifically refers in said method correspondence step in said apparatus Process is realized, be will not be described here.
For device embodiment, because it corresponds essentially to embodiment of the method, so related part is referring to method reality Apply the part explanation of example.Device embodiment described above is only schematic, wherein described as separating component The unit of explanation can be or may not be physically separate, can be as the part that unit shows or can also It is not physical location, you can be located at a place, or can also be distributed on multiple NEs.Can be according to reality Need the purpose for selecting some or all of module therein to realize application scheme.Those of ordinary skill in the art are not paying In the case of going out creative work, you can to understand and implement.
The preferred embodiment of the application is the foregoing is only, not to limit the application, all essences in the application Within god and principle, any modification, equivalent substitution and improvements done etc. should be included within the scope of the application protection.

Claims (12)

1. a kind of method of ACL table item management, is applied to the network equipment, pre-configured ACL in the ACL chips of the network equipment Table is divided into some sections, and each section includes some ACL table items, it is characterised in that include:
It is the pre-configured ACL patterns in each section by default pattern configurations interface to obtain user, and by default submodule Formula configuration interface is the pre-configured ACL subpatterns in each section;Wherein, at least one ACL submodules are included under same ACL patterns Formula, ACL subpatterns include the ACL subpatterns for supporting priority and the ACL subpatterns for not supporting priority;
The target ACL table item that acquisition user is configured by default ACL configuration interfaces, and configure for the target ACL table item ACL patterns and ACL subpatterns;
In response to for sending instructions under the target ACL table item, whether the subpattern for judging the target ACL table item is not support excellent The ACL subpatterns of first level;If it is, the target ACL table item is added to corresponding with the ACL subpatterns belonging to the ACL table item Idle list item in point of addition.
2. method according to claim 1, it is characterised in that the ACL subpatterns under same ACL patterns are preconfigured Corresponding priority, methods described also includes:
If there is no idle list item in point of addition corresponding with the ACL subpatterns belonging to the target ACL table item, from the addition First ACL table item in position starts, and counts to the first direction and moves ACL table item to produce sky in the point of addition First movement number of times of not busy list item;And, move ACL table item to produce free list in the point of addition to the second direction Second movement number of times of item;
The comparison first movement number of times and the second movement number of times;
If the first movement number of times moves ACL table item until this more than the described second movement number of times to the first direction Idle list item is produced in point of addition, and the target ACL table item is issued to into the idle list item;
If the first movement number of times moves ACL table item until this less than the described second movement number of times to the second direction Idle list item is produced in point of addition, and the target ACL table item is issued to into the idle list item.
3. method according to claim 2, it is characterised in that methods described also includes:
If the ACL subpatterns belonging to the target ACL table item are the ACL subpatterns for supporting priority, according to the excellent of the ACL table item First level, searches the addition position of the ACL table item in ACL table item region corresponding with the ACL subpatterns belonging to the target ACL table item Put;
If the point of addition is idle list item, the ACL table item is added to the idle list item.
4. method according to claim 3, it is characterised in that methods described also includes:
If the point of addition is not idle list item, from the beginning of the point of addition, counts to the first direction and move ACL List item moves number of times with idle list item is produced in the point of addition first;And, move ACL table item to the second direction To produce the second movement number of times of idle list item in the point of addition;
The comparison first movement number of times and the second movement number of times;
If the first movement number of times moves ACL table item until this more than the described second movement number of times to the first direction Idle list item is produced in point of addition, and the target ACL table item is issued to into the idle list item;
If the first movement number of times moves ACL table item until this less than the described second movement number of times to the second direction Idle list item is produced in point of addition, and the target ACL table item is issued to into the idle list item.
5. the method according to claim 2 and 4, it is characterised in that the mobile ACL table item, including:
Whether subpattern belonging to checking ACL table item to be moved supports priority;
If it is, all ACL table items under the subpattern are moved one by one;
If not, when moving direction is first direction, the first ACL table item to be moved is moved under the subpattern Before ACL table item;Or, when there is no idle list item before first ACL table item under the subpattern, it is higher than by priority The last item ACL table item under other subpatterns of the subpattern is moved as ACL table item to be moved, until in the son Idle list item is produced before first ACL table item under pattern;
When moving direction is second direction, the last item ACL table ACL table item to be moved being moved under the subpattern After;Or, when there is no idle list item after the last item ACL table item under the subpattern, priority is less than should First ACL table item under other subpatterns of subpattern is moved as ACL table item to be moved, until in the subpattern Under the last item ACL table item after produce idle list item.
6. the method according to claim 2 and 4, it is characterised in that count to the first direction move ACL table item with The first movement number of times of idle list item is produced in the ACL table item region;And, to the second direction move ACL table item with The second movement number of times of idle list item is produced in the ACL table item region, including:
Start the counter for counting mobile number of times;
From the beginning of the corresponding point of addition of target ACL table item, traversal searches the first direction and the ACL in second direction List item;If priority is supported in the subpattern belonging to the ACL table item for finding, the counter is added one;If found Priority is not supported in subpattern belonging to ACL table item, then after the completion of the ACL table item traversal under the subpattern, by the counter Plus one.
7. a kind of device of ACL table item management, is applied to the network equipment, pre-configured ACL in the ACL chips of the network equipment Table is divided into some sections, and each section includes some ACL table items, it is characterised in that include:
First acquisition unit, is the pre-configured ACL patterns in each section for obtaining user by default pattern configurations interface, with And by default subpattern configuration interface be the pre-configured ACL subpatterns in each section;Wherein, include under same ACL patterns At least one ACL subpatterns, ACL subpatterns include the ACL subpatterns for supporting priority and the ACL submodules for not supporting priority Formula;
Second acquisition unit, for obtaining the target ACL table item that user is configured by default ACL configuration interfaces, and for this The ACL patterns of target ACL table item configuration and ACL subpatterns;
Response unit, in response to for sending instructions under the target ACL table item, judging the subpattern of the target ACL table item Whether it is the ACL subpatterns for not supporting priority;If it is, by the target ACL table item add to belonging to the ACL table item Idle list item in the corresponding point of addition of ACL subpatterns.
8. device according to claim 7, it is characterised in that include:
The response unit is further used for:
If there is no idle list item in point of addition corresponding with the ACL subpatterns belonging to the target ACL table item, from the addition First ACL table item in position starts, and counts to the first direction and moves ACL table item to produce sky in the point of addition First movement number of times of not busy list item;And, move ACL table item to produce free list in the point of addition to the second direction Second movement number of times of item;
The comparison first movement number of times and the second movement number of times;
If the first movement number of times moves ACL table item until this more than the described second movement number of times to the first direction Idle list item is produced in point of addition, and the target ACL table item is issued to into the idle list item;
If the first movement number of times moves ACL table item until this less than the described second movement number of times to the second direction Idle list item is produced in point of addition, and the target ACL table item is issued to into the idle list item.
9. device according to claim 8, it is characterised in that include:
The response unit is further used for:
If the ACL subpatterns belonging to the target ACL table item are the ACL subpatterns for supporting priority, according to the excellent of the ACL table item First level, searches the addition position of the ACL table item in ACL table item region corresponding with the ACL subpatterns belonging to the target ACL table item Put;
If the point of addition is idle list item, the ACL table item is added to the idle list item.
10. device according to claim 9, it is characterised in that include:
The response unit is further used for:
If the point of addition is not idle list item, from the beginning of the point of addition, counts to the first direction and move ACL List item moves number of times with idle list item is produced in the point of addition first;And, move ACL table item to the second direction To produce the second movement number of times of idle list item in the point of addition;
The comparison first movement number of times and the second movement number of times;
If the first movement number of times moves ACL table item until this more than the described second movement number of times to the first direction Idle list item is produced in point of addition, and the target ACL table item is issued to into the idle list item;
If the first movement number of times moves ACL table item until this less than the described second movement number of times to the second direction Idle list item is produced in point of addition, and the target ACL table item is issued to into the idle list item.
11. devices according to claim 8 and 10, it is characterised in that the mobile ACL table item, including:
The response unit specifically for:
Whether subpattern belonging to checking ACL table item to be moved supports priority;
If it is, all ACL table items under the subpattern are moved one by one;
If not, when moving direction is first direction, the first ACL table item to be moved is moved under the subpattern Before ACL table item;Or, when there is no idle list item before first ACL table item under the subpattern, it is higher than by priority The last item ACL table item under other subpatterns of the subpattern is moved as ACL table item to be moved, until in the son Idle list item is produced before first ACL table item under pattern;
When moving direction is second direction, the last item ACL table ACL table item to be moved being moved under the subpattern After;Or, when there is no idle list item after the last item ACL table item under the subpattern, priority is less than should First ACL table item under other subpatterns of subpattern is moved as ACL table item to be moved, until in the subpattern Under the last item ACL table item after produce idle list item.
12. devices according to claim 8 and 10, it is characterised in that count to the first direction move ACL table item with The first movement number of times of idle list item is produced in the ACL table item region;And, to the second direction move ACL table item with The second movement number of times of idle list item is produced in the ACL table item region, including:
The response unit specifically for:
Start the counter for counting mobile number of times;
From the beginning of the corresponding point of addition of target ACL table item, traversal searches the first direction and the ACL in second direction List item;If priority is supported in the subpattern belonging to the ACL table item for finding, the counter is added one;If found Priority is not supported in subpattern belonging to ACL table item, then after the completion of the ACL table item traversal under the subpattern, by the counter Plus one.
CN201611250006.XA 2016-12-29 2016-12-29 A kind of method and apparatus of ACL table item management Active CN106603302B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611250006.XA CN106603302B (en) 2016-12-29 2016-12-29 A kind of method and apparatus of ACL table item management

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611250006.XA CN106603302B (en) 2016-12-29 2016-12-29 A kind of method and apparatus of ACL table item management

Publications (2)

Publication Number Publication Date
CN106603302A true CN106603302A (en) 2017-04-26
CN106603302B CN106603302B (en) 2019-11-12

Family

ID=58603979

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611250006.XA Active CN106603302B (en) 2016-12-29 2016-12-29 A kind of method and apparatus of ACL table item management

Country Status (1)

Country Link
CN (1) CN106603302B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109067585A (en) * 2018-08-15 2018-12-21 杭州迪普科技股份有限公司 A kind of inquiry ACL table item delivery method and device
CN109150686A (en) * 2018-09-07 2019-01-04 迈普通信技术股份有限公司 ACL table item delivery method, device and the network equipment
CN110191135A (en) * 2019-06-11 2019-08-30 杭州迪普信息技术有限公司 ACL configuration method, device, electronic equipment
CN110896380A (en) * 2019-11-28 2020-03-20 迈普通信技术股份有限公司 Flow table screening method and device, electronic equipment and readable storage medium
CN115865839A (en) * 2023-01-20 2023-03-28 苏州浪潮智能科技有限公司 ACL management method, device, communication equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101039271A (en) * 2007-03-20 2007-09-19 华为技术有限公司 Method and apparatus for taking effect rules of access control list
CN101447940A (en) * 2008-12-23 2009-06-03 杭州华三通信技术有限公司 Method and device for updating access control list rules
CN102857510A (en) * 2012-09-18 2013-01-02 杭州华三通信技术有限公司 Method and device for issuing ACL (access control list) items
CN103001793A (en) * 2012-10-26 2013-03-27 杭州迪普科技有限公司 Method and device for managing ACL (access control list)
JP2015064684A (en) * 2013-09-24 2015-04-09 日本電気株式会社 Access control device, access control method, and access control program

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101039271A (en) * 2007-03-20 2007-09-19 华为技术有限公司 Method and apparatus for taking effect rules of access control list
CN101447940A (en) * 2008-12-23 2009-06-03 杭州华三通信技术有限公司 Method and device for updating access control list rules
CN102857510A (en) * 2012-09-18 2013-01-02 杭州华三通信技术有限公司 Method and device for issuing ACL (access control list) items
CN103001793A (en) * 2012-10-26 2013-03-27 杭州迪普科技有限公司 Method and device for managing ACL (access control list)
JP2015064684A (en) * 2013-09-24 2015-04-09 日本電気株式会社 Access control device, access control method, and access control program

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109067585A (en) * 2018-08-15 2018-12-21 杭州迪普科技股份有限公司 A kind of inquiry ACL table item delivery method and device
CN109067585B (en) * 2018-08-15 2021-11-23 杭州迪普科技股份有限公司 Method and device for issuing query ACL (access control list) table items
CN109150686A (en) * 2018-09-07 2019-01-04 迈普通信技术股份有限公司 ACL table item delivery method, device and the network equipment
CN109150686B (en) * 2018-09-07 2020-12-22 迈普通信技术股份有限公司 ACL (access control list) table item issuing method, device and network equipment
CN110191135A (en) * 2019-06-11 2019-08-30 杭州迪普信息技术有限公司 ACL configuration method, device, electronic equipment
CN110191135B (en) * 2019-06-11 2021-09-21 杭州迪普信息技术有限公司 ACL configuration method, device and electronic equipment
CN110896380A (en) * 2019-11-28 2020-03-20 迈普通信技术股份有限公司 Flow table screening method and device, electronic equipment and readable storage medium
CN110896380B (en) * 2019-11-28 2021-09-17 迈普通信技术股份有限公司 Flow table screening method and device, electronic equipment and readable storage medium
CN115865839A (en) * 2023-01-20 2023-03-28 苏州浪潮智能科技有限公司 ACL management method, device, communication equipment and storage medium

Also Published As

Publication number Publication date
CN106603302B (en) 2019-11-12

Similar Documents

Publication Publication Date Title
CN106603302A (en) Method and device of ACL table item management
US7606236B2 (en) Forwarding information base lookup method
RU2442210C2 (en) The methods and devices for performance of the operations on the tree of channel
US20080256455A1 (en) Method for Defining the Physical Configuration of a Communication System
CN105045871B (en) Data aggregate querying method and device
US6625612B1 (en) Deterministic search algorithm
CN101572726A (en) Method and apparatus for hierarchical routing in multiprocessor mesh-based systems
CN104168170A (en) packet switching device and method
EP1730661A2 (en) Block-based processing in a packet-based reconfigurable architecture
CN110166277A (en) A kind of method of order line order tree constructing method and order line dynamically load
CN103336782A (en) Relational distributed database system
CN111277612A (en) Network message processing strategy generation method, system and medium
CN104572994B (en) Method and apparatus for searching for data
CN114781316A (en) Networking layout method, device, equipment and storage medium
JP5108011B2 (en) System, method, and computer program for reducing message flow between bus-connected consumers and producers
CN101980487B (en) Method and device for selecting exit of route
CN101349974B (en) Method for improving multi-core CPU processing ability in distributed system
US20050149890A1 (en) Programming reconfigurable packetized networks
CN1964324A (en) A method for carrying out automatic selection of packet classification algorithm
CN115701145A (en) Traffic management method, device, equipment and computer readable storage medium
KR20220080872A (en) Apparatus for increasing reception amount of can message of vehicle and method thereof
CN104598385B (en) Memory allocation method and device
CN112910776A (en) Data forwarding method, device, equipment and medium
CN112804150A (en) Method and system for realizing distributed hierarchical routing forwarding table
CN102662888A (en) System for controlling multi-user parallel operation of TCAM, and control method thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant