CN108667741B - Control method and system for industrial network data forwarding - Google Patents
Control method and system for industrial network data forwarding Download PDFInfo
- Publication number
- CN108667741B CN108667741B CN201810385735.9A CN201810385735A CN108667741B CN 108667741 B CN108667741 B CN 108667741B CN 201810385735 A CN201810385735 A CN 201810385735A CN 108667741 B CN108667741 B CN 108667741B
- Authority
- CN
- China
- Prior art keywords
- forwarding
- module
- network data
- industrial
- industrial network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/24—Traffic characterised by specific attributes, e.g. priority or QoS
- H04L47/2425—Traffic characterised by specific attributes, e.g. priority or QoS for supporting services specification, e.g. SLA
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/02—Capturing of monitoring data
- H04L43/028—Capturing of monitoring data by filtering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/10—Active monitoring, e.g. heartbeat, ping or trace-route
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/10—Active monitoring, e.g. heartbeat, ping or trace-route
- H04L43/106—Active monitoring, e.g. heartbeat, ping or trace-route using time related information in packets, e.g. by adding timestamps
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/30—Routing of multiclass traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
- H04L45/745—Address table lookup; Address filtering
- H04L45/7453—Address table lookup; Address filtering using hashing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/29—Flow control; Congestion control using a combination of thresholds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/32—Flow control; Congestion control by discarding or delaying data units, e.g. packets or frames
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- Cardiology (AREA)
- General Health & Medical Sciences (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a control method and a system for industrial network data forwarding, wherein an industrial network data packet is sent to a protocol stack module through a network card I, the protocol stack module forwards the industrial network data packet to an industrial control protocol connection tracking module, and simultaneously copies the industrial network data packet to a DPI module; the DPI module detects the industrial network data packet according to a preset rule, generates a forwarding strategy of the industrial network data packet and sends the forwarding strategy to the forwarding strategy issuing module; the invention relates to a control method and a system for industrial network data forwarding, which are matched with a protocol stack module, an industrial control protocol connection tracking module, a DPI module, a forwarding strategy issuing module and a forwarding control module, realize the flow control of industrial network data forwarding and have the characteristics of high efficiency of data forwarding, less occupied system resources, strong forwarding timeliness and high data safety.
Description
Technical Field
The invention belongs to the field of network information security, and particularly relates to a control method and a control system for industrial network data forwarding.
Background
With the development of modern information technology, industrial networks gradually become open, interconnected and universal, and further higher requirements are put forward on the safety of the industrial networks. Real-time performance, stability and safety of data forwarding in the industrial network must be guaranteed.
Under the condition of the prior art, data forwarding in the industrial network mainly adopts application layer DPI forwarding + bypass forwarding. And receiving a data packet from the kernel space through the application layer DPI module, analyzing the data packet, matching the message with rules maintained by the application layer DPI to judge the security of the message, and when the security of the message is judged, sending the message to the kernel by the application layer DPI module and sending the message to a protocol stack. When the DPI is abnormal or busy, the Bypass function is started, and the industrial network data flow does not pass through the protection equipment any more and is directly transmitted to a downlink.
When the DPI is used for forwarding, an industrial network data packet needs to be transferred from the kernel layer to the application layer, the DPI is analyzed by the application layer, and then the data is transferred from the application layer to the kernel layer to be sent out, so that the data copying between the kernel layer and the application layer is performed twice, and the forwarding efficiency is reduced. When the application layer DPI is busy, the forwarding efficiency will be further reduced, which generally means that the network delay is increased, and it is difficult to meet the real-time requirement of the industrial network. When the application layer DPI module is abnormal, the industrial network traffic will be disconnected, which cannot meet the stability requirement of the industrial network. Further using Bypass to forward, when the application layer DPI processing is not timely or the application layer DPI is abnormal, the Bypass function is started, at the moment, the industrial network flow is not protected safely any more, the data is directly sent to the downlink, and the unsafe data is also directly sent to the downlink, so that the industrial network has potential safety hazards and cannot meet the safety requirement.
Disclosure of Invention
In view of this, the present invention aims to provide a control method and system for industrial network data forwarding, which cooperate with a protocol stack module, an industrial control protocol connection tracking module, a DPI module, a forwarding policy issuing module and a forwarding control module to implement a flow control of industrial network data forwarding, and have the characteristics of high efficiency of data forwarding, less occupied system resources, strong forwarding timeliness and high data security.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
a control method for industrial network data forwarding, comprising:
step 1: the industrial network data packet is sent to the protocol stack module through the network card I, the protocol stack module forwards the industrial network data packet to the industrial control protocol connection tracking module, and meanwhile, the industrial network data packet is copied to the DPI module;
step 2: the DPI module detects the industrial network data packet sent in the step 1 according to a preset rule, generates a forwarding strategy of the industrial network data packet and sends the forwarding strategy to the forwarding strategy issuing module;
and step 3: the forwarding strategy issuing module caches the forwarding strategy sent by the DPI module and issues the forwarding strategy to the industrial control protocol connection tracking module in the step 1;
and 4, step 4: the industrial control protocol connection tracking module sends the received forwarding strategy, the corresponding connection tracking information and the corresponding industrial network data packet to the forwarding control module;
when the industrial network data packet acquires the corresponding connection tracking information, the timestamp of the connection tracking information needs to be updated. If the connection trace information is not updated in an aging period, the connection trace information is aged, so that the timeliness of the connection trace information is ensured.
And 5: the forwarding control module processes the corresponding industrial network data packet according to the received forwarding strategy; when the forwarding strategy is released, the corresponding industrial network data packet is sent to the protocol stack module and is forwarded to the downlink through the network card II; when the forwarding strategy is DROP, directly discarding the corresponding industrial network data packet; when the forwarding strategy is REJECT, if the corresponding industrial network data packet is a TCP (transmission control protocol), replying the RST packet to the protocol stack module and sending the RST packet back through the network card I; if the corresponding industrial network data packet is a UDP protocol, replying an ICMP UNREACHABLE packet to the protocol stack module and sending back the ICMP UNREACHABLE packet through the first network card;
in step 2, the forwarding policy includes: five-tuple information of an industrial network data packet and a DROP/REJECT strategy;
in step 3, the mechanism for the forwarding policy issuing module to issue the forwarding policy includes: a sending mechanism based on the number of the forwarding strategy entries and the generation time of the forwarding strategy; based on the number of the forwarding strategy entries, namely when the number of the forwarding strategy entries cached by the forwarding strategy issuing module reaches a certain threshold, issuing the forwarding strategies in batches, and reducing the occupation of system resources when users respectively issue the forwarding strategies; generating time based on the forwarding strategy, namely directly issuing all the currently cached forwarding strategies when the forwarding strategies cached by the forwarding strategy issuing module do not reach the item number threshold within certain threshold time so as to ensure the timeliness of issuing the forwarding strategies;
in step 3, the forwarding policy issuing module is a dual-thread design: one thread is responsible for receiving the forwarding strategy from the DPI module, and the other thread monitors the number of the items of the forwarding strategy cached by the forwarding strategy issuing module and the generation time and issues the forwarding strategy.
Further, in step 3, fifty thresholds are set for the issuing mechanism based on the number of forwarding policy entries.
Further, in step 3, the threshold is set to be one second based on the sending mechanism of the forwarding policy generation time.
Further, in step 4, if there is an industrial network data packet without corresponding connection tracking information and forwarding policy, the connection tracking module of the industrial control protocol creates a new connection tracking information for the industrial network data packet, and processes the industrial network data packet according to the release policy by default.
Further, in step 4, the industrial network data packet is quickly searched by using an exclusive or hash algorithm or a jhash algorithm.
The data forwarding efficiency can be effectively and greatly improved by using the XOR hash algorithm or the jhash algorithm.
A control system for industrial network data forwarding comprises a network card I, a network card II, a protocol stack module, a DPI module, a forwarding strategy issuing module, an industrial control protocol connection tracking module and a forwarding control module; the network card I, the network card II, the industrial control protocol connection tracking module and the forwarding control module are respectively connected with the protocol stack module, the protocol stack module is connected with the DPI module, the DPI module is connected with the forwarding strategy issuing module, the forwarding strategy issuing module is connected with the industrial control protocol connection tracking module, and the industrial control protocol connection tracking module is connected with the forwarding control module.
Compared with the prior art, the control method and the control system for industrial network data forwarding have the following advantages:
the invention relates to a control method and a system for industrial network data forwarding, which are matched with a protocol stack module, an industrial control protocol connection tracking module, a DPI module, a forwarding strategy issuing module and a forwarding control module, realize the flow control of industrial network data forwarding and have the characteristics of high efficiency of data forwarding, less occupied system resources, strong forwarding timeliness and high data safety.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate an embodiment of the invention and, together with the description, serve to explain the invention and not to limit the invention.
In the drawings:
fig. 1 is a schematic diagram illustrating a principle of a control method for industrial network data forwarding according to an embodiment of the present invention;
fig. 2 is a schematic diagram illustrating an xor hash algorithm principle of a control method for industrial network data forwarding according to an embodiment of the present invention;
Detailed Description
It should be noted that the embodiments and features of the embodiments may be combined with each other without conflict.
In the description of the present invention, it is to be understood that the terms "center", "longitudinal", "lateral", "up", "down", "front", "back", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", and the like, indicate orientations or positional relationships based on those shown in the drawings, and are used only for convenience in describing the present invention and for simplicity in description, and do not indicate or imply that the referenced devices or elements must have a particular orientation, be constructed and operated in a particular orientation, and thus, are not to be construed as limiting the present invention. Furthermore, the terms "first", "second", etc. are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first," "second," etc. may explicitly or implicitly include one or more of that feature. In the description of the present invention, "a plurality" means two or more unless otherwise specified.
In the description of the present invention, it should be noted that, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meaning of the above terms in the present invention can be understood by those of ordinary skill in the art through specific situations.
The present invention will be described in detail below with reference to the embodiments with reference to the attached drawings.
As shown in fig. 1, a control method for industrial network data forwarding includes:
step 1: the industrial network data packet is sent to the protocol stack module through the network card I, the protocol stack module forwards the industrial network data packet to the industrial control protocol connection tracking module, and meanwhile, the industrial network data packet is copied to the DPI module;
step 2: the DPI module detects the industrial network data packet sent in the step 1 according to a preset rule, generates a forwarding strategy of the industrial network data packet and sends the forwarding strategy to the forwarding strategy issuing module;
and step 3: the forwarding strategy issuing module caches the forwarding strategy sent by the DPI module and issues the forwarding strategy to the industrial control protocol connection tracking module in the step 1;
and 4, step 4: the industrial control protocol connection tracking module sends the received forwarding strategy, the corresponding connection tracking information and the corresponding industrial network data packet to the forwarding control module;
when the industrial network data packet acquires the corresponding connection tracking information, the timestamp of the connection tracking information needs to be updated. If the connection trace information is not updated in an aging period, the connection trace information is aged, so that the timeliness of the connection trace information is ensured.
And 5: the forwarding control module processes the corresponding industrial network data packet according to the received forwarding strategy; when the forwarding strategy is released, the corresponding industrial network data packet is sent to the protocol stack module and is forwarded to the downlink through the network card II; when the forwarding strategy is DROP, directly discarding the corresponding industrial network data packet; when the forwarding strategy is REJECT, if the corresponding industrial network data packet is a TCP (transmission control protocol), replying the RST packet to the protocol stack module and sending the RST packet back through the network card I; if the corresponding industrial network data packet is a UDP protocol, replying an ICMP UNREACHABLE packet to the protocol stack module and sending back the ICMP UNREACHABLE packet through the first network card;
in step 2, the forwarding policy includes: five-tuple information of an industrial network data packet and a DROP/REJECT strategy;
in step 3, the mechanism for the forwarding policy issuing module to issue the forwarding policy includes: a sending mechanism based on the number of the forwarding strategy entries and the generation time of the forwarding strategy; based on the number of the forwarding strategy entries, namely when the number of the forwarding strategy entries cached by the forwarding strategy issuing module reaches a certain threshold, issuing the forwarding strategies in batches, and reducing the occupation of system resources when users respectively issue the forwarding strategies; generating time based on the forwarding strategy, namely directly issuing all the currently cached forwarding strategies when the forwarding strategies cached by the forwarding strategy issuing module do not reach the item number threshold within certain threshold time so as to ensure the timeliness of issuing the forwarding strategies;
in step 3, the forwarding policy issuing module is a dual-thread design: one thread is responsible for receiving the forwarding strategy from the DPI module, and the other thread monitors the number of the items of the forwarding strategy cached by the forwarding strategy issuing module and the generation time and issues the forwarding strategy.
In step 3, fifty thresholds are set based on the number of forwarding policy entries.
In step 3, the threshold is set to be one second based on the transmission mechanism of the forwarding policy generation time.
In step 4, if there is an industrial network data packet without corresponding connection tracking information and forwarding policy, the industrial control protocol connection tracking module will create a new connection tracking information for the industrial network data packet, and process the industrial network data packet according to the release policy by default.
As shown in fig. 2, in the present embodiment, in step 4, an exclusive or hash algorithm is used to perform a fast lookup on an industrial network data packet.
As shown in fig. 2, in the present embodiment, the xor hash algorithm is as follows:
Hash=(1^3^5^7^9^11^13)&(2^4^6^8^10^12)
the algorithm flow is as follows: the quintuple information is symmetrically arranged, then parity cross XOR is carried out, and finally the XOR result is output in a juxtaposed mode, so that the data forwarding efficiency can be effectively and greatly improved by using an XOR hash algorithm.
A control system for industrial network data forwarding comprises a network card I, a network card II, a protocol stack module, a DPI module, a forwarding strategy issuing module, an industrial control protocol connection tracking module and a forwarding control module; the network card I, the network card II, the industrial control protocol connection tracking module and the forwarding control module are respectively connected with the protocol stack module, the protocol stack module is connected with the DPI module, the DPI module is connected with the forwarding strategy issuing module, the forwarding strategy issuing module is connected with the industrial control protocol connection tracking module, and the industrial control protocol connection tracking module is connected with the forwarding control module.
The present invention is not limited to the above preferred embodiments, and any modifications, equivalent substitutions, improvements, etc. within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (6)
1. A control method for industrial network data forwarding, characterized by: the method comprises the following steps:
step 1: an industrial network data packet is sent to a protocol stack module through a network card I, the protocol stack module forwards the industrial network data packet to an industrial control protocol connection tracking module, and the industrial network data packet is copied to a DPI module;
step 2: the DPI module detects the industrial network data packet sent in the step 1 according to a preset rule, generates a forwarding strategy of the industrial network data packet and sends the forwarding strategy to a forwarding strategy issuing module;
and step 3: the forwarding strategy issuing module caches the forwarding strategy sent by the DPI module and issues the forwarding strategy to the industrial control protocol connection tracking module in the step 1;
and 4, step 4: the industrial control protocol connection tracking module sends the received forwarding strategy, the corresponding connection tracking information and the corresponding industrial network data packet to the forwarding control module;
and 5: the forwarding control module processes the corresponding industrial network data packet according to the received forwarding strategy; when the forwarding strategy is released, the corresponding industrial network data packet is sent to the protocol stack module and is forwarded to a downlink through a second network card; when the forwarding strategy is DROP, directly discarding the corresponding industrial network data packet; when the forwarding strategy is REJECT, if the corresponding industrial network data packet is a TCP (transmission control protocol), replying a RST (quick response test) packet to the protocol stack module and sending the RST packet back through the network card I; if the corresponding industrial network data packet is a UDP protocol, replying an ICMP NREACHABLE packet to the protocol stack module and sending back the packet through the first network card;
in step 2, the forwarding policy includes: the industrial network data packet quintuple information and a DROP/REJECT strategy;
in step 3, the mechanism for issuing the forwarding policy by the forwarding policy issuing module includes: a sending mechanism based on the number of the forwarding strategy entries and the generation time of the forwarding strategy; based on the number of the forwarding strategy entries, namely when the number of the forwarding strategy entries cached by the forwarding strategy issuing module reaches a certain threshold value, issuing the forwarding strategies in batches, and reducing the occupation of system resources when users respectively issue the forwarding strategies; generating time based on the forwarding strategy, namely, directly issuing all the currently cached forwarding strategies when the forwarding strategies cached by the forwarding strategy issuing module do not reach the item number threshold within a certain threshold time so as to ensure the timeliness of issuing the forwarding strategies;
in step 3, the forwarding policy issuing module is a dual-thread design: one thread is responsible for receiving the forwarding strategy from the DPI module, and the other thread monitors the number of the items of the forwarding strategy cached by the forwarding strategy issuing module and the generation time and issues the forwarding strategy.
2. The control method for industrial network data forwarding according to claim 1, wherein: in step 3, fifty thresholds are set based on the number of forwarding policy entries.
3. The control method for industrial network data forwarding according to claim 2, wherein: in step 3, the threshold is set to be one second based on the forwarding policy generation time issuing mechanism.
4. A control method for industrial network data forwarding according to claim 3, characterized in that: in step 4, if there is a connection tracking information and forwarding policy corresponding to the industrial network data packet, the connection tracking module of the industrial control protocol creates a new connection tracking information for the industrial network data packet, and processes the industrial network data packet according to the release policy by default.
5. The control method for industrial network data forwarding according to claim 1, wherein: in step 4, the industrial network data packet is quickly searched by using an exclusive or hash algorithm or a jhash algorithm.
6. A control system for an industrial network data forwarding control method according to any one of claims 1 to 5, characterized in that: the system comprises a first network card, a second network card, a protocol stack module, a DPI module, a forwarding strategy issuing module, an industrial control protocol connection tracking module and a forwarding control module; the network card I, the network card II, the industrial control protocol connection tracking module and the forwarding control module are respectively connected with the protocol stack module, the protocol stack module is connected with the DPI module, the DPI module is connected with the forwarding strategy issuing module, the forwarding strategy issuing module is connected with the industrial control protocol connection tracking module, and the industrial control protocol connection tracking module is connected with the forwarding control module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810385735.9A CN108667741B (en) | 2018-04-26 | 2018-04-26 | Control method and system for industrial network data forwarding |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810385735.9A CN108667741B (en) | 2018-04-26 | 2018-04-26 | Control method and system for industrial network data forwarding |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108667741A CN108667741A (en) | 2018-10-16 |
| CN108667741B true CN108667741B (en) | 2021-11-12 |
Family
ID=63781154
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810385735.9A Active CN108667741B (en) | 2018-04-26 | 2018-04-26 | Control method and system for industrial network data forwarding |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108667741B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112019431B (en) * | 2019-05-29 | 2023-04-18 | 阿里巴巴集团控股有限公司 | Method, device and equipment for processing forwarding rule |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104283801A (en) * | 2013-07-04 | 2015-01-14 | 中兴通讯股份有限公司 | Method and system for processing service data |
| CN104639451A (en) * | 2013-11-14 | 2015-05-20 | 中兴通讯股份有限公司 | Data flow distribution method and controller |
| CN104717101A (en) * | 2013-12-13 | 2015-06-17 | 中国电信股份有限公司 | Deep packet inspection method and system |
| CN104753704A (en) * | 2013-12-27 | 2015-07-01 | 中兴通讯股份有限公司 | State migration method in SDN (software defined network) and switch |
| CN105281986A (en) * | 2014-05-28 | 2016-01-27 | 中国移动通信集团公司 | Method, device and system for transmitting data stream |
| CN106375309A (en) * | 2016-08-31 | 2017-02-01 | 北京青石绿网科技有限公司 | DPI data security management method of mobile device |
| CN106911588A (en) * | 2015-12-22 | 2017-06-30 | 中国电信股份有限公司 | Methods, devices and systems for realizing deep-packet detection optimization |
| CN106972985A (en) * | 2017-03-29 | 2017-07-21 | 网宿科技股份有限公司 | Accelerate the method and DPI equipment of the processing of DPI device datas and forwarding |
| CN107078946A (en) * | 2015-09-30 | 2017-08-18 | 华为技术有限公司 | Processing method, the device and system of business stream process strategy |
| US9800508B2 (en) * | 2015-01-09 | 2017-10-24 | Dell Products L.P. | System and method of flow shaping to reduce impact of incast communications |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7996526B2 (en) * | 2009-06-08 | 2011-08-09 | Comcast Cable Communications, Llc | Management of shared access network |
-
2018
- 2018-04-26 CN CN201810385735.9A patent/CN108667741B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104283801A (en) * | 2013-07-04 | 2015-01-14 | 中兴通讯股份有限公司 | Method and system for processing service data |
| CN104639451A (en) * | 2013-11-14 | 2015-05-20 | 中兴通讯股份有限公司 | Data flow distribution method and controller |
| CN104717101A (en) * | 2013-12-13 | 2015-06-17 | 中国电信股份有限公司 | Deep packet inspection method and system |
| CN104753704A (en) * | 2013-12-27 | 2015-07-01 | 中兴通讯股份有限公司 | State migration method in SDN (software defined network) and switch |
| CN105281986A (en) * | 2014-05-28 | 2016-01-27 | 中国移动通信集团公司 | Method, device and system for transmitting data stream |
| US9800508B2 (en) * | 2015-01-09 | 2017-10-24 | Dell Products L.P. | System and method of flow shaping to reduce impact of incast communications |
| CN107078946A (en) * | 2015-09-30 | 2017-08-18 | 华为技术有限公司 | Processing method, the device and system of business stream process strategy |
| CN106911588A (en) * | 2015-12-22 | 2017-06-30 | 中国电信股份有限公司 | Methods, devices and systems for realizing deep-packet detection optimization |
| CN106375309A (en) * | 2016-08-31 | 2017-02-01 | 北京青石绿网科技有限公司 | DPI data security management method of mobile device |
| CN106972985A (en) * | 2017-03-29 | 2017-07-21 | 网宿科技股份有限公司 | Accelerate the method and DPI equipment of the processing of DPI device datas and forwarding |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108667741A (en) | 2018-10-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9819590B2 (en) | Method and apparatus for notifying network abnormality | |
| CN110830422B (en) | Terminal behavior data processing method and equipment | |
| CN101083563B (en) | Method and apparatus for preventing distributed refuse service attack | |
| US9369386B2 (en) | Methods, systems, and computer readable media for destination-host defined overload scope | |
| US8606910B2 (en) | Prioritizing network traffic | |
| US9276852B2 (en) | Communication system, forwarding node, received packet process method, and program | |
| CN102263697B (en) | Method and device for sharing aggregated link traffic | |
| CN101800707B (en) | Method for establishing stream forwarding list item and data communication equipment | |
| EP2536066A1 (en) | Link detecting method, apparatus and system | |
| EP2627039B1 (en) | Method and device for switching aggregation links | |
| CN1996939A (en) | Method for message access control, forwarding engine and communication device | |
| CN106685827B (en) | Downlink message forwarding method and AP (access point) equipment | |
| JP2015502060A (en) | Streaming method and system for processing network metadata | |
| Abu et al. | Interest packets retransmission in lossy CCN networks and its impact on network performance | |
| CN101227289A (en) | Uniform intimidation managing device and loading method of intimidation defense module | |
| US20170353478A1 (en) | Packet relay apparatus | |
| US20070226347A1 (en) | Method and apparatus for dynamically changing the TCP behavior of a network connection | |
| CN101106518A (en) | Service denial method for providing load protection of central processor | |
| EP2688329B1 (en) | Communication system, base station, and method for coping with cyber attacks | |
| JP2016111664A (en) | Computer packaging system, and secure path selection method utilizing network evaluation | |
| CN108667741B (en) | Control method and system for industrial network data forwarding | |
| CN116405281A (en) | Real-time information detection network switching system | |
| EP3678339A1 (en) | Message processing method and device | |
| CN104883362A (en) | Method and device for controlling abnormal access behaviors | |
| CN102843274B (en) | The method of a kind of multilink fault detection and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |