CN107707485A - A kind of range type IP message strategy matching circuits and method - Google Patents

A kind of range type IP message strategy matching circuits and method Download PDF

Info

Publication number
CN107707485A
CN107707485A CN201710992676.7A CN201710992676A CN107707485A CN 107707485 A CN107707485 A CN 107707485A CN 201710992676 A CN201710992676 A CN 201710992676A CN 107707485 A CN107707485 A CN 107707485A
Authority
CN
China
Prior art keywords
address
tuple
storage unit
stop
messages
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710992676.7A
Other languages
Chinese (zh)
Inventor
王子彤
姜凯
聂林川
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jinan Inspur Hi Tech Investment and Development Co Ltd
Original Assignee
Jinan Inspur Hi Tech Investment and Development Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jinan Inspur Hi Tech Investment and Development Co Ltd filed Critical Jinan Inspur Hi Tech Investment and Development Co Ltd
Priority to CN201710992676.7A priority Critical patent/CN107707485A/en
Publication of CN107707485A publication Critical patent/CN107707485A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/20Traffic policing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers

Abstract

The present invention provides a kind of range type IP message strategy matching circuits and method, is related to network data processing field, the circuit includes five-tuple resolution unit, ALU, index storage unit, function transformation unit, Policy storage unit.By setting index storage unit and Policy storage unit, can be achieved to the policy store of the IP messages of " scope start-stop " form with quickly accurately matching.While ensureing to match accuracy, memory space can be effectively saved, surplus is reserved for other logics.Relative to special chip, system resource occupancy can be reduced, improves applicability and the flexibility of match circuit.

Description

A kind of range type IP message strategy matching circuits and method
Technical field
The present invention relates to network data processing field, more particularly to a kind of range type IP message strategy matching circuits and side Method.
Background technology
In network transmission process, network access device is used for controlling network traffics and ensures network data transmission quality. Route is key element most basic in data communication network, is path of the message from source to destination.According to the mesh for receiving message One suitable path of address choice, then according to strategy by message or by message carry out certain operation or forwarding, such as transmit To next router or carry out certain encryption and decryption operation.
In IP matched routings, the strategy matching of IP messages is carried out usually using special CAM chips etc..But such a mode is fitted Policy stores and matching for a large amount of rules, under specific demand, when a certain custom-built system only needs IP specific to certain class When message is matched, resource redundancy will be caused with wasting using special chip.At present for the processing of particular type IP messages, It can not typically take and accomplish most preferably with storage in speed.
The content of the invention
In order to solve the above technical problems, the present invention proposes a kind of range type IP messages strategy matching circuit, to save Memory space, surplus is reserved for other logics.
The technical solution adopted in the present invention is:
A kind of range type IP messages strategy matching circuit, including five-tuple resolution unit, ALU, index storage are single Member, function transformation unit, Policy storage unit;
The five-tuple resolution unit, the IP message strategies that are issued for parsing host computer, according to source IP address, purpose IP Whether a certain item in the five-tuples such as location, protocol number, source port, destination interface or several are 0, the different flag bit of set, and The source IP therein represented in the form of " scope start-stop " or purpose IP are sent into the ALU;Simultaneously for parsing net The five-tuple of the IP messages transmitted on network, according to the difference of flag bit, by part five-tuple element zero setting and it is sent into the function Conversion module;
The ALU, for calculating the intermediate value of every 8 of the source IP represented in the form of " scope start-stop " or purpose IP, And result is sent into the index storage unit;
The index storage unit, by the source IP that is represented in the strategy that host computer issues in the form of " scope start-stop " or purpose IP Start-stop address is storage initial address, and the output intermediate value of the ALU is stored;
The function transformation unit, for using certain functional transformation, by the intermediate value and the five-tuple member handled by zero setting Element is mapped to a new parameter, as current strategies or the address of the Policy storage unit of current IP messages;
" scope start-stop " representation, refer to listing the tactful five-tuple start numbers of this and terminate numerical value, the two it Between in signified scope any value all should meet current strategies;
The Policy storage unit, for being stored to the IP message strategies issued;
A kind of range type IP messages strategy matching method, including:
1)Host computer sends and includes source IP address, and purpose IP address, protocol number, source port, destination interface is five-tuple, and accordingly The strategy of Message processing mode represents to match circuit, wherein source IP address or purpose IP address in the form of " scope start-stop ", five Other of tuple can represent in the form of " scope start-stop ", ' 0 ' can also represent that the five-tuple item can use arbitrary value, according to plan The position of slightly middle five-tuple ' 0 ', the different flag bit of set;
2)ALU to " scope start-stop " type IP address 64 ask median operation, and will try to achieve low 16 of intermediate value Index storage unit 1 is stored in, 32 to 16 deposit index storage units 2 of intermediate value will be tried to achieve, 48 to 32 of intermediate value will be tried to achieve Index storage unit 3 is stored in, 64 to 48 deposit index storage units 4 of intermediate value will be tried to achieve, storage address is by " scope start-stop " The initial range of type IP address to stop scope;
3)Using the intermediate value that this is tried to achieve as input, functional transformation module is together sent into remaining five-tuple parameter, obtains this model The access unit address of type strategy is enclosed, the Message processing mode is stored in;
4)When IP messages reach on network, according to the set situation of flag bit, the parameter in corresponding five-tuple is become 0;With Source IP address or purpose IP address are address, read the index value in index storage unit 1,2,3,4 respectively, this index value is joined Number is together sent into functional transformation module with remaining five-tuple parameter, obtains the memory unit address that the IP messages may match In, if not empty, then processing mode is taken out, represent that the match is successful;Otherwise represent not matching tactful corresponding to the IP messages.
Compared with prior art, the beneficial effects of the invention are as follows:
By setting index storage unit and Policy storage unit, can be achieved to deposit the strategy of " scope " and " all " type IP messages Storage is with quickly accurately matching.While ensureing to match accuracy, memory space can be effectively saved, is reserved for other logics remaining Amount.Relative to special chip, system resource occupancy can be reduced, improves applicability and the flexibility of match circuit.
Brief description of the drawings
Fig. 1 is the circuit diagram of the present invention.
Embodiment
More detailed elaboration is carried out to present disclosure below:
As shown in Figure 1, circuit of the present invention includes five-tuple resolution unit, ALU, index storage unit, function change Change unit, Policy storage unit;
Five-tuple resolution unit, the IP message strategies issued for parsing host computer, according to source IP address, purpose IP address, association Whether view number, a certain item in the five-tuple such as source port, destination interface or several are 0, the different flag bit of set, and will wherein The source IP represented in the form of " scope start-stop " or purpose IP be sent into the ALU;Simultaneously for parsing network upload The five-tuple of defeated IP messages, according to the difference of flag bit, by part five-tuple element zero setting and it is sent into the functional transformation mould Block;
ALU, for calculating the intermediate value of every 8 of the source IP represented in the form of " scope start-stop " or purpose IP, and will As a result it is sent into the index storage unit;
Index storage unit, by the source IP represented in the strategy that host computer issues in the form of " scope start-stop " or purpose IP start-stop Address is storage initial address, and the output intermediate value of the ALU is stored;According to preferred for this invention, can pass through Memory cell depth is improved, to increase processing of the match circuit to Conflict Strategies;
The function transformation unit, for using certain functional transformation, by the intermediate value and the five-tuple member handled by zero setting Element is mapped to a new parameter, as current strategies or the address of the Policy storage unit of current IP messages;
The Policy storage unit, for being stored to the IP message strategies issued;
1)Host computer sends and includes source IP address, and purpose IP address, protocol number, source port, destination interface is five-tuple, and accordingly The strategy of Message processing mode represents to match circuit, wherein source IP address or purpose IP address in the form of " scope start-stop ", five Other item parts of tuple all in the form of full 0 represent " own ", according to the position of full 0 data, the different mark of set Will position;
2)ALU to " scope start-stop " type IP address 64 ask median operation, and will try to achieve low 16 of intermediate value Index storage unit 1 is stored in, 32 to 16 deposit index storage units 2 of intermediate value will be tried to achieve, 48 to 32 of intermediate value will be tried to achieve Index storage unit 3 is stored in, 64 to 48 deposit index storage units 4 of intermediate value will be tried to achieve, storage address is by " scope start-stop " The initial range of type IP address to stop scope;
3)Using the intermediate value that this is tried to achieve as input, functional transformation module is together sent into remaining five-tuple parameter, obtains this model The access unit address of type strategy is enclosed, the Message processing mode is stored in;
4)When IP messages reach on network, according to the set situation of flag bit, the parameter in corresponding five-tuple is become 0;With Source IP address or purpose IP address are address, read the index value in index storage unit 1,2,3,4 respectively, this index value is joined Number is together sent into functional transformation module with remaining five-tuple parameter, obtains the memory unit address that the IP messages may match In, if not empty, then processing mode is taken out, represent that the match is successful;Otherwise represent not matching tactful corresponding to the IP messages.

Claims (3)

  1. A kind of 1. range type IP messages strategy matching circuit, it is characterised in that
    Mainly include five-tuple resolution unit, ALU, index storage unit, function transformation unit, policy store list Member;By setting index storage unit and Policy storage unit, can be achieved to deposit the strategy of the IP messages of " scope start-stop " form Storage is with quickly accurately matching;Wherein
    Five-tuple resolution unit, the IP message strategies issued for parsing host computer, according to source IP address, purpose IP address, association View number, a certain item in source port, destination interface or whether be 0 more than one, the different flag bit of set, and by it is therein with The source IP or purpose IP that " scope start-stop " form represents are sent into the ALU;Simultaneously for parsing transmission over networks The five-tuple of IP messages, according to the difference of flag bit, by part five-tuple element zero setting and it is sent into the functional transformation module;
    ALU, for calculating the intermediate value of every 8 of the source IP represented in the form of " scope start-stop " or purpose IP, and will As a result it is sent into the index storage unit;
    Index storage unit, by the source IP represented in the strategy that host computer issues in the form of " scope start-stop " or purpose IP start-stop Address is storage initial address, and the output intermediate value of the ALU is stored;
    Function transformation unit, for using certain functional transformation, the intermediate value and the five-tuple element by zero setting processing are reflected A new parameter is penetrated into, as current strategies or the address of the Policy storage unit of current IP messages;
    Policy storage unit, for being stored to the IP message strategies issued.
  2. 2. circuit according to claim 1, it is characterised in that
    " scope start-stop " representation, refer to listing five-tuple start numbers and terminate numerical value, it is signified therebetween In the range of any value all should meet current strategies.
  3. A kind of 3. range type IP messages strategy matching method, it is characterised in that
    Comprise the following steps:
    1)Host computer sends and includes source IP address, and purpose IP address, protocol number, source port, destination interface is five-tuple, and accordingly The strategy of Message processing mode represents to match circuit, wherein source IP address or purpose IP address in the form of " scope start-stop ", five Other of tuple are represented in the form of " scope start-stop ", or represent that the five-tuple item can use arbitrary value with ' 0 ', according in strategy five The position of tuple ' 0 ', the different flag bit of set;
    2)ALU to " scope start-stop " type IP address 64 ask median operation, and will try to achieve low 16 of intermediate value Index storage unit 1 is stored in, 32 to 16 deposit index storage units 2 of intermediate value will be tried to achieve, 48 to 32 of intermediate value will be tried to achieve Index storage unit 3 is stored in, 64 to 48 deposit index storage units 4 of intermediate value will be tried to achieve, storage address is by " scope start-stop " The initial range of type IP address to stop scope;
    3)Using the intermediate value that this is tried to achieve as input, functional transformation module is together sent into remaining five-tuple parameter, obtains this model The access unit address of type strategy is enclosed, the Message processing mode is stored in;
    4)When IP messages reach on network, according to the set situation of flag bit, the parameter in corresponding five-tuple is become 0;With Source IP address or purpose IP address are address, read the index value in index storage unit 1,2,3,4 respectively, this index value is joined Number is together sent into functional transformation module with remaining five-tuple parameter, obtains the memory unit address that the IP messages may match In, if not empty, then processing mode is taken out, represent that the match is successful;Otherwise represent not matching tactful corresponding to the IP messages.
CN201710992676.7A 2017-10-23 2017-10-23 A kind of range type IP message strategy matching circuits and method Pending CN107707485A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710992676.7A CN107707485A (en) 2017-10-23 2017-10-23 A kind of range type IP message strategy matching circuits and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710992676.7A CN107707485A (en) 2017-10-23 2017-10-23 A kind of range type IP message strategy matching circuits and method

Publications (1)

Publication Number Publication Date
CN107707485A true CN107707485A (en) 2018-02-16

Family

ID=61182120

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710992676.7A Pending CN107707485A (en) 2017-10-23 2017-10-23 A kind of range type IP message strategy matching circuits and method

Country Status (1)

Country Link
CN (1) CN107707485A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108449445A (en) * 2018-04-13 2018-08-24 济南浪潮高新科技投资发展有限公司 A kind of range type message match circuit and method
CN108650181A (en) * 2018-04-20 2018-10-12 济南浪潮高新科技投资发展有限公司 A kind of IP packet strategy matching circuit and method

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120134360A1 (en) * 2010-11-30 2012-05-31 Cheng-Wei Du Device and method for processing network packet
CN104184732A (en) * 2014-08-25 2014-12-03 浪潮集团有限公司 Hardware implementation method for matching IP address with IP range strategy
CN104579970A (en) * 2013-10-29 2015-04-29 国家计算机网络与信息安全管理中心 Strategy matching method and device of IPv6 message
CN105939284A (en) * 2016-01-08 2016-09-14 杭州迪普科技有限公司 Message control strategy matching method and device
CN106878185A (en) * 2017-04-13 2017-06-20 济南浪潮高新科技投资发展有限公司 A kind of message IP address match circuit and method
CN106936719A (en) * 2017-05-17 2017-07-07 济南浪潮高新科技投资发展有限公司 A kind of IP messages strategy matching method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120134360A1 (en) * 2010-11-30 2012-05-31 Cheng-Wei Du Device and method for processing network packet
CN104579970A (en) * 2013-10-29 2015-04-29 国家计算机网络与信息安全管理中心 Strategy matching method and device of IPv6 message
CN104184732A (en) * 2014-08-25 2014-12-03 浪潮集团有限公司 Hardware implementation method for matching IP address with IP range strategy
CN105939284A (en) * 2016-01-08 2016-09-14 杭州迪普科技有限公司 Message control strategy matching method and device
CN106878185A (en) * 2017-04-13 2017-06-20 济南浪潮高新科技投资发展有限公司 A kind of message IP address match circuit and method
CN106936719A (en) * 2017-05-17 2017-07-07 济南浪潮高新科技投资发展有限公司 A kind of IP messages strategy matching method

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108449445A (en) * 2018-04-13 2018-08-24 济南浪潮高新科技投资发展有限公司 A kind of range type message match circuit and method
CN108650181A (en) * 2018-04-20 2018-10-12 济南浪潮高新科技投资发展有限公司 A kind of IP packet strategy matching circuit and method

Similar Documents

Publication Publication Date Title
CN104468401B (en) A kind of message processing method and device
CN108243106A (en) Control method, forwarding unit, control device and the communication system of network slice
CN106603550B (en) A kind of Network Isolation method and device
CN101789949B (en) Method and router equipment for realizing load sharing
CN108768866A (en) Across the card retransmission method of multicast message, device, the network equipment and readable storage medium storing program for executing
CN109361606A (en) A kind of message handling system and the network equipment
CN112272145B (en) Message processing method, device, equipment and machine readable storage medium
CN108270690A (en) The method and apparatus for controlling message flow
WO2021128927A1 (en) Message processing method and apparatus, storage medium, and electronic apparatus
CN102075438A (en) Unicast data frame transmission method and device
CN106357542B (en) The method and software defined network controller of multicast service are provided
CN104184663A (en) Communication method and device based on software-defined network and integrated identification network
CN110351286A (en) Link flood attack detects response mechanism in a kind of software defined network
CN108965134B (en) Message forwarding method and device
CN107566237A (en) A kind of data message processing method and device
CN109510785A (en) A kind of method and apparatus of mirror image message
CN104683428A (en) Network service processing method and device
CN107547346A (en) A kind of message transmitting method and device
CN107707485A (en) A kind of range type IP message strategy matching circuits and method
CN103346950B (en) Between a kind of rack wireless controller customer service plate, method and device are shared in load equally
CN108600106B (en) A kind of DEU data exchange unit and method of low time delay
CN109495477A (en) A kind of authentication method, equipment and system
CN113783789A (en) Message speed limiting method and device
CN103795705B (en) For the network and node of the time lock of the data packet of exchanging safety
CN111740922A (en) Data transmission method, device, electronic equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20180216