CN107426728B - High-performance access authentication processing method, system, controller equipment and networking device - Google Patents
High-performance access authentication processing method, system, controller equipment and networking device Download PDFInfo
- Publication number
- CN107426728B CN107426728B CN201710627913.XA CN201710627913A CN107426728B CN 107426728 B CN107426728 B CN 107426728B CN 201710627913 A CN201710627913 A CN 201710627913A CN 107426728 B CN107426728 B CN 107426728B
- Authority
- CN
- China
- Prior art keywords
- authentication
- module
- balanced
- message
- wireless
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/50—Allocation of resources, e.g. of the central processing unit [CPU]
- G06F9/5005—Allocation of resources, e.g. of the central processing unit [CPU] to service a request
- G06F9/5027—Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/12—Avoiding congestion; Recovering from congestion
- H04L47/125—Avoiding congestion; Recovering from congestion by balancing the load, e.g. traffic engineering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W28/00—Network traffic management; Network resource management
- H04W28/02—Traffic management, e.g. flow control or congestion control
- H04W28/08—Load balancing or load distribution
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W28/00—Network traffic management; Network resource management
- H04W28/02—Traffic management, e.g. flow control or congestion control
- H04W28/10—Flow control between communication endpoints
- H04W28/14—Flow control between communication endpoints using intermediate storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/02—Processing of mobility data, e.g. registration information at HLR [Home Location Register] or VLR [Visitor Location Register]; Transfer of mobility data, e.g. between HLR, VLR or external networks
- H04W8/04—Registration at HLR or HSS [Home Subscriber Server]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Power Engineering (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- Databases & Information Systems (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a wireless authentication processing method, which is applied to a wireless authentication processing system, wherein the system comprises a balanced shunting module, a balanced relay module and a concurrent authentication module, and the method comprises the following steps: s101, after receiving an authentication message sent by a wireless terminal or a Radius authentication server, a balanced flow distribution module calculates a load balanced flow distribution algorithm for the authentication message to be redirected to obtain an authentication thread corresponding to the authentication message; s102, adding the message into the determined authentication thread by the balanced relay module; s103, the concurrent authentication module processes the corresponding authentication thread to execute authentication operation. The invention also discloses a line controller device, a wireless authentication processing system and a networking.
Description
The application is a divisional application of a parent application named wireless controller device, wireless authentication processing method, system and networking with application number 201310754126.3.
Technical Field
The invention relates to wireless controller equipment, a wireless authentication processing method, a wireless authentication processing system and networking.
Background
With the continuous maturation of WLAN technology, the application scale of wireless networks is getting larger and larger, especially the maturation of thin AP wireless framework networking application, and a situation that a large number of terminal devices exist in a single wireless local area network occurs. A single wireless controller device (AC) is required to manage a large number of wireless access point devices (APs) and wireless terminal devices (STAs). In the application of the operator WLAN network, a single radio controller device has been required to manage a maximum of 4096 radio access point devices (APs), and if the number of radio terminal user devices per AP band is 64, the total number of managed radio terminal users reaches 256K. With such a large number of wireless terminals managing the demand, the concurrent access authentication performance of the wireless controller device also poses a greater challenge.
SMP (Symmetric Multi-Processing) refers to a computer with a set of processors (multiple CPUs) on it, and the CPUs share a memory subsystem and a bus structure. It is a parallel technology which is widely applied compared with the asymmetric multiprocessing technology. In this architecture, a computer runs a single copy of the operating system from multiple processors at the same time, sharing memory and other resources of a computer. Although multiple CPUs are used simultaneously, they behave as a single unit from a management point of view. The system distributes the task queues on a plurality of CPUs symmetrically, thereby greatly improving the data processing capacity of the whole system. All processors have equal access to memory, I/O and external interrupts. In a symmetric multiprocessing system, system resources are shared by all CPUs in the system, and the workload can be evenly distributed over all available processors, thereby improving the data processing capacity of the whole system.
At present, it is common practice to replace the hardware architecture for higher processing performance and to run the control management subsystem of the wireless controller in SMP fashion. The disadvantage of this approach is that the cost of device development and the power consumption of operation are increased, and the extent of concurrent processing performance to improve access authentication is limited. The method runs in an SMP mode, the basic unit of scheduling and executing of the operating system is threads, and the scheduled threads run on a plurality of processor cores completely, peer to peer and randomly, so that context information running inside the threads needs to be completely protected, and the extra overhead of computing performance is large.
Disclosure of Invention
The invention provides a wireless authentication processing method and a wireless authentication processing system, which aim to realize high-performance concurrent access authentication on the existing multi-core processor hardware architecture.
In order to solve the technical problems, the invention adopts a technical scheme that:
the method is applied to a wireless authentication processing system, the system comprises a balance shunting module, a balance relay module and a concurrency authentication module, wherein the concurrency authentication module occupies computing resources from a CPU (central processing unit) kernel 1 to a kernel N, and the balance shunting module occupies computing resources from the CPU kernel N +1 to the kernel M, and the method comprises the following steps: s101, after receiving an authentication message sent by a wireless terminal or a Radius authentication server, a balanced flow distribution module calculates a load balanced flow distribution algorithm for the authentication message to be redirected to obtain an authentication thread corresponding to the authentication message; s102, adding the message into the determined authentication thread by the balanced relay module; s103, the concurrent authentication module processes the corresponding authentication thread to execute authentication operation.
The invention adopts another technical scheme that:
the wireless authentication processing system comprises a balanced shunting module, a balanced relay module and a concurrent authentication module, wherein the concurrent authentication module occupies computing resources from a kernel 1 to a kernel N of a CPU (central processing unit), and the balanced shunting module occupies computing resources from the kernel N +1 to the kernel M of the CPU; the balance shunting module is used for carrying out load balance shunting algorithm calculation on the authentication message which needs to be redirected to the concurrent authentication module after receiving the authentication message sent by the wireless terminal or the Radius authentication server to obtain an authentication thread corresponding to the authentication message; the balanced relay module is used for mapping the message to the authentication thread determined by the balanced shunting module; and the concurrent authentication module is used for processing the interaction between the corresponding authentication thread and the Radius authentication server so as to execute the authentication operation.
The invention adopts another technical scheme that:
the wireless controller device is respectively connected with a plurality of wireless terminals and a Radius authentication server in a communication mode, and the CPU of the wireless controller device runs the wireless authentication processing system.
The invention adopts another technical scheme that:
the networking of the wireless authentication processing system comprises a Radius authentication server, wireless controller equipment and a wireless terminal in communication connection with the wireless controller equipment, wherein the wireless authentication processing system is operated by a CPU of the wireless controller equipment.
The invention has the beneficial effects that: 1. the high-performance access authentication processing is realized on the basis of the existing hardware; 2. customizing and distributing proper forwarding performance and access authentication performance on site according to application performance requirements; 3. the present invention provides an example of multi-core concurrent processing that is easily extended to other applications requiring high-performance highlighting.
Drawings
Fig. 1 is a WLAN wireless networking diagram;
FIG. 2 is a logical view of a wireless authentication processing system in accordance with an embodiment of the present invention;
FIG. 3 is a networking schematic of a wireless authentication processing system;
FIG. 4 is a block diagram of the architecture of an equalization relay module, using the Linux operating system as an example;
FIG. 5 is a state transition diagram of a concurrent authentication module;
fig. 6 is a flowchart illustrating a wireless authentication processing method according to an embodiment of the present invention;
fig. 7 is a flowchart of an implementation of the load balancing offload algorithm.
Description of the main elements
A wireless authentication processing system 100; a balanced shunting module 10;
an equalizing relay module 20; and a concurrent authentication module 30.
Detailed Description
In order to explain technical contents, structural features, and objects and effects of the present invention in detail, the following detailed description is given with reference to the accompanying drawings in conjunction with the embodiments.
The invention provides a wireless authentication processing method and system based on a multi-core processor. Please refer to fig. 1, which is a diagram of WLAN wireless networking. The main devices in the AP wireless lan include a wireless controller (AC), a wireless Access Point (AP), a wireless terminal (STA), and a router device (router).
In thin AP wireless networks, a wireless controller device (AC) needs to manage a large number of wireless Access Points (APs) and wireless terminal devices (STAs). These wireless terminal devices come online in a certain time period collectively, requiring a wireless controller device (AC) to have a high concurrent access authentication processing performance. Under the configuration of non-perception authentication of operation application, the processing of the wireless terminal device online process mainly comprises the following stages:
1. and a wireless association stage: the related message flow comprises an authentication request, an authentication response, an association request and an association response, and the total number of the 4 protocol messages is 4.
2. Identity authentication and key agreement stage: the related message flows include an EAPoL protocol message between the wireless controller device and the wireless terminal device, and also include a Radius protocol message between the wireless controller device and the authentication server device, for a total of about 50 protocol messages.
3. And IP address acquisition stage: the protocol message comprises a DHCP discover, a DHCP offer, a DHCP request and a DHCP ACK, and the total number of the protocol messages is 4.
From the above several stages of message quantity analysis, the overall wireless terminal concurrent on-line process mainly consumes performance as the second stage, involving a total of about 50 protocol messages. The invention provides a wireless authentication processing method and a wireless authentication processing system aiming at the characteristics of the concurrent online process of a wireless terminal, so as to improve the access authentication performance.
Fig. 2 is a logic diagram of a wireless authentication processing system according to an embodiment of the invention. The general idea of designing a wireless authentication processing system 100 is to assign an independent authentication thread N to each wireless terminal, where N is 1 to N, and the authentication thread N is fixedly run on the CPU core N, so that no sharing of wireless terminal related information between multiple threads is involved. Each CPU core has its own independent L1 cache, and in order to efficiently utilize the L1 cache characteristics, the balanced relay module 20 is designed to include N message cache queues. The balanced shunting module 10 runs on the CPU cores N +1 to M, and belongs to a data forwarding plane.
The system and method described above can achieve fully parallel processing using the concurrent on-line authentication process of wireless terminals, the independence of information between specific wireless terminal individuals, and the cache characteristics of the multi-core processor L1. In addition, the proportion of the number of the CPU cores of the management control plane and the data forwarding plane can be reasonably allocated on site according to the performance requirements of the specific management control plane and the specific data forwarding plane.
By the foregoing description, knowing that the concurrent authentication processing performance requirements of the wireless controller device (AC) are very high, the general idea of implementing a high-performance parallel authentication system by using independence between individuals authenticated online by the wireless terminal and the cache feature of the multi-core processor L1 is also presented above.
The following mainly explains the implementation scheme of the wireless authentication processing system and method of the present invention based on the general idea, and specifically explains the specific problems related to the scheme, such as the balanced flow distribution algorithm, the system interrupt and the shared data of the message buffer queue and the authentication thread.
The wireless authentication processing system 100 includes a balanced shunting module 10, a balanced relay module 20, and a concurrent authentication module 30, where the concurrent authentication module 30 occupies computing resources from the core 1 to the core N of the CPU processor, and the balanced shunting module 10 occupies computing resources from the core N +1 to the core M of the CPU processor. The balanced distribution module 10 is configured to, after receiving an authentication packet sent by a wireless terminal or a Radius authentication server, perform load balanced distribution algorithm calculation on the authentication packet that needs to be redirected to the concurrent authentication module 30 to obtain an authentication thread corresponding to the authentication packet. The balanced relay module 20 is configured to map the packet to the authentication thread determined by the balanced distribution module 10. The concurrent authentication module 30 is configured to process a corresponding authentication thread to interact with a Radius authentication server to perform an authentication operation.
The wireless authentication processing system 100 is specifically a system running on a CPU processor of a wireless controller device (AC), and the whole system is divided into a management control plane and a data forwarding plane, where the management control plane includes the balanced relay module 20 and the concurrent authentication module 30, and the data forwarding plane is the balanced offload module 10.
Please refer to fig. 3, which is a schematic diagram of a wireless authentication processing system. The networking comprises a Radius authentication server, wireless controller equipment and a wireless terminal in communication connection with the wireless controller equipment. The wireless controller device exists as an actual Radius client, has an independent network element IP address, and has independent key information of Radius authentication. The management control plane of the software inside the radio controller sets 1 … N authentication threads, each existing as a virtual Radius client, according to the number of CPU cores for this plane.
The concurrent authentication module 30 in the wireless controller considers both the complete concurrent processing of multiple threads and the shared configuration data among the threads, so the concurrent authentication module 30 can be regarded as multiple virtual Radius clients, which share IP addresses and authentication key information and correspond to the same Radius authentication server, but the UDP port numbers of the clients are different. The equalizing relay module 20 of the wireless controller distinguishes the specific authentication thread according to the UDP port number of the Radius client.
Referring to fig. 4, a block diagram of an equalizing relay module using Linux operating system as an example is shown. The balanced relay module 20 can be seen as consisting of a logical pipe between the authentication threads of multiple concurrent authentication modules 30 and the Radius authentication server. Each logical pipe is connected with an authentication thread and a balanced shunting module 10, and a specific socket and specific inter-core interrupt information are corresponding. If the system is based on a Linux operating system, the equalization relay module belongs to the kernel part of the operating system.
The inter-core interrupt refers to an event notification mechanism defined among multiple cores of the CPU, and the balanced distribution module 10 is configured to generate an inter-core interrupt for a process that needs to be redirected to the concurrent authentication module 30. Softirq refers to the soft interrupt mechanism of the Linux kernel, and is referred to herein as a high-level interrupt handler triggered by inter-kernel interrupts. The UDP port X is a socket source port used between the Radius client and the Radius authentication server, a specific basic port may be set in advance in a software implementation process, and 1 is sequentially added to subsequent port numbers. The buffer queue is used for the authentication message sent by the balanced distribution module 10 to the authentication thread and for the authentication message sent by the authentication thread to the Radius authentication server.
The load balancing and shunting module 10 includes a first judging unit, a first calculating unit, a first determining unit, a second determining unit, and a forwarding mapping unit.
The first judging unit is used for judging the direction of the authentication message, informing the first arithmetic unit to execute the operation when the direction of the authentication message is the uplink direction, and informing the second arithmetic unit to execute the operation when the direction of the authentication message is the downlink direction. The uplink direction is a direction in which the authentication message is sent from the authentication thread to the Radius authentication server, and the downlink direction is a direction in which the authentication message is sent from the Radius authentication server to the wireless controller device (AC) authentication thread.
The first operation unit is configured to take out the number N of CPU cores of the concurrent authentication module 30, extract the last byte value of the MAC address of the wireless terminal from the authentication packet, and perform a modulo operation on N using the byte value to obtain a result value j, where the value range of the result value j is 0 to N-1.
The first determining unit is configured to determine that the authentication thread corresponding to the value j is the j +1 th authentication thread, for example, map the result value 0 to the authentication thread 1, map the result value 1 to the authentication thread 2, and so on, and then notify the balance forwarding mapping unit to perform an operation.
The second determining unit is used for extracting a destination UDP port number of the message UDP header, determining an authentication thread corresponding to the destination UDP port number, and then informing the balanced forwarding mapping unit to execute the operation.
The forwarding mapping unit is used for forwarding the message to the balanced relay module and mapping the message to the corresponding authentication thread.
Please refer to fig. 5, which is a state transition diagram of the concurrent authentication module. The concurrent authentication module 30 has a small amount of shared configuration data among multiple authentication threads, such as information about a specific authentication mode, ssid of WLAN, and MAC address of the wireless terminal. These shared configuration data have the common feature of being read only during the authentication run. Independent configuration threads and global configuration marks can be set to realize lock-free operation of the whole module, so that complete concurrent authentication is realized. The concurrent authentication module 30 has two states in operation, namely an execution configuration state and an execution authentication state.
Therefore, in the present embodiment, the concurrent authentication module 30 specifically includes a configuration unit and an execution unit; the configuration unit is used for executing a configuration state and configuring read-only shared configuration data in the authentication operation executing process; and the execution unit is used for executing an authentication state and processing an authentication thread to execute authentication operation after the configuration of the configuration unit is finished.
Fig. 6 is a flowchart illustrating a wireless authentication processing method according to an embodiment of the present invention. The method is applied to the wireless authentication processing system, the system comprises a balance shunting module, a balance relay module and a concurrency authentication module, wherein the concurrency authentication module occupies computing resources from a kernel 1 to a kernel N of a CPU (central processing unit), the balance shunting module occupies computing resources from a kernel N +1 to a kernel M of the CPU, and the scheme and the principle explained by the scheme of the system can be applied to the following method explanation.
The wireless authentication processing method comprises the following steps:
s101, after receiving an authentication message sent by a wireless terminal or a Radius authentication server, a balanced flow distribution module calculates a load balanced flow distribution algorithm for the authentication message to be redirected to obtain an authentication thread corresponding to the authentication message;
s102, adding the message into the determined authentication thread by the balanced relay module;
s103, the concurrent authentication module processes the corresponding authentication thread to execute authentication operation.
Wherein, before the step S101, the method further comprises the steps of:
and the concurrent authentication module executes a configuration state and configures read-only shared configuration data in the authentication operation process, wherein the shared configuration data comprises information such as a specific authentication mode, an ssid of the WLAN, an MAC address of the wireless terminal and the like.
Please refer to fig. 7, which is a flowchart illustrating an implementation of the load balancing offload algorithm. The implementation process of the load balancing and shunting algorithm specifically comprises the following steps:
s1011, determining the direction of the authentication packet, and if the direction of the authentication packet is the uplink direction, entering step S1012, and if the direction of the authentication packet is the downlink direction, entering step S1024.
S1012, taking out the number N of CPU cores of the concurrent authentication module 30, extracting the last byte value of the MAC address of the wireless terminal from the authentication packet, and then performing modulo operation on N using this value to obtain a result value j, where the value range of the result value j is 0 to N-1.
S1013, determine the authentication thread corresponding to the value j as the j +1 th authentication thread, for example, map the result value 0 to the authentication thread 1, map the result value 1 to the authentication thread 2, and so on, and then proceed to step S1015.
S1014, the balanced splitting module 10 extracts the destination UDP port number of the UDP header, determines an authentication thread corresponding to the destination UDP port number, and then proceeds to step S1015.
And S1015, forwarding the message to the balanced relay module and mapping the message to a corresponding authentication thread.
Compared with the prior art, the wireless controller equipment, the wireless authentication processing method, the wireless authentication processing system and the networking provided by the invention have the following characteristics and technical effects:
1. realizing high-performance access authentication processing based on existing hardware
The invention realizes the optimization of the access authentication processing performance based on the existing wireless controller hardware multi-core processor, and realizes the seamless transition of software optimization upgrading without changing a hardware platform and changing a software framework. When the management control plane of the wireless controller software runs on a single CPU processor core, the whole authentication flow and the whole processing process are completely consistent with those before optimization, and the risk of implementing software upgrading and debugging in the process is reduced.
2. Customizing and distributing proper forwarding performance and access authentication performance on site according to application performance requirements
The invention customizes and equally distributes the proper proportion of the forwarding performance and the access authentication performance on site according to the requirement of the burst performance of the access authentication application. For example, the burst performance of a single core operation management control plane access authentication is 100 users per second, and then 6 CPU cores operation management control planes can be configured in an application environment requiring the burst authentication performance of 600 users per second.
3. The embodiment of the invention for providing multi-core concurrent processing can be easily extended to other applications requiring high-performance highlighting
The invention relates to a macroscopic performance optimization method based on system implementation. It can be used together with application specific internal optimization methods to be effective. In addition to access authentication applications, other network protocols and service handling applications can easily migrate to use the methods described in this document.
The above description is only an embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes performed by the present specification and drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (8)
1. A high-performance access authentication processing method is characterized in that the method is applied to a wireless authentication processing system, the system comprises a management control plane and a data forwarding plane, the management control plane comprises a balanced relay module and a concurrent authentication module, the data forwarding plane comprises a balanced shunting module, wherein the concurrent authentication module occupies computing resources from a kernel 1 to a kernel N of a CPU (central processing unit), the balanced shunting module occupies computing resources from a kernel N +1 to a kernel M of the CPU, and the balanced relay module comprises N message cache queues, and the method comprises the following steps:
s101, after receiving an authentication message sent by a wireless terminal or a Radius authentication server, a balanced flow distribution module calculates a load balanced flow distribution algorithm for the authentication message to be redirected to obtain an authentication thread corresponding to the authentication message;
s102, adding the message into the determined authentication thread by the balanced relay module;
s103, the concurrent authentication module processes the corresponding authentication thread to execute authentication operation;
the implementation process of the load balancing and shunting algorithm specifically comprises the following steps:
s1011, judging the direction of the authentication message, and entering the step S1012 when the direction of the authentication message is an uplink direction;
s1012, taking out the number N of the CPU kernels of the concurrent authentication module, extracting the last byte value of the MAC address of the wireless terminal from the authentication message, and performing modular operation on the N by using the number value to obtain a result value j, wherein the value range of the result value j is 0-N-1;
s1013, determining the authentication thread corresponding to the value j as the j +1 th authentication thread;
the wireless terminal is connected with the wireless controller device AC through the wireless access point AP;
and according to the requirement of the burst performance of the access authentication application, the proportion of the number of the CPU cores of the management control plane and the data forwarding plane is customized and distributed in a balanced manner on site.
2. The method according to claim 1, further comprising, before the step S101, the following steps:
the concurrent authentication module executes the configuration state and configures read-only shared configuration data in the authentication operation executing process.
3. The method as claimed in claim 2, wherein the shared configuration data includes specific mode of authentication, ssid of WLAN, and MAC address of the wireless terminal.
4. A high-performance access authentication processing system is characterized by comprising a management control plane and a data forwarding plane, wherein the management control plane comprises a balanced relay module and a concurrent authentication module, the data forwarding plane comprises a balanced shunting module, the concurrent authentication module occupies computing resources from a CPU (central processing unit) kernel 1 to a kernel N, the balanced shunting module occupies computing resources from a CPU kernel N +1 to a kernel M, and the balanced relay module comprises N message cache queues;
the balance shunting module is used for carrying out load balance shunting algorithm calculation on the authentication message which needs to be redirected to the concurrent authentication module after receiving the authentication message sent by the wireless terminal or the Radius authentication server to obtain an authentication thread corresponding to the authentication message;
the balanced relay module is used for mapping the message to the authentication thread determined by the balanced shunting module;
the concurrent authentication module is used for processing the interaction between the corresponding authentication thread and the Radius authentication server so as to execute authentication operation;
the balanced shunting module comprises a first judging unit, a first operation unit and a first determining unit;
the first judging unit is used for judging the direction of the authentication message and informing the first arithmetic unit to execute the operation when the direction of the authentication message is the uplink direction;
the first operation unit is used for taking out the number N of the CPU kernels of the concurrent authentication module, extracting the last byte value of the MAC address of the wireless terminal from the authentication message, and then performing modular operation on the N by using the byte value to obtain a result value j, wherein the value range of the result value j is 0-N-1;
the first determining unit is used for determining that the authentication thread corresponding to the value j is the j +1 th authentication thread and then informing the balanced forwarding mapping unit to execute the operation;
the wireless terminal is connected with the wireless controller device AC through the wireless access point AP;
and according to the requirement of the burst performance of the access authentication application, the proportion of the number of the CPU cores of the management control plane and the data forwarding plane is customized and distributed in a balanced manner on site.
5. The system according to claim 4, wherein the concurrent authentication module specifically includes a configuration unit and an execution unit; the configuration unit is used for executing a configuration state and configuring read-only shared configuration data in the authentication operation executing process; and the execution unit is used for executing an authentication state and processing an authentication thread to execute authentication operation after the configuration of the configuration unit is finished.
6. The system of claim 5, wherein the shared configuration data comprises specific mode of authentication, ssid of WLAN, and MAC address of the wireless terminal.
7. A radio controller device for high-performance access authentication processing, which is respectively connected to a plurality of radio terminals and a Radius authentication server in a communication manner, wherein a CPU of the radio controller device runs a high-performance access authentication processing system according to any one of claims 4 to 6.
8. A networking device of a high-performance access authentication processing system, comprising a Radius authentication server, a wireless controller device and a wireless terminal in communication connection with the wireless controller device, wherein the CPU of the wireless controller device runs the high-performance access authentication processing system as claimed in any one of claims 4 to 6.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710627913.XA CN107426728B (en) | 2013-12-31 | 2013-12-31 | High-performance access authentication processing method, system, controller equipment and networking device |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310754126.3A CN103747439B (en) | 2013-12-31 | 2013-12-31 | Wireless controller equipment, wireless authentication processing method, system, networking |
CN201710627913.XA CN107426728B (en) | 2013-12-31 | 2013-12-31 | High-performance access authentication processing method, system, controller equipment and networking device |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310754126.3A Division CN103747439B (en) | 2013-12-31 | 2013-12-31 | Wireless controller equipment, wireless authentication processing method, system, networking |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107426728A CN107426728A (en) | 2017-12-01 |
CN107426728B true CN107426728B (en) | 2020-05-12 |
Family
ID=50504418
Family Applications (3)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710627901.7A Active CN107493574B (en) | 2013-12-31 | 2013-12-31 | Wireless controller equipment, parallel authentication processing method, system and networking device |
CN201710627913.XA Active CN107426728B (en) | 2013-12-31 | 2013-12-31 | High-performance access authentication processing method, system, controller equipment and networking device |
CN201310754126.3A Active CN103747439B (en) | 2013-12-31 | 2013-12-31 | Wireless controller equipment, wireless authentication processing method, system, networking |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710627901.7A Active CN107493574B (en) | 2013-12-31 | 2013-12-31 | Wireless controller equipment, parallel authentication processing method, system and networking device |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310754126.3A Active CN103747439B (en) | 2013-12-31 | 2013-12-31 | Wireless controller equipment, wireless authentication processing method, system, networking |
Country Status (1)
Country | Link |
---|---|
CN (3) | CN107493574B (en) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104516775A (en) * | 2014-09-05 | 2015-04-15 | 深圳市华讯方舟科技有限公司 | AP and STA access achieving method based on multiple cores and multiple threads |
CN109257834B (en) * | 2018-09-17 | 2021-08-20 | 广州市特沃能源管理有限公司 | Networking method of mesh wireless sensor network based on Thread protocol |
CN111953757B (en) * | 2020-08-02 | 2021-01-26 | 杭州新中大科技股份有限公司 | Information processing method based on cloud computing and intelligent device interaction and cloud server |
CN113014627B (en) * | 2021-02-10 | 2022-07-26 | 深圳震有科技股份有限公司 | Message forwarding method and device, intelligent terminal and computer readable storage medium |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101510872A (en) * | 2009-02-09 | 2009-08-19 | 中兴通讯股份有限公司 | Remote customer dialing authentication service client terminal, server and transmission/acceptance method |
CN101707618A (en) * | 2009-12-10 | 2010-05-12 | 福建星网锐捷网络有限公司 | Authentication control method, device, system and authentication server |
US8028056B1 (en) * | 2005-12-05 | 2011-09-27 | Netapp, Inc. | Server monitoring framework |
CN103336684A (en) * | 2013-07-18 | 2013-10-02 | 上海寰创通信科技股份有限公司 | AC capable of concurrent processing AP information and processing method thereof |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100233238B1 (en) * | 1996-12-21 | 1999-12-01 | 정선종 | Two way authentication communication method using multithread in distributed transaction system |
CN102480399B (en) * | 2010-11-30 | 2015-09-30 | 中国电信股份有限公司 | Based on multi-service authentication method and the system of IPoE |
CN102137401B (en) * | 2010-12-09 | 2018-07-20 | 华为技术有限公司 | WLAN centralization 802.1X authentication methods and device and system |
JP5478591B2 (en) * | 2011-11-22 | 2014-04-23 | 日本電信電話株式会社 | Information system and authentication state management method thereof |
CN102710497A (en) * | 2012-04-24 | 2012-10-03 | 汉柏科技有限公司 | Method and system for processing messages of multi-core and multi-thread network equipment |
CN102831017B (en) * | 2012-08-31 | 2014-09-10 | 河海大学 | High-efficiency distributed parallel authentication system |
-
2013
- 2013-12-31 CN CN201710627901.7A patent/CN107493574B/en active Active
- 2013-12-31 CN CN201710627913.XA patent/CN107426728B/en active Active
- 2013-12-31 CN CN201310754126.3A patent/CN103747439B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8028056B1 (en) * | 2005-12-05 | 2011-09-27 | Netapp, Inc. | Server monitoring framework |
CN101510872A (en) * | 2009-02-09 | 2009-08-19 | 中兴通讯股份有限公司 | Remote customer dialing authentication service client terminal, server and transmission/acceptance method |
CN101707618A (en) * | 2009-12-10 | 2010-05-12 | 福建星网锐捷网络有限公司 | Authentication control method, device, system and authentication server |
CN103336684A (en) * | 2013-07-18 | 2013-10-02 | 上海寰创通信科技股份有限公司 | AC capable of concurrent processing AP information and processing method thereof |
Also Published As
Publication number | Publication date |
---|---|
CN103747439B (en) | 2017-08-25 |
CN107493574B (en) | 2020-10-23 |
CN103747439A (en) | 2014-04-23 |
CN107426728A (en) | 2017-12-01 |
CN107493574A (en) | 2017-12-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11669372B2 (en) | Flexible allocation of compute resources | |
US20220224657A1 (en) | Technologies for accelerating edge device workloads | |
CN107612840B (en) | Data processing method and device of four-layer load balancing equipment | |
JP6200497B2 (en) | Offload virtual machine flows to physical queues | |
EP3115897B1 (en) | Intelligent load balancer selection in a multi-load balancer environment | |
US9354952B2 (en) | Application-driven shared device queue polling | |
US20240127054A1 (en) | Remote artificial intelligence (ai) acceleration system | |
Shiraz et al. | Mobile cloud computing: critical analysis of application deployment in virtual machines | |
US9507643B2 (en) | Techniques for virtualization of application delivery controllers | |
Cozzolino et al. | Nimbus: Towards latency-energy efficient task offloading for ar services | |
US9311148B2 (en) | Pseudo-random hardware resource allocation through the plurality of resource controller based on non-repeating sequence of index list entries | |
CN107426728B (en) | High-performance access authentication processing method, system, controller equipment and networking device | |
WO2018233299A1 (en) | Method, apparatus and device for scheduling processor, and medium | |
US20220109733A1 (en) | Service mesh offload to network devices | |
US20130139156A1 (en) | Application-driven shared device queue polling in a virtualized computing environment | |
US20190042314A1 (en) | Resource allocation | |
US20160261526A1 (en) | Communication apparatus and processor allocation method for the same | |
WO2020134153A1 (en) | Distribution method, system and processing device | |
US8671232B1 (en) | System and method for dynamically migrating stash transactions | |
CN116266141A (en) | Method and apparatus for assigning and checking anti-replay sequence numbers using load balancing | |
Jeon et al. | Experimental evaluation of improved IoT middleware for flexible performance and efficient connectivity | |
CN117240935A (en) | Data plane forwarding method, device, equipment and medium based on DPU | |
Kadhim et al. | Hybrid load-balancing algorithm for distributed fog computing in internet of things environment | |
US20140156954A1 (en) | System and method for achieving enhanced performance with multiple networking central processing unit (cpu) cores | |
Cha et al. | Boosting edge computing performance through heterogeneous manycore systems |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information |
Address after: 350000 Building 28, Fuzhou Software Park C, 89 Software Avenue, Gulou District, Fuzhou City, Fujian Province Applicant after: Ankexun (Fujian) Technology Co.,Ltd. Address before: 350400 Pingtan, Fuzhou Province comprehensive experimentation area central business headquarters Applicant before: FUJIAN SUNNADA NETWORK TECHNOLOGY Co.,Ltd. |
|
CB02 | Change of applicant information | ||
GR01 | Patent grant | ||
GR01 | Patent grant |