CN109462586A - Flow monitoring method, device and execute server - Google Patents
Flow monitoring method, device and execute server Download PDFInfo
- Publication number
- CN109462586A CN109462586A CN201811327450.6A CN201811327450A CN109462586A CN 109462586 A CN109462586 A CN 109462586A CN 201811327450 A CN201811327450 A CN 201811327450A CN 109462586 A CN109462586 A CN 109462586A
- Authority
- CN
- China
- Prior art keywords
- data packet
- uplink traffic
- traffic data
- execute server
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/16—Threshold monitoring
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
Abstract
The present invention provides a kind of flow monitoring method, device and execute server, is related to technical field of communication processing.This method receives the uplink traffic data packet that user terminal is sent by dispatch server, and uplink traffic data packet is sent to execute server;Execute server verifies uplink traffic data packet according to default verification rule, to determine whether uplink traffic data packet is abnormal;When to be no, execute server sends reply data packet corresponding with uplink traffic data packet to user terminal.Because execute server only carries out flow monitoring to the uplink traffic data packet that dispatch server is obtained from user terminal, namely execute server is only monitored the uplink traffic of user terminal, it is monitored without the downlink traffic data to user terminal, reduce the amount of data processing, so the memory space of service system can be saved, and then mitigate the pressure of service system flow monitoring processing, help to improve the efficiency of flow monitoring processing.
Description
Technical field
The present invention relates to technical field of communication processing, in particular to a kind of flow monitoring method, device and hold
Row server.
Background technique
In traffic security field, the flow of transmission generally includes abnormal flow, if not filtering to abnormal flow
It removes, is easy so that server or user terminal are attacked and be unable to operate normally.Flow in transmission process, usually server this
Side can be monitored flow, and traditional approach will be divided again after uplink and downlink flow all recombination magnanimity flow
Analysis, since downlink traffic is usually more times (for example being 10 times) of uplink traffic, traditional approach can seriously consume clothes in recombination
The memory source of business device and the computing resource of processor, reduce so as to cause the treatment effeciency of flow monitoring.
Summary of the invention
In order to overcome the deficiencies in the prior art described above, the invention reside in provide a kind of flow monitoring method, device and hold
Row server can reduce the memory space of server and the consumption of computing resource, help to improve the efficiency to flow monitoring.
To achieve the goals above, technical solution provided by the embodiment of the present invention is as follows:
In a first aspect, the embodiment of the present invention provides a kind of flow monitoring method, applied to including dispatch server and at least
The distribution service of one execute server, which comprises
The dispatch server receives the uplink traffic data packet that user terminal is sent, and by the uplink traffic data packet
It is sent to execute server;
The execute server verifies the uplink traffic data packet according to default verification rule, described in determination
Whether uplink traffic data packet is abnormal;
When to be no, the execute server is sent and the uplink traffic data packet corresponding time to the user terminal
Complex data packet.
Optionally, above-mentioned execute server verifies the uplink traffic data packet according to default verification rule, wraps
Include following at least one mode:
Based on the corresponding transmission control protocol of the uplink traffic data packet, the execute server is to the uplink traffic
Data carry out field verification and/or checkmark and/or load data verification, wherein in field verification, mark school
Test, any one of load data verification verification it is obstructed out-of-date, determine that the uplink traffic data packet is abnormal;Or
Based on the corresponding source IP of the uplink traffic data packet, the execute server is to the corresponding use of the same source IP
The byte-sized or request number of times for the uplink traffic data packet that family terminal is sent are verified, wherein same in preset period of time
The byte for the uplink traffic data packet that the corresponding user terminal of the source IP is sent is not in preset flow threshold range, Huo Zhe
When the request number of times is more than preset times, determine that the uplink traffic data packet is abnormal.
Optionally, above-mentioned execute server verifies the uplink traffic data packet according to default verification rule, wraps
It includes:
Judge the biography that the uplink traffic data are used for transmission between the distribution service and the user terminal
Whether defeated channel establishes the three-way handshake of transmission control protocol connection;
When the transmission channel establishes the three-way handshake for having transmission control protocol to connect, the execute server judges institute
It states transmission channel and transmits the throughput of the uplink traffic data packet whether in default throughput range, when the transmission channel
When transmitting the throughput of the uplink traffic data packet not in default throughput range, determine that the uplink traffic data packet is different
Often;Alternatively,
When the transmission channel does not establish the three-way handshake of transmission control protocol connection, the execute server passes through
The transmission rate of the transmission channel, the byte-sized for the uplink traffic data packet transmitted in preset duration determine the uplink
Whether data on flows packet is abnormal, wherein in the transmission rate not in Preset Transfer speed range, or when described default
The byte-sized of the uplink traffic data packet of long transmission determines the uplink traffic data packet not in preset flow threshold range
It is abnormal.
Optionally, the above method further include: described to execute service when it is abnormal for determining the uplink traffic data packet
Device abandons the uplink traffic data packet.
Optionally, before the uplink traffic data packet is sent to execute server, the method also includes:
The dispatch server determines that target executes clothes from least one execute server according to default balance policy
Business device, wherein the target execute server is used to receive the uplink traffic data packet that the dispatch server is sent.
Optionally, the uplink traffic data packet is carried out verifying it according to default verification rule in the execute server
Before, the method also includes:
The execute server parses the uplink traffic data packet according to default resolution rules, and is parsed
Field afterwards is to verify the uplink traffic data packet.
Second aspect, the embodiment of the present invention provide a kind of flow monitoring device, applied to including dispatch server and at least
The distribution service of one execute server, described device include:
Receiving unit, for receiving the uplink traffic data packet of user terminal transmission, and by the uplink traffic data packet
It is sent to execute server;
Verification unit, for being verified according to default verification rule to the uplink traffic data packet, described in determination
Whether uplink traffic data packet is abnormal;
Transmission unit, for when the verification unit determines that the uplink traffic data packet is not abnormal, to the use
Family terminal sends reply data packet corresponding with the uplink traffic data packet.
Optionally, above-mentioned verification unit is also used to:
Based on the corresponding transmission control protocol of the uplink traffic data packet, the execute server is to the uplink traffic
Data carry out field verification and/or checkmark and/or load data verification, wherein in field verification, mark school
Test, any one of load data verification verification it is obstructed out-of-date, determine that the uplink traffic data packet is abnormal;Or
Based on the corresponding source IP of the uplink traffic data packet, the execute server is to the corresponding use of the same source IP
The byte-sized or request number of times for the uplink traffic data packet that family terminal is sent are verified, wherein same in preset period of time
The byte for the uplink traffic data packet that the corresponding user terminal of the source IP is sent is not in preset flow threshold range, Huo Zhe
When the request number of times is more than preset times, determine that the uplink traffic data packet is abnormal.
The third aspect, the embodiment of the present invention provide a kind of execute server, comprising:
Memory module;
Processing module;And
Flow monitoring device is stored in the memory module including one or more and is executed by the processing module
Software function module, the flow monitoring device include:
Receiving unit, for receiving the uplink traffic data packet of user terminal transmission, and by the uplink traffic data packet
It is sent to execute server;
Verification unit, for being verified according to default verification rule to the uplink traffic data packet, described in determination
Whether uplink traffic data packet is abnormal;
Transmission unit, for when the verification unit determines that the uplink traffic data packet is not abnormal, to the use
Family terminal sends reply data packet corresponding with the uplink traffic data packet.
Fourth aspect, the embodiment of the present invention provide a kind of computer readable storage medium, deposit in the readable storage medium storing program for executing
Computer program is contained, when the computer program is run on computers, so that the computer executes above-mentioned flow
Monitoring method.
In terms of existing technologies, flow monitoring method provided by the invention, device and execute server at least have
Below the utility model has the advantages that this method receives the uplink traffic data packet that user terminal is sent by dispatch server, and by upstream
Amount data packet is sent to execute server;Execute server verifies uplink traffic data packet according to default verification rule,
To determine whether uplink traffic data packet is abnormal;When to be no, execute server is sent and uplink traffic data to user terminal
Wrap corresponding reply data packet.Because of the uplink traffic data packet that execute server only obtains dispatch server from user terminal
Flow monitoring is carried out, that is, execute server is only monitored the uplink traffic of user terminal, without to user terminal
Downlink traffic data are monitored, and reduce the amount of data processing, it is possible to be saved the memory space of service system, and then be subtracted
The pressure of light service system flow monitoring processing, helps to improve the efficiency of flow monitoring processing.
To enable the above objects, features and advantages of the present invention to be clearer and more comprehensible, the embodiment of the present invention is cited below particularly, and match
Appended attached drawing is closed, is described in detail below.
Detailed description of the invention
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below will be to needed in the embodiment attached
Figure is briefly described.It should be appreciated that the following drawings illustrates only certain embodiments of the present invention, therefore it is not construed as pair
The restriction of range for those of ordinary skill in the art without creative efforts, can also be according to this
A little attached drawings obtain other relevant attached drawings.
Fig. 1 is the interaction schematic diagram of execute server provided in an embodiment of the present invention, dispatch server and user terminal.
Fig. 2 is the block diagram of execute server provided in an embodiment of the present invention.
Fig. 3 is the flow diagram of flow monitoring method provided in an embodiment of the present invention.
Fig. 4 is the block diagram of flow monitoring device provided in an embodiment of the present invention.
Icon: 10- execute server;11- processing module;12- communication module;13- memory module;20- dispatch server;
30- user terminal;100- flow monitoring device;110- receiving unit;120- verification unit;130- transmission unit.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description.Obviously, described embodiment is only a part of the embodiments of the present invention, instead of all the embodiments.It is logical
The component for the embodiment of the present invention being often described and illustrated herein in the accompanying drawings can be arranged and be designed with a variety of different configurations.
Therefore, the detailed description of the embodiment of the present invention provided in the accompanying drawings is not intended to limit below claimed
The scope of the present invention, but be merely representative of selected embodiment of the invention.Based on the embodiment of the present invention, those skilled in the art
Member's every other embodiment obtained without making creative work, shall fall within the protection scope of the present invention.
It should also be noted that similar label and letter indicate similar terms in following attached drawing, therefore, once a certain Xiang Yi
It is defined in a attached drawing, does not then need that it is further defined and explained in subsequent attached drawing.In addition, term " the
One ", " second " etc. is only used for distinguishing description, is not understood to indicate or imply relative importance.
In traffic security field, existing server can carry out research and application to uplink traffic and downlink traffic, with true
Whether fixed include abnormal flow.And uplink traffic and the data volume of downlink traffic are big, and downlink traffic is usually exponentially more than
Uplink traffic, that is to say, that the data volume for the flow that server needs to monitor is big, this can occupy the memory space of server, and right
Computing resource consumption is high, so as to cause the low efficiency of flow monitoring data processing.
With reference to the accompanying drawing, it elaborates to the embodiment of the present invention.In the absence of conflict, following embodiments and
Feature in embodiment can be combined with each other.
Fig. 1 is please referred to, is execute server 10 provided in an embodiment of the present invention, dispatch server 20 and user terminal 30
Interaction schematic diagram.Distribution service provided in an embodiment of the present invention may include dispatch server 20 and at least one execution
Server 10, dispatch server 20 is established by network and at least one execute server 10 and is communicated to connect, and carries out data friendship
Mutually.Dispatch server 20 is established by network by network and at least one user terminal 30 and is communicated to connect, to carry out data friendship
Mutually.Target execute server 10 at least one execute server 10 established by network and user terminal 30 communicate to connect with
Carry out data interaction.Wherein, distribution service can be the service system of load balancing, under can be used for executing or realizing
Each step for stating flow monitoring method can be reduced the occupancy of memory space, and can reduce meter during realizing flow monitoring
The consumption (can be regarded as reducing occupancy/utilization rate of central processing unit) for calculating resource, improves the treatment effeciency to flow monitoring.
It referring to figure 2., is the block diagram of execute server 10 provided in an embodiment of the present invention.In the present embodiment,
Execute server 10 may include processing module 11, communication module 12, memory module 13 and flow monitoring device 100, processing
Directly or indirectly electrically connect between module 11, communication module 12, memory module 13 and each element of flow monitoring device 100
It connects, to realize the transmission or interaction of data.For example, these elements can pass through one or more communication bus or signal between each other
Line, which is realized, to be electrically connected.
It referring to figure 3., is the flow diagram of flow monitoring method provided in an embodiment of the present invention.The embodiment of the present invention mentions
The flow monitoring method of confession can be applied to above-mentioned distribution service, real by dispatch server 20 and execute server 10
Each step of existing flow monitoring method can reduce the occupancy to system memory space, have on the basis of realizing flow monitoring
Help raising system to the treatment effeciency of flow monitoring.
In the present embodiment, flow monitoring method may comprise steps of:
Step S210, dispatch server 20 receive the uplink traffic data packet that user terminal 30 is sent, and by uplink traffic
Data packet is sent to execute server 10;
Step S220, execute server 10 verifies uplink traffic data packet according to default verification rule, with determination
Whether uplink traffic data packet is abnormal;
Step S230, when to be no, execute server 10 sends corresponding with uplink traffic data packet to user terminal 30
Reply data packet.
Each step of flow monitoring method shown in Fig. 3 will be described in detail below:
Step S210, dispatch server 20 receive the uplink traffic data packet that user terminal 30 is sent, and by uplink traffic
Data packet is sent to execute server 10.
In the present embodiment, dispatch server 20 receives uplink traffic data packet from user terminal 30, it will be appreciated that for scheduling
Server 20 receives the upstream data that user terminal 30 is sent.Data that dispatch server 20 is sent to user terminal 30 or other
Server can be regarded as the downlink data of user terminal 30 to the data that user terminal 30 is sent.Normally, user terminal 30
The byte of downlink data is exponentially to be higher than the byte of downlink data.For in the traffic environment of magnanimity, the present embodiment by pair
The upstream data of user terminal 30 carries out flow monitoring processing, can reduce the amount of data processing, reduces system and stores upstream
The occupied memory space of data packet is measured, the computing capability for saving central processing unit is facilitated, so that execute server 10/ is dispatched
The treatment effeciency of server 20 is improved, and avoids collapsing because the amount of data processing is excessive.
Wherein, uplink traffic data packet includes but is not limited to TCP (Transmission Control Protocol, transmission
Control protocol) data packet, IP (Internet Protocol, network protocol) data packet, it can be data packet and pass through shape after recombination
At data packet.Specifically, what uplink traffic data packet can send for user terminal 30 to dispatch server 20 is used to request
The data packet of business.Requested service can be configured according to the actual situation, including but not limited to, video download request, news
Acquisition request, text acquisition request, picture acquisition request etc. are here not especially limited uplink traffic data.
Optionally, before uplink traffic data packet is sent to execute server 10, method can also include: scheduling clothes
Device 20 be engaged according to default balance policy, determines target execute server 10 from least one execute server 10, wherein mesh
Mark execute server 10 is used to receive the uplink traffic data packet of the transmission of dispatch server 20.
In the present embodiment, default balance policy can be configured according to the actual situation.For example, can be from multiple execution
It is the smallest one or more as target execute server 10 that utilization rate of central processing unit is chosen in server 10;If uplink
Data on flows packet quantity is more, and dispatch server 20 can preset multiple uplink traffic data packets according to this according to preset order
Sequence is successively sent to an execute server 10, and a uplink traffic data packet is sent to an execute server 10, wherein
The execute server 10 of dispatch server 20 to the transmission uplink traffic data packet of execute server 10 is just target execute server
10.Then, uplink traffic data packet is sent to target execute server 10 by dispatch server 20, so that destination server is to upper
Row data on flows packet carries out respective handling.For example, being monitored to the safety of uplink traffic data packet, if safety, responds
The corresponding request of uplink traffic data packet, and the request content of response is directly fed back into user terminal 30, it no longer needs to pass through tune
It spends server 20 and the respond request content of feedback is sent to the user terminal 30, so as to reduce the pressure of dispatch server 20
Power.Based on this, facilitates the load balancing of the execute server 10 in distributed deployment, avoid leading to portion because of load imbalance
The pressure of point execute server 10 is excessive and is unable to operate normally.
Step S220, execute server 10 verifies uplink traffic data packet according to default verification rule, with determination
Whether uplink traffic data packet is abnormal.
In the present embodiment, presetting verification rule can be configured according to the actual situation, as long as can be to uplink traffic number
It is monitored according to the safety of packet.Based on this, execute server 10 can determine whether uplink traffic data packet is tool
The data packet for thering is DDoS (Distributed Denial of Service, distributed denial of service) to attack.
For example, step S220 may include that following at least one mode is realized:
Based on the corresponding transmission control protocol of uplink traffic data packet, execute server 10 carries out word to uplink traffic data
Section verification and/or checkmark and/or load data verification, wherein in field verification, checkmark, load data verification
Any one of verification it is obstructed out-of-date, determine that uplink traffic data packet is abnormal.
Alternatively, being based on the corresponding source IP of uplink traffic data packet, execute server 10 is whole to the corresponding user of same source IP
The byte-sized or request number of times for the uplink traffic data packet that end 30 is sent are verified, wherein in preset period of time, same source
The byte for the uplink traffic data packet that the corresponding user terminal 30 of IP is sent is not in preset flow threshold range, or in request time
When number is more than preset times, determine that uplink traffic data packet is abnormal.
Understandably, field verification, checkmark, load data verification can be used for uplink traffic data packet transport protocol
Validity check.Wherein, the principle of field verification may include: to judge whether preset field conflicts in uplink traffic data,
For example, mutually conflicting if the source IP address of uplink traffic data packet is identical as purpose IP address for IP address (preset field);Or
Person, if source port number and destination slogan are the same port of same equipment, for port collision, then uplink traffic data packet
Field verification it is just unqualified, that is to say, that the uplink traffic data packet is abnormal data packet.Wherein, preset field can root
It is configured according to actual conditions, is not especially limited here.
The principle of checkmark may include: first extract from uplink traffic data packet extract uplink traffic data packet in it is pre-
It is marked with will, then judges that these default marks indicate whether that uplink traffic data packet is abnormal.For example, if TCP data packet (on
Row data on flows packet) it simultaneously include syn mark and fin mark, then it is determined that the TCP data packet is abnormal data packet.Its
In, default mark is the mark that uplink traffic data packet identifies in advance, can be configured according to the actual situation, not make to have here
Body limits.
The principle of load data verification may include: to generally include load data in uplink traffic data packet.And for
Normal load data is to parse to obtain corresponding contents, and for improper load data, can not usually parse to obtain in
Hold or can not be parsed.Http protocol and HTTPS agreement such as based on Transmission Control Protocol, the load data of TCP is regular
And part field can be parsed, if load data parses to obtain all 0xff values, then the uplink traffic data packet becomes different
Regular data.
For example, six flag bits are all 1, six flag bits are all 0, SYN and FIN flag position while being 1, SYN and RST mark
Will position is simultaneously 1, FIN and RST flag bit is simultaneously 1, and PSH, FIN and URG flag bit are simultaneously 1, and only FIN flag position is 1, only
PSH flag bit is 1, and only URG flag bit is 1, SYN the and SYN-ACK message with load, and SYN, RST and FIN flag position are 1
Fragment message.
Optionally, step S220 may include: to judge to be used for transmission between distribution service and user terminal 30
Whether the transmission channel of row data on flows establishes the three-way handshake of transmission control protocol connection.
When transmission channel establishes the three-way handshake for having transmission control protocol to connect, execute server 10 judges transmission channel
Transmit uplink traffic data packet throughput (unit of throughput can be data packet it is per second (Packets per Second,
PPS)) whether in default throughput range, when the throughput of transmission channel transmission uplink traffic data packet is not handled up default
When in rate range, determine that uplink traffic data packet is abnormal.Wherein, presetting throughput range can be set according to the actual situation
It sets, is not especially limited here.
Alternatively, execute server 10 passes through when transmission channel does not establish the three-way handshake of transmission control protocol connection
The transmission rate of transmission channel, the byte-sized for the uplink traffic data packet transmitted in preset duration determine uplink traffic data
Whether packet is abnormal, wherein in transmission rate not in Preset Transfer speed range, or in the uplink traffic of preset duration transmission
The byte-sized of data packet determines that uplink traffic data packet is abnormal not in preset flow threshold range.Wherein, preset duration,
If transmission rate range and preset flow threshold range can be configured according to the actual situation, it is not especially limited here.
In the present embodiment, three-way handshake can be the three-way handshake between user terminal 30 and dispatch server 20.It can
Understand ground, on the basis of three-way handshake, total byte of uplink traffic data packet is more than pre- if detecting in preset duration
If flow threshold range, generally means that and currently deposit ddos attack, the uplink traffic data in the period can be regarded as
Abnormal data.
Wherein, it is how to track to hold consultation to make the transmission of data segment and connect that three-way handshake, which is to the data volume sent every time,
Receive and synchronize, based on the received the data validation number and data of data volume and determination send, receive after when cancel connection
System, and establish virtual connections.
Specifically, for example, shaking hands for the first time: when establishing connection, user terminal 30 sends syn packet (syn=j) to scheduling clothes
Business device 20, and enter SYN_SENT state, wait dispatch server 20 to confirm;SYN: synchronizing sequence numbers (Synchronize
Sequence Numbers)。
Second handshake: syn packet is received to dispatch server 20, it is necessary to confirm the SYN (ack=j+1) of user terminal 30,
A SYN packet (syn=k), i.e. SYN+ACK packet oneself are also sent simultaneously, dispatch server 20 enters SYN_RECV state at this time.
Third time is shaken hands: user terminal 30 receives the SYN+ACK packet of dispatch server 20, sends really to dispatch server 20
Recognize packet ACK (ack=k+1), this packet is sent, and user terminal 30 and dispatch server 20 enter ESTABLISHED (TCP company
It is connected into function) state, complete three-way handshake.After completing three-way handshake, user terminal 30 and dispatch server 20 start to transmit data,
As user terminal 30 transmits uplink traffic data to dispatch server 20 by the transmission channel based on three-way handshake.
Optionally, before step S220, method further include:
Execute server 10 parses uplink traffic data packet according to default resolution rules, and the word after being parsed
Section is to verify uplink traffic data packet.
Optionally, in the present embodiment, it is also based on the data packet of tcp uplink traffic recombination, flow is monitored.
Wherein, default resolution rules can be configured according to the actual situation, in order to which execute server 10 is from upstream
The field of needs is parsed in amount data packet.For example, execute server 10 can be from uplink traffic data packet with parsing source
Location, destination address, source port, destination port, protocol number this five fields (being referred to as five-tuple) pass through the data of five-tuple
Hash function processing obtains a unique cryptographic Hash, unique identification of this cryptographic Hash as session, using tcpsyn packet as weight
The beginning of group carries the data in this session, is then constantly added in corresponding conversational list.With tcp fin or rst packet work
Timing timeout mechanism is then taken turns come triggering session recombination using the time if it is TCP long connection for the end of recombination.Wherein, session
It can be regarded as the process that uplink traffic data are carried out with flow monitoring.Conversational list can be used for counting the inspection of each uplink traffic data
Survey result and progress.
In addition, timeout mechanism using based on the data packet (uplink traffic data packet) in TCP connection it is to be understood that drive
The dynamic data structure of building in advance is operated, when this company in specified duration (specified duration can be configured according to the actual situation)
The arrival of no data packet is connected, corresponding TCP connection is removed from conversational list.Based on this, it is periodically real to can solve high-volume
When task schedule slow problem of progress due to time-consuming for waiting.
The dispatching algorithm time complexity of the abstract structure optimized is O (1), solves the high-volume period under production environment
The scheduling difficult point of property real-time task.Wherein, O (1) can indicate the complexity of Hash table, it will be appreciated that it is the complexity of single order,
It is exactly that complexity is lower.
Data packet after analysis recombination realizes that the principle of flow monitoring can be such that
Calculate downlink data packet: the packet (in addition to the data packet of three-way handshake) that payload length is 0 in upstream data packet is pair
The confirmation ack packet of downlink data, data package size are the difference between first packet and the last one packet ack.
Calculate upstream data packet: in upstream data packet payload length greater than 0 packet be by user client transmission it is pure on
Row data, the data package size of each segmentation are added up at the case where also having segment transmissions once in a while, total uplink that you can get it
The size of flow.
After the byte-sized of upstream data packet or downlink data packet has been determined, it can be compared with corresponding preset threshold
Compared with for example, if uplink traffic is excessive, such as more than preset flow, then then thinking Traffic Anomaly.
Furthermore it is also possible to judge whether the data in the same session meet condition, for example tcp connection is established, still
It is but transmitted before the deadline without data, such as in the case where not establishing connection, begins to send the feelings such as clear data
Condition is just abnormal flow.
Step S230, when to be no, execute server 10 sends corresponding with uplink traffic data packet to user terminal 30
Reply data packet.
Understandably, if uplink traffic data packet is normal data packet (not being abnormal data packet), then server
Respective handling will be executed according to the content of uplink traffic data packet.For example, if uplink traffic data packet is substantially user terminal
30 requests for foradownloaded video sent, then execute server 10 will respond the request, and from the corresponding clothes of video source
Business device gets video, and video content is then sent directly to user terminal 30, without as also needing to regard in the prior art
Frequency content carries out traffic security monitoring and is sent to the user terminal 30 by dispatch server 20 again, to reduce execute server
10, the amount of the data processing of dispatch server 20 helps to improve the efficiency of flow monitoring.
Optionally, method further include: when it is abnormal for determining uplink traffic data packet, execute server 10 abandons uplink
Data on flows packet.
Understandably, if uplink traffic data packet is abnormal data packet, execute server 10 directly abandons the data packet, keeps away
Exempt from abnormal data packet to attack execute server 10, and execute server 10 is unable to operate normally.Such as, however, it is determined that
Uplink traffic data packet has ddos attack out, then by the uplink traffic data packet discarding, to improve the peace of execute server 10
Quan Xing.
It referring to figure 4., is the block diagram of flow monitoring device 100 provided in an embodiment of the present invention.The present invention is implemented
The flow monitoring device 100 that example provides can be applied to above-mentioned distribution service, for executing flow monitoring method
Each step can reduce the occupancy to system memory space during flow monitoring, reduce the consumption to computing resource,
Promote the treatment effeciency of flow monitoring.Wherein, flow monitoring device 100 may include that receiving unit 110, verification unit 120 are seen
And transmission unit 130.
Receiving unit 110, for receiving the uplink traffic data packet of the transmission of user terminal 30, and by uplink traffic data packet
It is sent to execute server 10.
Verification unit 120, for being verified according to default verification rule to uplink traffic data packet, to determine upstream
Whether abnormal measure data packet.
Optionally, verification unit 120 is also used to: being based on the corresponding transmission control protocol of uplink traffic data packet, is executed clothes
Device 10 be engaged in the progress field verification of uplink traffic data and/or checkmark and/or load data verification, wherein in field
Any one of verification, checkmark, load data verification verification are obstructed out-of-date, determine that uplink traffic data packet is abnormal.Or base
In the upstream that the corresponding source IP of uplink traffic data packet, execute server 10 send the corresponding user terminal of same source IP 30
The byte-sized or request number of times for measuring data packet are verified, wherein in preset period of time, the corresponding user terminal of same source IP
30 send uplink traffic data packets byte not in preset flow threshold range, or request number of times be more than preset times
When, determine that uplink traffic data packet is abnormal.
Optionally, verification unit is also used to: judging to be used for transmission uplink between distribution service and user terminal 30
Whether the transmission channel of data on flows establishes the three-way handshake of transmission control protocol connection.When transmission channel foundation has transmission to control
When the three-way handshake of agreement processed connection, execute server 10 judge transmission channel transmit uplink traffic data packet throughput whether
In default throughput range, when the throughput of transmission channel transmission uplink traffic data packet is not in default throughput range
When, determine that uplink traffic data packet is abnormal.Alternatively, when transmission channel does not establish the three-way handshake of transmission control protocol connection
When, execute server 10 passes through the transmission rate of transmission channel, the byte for the uplink traffic data packet transmitted in preset duration
Size determines whether uplink traffic data packet is abnormal, wherein in transmission rate not in Preset Transfer speed range, or pre-
If the byte-sized of the uplink traffic data packet of duration transmission determines uplink traffic data packet not in preset flow threshold range
It is abnormal.
Transmission unit 130, for verification unit 120 determine uplink traffic data packet be not abnormal when, to user terminal
30 send reply data packet corresponding with uplink traffic data packet.
Optionally, flow monitoring device 100 further includes discarding unit, for determining that uplink traffic data packet is abnormal
When, execute server 10 abandons uplink traffic data packet.
Optionally, flow monitoring device 100 further includes scheduling determination unit.In receiving unit 110 by uplink traffic data
Packet is sent to before execute server 10, and scheduling determination unit is used to execute service from least one according to balance policy is preset
Target execute server 10 is determined in device 10, wherein target execute server 10 is used to receive the transmission of dispatch server 20
Uplink traffic data packet.
Optionally, flow monitoring device 100 further includes resolution unit.It is right according to default verification rule in verification unit 120
Before uplink traffic data packet is verified, resolution unit is for solving uplink traffic data packet according to default resolution rules
Analysis, and the field after being parsed is to verify uplink traffic data packet.
It should be noted that it is apparent to those skilled in the art that, for convenience and simplicity of description, on
The specific work process of the flow monitoring device 100 of description is stated, it can be with reference to each step corresponding process in preceding method, herein
No longer excessively repeat.
In the present embodiment, user terminal 30 may be, but not limited to, smart phone, PC (personal
Computer, PC), tablet computer, personal digital assistant (personal digital assistant, PDA), mobile Internet access set
Standby (mobile Internet device, MID) etc..Network may be, but not limited to, cable network or wireless network.
Referring once again to Fig. 2, in the present embodiment, processing module 11 can be a kind of IC chip, have signal
Processing capacity.Above-mentioned processing module 11 can be general processor.For example, the processor can be central processing unit
At (Central Processing Unit, CPU), graphics processor (Graphics Processing Unit, GPU), network
Manage device (Network Processor, NP) etc.;Can also be digital signal processor (DSP), specific integrated circuit (ASIC),
Field programmable gate array (FPGA) either other programmable logic device, discrete gate or transistor logic, discrete hard
Part component.It may be implemented or execute disclosed each method, step and the logic diagram in the embodiment of the present invention.
Communication module 12 is used to establish leading to for execute server 10 and dispatch server 20 and user terminal 30 by network
Letter connection, and pass through network sending and receiving data.
Memory module 13 may be, but not limited to, random access memory, read-only memory, programmable read only memory,
Erasable Programmable Read Only Memory EPROM, electrically erasable programmable read-only memory etc..In the present embodiment, memory module 13 can be with
For storing uplink traffic data packet, default verification rule etc..Certainly, memory module 13 can be also used for storage program, processing
Module 11 executes the program after receiving and executing instruction.
Further, flow monitoring device 100 includes that at least one can be deposited in the form of software or firmware (firmware)
The software function for being stored in memory module 13 or being solidificated in 10 operating system of execute server (operating system, OS)
Module.Processing module 11 is used to execute the executable module stored in memory module 13, such as included by flow monitoring device 100
Software function module and computer program etc..
It is understood that structure shown in Fig. 2 is only a kind of structural schematic diagram of execute server 10, execute server
10 can also include than more or fewer components shown in Fig. 2.Each component shown in Fig. 2 can using hardware, software or its
Combination is realized.
The embodiment of the present invention also provides a kind of computer readable storage medium.Computer journey is stored in readable storage medium storing program for executing
Sequence, when computer program is run on computers, so that computer is executed such as the flow monitoring method in above-described embodiment.
Through the above description of the embodiments, those skilled in the art can be understood that the present invention can lead to
Hardware realization is crossed, the mode of necessary general hardware platform can also be added to realize by software, based on this understanding, this hair
Bright technical solution can be embodied in the form of software products, which can store in a non-volatile memories
In medium (can be CD-ROM, USB flash disk, mobile hard disk etc.), including some instructions are used so that a computer equipment (can be
Personal computer, server or network equipment etc.) execute method described in each implement scene of the present invention.
In conclusion the present invention provides a kind of flow monitoring method, device and execute server.This method passes through scheduling clothes
Business device receives the uplink traffic data packet that user terminal is sent, and uplink traffic data packet is sent to execute server;It executes
Server verifies uplink traffic data packet according to default verification rule, to determine whether uplink traffic data packet is abnormal;
When to be no, execute server sends reply data packet corresponding with uplink traffic data packet to user terminal.Because executing clothes
Business device only carries out flow monitoring, that is, execute server to the uplink traffic data packet that dispatch server is obtained from user terminal
Only the uplink traffic of user terminal is monitored, is monitored without the downlink traffic data to user terminal, reduces number
According to the amount of processing, it is possible to the memory space of service system is saved, and then mitigates the pressure of service system flow monitoring processing,
Help to improve the efficiency of flow monitoring processing.
In embodiment provided by the present invention, it should be understood that disclosed devices, systems, and methods can also lead to
Other modes are crossed to realize.Devices, systems, and methods embodiment described above is only schematical, for example, in attached drawing
Flow chart and block diagram show that the system of multiple embodiments according to the present invention, the possibility of method and computer program product are real
Existing architecture, function and operation.In this regard, each box in flowchart or block diagram can represent module, a journey
A part of sequence section or code, a part of the module, section or code include one or more for realizing defined
The executable instruction of logic function.It should also be noted that in some implementations as replacement, function marked in the box
It can also occur in a different order than that indicated in the drawings.For example, two continuous boxes can actually be substantially in parallel
It executes, they can also be executed in the opposite order sometimes, and this depends on the function involved.It is also noted that block diagram and/
Or the combination of each box in flow chart and the box in block diagram and or flow chart, can with execute as defined in function or
The dedicated hardware based system of movement is realized, or can be realized using a combination of dedicated hardware and computer instructions.
In addition, each functional module in each embodiment of the present invention can integrate one independent part of formation together, it can also be with
It is modules individualism, an independent part can also be integrated to form with two or more modules.
It can replace, can be realized wholly or partly by software, hardware, firmware or any combination thereof.When
When using software realization, can entirely or partly it realize in the form of a computer program product.The computer program product
Including one or more computer instructions.It is all or part of when loading on computers and executing the computer program instructions
Ground is generated according to process or function described in the embodiment of the present invention.The computer can be general purpose computer, special purpose computer,
Computer network or other programmable devices.The computer instruction may be stored in a computer readable storage medium, or
Person is transmitted from a computer readable storage medium to another computer readable storage medium, for example, the computer instruction
Wired (such as coaxial cable, optical fiber, digital subscriber can be passed through from a web-site, computer, server or data center
Line (DSL)) or wireless (such as infrared, wireless, microwave etc.) mode to another web-site, computer, server or data
It is transmitted at center.The computer readable storage medium can be any usable medium that computer can access and either wrap
The data storage devices such as server, the data center integrated containing one or more usable mediums.The usable medium can be magnetic
Property medium, (for example, floppy disk, hard disk, tape), optical medium (for example, DVD) or semiconductor medium (such as solid state hard disk
Solid State Disk (SSD)) etc..
The foregoing is only a preferred embodiment of the present invention, is not intended to restrict the invention, for the skill of this field
For art personnel, the invention may be variously modified and varied.All within the spirits and principles of the present invention, made any to repair
Change, equivalent replacement, improvement etc., should all be included in the protection scope of the present invention.
Claims (10)
1. a kind of flow monitoring method, which is characterized in that applied to including dispatch server and at least one execute server
Distribution service, which comprises
The dispatch server receives the uplink traffic data packet that user terminal is sent, and the uplink traffic data packet is sent
To execute server;
The execute server verifies the uplink traffic data packet according to default verification rule, with the determination uplink
Whether data on flows packet is abnormal;
When to be no, the execute server sends reply number corresponding with the uplink traffic data packet to the user terminal
According to packet.
2. the method according to claim 1, wherein the execute server is according to default verification rule to described
Uplink traffic data packet is verified, including following at least one mode:
Based on the corresponding transmission control protocol of the uplink traffic data packet, the execute server is to the uplink traffic data
Carry out field verification and/or checkmark and/or load data verification, wherein in the field verification, checkmark, bear
It is obstructed out-of-date to carry the verification of any one of data check, determines that the uplink traffic data packet is abnormal;Or
Based on the corresponding source IP of the uplink traffic data packet, the execute server is whole to the corresponding user of the same source IP
The byte-sized or request number of times for holding the uplink traffic data packet sent are verified, wherein same described in preset period of time
The byte for the uplink traffic data packet that the corresponding user terminal of source IP is sent is not in preset flow threshold range, or described
When request number of times is more than preset times, determine that the uplink traffic data packet is abnormal.
3. the method according to claim 1, wherein the execute server is according to default verification rule to described
Uplink traffic data packet is verified, comprising:
Judge that the transmission that the uplink traffic data are used for transmission between the distribution service and the user terminal is logical
Whether road establishes the three-way handshake of transmission control protocol connection;
When the transmission channel establishes the three-way handshake for having transmission control protocol to connect, the execute server judges the biography
Whether the throughput of uplink traffic data packet described in defeated channel transfer is in default throughput range, when the transmission channel is transmitted
When the throughput of the uplink traffic data packet is not in default throughput range, determine that the uplink traffic data packet is abnormal;
Alternatively,
When the transmission channel does not establish the three-way handshake of transmission control protocol connection, the execute server passes through described
The transmission rate of transmission channel, the byte-sized for the uplink traffic data packet transmitted in preset duration determine the uplink traffic
Whether data packet is abnormal, wherein in the transmission rate not in Preset Transfer speed range, or in preset duration biography
The byte-sized of defeated uplink traffic data packet determines that the uplink traffic data packet is different not in preset flow threshold range
Often.
4. the method according to claim 1, wherein the method also includes: determining the uplink traffic
When data packet is abnormal, the execute server abandons the uplink traffic data packet.
5. the method according to claim 1, wherein the uplink traffic data packet is sent to the service of execution
Before device, the method also includes:
The dispatch server determines that target executes service from least one execute server according to default balance policy
Device, wherein the target execute server is used to receive the uplink traffic data packet that the dispatch server is sent.
6. method described in any one of -5 according to claim 1, which is characterized in that in the execute server according to default
Before verification rule verifies the uplink traffic data packet, the method also includes:
The execute server parses the uplink traffic data packet according to default resolution rules, and after being parsed
Field is to verify the uplink traffic data packet.
7. a kind of flow monitoring device, which is characterized in that applied to including dispatch server and at least one execute server
Distribution service, described device include:
Receiving unit is sent for receiving the uplink traffic data packet of user terminal transmission, and by the uplink traffic data packet
To execute server;
Verification unit, for being verified according to default verification rule to the uplink traffic data packet, with the determination uplink
Whether data on flows packet is abnormal;
Transmission unit, for when the verification unit determines that the uplink traffic data packet is not abnormal, Xiang Suoshu user to be whole
End sends reply data packet corresponding with the uplink traffic data packet.
8. device according to claim 7, which is characterized in that the verification unit is also used to:
Based on the corresponding transmission control protocol of the uplink traffic data packet, the execute server is to the uplink traffic data
Carry out field verification and/or checkmark and/or load data verification, wherein in the field verification, checkmark, bear
It is obstructed out-of-date to carry the verification of any one of data check, determines that the uplink traffic data packet is abnormal;Or
Based on the corresponding source IP of the uplink traffic data packet, the execute server is whole to the corresponding user of the same source IP
The byte-sized or request number of times for holding the uplink traffic data packet sent are verified, wherein same described in preset period of time
The byte for the uplink traffic data packet that the corresponding user terminal of source IP is sent is not in preset flow threshold range, or described
When request number of times is more than preset times, determine that the uplink traffic data packet is abnormal.
9. a kind of execute server characterized by comprising
Memory module;
Processing module;And
Flow monitoring device, the software for being stored in the memory module and being executed by the processing module including one or more
Functional module, the flow monitoring device include:
Receiving unit is sent for receiving the uplink traffic data packet of user terminal transmission, and by the uplink traffic data packet
To execute server;
Verification unit, for being verified according to default verification rule to the uplink traffic data packet, with the determination uplink
Whether data on flows packet is abnormal;
Transmission unit, for when the verification unit determines that the uplink traffic data packet is not abnormal, Xiang Suoshu user to be whole
End sends reply data packet corresponding with the uplink traffic data packet.
10. a kind of computer readable storage medium, which is characterized in that it is stored with computer program in the readable storage medium storing program for executing,
When the computer program is run on computers, so that the computer is executed such as any one of claim 1-6 institute
The flow monitoring method stated.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811327450.6A CN109462586A (en) | 2018-11-08 | 2018-11-08 | Flow monitoring method, device and execute server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811327450.6A CN109462586A (en) | 2018-11-08 | 2018-11-08 | Flow monitoring method, device and execute server |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109462586A true CN109462586A (en) | 2019-03-12 |
Family
ID=65609778
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811327450.6A Pending CN109462586A (en) | 2018-11-08 | 2018-11-08 | Flow monitoring method, device and execute server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109462586A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111010409A (en) * | 2020-01-07 | 2020-04-14 | 南京林业大学 | Encryption attack network flow detection method |
| CN112887319A (en) * | 2021-02-01 | 2021-06-01 | 上海帆一尚行科技有限公司 | Network state monitoring method and device based on downlink traffic and electronic equipment |
| CN113098875A (en) * | 2021-04-02 | 2021-07-09 | 北京兰云科技有限公司 | Network monitoring method and device |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007071881A2 (en) * | 2005-12-19 | 2007-06-28 | France Telecom | Terminal-accessible service use evaluation |
| CN101494598A (en) * | 2008-01-25 | 2009-07-29 | 华为技术有限公司 | Flow control method, device and system |
| CN101827033A (en) * | 2010-04-30 | 2010-09-08 | 北京搜狗科技发展有限公司 | Method and device for controlling network traffic and local area network system |
| CN106792618A (en) * | 2016-11-30 | 2017-05-31 | 宇龙计算机通信科技(深圳)有限公司 | Flux monitoring method and device and terminal |
| CN106850687A (en) * | 2017-03-29 | 2017-06-13 | 北京百度网讯科技有限公司 | Method and apparatus for detecting network attack |
| CN107395550A (en) * | 2016-05-16 | 2017-11-24 | 腾讯科技(深圳)有限公司 | The defence method and server of a kind of network attack |
| CN108322418A (en) * | 2017-01-16 | 2018-07-24 | 深圳兆日科技股份有限公司 | The detection method and device of unauthorized access |
| CN108600208A (en) * | 2018-04-12 | 2018-09-28 | 南京中新赛克科技有限责任公司 | A kind of fine granularity flow arbitration device and method for server cluster |
-
2018
- 2018-11-08 CN CN201811327450.6A patent/CN109462586A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007071881A2 (en) * | 2005-12-19 | 2007-06-28 | France Telecom | Terminal-accessible service use evaluation |
| CN101494598A (en) * | 2008-01-25 | 2009-07-29 | 华为技术有限公司 | Flow control method, device and system |
| CN101827033A (en) * | 2010-04-30 | 2010-09-08 | 北京搜狗科技发展有限公司 | Method and device for controlling network traffic and local area network system |
| CN107395550A (en) * | 2016-05-16 | 2017-11-24 | 腾讯科技(深圳)有限公司 | The defence method and server of a kind of network attack |
| CN106792618A (en) * | 2016-11-30 | 2017-05-31 | 宇龙计算机通信科技(深圳)有限公司 | Flux monitoring method and device and terminal |
| CN108322418A (en) * | 2017-01-16 | 2018-07-24 | 深圳兆日科技股份有限公司 | The detection method and device of unauthorized access |
| CN106850687A (en) * | 2017-03-29 | 2017-06-13 | 北京百度网讯科技有限公司 | Method and apparatus for detecting network attack |
| CN108600208A (en) * | 2018-04-12 | 2018-09-28 | 南京中新赛克科技有限责任公司 | A kind of fine granularity flow arbitration device and method for server cluster |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111010409A (en) * | 2020-01-07 | 2020-04-14 | 南京林业大学 | Encryption attack network flow detection method |
| CN111010409B (en) * | 2020-01-07 | 2021-08-17 | 南京林业大学 | Encryption attack network flow detection method |
| CN112887319A (en) * | 2021-02-01 | 2021-06-01 | 上海帆一尚行科技有限公司 | Network state monitoring method and device based on downlink traffic and electronic equipment |
| CN112887319B (en) * | 2021-02-01 | 2022-07-01 | 上海帆一尚行科技有限公司 | Network state monitoring method and device based on downlink traffic and electronic equipment |
| CN113098875A (en) * | 2021-04-02 | 2021-07-09 | 北京兰云科技有限公司 | Network monitoring method and device |
| CN113098875B (en) * | 2021-04-02 | 2023-01-10 | 北京兰云科技有限公司 | Network monitoring method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11196653B2 (en) | Systems and methods for dynamic bandwidth allocation and optimization | |
| US20140164640A1 (en) | Small packet priority congestion control for data center traffic | |
| CN109462586A (en) | Flow monitoring method, device and execute server | |
| US20140164641A1 (en) | Congestion control for data center traffic | |
| US9712374B1 (en) | Network services resource management | |
| WO2018112877A1 (en) | Path calculating and access request distributing methods, devices and systems | |
| EP2755363A1 (en) | Data-fast-distribution method and device | |
| EP3119132B1 (en) | Access port queuing & resource management | |
| Hayajneh et al. | A green approach for selfish misbehavior detection in 802.11-based wireless networks | |
| Gomez et al. | A survey on TCP enhancements using P4-programmable devices | |
| Jeon et al. | Experimental evaluation of improved IoT middleware for flexible performance and efficient connectivity | |
| CN104380686B (en) | Method and system, NG Fire-walled Clients and NG SOCKS servers for implementing NG fire walls | |
| KR101448951B1 (en) | Apparatus and method for processing packet | |
| Huang et al. | A buffer management algorithm for improving up/down transmission congestion protocol fairness in IEEE 802.11 wireless local area networks | |
| JP2011171995A (en) | Device, method, and program for discriminating data | |
| CN112436982B (en) | Network flow automatic mixed running test method, system, terminal and storage medium | |
| Dashtbozorgi et al. | A high-performance and scalable multi-core aware software solution for network monitoring | |
| JP2018046404A (en) | Relay device, relay system, relay program, and relay method | |
| CN106549815B (en) | Apparatus and method for real-time deep application recognition in a network | |
| CN114124489B (en) | Method, cleaning device, equipment and medium for preventing flow attack | |
| EP3716549A1 (en) | Bandwidth management | |
| US11483241B2 (en) | Network traffic metering credit distribution in network device having multiple processing units | |
| CN116938598B (en) | Information transmission method, apparatus, electronic device, and computer-readable medium | |
| JP6060723B2 (en) | COMMUNICATION SYSTEM, TRANSMITTER, AND COMMUNICATION CONTROL METHOD | |
| US8593972B2 (en) | Method to verify a drop probability curve |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: Room 311501, Unit 1, Building 5, Courtyard 1, Futong East Street, Chaoyang District, Beijing Applicant after: BEIJING KNOWNSEC INFORMATION TECHNOLOGY Co.,Ltd. Address before: Room 311501, Unit 1, Building 5, Courtyard 1, Futong East Street, Chaoyang District, Beijing Applicant before: BEIJING KNOWNSEC INFORMATION TECHNOLOGY Co.,Ltd. |
|
| CB02 | Change of applicant information | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190312 |
|
| RJ01 | Rejection of invention patent application after publication |