CN108540348A - To the analysis process system and processing method of a variety of Virtual Private Network flows - Google Patents

To the analysis process system and processing method of a variety of Virtual Private Network flows Download PDF

Info

Publication number
CN108540348A
CN108540348A CN201810323970.3A CN201810323970A CN108540348A CN 108540348 A CN108540348 A CN 108540348A CN 201810323970 A CN201810323970 A CN 201810323970A CN 108540348 A CN108540348 A CN 108540348A
Authority
CN
China
Prior art keywords
vpn
processing
flow
virtual private
private network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810323970.3A
Other languages
Chinese (zh)
Other versions
CN108540348B (en
Inventor
邹昕
张家琦
贾有春
武欣
韩志前
李高超
颜靖华
何清林
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Sinovatio Technology LLC
National Computer Network and Information Security Management Center
Original Assignee
Nanjing Sinovatio Technology LLC
National Computer Network and Information Security Management Center
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Sinovatio Technology LLC, National Computer Network and Information Security Management Center filed Critical Nanjing Sinovatio Technology LLC
Priority to CN201810323970.3A priority Critical patent/CN108540348B/en
Publication of CN108540348A publication Critical patent/CN108540348A/en
Application granted granted Critical
Publication of CN108540348B publication Critical patent/CN108540348B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/02Capturing of monitoring data
    • H04L43/028Capturing of monitoring data by filtering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/02Capturing of monitoring data
    • H04L43/026Capturing of monitoring data using flow identification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/50Routing or path finding of packets in data switching networks using label swapping, e.g. multi-protocol label switch [MPLS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention discloses a kind of analysis process system and processing method to a variety of Virtual Private Network flows, it is responsible for Virtual Private Network Technology Integration by first device, shield the difference of various VPN technologies, simultaneously to the discovery roughly of VPN flows and fine statistics, original VPN flows are transmitted to secondary server after two layer message encapsulates or three-tier message encapsulates as needed;Secondary server generates mapping table entry according to VPN user informations, hexa-atomic group of rule table clause acts on level-one collecting device;Afterbody equipment cooperates the analyzing processing realized to Virtual Private Network flow with secondary server.

Description

To the analysis process system and processing method of a variety of Virtual Private Network flows
Technical field
The present invention relates to IP data network datas to acquire field, especially a kind of to handle Virtual Private Network flow analysis System.
Present invention simultaneously relates to Virtual Private Network flow analysis processing methods.
Background technology
Common Virtual Private Network technology has mpls, vlan, frame relay.Due to different in Virtual Private Network VPN between there are identical subnet traffics, so processing one of the level-one collecting device to all kinds of Virtual Private Network flow differences Straight not good method.
Therefore need a kind of new technical solution to solve the above problems.
Invention content
It is an object of the invention to:A kind of multi-service flow separate system based on SDN frameworks is provided.
Present invention simultaneously provides the multi-service flow streamed data processing methods based on SDN frameworks.
In order to achieve the above objectives, following technical solution can be used in guide shell device of the present invention:
A kind of analysis process system to a variety of Virtual Private Network flows, between first device and secondary server The analyzing processing of networking traffic, including:
The processing of Virtual Private Network flow enables module, for controlling whether to analyze dedicated network flow, handle;
The pre- discovery module of Virtual Private Network flow has detected whether VPN for not knowing specific VPN features Flow passes through;
Virtual Private Network flow action executing module, there are three types of actions:White list action, redirects blacklist action Action;White list refers to carrying out transparent transmission processing to flow;Blacklist refers to carrying out discard processing to flow;Redirection refers to stream Amount gives the processing of Virtual Private Network flux deepness analysis module;
Virtual Private Network flow modular converter is redirected for the format to data on flows, if first device and two Grade two layers of networking of server redirect format using MacInMac;If the three layers of networking of first device and secondary server, use Vxlan redirects format;
Virtual Private Network flux deepness analysis module, to according to No. VPN progress analyzing processing, life in redirection message It is added to first device at mapping table entry, hexa-atomic group of rule table clause and by arranging proprietary protocol.
Advantageous effect:The present invention provides analysis process system for problems of the prior art, and wherein level-one is set For responsible Virtual Private Network Technology Integration, the difference of various VPN technologies is shielded, while to the discovery roughly of VPN flows and finely Then statistics is acted (white list, blacklist, redirection) processing to Virtual Private Network flow, as needed will be original VPN flows are transmitted to secondary server after two layer message encapsulates or three-tier message encapsulates;Secondary server is according to VPN user Information generates mapping table entry, hexa-atomic group of rule table clause acts on level-one collecting device;First device is defined simultaneously to take with two level It is engaged in the mutual message format of device, VPN information is carried by vlan in mutual message format, greatly facilitates flux deepness analysis mould The analyzing processing of block.
Further, the pre- discovery module of Virtual Private Network flow is closed to find that default VPN and fine VPN maps System, if when flow does not match any accurate VPN correspondences or when fruit does not configure any accurate VPN correspondences Acquire default No. VPN.
Further, six element group representations of VPN flows, hexa-atomic group by No. VPN, protocol number, source IP, destination IP, source port, Destination interface forms, uniquely to indicate some VPN flow.
Further, fine VPN mapping relations are for tracking specific VPN user, configuration VPN and vlan, mpls, dlic Mapping relations, as needed select vlan, mpls, dlic thrin or three combination.
The present invention also provides a kind of analysis and processing methods to a variety of Virtual Private Network flows, and following technology can be used Scheme:
Judge whether to analyze dedicated network flow, handle,
It such as needs to handle, has then detected whether that VPN flows pass through,
Judge whether the operation acted to the action of VPN flows progress white list, blacklist action, redirection;White list is Refer to and transparent transmission processing is carried out to flow;Blacklist refers to carrying out discard processing to flow;Redirection refers to that flow is given virtually specially With network flow depth analysis resume module;
It is used if the two layers of networking of first device and secondary server for the format redirection to data on flows MacInMac redirects format;If the three layers of networking of first device and secondary server, format is redirected using Vxlan;
According to No. VPN progress analyzing processing in redirection message, generates mapping table entry, hexa-atomic group of rule table clause and lead to It crosses agreement proprietary protocol and is added to first device.
Advantageous effect:The present invention provides analysis and processing method for problems of the prior art, and wherein level-one is set For responsible Virtual Private Network Technology Integration, the difference of various VPN technologies is shielded, while to the discovery roughly of VPN flows and finely Then statistics is acted (white list, blacklist, redirection) processing to Virtual Private Network flow, as needed will be original VPN flows are transmitted to secondary server after two layer message encapsulates or three-tier message encapsulates;Secondary server is according to VPN user Information generates mapping table entry, hexa-atomic group of rule table clause acts on level-one collecting device;First device is defined simultaneously to take with two level It is engaged in the mutual message format of device, VPN information is carried by vlan in mutual message format, greatly facilitates flux deepness analysis mould The analyzing processing of block.
Invention also provides the network flow processing methods according to above-mentioned analysis process system, and following technology can be used Scheme includes the following steps:
Step 101, flow enters first device from port;
Step 102, vlan, mpls, frame relay packet parsing are carried out;
Step 103, judge whether VPN flows processing function is opened, carry out step 104 processing if opened, otherwise carry out 105 processing;
Step 104, if it is vlan messages, then No. vlan lookup VPN relation mapping table is extracted;If it is mpls messages, It then extracts label value and searches VPN relation mapping tables;If it is POS frame relay messages, then extracts dlci values and search the passes VPN It is mapping table;
Step 105, transparent transmission processing is carried out to message;
Step 106, judge whether to match VPN relation mapping tables, if matching carries out step 107 processing, otherwise be walked Rapid 108 processing;
Step 107, press table clause in hit VPN relation mapping tables No. VPN is counted;
Step 108, default No. VPN of configuration is pressed to be counted;
Step 109, hexa-atomic group is constructed with agreement, source IP, destination IP, source port, destination interface in No. VPN and original flow Key assignments;
Step 110, search hexa-atomic group of rule list and judge whether to hit, if hit carry out step 111 processing, otherwise into The processing of row step 105;
Step 111, it is handled by hexa-atomic group of rule action, acts, then flow is abandoned if it is blacklist Processing;It is acted if it is white list, then transparent transmission processing is carried out to flow;It is acted if it is redirection, then flow is sent to stream Measure depth analysis resume module;
Step 112, judge whether two laminar flow amount injection way, if it is two laminar flow amount injection way, then carry out step 113 Processing;If it is three laminar flow amount injection way, then step 114 processing is carried out;
Step 113, increase 802.1Q fields carrying VPN information in two floor encapsulation redirection message and be supplied to flux deepness Analysis module is analyzed;
Step 114, VPN information is carried by the heads vxlan in three floor encapsulation redirection message and is supplied to flux deepness Analysis module is analyzed;
Step 115, secondary server generates mapping table entry, six according to No. VPN progress analyzing processing in redirection message Tuple rule table clause is added to first device by arranging proprietary protocol
Description of the drawings
Fig. 1 is the analyzing processing flow chart of a variety of Virtual Private Network flows of the present invention.
Specific implementation mode
Below in conjunction with the accompanying drawings to illustrating.
Embodiment one
Fig. 1 is can refer to, embodiment one provides a kind of analysis process system to a variety of Virtual Private Network flows, is used for one The analyzing processing of networking traffic between grade equipment and secondary server, including:
The processing of Virtual Private Network flow enables module, for controlling whether to analyze dedicated network flow, handle, With assurance function independence, the influence to the other functions of system is reduced.
The pre- discovery module of Virtual Private Network flow has detected whether VPN for not knowing specific VPN features Flow passes through;Some the VPN feature fed back according to Virtual Private Network flux deepness analysis module is finely counted again.Its In, the pre- discovery module of Virtual Private Network flow is to find default VPN and fine VPN mapping relations, if flow does not have Have when matching any accurate VPN correspondences or fruit then acquires default VPN when not configuring any accurate VPN correspondences Number.Fine VPN mapping relations configure No. VPN and the mapping relations of vlan, mpls, dlic, root for tracking specific VPN user It is combined according to selection vlan, mpls, dlic thrin or three is needed.It is with No. VPN 10 configuration vlan 100, mpls 200 Example illustrates, and is handled by VPN 10 for the flow of the vlan flows for being 100 or mpls 200 is unified.
Virtual Private Network flow action executing module, there are three types of actions:White list action, redirects blacklist action Action;White list refers to carrying out transparent transmission processing to flow;Blacklist refers to carrying out discard processing to flow;Redirection refers to stream Amount gives the processing of Virtual Private Network flux deepness analysis module.Six element group representations of VPN flows, hexa-atomic group by No. VPN, agreement Number, source IP, destination IP, source port, destination interface composition, can uniquely indicate some VPN flow.By hexa-atomic group of definition process Action, wherein protocol number, source IP, destination IP, source port, destination interface support mask, it can be achieved that pressing some VPN big customer's flow Or some user carries out different action processing in some VPN big customer.
Virtual Private Network flow modular converter is redirected for the format to data on flows, if first device and two Grade two layers of networking of server redirect format using MacInMac;Such as:
Two layers of redirection format:
DMAC SMAC Vlan Type Original message
Explanation:Vlan fields fill in VPN numbers.
If the three layers of networking of first device and secondary server, format is redirected using Vxlan;Such as:
Three layers of redirection format:
Explanation:Vxlan id fields fill in corresponding No. VPN.
Virtual Private Network flux deepness analysis module, to according to No. VPN progress analyzing processing, life in redirection message It is added to first device at mapping table entry, hexa-atomic group of rule table clause and by arranging proprietary protocol.
Embodiment two
Corresponding above-mentioned analysis process system, can equally provide a kind of analyzing processing to a variety of Virtual Private Network flows The embodiment of method, including:
Judge whether to analyze dedicated network flow, handle,
Such as need to handle, then detected whether that VPN flows pass through, the pre- discovery module of Virtual Private Network flow to It was found that default VPN and fine VPN mapping relations, if when flow does not match any accurate VPN correspondences or fruit does not have Default No. VPN is then acquired when configuring any accurate VPN correspondences.Fine VPN mapping relations are used to track specific VPN user, The mapping relations of No. VPN and vlan, mpls, dlic are configured, select vlan, mpls, dlic thrin or three as needed Person combines.
Judge whether the operation acted to the action of VPN flows progress white list, blacklist action, redirection;White list is Refer to and transparent transmission processing is carried out to flow;Blacklist refers to carrying out discard processing to flow;Redirection refers to that flow is given virtually specially With network flow depth analysis resume module;
It is used if the two layers of networking of first device and secondary server for the format redirection to data on flows MacInMac redirects format;If the three layers of networking of first device and secondary server, format is redirected using Vxlan;
According to No. VPN progress analyzing processing in redirection message, generates mapping table entry, hexa-atomic group of rule table clause and lead to It crosses agreement proprietary protocol and is added to first device.
Embodiment three
Shown in Fig. 1, the present embodiment provides a kind of network flows according to analysis process system described in embodiment one Processing method includes the following steps:
Step 101, flow enters first device from port;
Step 102, vlan, mpls, frame relay packet parsing are carried out;
Step 103, judge whether VPN flows processing function is opened, carry out step 104 processing if opened, otherwise carry out 105 processing;
Step 104, if it is vlan messages, then No. vlan lookup VPN relation mapping table is extracted;If it is mpls messages, It then extracts label value and searches VPN relation mapping tables;If it is POS frame relay messages, then extracts dlci values and search the passes VPN It is mapping table;
Step 105, transparent transmission processing is carried out to message;
Step 106, judge whether to match VPN relation mapping tables, if matching carries out step 107 processing, otherwise be walked Rapid 108 processing;
Step 107, press table clause in hit VPN relation mapping tables No. VPN is counted;
Step 108, default No. VPN of configuration is pressed to be counted;
Step 109, hexa-atomic group is constructed with agreement, source IP, destination IP, source port, destination interface in No. VPN and original flow Key assignments;
Step 110, search hexa-atomic group of rule list and judge whether to hit, if hit carry out step 111 processing, otherwise into The processing of row step 105;
Step 111, it is handled by hexa-atomic group of rule action, acts, then flow is abandoned if it is blacklist Processing;It is acted if it is white list, then transparent transmission processing is carried out to flow;It is acted if it is redirection, then flow is sent to stream Measure depth analysis resume module;
Step 112, judge whether two laminar flow amount injection way, if it is two laminar flow amount injection way, then carry out step 113 Processing;If it is three laminar flow amount injection way, then step 114 processing is carried out;
Step 113, increase 802.1Q fields carrying VPN information in two floor encapsulation redirection message and be supplied to flux deepness Analysis module is analyzed;
Step 114, VPN information is carried by the heads vxlan in three floor encapsulation redirection message and is supplied to flux deepness Analysis module is analyzed;
Step 115, secondary server generates mapping table entry, six according to No. VPN progress analyzing processing in redirection message Tuple rule table clause is added to first device by arranging proprietary protocol.
The present invention proposes that a kind of system-level first device is cooperated with secondary server to " Virtual Private Network stream The analysis and processing method of amount ".All kinds of Virtual Private Network flow differences are shielded, from rough Statistics to fine statistics, then to void Quasi- dedicated network flow is acted (white list, blacklist, redirection) processing.Define first device and secondary server simultaneously Mutual message format, VPN information is carried by vlan in mutual message format, greatly facilitates flux deepness analysis module Analyzing processing.

Claims (8)

1. a kind of analysis process system to a variety of Virtual Private Network flows is used for group between first device and secondary server The analyzing processing of net flow, which is characterized in that including:
The processing of Virtual Private Network flow enables module, for controlling whether to analyze dedicated network flow, handle;
The pre- discovery module of Virtual Private Network flow has detected whether VPN flows for not knowing specific VPN features Pass through;
Virtual Private Network flow action executing module, there are three types of actions:White list action, blacklist action, redirection action; White list refers to carrying out transparent transmission processing to flow;Blacklist refers to carrying out discard processing to flow;Redirection refers to that flow is handed over Give the processing of Virtual Private Network flux deepness analysis module;
Virtual Private Network flow modular converter is redirected for the format to data on flows, if first device and two level clothes Business two layers of networking of device redirect format using MacInMac;If the three layers of networking of first device and secondary server, use Vxlan redirects format;
Virtual Private Network flux deepness analysis module, to be reflected according to No. VPN progress analyzing processing, generation in redirection message Firing table entry, hexa-atomic group of rule table clause are simultaneously added to first device by arranging proprietary protocol.
2. analysis process system according to claim 1, it is characterised in that:The Virtual Private Network flow finds mould in advance Block to find default VPN and fine VPN mapping relations,
When if flow does not match any accurate VPN correspondences or when fruit does not configure any accurate VPN correspondences Then acquire default No. VPN.
3. analysis process system according to claim 1, it is characterised in that:Six element group representations of VPN flows, hexa-atomic group by No. VPN, protocol number, source IP, destination IP, source port, destination interface composition, uniquely to indicate some VPN flow.
4. analysis process system according to claim 2, it is characterised in that:Fine VPN mapping relations are specific for tracking VPN user, configuration VPN and the mapping relations of vlan, mpls, dlic, as needed selection vlan, mpls, dlic three it One or three combination.
5. a kind of analysis and processing method to a variety of Virtual Private Network flows, it is characterised in that:
Judge whether to analyze dedicated network flow, handle,
It such as needs to handle, has then detected whether that VPN flows pass through,
Judge whether the operation acted to the action of VPN flows progress white list, blacklist action, redirection;White list refers to pair Flow carries out transparent transmission processing;Blacklist refers to carrying out discard processing to flow;Redirection refers to giving Virtual Private Network flow The processing of network flux deepness analysis module;
For the format redirection to data on flows, if the two layers of networking of first device and secondary server, using MacInMac Redirect format;If the three layers of networking of first device and secondary server, format is redirected using Vxlan;
According to No. VPN progress analyzing processing in redirection message, generates mapping table entry, hexa-atomic group of rule table clause and pass through about Determine proprietary protocol and is added to first device.
6. analysis and processing method according to claim 5, it is characterised in that:The Virtual Private Network flow finds mould in advance Block to find default VPN and fine VPN mapping relations,
When if flow does not match any accurate VPN correspondences or when fruit does not configure any accurate VPN correspondences Then acquire default No. VPN.
7. analysis and processing method according to claim 6, it is characterised in that:Fine VPN mapping relations are specific for tracking VPN user, configuration VPN and the mapping relations of vlan, mpls, dlic, as needed selection vlan, mpls, dlic three it One or three combination.
8. a kind of network flow processing method of analysis process system according to claim 1, which is characterized in that including following Step:
Step 101, flow enters first device from port;
Step 102, vlan, mpls, frame relay packet parsing are carried out;
Step 103, judge whether VPN flows processing function is opened, carry out step 104 processing if opened, otherwise carry out at 105 Reason;
Step 104, if it is vlan messages, then No. vlan lookup VPN relation mapping table is extracted;If it is mpls messages, then carry Label value is taken to search VPN relation mapping tables;If it is POS frame relay messages, then extracts dlci values lookup VPN relationships and reflect Firing table;
Step 105, transparent transmission processing is carried out to message;
Step 106, judge whether to match VPN relation mapping tables, if matching carries out step 107 processing, otherwise carry out step 108 Processing;
Step 107, press table clause in hit VPN relation mapping tables No. VPN is counted;
Step 108, default No. VPN of configuration is pressed to be counted;
Step 109, hexa-atomic group of key is constructed with agreement, source IP, destination IP, source port, destination interface in No. VPN and original flow Value;
Step 110, it searches hexa-atomic group of rule list and judges whether to hit, if hit carries out step 111 processing, otherwise walked Rapid 105 processing;
Step 111, it is handled by hexa-atomic group of rule action, is acted if it is blacklist, then discard processing is carried out to flow; It is acted if it is white list, then transparent transmission processing is carried out to flow;It is acted if it is redirection, then flow is sent to flux deepness Analysis module processing;
Step 112, judge whether two laminar flow amount injection way, if it is two laminar flow amount injection way, then carry out step 113 place Reason;If it is three laminar flow amount injection way, then step 114 processing is carried out;
Step 113, increasing 802.1Q fields carrying VPN information in two floor encapsulation redirection message is supplied to flux deepness to analyze Module analysis;
Step 114, carrying VPN information by the heads vxlan in three floor encapsulation redirection message is supplied to flux deepness to analyze Module analysis;
Step 115, secondary server according in redirection message No. VPN progress analyzing processing, generate mapping table entry, hexa-atomic group Regular table clause is added to first device by arranging proprietary protocol.
CN201810323970.3A 2018-04-12 2018-04-12 To the analysis process system and processing method of a variety of Virtual Private Network flows Active CN108540348B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810323970.3A CN108540348B (en) 2018-04-12 2018-04-12 To the analysis process system and processing method of a variety of Virtual Private Network flows

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810323970.3A CN108540348B (en) 2018-04-12 2018-04-12 To the analysis process system and processing method of a variety of Virtual Private Network flows

Publications (2)

Publication Number Publication Date
CN108540348A true CN108540348A (en) 2018-09-14
CN108540348B CN108540348B (en) 2019-06-14

Family

ID=63480893

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810323970.3A Active CN108540348B (en) 2018-04-12 2018-04-12 To the analysis process system and processing method of a variety of Virtual Private Network flows

Country Status (1)

Country Link
CN (1) CN108540348B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102281156A (en) * 2011-08-03 2011-12-14 中国人民解放军91655部队 Emergency control method and system thereof for hierarchical network management system
US20130322453A1 (en) * 2012-06-04 2013-12-05 David Ian Allan Routing vlan tagged packets to far end addresses of virtual forwarding instances using separate administrations
CN104426763A (en) * 2013-08-21 2015-03-18 中兴通讯股份有限公司 Channel switching method and apparatus, and switch
CN104579810A (en) * 2013-10-23 2015-04-29 中兴通讯股份有限公司 Flow sampling method and system for software-defined network
CN107026791A (en) * 2016-01-29 2017-08-08 华为技术有限公司 VPN vpn service optimization method and equipment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102281156A (en) * 2011-08-03 2011-12-14 中国人民解放军91655部队 Emergency control method and system thereof for hierarchical network management system
US20130322453A1 (en) * 2012-06-04 2013-12-05 David Ian Allan Routing vlan tagged packets to far end addresses of virtual forwarding instances using separate administrations
CN104426763A (en) * 2013-08-21 2015-03-18 中兴通讯股份有限公司 Channel switching method and apparatus, and switch
CN104579810A (en) * 2013-10-23 2015-04-29 中兴通讯股份有限公司 Flow sampling method and system for software-defined network
CN107026791A (en) * 2016-01-29 2017-08-08 华为技术有限公司 VPN vpn service optimization method and equipment

Also Published As

Publication number Publication date
CN108540348B (en) 2019-06-14

Similar Documents

Publication Publication Date Title
CN104468384B (en) A kind of system and method for realizing multi-priority services
CN106961445B (en) Packet parsing device based on FPGA hardware parallel pipeline
CN104320304B (en) A kind of core network user flow application recognition methods of the multimode fusion easily extended
CN102315974B (en) Stratification characteristic analysis-based method and apparatus thereof for on-line identification for TCP, UDP flows
US9407450B2 (en) Method and apparatus for providing tenant information for network flows
US9100268B2 (en) Application-aware MPLS tunnel selection
US20030112808A1 (en) Automatic configuration of IP tunnels
CN103532672B (en) The out of order processing method of fragment message and application in a kind of SDN
US20170155592A1 (en) Packet Processing Method, Device and Computer Storage Medium
CN107078957A (en) The link of network service function in communication network
CN108270699B (en) Message processing method, shunt switch and aggregation network
WO2020228398A1 (en) Message detection method, device and system
WO2012106869A1 (en) Message processing method and related device thereof
CN105099921B (en) A kind of fastext processing method and device based on user
EP3905597B1 (en) Data stream classification method and message forwarding device
CN104917628B (en) A kind of ethernet router/interchanger packet loss automatic fault diagnosis method
CN112437009B (en) SRv6 method, router, routing system and storage medium for end-to-end flow policy
CN107078928A (en) Packet is sampled to measure network performance
CN104243237A (en) P2P flow detection method and device
CN103888307B (en) For optimizing method, user side board and the broad access network gate of deep-packet detection
CN106470143A (en) A kind of method and apparatus of MPLS VPN traffic filtering
CN107769992A (en) A kind of packet parsing shunt method and device
EP2897328B1 (en) Method, system and apparatus for establishing communication link
CN109873767A (en) Incorporate network virtualization method based on the forwarding of agreement unaware
CN102377645B (en) Exchange chip and realization method thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant