CN108683598B - Asymmetric network traffic processing method and processing device - Google Patents
Asymmetric network traffic processing method and processing device Download PDFInfo
- Publication number
- CN108683598B CN108683598B CN201810361344.3A CN201810361344A CN108683598B CN 108683598 B CN108683598 B CN 108683598B CN 201810361344 A CN201810361344 A CN 201810361344A CN 108683598 B CN108683598 B CN 108683598B
- Authority
- CN
- China
- Prior art keywords
- information processing
- flow
- processing center
- flow information
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/12—Avoiding congestion; Recovering from congestion
- H04L47/125—Avoiding congestion; Recovering from congestion by balancing the load, e.g. traffic engineering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
- H04L45/745—Address table lookup; Address filtering
- H04L45/7453—Address table lookup; Address filtering using hashing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/29—Flow control; Congestion control using a combination of thresholds
Abstract
The invention relates to the technical field of internet, and provides an asymmetric network traffic processing method and device. Selecting one or more EU devices as a stream information processing center, and configuring an IP address of the stream information processing center and an IP address of a common EU; a flow information processing center receives related information of uplink flow reported by each common EU device in a network environment; the flow information processing center updates a local flow information table according to the uplink flow related information; the stream information table is used for returning URL information in the stream information table to EU equipment sending the query request when the stream information processing center receives the query request. According to the invention, by multiplexing the existing EU equipment, the integration of uplink and downlink data is completed when uplink flow and downlink flow are processed by different EU equipment in the prior art, no additional equipment is required, and the flow message is transmitted in an internal network with small delay.
Description
[ technical field ] A method for producing a semiconductor device
The invention relates to the technical field of internet, in particular to an asymmetric network flow processing method and device.
[ background of the invention ]
EU equipment is deployed in each IDC room, and generally comprises a switch, a shunt device, an analysis monitoring server, an optical splitter or an optical protector, and the shunt device can be divided into a shunt device and a preprocessing front-end machine according to different manufacturers and different monitoring modes. The EU equipment can monitor the IDC egress link according to different access modes and monitoring procedures: parallel connection and serial connection.
The EU equipment parallel connection mode is realized by adding an optical splitter on an exit link of an IDC room exit router equipment, and a network structure of the IDC/ISP information security management system EU parallel connection mode is shown in fig. 1, wherein one link copied by the optical splitter is still connected with the original network equipment connected to the internet, and the other link is connected with the shunt equipment of the execution unit. The shunting device has a certain filtering function, transmits the filtered data to the analysis monitoring server, is also connected with the IDC core network device through a link, and achieves the control of user flow by sending data packet interruption or interference on the normal service connection of the user.
The EU serial connection mode is realized by connecting an optical protector in series on an outlet link of IDC machine room outlet router equipment, and the original uplink link is connected to flow control equipment through the optical protector. Fig. 2 shows a schematic network structure of an IDC/ISP information security management system EU tandem connection mode, and a flow control device can directly perform preliminary analysis and various controls on traffic or user flow, on one hand, transmit data after the preliminary analysis to an analysis monitoring server for further analysis, and on the other hand, transmit the monitored flow to an original network device connected to the internet through an optical protector. The optical protector has a Bypass function, and can restore the connection of an original link when the flow control equipment fails, so that the link can not be interrupted.
In an internet Data center (International Data Corporation, abbreviated as IDC) room, original traffic is split by a splitter (or mirrored by a traffic mirroring device) to an Execution Unit (EU) device, and if the original traffic is a POS (Packet Over SONET/SDH) link or the link traffic is 100G, a protocol conversion device may be added in front of the EU device. Usually, another device is needed to perform homology and homing, and the traffic after homology and homing is sent to the EU device. Among other things, SONET/SDH is a high-speed, advanced wide area network connection technology. The router can provide a POS interface by inserting a POS module into the router. POS is a technology that is used in metropolitan and wide area networks and can be used to transmit packet data. The POS port transmission rate supports STM-1/OC-3(155.52Mbit/s), STM-16(2.5Gbit/s) and STM-64(10Gbit/s) or higher multiplexing.
Since the POS port uses SONET/SDH frame format encapsulation, it requires strict network synchronization.
In view of this, the problem to be solved in the art is to overcome the defect that the prior art needs to additionally add the homologous and homed device and increases the construction cost of the system architecture.
[ summary of the invention ]
The technical problem to be solved by the present invention is that, in the prior art, when uplink traffic and downlink traffic are to be analyzed by different EU devices and a complete traffic packet is to be analyzed (i.e., integration between uplink traffic and downlink traffic is to be completed), additional homologous and homed devices need to be provided, which not only increases the system cost, but also increases the complexity of signaling interaction.
The technical problem to be further solved by the present invention is how to improve the problem that how to improve the load of the EU equipment is heavier than that of the ordinary EU equipment compared with the normal uplink traffic and downlink traffic processing tasks of the EU equipment itself after a second identity is added to the existing EU equipment (i.e. as a stream information processing center).
The technical problem to be further solved by the present invention is how to improve the bearing pressure of the equipment in the network when the stream information processing center is in overload operation or when the ordinary EU equipment in the network reaches overload operation.
The invention adopts the following technical scheme:
in a first aspect, the present invention provides an asymmetric network traffic processing method, which selects one or more EU devices as a flow information processing center, and configures an IP address of the flow information processing center and an IP address of a general EU device, and the method includes:
the flow information processing center receives the relevant information of uplink flow reported by each common EU device in the network environment;
the flow information processing center updates a local flow information table according to the uplink flow related information; the stream information table is used for returning URL information in the stream information table to EU equipment sending the query request when the stream information processing center receives the query request.
Preferably, the related information of the uplink traffic includes one or more of 5-tuple information of the uplink traffic, URL information, time information for sending the uplink traffic, and EU device identifiers through which the uplink traffic passes;
the stream information table records therein: one or more items of 5-tuple information of the uplink traffic, URL information, time information of sending the uplink traffic, EU equipment identification passed by the downlink traffic, time information of receiving the downlink traffic and related content of the downlink traffic.
Preferably, after selecting one or more EU devices as a flow information processing center and configuring an IP address of the flow information processing center and an IP address of a general EU device, the method further includes:
EU equipment configured as a stream information processing center, which distributes the established message of the stream information processing center in the network in a broadcasting mode;
after receiving the message of establishing the stream information processing center, each EU device in the network records the IP address of the message of establishing the stream information processing center, so that when the uplink traffic and the downlink traffic of the same access request are processed by different EU devices, the corresponding EU device can send a query request to the corresponding stream information processing center according to the recorded IP address of the stream information processing center.
Preferably, each stream information processing center monitors the load of processing the uplink traffic data and the downlink traffic data of the stream information processing center, and records the load conditions of other EU devices in the network environment;
when a first EU device serving as a flow information processing center confirms that the load of the first EU device exceeds a preset threshold, the first EU device sends a request for inheriting the functions of the flow information processing center to one or more EU devices with smaller current load according to the load conditions of other EU devices in a network environment, and sends the request to a network in a broadcasting mode; so that other EU devices update their own stored IP addresses of the flow information processing centers.
Preferably, each flow information processing center monitors the load of processing uplink flow data and downlink flow data serving as EU equipment and the processing resource occupied by the query request task serving as the flow information processing center, and generates a load report to be sent to the core router; the load report is obtained by calculating processing resources occupied by a load and an inquiry request task which are integrated with the processing of the uplink traffic data and the downlink traffic data, so that when a core router distributes a subsequent traffic data processing task according to load balance, the flow information processing center is adjusted to monitor the amount of the uplink traffic data and the downlink traffic data processing tasks serving as EU equipment.
Preferably, when each stream information processing center monitors that the processing resource occupied by itself in the query request task is smaller than a preset threshold, and determines that the load of processing the uplink traffic data and the downlink traffic data of other EU devices in the network has reached the preset threshold, the method further includes:
each flow information processing center deduces one or more EU devices as the flow information processing center, releases the functions of the EU devices as the flow information processing centers, and distributes the flow information table maintained by the EU devices to other flow information processing centers in the network, so that the other flow information processing centers in the network inherit corresponding query request tasks in the flow information table.
Preferably, when acquiring the URL information in the flow information table carried in the query response message, the EU device that sends the query request monitors or blocks the uplink flow and the downlink flow related to the URL information.
Preferably, the message between the EU device and the stream information processing center in the network includes: a flow information adding message, a flow information query response message and a URL indication message;
the flow information adding message is a message sent by EU equipment which receives uplink flow to EU equipment serving as a flow information processing center, so that the flow information processing center can update a flow information table maintained by the flow information processing center;
the flow information query message is a message sent to the EU device serving as the flow information processing center when the EU device receives the downlink flow and determines that the EU device does not have uplink flow related information matched with the downlink flow, and is also described as a query request;
the stream information query response message is sent to a stream information query message sending end by EU equipment serving as a stream information processing center, wherein the stream information query response message carries one or more of 5-tuple information of uplink flow, URL information, time information for sending the uplink flow and EU equipment identification through which the uplink flow passes;
the URL indicating message is used as a URL indicating message sent to corresponding uplink traffic receiving EU equipment and/or other EU equipment in a network after the downlink traffic receiving EU equipment confirms that a corresponding URL is a blacklist or a white list according to downlink traffic content, so that the EU equipment receiving the URL indicating message can complete corresponding operation content according to a safety strategy indication carried in the URL indicating message.
Preferably, when there are at least two stream information processing centers in the network, selecting an EU device in the network as the stream information processing center, and selecting another EU device in the network as a message forwarding center for forwarding the stream information addition message, the stream information query response message, and the URL indication message; then the process of the first step is carried out,
EU equipment configured as a message forwarding center issues the identity and IP address of the EU equipment in a network in a broadcasting mode;
after receiving the broadcast of the message forwarding center, each EU device in the network records the IP address of the corresponding message forwarding center, so that when the uplink traffic and the downlink traffic of the same access request are processed by different EU devices, the corresponding EU device can send a query request to the corresponding stream information processing center according to the recorded IP address of the stream information processing center.
In a second aspect, the present invention further provides an asymmetric network traffic processing apparatus, configured to implement the asymmetric network traffic processing method in the first aspect, where the apparatus includes:
at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor and programmed to perform the asymmetric network traffic processing method of the first aspect.
In a third aspect, the present invention also provides a non-transitory computer storage medium storing computer-executable instructions for execution by one or more processors to perform the asymmetric network traffic processing method of the first aspect.
According to the invention, by multiplexing the existing EU equipment, the integration of uplink and downlink data is completed when uplink flow and downlink flow are processed by different EU equipment in the prior art, no additional equipment is required, and the flow message is transmitted in an internal network with small delay.
Furthermore, in the preferred embodiment of the present invention, an implementation idea of counting the self load amount and feeding back the load amount to the core router is provided for the flow information processing center. Therefore, the core router can adjust the task allocation of the flow information processing center (that is, reduce the total amount of uplink/downlink traffic passing through the flow information processing center) on the premise of weighing the task amount and/or the load amount of other common EU devices.
Furthermore, in a preferred embodiment of the present invention, how to flexibly implement the task placement of the fully loaded flow information processing center in the fully loaded working state of the flow information processing center is provided for the flow information processing center, so that the working stability of the whole system is greatly improved.
[ description of the drawings ]
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required to be used in the embodiments of the present invention will be briefly described below. It is obvious that the drawings described below are only some embodiments of the invention, and that for a person skilled in the art, other drawings can be derived from them without inventive effort.
Fig. 1 is a schematic diagram of a parallel connection manner of EU devices in the prior art according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a series connection of EU devices according to the prior art;
fig. 3 is a schematic flow chart of an asymmetric network traffic processing method according to an embodiment of the present invention;
fig. 4 is a schematic diagram of an asymmetric network traffic processing architecture according to an embodiment of the present invention;
fig. 5 is a schematic diagram of a network establishment flow of an asymmetric network traffic processing method according to an embodiment of the present invention;
fig. 6 is a signaling flow diagram for processing asymmetric network traffic according to an embodiment of the present invention;
fig. 7 is a signaling flow diagram of another asymmetric network traffic processing according to an embodiment of the present invention;
fig. 8 is a schematic diagram of a network establishment flow of an asymmetric network traffic processing method with a message forwarding center according to an embodiment of the present invention;
fig. 9 is a table of format field definitions of a flow information addition message according to an embodiment of the present invention;
fig. 10 is a table for defining format fields of a flow information query message according to an embodiment of the present invention;
fig. 11 is a table of format field definitions of a flow information query response message according to an embodiment of the present invention;
fig. 12 is a table for defining format fields of a URL indication message according to an embodiment of the present invention;
fig. 13 is a flowchart of a processing method for overloading a flow information processing center in an asymmetric network traffic processing method according to an embodiment of the present invention;
fig. 14 is a schematic diagram illustrating an initial state of an asymmetric network traffic processing architecture according to an embodiment of the present invention;
fig. 15 is a diagram illustrating an adjusted state of an asymmetric network traffic processing architecture according to an embodiment of the present invention;
fig. 16 is a flowchart of a method for preventing overload of a flow information processing center in an asymmetric network traffic processing method according to an embodiment of the present invention;
fig. 17 is a flowchart of a processing method for preventing overload of a general EU device in an asymmetric network traffic processing method according to an embodiment of the present invention;
fig. 18 is a schematic structural diagram of an asymmetric network traffic processing apparatus according to an embodiment of the present invention.
[ detailed description ] embodiments
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
In the description of the present invention, the terms "inner", "outer", "longitudinal", "lateral", "upper", "lower", "top", "bottom", and the like indicate orientations or positional relationships based on those shown in the drawings, and are for convenience only to describe the present invention without requiring the present invention to be necessarily constructed and operated in a specific orientation, and thus should not be construed as limiting the present invention.
In addition, the technical features involved in the embodiments of the present invention described below may be combined with each other as long as they do not conflict with each other.
In the embodiments of the present invention, the EU device as the stream information processing center will also be simply referred to as a stream information processing center; other EU devices in the network that do not perform a special role (e.g., the flow information processing center) will also be described as normal EU devices.
Example 1:
an embodiment 1 of the present invention provides an asymmetric network traffic processing method, which is applicable to an IDC room environment in which a plurality of EU devices are deployed in a local network architecture, and as shown in fig. 3, the method includes the following steps:
in step 201, one or more EU devices are selected as a flow information processing center, and an IP address of the flow information processing center and an IP address of a general EU device are configured.
Wherein, the selection process can be a mode directly designated by an operator; or the Control Unit (CU) may automatically select the EU device performance parameters and load conditions in the network after counting the EU device performance parameters and load conditions; or after the device performance parameters and the load conditions of each EU in the network are counted, the CU generates a recommendation list and then selects and obtains the recommendation list by an operator.
In step 202, the flow information processing center receives information related to uplink flows reported by each general EU device in the network environment.
The network environment may refer to a local area network of a computer room. EUs in the computer room are all in a local area network, and can access each other through the local area network.
For a single flow information processing center existing in a network environment, because the related information of the uplink flow of the entire network (including the related information of the uplink flow of the flow information processing center itself) is stored locally, the flow information processing center receives the related information of the uplink flow reported by each common EU device in the network environment, updates a local flow information table, and stores the related information of the uplink flow received by the flow information processing center itself as the EU device into the flow information table, thereby completing the establishment of the related information of the uplink flow of the entire network.
For a plurality of flow information processing centers in the network environment, each flow information processing center determines the flow information table maintained by the flow information processing center, and the flow information processing center notifies other flow information processing centers to add corresponding updating contents when the flow information table is updated due to the fact that the flow information processing center receives uplink flow as EU equipment; for the uplink traffic reported by the general EU equipment in the network, each flow information processing center receives and updates the uplink traffic, and therefore, the operation of notifying and adding corresponding updated contents among the flow information processing centers is not required.
In the embodiment of the present invention, the information related to the uplink traffic reported by the EU device may be in a broadcast manner, or may be in a directional message manner with a destination address.
In step 203, the flow information processing center updates a local flow information table according to the uplink flow related information; the stream information table is used for returning URL information in the stream information table to EU equipment sending the query request when the stream information processing center receives the query request.
The flow information table is only a name, and its expression form may be an exel table similar to a word, a database similar to SQL, or other data storage manners, which is not described herein again.
The embodiment of the invention realizes that the integration of uplink and downlink data is completed when uplink flow and downlink flow are processed by different EU equipment in the prior art by multiplexing the existing EU equipment without additionally adding equipment, and the flow message is transmitted in an internal network with small delay. In the embodiment of the present invention, the EU that acquires the downlink traffic determines the URL address of the uplink traffic, so that when there is a risk in analyzing the received downlink traffic, the URL is added to a blacklist, and when the uplink traffic indicates that access is to be initiated, a corresponding security prompt is given to a user. On the other hand, the EU can also send an interference packet to block the access of the user to the blacklist URL, and record a blocking log and report the blocking log to a higher-level system (such as a CU).
In a specific implementation of the present invention, the notifying of the flow information processing center (also described as reporting) may be accomplished by using a flow information addition message, and the flow information addition message may be broadcast to all the flow information processing centers. Or, a flow information processing center can be hash-calculated according to a specific key, then an adding message is sent to the flow information processing center, and similarly, a flow processing center can be hash-calculated according to a query message, so that the same flow processing center can be ensured to be calculated by adding and querying. In this way, the storage and query of the flow information can be distributed to each flow information processing center, that is, the flow information stored by each flow information processing center is different (in the following embodiment of the present invention, the practical scene of the multi-flow information processing center is optimized by adding the message forwarding center). This hash pattern can be consistent with the hash pattern of the message forwarding center mentioned later.
As shown in fig. 4, an architecture diagram for implementing the method according to the embodiment of the present invention is provided, wherein the EU-3 is set as a flow information processing center, so that when the EU-1 acquires uplink traffic, a flow information addition message is sent to the EU-3, so that the EU-3 stores uplink traffic related information locally, and when a subsequent EU-2 receives corresponding downlink traffic, the EU-3 can acquire related information (part or all) of the uplink traffic in a flow information query message (also described as a query request in the embodiments of the present invention) by going to the EU-3. Further, the EU-2 can perform subsequent data packet interception, access request risk warning and the like according to the integrated complete data content. EU-2 can also send the URL to other EUs through URL indication information except updating the black and white list of the local URL, other EUs can update the black and white list of the local when receiving the URL indication information, and then the subsequent uplink flow of the URL received by other EUs can be directly processed correspondingly.
In the embodiment of the present invention, the related information of the uplink traffic includes one or more items of 5-tuple information of the uplink traffic, URL information, time information for sending the uplink traffic, and EU device identifiers through which the uplink traffic passes; the stream information table records therein: one or more items of 5-tuple information of the uplink traffic, URL information, time information of sending the uplink traffic, EU equipment identification passed by the downlink traffic, time information of receiving the downlink traffic and related content of the downlink traffic. In a specific implementation scheme, the above parameters may be arbitrarily combined according to actual requirements, which is not described herein in detail.
In the embodiment of the present invention, regarding the content involved in step 201, after the selecting one or more EU devices as a flow information processing center and configuring an IP address of the flow information processing center and an IP address of a general EU device, and before performing step 202, as shown in fig. 5, the method further includes:
in step 301, the EU device configured as the flow information processing center distributes the message established by the flow information processing center in the network by way of broadcasting.
The message established by the flow information processing center carries one or more of an IP address of EU equipment of the flow information processing center, EU equipment identification, a transmission protocol and a port number used by transmission messages (including various messages transmitted between the flow information processing center and common EU equipment).
In step 302, after receiving the message of the stream information processing center, each EU device in the network records the IP address of the message of the corresponding stream information processing center, so that when the uplink traffic and the downlink traffic of the same access request are processed by different EU devices, the corresponding EU device can send a query request to the corresponding stream information processing center according to the recorded IP address of the stream information processing center.
The above-mentioned network-wide announcement manner of steps 301 to 302 is only a concrete expression form of one of many realizable architectures in the embodiment of the present invention, and next, the embodiment of the present invention will show another network architecture manner, and especially under the condition that there are many stream information processing centers, an EU device is usually selected for each stream information processing center as a message forwarding center to cooperate with each stream information processing center to complete the method proposed in the embodiment of the present invention. Therefore, when at least two stream information processing centers exist in the network, at the same time of selecting the specified EU equipment in the network as the stream information processing center, another EU equipment in the network is also selected as a message forwarding center for forwarding the stream information adding message, the stream information query response message and the URL indication message; as shown in fig. 8:
in step 401, the EU device configured as a message forwarding center issues its own identity and IP address in the network by broadcasting.
In step 402, after receiving the broadcast of the message forwarding center, each EU device in the network records an IP address of the corresponding message forwarding center, so that when the uplink traffic and the downlink traffic of the same access request are processed by different EU devices, the corresponding EU device can send a query request to the corresponding stream information processing center according to the recorded IP address of the stream information processing center.
In the extended scheme including the message forwarding center, when establishing a link relationship between a network environment message forwarding center, a stream information processing center, and a general EU device, not only the execution contents of steps 401 to 402 are involved, but also the execution contents of steps 301 to 302 are executed, so that the message forwarding center records an IP address (or 5-tuple information) of each stream information processing center in the network, and preferably, a mapping relationship table of each stream information processing center and uplink traffic related information stored and maintained by the stream information processing center is generated through a hash algorithm; therefore, when the common EU equipment receives the downlink flow data, the flow information processing center which stores the matched uplink flow related information can be quickly addressed through the message forwarding center. As shown in fig. 6 and fig. 7, two signaling flow diagrams for processing query request messages based on a message forwarding center are provided in the embodiments of the present invention.
As shown in fig. 6, a general EU device receiving downlink traffic data first sends a processing center query request to a message forwarding center, where the query request carries an IP address (or 5-tuple information) of an intelligent terminal initiating URL access; and the message forwarding center inquires a mapping table maintained locally according to the IP address of the intelligent terminal and determines a stream information processing center where the uplink flow related information is located. The mapping table is generated by one or more of the IP address of each flow information processing center, the device identifier of the flow information processing center, and the 5-tuple information of the uplink flow (i.e., the 5-tuple data of the intelligent terminal, which is the data on the transmitting source side at this time) through a hash algorithm, and is stored in the mapping table of the message forwarding center. Correspondingly, after receiving a processing center query request of the ordinary EU device, the message forwarding center calculates a hash value according to 5-tuple information (i.e., 5-tuple data of the intelligent terminal, which is data at the receiving end) carried in the query request and one or more of a locally stored stream information processing center IP address and a stream information processing center device identifier, queries a stream information processing center 1 in which corresponding uplink traffic related information is stored in the mapping table, and returns the address to the ordinary EU device, so that the ordinary EU device further obtains the uplink traffic related information including the URL from the stream information processing center 1 through a stream information query message.
As shown in fig. 7, the implementation flow mechanism is substantially the same as Y1, for example, the generation manner of the mapping table in the message forwarding center is the same as Y1, and the difference is mainly that in fig. 6, it is a common EU device that finally acquires the upstream traffic related information (e.g., the URL shown in fig. 6) to the stream information processing center 1; in the signaling diagram shown in fig. 7, the ordinary EU device only needs to send the flow information query message to the message forwarding center, and the subsequent tasks negotiated with the flow information processing center are all completed by the message forwarding center, and compared with the signaling processing process shown in fig. 6, the signaling processing process shown in fig. 7 has a larger processing load for the message forwarding center, but compared with the former signaling processing process, the signaling execution load pressure on the ordinary EU device side is simplified.
The message between the EU equipment and the stream information processing center/message forwarding center in the network comprises the following steps: a flow information adding message, a flow information query response message and a URL indication message; the function of each message in the embodiment of the present invention is specifically described as follows:
the flow information adding message is a message sent by EU equipment receiving uplink flow to EU equipment serving as a flow information processing center, so that the flow information processing center can update a flow information table maintained by the flow information processing center; as shown in fig. 9, a table for defining format fields of a flow information addition message according to an embodiment of the present invention is provided.
The flow information query message is a message sent to the EU device serving as the flow information processing center when the EU device receives the downlink flow and determines that the EU device does not have uplink flow related information matched with the downlink flow, and is also described as a query request; as shown in fig. 10, a table for defining format fields of a flow information query message according to an embodiment of the present invention is provided.
The stream information query response message is sent to a stream information query message sending end by EU equipment serving as a stream information processing center, wherein the stream information query response message carries one or more of 5-tuple information of uplink flow, URL information, time information for sending the uplink flow and EU equipment identification through which the uplink flow passes; as shown in fig. 11, a table for defining format fields of a flow information query response message according to an embodiment of the present invention is provided.
The URL indicating message is used as a URL indicating message sent to corresponding uplink traffic receiving EU equipment and/or other EU equipment in a network after the downlink traffic receiving EU equipment confirms that a corresponding URL is a blacklist or a white list according to downlink traffic content, so that the EU equipment receiving the URL indicating message can complete corresponding operation content according to a safety strategy indication carried in the URL indicating message. In a specific use example, the URL indication message may be for an uplink device, the operation content includes updating a black and white list of a local URL of the EU device, the black list URL needs to be blocked, and the traffic of the black list URL may be directly blocked by a subsequent EU device. The EU device sending the URL indication message can mark that the message is broadcast or unicast and send the message to the stream information processing center, and the stream information processing center broadcasts or unicasts (for example, directionally sends the message to the EU device receiving the uplink traffic) to other EU devices according to the mark in the message; besides, the EU device that transmits the URL indication message may also directly transmit in a broadcast manner. As shown in fig. 12, a table for defining format fields of a URL indication message is provided according to an embodiment of the present invention.
With reference to the embodiment of the present invention, there is also a preferred implementation scheme, where the EU device that sends the query request monitors or blocks uplink traffic and downlink traffic related to the URL information when acquiring the URL information in the flow information table carried in the query response message.
Example 2:
the present invention proposes a new asymmetric network traffic processing method in embodiment 1, and also shows a network architecture mode suitable for the asymmetric network traffic processing method from one side. The embodiment of the present invention is to illustrate the situation that, after the method described in embodiment 1 of the present invention is adopted, the task load may not be effectively solved by the own computing resource of the EU equipment after the function of the new stream information processing center is added, and to separately illustrate a plurality of feasible solutions.
The first solution is as follows:
the solution mainly considers how the flow information processing center can ensure the digestion capability of the current load when the resource occupancy rate exceeds the preset threshold value, and can deal with the task amount which is possibly further increased. The first EU device, which is a stream information processing center, is exemplified in the present solution, but those skilled in the art know that the description of the first EU device is only for convenience of describing its occurrence of an overload situation, and the first EU device does not have an additional limitation on its objects specified by functional limitations. For the above-mentioned resource occupancy rate exceeding the preset threshold in the streaming information processing center possibly encountered by the method proposed by embodiment 1, an embodiment of the present invention provides a solution, as shown in fig. 13, including the following steps:
in step 501, each flow information processing center monitors its own uplink traffic data and downlink traffic data processing load, and records the load of other EU devices in the network environment.
The load of processing the uplink traffic data and the downlink traffic data and the load of other EU equipment are visually represented by the occupation amount of a memory and the occupation amount of a CPU, the other dimension can also be represented by the number of the processed uplink traffic data and the processed downlink traffic data, the other dimension is the size of uplink and downlink traffic received by the EU equipment, and all the dimensions can be considered in parallel.
In step 502, when a first EU device (specifically, EU1, as shown in fig. 14) serving as a flow information processing center confirms that its own load capacity has exceeded a preset threshold (for example, resource occupancy of CPU and/or memory reaches 90%), the first EU device sends a request for inheriting functions of the flow information processing center to one or more EU devices (specifically, EU2 and EU3, as shown in fig. 15) with smaller current load capacity according to load conditions of other EU devices in the network environment, and sends the request to the network in a broadcast manner; therefore, other EU equipment updates the IP address of the flow information processing center stored in the EU equipment, inherits one or more EU equipment of the identity of the first EU equipment flow information processing center, and acquires the flow information table stored in the first EU equipment.
However, this method may require some special processing for the scenario of dynamically increasing or decreasing the flow information processing centers, such as re-hash calculation and transfer of the stored flow information of each flow information processing center: the original flow information stored in the flow information processing center a needs to be stored in the flow information processing center B after the flow information processing center is increased or decreased (the same is true for the query), but the processing of the message of the URL addition and query added after the flow information processing center is adjusted has no influence.
The flow information processing center provided in the embodiment of the present invention is based on a program code that runs on EU equipment and is capable of completing the above-mentioned stored flow information table, various message processing (specifically referring to the message in each embodiment of the present invention) between the EU equipment and a general EU equipment and/or a message forwarding center, and a network broadcast itself as a flow information processing center message, and also runs a program code that is capable of completing a reporting task and initiating an inquiry request on the EU equipment side, and activation of each corresponding program code may be realized by sending a message carrying a specified activation field, so to support the method in step 502, it is preferable that each EU equipment is provided with a corresponding complete program code that is used as a general EU equipment and as a flow information processing center/message forwarding center, and what role it represents in an actual implementation process is according to a corresponding message carrying a specified activation field Therefore, the "selecting one or more EU devices as the flow information processing center" referred to in step 201 and the "sending a request for inheriting the function of the self flow information processing center to one or more EU devices with a smaller current load amount" referred to in the present solution can be both accomplished in this way.
The second solution is as follows:
in the first solution, the EU device serving as the flow information processing center may encounter a situation where its own resources cannot satisfy the requirement of dual functions of the EU device serving as both the flow information processing center and the EU device serving as the flow information processing center. Therefore, a solution is proposed to put down the functions of its own flow information processing center to one or more EU devices with a small load in the current network. In the second solution, it is also considered that the possible situation that the computation resource of the EU device as the flow information processing center is insufficient to carry the load is considered, but the second solution adjusts the pre-intervention task allocation manner from the core router side, as shown in fig. 16, which is specifically set forth as follows:
in step 601, each flow information processing center monitors the load of processing uplink traffic data and downlink traffic data serving as EU equipment and the processing resource occupied by the processing load serving as an inquiry request task of the flow information processing center, generates a load report, and sends the load report to the core router.
The load report is obtained by calculating processing resources occupied by the load and the query request task which are integrated with the processing of the uplink traffic data and the downlink traffic data, and preferably, the load report sent to the core router by the flow information processing center can be adjusted in a certain proportion on the basis of an actual calculation result, so that enough resources are reserved for self stable operation.
In step 602, when the core router allocates the subsequent traffic data processing task according to the load balancing, the flow information processing center is adjusted to monitor the amount of the uplink traffic data and the downlink traffic data processing task serving as the EU device.
Example 3:
the present invention proposes a new asymmetric network traffic processing method in embodiment 1, and also shows a network architecture mode suitable for the asymmetric network traffic processing method from one side. Embodiment 2 has already described several solutions that may occur in EU devices after adding new functions of the flow information processing center after using the method described in embodiment 1 of the present invention, and considering the situation that its own computing resources cannot effectively solve the task load. In the embodiment of the present invention, considering from another point of view that the technical solution described in embodiment 1 of the present invention is adopted, a situation that may occur is that the total amount of EU devices selected as a stream information processing center exceeds the amount of demand in the actual use process, at this time, the method steps proposed in embodiment 3 of the present invention may be adopted for adjustment, as shown in fig. 17 specifically, the method includes:
in step 701, each flow information processing center monitors that the processing resource occupied by itself in the query request task is smaller than a preset threshold, and determines that the load of processing uplink traffic data and downlink traffic data of other EU devices in the network has reached the preset threshold, then step 702 is executed; otherwise, the execution is continued according to the identity roles of the EU devices which are currently set.
In step 702, each flow information processing center elects one or more EU devices as flow information processing centers, releases its functions as flow information processing centers, and distributes the flow information tables maintained by it to other flow information processing centers in the network.
In step 703, other flow information processing centers in the network inherit the corresponding query request tasks in the flow information table.
Example 4:
the present invention describes an asymmetric network traffic processing method through embodiments 1 to 3, and in the embodiments of the present invention, an asymmetric network traffic processing apparatus is provided, which is used to operate the asymmetric network traffic processing method described in embodiments 1 to 3. As shown in fig. 18, the processing means includes at least one processor 21; and a memory 22 communicatively coupled to the at least one processor 21; wherein the memory 22 stores instructions executable by the at least one processor 21 and programmed to perform the asymmetric network traffic processing methods of embodiments 1-3. The processor 21 and the memory 22 may be connected by a bus or other means, and fig. 18 illustrates the connection by the bus as an example.
The memory 22, which is a non-volatile computer-readable storage medium of an asymmetric network traffic processing method and processing device, may be used to store non-volatile software programs, non-volatile computer-executable programs, and modules, such as the asymmetric network traffic processing method and corresponding program instructions of embodiment 1. The processor 21 executes various functional applications and data processing of the asymmetric network traffic processing apparatus by executing nonvolatile software programs, instructions, and modules stored in the memory 22, that is, implements the asymmetric network traffic processing methods of embodiments 1 to 3.
The memory 22 may include high speed random access memory and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some embodiments, the memory 22 may optionally include memory located remotely from the processor 21, and these remote memories may be connected to the processor 21 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The program instructions/modules are stored in the memory 22 and when executed by the one or more processors 21, perform the asymmetric network traffic processing method of embodiment 1 described above, for example, perform the steps shown in fig. 3, fig. 5, fig. 8, fig. 13, fig. 16, and fig. 17 described above.
It should be noted that, because the contents of information interaction, execution process, and the like between the modules and units in the device are based on the same concept as the processing method embodiment of the present invention, specific contents may refer to the description in the method embodiment of the present invention, and are not described herein again.
Those of ordinary skill in the art will appreciate that all or part of the steps of the various methods of the embodiments may be implemented by associated hardware as instructed by a program, which may be stored on a computer-readable storage medium, which may include: a Read Only Memory (ROM), a Random Access Memory (RAM), a magnetic or optical disk, or the like.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.
Claims (9)
1. An asymmetric network traffic processing method is characterized in that one or more EU devices are selected as a flow information processing center, and an IP address of the flow information processing center and an IP address of a common EU device are configured, and the method comprises the following steps:
the flow information processing center receives the relevant information of uplink flow reported by each common EU device in the network environment;
the flow information processing center updates a local flow information table according to the uplink flow related information; the stream information table is used for returning URL information in the stream information table to EU equipment sending a query request when the stream information processing center receives the query request;
after selecting one or more EU devices as a stream information processing center and configuring an IP address of the stream information processing center and an IP address of a common EU device, the method further includes:
EU equipment configured as a stream information processing center, which distributes the established message of the stream information processing center in the network in a broadcasting mode;
after receiving the message of establishing the stream information processing center, each EU device in the network records the IP address of the message of establishing the stream information processing center, so that when the uplink traffic and the downlink traffic of the same access request are processed by different EU devices, the corresponding EU device can send a query request to the corresponding stream information processing center according to the recorded IP address of the stream information processing center.
2. The asymmetric network traffic processing method according to claim 1, wherein the related information of the uplink traffic includes one or more of 5-tuple information of the uplink traffic, URL information, time information for sending the uplink traffic, EU device identifiers passed by the uplink traffic;
the stream information table records therein: one or more items of 5-tuple information of the uplink traffic, URL information, time information of sending the uplink traffic, EU equipment identification passed by the downlink traffic, time information of receiving the downlink traffic and related content of the downlink traffic.
3. The asymmetric network traffic processing method according to claim 1, wherein each flow information processing center monitors its own load of processing uplink traffic data and downlink traffic data, and records the load conditions of other EU devices in the network environment;
when a first EU device serving as a flow information processing center confirms that the load of the first EU device exceeds a preset threshold, the first EU device sends a request for inheriting the functions of the flow information processing center to one or more EU devices with smaller current load according to the load conditions of other EU devices in a network environment, and sends the request to a network in a broadcasting mode; so that other EU devices update their own stored IP addresses of the flow information processing centers.
4. The asymmetric network traffic processing method according to claim 1, wherein each flow information processing center monitors its own load for processing uplink traffic data and downlink traffic data as EU equipment and its processing resource occupied as an inquiry request task of the flow information processing center, generates a load report, and sends the load report to the core router; the load report is obtained by calculating processing resources occupied by a load and an inquiry request task which are integrated with the processing of the uplink traffic data and the downlink traffic data, so that when a core router distributes a subsequent traffic data processing task according to load balance, the processing task amount of the uplink traffic data and the downlink traffic data of the flow information processing center is adjusted.
5. The asymmetric network traffic processing method according to claim 1, wherein when each flow information processing center monitors that the processing resource occupied by itself in the query request task is smaller than a preset threshold, and determines that the load of processing uplink traffic data and downlink traffic data of other EU devices in the network has reached the preset threshold, the method further comprises:
each flow information processing center deduces one or more EU devices as the flow information processing center, releases the functions of the EU devices as the flow information processing centers, and distributes the flow information table maintained by the EU devices to other flow information processing centers in the network, so that the other flow information processing centers in the network inherit corresponding query request tasks in the flow information table.
6. The asymmetric network traffic processing method according to any one of claims 1 to 5, wherein the EU device that sends the query request monitors or blocks uplink traffic and downlink traffic related to the URL information when acquiring the URL information in a flow information table carried in a query response message.
7. The asymmetric network traffic processing method as claimed in any of claims 1 to 5, wherein the messages between the EU devices and the flow information processing center in the network comprise: a flow information adding message, a flow information query response message and a URL indication message;
the flow information adding message is a message sent by EU equipment which receives uplink flow to EU equipment serving as a flow information processing center, so that the flow information processing center can update a flow information table maintained by the flow information processing center;
the flow information query message is a message sent by the EU device receiving the downlink flow to the EU device serving as the flow information processing center when determining that the EU device does not have uplink flow related information matched with the downlink flow, and is also described as a query request;
the stream information query response message is sent to a stream information query message sending end by EU equipment serving as a stream information processing center, wherein the stream information query response message carries one or more of 5-tuple information of uplink flow, URL information, time information for sending the uplink flow and EU equipment identification through which the uplink flow passes;
and the URL indication message is used as a URL indication message sent to corresponding uplink traffic receiving EU equipment and/or other EU equipment in a network after the downlink traffic receiving EU equipment confirms that the corresponding URL belongs to a blacklist or a white list according to the content of the downlink traffic, so that the EU equipment receiving the URL indication message can complete corresponding operation content according to the safety strategy indication carried in the URL indication message.
8. The asymmetric network traffic processing method according to claim 7, wherein when there are at least two stream information processing centers in the network, while selecting a specified EU device in the network as the stream information processing center, another EU device in the network is also selected as a message forwarding center for forwarding the stream information addition message, the stream information query response message, and the URL indication message; then the process of the first step is carried out,
EU equipment configured as a message forwarding center issues the identity and IP address of the EU equipment in a network in a broadcasting mode;
after receiving the broadcast of the message forwarding center, each EU device in the network records the IP address of the corresponding message forwarding center, so that when the uplink traffic and the downlink traffic of the same access request are processed by different EU devices, the corresponding EU device can send a query request to the corresponding stream information processing center according to the recorded IP address of the stream information processing center.
9. An asymmetric network traffic processing device comprising at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor, the instructions when executed by the processor implementing the asymmetric network traffic processing method of any of claims 1-8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810361344.3A CN108683598B (en) | 2018-04-20 | 2018-04-20 | Asymmetric network traffic processing method and processing device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810361344.3A CN108683598B (en) | 2018-04-20 | 2018-04-20 | Asymmetric network traffic processing method and processing device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108683598A CN108683598A (en) | 2018-10-19 |
| CN108683598B true CN108683598B (en) | 2020-04-10 |
Family
ID=63801523
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810361344.3A Active CN108683598B (en) | 2018-04-20 | 2018-04-20 | Asymmetric network traffic processing method and processing device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108683598B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110855424B (en) * | 2019-10-12 | 2023-04-07 | 武汉绿色网络信息服务有限责任公司 | Method and device for synthesizing asymmetric flow xDR in DPI field |
| CN110798402B (en) * | 2019-10-30 | 2023-04-07 | 腾讯科技(深圳)有限公司 | Service message processing method, device, equipment and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101741608A (en) * | 2008-11-10 | 2010-06-16 | 北京启明星辰信息技术股份有限公司 | Traffic characteristic-based P2P application identification system and method |
| CN102387219A (en) * | 2011-12-13 | 2012-03-21 | 曙光信息产业(北京)有限公司 | Multi-network-card load balancing system and method |
| CN102761450A (en) * | 2012-08-07 | 2012-10-31 | 北京鼎震科技有限责任公司 | System, method and device for website analysis |
| CN103200126A (en) * | 2013-04-18 | 2013-07-10 | 烽火通信科技股份有限公司 | XG-PON system flow management device and method |
| CN106921584A (en) * | 2017-03-31 | 2017-07-04 | 武汉绿色网络信息服务有限责任公司 | A kind of distributed network flow control method |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100454841C (en) * | 2006-06-02 | 2009-01-21 | 华为技术有限公司 | Multi-domain routing computation method and system |
| CN100542144C (en) * | 2007-07-31 | 2009-09-16 | 杭州华三通信技术有限公司 | Message forwarding system and method and safety means based on safety means |
| CN103763198B (en) * | 2013-11-15 | 2016-08-17 | 武汉绿色网络信息服务有限责任公司 | A kind of data packet classification method |
| US9912582B2 (en) * | 2013-11-18 | 2018-03-06 | Telefonaktiebolaget Lm Ericsson (Publ) | Multi-tenant isolation in a cloud environment using software defined networking |
| CN105812324B (en) * | 2014-12-30 | 2019-04-05 | 华为技术有限公司 | The method, apparatus and system of IDC information security management |
| CN106789980A (en) * | 2016-12-07 | 2017-05-31 | 北京亚鸿世纪科技发展有限公司 | A kind of monitoring administration method and device of website legitimacy |
-
2018
- 2018-04-20 CN CN201810361344.3A patent/CN108683598B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101741608A (en) * | 2008-11-10 | 2010-06-16 | 北京启明星辰信息技术股份有限公司 | Traffic characteristic-based P2P application identification system and method |
| CN102387219A (en) * | 2011-12-13 | 2012-03-21 | 曙光信息产业(北京)有限公司 | Multi-network-card load balancing system and method |
| CN102761450A (en) * | 2012-08-07 | 2012-10-31 | 北京鼎震科技有限责任公司 | System, method and device for website analysis |
| CN103200126A (en) * | 2013-04-18 | 2013-07-10 | 烽火通信科技股份有限公司 | XG-PON system flow management device and method |
| CN106921584A (en) * | 2017-03-31 | 2017-07-04 | 武汉绿色网络信息服务有限责任公司 | A kind of distributed network flow control method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108683598A (en) | 2018-10-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10419291B2 (en) | Terminal upgrade method and related device with multicast program | |
| US20160323193A1 (en) | Service Routing Method, Device, and System | |
| EP2629554B1 (en) | Service control method and system, enodeb and packet data network gateway | |
| US10681619B2 (en) | Packet transmission method, device, and communications system | |
| WO2015143610A1 (en) | Service implementation method for nfv system, and communications unit | |
| US20200359255A1 (en) | Quality of service (qos) control method and related device | |
| US10686701B2 (en) | Packet transmission method and device, and communications system | |
| KR101748750B1 (en) | System and Method for Controlling SDN based Traffic aware Bandwidth in Virtualized WLANs | |
| CN111726293B (en) | Message transmission method and device | |
| EP4138443A1 (en) | Communication method and apparatus | |
| KR20140106235A (en) | Open-flow switch and packet manageing method thereof | |
| US11665071B2 (en) | Coordinated data sharing in virtualized networking environments | |
| US20190238949A1 (en) | Multicast service providing method and software defined networking controller | |
| WO2021022806A1 (en) | Network system, method, and communication device for centralized processing of network services | |
| US20170310493A1 (en) | Network entity and service policy management method | |
| CN108683598B (en) | Asymmetric network traffic processing method and processing device | |
| WO2020119682A1 (en) | Load sharing method, control plane entity, and repeater | |
| US20220286409A1 (en) | Method and apparatus for configuring quality of service policy for service, and computing device | |
| CN111148085B (en) | Bluetooth gateway circuit, intelligent room subsystem, link control method and device | |
| CN105684381A (en) | Apparatus and method for lawful interception | |
| CN105262682A (en) | Software defined network for power data communication and traffic grooming method thereof | |
| CN107104813B (en) | Information transmission method, gateway and controller | |
| WO2011153836A1 (en) | M2m system and method for processing services thereof | |
| CN114710975A (en) | Multi-domain transport multi-transport network context identification | |
| KR20230157194A (en) | Apparatus and method for traffic processing using programmable switch |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |