CN108322390B - Router and traffic management method - Google Patents

Router and traffic management method Download PDF

Info

Publication number
CN108322390B
CN108322390B CN201710367614.7A CN201710367614A CN108322390B CN 108322390 B CN108322390 B CN 108322390B CN 201710367614 A CN201710367614 A CN 201710367614A CN 108322390 B CN108322390 B CN 108322390B
Authority
CN
China
Prior art keywords
packet
processor
application
router
storage device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201710367614.7A
Other languages
Chinese (zh)
Other versions
CN108322390A (en
Inventor
许礼峰
黎光明
张政邦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Synology Inc
Original Assignee
Synology Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Synology Inc filed Critical Synology Inc
Priority to CN202110189888.8A priority Critical patent/CN112910914A/en
Priority to US15/787,954 priority patent/US10819632B2/en
Priority to EP17201972.1A priority patent/EP3352419A1/en
Publication of CN108322390A publication Critical patent/CN108322390A/en
Priority to US17/035,025 priority patent/US11706137B2/en
Application granted granted Critical
Publication of CN108322390B publication Critical patent/CN108322390B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/38Flow based routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/60Router architectures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/20Traffic policing

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A router and a traffic management method are provided. The router has a communication device, a first controller, a storage device, and a second controller. The communication device receives a plurality of first packets associated with a connection and at least one second packet following the first packets. The first controller parses the first packets to determine a plurality of transmission layer parameters of the connection. The storage device stores the plurality of transport layer parameters. The second controller performs traffic management on the second packet according to at least part of the transport layer parameters stored in the storage device.

Description

Router and traffic management method
Technical Field
The present application relates generally to a flow control/monitoring technique for a router, and more particularly to a router architecture with dual controllers.
Background
In the planning of network installation, the network is generally divided into a wan and a lan in consideration of the utilization efficiency and data transmission efficiency of the network, and the router plays an important role in bridging the wan and the lan, and mainly provides routing and forwarding functions to determine a transmission path through which a packet passes from a source end to a destination end, which is called routing. Through the routing and forwarding functions provided by the router, data transmission between devices can be smoothly completed by any device in a wide area network or a local area network.
With the rapid development of network applications, the demand for controlling and managing data transmission is increasing, and thus many routers provide a flow control/monitoring function in addition to routing and forwarding functions, however, the flow control/monitoring requires a complex analysis for each packet to achieve precise control and monitoring.
As shown in fig. 1, an OSI (Open System Interconnection Reference Model, hereinafter referred to as OSI) network architecture is divided into 7 layers, and each layer processes packets differently to achieve specific functions or requirements. In addition, fig. 1 also shows a packet transmission process, and in order to make data transmitted smoothly on the network, each packet must pass through one layer and another layer of encapsulation to send the data to the correct destination. Assuming that an application needs to transmit data, the sender adds some information of Transmission Protocol (e.g., Transmission Control Protocol (TCP), User Datagram Protocol (UDP), or Internet Control Message Protocol (ICMP)) to the Transport layer (Transport layer) to ensure that the packet can be transmitted to the appropriate destination application. Then, in the process of Network layer (Network layer), information of the Network Protocol address (Internet Protocol, IP) of the source end and the Network Protocol address of the destination end is added to ensure that the packet can be transmitted to the correct destination. Finally, the Physical layer converts the packet into a transmission format of a Physical network (e.g., Ethernet) to ensure that data can be transmitted in various Physical media.
Similarly, as shown in fig. 2, when a router receives an incoming packet, it must perform a layer-by-layer parsing to know the information of the packet. For flow control/monitoring, if it is required to know which network protocol address the packet is from, at least the network protocol address in the header is analyzed, and the router can determine where the packet is transmitted from by analyzing the network protocol address, thereby achieving the purpose of flow control/monitoring. In addition, during the processing of the Application layer, the router can also analyze the protocol (e.g., Telnet) used by the Application layer to know that the packet belongs to the Application program (e.g., Bulletin Board System (BBS)) of the Telnet.
However, in order to realize flow control/monitoring, the above layer-by-layer analysis must be performed on each packet to know which application it belongs to, which network protocol address it comes from, etc., which inevitably burdens the central processing unit in the router, and further affects the transmission performance of the router. Therefore, there is a need for a traffic management method and a router using the same, which can effectively reduce the load of the central processing unit in the router and improve the transmission performance of the router.
Disclosure of Invention
The application provides a router and a flow management method implemented by a system architecture of double controllers, wherein a sub-controller shares a flow control or flow monitoring task of a main controller (which can be understood as a central processing unit in the prior art), which not only can greatly improve the flow processed in unit time, but also can effectively reduce the burden of the main controller, so that the main controller can have more resources to process other network services.
An embodiment of the present application provides a router including a communication device, a first controller, a storage device, and a second controller. The communication device is configured to receive a plurality of first packets associated with a connection and a second packet following the first packet. The first controller is configured to parse the first packet to determine a plurality of transport layer parameters of the connection. The storage device is used for storing the transmission layer parameters. The second controller is configured to perform traffic management on the second packet according to at least a portion of the transport layer parameters stored in the storage device.
Another embodiment of the present application provides a traffic management method, which is applied to a router including a first controller and a second controller. The flow management method comprises the following steps: receiving a plurality of first packets associated to a line and a second packet following the first packet; parsing, by the first controller, the first packet to determine a plurality of transport layer parameters for the connection; storing, by a storage device, the transport layer parameters; and performing, by the second controller, traffic management on the second packet according to at least a portion of the transport layer parameters stored in the storage device.
With regard to other additional features and advantages of the present disclosure, those skilled in the art will appreciate that many modifications and variations can be made in the router and traffic management method disclosed in the present disclosure without departing from the spirit and scope of the present disclosure.
Drawings
Fig. 1 is a schematic diagram showing an OSI network architecture;
FIG. 2 is a diagram illustrating 7 protocol layer parsing operations involved in the transmission and reception of packets;
FIG. 3 is a diagram of a network environment architecture according to an embodiment of the present application;
fig. 4 is a schematic diagram of a system architecture of a router 10 according to an embodiment of the present application;
FIG. 5 is a flow chart of a traffic management method according to an embodiment of the present application;
FIG. 6 is a schematic diagram illustrating operation of a flow control according to an embodiment of the present application;
FIG. 7 is a schematic diagram illustrating operation of flow monitoring according to an embodiment of the present application.
[ notation ] to show
100 network environment
10 Router
20 wide area network
21-23 network communication device
30 area network
31-33 user device
11 communication device
12 Main controller
13 storage device
14 network subsystem
14-1 sub-controller
14-2 storage device
610 network subsystem module
611 network subsystem database
620 network subsystem driving module
621 enhanced connection management module
630 network stacking module
631 connecting line record database
640 resident program module
Step numbers of S510 to S530
Step numbers 6a to 6d, 7a to 7g
Detailed Description
While the best mode for carrying out the present application has been described in this section for the purpose of illustrating the spirit of the present application and not for the purpose of limiting the scope of the present application, it should be understood that the terms "comprises", "comprising", "includes" and/or the like, when used in this specification, are taken to specify the presence of stated features, values, method steps, operations, elements, and/or components, but do not preclude the presence or addition of further features, values, method steps, operations, elements, components, and/or groups thereof.
Fig. 3 is a diagram of a network environment architecture according to an embodiment of the present application. The Network environment 100 includes a router 10, a Wide Area Network (WAN) 20, and a Local Area Network (LAN) 30, wherein the router 10 is disposed between the WAN 20 and the LAN 30.
The wan 20 may be a network, such as a telecommunications network, an Optical fiber (Optical) network, or an Asymmetric Digital Subscriber Line (ADSL) network, and may be referred to as an extranet or a public network, which spans a large physical range, typically from tens of kilometers to thousands of kilometers, and may connect a plurality of regions, cities, or countries through the internet to form an international remote network.
The wide area network 20 may connect a plurality of network communication devices 21-23, each of the network communication devices 21-23 may be a notebook computer, a desktop computer, a workstation, a server, a smart phone, or a tablet computer. For example, any of the network communication devices 21-23 may be a server providing services/applications, such as: e-mail receiving and sending service, mobile push service, web page service, short message receiving and sending service, etc.
The regional network 30 may be a network composed of ethernet, Wireless Fidelity (WiFi) network, Twisted Pair (Twisted Pair) network, or Coaxial cable (Coaxial cable) network, and may be referred to as an intranet, which generally covers a local area, such as: an office, or a floor within a building.
The local area network 30 may include a plurality of user devices 31-33, each of the user devices 31-33 may be a notebook computer, a desktop computer, a smart phone, a tablet computer, a workstation, or a server, etc. with a networking function.
The router 10 is mainly responsible for bridging the wan 20 and the lan 30, and specifically, the router 10 provides routing and forwarding functions to realize data transmission between the network communication devices 21-23 and the user devices 31-33. In addition, router 10 also provides traffic management functions, such as: flow control and/or flow monitoring is performed for data transmissions that are routed and forwarded.
In one embodiment, the flow control may be performed for packets meeting specific conditions, such as: the packet of the network protocol address of a specific source end is limited in speed or intercepted.
In one embodiment, the traffic monitoring may be performed by recording and counting information for packets meeting specific conditions, such as: the total transmission capacity of a specific application is counted, including the total number of packets and/or the total number of bytes (bytes) of the packets. For example, the user may query the data obtained from traffic monitoring for the total traffic volume of a particular application, a particular website, or a particular device.
Fig. 4 is a schematic diagram of a system architecture of a router 10 according to an embodiment of the present application. The router 10 includes a communication device 11, a main controller 12, a storage device 13, and a Network Subsystem (NSS) 14.
The communication device 11 is used to provide connection to the WAN 20 (including the network communication devices 21-23 on the WAN 20) and the LAN 30 (including the user devices 31-33 on the LAN 30). The communication device 11 may provide wired or wireless network connections according to at least one specific communication technology, such as: ethernet technology, wireless fidelity technology, Global System for Mobile communications (GSM) technology, General Packet Radio Service (GPRS) technology, Enhanced Data for Global Evolution (EDGE) technology, Wideband Code Division Multiple Access (WCDMA) technology, Code Division Multiple Access-2000 (Code Division Multiple Access 2000, CDMA-2000) technology, Time Division Synchronous Code Division Multiple Access (Time Division Multiple Access, TD-SCDMA) technology, Worldwide Interoperability for Microwave Access (WiMAX) technology, Long Term Evolution (Long Term Evolution) technology, or LTE-Evolution (LTE-LTE) technology.
In one embodiment, the communication device 11 may include an Ethernet interface card to provide the connection function of a wired network. In another embodiment, the communication device 11 may include a wireless transceiver, and specifically, the wireless transceiver may include baseband (baseband) devices, Radio Frequency (RF) devices, and antennas, the baseband devices being configured to perform baseband signal processing including analog to digital conversion (ADC)/digital to analog conversion (DAC), gain (gain) adjustment, modulation and demodulation, and encoding/decoding; the radio frequency device is used for receiving radio frequency wireless signals and converting the radio frequency wireless signals into baseband frequency signals to be further processed by the baseband frequency device, or receiving the baseband frequency signals from the baseband frequency device and converting the baseband frequency signals into radio frequency wireless signals to be transmitted through the antenna. The radio frequency used therein may be 2.4 gigahertz, 3.6 gigahertz, 4.9 gigahertz, or 5 gigahertz as used by the wireless fidelity technique, or depending on the communication technique used.
The main controller 12 may be a general purpose Processor, a Central Processing Unit (CPU), a Microprocessor (MCU), an Application Processor (AP), a Digital Signal Processor (DSP), or the like, and may include various circuit logics for providing data Processing and operation functions, controlling the operation of the communication device 11 to provide network connection, reading or storing data and/or program codes from the storage device 13, and controlling the operation of the network subsystem 14 to accelerate the Processing of the packet (i.e., to transfer the Processing task of the packet to the network subsystem 14). In addition, the host controller 12 includes other circuit logic to provide routing, forwarding, flow control, and/or flow monitoring functions for packets.
In particular, the main controller 12 is used for coordinating and controlling the operations of the communication device 11, the storage device 13, and the network subsystem 14 to execute the traffic management method of the present application. In one embodiment, the host controller 12 can also read program codes from the storage device 13 to execute an operating system and application programs, wherein the operating system can include various resident programs (daemons), such as: network Traffic Management (NTM) resident programs.
The storage device 13 is a non-transitory computer-readable storage medium that stores transport layer parameters and application layer parameters obtained from parsing a packet, and computer-readable instructions or code (including application program, operating system, and/or protocol code).
In one embodiment, the Memory device 13 may be a Double Data Rate Synchronous Dynamic Random Access Memory (DDR SDRAM), which has a Double Data Rate characteristic, i.e., the Data transmission speed is twice the system clock, so the transmission performance is better than that of the conventional ram. In another embodiment, the storage device 13 may be a flash memory, a cache memory, or other type of memory, or other storage medium.
The network subsystem 14, which may also be referred to as a hardware acceleration engine, provides flow control, and/or flow monitoring functions in place of the master controller 12. The network subsystem 14 includes a sub-controller 14-1 and a storage device 14-2, wherein the sub-controller 14-1 may be a microprocessor, an application processor, a digital signal processor, or the like, which may include various circuit logic for providing data processing and operation functions, controlling the operation of the communication device 11 to provide network connections, reading or storing data and/or program codes from the storage device 14-2, and performing packet processing tasks (including packet routing, forwarding, flow control, and/or flow monitoring). It should be appreciated that the components described above with respect to network subsystem 14 are merely exemplary, and that in other embodiments more or fewer components may be included. In addition, any hardware acceleration engine that can accelerate packet processing and thus reduce the burden on the host controller 12 can be used as an example of the network subsystem described herein.
Those skilled in the art will appreciate that the circuit logic within the master controller 12 and the slave controller 14-1 may generally include a plurality of transistors for controlling the operation of the circuit logic to provide the desired functionality and operation. Furthermore, the specific structure of the transistors and the connection relationship between the transistors are usually determined by a compiler, such as: a Register Transfer Language (RTL) compiler may be operated by a processor to compile a script of instruction files (scripts) like combinatorial Language code into a form suitable for designing or manufacturing the circuit logic.
The storage device 14-2 is a non-transitory computer readable storage medium for storing flow control rules and computer readable instructions or code (including protocol code).
In one embodiment, the Memory device 14-2 may be a compact-Coupled Memory (TCM) that provides data caching capabilities to enhance the performance of the sub-controller 14-1 compared to conventional Memory architectures that have high speed access and low power consumption. In another embodiment, the memory device 14-2 may be a flash memory, cache memory, or other type of memory or other storage medium.
It should be understood that the components shown in fig. 4 are only used to provide an illustrative example and are not intended to limit the scope of the present application. For example, router 10 may also include: a Display screen (e.g., a Liquid Crystal Display (LCD), a light emitting diode Display (LCD), an Electronic Paper Display (EPD), etc.), and/or an input/output device (e.g., one or more buttons, a keyboard, a mouse, a touch pad, a video lens, a microphone, or a speaker), etc.
Fig. 5 is a flowchart of a traffic management method according to an embodiment of the present application. In this embodiment, the traffic management method is applicable to a router with a dual controller architecture, for example: a router 10.
First, the router 10 receives a plurality of first packets associated with a connection and a second packet following the first packets (step S510), and then the main controller 12 of the router 10 parses the first packets to determine a plurality of transmission layer parameters of the connection (step S520).
In one or more embodiments, the term "a connection" may refer to a state in which two devices exchange information over a network. A network may generally refer herein to various means of communication or communication standards. When two devices (e.g., the user device 32 and the network communication device 22) can exchange information, which represents that a connection is established or is being established, the information exchange can be performed through one packet. In some embodiments, the "connection" may also refer to the exchange of information between an application (e.g., a browser) run by a local device (e.g., the user device 32) and a network service (e.g., a social networking site) provided by a server device of an external network, and the exchange of information is also performed via packets. One or more embodiments of the present application provide a technique for utilizing the network subsystem 14 of the router 10 to perform flow control and/or flow monitoring for certain types of "wires", which, in addition to speeding up packet transmission, can reduce the load on the host controller 12.
Specifically, the main controller 12 may obtain the transport layer parameters when analyzing to the layer 4 of the OSI network architecture, or the transport layer parameters may further include parameters of the layers 1 to 3 of the OSI network architecture, that is, parameters obtained when the main controller 12 performs the analysis operations of the layers 1 to 3 of the OSI network architecture. For example, the transport layer parameters may include at least one of: network protocol addresses of the source and destination, port (port) information of the source and destination, protocols of the source and destination (e.g., transmission control protocol, user datagram protocol, or network control information protocol), total number of packets, and total number of packet bytes.
Next, the storage device 13 stores the transport layer parameters analyzed by the host controller 12 (step S530). Thereafter, the sub-controller 14-1 of the router 10 performs traffic management on the second packet according to at least part of the transport layer parameters stored in the storage device 13 (step S540), and the process ends.
In an embodiment, the at least part of the transport layer parameters may include: the network protocol addresses of the source terminal and the destination terminal, and the port information of the source terminal and the destination terminal. The master controller 12 identifies the network protocol addresses of the source and destination nodes and the port information of the source and destination nodes, and the storage device 13 stores the network protocol addresses of the source and destination nodes and the port information of the source and destination nodes, then the sub-controller 14-1 can perform some traffic management for the connection, for example: traffic monitoring may be performed for the connection. That is, in these embodiments, the secondary controller 14-1 may directly count the network traffic associated with a particular network protocol address and port without using application layer information.
In another embodiment, the host controller 12 may further obtain a plurality of application layer parameters of the connection when parsing the first packet, where the application layer parameters at least include at least one of the following: rule Tag (Rule Tag), and Application (APP) identifier. Specifically, the host controller 12 may obtain the application layer parameters when parsing to layer 7 of the OSI network architecture, and the host controller 12 may convert at least part of the transport layer parameters and at least part of the application layer parameters into rules required by the slave controller 14-1 to perform traffic management. For example, the rule may be to monitor the traffic of a HyperText Transfer Protocol (HTTP), so after a connection is established, the main controller 12 may identify the application layer parameters and the transport layer parameters associated with the connection, and after determining that the connection is a HyperText Transfer Protocol and parsing out the network Protocol address, the sub-controller 14-1 may perform traffic management on the subsequent packets of the connection, for example: subsequent packets are subjected to flow control, flow monitoring, and/or packet forwarding procedures independent of the host controller 12. The term "independent from the host controller 12" means that the host controller 12 does not parse information of the subsequent packet and does not perform traffic management on the subsequent packet.
It should be appreciated that in one or more embodiments of the present application, the above-described traffic management is performed substantially independently of the master controller 12. That is, the above-described traffic management is performed without substantially increasing or hardly increasing the burden on the main controller 12, mainly by the sub-controller 14-1 performing most of the operations of the traffic management, such as: flow control, flow monitoring and updating to the storage device 13. Later, if the traffic monitoring is needed, the total transmission capacity of a specific application program, a website, or a device can be obtained only by directly querying the statistical data in the storage device 13.
To further understand how the present application can control and monitor network traffic for a particular connection without intervention of the host controller 12, the following embodiments will describe the transmission path of packets in detail.
Fig. 6 is a schematic diagram illustrating the operation of flow control according to an embodiment of the present application. In this embodiment, a system architecture relating to flow control operations includes: a network subsystem module 610, a network subsystem driver (driver) module 620, a network stack module 630, and a resident program module 640, wherein each module may be a software module constructed by program code, and loaded and executed by a controller (e.g., the main controller 12 or the sub-controller 14-1) to implement the traffic management method of the present application in the traffic control operation. Specifically, the network subsystem driver module 620, the network stack module 630, and the resident program module 640 are executed by the primary controller 12, and the network subsystem module 610 is executed by the secondary controller 14-1.
In addition, from the execution side of the operating system, the network subsystem module 610, the network subsystem driver 620, and the network stack module 630 are located in the kernel space (kernel space) of the operating system, and the resident program module 640 is located in the user space (user space) of the operating system.
The network subsystem module 610 also includes a network subsystem database 611 for storing the rules required by the network subsystem module 610 in performing flow control, for example, the network subsystem database 611 may be stored in the storage device 14-2 in fig. 4.
The network subsystem driver module 620 further includes an Enhanced Connection Manager (ECM) module 621, configured to determine whether to accelerate the processing of the packet by the network subsystem module 610, so that the subsequent packet of the Connection can be directly processed by the network subsystem module 610, and the purpose of controlling the flow can also be achieved.
The network stacking module 630 further includes a Connection record (CT) database 631 for storing the transport layer parameters and the application layer parameters obtained from the parsed packets, for example, the CT database 631 may be stored in the storage device 13 of fig. 4.
As shown in fig. 6, the first n packets of a connection (e.g., the first packet in the embodiment of fig. 5) are sent from the network subsystem module 610 to the network subsystem driver module 620 according to the standard path (indicated by the thin solid line) and then to the network stack module 630, where the packets are subjected to layer-by-layer OSI network architecture parsing, including layer 1-4 OSI network architecture parsing, to obtain the transport layer parameters. The transport layer parameters may include at least one of: the network protocol address of the source end and the destination end, the port information of the source end and the destination end, the protocol of the source end and the destination end, the total number of packets and the total number of bytes of the packets. At this time, the transmission layer parameters are stored in the link log database 631 (step 6 a).
The Packet is then sent to the resident program module 640, and a resident program NTM obtains application layer parameters by using a number of DPI engines (Deep Packet Inspection engines). The DPI engine can be, for example, but not limited to, some commercially available programs (e.g., PACE and NBAR) or open function libraries (e.g., nDPI, open DPI, L7-filter, Libprotoident), etc. It should be understood that The program modules are not intended to limit The specific application of The present application, and for example, related connection parameters can be obtained by machine Learning, and The technical details of The machine Learning application can be referred to Zhanyi Wang, The Applications of Deep Learning on Traffic Identification. For better understanding, the implementation details will be illustrated below by two open function libraries (open source library) of ndip and TC (Traffic Control, which is a software module of the Linux kernel).
In one embodiment, the resident NTM calls the two open function libraries of npi and TC to obtain the application layer parameters, and then converts the application layer parameters and stores them in the connection record database 631 (step 6b) when the header encapsulation process of the packet is sent to the network stack module 630. For example, the application layer parameters may be processed in the resident program module 640, converted into specific formats, and stored in specific fields in the link record database 631, such as: when an application uses the hypertext transfer protocol, the converted application layer parameters, such as: the application id may be 0x1 (or other predetermined value, such as 0x56, as long as the value is predetermined to correspond to the hypertext transfer protocol in the application); alternatively, when an application uses a File Transfer Protocol (FTP), the converted application id may be 0x 5; still alternatively, when a Secure SHell (SSH) is used by an application, the converted application id may be 0x 15. Briefly, each protocol type used by the application layer corresponds to a specific application id, and the format of the application layer parameters is converted and then stored in the connection record database 631 (e.g., stored in the format of network protocol address, port information, total transmission amount, application id (0x 1)). Then, when the lower layer modules (e.g., the network subsystem driver module 620 and the network subsystem module 610) update the traffic information corresponding to the specific transport layer parameter to the connection record database 631, the connection record database 631 stores the total traffic of the hypertext transport protocol (application id ═ 0x1) at the specific network protocol address and the specific port (which can be used for traffic monitoring, and the detailed description can refer to fig. 7).
The resident program NTM has the capability of performing application layer parsing to identify packets of different application programs, and can also control and manage different functions of different application details. For example, the transmission rate of the Skype file can be selectively adjusted.
The DPI is an open and extensible Deep Packet Inspection (DPI) library, which mainly provides a packet filtering function to check whether the packet conforms to a standard protocol, whether the packet is a virus, spam, or intrusion, or to check the packet for statistical data (i.e., traffic monitoring); the TC is a Traffic Control (TC) function library, which mainly configures a packet scheduler to perform various flow Control operations, including: packet prioritization, traffic policing, bandwidth limiting, and qos control.
In one embodiment, the openfunction library npi can determine which application the packet belongs to within 10 packets, i.e., n is expected to be less than or equal to 10.
The application layer parameters include at least one of: a rule tag, and an application identification code. Wherein, the application program identification code is used for indicating the packet belongs to which application program; the rule tag is used to indicate whether the packet is determined to belong to a connection (e.g., some applications with larger traffic are better suited to take the acceleration path to reduce the burden of the host controller 12), if so, it indicates that the acceleration processing on the packet can be performed by the network subsystem module 610, and the resident program NTM in the resident program module 640 sets the rule tag of the packet (and the subsequent packets of the connection) to "True" (default value is "False").
It is noted that in addition to storing transport layer parameters and at least some application layer parameters, the connection log database 631 may also store flow control rules for controlling flow (e.g., rate limiting) for a specific application, a specific website, or a specific device. In one embodiment, the flow control rule may be based on a Quality of Service (QoS) parameter (e.g., QoS identifier). The qos parameters may be used to inform the network subsystem driver 620 of the qos settings for a particular connection, where different qos parameters may correspond to different transmission rates. More specifically, when a user wants to set a speed limit for a specific application, the setting of the speed limit can be converted into a qos parameter. For example, when an application program (e.g., an application using the hypertext transfer protocol) desiring to limit the speed passes through the resident program NTM, the resident program NTM queries the speed limit setting of the user (e.g., whether to limit the speed for a specific source/destination network protocol address or a specific application program), and analyzes whether the speed is required for the connection, if the speed is required to limit the speed, the application identification code and the service quality parameter are stored in the connection record database 631, and if the speed is not required, only the application identification code is stored in the connection record database 631.
In one example, the qos parameter may indicate information such as "guaranteed transmission rate at any time", "average transmission rate", or "maximum delay time". The qos parameters are stored in the link record database 631 to indicate the qos that a certain link should have.
Returning to fig. 6, continuing to step 6b, after the header of the packet is encapsulated, the network stacking module 630 sends the packet to the network subsystem driver module 620, and the connection-enhanced management module 621 determines whether the value of the rule tag of the packet is true. In one embodiment, the value of the rule tag is set to true when the resident program module 640 obtains an application layer parameter (e.g., application ID) of the connection. If the rule tag is true, the enhanced connection management module 621 may query the connection record database 631 for the transport layer parameters and the flow control rules of the packet (step 6c), and then store the queried transport layer parameters and flow control rules in the network subsystem database 611 (step 6 d).
Thereafter, the network subsystem module 610 performs routing and forwarding operations on the packets according to general procedures, and directly performs flow control (path indicated by thick solid line) on the subsequent packets of the connection according to the transport layer parameters and flow control rules in the network subsystem database 611, without sending the packets up to the network subsystem driver module 620, the network stack module 630, and the resident program module 640 for processing.
In other words, when the value of the rule tag is true, the enhanced connection management module 621 is triggered to write the transport layer parameters and the flow control rule required for flow control into the network subsystem database 611, so as to trigger the network subsystem module 610 to perform flow control on the subsequent packet.
In one embodiment, the network subsystem module 610 may perform traffic monitoring on the packets at the same time as performing traffic control on the subsequent packets, and periodically update the data (e.g., the total number of packets and/or the total number of bytes of packets) obtained from the traffic monitoring into the connection record database 631.
In some embodiments, if there is no flow control rule (e.g., qos parameter) associated with a connection in the connection record database 631, the network subsystem module 610 may only perform flow monitoring on subsequent packets (e.g., the second packet in step 530) of the connection because there is no speed limit rule applicable.
FIG. 7 is a schematic diagram illustrating operation of flow monitoring according to an embodiment of the present application. In this embodiment, the system architecture related to the flow monitoring operation is the same as that shown in fig. 6, and steps 7 a-7 b in the operation flow are also the same as steps 6 a-6 b in fig. 6, but the following steps are described in detail below. The detailed description of steps 7 a-7 b can refer to the embodiment of fig. 6, and therefore will not be repeated herein.
Continuing to step 7b, after the network stacking module 630 completes the header encapsulation of the packet, it sends the packet to the network subsystem driver module 620, and the enhanced connection management module 621 determines whether the value of the rule tag of the packet is true, if so, it queries the updated connection record database 631 from the connection record database 631 to obtain the transmission layer parameters (step 7c), and then updates the parameters to the network subsystem database 611 (step 7d), and the network subsystem module 610 processes the subsequent packet.
Then, the network subsystem module 610 performs traffic monitoring on the connection, and periodically updates the traffic information to the connection record database 631 via the enhanced connection module 621 (step 7e) (step 7 f). In one embodiment, the traffic information recorded in the connection record database 631 may be in the format of network protocol address; port information; a quality of service parameter; the total transmission amount; application id ], wherein the network subsystem module 610 updates the network protocol address, port information, and total traffic recorded in the connection record database 631 according to the traffic monitoring result. In this way, the network subsystem module 610 does not need to identify the parameter information (e.g., the application id) of the application layer, and the master controller 12 does not need to parse the parameter information of the application layer, so that the network subsystem module 610 can perform traffic monitoring.
In particular, the network subsystem module 610 may perform traffic monitoring on subsequent packets according to the transport layer parameters (e.g., the network protocol address and/or port of the source/destination) in the network subsystem database 611, such as: the total number of packets and/or the total number of bytes of packets of the specific connection are periodically counted, and the monitored traffic information is reported to the enhanced connection management module 621 (step 7e), and is updated to the connection record database 631 after being sorted by the enhanced connection management module 621 (step 7 f).
Then, when the user wants to query the traffic information, the resident program NTM in the resident program module 640 directly reads the traffic data from the connection record database 631 (step 7g), specifically, the resident program NTM will compare the device to be queried (according to the network protocol address) or the application (according to the application identification code) to find out the corresponding traffic information, so as to achieve the purpose of traffic monitoring, without the need of the main controller 12 to analyze the application layer information of the subsequent packet, or without the need of the sub-controller 14-1 to identify and interpret the application layer information in the connection record database 631.
As shown in fig. 7, only the first n packets of the connection will take the normal path (the path marked by the thin solid line), and the subsequent packets will take the accelerated path (the path marked by the thick solid line), so that the network subsystem module 610 can directly monitor the flow of the subsequent packets of the connection without sending the packets up to the network subsystem driver module 620, the network stack module 630, and the resident program module 640 for processing.
According to the embodiments of fig. 6 to 7, it can be understood that the traffic management method of the present application provides a significant improvement to the overall performance of the router, and particularly, in the present application, by integrating the multi-layer architecture and synchronizing the information of each connection on each layer, only the first n (n is less than or equal to 10) packets of the connection will take the standard path to be processed by the main controller for flow control and/or flow monitoring, and the subsequent packets of the connection will take the accelerated path to be processed by the network subsystem directly. Therefore, the resources of the main controller are effectively saved, and the transmission efficiency of the router is greatly improved.
While various embodiments have been described above, it will be understood by those skilled in the art that they have been presented by way of example only, and not limitation, and various changes and modifications can be made without departing from the spirit and scope of the invention. Therefore, the above embodiments are not intended to limit the scope of the present application, which is defined by the appended claims.
The use of the terms first, second, etc. in the claims is used to modify a claim element and is not intended to distinguish one element from another element by priority, precedence, or chronological order of execution of the method steps.

Claims (14)

1. A router, comprising:
a communication device for receiving a plurality of first packets associated with a connection and a second packet following the first packet;
a first processor for parsing the first packet to determine a plurality of transmission layer parameters and a plurality of application layer parameters of the connection, wherein the application layer parameters at least include a rule tag, and the rule tag is used for indicating whether the first packet is determined to belong to the application program of the connection;
a first storage device for storing the transport layer parameter and the application layer parameter; and
a hardware acceleration engine comprising a second processor and a second storage device;
wherein after the rule tag in the application layer parameter is set to "true", the first processor fetches the transport layer parameter from the first storage device and stores the transport layer parameter in the second storage device, so that the second processor performs application layer traffic monitoring on the second packet according to the transport layer parameter stored in the second storage device by the first processor, thereby enabling transfer of a packet's processing task from the first processor to the second processor.
2. The router of claim 1, wherein the first processor does not perform the application layer traffic monitoring.
3. The router of claim 1, wherein the application layer traffic monitoring comprises:
updating, by the second processor, at least a portion of the transport layer parameters stored in the first storage device based on the results of the application layer traffic monitoring.
4. The router of claim 3, wherein the partial transport layer parameters that are updated include at least one of:
a total number of packets associated with the connection; and
a total number of packet bytes associated with the connection.
5. The router of claim 1, wherein the transport layer parameters comprise at least one of:
the network protocol address of the source end and the network protocol address of the destination end;
port information of a source end and port information of a destination end;
the protocol of the source end and the protocol of the destination end;
the total number of packets; and
total number of bytes of packet.
6. The router of claim 1, wherein the application layer parameters further comprise:
an application identification code.
7. The router of claim 6, wherein the first processor sets the rule tag to true after determining the application identifier.
8. The router of claim 1, wherein a procedure to forward the second packet is performed by the second processor after setting the rule tag to true.
9. A traffic management method applied to a router, wherein the router comprises a first processor, a first storage device, and a hardware acceleration engine, wherein the hardware acceleration engine comprises a second processor and a second storage device, the traffic management method comprising:
receiving a plurality of first packets associated to a line and a second packet following the first packet;
parsing, by the first processor, the first packet to determine a plurality of transport layer parameters for the connection;
storing, by the first storage device, the transport layer parameters and a plurality of application layer parameters, where the application layer parameters at least include a rule tag, and the rule tag is used to indicate whether the first packet is determined to belong to the application program of the connection; and
after the rule tag in the application layer parameter is set to "true", the first processor fetches the transport layer parameter from the first storage device and stores the transport layer parameter in the second storage device, so that the second processor performs application layer traffic monitoring on the second packet according to the transport layer parameter stored in the second storage device by the first processor, thereby realizing transfer of a packet processing task from the first processor to the second processor.
10. The traffic management method of claim 9, wherein the first processor does not perform the application layer traffic monitoring.
11. The traffic management method of claim 9, wherein the application layer traffic monitoring comprises:
updating, by the second processor, at least a portion of the transport layer parameters stored in the first storage device based on the results of the application layer traffic monitoring.
12. The traffic management method of claim 11, wherein the transport layer parameters comprise at least one of:
the network protocol address of the source end and the network protocol address of the destination end;
port information of a source end and port information of a destination end;
the protocol of the source end and the protocol of the destination end;
the total number of packets; and
total number of bytes of packet;
wherein the updated partial transport layer parameter includes at least one of the total number of packets and the total number of bytes of packets.
13. The traffic management method according to claim 9, wherein the application layer parameters further comprise:
an application identification code.
14. The traffic management method according to claim 13, further comprising:
setting, by the first processor, the rule tag to true after the application identification code is determined.
CN201710367614.7A 2017-01-18 2017-05-23 Router and traffic management method Expired - Fee Related CN108322390B (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
CN202110189888.8A CN112910914A (en) 2017-01-18 2017-05-23 Router, flow control method and flow monitoring method
US15/787,954 US10819632B2 (en) 2017-01-18 2017-10-19 Routers and methods for traffic management
EP17201972.1A EP3352419A1 (en) 2017-01-18 2017-11-15 Router and method for traffic management
US17/035,025 US11706137B2 (en) 2017-01-18 2020-09-28 Routers and methods for traffic management

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201762447463P 2017-01-18 2017-01-18
US62/447,463 2017-01-18

Related Child Applications (1)

Application Number Title Priority Date Filing Date
CN202110189888.8A Division CN112910914A (en) 2017-01-18 2017-05-23 Router, flow control method and flow monitoring method

Publications (2)

Publication Number Publication Date
CN108322390A CN108322390A (en) 2018-07-24
CN108322390B true CN108322390B (en) 2021-03-09

Family

ID=62892274

Family Applications (2)

Application Number Title Priority Date Filing Date
CN201710367614.7A Expired - Fee Related CN108322390B (en) 2017-01-18 2017-05-23 Router and traffic management method
CN202110189888.8A Withdrawn CN112910914A (en) 2017-01-18 2017-05-23 Router, flow control method and flow monitoring method

Family Applications After (1)

Application Number Title Priority Date Filing Date
CN202110189888.8A Withdrawn CN112910914A (en) 2017-01-18 2017-05-23 Router, flow control method and flow monitoring method

Country Status (1)

Country Link
CN (2) CN108322390B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114584632B (en) * 2022-02-24 2023-05-16 成都北中网芯科技有限公司 Deep packet inspection method and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101036371A (en) * 2004-07-14 2007-09-12 耐特瑞克公司 Apparatus and method for mapping overlapping internet protocol addresses in layer two tunneling protocols
US7426181B1 (en) * 2004-03-26 2008-09-16 Packeteer, Inc. Slow-start adaptive mechanisms to improve efficiency of bandwidth allocation
US9160765B1 (en) * 2013-07-26 2015-10-13 Symantec Corporation Method for securing endpoints from onslaught of network attacks

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7376731B2 (en) * 2002-01-29 2008-05-20 Acme Packet, Inc. System and method for providing statistics gathering within a packet network
US20050147032A1 (en) * 2003-12-22 2005-07-07 Lyon Norman A. Apportionment of traffic management functions between devices in packet-based communication networks
CN101668005B (en) * 2009-09-25 2012-04-25 东南大学 Data transmission accelerating engine method based on multiple access passages of transmitting end
US8593958B2 (en) * 2011-09-14 2013-11-26 Telefonaktiebologet L M Ericsson (Publ) Network-wide flow monitoring in split architecture networks
US20140379915A1 (en) * 2013-06-19 2014-12-25 Cisco Technology, Inc. Cloud based dynamic access control list management architecture
US9148402B2 (en) * 2013-12-06 2015-09-29 Qualcomm Innovation Center, Inc. Systems, methods, and apparatus for full-cone and address restricted cone network address translation using hardware acceleration
CN105282029B (en) * 2014-06-30 2020-02-07 中兴通讯股份有限公司 Outer label coding method, traffic congestion control method and device
JP2016100721A (en) * 2014-11-20 2016-05-30 株式会社日立製作所 Control device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7426181B1 (en) * 2004-03-26 2008-09-16 Packeteer, Inc. Slow-start adaptive mechanisms to improve efficiency of bandwidth allocation
CN101036371A (en) * 2004-07-14 2007-09-12 耐特瑞克公司 Apparatus and method for mapping overlapping internet protocol addresses in layer two tunneling protocols
US9160765B1 (en) * 2013-07-26 2015-10-13 Symantec Corporation Method for securing endpoints from onslaught of network attacks

Also Published As

Publication number Publication date
CN108322390A (en) 2018-07-24
CN112910914A (en) 2021-06-04

Similar Documents

Publication Publication Date Title
US11265218B2 (en) Configuration management method and apparatus, and device
WO2022011862A1 (en) Method and system for communication between o-ran and mec
CN110933146B (en) Data conversion method and device and server
JP5943331B2 (en) Service process control method and network device
CN108353022B (en) Data message processing method, device and system
US11616713B2 (en) Next generation network monitoring architecture
US20100146112A1 (en) Efficient communication techniques
US20230152910A1 (en) Software framework and development platform for wi-fi chipsets
Elmangoush et al. Application-derived communication protocol selection in M2M platforms for smart cities
CN112566164A (en) Communication system and service quality control method
EP2827550A1 (en) Loadable flexible protocol profiles
Azzara et al. The icsi m2m middleware for iot-based intelligent transportation systems
KR20120062174A (en) Apparatus and method for dynamic processing a variety of characteristics packet
CN108322390B (en) Router and traffic management method
US8886913B2 (en) Apparatus and method for identifier management
US20230362053A1 (en) Network configuration sending method and apparatus, storage medium, and electronic device
CN111385131A (en) Configuration method, device, equipment and system of network equipment
US11706137B2 (en) Routers and methods for traffic management
WO2023045403A1 (en) Gateway-based multi-channel route fast forwarding and intelligent routing method
US20180367453A1 (en) Routers and hybrid packet processing methods thereof
US20210051213A1 (en) Network services controller for cloud-based control of connectivity for heterogeneous network infrastructure
Pagliari et al. A modular multi-interface gateway for heterogeneous iot networking
CN108737525A (en) A kind of Web service system based on REST frameworks
US11683269B2 (en) Data flow processing method, electronic device, and storage medium
CN116599871B (en) Network time delay determining method and related device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20210309

CF01 Termination of patent right due to non-payment of annual fee