CN107493574B - Wireless controller equipment, parallel authentication processing method, system and networking device - Google Patents

Wireless controller equipment, parallel authentication processing method, system and networking device Download PDF

Info

Publication number
CN107493574B
CN107493574B CN201710627901.7A CN201710627901A CN107493574B CN 107493574 B CN107493574 B CN 107493574B CN 201710627901 A CN201710627901 A CN 201710627901A CN 107493574 B CN107493574 B CN 107493574B
Authority
CN
China
Prior art keywords
authentication
module
wireless
message
thread
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710627901.7A
Other languages
Chinese (zh)
Other versions
CN107493574A (en
Inventor
罗来财
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ankexun Fujian Technology Co ltd
Original Assignee
Ankexun Fujian Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ankexun Fujian Technology Co ltd filed Critical Ankexun Fujian Technology Co ltd
Priority to CN201710627901.7A priority Critical patent/CN107493574B/en
Publication of CN107493574A publication Critical patent/CN107493574A/en
Application granted granted Critical
Publication of CN107493574B publication Critical patent/CN107493574B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5005Allocation of resources, e.g. of the central processing unit [CPU] to service a request
    • G06F9/5027Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/12Avoiding congestion; Recovering from congestion
    • H04L47/125Avoiding congestion; Recovering from congestion by balancing the load, e.g. traffic engineering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W28/00Network traffic management; Network resource management
    • H04W28/02Traffic management, e.g. flow control or congestion control
    • H04W28/08Load balancing or load distribution
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W28/00Network traffic management; Network resource management
    • H04W28/02Traffic management, e.g. flow control or congestion control
    • H04W28/10Flow control between communication endpoints
    • H04W28/14Flow control between communication endpoints using intermediate storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/02Processing of mobility data, e.g. registration information at HLR [Home Location Register] or VLR [Visitor Location Register]; Transfer of mobility data, e.g. between HLR, VLR or external networks
    • H04W8/04Registration at HLR or HSS [Home Subscriber Server]

Abstract

The invention discloses a wireless authentication processing method, which is applied to a wireless authentication processing system, wherein the system comprises a balanced shunting module, a balanced relay module and a concurrent authentication module, and the method comprises the following steps: s101, after receiving an authentication message sent by a wireless terminal or a Radius authentication server, a balanced flow distribution module calculates a load balanced flow distribution algorithm for the authentication message to be redirected to obtain an authentication thread corresponding to the authentication message; s102, adding the message into the determined authentication thread by the balanced relay module; s103, the concurrent authentication module processes the corresponding authentication thread to execute authentication operation. The invention also discloses a line controller device, a wireless authentication processing system and a networking.

Description

Wireless controller equipment, parallel authentication processing method, system and networking device
The application is a divisional application of a parent application named wireless controller device, wireless authentication processing method, system and networking with application number 201310754126.3.
Technical Field
The invention relates to wireless controller equipment, a wireless authentication processing method, a wireless authentication processing system and networking.
Background
With the continuous maturation of WLAN technology, the application scale of wireless networks is getting larger and larger, especially the maturation of thin AP wireless framework networking application, and a situation that a large number of terminal devices exist in a single wireless local area network occurs. A single wireless controller device (AC) is required to manage a large number of wireless access point devices (APs) and wireless terminal devices (STAs). In the application of the operator WLAN network, a single radio controller device has been required to manage a maximum of 4096 radio access point devices (APs), and if the number of radio terminal user devices per AP band is 64, the total number of managed radio terminal users reaches 256K. With such a large number of wireless terminals managing the demand, the concurrent access authentication performance of the wireless controller device also poses a greater challenge.
SMP (Symmetric Multi-Processing) refers to a computer with a set of processors (multiple CPUs) on it, and the CPUs share a memory subsystem and a bus structure. It is a parallel technology which is widely applied compared with the asymmetric multiprocessing technology. In this architecture, a computer runs a single copy of the operating system from multiple processors at the same time, sharing memory and other resources of a computer. Although multiple CPUs are used simultaneously, they behave as a single unit from a management point of view. The system distributes the task queues on a plurality of CPUs symmetrically, thereby greatly improving the data processing capacity of the whole system. All processors have equal access to memory, I/O and external interrupts. In a symmetric multiprocessing system, system resources are shared by all CPUs in the system, and the workload can be evenly distributed over all available processors, thereby improving the data processing capacity of the whole system.
At present, it is common practice to replace the hardware architecture for higher processing performance and to run the control management subsystem of the wireless controller in SMP fashion. The disadvantage of this approach is that the cost of device development and the power consumption of operation are increased, and the extent of concurrent processing performance to improve access authentication is limited. The method runs in an SMP mode, the basic unit of scheduling and executing of the operating system is threads, and the scheduled threads run on a plurality of processor cores completely, peer to peer and randomly, so that context information running inside the threads needs to be completely protected, and the extra overhead of computing performance is large.
Disclosure of Invention
The invention provides a wireless authentication processing method and a wireless authentication processing system, which aim to realize high-performance concurrent access authentication on the existing multi-core processor hardware architecture.
In order to solve the technical problems, the invention adopts a technical scheme that:
the method is applied to a wireless authentication processing system, the system comprises a balance shunting module, a balance relay module and a concurrency authentication module, wherein the concurrency authentication module occupies computing resources from a CPU (central processing unit) kernel 1 to a kernel N, and the balance shunting module occupies computing resources from the CPU kernel N +1 to the kernel M, and the method comprises the following steps: s101, after receiving an authentication message sent by a wireless terminal or a Radius authentication server, a balanced flow distribution module calculates a load balanced flow distribution algorithm for the authentication message to be redirected to obtain an authentication thread corresponding to the authentication message; s102, adding the message into the determined authentication thread by the balanced relay module; s103, the concurrent authentication module processes the corresponding authentication thread to execute authentication operation.
The invention adopts another technical scheme that:
the wireless authentication processing system comprises a balanced shunting module, a balanced relay module and a concurrent authentication module, wherein the concurrent authentication module occupies computing resources from a kernel 1 to a kernel N of a CPU (central processing unit), and the balanced shunting module occupies computing resources from the kernel N +1 to the kernel M of the CPU; the balance shunting module is used for carrying out load balance shunting algorithm calculation on the authentication message which needs to be redirected to the concurrent authentication module after receiving the authentication message sent by the wireless terminal or the Radius authentication server to obtain an authentication thread corresponding to the authentication message; the balanced relay module is used for mapping the message to the authentication thread determined by the balanced shunting module; and the concurrent authentication module is used for processing the interaction between the corresponding authentication thread and the Radius authentication server so as to execute the authentication operation.
The invention adopts another technical scheme that:
the wireless controller device is respectively connected with a plurality of wireless terminals and a Radius authentication server in a communication mode, and the CPU of the wireless controller device runs the wireless authentication processing system.
The invention adopts another technical scheme that:
the networking of the wireless authentication processing system comprises a Radius authentication server, wireless controller equipment and a wireless terminal in communication connection with the wireless controller equipment, wherein the wireless authentication processing system is operated by a CPU of the wireless controller equipment.
The invention has the beneficial effects that: 1. the high-performance access authentication processing is realized on the basis of the existing hardware; 2. customizing and distributing proper forwarding performance and access authentication performance on site according to application performance requirements; 3. the present invention provides an example of multi-core concurrent processing that is easily extended to other applications requiring high-performance highlighting.
Drawings
Fig. 1 is a WLAN wireless networking diagram;
FIG. 2 is a logical view of a wireless authentication processing system in accordance with an embodiment of the present invention;
FIG. 3 is a networking schematic of a wireless authentication processing system;
FIG. 4 is a block diagram of the architecture of an equalization relay module, using the Linux operating system as an example;
FIG. 5 is a state transition diagram of a concurrent authentication module;
fig. 6 is a flowchart illustrating a wireless authentication processing method according to an embodiment of the present invention;
fig. 7 is a flowchart of an implementation of the load balancing offload algorithm.
Description of the main elements
A wireless authentication processing system 100; a balanced shunting module 10;
an equalizing relay module 20; and a concurrent authentication module 30.
Detailed Description
In order to explain technical contents, structural features, and objects and effects of the present invention in detail, the following detailed description is given with reference to the accompanying drawings in conjunction with the embodiments.
The invention provides a wireless authentication processing method and system based on a multi-core processor. Please refer to fig. 1, which is a diagram of WLAN wireless networking. The main devices in the AP wireless lan include a wireless controller (AC), a wireless Access Point (AP), a wireless terminal (STA), and a router device (router).
In thin AP wireless networks, a wireless controller device (AC) needs to manage a large number of wireless Access Points (APs) and wireless terminal devices (STAs). These wireless terminal devices come online in a certain time period collectively, requiring a wireless controller device (AC) to have a high concurrent access authentication processing performance. Under the configuration of non-perception authentication of operation application, the processing of the wireless terminal device online process mainly comprises the following stages:
1. and a wireless association stage: the related message flow comprises an authentication request, an authentication response, an association request and an association response, and the total number of the 4 protocol messages is 4.
2. Identity authentication and key agreement stage: the related message flows include an EAPoL protocol message between the wireless controller device and the wireless terminal device, and also include a Radius protocol message between the wireless controller device and the authentication server device, for a total of about 50 protocol messages.
3. And IP address acquisition stage: the protocol message comprises a DHCP discover, a DHCP offer, a DHCP request and a DHCP ACK, and the total number of the protocol messages is 4.
From the above several stages of message quantity analysis, the overall wireless terminal concurrent on-line process mainly consumes performance as the second stage, involving a total of about 50 protocol messages. The invention provides a wireless authentication processing method and a wireless authentication processing system aiming at the characteristics of the concurrent online process of a wireless terminal, so as to improve the access authentication performance.
Fig. 2 is a logic diagram of a wireless authentication processing system according to an embodiment of the invention. The general idea of designing a wireless authentication processing system 100 is to assign an independent authentication thread N to each wireless terminal, where N is 1 to N, and the authentication thread N is fixedly run on the CPU core N, so that no sharing of wireless terminal related information between multiple threads is involved. Each CPU core has its own independent L1 cache, and in order to efficiently utilize the L1 cache characteristics, the balanced relay module 20 is designed to include N message cache queues. The balanced shunting module 10 runs on the CPU cores N +1 to M, and belongs to a data forwarding plane.
The system and method described above can achieve fully parallel processing using the concurrent on-line authentication process of wireless terminals, the independence of information between specific wireless terminal individuals, and the cache characteristics of the multi-core processor L1. In addition, the proportion of the number of the CPU cores of the management control plane and the data forwarding plane can be reasonably allocated on site according to the performance requirements of the specific management control plane and the specific data forwarding plane.
By the foregoing description, knowing that the concurrent authentication processing performance requirements of the wireless controller device (AC) are very high, the general idea of implementing a high-performance parallel authentication system by using independence between individuals authenticated online by the wireless terminal and the cache feature of the multi-core processor L1 is also presented above.
The following mainly explains the implementation scheme of the wireless authentication processing system and method of the present invention based on the general idea, and specifically explains the specific problems related to the scheme, such as the balanced flow distribution algorithm, the system interrupt and the shared data of the message buffer queue and the authentication thread.
The wireless authentication processing system 100 includes a balanced shunting module 10, a balanced relay module 20, and a concurrent authentication module 30, where the concurrent authentication module 30 occupies computing resources from the core 1 to the core N of the CPU processor, and the balanced shunting module 10 occupies computing resources from the core N +1 to the core M of the CPU processor. The balanced distribution module 10 is configured to, after receiving an authentication packet sent by a wireless terminal or a Radius authentication server, perform load balanced distribution algorithm calculation on the authentication packet that needs to be redirected to the concurrent authentication module 30 to obtain an authentication thread corresponding to the authentication packet. The balanced relay module 20 is configured to map the packet to the authentication thread determined by the balanced distribution module 10. The concurrent authentication module 30 is configured to process a corresponding authentication thread to interact with a Radius authentication server to perform an authentication operation.
The wireless authentication processing system 100 is specifically a system running on a CPU processor of a wireless controller device (AC), and the whole system is divided into a management control plane and a data forwarding plane, where the management control plane includes the balanced relay module 20 and the concurrent authentication module 30, and the data forwarding plane is the balanced offload module 10.
Please refer to fig. 3, which is a schematic diagram of a wireless authentication processing system. The networking comprises a Radius authentication server, wireless controller equipment and a wireless terminal in communication connection with the wireless controller equipment. The wireless controller device exists as an actual Radius client, has an independent network element IP address, and has independent key information of Radius authentication. The management control plane of the software inside the radio controller sets 1 … N authentication threads, each existing as a virtual Radius client, according to the number of CPU cores for this plane.
The concurrent authentication module 30 in the wireless controller considers both the complete concurrent processing of multiple threads and the shared configuration data among the threads, so the concurrent authentication module 30 can be regarded as multiple virtual Radius clients, which share IP addresses and authentication key information and correspond to the same Radius authentication server, but the UDP port numbers of the clients are different. The equalizing relay module 20 of the wireless controller distinguishes the specific authentication thread according to the UDP port number of the Radius client.
Referring to fig. 4, a block diagram of an equalizing relay module using Linux operating system as an example is shown. The balanced relay module 20 can be seen as consisting of a logical pipe between the authentication threads of multiple concurrent authentication modules 30 and the Radius authentication server. Each logical pipe is connected with an authentication thread and a balanced shunting module 10, and a specific socket and specific inter-core interrupt information are corresponding. If the system is based on a Linux operating system, the equalization relay module belongs to the kernel part of the operating system.
The inter-core interrupt refers to an event notification mechanism defined among multiple cores of the CPU, and the balanced distribution module 10 is configured to generate an inter-core interrupt for a process that needs to be redirected to the concurrent authentication module 30. Softirq refers to the soft interrupt mechanism of the Linux kernel, and is referred to herein as a high-level interrupt handler triggered by inter-kernel interrupts. The UDP port X is a socket source port used between the Radius client and the Radius authentication server, a specific basic port may be set in advance in a software implementation process, and 1 is sequentially added to subsequent port numbers. The buffer queue is used for the authentication message sent by the balanced distribution module 10 to the authentication thread and for the authentication message sent by the authentication thread to the Radius authentication server.
The load balancing and shunting module 10 includes a first judging unit, a first calculating unit, a first determining unit, a second determining unit, and a forwarding mapping unit.
The first judging unit is used for judging the direction of the authentication message, informing the first arithmetic unit to execute the operation when the direction of the authentication message is the uplink direction, and informing the second arithmetic unit to execute the operation when the direction of the authentication message is the downlink direction. The uplink direction is a direction in which the authentication message is sent from the authentication thread to the Radius authentication server, and the downlink direction is a direction in which the authentication message is sent from the Radius authentication server to the wireless controller device (AC) authentication thread.
The first operation unit is configured to take out the number N of CPU cores of the concurrent authentication module 30, extract the last byte value of the MAC address of the wireless terminal from the authentication packet, and perform a modulo operation on N using the byte value to obtain a result value j, where the value range of the result value j is 0 to N-1.
The first determining unit is configured to determine that the authentication thread corresponding to the value j is the j +1 th authentication thread, for example, map the result value 0 to the authentication thread 1, map the result value 1 to the authentication thread 2, and so on, and then notify the balance forwarding mapping unit to perform an operation.
The second determining unit is used for extracting a destination UDP port number of the message UDP header, determining an authentication thread corresponding to the destination UDP port number, and then informing the balanced forwarding mapping unit to execute the operation.
The forwarding mapping unit is used for forwarding the message to the balanced relay module and mapping the message to the corresponding authentication thread.
Please refer to fig. 5, which is a state transition diagram of the concurrent authentication module. The concurrent authentication module 30 has a small amount of shared configuration data among multiple authentication threads, such as information about a specific authentication mode, ssid of WLAN, and MAC address of the wireless terminal. These shared configuration data have the common feature of being read only during the authentication run. Independent configuration threads and global configuration marks can be set to realize lock-free operation of the whole module, so that complete concurrent authentication is realized. The concurrent authentication module 30 has two states in operation, namely an execution configuration state and an execution authentication state.
Therefore, in the present embodiment, the concurrent authentication module 30 specifically includes a configuration unit and an execution unit; the configuration unit is used for executing a configuration state and configuring read-only shared configuration data in the authentication operation executing process; and the execution unit is used for executing an authentication state and processing an authentication thread to execute authentication operation after the configuration of the configuration unit is finished.
Fig. 6 is a flowchart illustrating a wireless authentication processing method according to an embodiment of the present invention. The method is applied to the wireless authentication processing system, the system comprises a balance shunting module, a balance relay module and a concurrency authentication module, wherein the concurrency authentication module occupies computing resources from a kernel 1 to a kernel N of a CPU (central processing unit), the balance shunting module occupies computing resources from a kernel N +1 to a kernel M of the CPU, and the scheme and the principle explained by the scheme of the system can be applied to the following method explanation.
The wireless authentication processing method comprises the following steps:
s101, after receiving an authentication message sent by a wireless terminal or a Radius authentication server, a balanced flow distribution module calculates a load balanced flow distribution algorithm for the authentication message to be redirected to obtain an authentication thread corresponding to the authentication message;
s102, adding the message into the determined authentication thread by the balanced relay module;
s103, the concurrent authentication module processes the corresponding authentication thread to execute authentication operation.
Wherein, before the step S101, the method further comprises the steps of:
and the concurrent authentication module executes a configuration state and configures read-only shared configuration data in the authentication operation process, wherein the shared configuration data comprises information such as a specific authentication mode, an ssid of the WLAN, an MAC address of the wireless terminal and the like.
Please refer to fig. 7, which is a flowchart illustrating an implementation of the load balancing offload algorithm. The implementation process of the load balancing and shunting algorithm specifically comprises the following steps:
s1011, determining the authentication message direction, and if the authentication message direction is the uplink direction, the process proceeds to step S1012, and if the authentication message direction is the downlink direction, the process proceeds to step S1014.
S1012, taking out the number N of CPU cores of the concurrent authentication module 30, extracting the last byte value of the MAC address of the wireless terminal from the authentication packet, and then performing modulo operation on N using this value to obtain a result value j, where the value range of the result value j is 0 to N-1.
S1013, determine the authentication thread corresponding to the value j as the j +1 th authentication thread, for example, map the result value 0 to the authentication thread 1, map the result value 1 to the authentication thread 2, and so on, and then proceed to step S1015.
S1014, the balanced splitting module 10 extracts the destination UDP port number of the UDP header, determines an authentication thread corresponding to the destination UDP port number, and then proceeds to step S1015.
And S1015, forwarding the message to the balanced relay module and mapping the message to a corresponding authentication thread.
Compared with the prior art, the wireless controller equipment, the wireless authentication processing method, the wireless authentication processing system and the networking provided by the invention have the following characteristics and technical effects:
1. realizing high-performance access authentication processing based on existing hardware
The invention realizes the optimization of the access authentication processing performance based on the existing wireless controller hardware multi-core processor, and realizes the seamless transition of software optimization upgrading without changing a hardware platform and changing a software framework. When the management control plane of the wireless controller software runs on a single CPU processor core, the whole authentication flow and the whole processing process are completely consistent with those before optimization, and the risk of implementing software upgrading and debugging in the process is reduced.
2. Customizing and distributing proper forwarding performance and access authentication performance on site according to application performance requirements
The invention customizes and equally distributes the proper proportion of the forwarding performance and the access authentication performance on site according to the requirement of the burst performance of the access authentication application. For example, the burst performance of a single core operation management control plane access authentication is 100 users per second, and then 6 CPU cores operation management control planes can be configured in an application environment requiring the burst authentication performance of 600 users per second.
3. The embodiment of the invention for providing multi-core concurrent processing can be easily extended to other applications requiring high-performance highlighting
The invention relates to a macroscopic performance optimization method based on system implementation. It can be used together with application specific internal optimization methods to be effective. In addition to access authentication applications, other network protocols and service handling applications can easily migrate to use the methods described in this document.
The above description is only an embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes performed by the present specification and drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.

Claims (8)

1. A wireless parallel authentication processing method is applied to a wireless authentication processing system, the system runs in a Linux operating system and comprises a balance shunting module, a balance relay module and a concurrency authentication module, wherein the balance relay module belongs to an operating system kernel part, the concurrency authentication module occupies computing resources from a CPU (central processing unit) kernel 1 to a kernel N, and the balance shunting module occupies computing resources from the CPU kernel N +1 to the kernel M, the method comprises the following steps:
s101, after receiving an authentication message sent by a wireless terminal or a Radius authentication server, a balanced shunting module calculates a load balanced shunting algorithm for the authentication message needing to be redirected to obtain an authentication thread corresponding to the authentication message, and meanwhile, an inter-core interrupt is generated;
s102, the balance relay module corresponds specific inter-core interrupt information with a specific socket and adds the message into the determined authentication thread;
s103, the concurrent authentication module processes the corresponding authentication thread to execute authentication operation;
the implementation process of the load balancing and shunting algorithm specifically comprises the following steps:
s1011, judging the direction of the authentication message, executing steps S1012 and S1013 when the direction of the authentication message is an uplink direction, and executing step S1014 when the direction of the authentication message is a downlink direction;
s1012, taking out the number N of the CPU kernels of the concurrent authentication module, extracting the last byte value of the MAC address of the wireless terminal from the authentication message, and performing modular operation on the N by using the number value to obtain a result value j, wherein the value range of the result value j is 0-N-1;
s1013, determining the authentication thread corresponding to the value j as the j +1 th authentication thread;
s1014, the balanced flow distribution module extracts the destination UDP port number of the message UDP header and determines the authentication thread corresponding to the destination UDP port number.
2. The wireless parallel authentication processing method according to claim 1, wherein the step S101 further comprises the following steps:
the concurrent authentication module executes the configuration state and configures read-only shared configuration data in the authentication operation executing process.
3. The wireless parallel authentication processing method according to claim 2, wherein the shared configuration data includes a specific authentication mode, an ssid of the WLAN, and a MAC address of the wireless terminal.
4. A wireless parallel authentication processing system is characterized in that the system runs in a Linux operating system and comprises a balance shunting module, a balance relay module and a concurrency authentication module, wherein the balance relay module belongs to an operating system kernel part, the concurrency authentication module occupies computing resources from a CPU (central processing unit) kernel 1 to a kernel N, and the balance shunting module occupies computing resources from a CPU kernel N +1 to a kernel M;
the balance shunting module is used for carrying out load balance shunting algorithm calculation on the authentication message which needs to be redirected to the concurrent authentication module after receiving the authentication message sent by the wireless terminal or the Radius authentication server, obtaining an authentication thread corresponding to the authentication message, and generating an inter-core interrupt;
the balanced relay module is used for corresponding specific inter-core interrupt information with a specific socket and mapping the message to the authentication thread determined by the balanced distribution module;
the concurrent authentication module is used for processing the interaction between the corresponding authentication thread and the Radius authentication server so as to execute authentication operation;
the balanced shunting module comprises a first judgment unit, a first operation unit, a first determination unit and a second determination unit;
the first judging unit is used for judging the direction of the authentication message, informing the first arithmetic unit to execute the operation when the direction of the authentication message is the uplink direction, and informing the second determining unit to execute the operation when the direction of the authentication message is the downlink direction;
the first operation unit is used for taking out the number N of the CPU kernels of the concurrent authentication module, extracting the last byte value of the MAC address of the wireless terminal from the authentication message, and then performing modular operation on the N by using the byte value to obtain a result value j, wherein the value range of the result value j is 0-N-1;
the first determining unit is used for determining the authentication thread corresponding to the value j as the j +1 th authentication thread;
the second determining unit is used for extracting a destination UDP port number of the message UDP header and determining an authentication thread corresponding to the destination UDP port number.
5. The wireless parallel authentication processing system according to claim 4, wherein the concurrent authentication module specifically comprises a configuration unit and an execution unit; the configuration unit is used for executing a configuration state and configuring read-only shared configuration data in the authentication operation executing process; and the execution unit is used for executing an authentication state and processing an authentication thread to execute authentication operation after the configuration of the configuration unit is finished.
6. The wireless parallel authentication processing system according to claim 5, wherein the shared configuration data includes a specific mode of authentication, an ssid of the WLAN, and a MAC address of the wireless terminal.
7. A wireless controller device, which is respectively connected to a plurality of wireless terminals and a Radius authentication server in a communication manner, wherein a CPU of the wireless controller device runs a wireless parallel authentication processing system according to any one of claims 4 to 6.
8. A networking device of a wireless parallel authentication processing system, comprising a Radius authentication server, a wireless controller device and a wireless terminal in communication connection with the wireless controller device, wherein the CPU of the wireless controller device runs a wireless parallel authentication processing system according to any one of claims 4 to 6.
CN201710627901.7A 2013-12-31 2013-12-31 Wireless controller equipment, parallel authentication processing method, system and networking device Active CN107493574B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710627901.7A CN107493574B (en) 2013-12-31 2013-12-31 Wireless controller equipment, parallel authentication processing method, system and networking device

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710627901.7A CN107493574B (en) 2013-12-31 2013-12-31 Wireless controller equipment, parallel authentication processing method, system and networking device
CN201310754126.3A CN103747439B (en) 2013-12-31 2013-12-31 Wireless controller equipment, wireless authentication processing method, system, networking

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
CN201310754126.3A Division CN103747439B (en) 2013-12-31 2013-12-31 Wireless controller equipment, wireless authentication processing method, system, networking

Publications (2)

Publication Number Publication Date
CN107493574A CN107493574A (en) 2017-12-19
CN107493574B true CN107493574B (en) 2020-10-23

Family

ID=50504418

Family Applications (3)

Application Number Title Priority Date Filing Date
CN201310754126.3A Active CN103747439B (en) 2013-12-31 2013-12-31 Wireless controller equipment, wireless authentication processing method, system, networking
CN201710627913.XA Active CN107426728B (en) 2013-12-31 2013-12-31 High-performance access authentication processing method, system, controller equipment and networking device
CN201710627901.7A Active CN107493574B (en) 2013-12-31 2013-12-31 Wireless controller equipment, parallel authentication processing method, system and networking device

Family Applications Before (2)

Application Number Title Priority Date Filing Date
CN201310754126.3A Active CN103747439B (en) 2013-12-31 2013-12-31 Wireless controller equipment, wireless authentication processing method, system, networking
CN201710627913.XA Active CN107426728B (en) 2013-12-31 2013-12-31 High-performance access authentication processing method, system, controller equipment and networking device

Country Status (1)

Country Link
CN (3) CN103747439B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104516775A (en) * 2014-09-05 2015-04-15 深圳市华讯方舟科技有限公司 AP and STA access achieving method based on multiple cores and multiple threads
CN109257834B (en) * 2018-09-17 2021-08-20 广州市特沃能源管理有限公司 Networking method of mesh wireless sensor network based on Thread protocol
CN112738075A (en) * 2020-08-02 2021-04-30 姚晓红 Information processing method and system based on cloud computing and intelligent equipment interaction
CN113014627B (en) * 2021-02-10 2022-07-26 深圳震有科技股份有限公司 Message forwarding method and device, intelligent terminal and computer readable storage medium

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102710497A (en) * 2012-04-24 2012-10-03 汉柏科技有限公司 Method and system for processing messages of multi-core and multi-thread network equipment

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100233238B1 (en) * 1996-12-21 1999-12-01 정선종 Two way authentication communication method using multithread in distributed transaction system
US7653722B1 (en) * 2005-12-05 2010-01-26 Netapp, Inc. Server monitoring framework
CN101510872B (en) * 2009-02-09 2012-05-23 中兴通讯股份有限公司 Remote customer dialing authentication service client terminal, server and transmission/acceptance method
CN101707618B (en) * 2009-12-10 2013-01-30 福建星网锐捷网络有限公司 Authentication control method, device, system and authentication server
CN102480399B (en) * 2010-11-30 2015-09-30 中国电信股份有限公司 Based on multi-service authentication method and the system of IPoE
CN102137401B (en) * 2010-12-09 2018-07-20 华为技术有限公司 WLAN centralization 802.1X authentication methods and device and system
JP5478591B2 (en) * 2011-11-22 2014-04-23 日本電信電話株式会社 Information system and authentication state management method thereof
CN102831017B (en) * 2012-08-31 2014-09-10 河海大学 High-efficiency distributed parallel authentication system
CN103336684B (en) * 2013-07-18 2016-08-10 上海寰创通信科技股份有限公司 The AC of a kind of concurrent processing AP message and processing method thereof

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102710497A (en) * 2012-04-24 2012-10-03 汉柏科技有限公司 Method and system for processing messages of multi-core and multi-thread network equipment

Also Published As

Publication number Publication date
CN107493574A (en) 2017-12-19
CN107426728B (en) 2020-05-12
CN107426728A (en) 2017-12-01
CN103747439B (en) 2017-08-25
CN103747439A (en) 2014-04-23

Similar Documents

Publication Publication Date Title
US11669372B2 (en) Flexible allocation of compute resources
CN107612840B (en) Data processing method and device of four-layer load balancing equipment
JP6200497B2 (en) Offload virtual machine flows to physical queues
EP3115897B1 (en) Intelligent load balancer selection in a multi-load balancer environment
US20190044886A1 (en) Technologies for accelerating edge device workloads
US20180004693A1 (en) Graphics processing unit (gpu) as a programmable packet transfer mechanism
WO2015096656A1 (en) Thread creation method, service request processing method and related device
US9354952B2 (en) Application-driven shared device queue polling
US20240127054A1 (en) Remote artificial intelligence (ai) acceleration system
Shiraz et al. Mobile cloud computing: Critical analysis of application deployment in virtual machines
JP2011138506A (en) Acceleration of opencl application by utilizing virtual opencl device as interface to compute cloud
US20190196875A1 (en) Method, system and computer program product for processing computing task
US9311148B2 (en) Pseudo-random hardware resource allocation through the plurality of resource controller based on non-repeating sequence of index list entries
CN107493574B (en) Wireless controller equipment, parallel authentication processing method, system and networking device
US8849905B2 (en) Centralized computing
Cozzolino et al. Nimbus: Towards latency-energy efficient task offloading for ar services
US20190042314A1 (en) Resource allocation
US20220109733A1 (en) Service mesh offload to network devices
Papadogiannaki et al. Efficient software packet processing on heterogeneous and asymmetric hardware architectures
Hanford et al. Improving network performance on multicore systems: Impact of core affinities on high throughput flows
US9015438B2 (en) System and method for achieving enhanced performance with multiple networking central processing unit (CPU) cores
Cha et al. Boosting edge computing performance through heterogeneous manycore systems
Kadhim et al. Hybrid load-balancing algorithm for distributed fog computing in internet of things environment
CN117240935A (en) Data plane forwarding method, device, equipment and medium based on DPU
US20160261526A1 (en) Communication apparatus and processor allocation method for the same

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 350000 Building 28, Fuzhou Software Park C, 89 Software Avenue, Gulou District, Fuzhou City, Fujian Province

Applicant after: Ankexun (Fujian) Technology Co.,Ltd.

Address before: 350400 Pingtan, Fuzhou Province comprehensive experimentation area central business headquarters

Applicant before: FUJIAN SUNNADA NETWORK TECHNOLOGY Co.,Ltd.

GR01 Patent grant
GR01 Patent grant