CN108683610A - A kind of system and method realized multi-service rule match and flow and replicated - Google Patents

A kind of system and method realized multi-service rule match and flow and replicated Download PDF

Info

Publication number
CN108683610A
CN108683610A CN201810326074.2A CN201810326074A CN108683610A CN 108683610 A CN108683610 A CN 108683610A CN 201810326074 A CN201810326074 A CN 201810326074A CN 108683610 A CN108683610 A CN 108683610A
Authority
CN
China
Prior art keywords
service
flow
level
vlan
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810326074.2A
Other languages
Chinese (zh)
Inventor
邹昕
张家琦
于敬敬
孙浩
韩志前
王佩
王维晟
马秀娟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Sinovatio Technology LLC
National Computer Network and Information Security Management Center
Original Assignee
Nanjing Sinovatio Technology LLC
National Computer Network and Information Security Management Center
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Sinovatio Technology LLC, National Computer Network and Information Security Management Center filed Critical Nanjing Sinovatio Technology LLC
Priority to CN201810326074.2A priority Critical patent/CN108683610A/en
Publication of CN108683610A publication Critical patent/CN108683610A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/24Traffic characterised by specific attributes, e.g. priority or QoS
    • H04L47/2408Traffic characterised by specific attributes, e.g. priority or QoS for supporting different services, e.g. a differentiated services [DiffServ] type of service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/50Routing or path finding of packets in data switching networks using label swapping, e.g. multi-protocol label switch [MPLS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • H04L45/745Address table lookup; Address filtering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/70Admission control; Resource allocation
    • H04L47/82Miscellaneous aspects
    • H04L47/825Involving tunnels, e.g. MPLS
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/35Switches specially adapted for specific applications
    • H04L49/354Switches specially adapted for specific applications for supporting virtual local area networks [VLAN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/70Virtual switches

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention discloses a kind of system and method realized multi-service rule match and flow and replicated, mutually independent platform between the business such as level-one shunting device offer multi-service configuration, inquiry, matched and searched is wherein provided, pass through the common addressing of user tag attribute and message information, matching result is done into secondary discrimination, completes the polymerization setting of multi-service forwarding behavior.Two level interchanger realizes the duplication of multi-service flow.The program can exponentially save space and electric power, and greatly alleviate the tired problem in capacity expansion and upgrading of system.

Description

A kind of system and method realized multi-service rule match and flow and replicated
Technical field
The present invention relates to technical field of network security, and in particular to one kind realizing multi-service rule based on network processing unit Match and flow replicate system.
Present invention simultaneously relates to realize multi-service rule match and the method that flow replicates based on network processing unit.
Background technology
In recent years, the real-time network safe handling of backbone network mass data has become world's major power and is led in internet Domain carries out the principal focal point of strategic confrontation and competition.With Internet bandwidth high speed dilatation, new business emerges one after another, and passes through shunting When equipment matches to complete multi-service and replicates demand, for current main-stream network processing unit, including NP or FPGA etc., all exist The bottleneck that service traffics replicate, especially when number of services is more than four, performance is close exponentially to be declined.
Therefore need a kind of new technical solution to solve the above problems.
Invention content
It is an object of the invention to:A kind of system realized multi-service rule match and flow and replicated is provided, to solve The certainly low problem of service traffics duplicating efficiency under multi-service circumstances in network.
Present invention simultaneously provides the capturing analysis methods of a variety of VPN flows, equally solving multi-service circumstances in network The low problem of lower service traffics duplicating efficiency.
In order to achieve the above objectives, the present invention realizes that following skill can be used in the system that multi-service rule match and flow replicate Art scheme:
A kind of system realized multi-service rule match and flow and replicated, including:
Level-one shunting device extracts flow keyword and tables look-up, obtain multi-service user on demand to configure Multi-service information Information, and according to multi-service user information, the vlan id of the multi-service portfolio are calculated, and one layer is added in original message Vlan, and mark is added on SMAC, DMAC of outgoing message;
Two level interchanger to receive the outgoing message of level-one shunting device output, and is completed by VLAN flooding mechanisms The flow that need to be shared is forwarded to the affiliated port of different business after the duplication of multi-service flow.
Advantageous effect:It is provided by the invention to realize in the system that multi-service rule match and flow replicate, a level shunt Equipment provides mutually independent platform between the business such as multi-service configuration, inquiry, matched and searched, passes through user tag attribute and report Matching result is done secondary discrimination by the common addressing of literary information, completes the polymerization setting of multi-service forwarding behavior.Two level interchanger Realize the duplication of multi-service flow.The program can exponentially save space and electric power, and it is tired in dilatation greatly to alleviate system The problem of upgrading.
Further, Multi-service information is the Addressing information of the addresses mac of the corresponding server of multi-user.
Further, for MAC encapsulation format, the mac address sizes of equal point of 12 bytes of multi-service user.
Further, the multi-service user information after addressing is replaced raw chains road by level-one shunting device.
Following technical solution can be used in the method provided by the invention for realizing that multi-service rule match and flow replicate, and wraps Include following steps:
(1), Multi-service information is configured by level-one shunting device, extracts flow keyword on demand and table look-up, obtains multi-service User information, and according to multi-service user information, the vlan id of the multi-service portfolio are calculated, and one is added in original message Layer vlan, and mark is added on SMAC, DMAC of outgoing message;
(2), outgoing message is delivered to two level interchanger by level-one shunting device, and two level interchanger passes through VLAN flooding mechanisms It completes that the flow that need to be shared is forwarded to the affiliated port of different business after multi-service flow replicates.
Advantageous effect:The method provided by the invention for realizing that multi-service rule match and flow replicate passes through a level shunt Equipment provides mutually independent platform between the business such as multi-service configuration, inquiry, matched and searched, passes through user tag attribute and report Matching result is done secondary discrimination by the common addressing of literary information, completes the polymerization setting of multi-service forwarding behavior.Two level interchanger Realize the duplication of multi-service flow.The program can exponentially save space and electric power, and it is tired in dilatation greatly to alleviate system The problem of upgrading.
The method provided by the invention for realizing that multi-service rule match and flow replicate can also use following technical side Case includes the following steps:
Step 101, flow enters level-one shunting device, matching rule, and level-one shunting device carries out dissection process to flow;
Step 102, level-one shunting device configures Multi-service information, extracts flow keyword on demand and tables look-up, obtains multi-service User information, determination are the flows which business needs;
Step 103, according to multi-service user information, the vlan id of the multi-service portfolio are calculated, and are added in original message Add one layer of vlan;
Step 104, MAC Address encapsulates, and mark is added on SMAC, DMAC of outgoing message;
Step 105, vlan will be encapsulated and is sent to two level interchanger with the message for having modified mac;
Step 106, the message for carrying VLAN tag value enters after two level interchanger, and two level interchanger is broadcasted by VLAN Or particular vlan label flow is forwarded to and replicates port set output by matching VLAN ACL.
Advantageous effect:The method provided by the invention for realizing that multi-service rule match and flow replicate passes through a level shunt Equipment provides mutually independent platform between the business such as multi-service configuration, inquiry, matched and searched, passes through user tag attribute and report Matching result is done secondary discrimination by the common addressing of literary information, completes the polymerization setting of multi-service forwarding behavior.Two level interchanger Realize the duplication of multi-service flow.The program can exponentially save space and electric power, and it is tired in dilatation greatly to alleviate system The problem of upgrading.
Description of the drawings
Fig. 1 is multi-service rule match and flow clone method flow chart in the present invention.
Fig. 2 is that level-one shunting device needs to add the schematic diagram of specific identifier on SMAC, DMAC of outgoing message.
Specific implementation mode
Below in conjunction with the accompanying drawings to illustrating.
Embodiment one
Fig. 1 is can refer to, embodiment one provides a kind of system realized multi-service rule match and flow and replicated, including one Fraction flow device and two level interchanger.
It level-one shunting device and is configured according to multi-service, tables look-up to obtain multi-service user information.Multi-service information is addressed, Information after addressing is replaced into raw chains road.In order to further expansible, the encapsulation of " MacInMac " format can also be used former Beginning message exports.
A1, for multi-service user information, can be the addressing letter of the addresses mac of the corresponding server of multi-user Breath.
A2, for MAC encapsulation format, multi-service user can not also be waited with the mac address sizes of 12 byte of decile Point.The length that each service-user occupies can flexibly can configure according to demand.In conjunction with Fig. 2, level-one shunting device needs are exporting The specific mark of the upper band of SMAC, DMAC of message,.
According to the service conditions of hit, vlan is calculated.To the n kind different business that need to be marked, the combined number of maximum possible For:
VLAN id=2n+X (n value ranges are 0-11)
X=1 (it is 1 that X, which fixes value, is not changed with number of services, service numbers)
Such as:Business 1:N=0;VLAN id=20+1=2;
Such as:Business 2:N=1;VLAN id=21+1=3;
Such as:Business 1+ business 2:VLAN id=20+21+x=4;
Business 1+ business 2+ ...+business N:
VLAN id=2n+2n-1+ ...+20+X;
In the case of VLAN id≤4094, it is 11 that can acquire n maximum values.That is, under the premise of one layer of VLAN, System maximum can support the general character combination of 11 kinds of separate traffics, future that can further expand, increase using QinQ technologies as needed Add capacity.
Two level interchanger to receive level-one shunting device output outgoing message, and by VLAN flooding mechanisms complete it is more The flow that need to be shared is forwarded to the affiliated port of different business after service traffics duplication.
Embodiment two
The system that corresponding above-mentioned realization multi-service rule match and flow replicate, which, which provides, realizes multi-service The method that rule match and flow replicate, including:
(1), Multi-service information is configured by level-one shunting device, extracts flow keyword on demand and table look-up, obtains multi-service User information, and according to multi-service user information, the vlan id of the multi-service portfolio are calculated, and one is added in original message Layer vlan, and mark is added on SMAC, DMAC of outgoing message;
(2), outgoing message is delivered to two level interchanger by level-one shunting device, and two level interchanger passes through VLAN flooding mechanisms It completes that the flow that need to be shared is forwarded to the affiliated port of different business after multi-service flow replicates.
Embodiment three
Shown in Fig. 1, the present embodiment provides a kind of method realized multi-service rule match and flow and replicated, packets Include following steps:
Step 101, flow enters level-one shunting device, matching rule, and level-one shunting device carries out dissection process to flow;
Step 102, level-one shunting device configures Multi-service information, extracts flow keyword on demand and tables look-up, obtains multi-service User information, determination are the flows which business needs;
Step 103, according to multi-service user information, the vlan id of the multi-service portfolio are calculated, and are added in original message Add one layer of vlan;
Step 104, MAC Address encapsulates, and mark is added on SMAC, DMAC of outgoing message;
Step 105, vlan will be encapsulated and is sent to two level interchanger with the message for having modified mac;
Step 106, the message for carrying VLAN tag value enters after two level interchanger, and two level interchanger is broadcasted by VLAN Or particular vlan label flow is forwarded to and replicates port set output by matching VLAN ACL.
The present invention essentially consists in proposition one kind and " by way of level-one shunting device and two level switch concatenation, realizes more The solution of business rule matching and flow duplication ".

Claims (9)

1. a kind of system realized multi-service rule match and flow and replicated, which is characterized in that including:
Level-one shunting device extracts flow keyword and tables look-up, obtain multi-service user letter on demand to configure Multi-service information Breath, and according to multi-service user information, the vlan id of the multi-service portfolio are calculated, and one layer of vlan is added in original message, And mark is added on SMAC, DMAC of outgoing message;
Two level interchanger to receive the outgoing message of level-one shunting device output, and completes more industry by VLAN flooding mechanisms The flow that need to be shared is forwarded to the affiliated port of different business after business flow duplication.
2. system according to claim 1, it is characterised in that:Multi-service information is the corresponding server of multi-user The addresses mac Addressing information.
3. system according to claim 1, it is characterised in that:For MAC encapsulation format, equal point of 12 bytes of multi-service user Mac address sizes.
4. system according to claim 1, it is characterised in that:Level-one shunting device is by the multi-service user information after addressing Replace raw chains road.
5. a kind of method realized multi-service rule match and flow and replicated, which is characterized in that include the following steps:
(1), Multi-service information is configured by level-one shunting device, extracts flow keyword on demand and table look-up, obtains multi-service user Information, and according to multi-service user information, the vlan id of the multi-service portfolio are calculated, and one layer is added in original message Vlan, and mark is added on SMAC, DMAC of outgoing message;
(2), outgoing message is delivered to two level interchanger by level-one shunting device, and two level interchanger is completed by VLAN flooding mechanisms The flow that need to be shared is forwarded to the affiliated port of different business after the duplication of multi-service flow.
6. according to the method described in claim 5, it is characterized in that:Multi-service information is the corresponding server of multi-user The addresses mac Addressing information.
7. according to the method described in claim 5, it is characterized in that:For MAC encapsulation format, equal point of 12 bytes of multi-service user Mac address sizes.
8. according to the method described in claim 6, it is characterized in that:In step (1), the multi-service user information after addressing is replaced Change raw chains road.
9. a kind of method realized multi-service rule match and flow and replicated, which is characterized in that include the following steps:
Step 101, flow enters level-one shunting device, matching rule, and level-one shunting device carries out dissection process to flow;
Step 102, level-one shunting device configures Multi-service information, extracts flow keyword on demand and tables look-up, obtains multi-service user Information, determination are the flows which business needs;
Step 103, according to multi-service user information, the vlan id of the multi-service portfolio are calculated, and add one in original message Layer vlan;
Step 104, MAC Address encapsulates, and mark is added on SMAC, DMAC of outgoing message;
Step 105, vlan will be encapsulated and is sent to two level interchanger with the message for having modified mac;
Step 106, carry VLAN tag value message enter after two level interchanger, two level interchanger by VLAN broadcast or Particular vlan label flow is forwarded to VLAN ACL and replicates port set output.
CN201810326074.2A 2018-04-12 2018-04-12 A kind of system and method realized multi-service rule match and flow and replicated Pending CN108683610A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810326074.2A CN108683610A (en) 2018-04-12 2018-04-12 A kind of system and method realized multi-service rule match and flow and replicated

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810326074.2A CN108683610A (en) 2018-04-12 2018-04-12 A kind of system and method realized multi-service rule match and flow and replicated

Publications (1)

Publication Number Publication Date
CN108683610A true CN108683610A (en) 2018-10-19

Family

ID=63799911

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810326074.2A Pending CN108683610A (en) 2018-04-12 2018-04-12 A kind of system and method realized multi-service rule match and flow and replicated

Country Status (1)

Country Link
CN (1) CN108683610A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111404798A (en) * 2020-03-09 2020-07-10 湖北微源卓越科技有限公司 System and method for multi-user rule matching and flow replication
CN113923174A (en) * 2021-09-18 2022-01-11 浪潮思科网络科技有限公司 Message distribution method, device and medium
CN114827034A (en) * 2022-04-27 2022-07-29 杭州迪普信息技术有限公司 Flow copying method and device based on FPGA and exchange chip
CN115065641A (en) * 2022-06-09 2022-09-16 深圳市东晟数据有限公司 Convergence and shunt system
CN115473819A (en) * 2022-08-30 2022-12-13 电信科学技术第十研究所有限公司 System and method for processing mass internet traffic based on dynamic rule driving

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101640823A (en) * 2009-09-07 2010-02-03 杭州华三通信技术有限公司 Method and equipment for shunting multi-analysis system
CN107342926A (en) * 2017-06-13 2017-11-10 国家计算机网络与信息安全管理中心 A kind of method of multi-service Rapid matching distribution

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101640823A (en) * 2009-09-07 2010-02-03 杭州华三通信技术有限公司 Method and equipment for shunting multi-analysis system
CN107342926A (en) * 2017-06-13 2017-11-10 国家计算机网络与信息安全管理中心 A kind of method of multi-service Rapid matching distribution

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111404798A (en) * 2020-03-09 2020-07-10 湖北微源卓越科技有限公司 System and method for multi-user rule matching and flow replication
CN113923174A (en) * 2021-09-18 2022-01-11 浪潮思科网络科技有限公司 Message distribution method, device and medium
CN113923174B (en) * 2021-09-18 2024-04-12 浪潮思科网络科技有限公司 Message distribution method, device and medium
CN114827034A (en) * 2022-04-27 2022-07-29 杭州迪普信息技术有限公司 Flow copying method and device based on FPGA and exchange chip
CN114827034B (en) * 2022-04-27 2023-08-22 杭州迪普信息技术有限公司 Flow replication method and device based on FPGA and exchange chip
CN115065641A (en) * 2022-06-09 2022-09-16 深圳市东晟数据有限公司 Convergence and shunt system
CN115473819A (en) * 2022-08-30 2022-12-13 电信科学技术第十研究所有限公司 System and method for processing mass internet traffic based on dynamic rule driving
CN115473819B (en) * 2022-08-30 2024-05-17 电信科学技术第十研究所有限公司 Mass internet flow processing system and method based on dynamic rule driving

Similar Documents

Publication Publication Date Title
CN108683610A (en) A kind of system and method realized multi-service rule match and flow and replicated
CN104243270B (en) A kind of method and apparatus for establishing tunnel
CN103428094B (en) Message forwarding method in open flows OpenFlow system and device
US6208649B1 (en) Derived VLAN mapping technique
US20050175022A1 (en) Bridge apparatus and logical queue control method
CN107342926A (en) A kind of method of multi-service Rapid matching distribution
US20030223364A1 (en) Classifying and distributing traffic at a network node
WO2016107122A1 (en) Method and device for converting between rapidio packet and ethernet packet
CN108270699B (en) Message processing method, shunt switch and aggregation network
WO2017181757A1 (en) Packet forwarding method and device
US9813342B2 (en) Method and system for improved load balancing of received network traffic
JP2007159103A (en) Quality-of-service (qos) providing apparatus and method for mpls traffic
EP2903218A1 (en) Method and device for modifying and forwarding message in data communication network
CN108063718B (en) Message processing method and device and electronic equipment
CN110138618A (en) A kind of message processing method, apparatus and system
CN101494610B (en) Method for processing message and switch
CN107124366A (en) A kind of method for realizing service quality control, apparatus and system
CN103701679B (en) A kind of method for realizing VLAN conversions
CN106921572A (en) A kind of method, apparatus and system for propagating qos policy
CN100571218C (en) A kind of method and apparatus of realizing stream translation
CN107547334A (en) A kind of message forwarding method and device
US8687636B1 (en) Extended policy control list keys having backwards compatibility
CN103457824A (en) Message processing method and device
CN114221781A (en) Flow filtering method and system, electronic device and storage medium
CN109743265A (en) A kind of method and apparatus obtaining certificate information

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20181019

RJ01 Rejection of invention patent application after publication