CN106603302B - A kind of method and apparatus of ACL table item management - Google Patents

A kind of method and apparatus of ACL table item management Download PDF

Info

Publication number
CN106603302B
CN106603302B CN201611250006.XA CN201611250006A CN106603302B CN 106603302 B CN106603302 B CN 106603302B CN 201611250006 A CN201611250006 A CN 201611250006A CN 106603302 B CN106603302 B CN 106603302B
Authority
CN
China
Prior art keywords
acl
table item
subpattern
acl table
item
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201611250006.XA
Other languages
Chinese (zh)
Other versions
CN106603302A (en
Inventor
符志清
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou DPTech Technologies Co Ltd
Original Assignee
Hangzhou DPTech Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou DPTech Technologies Co Ltd filed Critical Hangzhou DPTech Technologies Co Ltd
Priority to CN201611250006.XA priority Critical patent/CN106603302B/en
Publication of CN106603302A publication Critical patent/CN106603302A/en
Application granted granted Critical
Publication of CN106603302B publication Critical patent/CN106603302B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/50Network service management, e.g. ensuring proper service fulfilment according to agreements
    • H04L41/5003Managing SLA; Interaction between SLA and QoS
    • H04L41/5019Ensuring fulfilment of SLA
    • H04L41/5022Ensuring fulfilment of SLA by giving priorities, e.g. assigning classes of service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]

Abstract

The application provides a kind of method and apparatus of ACL table item management.It the described method includes: obtaining the ACL mode that user is pre-configured by preset pattern configurations interface for each section, and is the ACL subpattern of each section pre-configuration by preset subpattern configuration interface;Wherein, include at least one ACL subpattern under the same ACL mode, include the ACL subpattern for supporting priority and the ACL subpattern for not supporting priority in ACL subpattern;Obtain the target ACL table item that user is configured by preset ACL configuration interface, and ACL mode and ACL subpattern for target ACL table item configuration;In response to judging whether the subpattern of the target ACL table item is the ACL subpattern for not supporting priority for sending instructions under the target ACL table item;If so, the target ACL table item is added to the idle list item in point of addition corresponding with ACL subpattern belonging to the ACL table item, to improve the efficiency of addition ACL table item.

Description

A kind of method and apparatus of ACL table item management
Technical field
This application involves network communication technology field, in particular to a kind of method and apparatus of ACL table item management.
Background technique
ACL (Access Control List, accesses control list) is a kind of flow access control technology, by A series of list item of specified message matching conditions and Message processing movement is set in the message forwarding path in the network equipment, with reality The function of specific control is now carried out to special packet.
Acl feature can be realized by software and hardware, wherein hardware ACL is also known as ACL chip.ACL chip has Fireballing advantage, is therefore widely used in the network equipment.However, there is the storage resource of ACL table item in ACL chip Limit, therefore, the storage resource for ACL table item of making rational planning for seems particularly significant.
Summary of the invention
In view of this, the application provides a kind of method and apparatus of ACL table item management, it is applied in the network equipment, is used for Improve the service efficiency of the storage resource of ACL table item.
Specifically, the application is achieved by the following technical solution:
A kind of method of ACL table item management is applied to the network equipment, is pre-configured in the ACL chip of the network equipment ACL table is divided into several sections, and each section includes several ACL table items, comprising:
The ACL mode that user is pre-configured by preset pattern configurations interface for each section is obtained, and by preset Subpattern configuration interface is the ACL subpattern that each section is pre-configured;It wherein, include at least one ACL under the same ACL mode Mode includes the ACL subpattern for supporting priority and the ACL subpattern for not supporting priority in ACL subpattern;
The target ACL table item that user is configured by preset ACL configuration interface is obtained, and is matched for the target ACL table item The ACL mode and ACL subpattern set;
In response to judging whether the subpattern of the target ACL table item is not prop up for sending instructions under the target ACL table item Hold the ACL subpattern of priority;If so, the target ACL table item is added to and ACL subpattern pair belonging to the ACL table item Idle list item in the point of addition answered.
A kind of device of ACL table item management is applied to the network equipment, is pre-configured in the ACL chip of the network equipment ACL table is divided into several sections, and each section includes several ACL table items, comprising:
First acquisition unit, the ACL mould being pre-configured for obtaining user by preset pattern configurations interface for each section Formula, and the ACL subpattern being pre-configured by preset subpattern configuration interface for each section;Wherein, under the same ACL mode It include the ACL subpattern for supporting priority and the ACL for not supporting priority in ACL subpattern including at least one ACL subpattern Subpattern;
Second acquisition unit, the target ACL table item configured for obtaining user by preset ACL configuration interface, and For the ACL mode and ACL subpattern of target ACL table item configuration;
Response unit, in response to judging the son of the target ACL table item for sending instructions under the target ACL table item Whether mode is the ACL subpattern for not supporting priority;If so, by the target ACL table item be added to belonging to the ACL table item The corresponding point of addition of ACL subpattern in idle list item.
The configuration of subpattern, the ACL table of different purposes are carried out by the ACL table item to purposes different in same functional module Item corresponds respectively to different subpatterns.When subpattern does not support priority, addition corresponds to the ACL table item of the subpattern When, it is only necessary to idle ACL table item is searched in the position for corresponding to the subpattern, then adds ACL table item to be added To idle ACL table item, so as to improve efficiency when addition ACL table item.
Detailed description of the invention
Fig. 1 be shown in one exemplary embodiment of the application in the prior art, a kind of addition position of ACL table item in section Set schematic diagram;
Fig. 2 is after the quantity of section in the prior art shown in one exemplary embodiment of the application changes, and a kind of ACL table item exists Point of addition schematic diagram in section;
Fig. 3 is point of addition schematic diagram of a kind of ACL table item in section shown in one exemplary embodiment of the application;
Fig. 4 is a kind of ACL table item adding in section after the section quantity shown in one exemplary embodiment of the application changes Add position view;
Fig. 5 be one exemplary embodiment of the application shown in a kind of ACL chip in ACL table item management method flow diagram;
Fig. 6 is a kind of schematic diagram of section pattern configurations shown in one exemplary embodiment of the application;
Fig. 7 is a kind of subpattern configuration interface schematic diagram shown in one exemplary embodiment of the application;
Fig. 8 is another subpattern configuration interface schematic diagram shown in one exemplary embodiment of the application;
Fig. 9 is a kind of ACL configuration interface schematic diagram shown in one exemplary embodiment of the application;
Figure 10 is a kind of hardware structure diagram of the network equipment where a kind of device of ACL table item management of the application;
Figure 11 is a kind of device of ACL table item management shown in one exemplary embodiment of the application.
Specific embodiment
Example embodiments are described in detail here, and the example is illustrated in the accompanying drawings.Following description is related to When attached drawing, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements.Following exemplary embodiment Described in embodiment do not represent all embodiments consistent with the application.On the contrary, they be only with it is such as appended The example of the consistent device and method of some aspects be described in detail in claims, the application.
It is only to be not intended to be limiting the application merely for for the purpose of describing particular embodiments in term used in this application. It is also intended in the application and the "an" of singular used in the attached claims, " described " and "the" including majority Form, unless the context clearly indicates other meaning.It is also understood that term "and/or" used herein refers to and wraps It may be combined containing one or more associated any or all of project listed.
It will be appreciated that though various information, but this may be described using term first, second, third, etc. in the application A little information should not necessarily be limited by these terms.These terms are only used to for same type of information being distinguished from each other out.For example, not departing from In the case where the application range, the first information can also be referred to as the second information, and similarly, the second information can also be referred to as One information.Depending on context, word as used in this " if " can be construed to " ... when " or " when ... When " or " in response to determination ".
In the prior art, for the ease of the management to the ACL table item in ACL chip, usually by the ACL in ACL chip Table is divided, and ACL table is divided into several sections, wherein includes several ACL table items in each section.Each The quantity of ACL table item in section can be equal, can also be unequal, and usual manufacturer is when making ACL chip, usually by each ACL quantity in area keeps equal.
Due to needing have much in the network equipment using the functional module of ACL table item, used between different function module ACL table item needs distinguish, and therefore, when distributing ACL table item resource, needs are usually distributed in a manner of section makes With the functional module of ACL table item.It needs using the more module of ACL table item quantity, the quantity of the section of occupancy will more one Point;The module using ACL table item small number is needed, the quantity chance of the section of occupancy is a little less.
In the prior art, user can be right in configuration interface by starting the configuration software loaded on the network equipment The mode of the ACL table item of each section is configured, and issues configuration-direct, the ACL table item that equipment can automatically to section Mode configured.
In the prior art, being issued to each of ACL chip ACL table Xiang Jun has priority, therefore often issues one When ACL table item is added in corresponding section, equipment is required to by comparing the ACL table item issued in corresponding section Then priority finds the ACL table item of corresponding free time, ACL table item to be added is added in the ACL table item of the free time. If not finding the ACL table item of corresponding free time, need for priority to be not more than the priority of ACL table item to be added ACL table item moved one by one.
Wherein, in the ACL table item of same functional module, there is also the ACL table item of different purposes, the ACL tables of different purposes There are priority between, according to the height of the priority of the ACL table item of different purposes, by priority it is high be added to priority Before low.
In the prior art, if the section quantity for distributing to a certain functional module is 1, the ACL table of the functional module ACL table item comprising two kinds of different purposes in, the ACL table of second of purposes of priority ratio of the ACL table item of the first purposes The priority of item is high, then the ACL table item that the ACL table item of the first half in the section distributes to the first purposes uses, it is latter The ACL table item that half ACL table item distributes to second of purposes uses.If in the ACL table item of the functional module not comprising three kinds With the ACL table item of purposes, then the sequence according to priority from high in the end, the ACL table item of various difference purposes occupies three/ One ACL table item quantity, and so on.
In addition, in the network device, different functional modules can't often be run simultaneously, and in different time sections, respectively The quantity of ACL table item required for functional module is also unequal, therefore user would generally be as needed to the section in ACL chip The mode of ACL table item reconfigured.
In the prior art, after the mode of the ACL table item of section is reconfigured, the ACL table that had originally issued Item just needs the mode according to belonging to the ACL table item, and mobile ACL table item will be partially needed in the ACL table item, moves integrally extremely In section corresponding to the ACL table item.
Referring to Figure 1, Fig. 1 be shown in one exemplary embodiment of the application in the prior art, a kind of ACL table item is in section In point of addition schematic diagram.
Fig. 2 is referred to, Fig. 2 is after the quantity of section in the prior art shown in one exemplary embodiment of the application changes one Point of addition schematic diagram of the kind ACL table item in section.
It can be seen that from Fig. 1 and Fig. 2 in the prior art, when the corresponding section quantity of a certain functional module of change, ACL table item through issuing situation of change in section.
It for example, the ACL table item when a certain functional module occupies 1 section, and include two in the ACL table item of the functional module The ACL table item of kind different purposes, the ACL table item of the first purposes occupy the first half ACL table item in the section, second purposes ACL table item occupies the later half ACL table item in the section.When the section that the ACL table item of the functional module occupies is from original 1 Section becomes 2 sections, then the ACL table item of every kind of purposes occupies a section.It has been issued in so original section The ACL table item of second of purposes needs integral translation into the ACL table item of second section of the present functional module.
In conclusion in the prior art, having the following problems.
Since in the prior art, when issuing any bar ACL table item, equipment is required to the priority according to the ACL table item Corresponding point of addition is found in corresponding section, when being occupied by another ACL table item in the point of addition, is needed Mobile corresponding ACL table item, makes the point of addition become idle ACL table item.However in the prior art, some ACL table items Between do not need distinguish priority, for such ACL table item, add to correspond to the ACL table item section in free time ACL table item in, therefore, ACL table items of priority are needed not distinguish between still using providing in the prior art for these Scheme, the working efficiency of equipment is high.
On the other hand, in the prior art, the species number of the ACL table item of different purposes depending on the application in same functional module Amount, averagely occupies the ACL table item being allocated in the section of the functional module.When the section quantity for being allocated in the functional module changes When, the ACL table item originally issued needs to carry out integral translation.Therefore scheme in the prior art is used, function mould is adjusted When the section quantity that block occupies, equipment needs the ACL table item issued carrying out integral translation, to increase the negative of equipment Load.
In order to solve the problems in the prior art, this application provides a kind of method of ACL table item management in ACL chip, Applied to the network equipment, the ACL mode being pre-configured by obtaining user by preset pattern configurations interface for each section, and It is the ACL subpattern that each section is pre-configured by preset subpattern configuration interface;It wherein, include extremely under the same ACL mode Lack an ACL subpattern, includes the ACL subpattern for supporting priority and the ACL submodule for not supporting priority in ACL subpattern Formula;The target ACL table item that user is configured by preset ACL configuration interface is obtained, and is target ACL table item configuration ACL mode and ACL subpattern;In response to judging the submodule of the target ACL table item for sending instructions under the target ACL table item Whether formula is the ACL subpattern for not supporting priority;If so, by the target ACL table item be added to belonging to the ACL table item Idle list item in the corresponding point of addition of ACL subpattern.
On the one hand, the configuration of subpattern, different purposes are carried out by the ACL table item to purposes different in same functional module ACL table item correspond respectively to different subpatterns.When subpattern does not support priority, addition corresponds to the subpattern When ACL table item, it is only necessary to idle ACL table item is searched in the position for corresponding to the subpattern, then by ACL table to be added Item is added to idle ACL table item.Only when in the position for corresponding to the subpattern without idle list item, just needs carry out by The ACL table item issued is translated, therefore can be to avoid in the prior art, corresponding to also free in the position of the subpattern Not busy ACL table item, but ACL table item to be added is occupied by other ACL table items due to point of addition corresponding with priority, can only will ACL table item is translated, and the point of addition is then become idle ACL table item, and cannot be added to corresponding to the subpattern Position in other idle ACL table items in situation, so as to improve efficiency when addition ACL table item.
Fig. 3 is referred to, Fig. 3 is addition position of a kind of ACL table item in section shown in one exemplary embodiment of the application Set schematic diagram.
Refer to Fig. 4, Fig. 4 is after the section quantity shown in one exemplary embodiment of the application changes, and a kind of ACL table item exists Point of addition schematic diagram in section.
It can be seen that in technical solution provided by the present application from Fig. 3 and Fig. 4, the section quantity of a certain functional mode changes After change, change situation of the ACL table item in section.
Using the technical solution shown in the application, after the section quantity of a certain functional module changes, do not need it is mobile with And the ACL table item issued, there is likely to be idle sections in the section that sometimes functional module is occupied, in such situation Under, when another functional module needs more ACL table item resources, directly the section of the free time can be reconfigured, by this The functional module for needing more ACL table item resources is distributed in idle section, so as to avoid the ACL table item issued It is mobile.
Refer to Fig. 5, Fig. 5 is the side of ACL table item management in a kind of ACL chip shown in one exemplary embodiment of the application Method flow chart.
Step 501: obtaining the ACL mode that user is pre-configured by preset pattern configurations interface for each section, Yi Jitong Crossing preset subpattern configuration interface is the ACL subpattern that each section is pre-configured;It wherein, include at least under the same ACL mode One ACL subpattern includes the ACL subpattern for supporting priority and the ACL subpattern for not supporting priority in ACL subpattern.
Fig. 6 is referred to, Fig. 6 is a kind of schematic diagram of section pattern configurations shown in one exemplary embodiment of the application.
In this application, subpattern is defined as to the ACL table item of the different purposes of same functional module, in a mode extremely It less include a subpattern.
In the embodiment shown in the application, user can load the plug-in unit of ACL table item configuration on network devices, so After start the plug-in unit.After the plug-in unit starts successfully, section pattern configurations shown in fig. 6 interface can be shown in the user interface, Include section serial number in the interface, and matches corresponding to the pattern configurations option of each section and the subpattern corresponding to each mode Set option.Then user can select the mould needed to configure in the configuration interface midpoint blow mode option in the mode of offer Formula.
After the completion of the pattern configurations to section, subpattern option can be clicked, the subpattern of the section mode is carried out Configuration.
For example, being stream defining mode by the corresponding section pattern configurations of stream defined function module, it is fixed then will to correspond to stream The subpattern of adopted mode is configured to stream definition white list subpattern and entrance stream defines subpattern.
In this application, there are two class functional modules, one kind is the functional module that inside modules issue ACL table item automatically, This kind of functional modules correspond to the ACL table item nothing of the functional module due to ACL table item quantity required for can not determining Method adjustment.Another kind of is that user can need flexible with the functional module of manual configuration, this kind of functional modules according to user ACL table item inside ground adjustment.
Inside modules are issued with the functional module of ACL table item automatically, subpattern is that system is pre-configured, and user cannot be right The subpattern is modified, and can only be checked by being between each ACL table item in the priority relationship and subpattern between subpattern It is no that there are the relationships of priority.Can be with the functional module of manual configuration for user, the subpattern corresponding to the functional module can With manual configuration, user can not only modify the priority between subpattern, can also increase and decrease subpattern, in addition it can which son is arranged It whether there is the relationship of priority in mode between each ACL table item.
Fig. 7 is referred to, Fig. 7 is a kind of subpattern configuration interface schematic diagram shown in one exemplary embodiment of the application.
Subpattern configuration interface as shown in Figure 7 can be shown when the user clicks after subpattern option, in user interface.
Wherein, the subpattern shown in subpattern configuration interface shown in Fig. 7 be it is preconfigured, belonging to the subpattern Functional module be pre-configured, user can not modify to subpattern, can only check the relevant parameter of subpattern.
Fig. 8 is referred to, Fig. 8 is another subpattern configuration interface schematic diagram shown in one exemplary embodiment of the application.
Wherein, the subpattern shown in subpattern configuration interface shown in Fig. 8 can be with manual configuration.User can specify son The title of mode can pass throughSub- subpattern is pulled to adjust the priority between subpattern, can be passed throughTo create New subpattern can pass throughUnwanted subpattern is deleted, can also pass through selectionOrTo specify submodule It whether there is the relationship of priority in formula between each ACL table item, whereinIndicate unchecked state,Indicate the shape chosen State.
When user completes the pattern configurations of each section, and after the completion of also configuring to the subpattern in each mode, user is just ACL table item can be configured.
Step 502: obtaining the target ACL table item that user is configured by preset ACL configuration interface, and be the target The ACL mode and ACL subpattern of ACL table item configuration.
Fig. 9 is referred to, Fig. 9 is a kind of ACL configuration interface schematic diagram shown in one exemplary embodiment of the application.
When user configures the Pattern completion of each section, and after the completion of also being configured to the subpattern in each mode, Yong Huke To start ACL configuration software, ACL configuration interface shown in Fig. 9 then can be shown in the user interface.
User can carry out the configuration of target ACL table item in ACL configuration interface.Specifically, user can be to target ACL List item configures mode corresponding with the target ACL table item and subpattern, if each in subpattern belonging to the target ACL table item There are the relationships of priority between ACL table item, then user can be to the size of the target ACL table item assigned priority numerical value; If the relationship of priority is not present between each ACL table item in subpattern belonging to the target ACL table item, user is just not Need the size to the target ACL table item assigned priority numerical value.
In the embodiment shown in the application, user completes with postponing target ACL table item, and user can be by the target ACL table item issues.Specifically, it can be clicked in user and preset in ACL configuration interface issue button.It clicks this and issues button Afterwards, the ACL configuration software of the network equipment can trigger sends instructions under one.Send instructions under this and can be addition target ACL table item, Delete target ACL table item modifies target ACL table item, mobile target ACL table item etc..Main description addition mesh in the present embodiment The case where marking ACL table item.
Step 503: in response to judging that the subpattern of the target ACL table item is for sending instructions under the target ACL table item No is the ACL subpattern for not supporting priority;If so, the target ACL table item is added to and ACL belonging to the ACL table item Idle list item in the corresponding point of addition of subpattern.
Wherein, in this application, when the subpattern belonging to the target ACL table item is not support the subpattern of priority, that The point of addition is subpattern corresponding ACL table item region belonging to the target ACL table item.Belonging to target ACL table item Subpattern be support priority subpattern when, then the point of addition be the target ACL table item belonging to subpattern pair In the ACL table item region answered, a position corresponding with the target ACL table item.
After the ACL configuration software of the network equipment, which triggers, to send instructions under one, the network equipment can respond to send instructions under this. Specifically, the network equipment can send instructions under this it is middle obtain target ACL table item information, by mainly describing in this present embodiment Add target ACL table item the case where, therefore the network equipment can send instructions under this in get target ACL table item addition letter Breath.
Then the network equipment may determine that the target ACL table item belongs to belonging to any mode and the target ACL table item Subpattern.After the network equipment has determined mode belonging to the target ACL table item and subpattern, the network equipment can be in ACL In chip from the beginning, which is matched with the ACL table item in ACL chip, is found in ACL chip With mode identical ACL table item region belonging to the target ACL table item.
When the network equipment is found and mode identical ACL table item region belonging to the target ACL table item in ACL chip When, the network equipment can search ACL corresponding with subpattern belonging to the target ACL table item in the ACL table item region found List item region.
Wherein, in this application, there are priority between each subpattern in same module, and priority is higher, subpattern In the corresponding Position Number of ACL table item it is smaller.
If the network equipment find with subpattern corresponding ACL table item region belonging to the target ACL table item, The network equipment may determine that the relationship that whether there is priority in subpattern belonging to the target ACL table item between each ACL table item. If there is no the relationship of priority, then the network equipment can the corresponding addition of subpattern belonging to the target ACL table item It is searched whether in position in the presence of idle ACL table item.If it is present, the network equipment can add the target ACL table item Into the ACL table item of the free time.
For example, referring to table 1, table 1 is ACL table item point in a kind of ACL chip shown in one exemplary embodiment of the application The schematic table of cloth position.
Table 1
It is assumed that mode belonging to the target ACL table item is IPv4, affiliated subpattern is subpattern 2, and in subpattern 2 The relationship of priority, the entitled b8 of the target ACL table item are not present between each ACL table item.Now by target ACL table Xiang Tian It adds in ACL chip.
Table 2 is referred to, table 2 is a kind of schematic table of addition ACL table item shown in one exemplary embodiment of the application.
Table 2 is the distribution of each ACL table item in ACL chip after adding the target ACL table item in the ACL shown in table 1 Situation.
Table 2
Priority relationship, Position Number is not present in the subpattern as belonging to the target ACL table item between each ACL table item Place for 3 is just idle ACL table item, therefore directly ACL table item can be issued in the ACL table item of the free time.
In this way, the network equipment does not need to match the priority of the target ACL table item, as long as finding and the mesh The idle list item in the corresponding ACL table item of subpattern belonging to ACL table item is marked, the target ACL table item is then added to the sky In not busy ACL table item, therefore the efficiency of network equipment addition ACL table item can be improved.
In this application, if with not deposited in ACL subpattern corresponding ACL table item region belonging to the target ACL table item In idle list item, the network equipment can star the counter for counting mobile number, then from the target ACL table item region First ACL table item starts, and traversal searches the ACL table item in the first direction and second direction;If the ACL found Priority is supported in subpattern belonging to list item, then the counter is added one;If subpattern belonging to the ACL table item found is not It supports priority, then after the completion of the ACL table item under the subpattern traverses, which is added one.
Then the first movement for generating idle list item in the point of addition to the mobile ACL table item of the first direction is counted Number;And the mobile ACL table item of Xiang Suoshu second direction is in the second mobile number of the idle list item of point of addition generation. Then the first movement number and the second mobile number.
If the first movement number is greater than the described second mobile number, the network equipment can be moved to the second direction Dynamic ACL table item generates free time list item until the point of addition, and the target ACL table item is issued to the free time list item.
If the first movement number is less than the described second mobile number, the network equipment can be moved to the second direction Dynamic ACL table item generates free time list item until the point of addition, and the target ACL table item is issued to the free time list item.
Wherein, when the network equipment is in mobile ACL table item, the network equipment can check son belonging to ACL table item to be moved Whether mode supports priority;If it is then the network equipment can move all ACL table items under the subpattern one by one It is dynamic;
If not, the network equipment can be to be moved by this so when the moving direction of ACL table item is first direction ACL table item is moved to before first under the subpattern ACL table item;Alternatively, first ACL table item under the subpattern it When the preceding list item there is no the free time, priority can be higher than the last item under other subpatterns of the subpattern by the network equipment ACL table item is moved as ACL table item to be moved, is generated until first ACL table item under the subpattern empty Not busy list item.
When the moving direction of ACL table item is the second moving direction, the network equipment can be moved the ACL table item to be moved After moving the last item ACL table item to the subpattern;Alternatively, after the last item ACL table item under the subpattern not There are when idle list item, the network equipment can be by priority lower than first ACL table item under other subpatterns of the subpattern It is moved as ACL table item to be moved, generates free list until the last item ACL table item under the subpattern .
In the present embodiment, the first direction is the high direction of subpattern priority, and the second direction is that subpattern is excellent The low direction of first grade.
For example, referring to table 3, table 3 is ACL table item in another ACL chip shown in one exemplary embodiment of the application The schematic table of distributing position.
Table 3
Assuming that mode belonging to target ACL table item remains as IPv4, affiliated subpattern is subpattern 2, and in subpattern 2 The relationship of priority, the entitled b8 of the target ACL table item are not present between each ACL table item.Now by target ACL table Xiang Tian It adds in ACL chip shown in table 3.
There is no idle list item in the region of subpattern 2, the ACL table item that Position Number is 5 is first ACL table item.Net Network equipment can star counter, since the ACL table item, begin stepping through ACL table item, statistics first movement time to first direction Number, can count from table 3, and first movement number is 3.Then the network equipment can begin stepping through ACL table to second direction , since subpattern 2 is not support the subpattern of priority, subpattern 3 is also the subpattern for not supporting priority, therefore, from It can be counted in table 3, the second mobile number is 1.
Table 4 is referred to, table 4 is addition ACL table item in another ACL chip shown in one exemplary embodiment of the application Schematic table.
Table 4
Since the second mobile number is less than first movement number, the network equipment can be to the mobile ACL table of second direction .Specifically, the ACL table item of the entitled c1 of ACL table item can be moved to the idle ACL table that Position Number is 16 by the network equipment Xiang Zhong.Then the ACL table item that Position Number is 12 becomes idle ACL table item, and the network equipment can be by target ACL table Xiang Tian It adds in the ACL table item of the free time.
For example, referring to table 5, table 5 is ACL table item in another ACL chip shown in one exemplary embodiment of the application Distributing position schematic table.
Table 5
Assuming that mode belonging to target ACL table item remains as IPv4, affiliated subpattern is subpattern 2, and in subpattern 2 The relationship of priority, the entitled b8 of the target ACL table item are not present between each ACL table item.Now by target ACL table Xiang Tian It adds in ACL chip shown in table 5.
There is no idle list item in the region of subpattern 2, the ACL table item that Position Number is 5 is first ACL table item.Net Network equipment can star counter, since the ACL table item, begin stepping through ACL table item, statistics first movement time to first direction Number, since subpattern 1 is not support the subpattern of priority, can be counted from table 5, first movement number is 1. Then the network equipment can begin stepping through ACL table item to second direction, since subpattern 2 is not support the subpattern of priority, Subpattern 3 is that the subpattern of priority is supported therefore can to count from table 5, and the second mobile number is 4.
Table 6 is referred to, table 6 is addition ACL table item in another ACL chip shown in one exemplary embodiment of the application Schematic table.
Since first movement number moves number less than second, the network equipment can be to the mobile ACL table of first direction .Specifically, the ACL table item of the entitled a3 of ACL table item can be moved to the idle ACL table that Position Number is 1 by the network equipment Xiang Zhong.Then the ACL table item that Position Number is 4 becomes idle ACL table item, and the network equipment can be by target ACL table Xiang Tian It adds in the ACL table item of the free time.
In embodiments herein, if the network equipment is not found and subpattern belonging to the target ACL table item Corresponding ACL table item region, then the network equipment can be in the higher institute of priority than subpattern belonging to target ACL table item After having the corresponding region of subpattern, idle list item is searched, then which is added to the ACL table item of the free time In.
For example, referring to table 7, table 7 is ACL table item in another ACL chip shown in one exemplary embodiment of the application Distributing position schematic diagram.
Table 7
Assuming that mode belonging to target ACL table item is IPv4, affiliated subpattern is subpattern 4, the priority of subpattern 4 Less than subpattern 3, and in subpattern 4 between each ACL table item be not present priority relationship, the target ACL table item it is entitled d1.The target ACL table item is added in ACL chip shown in table 7 now.
Table 8 is referred to, table 8 is addition ACL table item in another ACL chip shown in one exemplary embodiment of the application Schematic table.
Table 8
The priority of the subpattern as belonging to target ACL table item is less than the priority of subpattern 3, and Position Number is 16 ACL table item be idle list item.Therefore, which can be added in the free time list item by the network equipment.
It is not support the subpattern of priority the above are subpattern belonging to target ACL table item, for target ACL table item institute The subpattern of category is to support the subpattern of priority, and situation about being added in ACL chip looks at content as described below.
In the embodiment shown in the application, if subpattern belonging to the target ACL table item is the son for supporting priority Mode, then the network equipment can according to the priority of the target ACL table item, with ACL submodule belonging to the target ACL table item The point of addition of the ACL table item is searched in formula corresponding ACL table item region;If the point of addition is idle list item, The target ACL table item can be added to the free time list item by the network equipment.
For example, referring to table 9, table 9 is ACL table item in another ACL chip shown in one exemplary embodiment of the application Distributing position schematic table.
Table 9
Assuming that mode belonging to target ACL table item is IPv4, affiliated subpattern is subpattern 1, and each in subpattern 1 There are the relationship of priority, the entitled a4 of the target ACL table item, numerical priority values 4 between ACL table item.Now by the mesh Mark ACL table item is added in ACL chip shown in table 9.
Table 10 is referred to, table 10 is addition ACL table item in another ACL chip shown in one exemplary embodiment of the application Schematic table.
Table 10
It, can in 1 corresponding ACL table item region of subpattern according to priority since the priority of target ACL table item is 4 The ACL table item for being 4 as Position Number to find point of addition, and the ACL table item is just idle list item, therefore the network equipment can Target ACL table item to be added in the free time list item.
In the embodiment of the application shown, if the point of addition that the network equipment is found is not idle list item, So the network equipment can star the counter for counting mobile number;Then from the corresponding addition position of target ACL table item Beginning is set, traversal searches the ACL table item in the first direction and second direction;If belonging to the ACL table item found Priority is supported in subpattern, then the counter is added one;If subpattern belonging to the ACL table item found is not supported preferentially The counter is added one after the completion of then the ACL table item under the subpattern traverses by grade.
Then the network equipment can the first movement number and the second mobile number.If described first moves Dynamic number is greater than the described second mobile number, and the network equipment can be to the mobile ACL table item of the first direction until the addition position The idle list item of generation is set, and the target ACL table item is added to the free time list item;If the first movement number is less than described Second mobile number, the mobile ACL table item of Xiang Suoshu second direction is until the point of addition generates idle list item, and by the target ACL table item is issued to the free time list item.
Wherein, when the network equipment is in mobile ACL table item, the network equipment can check son belonging to ACL table item to be moved Whether mode supports priority;If it is then all ACL table items that the network equipment can issue the subpattern carry out one by one It is mobile;
If not, the network equipment can be to be moved by this so when the moving direction of ACL table item is first direction ACL table item is moved to before first under the subpattern ACL table item;Alternatively, first ACL table item under the subpattern it When the preceding list item there is no the free time, priority can be higher than the last item under other subpatterns of the subpattern by the network equipment ACL table item is moved as ACL table item to be moved, is generated until first ACL table item under the subpattern empty Not busy list item.
When the moving direction of ACL table item is the second moving direction, the network equipment can be moved the ACL table item to be moved After moving the last item ACL table item to the subpattern;Alternatively, after the last item ACL table item under the subpattern not There are when idle list item, the network equipment can be by priority lower than first ACL table item under other subpatterns of the subpattern It is moved as ACL table item to be moved, generates free list until the last item ACL table item under the subpattern .
For example, referring to table 11, table 11 is ACL table in another ACL chip shown in one exemplary embodiment of the application The schematic table of the distributing position of item.
Table 11
Assuming that mode belonging to target ACL table item is IPv4, affiliated subpattern is subpattern 2, and each in subpattern 2 There are the relationship of priority, the entitled b8 of the target ACL table item, numerical priority values 8 between ACL table item.Now by the mesh Mark ACL table item is added in ACL chip shown in table 11.
According to the priority of target ACL table item, the point of addition of the target ACL table item is the position that Position Number is 12. Since subpattern 2 is to support the subpattern of priority, when moving ACL table item to first direction, first movement number is 7.Due to Subpattern 3 is not support the subpattern of priority, and when moving ACL table item to second direction, the second mobile number is 1.
Table 12 is referred to, table 12 is addition ACL table item in another ACL chip shown in one exemplary embodiment of the application Schematic table.
Table 12
Since the second mobile number is less than first movement number, moving direction is second direction, therefore the network equipment can be with It is subpattern 3 by subpattern, the ACL table item of the entitled c1 of ACL table item is moved to the position that Position Number is 16, and Position Number is 12 position reforms into idle ACL table item, and then target ACL table item can be added to the free time list item by the network equipment.
Refer to table 13, table 13 is point of ACL table item in another ACL chip shown in one exemplary embodiment of the application The schematic table of cloth position.
Table 13
Assuming that mode belonging to target ACL table item is IPv4, affiliated subpattern is subpattern 2, and each in subpattern 2 There are the relationship of priority, the entitled b8 of the target ACL table item, numerical priority values 2 between ACL table item.Now by the mesh Mark ACL table item is added in ACL chip shown in table 13.
According to the priority of target ACL table item, the point of addition of the target ACL table item is the position that Position Number is 5.By It is to support the subpattern of priority in subpattern 2, subpattern 1 is not support the subpattern of priority, to the mobile ACL of first direction When list item, first movement number is 2.Since subpattern 3 is not support the subpattern of priority, to the mobile ACL table of second direction Xiang Shi, the second mobile number is 7.
Table 14 is referred to, table 14 is addition ACL table item in another ACL chip shown in one exemplary embodiment of the application Schematic table.
Table 14
Since first movement number is less than the second mobile number, moving direction is first direction, therefore the network equipment can be with The ACL table item for being 5 by Position Number is mobile to first direction, due to the free time no before first ACL table item under subpattern 2 List item, so needing the last item ACL table item (i.e. the ACL table item of the entitled a3 of list item) under subpattern 1 as to be moved List item, since subpattern 1 is not support the subpattern of priority, the network equipment can be by the ACL table of the entitled a3 of list item Item is moved to before first under subpattern 1 ACL table item (i.e. the ACL table item of the entitled a1 of list item), the table that Position Number is 4 Item has reformed into idle list item.Then it is 4 that the ACL table item of the entitled b1 of list item can be moved to Position Number by the network equipment Idle list item, the list item that Position Number is 5 reformed into idle list item.Then the network equipment can be by target ACL table item It is added to the idle list item that Position Number is 5.
Pass through preset pattern configurations interface by obtaining user it can be seen from the above technical solution provided by the present application For the ACL mode that each section is pre-configured, and the ACL submodule being pre-configured by preset subpattern configuration interface for each section Formula;Wherein, include at least one ACL subpattern under the same ACL mode, include ACL for supporting priority in ACL subpattern Mode and the ACL subpattern for not supporting priority;The target ACL table item that user is configured by preset ACL configuration interface is obtained, And ACL mode and ACL subpattern for target ACL table item configuration;Bristle with anger in response to being directed under the target ACL table item It enables, judges whether the subpattern of the target ACL table item is the ACL subpattern for not supporting priority;If so, by target ACL List item is added to the idle list item in point of addition corresponding with ACL subpattern belonging to the ACL table item.
The configuration of subpattern, the ACL table of different purposes are carried out by the ACL table item to purposes different in same functional module Item corresponds respectively to different subpatterns.When subpattern does not support priority, addition corresponds to the ACL table item of the subpattern When, it is only necessary to idle ACL table item is searched in the position for corresponding to the subpattern, then adds ACL table item to be added To idle ACL table item, so as to improve efficiency when addition ACL table item.
Corresponding with a kind of aforementioned embodiment of method of ACL table item management, present invention also provides a kind of ACL table item pipes The embodiment of the device of reason.
A kind of embodiment of the device of ACL table item management of the application can be using on network devices.Installation practice can Can also be realized by way of hardware or software and hardware combining by software realization.Taking software implementation as an example, as one Device on logical meaning is by the processor of the network equipment where it by computer journey corresponding in nonvolatile memory Sequence instruction is read into memory what operation was formed.It is a kind of ACL table item pipe of the application as shown in Figure 10 for hardware view A kind of hardware structure diagram of the network equipment where the device of reason, in addition to processor shown in Fig. 10, memory, network interface and Except nonvolatile memory, the network equipment in embodiment where device generally according to the ACL table item management actual functional capability, It can also include other hardware, this is repeated no more.
Figure 11 is please referred to, Figure 11 is a kind of device of ACL table item management shown in one exemplary embodiment of the application, application In the network equipment, described device includes: first acquisition unit 1110, second acquisition unit 1120, response unit 1130.
Wherein, the first acquisition unit 1110 is each section for obtaining user by preset pattern configurations interface The ACL mode of pre-configuration, and the ACL subpattern being pre-configured by preset subpattern configuration interface for each section;Wherein, together Include at least one ACL subpattern under one ACL mode, includes supporting the ACL subpattern of priority and not propping up in ACL subpattern Hold the ACL subpattern of priority;
The second acquisition unit 1120, the target ACL table configured for obtaining user by preset ACL configuration interface , and be the ACL mode and ACL subpattern of target ACL table item configuration;
The response unit 1130, in response to judging target ACL for sending instructions under the target ACL table item Whether the subpattern of list item is the ACL subpattern for not supporting priority;If so, the target ACL table item is added to and the ACL Idle list item in the corresponding point of addition of ACL subpattern belonging to list item.
In embodiments herein, the response unit 1130 is specifically used for:
Check whether subpattern belonging to ACL table item to be moved supports priority;
If so, all ACL table items under the subpattern are moved one by one;
If not, when moving direction is first direction, which is moved under the subpattern the Before one ACL table item;Alternatively, there is no when idle list item before first ACL table item under the subpattern, by priority It is moved higher than the last item ACL table item under other subpatterns of the subpattern as ACL table item to be moved, Zhi Dao Idle list item is generated before first ACL table item under the subpattern;
When moving direction is second direction, which is moved to the last item under the subpattern After ACL table item;Alternatively, when idle list item is not present after the last item ACL table item under the subpattern, priority is low First ACL table item under other subpatterns of the subpattern is moved as ACL table item to be moved, until in the son Idle list item is generated after the last item ACL table item under mode.
Meanwhile the response unit 1130 is also specifically used for:
Start the counter for counting mobile number;
Since the corresponding point of addition of target ACL table item, traversal is searched in the first direction and second direction ACL table item;If priority is supported in subpattern belonging to the ACL table item found, which is added one;If searched To ACL table item belonging to subpattern do not support priority, then under the subpattern ACL table item traversal after the completion of, by the meter Number device adds one.
The response unit 1130 is further used for:
If there is no idle list items in point of addition corresponding with ACL subpattern belonging to the target ACL table item, from this First ACL table item in point of addition starts, and counts to the mobile ACL table item of the first direction to produce in the point of addition The first movement number of raw free time list item;And the mobile ACL table item of Xiang Suoshu second direction is empty to generate in the point of addition The mobile number of the second of not busy list item;
Compare the first movement number and the second mobile number;
If the first movement number is greater than the described second mobile number, the mobile ACL table Xiang Zhi of Xiang Suoshu first direction Idle list item is generated into the point of addition, and the target ACL table item is issued to the free time list item;
If the first movement number is less than the described second mobile number, the mobile ACL table Xiang Zhi of Xiang Suoshu second direction Idle list item is generated into the point of addition, and the target ACL table item is issued to the free time list item.
The response unit 1130 is further used for:
If ACL subpattern belonging to the target ACL table item is to support the ACL subpattern of priority, according to the ACL table item Priority, with search adding for the ACL table item in ACL subpattern corresponding ACL table item region belonging to the target ACL table item Add position;
If the point of addition is idle list item, which is added to the free time list item.
The response unit 1130 is further used for:
If the point of addition is not idle list item, since the point of addition, counts and moved to the first direction Dynamic ACL table item is with the first movement number of the idle list item of generation in the point of addition;And Xiang Suoshu second direction is mobile ACL table item is with the generate idle list item in the point of addition second mobile number;
Compare the first movement number and the second mobile number;
If the first movement number is greater than the described second mobile number, the mobile ACL table Xiang Zhi of Xiang Suoshu first direction Idle list item is generated into the point of addition, and the target ACL table item is issued to the free time list item;
If the first movement number is less than the described second mobile number, the mobile ACL table Xiang Zhi of Xiang Suoshu second direction Idle list item is generated into the point of addition, and the target ACL table item is issued to the free time list item.
The function of each unit and the realization process of effect are specifically detailed in the above method and correspond to step in above-mentioned apparatus Realization process, details are not described herein.
For device embodiment, since it corresponds essentially to embodiment of the method, so related place is referring to method reality Apply the part explanation of example.The apparatus embodiments described above are merely exemplary, wherein described be used as separation unit The unit of explanation may or may not be physically separated, and component shown as a unit can be or can also be with It is not physical unit, it can it is in one place, or may be distributed over multiple network units.It can be according to actual The purpose for needing to select some or all of the modules therein to realize application scheme.Those of ordinary skill in the art are not paying Out in the case where creative work, it can understand and implement.
The foregoing is merely the preferred embodiments of the application, not to limit the application, all essences in the application Within mind and principle, any modification, equivalent substitution, improvement and etc. done be should be included within the scope of the application protection.

Claims (8)

1. a kind of method of ACL table item management is applied to the network equipment, the ACL being pre-configured in the ACL chip of the network equipment Table is divided into several sections, and each section includes several ACL table items characterized by comprising
The ACL mode that user is pre-configured by preset pattern configurations interface for each section is obtained, and passes through preset submodule Formula configuration interface is the ACL subpattern that each section is pre-configured;It wherein, include at least one ACL submodule under the same ACL mode Formula includes the ACL subpattern for supporting priority and the ACL subpattern for not supporting priority in ACL subpattern;
The target ACL table item that user is configured by preset ACL configuration interface is obtained, and is target ACL table item configuration ACL mode and ACL subpattern;
In response to for sending instructions under the target ACL table item, judge the target ACL table item subpattern whether be do not support it is excellent The ACL subpattern of first grade;If so, the target ACL table item is added to corresponding with ACL subpattern belonging to the ACL table item Idle list item in point of addition;
Wherein, the ACL subpattern under the same ACL mode has been preconfigured corresponding priority,
If there is no idle list items in point of addition corresponding with ACL subpattern belonging to the target ACL table item, from the addition First ACL table item in position starts, and counts to the mobile ACL table item of first direction to generate free list in the point of addition The first movement number of item;And to the mobile ACL table item of second direction to generate the second of idle list item in the point of addition Mobile number, wherein the first direction is the high direction of subpattern priority, and the second direction is that subpattern priority is low Direction;
Compare the first movement number and the second mobile number;
If the first movement number is greater than the described second mobile number, the mobile ACL table item of Xiang Suoshu second direction is until this Idle list item is generated in point of addition, and the target ACL table item is issued to the free time list item;
If the first movement number is less than the described second mobile number, the mobile ACL table item of Xiang Suoshu first direction is until this Idle list item is generated in point of addition, and the target ACL table item is issued to the free time list item.
2. the method according to claim 1, wherein the method also includes:
If ACL subpattern belonging to the target ACL table item is to support the ACL subpattern of priority, according to the excellent of the ACL table item First grade, with addition position that the ACL table item is searched in ACL subpattern corresponding ACL table item region belonging to the target ACL table item It sets;
If the point of addition is idle list item, which is added to the free time list item.
3. according to the method described in claim 2, it is characterized in that, the method also includes:
If the point of addition is not idle list item, since the point of addition, count to the mobile ACL of the first direction List item is with the first movement number of the idle list item of generation in the point of addition;And the mobile ACL table item of Xiang Suoshu second direction With the generate idle list item in the point of addition second mobile number;
Compare the first movement number and the second mobile number;
If the first movement number is greater than the described second mobile number, the mobile ACL table item of Xiang Suoshu second direction is until this Idle list item is generated in point of addition, and the target ACL table item is issued to the free time list item;
If the first movement number is less than the described second mobile number, the mobile ACL table item of Xiang Suoshu first direction is until this Idle list item is generated in point of addition, and the target ACL table item is issued to the free time list item.
4. method according to claim 1 or 3, which is characterized in that count to the mobile ACL table item of the first direction with The first movement number of idle list item is generated in the ACL table item region;And the mobile ACL table item of Xiang Suoshu second direction with The second mobile number of idle list item is generated in the ACL table item region, comprising:
Start the counter for counting mobile number;
Since the corresponding point of addition of target ACL table item, traversal searches the ACL in the first direction and second direction List item;If priority is supported in subpattern belonging to the ACL table item found, which is added one;If found Priority is not supported in subpattern belonging to ACL table item, then after the completion of the ACL table item under the subpattern traverses, by the counter Add one.
5. a kind of device of ACL table item management is applied to the network equipment, the ACL being pre-configured in the ACL chip of the network equipment Table is divided into several sections, and each section includes several ACL table items characterized by comprising
First acquisition unit, the ACL mode being pre-configured for obtaining user by preset pattern configurations interface for each section, with And the ACL subpattern being pre-configured by preset subpattern configuration interface for each section;Wherein, include under the same ACL mode At least one ACL subpattern includes the ACL subpattern for supporting priority and the ACL submodule for not supporting priority in ACL subpattern Formula;
Second acquisition unit, the target ACL table item configured for obtaining user by preset ACL configuration interface, and to be somebody's turn to do The ACL mode and ACL subpattern of target ACL table item configuration;
Response unit, in response to judging the subpattern of the target ACL table item for sending instructions under the target ACL table item It whether is the ACL subpattern for not supporting priority;If so, by the target ACL table item be added to belonging to the ACL table item Idle list item in the corresponding point of addition of ACL subpattern;
Wherein, the ACL subpattern under the same ACL mode has been preconfigured corresponding priority,
If there is no idle list items in point of addition corresponding with ACL subpattern belonging to the target ACL table item, from the addition First ACL table item in position starts, and counts to the mobile ACL table item of first direction to generate free list in the point of addition The first movement number of item;And to the mobile ACL table item of second direction to generate the second of idle list item in the point of addition Mobile number, wherein the first direction is the high direction of subpattern priority, and the second direction is that subpattern priority is low Direction;
Compare the first movement number and the second mobile number;
If the first movement number is greater than the described second mobile number, the mobile ACL table item of Xiang Suoshu second direction is until this Idle list item is generated in point of addition, and the target ACL table item is issued to the free time list item;
If the first movement number is less than the described second mobile number, the mobile ACL table item of Xiang Suoshu first direction is until this Idle list item is generated in point of addition, and the target ACL table item is issued to the free time list item.
6. device according to claim 5 characterized by comprising
The response unit is further used for:
If ACL subpattern belonging to the target ACL table item is to support the ACL subpattern of priority, according to the excellent of the ACL table item First grade, with addition position that the ACL table item is searched in ACL subpattern corresponding ACL table item region belonging to the target ACL table item It sets;
If the point of addition is idle list item, which is added to the free time list item.
7. device according to claim 6 characterized by comprising
The response unit is further used for:
If the point of addition is not idle list item, since the point of addition, count to the mobile ACL of the first direction List item is with the first movement number of the idle list item of generation in the point of addition;And the mobile ACL table item of Xiang Suoshu second direction With the generate idle list item in the point of addition second mobile number;
Compare the first movement number and the second mobile number;
If the first movement number is greater than the described second mobile number, the mobile ACL table item of Xiang Suoshu second direction is until this Idle list item is generated in point of addition, and the target ACL table item is issued to the free time list item;
If the first movement number is less than the described second mobile number, the mobile ACL table item of Xiang Suoshu first direction is until this Idle list item is generated in point of addition, and the target ACL table item is issued to the free time list item.
8. the device according to claim 5 or 7, which is characterized in that count to the mobile ACL table item of the first direction with The first movement number of idle list item is generated in the ACL table item region;And the mobile ACL table item of Xiang Suoshu second direction with The second mobile number of idle list item is generated in the ACL table item region, comprising:
The response unit is specifically used for:
Start the counter for counting mobile number;
Since the corresponding point of addition of target ACL table item, traversal searches the ACL in the first direction and second direction List item;If priority is supported in subpattern belonging to the ACL table item found, which is added one;If found Priority is not supported in subpattern belonging to ACL table item, then after the completion of the ACL table item under the subpattern traverses, by the counter Add one.
CN201611250006.XA 2016-12-29 2016-12-29 A kind of method and apparatus of ACL table item management Active CN106603302B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611250006.XA CN106603302B (en) 2016-12-29 2016-12-29 A kind of method and apparatus of ACL table item management

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611250006.XA CN106603302B (en) 2016-12-29 2016-12-29 A kind of method and apparatus of ACL table item management

Publications (2)

Publication Number Publication Date
CN106603302A CN106603302A (en) 2017-04-26
CN106603302B true CN106603302B (en) 2019-11-12

Family

ID=58603979

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611250006.XA Active CN106603302B (en) 2016-12-29 2016-12-29 A kind of method and apparatus of ACL table item management

Country Status (1)

Country Link
CN (1) CN106603302B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109067585B (en) * 2018-08-15 2021-11-23 杭州迪普科技股份有限公司 Method and device for issuing query ACL (access control list) table items
CN109150686B (en) * 2018-09-07 2020-12-22 迈普通信技术股份有限公司 ACL (access control list) table item issuing method, device and network equipment
CN110191135B (en) * 2019-06-11 2021-09-21 杭州迪普信息技术有限公司 ACL configuration method, device and electronic equipment
CN110896380B (en) * 2019-11-28 2021-09-17 迈普通信技术股份有限公司 Flow table screening method and device, electronic equipment and readable storage medium
CN115865839B (en) * 2023-01-20 2023-05-23 苏州浪潮智能科技有限公司 ACL management method, ACL management device, communication equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101039271A (en) * 2007-03-20 2007-09-19 华为技术有限公司 Method and apparatus for taking effect rules of access control list
CN101447940A (en) * 2008-12-23 2009-06-03 杭州华三通信技术有限公司 Method and device for updating access control list rules
CN102857510A (en) * 2012-09-18 2013-01-02 杭州华三通信技术有限公司 Method and device for issuing ACL (access control list) items
CN103001793A (en) * 2012-10-26 2013-03-27 杭州迪普科技有限公司 Method and device for managing ACL (access control list)
JP2015064684A (en) * 2013-09-24 2015-04-09 日本電気株式会社 Access control device, access control method, and access control program

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101039271A (en) * 2007-03-20 2007-09-19 华为技术有限公司 Method and apparatus for taking effect rules of access control list
CN101447940A (en) * 2008-12-23 2009-06-03 杭州华三通信技术有限公司 Method and device for updating access control list rules
CN102857510A (en) * 2012-09-18 2013-01-02 杭州华三通信技术有限公司 Method and device for issuing ACL (access control list) items
CN103001793A (en) * 2012-10-26 2013-03-27 杭州迪普科技有限公司 Method and device for managing ACL (access control list)
JP2015064684A (en) * 2013-09-24 2015-04-09 日本電気株式会社 Access control device, access control method, and access control program

Also Published As

Publication number Publication date
CN106603302A (en) 2017-04-26

Similar Documents

Publication Publication Date Title
CN106603302B (en) A kind of method and apparatus of ACL table item management
US7606236B2 (en) Forwarding information base lookup method
CN106664320B (en) Mechanism to support a traffic chain graph in a communication network
CN105045871B (en) Data aggregate querying method and device
CN104580027A (en) OpenFlow message forwarding method and equipment
CN104618264A (en) Method and system for Adaptive Scheduling of Data Flows in Data Center Networks for Efficient Resource Utilization
CN104168170A (en) packet switching device and method
TW201227600A (en) Z-order bands
CN102546435B (en) A kind of frequency spectrum resource allocation method and device
JP6618610B2 (en) Routing management
CN109962850A (en) The method and controller and computer readable storage medium of realization Segment routing
CN109391549A (en) ECMP routing is carried out using consistency Hash
CN109525578A (en) A kind of CDN distribution network transmission method, device, system and storage medium
WO2005098685A2 (en) Block-based processing in a packet-based reconfigurable architecture
CN105867864A (en) Method and device for displaying of K virtual machines (KVMs)
CN102402631B (en) Method for comparing hierarchical net list of integrated circuit
CN103200071A (en) MTSP multiple-case calculating method and MTSP multiple-case calculating equipment
CN106330759A (en) Method and device for adjusting ACL table items
CN101980487A (en) Method for device for selecting exit of route
CN112910776B (en) Data forwarding method, device, equipment and medium
CN1964324A (en) A method for carrying out automatic selection of packet classification algorithm
CN109213566A (en) Virtual machine migration method, device and equipment
CN106385385B (en) Resource allocation method and device
CN106230725B (en) The classification method and device of net packet rule set
CN104598385B (en) Memory allocation method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant