CN108418765B - Chip implementation method and device for remote traffic monitoring load sharing - Google Patents
Chip implementation method and device for remote traffic monitoring load sharing Download PDFInfo
- Publication number
- CN108418765B CN108418765B CN201810306085.4A CN201810306085A CN108418765B CN 108418765 B CN108418765 B CN 108418765B CN 201810306085 A CN201810306085 A CN 201810306085A CN 108418765 B CN108418765 B CN 108418765B
- Authority
- CN
- China
- Prior art keywords
- message
- header
- load sharing
- monitoring
- layer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/12—Avoiding congestion; Recovering from congestion
- H04L47/125—Avoiding congestion; Recovering from congestion by balancing the load, e.g. traffic engineering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0876—Network utilisation, e.g. volume of load or congestion level
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
Abstract
The invention discloses a chip realization method and a device for remote flow monitoring load sharing, which are applied to NPB equipment, and the method comprises the following steps: after receiving a monitoring message sent by a remote switch, NPB equipment carries out outer layer message header analysis on the monitoring message; when the four-layer header of the outer-layer message header is an ERSPAN header, carrying out inner-layer message header analysis on the monitoring message, judging whether the monitoring message is a VxLAN message, and if so, carrying out load sharing calculation based on data of a data IP header; if not, performing load sharing calculation based on the data of the inner IP header; and carrying out ECMP outlet selection according to the load sharing calculation result, and sending the monitoring message to a corresponding network analysis server. By adopting the chip implementation method and device for remote traffic monitoring load sharing, the ERSPAN monitoring message can be effectively processed, the same session is ensured to be sent to the same network analysis server, and the network traffic can be better monitored.
Description
Technical Field
The invention relates to a method for forwarding a remote monitoring message, in particular to a chip implementation method and a device for remote flow monitoring load sharing applied to NPB (network processor bus) equipment, and belongs to the technical field of network communication.
Background
In a data center, at present, a vxlan (virtual Extensible lan) deployment network is commonly used, NPB (network packet routers) devices for monitoring the network between the network packet routers usually receive a monitoring message in a message format shown in fig. 1 sent by a remote switch, and the message content of the monitoring message includes an outer Mac header and an outer IP header, and the two message headers are used for sending the monitoring message to corresponding NPB devices; then follows with ERSPAN (encapsulation remote port mirror image) header, the message header indicates that the message is a monitoring message; and then, the VxLAN-encapsulated message forwarded in the data center comprises an inner-layer MAC (media access control) header, an inner-layer IP (Internet protocol) header, an inner-layer VxLAN header, an internal data MAC header, a data IP header and a data Payload.
The NPB device needs to send the packet in the packet format to a corresponding analysis server for packet analysis. There may be multiple analysis servers for analyzing messages, and data streams in the network are all bidirectional, and for better network data analysis, it is desirable to send data streams of the same session to the same network analysis server.
Disclosure of Invention
Aiming at the defects of the prior art, the invention mainly aims to: in order to further analyze and process the ERSPAN message received by the NPB equipment and distribute the message to a specific network analysis server so as to achieve a better network data analysis effect, a chip implementation method and a device for remote traffic monitoring load sharing are provided.
In order to achieve the foregoing object, the present invention discloses a chip implementation method for remote traffic monitoring load sharing, which is applied to an NPB device, and the method specifically includes:
after receiving a monitoring message sent by a remote switch, the NPB equipment carries out outer layer message header analysis on the monitoring message;
when the four-layer header of the outer-layer message header is an ERSPAN header, carrying out inner-layer message header analysis on the monitoring message, judging whether the monitoring message is a VxLAN message, and if so, carrying out load sharing calculation based on data of a data IP header; if not, performing load sharing calculation based on the data of the inner IP header;
and carrying out ECMP outlet selection according to the load sharing calculation result, and sending the monitoring message to a corresponding network analysis server.
Preferably, the method further comprises: and when the four-layer header of the outer-layer message header is an ERSPAN header, selecting whether to strip the ERSPAN header according to user configuration.
Preferably, the determining whether the monitoring message is a VxLAN message includes:
judging whether the UDP port of the inner layer message is a VxLAN port or not, if so, indicating that the current message is a VxLAN encapsulated message; and if not, indicating that the current message is not the VxLAN encapsulated message.
Preferably, the performing load sharing calculation based on the data of the data IP header includes: and carrying out symmetrical Hash calculation based on the session according to the IPDA and the IPSA of the data IP header.
Preferably, the performing of the load sharing calculation based on the data of the inner IP header includes: and carrying out symmetrical Hash calculation based on the session according to IPDA and IPSA of the inner IP header.
Preferably, the symmetric Hash calculation further comprises participating in the calculation using a destination port number and a source port number of a four-layer TCP/UDP.
Correspondingly, the invention also provides a chip implementation device for remote traffic monitoring load sharing, which is applied to the NPB equipment, and the device comprises:
the message receiving module is used for receiving the monitoring message sent by the remote switch;
the message analysis module is used for analyzing the monitoring message received by the message receiving module, and comprises the step of analyzing an outer layer message header of the monitoring message; when the four-layer header of the outer-layer message header is an ERSPAN header, the method also comprises the step of carrying out inner-layer message header analysis on the monitoring message;
the load sharing calculation module is used for carrying out load sharing calculation;
and the message forwarding module is used for selecting an ECMP outlet according to the load sharing calculation result and sending the monitoring message to a corresponding network analysis server.
Preferably, when the four-layer header of the outer-layer packet header is an ERSPAN header, the packet parsing module selects whether to strip the ERSPAN header according to user configuration.
Preferably, the message analysis module further comprises a VxLAN message identification sub-module;
the VxLAN message identification submodule is used for judging whether a UDP port of an inner layer message is a VxLAN port or not, if so, the current message is a VxLAN packaged message, and the message analysis module is used for analyzing a data message inside the VxLAN; if not, the current message is not the VxLAN encapsulated message, and the message analysis module analyzes the inner layer message.
Preferably, when the current message is a VxLAN-encapsulated message, the load sharing calculation module performs session-based symmetric Hash calculation according to IPDA and IPSA of the data IP header;
preferably, when the current message is not a VxLAN encapsulated message, the load sharing calculation module performs session-based symmetric Hash calculation according to IPDA and IPSA of the inner IP header.
Compared with the prior art, the invention has the advantages that: the chip implementation method and device for remote traffic monitoring load sharing disclosed by the invention can effectively process the ERSPAN monitoring message, and ensure that the same session is sent to the same network analysis server through symmetrical Hash calculation based on IPDA and IPSA, so as to be beneficial to better monitoring the network traffic.
Drawings
FIG. 1 is a schematic diagram of a remote monitoring message format;
fig. 2 is a flowchart illustrating a processing procedure of an NPB device performing load sharing calculation and ECMP egress selection on a monitoring packet according to an exemplary embodiment of the present invention;
fig. 3 is a schematic structural diagram of a chip implementation apparatus for remote traffic monitoring load sharing according to an exemplary embodiment of the present invention.
Detailed Description
In view of the deficiencies in the prior art, the inventors of the present invention have made extensive studies and extensive practices to provide technical solutions of the present invention. The technical solution, its implementation and principles, etc. will be further explained as follows.
The invention discloses a chip implementation method for remote flow monitoring load sharing, which is applied to NPB equipment and specifically comprises the following steps:
after receiving a monitoring message sent by a remote switch, NPB equipment carries out outer layer message header analysis on the monitoring message;
when the four-layer header of the outer-layer message header is an ERSPAN header, carrying out inner-layer message header analysis on the monitoring message, judging whether the monitoring message is a VxLAN message, and if so, carrying out load sharing calculation based on data of a data IP header; if not, performing load sharing calculation based on the data of the inner IP header;
and carrying out ECMP outlet selection according to the load sharing calculation result, and sending the monitoring message to a corresponding network analysis server.
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Fig. 2 is a flow chart of processing for performing load sharing calculation and ECMP egress selection on a monitoring packet by an NPB device according to an exemplary embodiment of the present invention, and as shown in fig. 2, after the NPB device receives the monitoring packet sent by a remote switch, the processing procedure is as follows:
The processing of the non-ERSPAN message depends on the functional requirements of the current NPB equipment and whether to undertake a part of forwarding function, if the forwarding function is needed, normal two-layer or three-layer forwarding is carried out according to the message format and equipment configuration; if the NPB equipment has processing requirements for detecting messages in other special formats, corresponding message identification and processing are carried out on the current message. The technical scheme of the invention is mainly explained aiming at the application processing of the detection message in the ERSPAN format, and the technical personnel in the field of processing the non-ERSPAN message can carry out corresponding processing according to the actual application condition.
Judging whether the current message is a VxLAN-encapsulated message or not according to the UDP port number of the inner layer message, if so, analyzing the data message inside the VxLAN, namely the original two-layer message, and acquiring IPDA and IPSA in the data IP header to perform session-based symmetrical Hash calculation; otherwise, taking IPDA and IPSA in the inner layer IP header to perform symmetrical Hash calculation based on the session.
The symmetrical Hash calculation method comprises the following steps: and carrying out Hash polynomial calculation on the data (IPDA XOR IPSA) obtained by connecting IPDA/IPSA with twice exclusive OR and (IPDA) XOR (IPSA) together for 64-bit data so as to obtain a Hash value. And the destination port number and the source port number of the four-layer TCP/UDP can also be added to participate in the calculation, and the principle is the same. The purpose of using the symmetric Hash to perform the load sharing calculation is that for a pair of destination address/source address, the Hash value obtained by the position calculation is the same, so that the same session can be guaranteed to obtain the same Hash value. Therefore, when the export selection is carried out, the same session is ensured to be sent to the same network analysis server.
Correspondingly, the embodiment of the present invention further discloses a chip implementation apparatus for remote traffic monitoring load sharing, which is applied to NPB devices, and the structure of the apparatus is shown in fig. 3, and the apparatus includes:
a message receiving module 301, configured to receive a monitoring message sent by a remote switch;
a message parsing module 302, configured to parse the monitoring message received by the message receiving module, including performing outer-layer message header parsing on the monitoring message; when the four-layer header of the outer-layer message header is an ERSPAN header, the method also comprises the step of carrying out inner-layer message header analysis on the monitoring message;
a load sharing calculation module 303, configured to perform load sharing calculation based on the IP data of the inner layer packet;
the message forwarding module 304 performs ECMP export selection according to the load sharing calculation result, and sends the monitoring message to the corresponding network analysis server.
And when the four-layer header of the outer-layer message header is an ERSPAN header, the message analysis module selects whether to strip the ERSPAN header according to user configuration.
Further, the message parsing module further includes a VxLAN message recognition submodule 3021 configured to determine whether a UDP port of the inner layer message is a port of VxLAN, if so, it indicates that the current message is a VxLAN-encapsulated message, the message parsing module parses a data message inside VxLAN, and the load sharing calculation module performs session-based symmetric Hash calculation according to IPDA and IPSA of the data IP header; if not, the current message is not the message encapsulated by the VxLAN, the message analysis module analyzes the inner layer message, and the load sharing calculation module performs session-based symmetrical Hash calculation according to IPDA and IPSA of the inner layer IP header.
By adopting the chip implementation method and device for remote traffic monitoring load sharing, disclosed by the invention, ERSPAN mirror image monitoring messages can be effectively processed, symmetric Hash calculation is carried out through IPDA and IPSA based on internal data messages, the same session is ensured to be sent to the same network analysis server, so that better network traffic monitoring is facilitated, and a better network data analysis effect is achieved.
It should be understood that the above-mentioned embodiments are merely illustrative of the technical concepts and features of the present invention, which are intended to enable those skilled in the art to understand the contents of the present invention and implement the present invention, and therefore, the protection scope of the present invention is not limited thereby. All equivalent changes and modifications made according to the spirit of the present invention should be covered within the protection scope of the present invention.
Claims (6)
1. A chip implementation method for remote traffic monitoring load sharing is applied to NPB equipment, and is characterized in that:
after receiving a monitoring message sent by a remote switch, the NPB equipment carries out outer layer message header analysis on the monitoring message;
when the four-layer header of the outer-layer message header is an ERSPAN header, carrying out inner-layer message header analysis on the monitoring message, judging whether the monitoring message is a VxLAN message, and if so, carrying out load sharing calculation based on data of a data IP header; if not, performing load sharing calculation based on the data of the inner IP header;
carrying out ECMP outlet selection according to the load sharing calculation result, and sending the monitoring message to a corresponding network analysis server;
wherein:
the NPB equipment refers to network data packet transfer equipment, and the ERSPAN header refers to an encapsulated remote port mirror image message header;
the load sharing calculation based on the data of the data IP header comprises the following steps: carrying out symmetrical Hash calculation based on the session according to IPDA and IPSA of the data IP head;
the load sharing calculation based on the data of the inner IP header comprises the following steps: and carrying out symmetrical Hash calculation based on the session according to IPDA and IPSA of the inner IP header.
2. The chip implementation method for remote traffic monitoring load sharing according to claim 1, wherein the method further comprises:
and when the four-layer header of the outer-layer message header is an ERSPAN header, selecting whether to strip the ERSPAN header according to user configuration.
3. The chip implementation method for remote traffic monitoring load sharing according to claim 1, wherein the determining whether the monitoring packet is a VxLAN packet includes:
judging whether the UDP port of the inner layer message is a VxLAN port or not, if so, indicating that the current message is a VxLAN encapsulated message; and if not, indicating that the current message is not the VxLAN encapsulated message.
4. The chip implementation method for remote traffic monitoring load sharing according to claim 1, wherein: the symmetric Hash computation also includes participating in the computation using the destination port number and the source port number of the four-layer TCP/UDP.
5. A chip implementation apparatus for remote traffic monitoring load sharing is applied to NPB equipment, and the apparatus includes:
the message receiving module is used for receiving the monitoring message sent by the remote switch;
the message analysis module is used for analyzing the monitoring message received by the message receiving module, and comprises the step of analyzing an outer layer message header of the monitoring message; when the four-layer header of the outer-layer message header is an ERSPAN header, the method also comprises the step of carrying out inner-layer message header analysis on the monitoring message;
the load sharing calculation module is used for carrying out load sharing calculation;
the message forwarding module is used for carrying out ECMP outlet selection according to the load sharing calculation result and sending the monitoring message to a corresponding network analysis server;
wherein:
the NPB equipment refers to network data packet transfer equipment, and the ERSPAN header refers to an encapsulated remote port mirror image message header;
the message analysis module also comprises a VxLAN message identification submodule;
the VxLAN message identification submodule is used for judging whether a UDP port of an inner layer message is a VxLAN port or not, if so, the current message is a VxLAN encapsulated message, the message analysis module analyzes a data message in the VxLAN, and the load sharing calculation module performs session-based symmetrical Hash calculation according to IPDA and IPSA of a data IP head; if not, the current message is not the message encapsulated by the VxLAN, the message analysis module analyzes the inner layer message, and the load sharing calculation module performs session-based symmetrical Hash calculation according to IPDA and IPSA of the inner layer IP header.
6. The chip implementation device for remote traffic monitoring load sharing according to claim 5, wherein: and when the four-layer header of the outer-layer message header is an ERSPAN header, the message analysis module selects whether to strip the ERSPAN header according to user configuration.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810306085.4A CN108418765B (en) | 2018-04-08 | 2018-04-08 | Chip implementation method and device for remote traffic monitoring load sharing |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810306085.4A CN108418765B (en) | 2018-04-08 | 2018-04-08 | Chip implementation method and device for remote traffic monitoring load sharing |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108418765A CN108418765A (en) | 2018-08-17 |
CN108418765B true CN108418765B (en) | 2021-09-17 |
Family
ID=63134899
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810306085.4A Active CN108418765B (en) | 2018-04-08 | 2018-04-08 | Chip implementation method and device for remote traffic monitoring load sharing |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108418765B (en) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110545213A (en) * | 2019-08-12 | 2019-12-06 | 安徽云探索网络科技有限公司 | Computer network data flow monitoring system and method |
CN111478862B (en) * | 2020-03-09 | 2022-02-22 | 邦彦技术股份有限公司 | Remote data mirroring system and method |
WO2022001287A1 (en) * | 2020-07-03 | 2022-01-06 | 华为技术有限公司 | Message processing method and device |
CN116192730A (en) * | 2021-11-26 | 2023-05-30 | 苏州盛科通信股份有限公司 | Method and system for flexibly generating hash value for network load sharing application |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104410541A (en) * | 2014-11-18 | 2015-03-11 | 盛科网络(苏州)有限公司 | Method and device for counting VXLAN inner layer virtual machine flux on intermediate switch |
CN105591834A (en) * | 2015-07-10 | 2016-05-18 | 杭州华三通信技术有限公司 | Traffic monitoring method and device in VXLAN |
CN106982180A (en) * | 2016-12-30 | 2017-07-25 | 中国银联股份有限公司 | Network flow monitoring method, switch device and message analysis system |
CN107181662A (en) * | 2017-05-18 | 2017-09-19 | 迈普通信技术股份有限公司 | A kind of method and system of VXLAN tunnel load balancings |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20160065423A1 (en) * | 2014-09-03 | 2016-03-03 | Microsoft Corporation | Collecting and Analyzing Selected Network Traffic |
-
2018
- 2018-04-08 CN CN201810306085.4A patent/CN108418765B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104410541A (en) * | 2014-11-18 | 2015-03-11 | 盛科网络(苏州)有限公司 | Method and device for counting VXLAN inner layer virtual machine flux on intermediate switch |
CN105591834A (en) * | 2015-07-10 | 2016-05-18 | 杭州华三通信技术有限公司 | Traffic monitoring method and device in VXLAN |
CN106982180A (en) * | 2016-12-30 | 2017-07-25 | 中国银联股份有限公司 | Network flow monitoring method, switch device and message analysis system |
CN107181662A (en) * | 2017-05-18 | 2017-09-19 | 迈普通信技术股份有限公司 | A kind of method and system of VXLAN tunnel load balancings |
Also Published As
Publication number | Publication date |
---|---|
CN108418765A (en) | 2018-08-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108418765B (en) | Chip implementation method and device for remote traffic monitoring load sharing | |
US20220078114A1 (en) | Method and Apparatus for Providing Service for Traffic Flow | |
CN109194660B (en) | Network access method and device of mobile terminal | |
CN113709057B (en) | Network congestion notification method, proxy node, network node and computer equipment | |
CN106559325B (en) | Path detection method and device | |
WO2015074324A1 (en) | Data packet express forwarding method and apparatus | |
JP5867942B2 (en) | Method for generating an entry, method for receiving a packet, and corresponding apparatus and system | |
EP2129049A1 (en) | A protecting method and device for ethernet tree service | |
WO2016082588A1 (en) | Link connectivity checking method and apparatus | |
WO2012058988A1 (en) | Method for message forwarding and device for deep packet inspection | |
CN107306215B (en) | Data processing method, system and node | |
WO2016041379A1 (en) | Method and apparatus for implementing nni ping | |
US10862735B2 (en) | Method and apparatus for implementing operation, administration, and maintenance function | |
CN108881948B (en) | Method and system for video inspection network polling monitoring video | |
CN110740289B (en) | System and method for acquiring alarm | |
CN111478880B (en) | Data processing method and device | |
CN110677314B (en) | Network interface testing method, system, electronic device and storage medium | |
CN111431768B (en) | Method for detecting and protecting port self-loop | |
CN110708289B (en) | Service detection method, browser, server, electronic device and storage medium | |
WO2015188706A1 (en) | Data frame processing method, device and system | |
CN109088943B (en) | Blood pressure detection method and device | |
CN106059846B (en) | fault analysis method and device applied to VXLAN | |
CN111478940A (en) | Data processing method and device | |
US20130155839A1 (en) | METHOD OF PROVIDING AN MMoIP COMMUNICATION SERVICE | |
CN109729389B (en) | System and method for analyzing stream data |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information | ||
CB02 | Change of applicant information |
Address after: 215000 unit 13 / 16, 4th floor, building B, No.5 Xinghan street, Suzhou Industrial Park, Jiangsu Province Applicant after: Suzhou Shengke Communication Co.,Ltd. Address before: Unit 13 / 16, floor 4, building B, No. 5, Xinghan street, Suzhou Industrial Park, Suzhou, Jiangsu Province, 215000 Applicant before: CENTEC NETWORKS (SU ZHOU) Co.,Ltd. |
|
GR01 | Patent grant | ||
GR01 | Patent grant |