CN109510776A - Flow control methods and device - Google Patents

Flow control methods and device Download PDF

Info

Publication number
CN109510776A
CN109510776A CN201811191734.7A CN201811191734A CN109510776A CN 109510776 A CN109510776 A CN 109510776A CN 201811191734 A CN201811191734 A CN 201811191734A CN 109510776 A CN109510776 A CN 109510776A
Authority
CN
China
Prior art keywords
forwarded
flow
flowspec
rule
flow control
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811191734.7A
Other languages
Chinese (zh)
Other versions
CN109510776B (en
Inventor
梅树
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Technologies Co Ltd Hefei Branch
Original Assignee
New H3C Technologies Co Ltd Hefei Branch
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by New H3C Technologies Co Ltd Hefei Branch filed Critical New H3C Technologies Co Ltd Hefei Branch
Priority to CN201811191734.7A priority Critical patent/CN109510776B/en
Publication of CN109510776A publication Critical patent/CN109510776A/en
Application granted granted Critical
Publication of CN109510776B publication Critical patent/CN109510776B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/20Traffic policing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/24Traffic characterised by specific attributes, e.g. priority or QoS
    • H04L47/2425Traffic characterised by specific attributes, e.g. priority or QoS for supporting services specification, e.g. SLA
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/24Traffic characterised by specific attributes, e.g. priority or QoS
    • H04L47/2441Traffic characterised by specific attributes, e.g. priority or QoS relying on flow classification, e.g. using integrated services [IntServ]
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application provides a kind of flow control methods and device, applied to the network equipment, network equipment has several Flowspec rules and other flow control policies, one Flowspec rule includes at least corresponding traffic characteristic and discharge pattern information, method includes: to extract the traffic characteristic of the flow to be forwarded received, and the target Flowspec for determining that the traffic characteristic of traffic characteristic and flow to be forwarded matches from several Flowspec rules is regular;The discharge pattern of target Flowspec rule is determined as to the discharge pattern of flow to be forwarded;According to the discharge pattern of flow to be forwarded, determine target Flowspec rule and other flow control policies executes sequence, and treats converting flow according to execution sequence and be forwarded.In this way, configure the execution sequence between Flowspec rule and other flow control policies can, the flexibility of network system flow control is improved.

Description

Flow control methods and device
Technical field
This application involves network communication technology fields, in particular to a kind of flow control methods and device.
Background technique
In some network communications scenarios, need to carry out the flow in network system scheduling of overall importance, for example, existing Flowspec technology is used in technology, Flowspec control strategy is issued by each network equipment into network system, is made each The network equipment controls the forwarding of flow according to Flowspec control strategy, thus realize to the flow in network system into Row scheduling.But each network equipment itself is there may be some local flow control policies, due to Flowspec control strategy and There are problems that executing sequencing between the local traffic policy of the network equipment, cause when there is local traffic policy Flowspec control strategy application will receive influence, flexibly cannot carry out flow scheduling according to networking application situation.
Summary of the invention
In a first aspect, the application provides a kind of flow control methods, it is applied to the network equipment, the network equipment has Several Flowspec rules and other flow control policies, it is special that a Flowspec rule includes at least corresponding flow Discharge pattern of seeking peace information, which comprises
The traffic characteristic of the flow to be forwarded received is extracted, and determines outflow from several Flowspec rules The target Flowspec rule that the traffic characteristic of feature and the flow to be forwarded matches;
The discharge pattern of the target Flowspec rule is determined as to the discharge pattern of the flow to be forwarded;
According to the discharge pattern of the flow to be forwarded, the target Flowspec rule and other flow control plans are determined That omits executes sequence, and is forwarded according to the execution sequence to the flow to be forwarded.
Optionally, the method also includes:
Receive the Flowspec message that flow strategy controller is sent;
The Flowspec rule to be disposed that the Flowspec message carries is deployed in local, and according to described wait dispose The corresponding discharge pattern of Flowspec rule, the configuration Flowspec rule to be disposed and other flow control policies Execute sequence.
Optionally, the corresponding discharge pattern of the Flowspec rule to be disposed, the configuration Flowspec rule to be disposed Then the step of execution sequence with other flow control policies, comprising:
Extract the TLV field of the Flowspec message;
When determining the type field of the TLV field for preset value, determine that the Flowspec message is carried to portion Affix one's name to FLowspec rule, and the FLowspec rule to be disposed described in local disposition;
Obtain the TLV field Value field carry discharge pattern, configure it is corresponding with the discharge pattern described in Deployment Flowspec rule and other flow control policies execute sequence.
Optionally, the Value field of the TLV field further includes the identification information of at least one network equipment;The side Method further include:
The identification information of itself is matched with the identification information of at least one network equipment, it is described extremely with judgement The identification information to match in the identification information of few network equipment with the presence or absence of the identification information with itself;
If it exists, then the Flowspec to be disposed described in local disposition is regular;
Otherwise, the Flowspec to be disposed described in local disposition is not regular.
Optionally, other flow control policies are the local flow control policy disposed in the network equipment;Institute The discharge pattern according to the flow to be forwarded is stated, determines holding for the target Flowspec rule and other flow control policies Row sequence, and the step of flow to be forwarded is forwarded according to the execution sequence, comprising:
If the discharge pattern of the flow to be forwarded is the preset first kind, the target Flowspec rule is executed The flow to be forwarded is forwarded;
If the discharge pattern of the flow to be forwarded is preset Second Type, the target Flowspec is first carried out Rule is forwarded the flow to be forwarded, then executes the local flow control policy and turn to the flow to be forwarded Hair;
If the discharge pattern of the flow to be forwarded is preset third type, the local flow control plan is first carried out Slightly the flow to be forwarded is forwarded, if the local flow control policy executes failure, executes the target Flowspec rule is forwarded the flow to be forwarded.
Second aspect, the application provide a kind of volume control device, are applied to the network equipment, if the network equipment has Dry Flowspec rule and other flow control policies, a Flowspec rule include at least traffic characteristic and class of traffic Type, described device include:
Extraction module is advised for extracting the traffic characteristic of the flow to be forwarded received, and from several Flowspec The target Flowspec rule that the traffic characteristic of traffic characteristic and the flow to be forwarded matches is determined in then;
Determination type module, for the discharge pattern of the target Flowspec rule to be determined as the flow to be forwarded Discharge pattern;
Control module is forwarded, for the discharge pattern according to the flow to be forwarded, determines the target Flowspec rule Then with the sequence that executes of other flow control policies, and the flow to be forwarded is forwarded according to execution sequence.
Optionally, described device further include:
Receiving module, for receiving the Flowspec message of flow strategy controller transmission;
Regular deployment module, the Flowspec rule to be disposed for carrying the Flowspec message are deployed in this Ground, and according to the regular corresponding discharge pattern of the Flowspec to be disposed, the configuration Flowspec rule to be disposed and institute That states other flow control policies executes sequence.
Optionally, the regular deployment module is specifically used for:
Extract the TLV field of the Flowspec message;
When determining the type field of the TLV field for preset value, determine that the Flowspec message is carried to portion Affix one's name to FLowspec rule, and the FLowspec rule to be disposed described in local disposition;
Obtain the TLV field Value field carry discharge pattern, configure it is corresponding with the discharge pattern described in Deployment Flowspec rule and other flow control policies execute sequence.
Optionally, the Value field of the TLV field further includes the identification information of at least one network equipment;The rule Then deployment module is also used to:
The identification information of itself is matched with the identification information of at least one network equipment, it is described extremely with judgement The identification information to match in the identification information of few network equipment with the presence or absence of the identification information with itself;
If it exists, then the Flowspec to be disposed described in local disposition is regular;
Otherwise, the Flowspec to be disposed described in local disposition is not regular.
Optionally, other flow control policies include the local flow control policy disposed in the network equipment; The forwarding control module is specifically used for:
If the discharge pattern of the flow to be forwarded is the preset first kind, the target Flowspec rule are executed Then the flow to be forwarded is forwarded;
If the discharge pattern of the flow to be forwarded is preset Second Type, the target Flowspec is first carried out Rule is forwarded the flow to be forwarded, then executes the local flow control policy and turn to the flow to be forwarded Hair;
If the discharge pattern of the flow to be forwarded is preset third type, the local flow control plan is first carried out Slightly the flow to be forwarded is forwarded, if the local flow control policy executes failure, executes the target Flowspec rule is forwarded the flow to be forwarded.
In terms of existing technologies, the application has the advantages that
Flow control methods and device provided by the present application, it is corresponding by being matched according to the traffic characteristic of flow to be forwarded Target Flowspec rule, the discharge pattern of flow to be forwarded is determined according to target Flowspec rule, and according to discharge pattern Determine Flowspec rule and other flow control policies executes sequence, in this way, making Flowspec rule and other flow controls Execution sequence between system strategy can configure, and improve the flexibility to network system flow control.
Detailed description of the invention
Technical solution in ord to more clearly illustrate embodiments of the present application, below will be to needed in the embodiment attached Figure is briefly described, it should be understood that the following drawings illustrates only some embodiments of the application, therefore is not construed as pair The restriction of range for those of ordinary skill in the art without creative efforts, can also be according to this A little attached drawings obtain other relevant attached drawings.
Fig. 1 is the flow diagram of flow control methods provided by the embodiments of the present application;
Fig. 2 is that control strategy provided by the embodiments of the present application selects schematic diagram;
Fig. 3 is the interaction schematic diagram of the network equipment provided by the embodiments of the present application and traffic policy controller;
Fig. 4 is the hardware structural diagram of the network equipment provided by the embodiments of the present application;
Fig. 5 is one of the functional block diagram of volume control device provided by the embodiments of the present application;
Fig. 6 is the two of the functional block diagram of volume control device provided by the embodiments of the present application.
Icon: 10- network system;The 100- network equipment;110- volume control device;111- extraction module;112- type Determining module;113- forwards control module;114- receiving module;115- rule deployment module;120- machine readable storage is situated between Matter;130- processor;200- traffic policy controller.
Specific embodiment
To keep the purposes, technical schemes and advantages of the embodiment of the present application clearer, below in conjunction with the embodiment of the present application In attached drawing, the technical scheme in the embodiment of the application is clearly and completely described, it is clear that described embodiment is Some embodiments of the present application, instead of all the embodiments.The application being usually described and illustrated herein in the accompanying drawings is implemented The component of example can be arranged and be designed with a variety of different configurations.
Therefore, the detailed description of the embodiments herein provided in the accompanying drawings is not intended to limit below claimed Scope of the present application, but be merely representative of the selected embodiment of the application.Based on the embodiment in the application, this field is common Technical staff's every other embodiment obtained without creative efforts belongs to the model of the application protection It encloses.
It should also be noted that similar label and letter indicate similar terms in following attached drawing, therefore, once a certain Xiang Yi It is defined in a attached drawing, does not then need that it is further defined and explained in subsequent attached drawing.
Fig. 1 is please referred to, it, can in the network equipment the present embodiment provides a kind of flow control methods applied to the network equipment To be deployed with the Flowspec strategy comprising several Flowspec rules and other flow control policies, a Flowspec in advance Rule includes at least traffic characteristic, discharge pattern information and flow control movement.Wherein, traffic characteristic may include the mesh of flow The letter such as network protocol (Internet Protocol, IP) address, destination port, source IP address, source port, application protocol Breath;Discharge pattern information may include the classes such as attack traffic, the higher flow of dispatching priority, the lower flow of dispatching priority Type;Flow control movement may include the movement such as redirection, speed limit, interception.Below to flow control side provided in this embodiment Each step of method is described in detail.
Step S110 extracts the traffic characteristic of the flow to be forwarded received, and determines from several Flowspec rules The target Flowspec rule that the traffic characteristic of outflow feature and flow to be forwarded matches.
The discharge pattern of target Flowspec rule is determined as the discharge pattern of flow to be forwarded by step S120.
Step S130 determines target Flowspec rule and other flow controls according to the discharge pattern of flow to be forwarded Strategy executes sequence, and treats converting flow according to execution sequence and be forwarded.
It in the present embodiment, can be according to the traffic characteristic of flow to be forwarded after the network equipment receives flow to be forwarded It is matched, is determined with the corresponding traffic characteristic information of several Flowspec rule for being previously deployed at network equipment local The target Flowspec rule that the traffic characteristic of outflow characteristic information and flow to be forwarded matches.Then the mesh that will be determined Mark discharge pattern of the corresponding discharge pattern of Flowspec rule as the flow to be forwarded.
In the present embodiment, for the flow to be forwarded of different discharge pattern, it is provided with corresponding target Flowspec rule It is then different between other flow control policies to execute sequence (i.e. flow control movement execute sequence), specifically, being directed to The flow to be forwarded of different flow type, the network equipment can select in target Flowspec rule and other flow control policies The forwarding for treating converting flow is taken to be controlled, it can also be in target Flowspec rule and other flow control policies It chooses multiple, is controlled using the forwarding that corresponding strategy execution sequence treats converting flow.
Optionally, in the present embodiment, other flow control policies may include the local flow disposed in the network equipment Control strategy, discharge pattern can include but is not limited to following three types.
It in step s 130, can only performance objective if the discharge pattern of flow to be forwarded is the preset first kind Flowspec rule is treated converting flow and is forwarded.
Specifically, the flow of the first kind can be the attack traffic intercepted, and target Flowspec rule is right The flow control movement answered is the flow for intercepting the first kind, therefore is directed to the flow of the first kind, corresponding target Flowspec rule needs highest priority, and after performance objective Flowspec rule intercepts flow, no longer It executes other local traffic policies and is forwarded control.
If the discharge pattern of flow to be forwarded is preset Second Type, first carries out target Flowspec rule and (hold The corresponding flow control movement of row target Flowspec rule) it treats converting flow and is forwarded, then execute other local flows Control strategy (executing the corresponding flow control movement of other flow control policies) is treated converting flow and is forwarded.
Specifically, the flow of Second Type can be that the higher flow of dispatching priority can for the flow of Second Type It is controlled with the forwarding for first target Flowspec rule being used to treat converting flow, it is always square with the overall scheduling for controlling flow To the forwarding for then treating converting flow further according to the local flow control policy of traffic characteristic matching of flow to be forwarded is controlled System.
For example, referring to figure 2., it is assumed that on network equipment 100A, target Flowspec that certain flow matches to be forwarded arrives The corresponding discharge pattern of rule is Second Type, and the corresponding flow control movement of target Flowspec rule is that this is to be forwarded Flow is redirected to link 1 and is sent, then can first carry out target Flowspec rule and execute redirection movement, then execute The other local flow control policies disposed on detection link 1, it is assumed that detect that there is also the local streams for speed limit on link 1 Control strategy is measured, then Control for Speed Limitation is being carried out to the flow to be forwarded.
If discharge pattern is preset third type, first carries out local flow control policy and treat converting flow and turned Hair, if local flow control policy failure, then performance objective Flowspec rule are treated converting flow and be forwarded.
Specifically, the flow of third type can be that the lower flow of dispatching priority can for the flow of third type The forwarding that local flow control policy treats converting flow is matched according to the traffic characteristic of flow to be forwarded with elder generation to be controlled, When the local flow control policy fails, then performance objective Flowspec rule is treated the forwarding of converting flow and is controlled.
For example, referring once again to Fig. 2, it is assumed that on network equipment 100A, target that certain flow matches to be forwarded arrives The discharge pattern of Flowspec rule be third type, flow control movement for by the flow to be forwarded be redirected to link 2 into Row is sent, but there is also the flow to be forwarded is redirected to the local flow that link 3 is sent on network equipment 100A Control strategy, then it is preferential to execute local flow control policy, which is redirected to link 3 and is sent, at this After the failure of ground flow control policy, then performance objective Flowspec rule, which is redirected to link 2 and is sent out It send.
It, can be for the to be forwarded of different flow type in flow control methods provided in this embodiment based on above-mentioned design Flow, determine Flowspec rule and other flow control policies executes sequence, so as to avoid Flowspec rule and its Its flow control policy generates conflict.
Optionally, in an embodiment of the present embodiment, Flowspec strategy can be previously deployed at the network equipment In.
In the another embodiment of the present embodiment, referring to figure 3., multiple network equipments 100 are assisted by borde gateway It is totally interconnected to discuss (Border Gateway Protocol, abbreviation BGP), or passes through Router Reflector (Route Reflector) group Net, then, multiple network equipments 100 can be communicated with a traffic policy controller 200.
Traffic policy controller 200 can issue Flowspec strategy to each network equipment 100 in network system 10. The traffic policy controller 200 can be software-driven wide area network (Application-driven Wide Area Network, abbreviation ADWAN) the ADWAN controller that uses in technology.The network equipment 100 can receive traffic policy control The Flowspec message that device 200 is sent.
In this embodiment, the network equipment 100 is in the Flowspec message for receiving the transmission of flow strategy controller 200 Afterwards, Flowspec rule to be disposed is extracted from the Flowspec message, and is somebody's turn to do Flowspec rule to be disposed in local disposition, And the flow control of the Flowspec rule to be disposed is determined according to the regular corresponding discharge pattern of the Flowspec to be disposed What movement and the flow control of other flow control policies acted executes sequence.
Specifically, Flowspec message can be Network Layer Reachable Information (Network Layer Reachability Information, abbreviation NLRI) the BGP message of Flowspec rule is carried in field.The network equipment 100 can receive To after Flowspec message, TLV (type-length-value, type-length-value) field of Flowspec message is extracted. When determining the Type field of the TLV field for preset value, determine that Flowspec message carries FLowspec rule to be disposed Then, and in local disposition it is somebody's turn to do FLowspec rule to be disposed.For example, preset value can be 13, the network equipment 100 is being detected When the TLV field that the type field is 13, determine that the Flowspec message received carries FLowspec rule to be disposed.
Then the network equipment 100 obtains the discharge pattern that the Value field of TLV field carries, and is being locally configured and is being somebody's turn to do The flow control movement and the flow control of other flow control policies of the corresponding Flowspec rule to be disposed of discharge pattern are dynamic Work executes sequence.
It optionally, in the present embodiment, can also include at least one network equipment in the Value field of TLV field Identification information.For example, the router of at least one network equipment 100 can be can recorde in the Value field of the TLV field Id, IP address, the media access control address (Media Access Control, MAC) or other for uniquely characterize network set The mark of standby identity.
The network equipment 100 after receiving the Flowspec message carried wait dispose FLowspec rule, by itself The identification information of at least one network equipment carried in identification information and Flowspec message is matched, with judgement at least one The identification information to match in the identification information of a network equipment with the presence or absence of the identification information with itself.
If it exists, then the Flowspec to be disposed is regular in local disposition for the network equipment 100;
Otherwise the network equipment 100 is not somebody's turn to do Flowspec rule to be disposed in local disposition.
It, can be by traffic policy controller 200 uniformly in the method that provides in the present embodiment based on above-mentioned design Flowspec strategy is issued, for the Flowspec rule of different network equipment various combinations, so as to entire The flow of network system carries out Global motion planning management.
Referring to figure 4., Fig. 4 is the block diagram of the network equipment 100 shown in Fig. 3.The network equipment 100 may include Machine readable storage medium 120 and processor 130.
It is directly or indirectly electrically connected between machine readable storage medium 120 and processor 130, to realize the biography of data Defeated or interaction.It is electrically connected for example, these elements can be realized between each other by one or more communication bus or signal wire.And And processor 130 is executable by reading and executing machine corresponding with flow control logic in machine readable storage medium 120 Above-described flow control methods can be performed in instruction, processor 130.
Machine readable storage medium 120 referred to herein can be any electronics, magnetism, optics or other physical stores Device may include or store information, such as executable instruction, data, etc..For example, machine readable storage medium 120 can be with It is: RAM (Radom Access Memory, random access memory), volatile memory, nonvolatile memory, flash memory, deposits Store up driver (such as hard disk drive), solid state hard disk, any kind of storage dish (such as CD, dvd) or similar storage Medium or their combination.
Referring to figure 5., the present embodiment also provides a kind of volume control device 110, which includes extremely Few one can be stored in machine readable storage medium 120 or be solidificated in network in the form of software or firmware (firmware) and set Software function module in standby 100 operating system (operating system, OS).Processor 130 can execute machine can Read the executable module that stores in storage medium 120, for example, execute software function module included by volume control device 110 and Computer program etc..The volume control device 110 may include extraction module 111, determination type module 112 and forwarding control mould Block 113.
Extraction module 111 is used to extract the traffic characteristic of the flow to be forwarded received, and regular from several Flowspec In determine the target Flowspec rule that the traffic characteristic of traffic characteristic and flow to be forwarded matches.
In the present embodiment, extraction module 111 can be used for executing step S110 shown in FIG. 1, the tool about extraction module 111 Body description can join the description to step S110.
Determination type module 112 is for obtaining the stream that the discharge pattern of target Flowspec rule is determined as to flow to be forwarded Measure type.
In the present embodiment, determination type module 112 can be used for executing step S120 shown in Fig. 2, determine mould about type The specific descriptions of block 112 can join the description to step S120.
It forwards control module 113 to be used for the discharge pattern according to flow to be forwarded, determines target Flowspec rule and its Its flow control policy executes sequence, and treats converting flow according to execution sequence and be forwarded.
In the present embodiment, forwarding control module 113 can be used for executing step S130 shown in Fig. 2, control mould about forwarding The specific descriptions of block 113 can join the description to step S130.
Optionally, Fig. 6 is please referred to, in the present embodiment, volume control device 110 further includes receiving module 114 and rule Deployment module 115.
Receiving module 114 is used to receive the Flowspec message of the transmission of flow strategy controller 200.
Regular deployment module 115 is used to the Flowspec rule to be disposed that the Flowspec message carries being deployed in this Ground, and according to the regular corresponding discharge pattern of the Flowspec to be disposed, the configuration Flowspec rule to be disposed and institute That states other flow control policies executes sequence.
Optionally, regular deployment module 115 is specifically used for:
Extract the TLV field of the Flowspec message;
When determining the type field of the TLV field for preset value, determine that the Flowspec message is carried to portion Affix one's name to FLowspec rule, and the FLowspec rule to be disposed described in local disposition;
Obtain the TLV field Value field carry discharge pattern, configure it is corresponding with the discharge pattern described in Deployment Flowspec rule and other flow control policies execute sequence.
Optionally, the Value field of TLV field further includes the identification information of at least one network equipment.Rule deployment mould Block 115 is also used to:
The identification information of itself is matched with the identification information of at least one network equipment, it is described extremely with judgement The identification information to match in the identification information of few network equipment with the presence or absence of the identification information with itself;
If it exists, then the Flowspec to be disposed described in local disposition is regular;
Otherwise, the Flowspec to be disposed described in local disposition is not regular.
Optionally, other flow control policies include the local flow control policy disposed in the network equipment.Forwarding control Module 113 is specifically used for:
If the discharge pattern of the flow to be forwarded is the preset first kind, the target Flowspec rule are executed Then the flow to be forwarded is forwarded;
If the discharge pattern of the flow to be forwarded is preset Second Type, the target Flowspec is first carried out Rule is forwarded the flow to be forwarded, then executes the local flow control policy and turn to the flow to be forwarded Hair;
If the discharge pattern of the flow to be forwarded is preset third type, the local flow control plan is first carried out Slightly the flow to be forwarded is forwarded, if the local flow control policy executes failure, executes the target Flowspec rule is forwarded the flow to be forwarded.
In conclusion flow control methods provided by the present application and device, pass through the traffic characteristic according to flow to be forwarded Corresponding target Flowspec rule is matched, the discharge pattern of flow to be forwarded, and root are determined according to target Flowspec rule Execute sequence according to what discharge pattern determined Flowspec rule and other flow control policies, in this way, make Flowspec rule and Execution sequence between other flow control policies can configure, and improve the flexibility to network system flow control.
In embodiment provided herein, it should be understood that disclosed device and method, it can also be by other Mode realize.The apparatus embodiments described above are merely exemplary, for example, the flow chart and block diagram in attached drawing are shown According to device, the architectural framework in the cards of method and computer program product, function of multiple embodiments of the application And operation.In this regard, each box in flowchart or block diagram can represent one of a module, section or code Point, a part of the module, section or code includes one or more for implementing the specified logical function executable Instruction.It should also be noted that function marked in the box can also be attached to be different from some implementations as replacement The sequence marked in figure occurs.For example, two continuous boxes can actually be basically executed in parallel, they sometimes may be used To execute in the opposite order, this depends on the function involved.It is also noted that each of block diagram and or flow chart The combination of box in box and block diagram and or flow chart can be based on the defined function of execution or the dedicated of movement The system of hardware is realized, or can be realized using a combination of dedicated hardware and computer instructions.
In addition, each functional module in each embodiment of the application can integrate one independent portion of formation together Point, it is also possible to modules individualism, an independent part can also be integrated to form with two or more modules.
It, can be with if the function is realized and when sold or used as an independent product in the form of software function module It is stored in a computer readable storage medium.Based on this understanding, the technical solution of the application is substantially in other words The part of the part that contributes to existing technology or the technical solution can be embodied in the form of software products, the meter Calculation machine software product is stored in a storage medium, including some instructions are used so that a computer equipment (can be a People's computer, server or network equipment etc.) execute each embodiment the method for the application all or part of the steps. And storage medium above-mentioned includes: that USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), arbitrary access are deposited The various media that can store program code such as reservoir (RAM, Random Access Memory), magnetic or disk.
It should be noted that, in this document, relational terms such as first and second and the like are used merely to a reality Body or operation are distinguished with another entity or operation, are deposited without necessarily requiring or implying between these entities or operation In any actual relationship or order or sequence.Moreover, the terms "include", "comprise" or its any other variant are intended to Non-exclusive inclusion, so that the process, method, article or equipment including a series of elements is not only wanted including those Element, but also including other elements that are not explicitly listed, or further include for this process, method, article or equipment Intrinsic element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that There is also other identical elements in process, method, article or equipment including the element.
The above, the only specific embodiment of the application, but the protection scope of the application is not limited thereto, it is any Those familiar with the art within the technical scope of the present application, can easily think of the change or the replacement, and should all contain Lid is within the scope of protection of this application.Therefore, the protection scope of the application shall be subject to the protection scope of the claim.

Claims (10)

1. a kind of flow control methods, which is characterized in that be applied to the network equipment, the network equipment has several Flowspec rule and other flow control policies, a Flowspec rule include at least corresponding traffic characteristic and stream Measure type information, which comprises
The traffic characteristic of the flow to be forwarded received is extracted, and determines traffic characteristic from several Flowspec rules The target Flowspec rule to match with the traffic characteristic of the flow to be forwarded;
The discharge pattern of the target Flowspec rule is determined as to the discharge pattern of the flow to be forwarded;
According to the discharge pattern of the flow to be forwarded, the target Flowspec rule and other flow control policies are determined Sequence is executed, and the flow to be forwarded is forwarded according to the execution sequence.
2. the method according to claim 1, wherein the method also includes:
Receive the Flowspec message that flow strategy controller is sent;
The Flowspec rule to be disposed that the Flowspec message carries is deployed in local, and according to described wait dispose The corresponding discharge pattern of Flowspec rule, the configuration Flowspec rule to be disposed and other flow control policies Execute sequence.
3. according to the method described in claim 2, it is characterized in that, it is described by the Flowspec message carry wait dispose Flowspec rule is deployed in local, and according to the corresponding discharge pattern of the Flowspec rule to be disposed, configuration it is described to The step of execution sequence of deployment Flowspec rule and other flow control policies, comprising:
Extract the TLV field of the Flowspec message;
When determining the type field of the TLV field for preset value, determine that the Flowspec message is carried wait dispose FLowspec rule, and the FLowspec rule to be disposed described in local disposition;
The discharge pattern that the Value field of the TLV field carries is obtained, is configured corresponding with the discharge pattern described wait dispose Flowspec rule and other flow control policies execute sequence.
4. according to the method described in claim 3, it is characterized in that, the Value field of the TLV field further includes at least one The identification information of the network equipment;The method also includes:
The identification information of itself is matched with the identification information of at least one network equipment, to judge described at least one The identification information to match in the identification information of a network equipment with the presence or absence of the identification information with itself;
If it exists, then the Flowspec to be disposed described in local disposition is regular;
Otherwise, the Flowspec to be disposed described in local disposition is not regular.
5. the method according to claim 1, wherein other flow control policies are in the network equipment The local flow control policy of deployment;The discharge pattern according to the flow to be forwarded, determines the target Flowspec Regular and other flow control policies execute sequence, and the flow to be forwarded is forwarded according to the execution sequence Step, comprising:
If the discharge pattern of the flow to be forwarded is the preset first kind, the target Flowspec rule is executed to institute Flow to be forwarded is stated to be forwarded;
If the discharge pattern of the flow to be forwarded is preset Second Type, it is right to first carry out the target Flowspec rule The flow to be forwarded is forwarded, then is executed the local flow control policy and be forwarded to the flow to be forwarded;
If the discharge pattern of the flow to be forwarded is preset third type, the local flow control policy pair is first carried out The flow to be forwarded is forwarded, if the local flow control policy executes failure, executes the target Flowspec Rule is forwarded the flow to be forwarded.
6. a kind of volume control device, which is characterized in that be applied to the network equipment, the network equipment has several Flowspec rule and other flow control policies, a Flowspec rule include at least corresponding traffic characteristic and stream Type information is measured, described device includes:
Extraction module, for extracting the traffic characteristic of the flow to be forwarded received, and from several Flowspec rules Determine the target Flowspec rule that the traffic characteristic of traffic characteristic and the flow to be forwarded matches;
Determination type module, for the discharge pattern of the target Flowspec rule to be determined as to the stream of the flow to be forwarded Measure type;
Forward control module, for the discharge pattern according to the flow to be forwarded, determine the target Flowspec rule and Other flow control policies execute sequence, and are forwarded according to the execution sequence to the flow to be forwarded.
7. device according to claim 6, which is characterized in that described device further include:
Receiving module, for receiving the Flowspec message of flow strategy controller transmission;
Regular deployment module, the Flowspec rule to be disposed for carrying the Flowspec message are deployed in local, and According to the corresponding discharge pattern of Flowspec the to be disposed rule, the Flowspec rule to be disposed and described other is configured Flow control policy executes sequence.
8. device according to claim 7, which is characterized in that the rule deployment module is specifically used for:
Extract the TLV field of the Flowspec message;
When determining the type field of the TLV field for preset value, determine that the Flowspec message is carried wait dispose FLowspec rule, and the FLowspec rule to be disposed described in local disposition;
The discharge pattern that the Value field of the TLV field carries is obtained, is configured corresponding with the discharge pattern described wait dispose Flowspec rule and other flow control policies execute sequence.
9. device according to claim 6, which is characterized in that the Value field of the TLV field further includes at least one The identification information of the network equipment;The rule deployment module is also used to:
The identification information of itself is matched with the identification information of at least one network equipment, to judge described at least one The identification information to match in the identification information of a network equipment with the presence or absence of the identification information with itself;
If it exists, then the Flowspec to be disposed described in local disposition is regular;
Otherwise, the Flowspec to be disposed described in local disposition is not regular.
10. device according to claim 6, which is characterized in that other flow control policies include that the network is set The local flow control policy of standby middle deployment;The forwarding control module is specifically used for:
If the discharge pattern of the flow to be forwarded is the preset first kind, the target Flowspec rule is executed to institute Flow to be forwarded is stated to be forwarded;
If the discharge pattern of the flow to be forwarded is preset Second Type, it is right to first carry out the target Flowspec rule The flow to be forwarded is forwarded, then is executed the local flow control policy and be forwarded to the flow to be forwarded;
If the discharge pattern of the flow to be forwarded is preset third type, the local flow control policy pair is first carried out The flow to be forwarded is forwarded, if the local flow control policy executes failure, executes the target Flowspec Rule is forwarded the flow to be forwarded.
CN201811191734.7A 2018-10-12 2018-10-12 Flow control method and device Active CN109510776B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811191734.7A CN109510776B (en) 2018-10-12 2018-10-12 Flow control method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811191734.7A CN109510776B (en) 2018-10-12 2018-10-12 Flow control method and device

Publications (2)

Publication Number Publication Date
CN109510776A true CN109510776A (en) 2019-03-22
CN109510776B CN109510776B (en) 2022-07-12

Family

ID=65746559

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811191734.7A Active CN109510776B (en) 2018-10-12 2018-10-12 Flow control method and device

Country Status (1)

Country Link
CN (1) CN109510776B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111817960A (en) * 2020-07-23 2020-10-23 杭州迪普信息技术有限公司 Message forwarding method and device of flow control equipment
CN112019431A (en) * 2019-05-29 2020-12-01 阿里巴巴集团控股有限公司 Method, device and equipment for processing forwarding rule
WO2023040729A1 (en) * 2021-09-16 2023-03-23 华为技术有限公司 Packet processing method, flow specification transmission method, and device, system and storage medium

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103078794A (en) * 2013-01-08 2013-05-01 杭州华三通信技术有限公司 Message processing control method and device
CN103346974A (en) * 2013-06-03 2013-10-09 华为技术有限公司 Controlling method of service process and network device
CN104811326A (en) * 2014-01-24 2015-07-29 中兴通讯股份有限公司 Service chain management method, service chain management system, and devices
WO2015174968A1 (en) * 2014-05-13 2015-11-19 Hewlett-Packard Development Company, L.P. Network access control at controller
US20160182300A1 (en) * 2014-12-17 2016-06-23 Cisco Technology, Inc., A Corporation Of California Selective Configuring of Throttling Engines for Flows of Packet Traffic
CN105871602A (en) * 2016-03-29 2016-08-17 华为技术有限公司 Control method, device and system for counting traffic
CN107026791A (en) * 2016-01-29 2017-08-08 华为技术有限公司 VPN vpn service optimization method and equipment
CN107404439A (en) * 2016-05-18 2017-11-28 华为技术有限公司 For redirecting the method and system, the network equipment and control device of data flow
CN107547432A (en) * 2017-08-28 2018-01-05 新华三信息安全技术有限公司 A kind of flow control methods and device
CN107925624A (en) * 2016-07-01 2018-04-17 华为技术有限公司 Message forwarding method, device and system based on business function chain SFC
CN108199965A (en) * 2017-12-28 2018-06-22 新华三技术有限公司 Flow spec list items delivery method, the network equipment, controller and autonomous system

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103078794A (en) * 2013-01-08 2013-05-01 杭州华三通信技术有限公司 Message processing control method and device
CN103346974A (en) * 2013-06-03 2013-10-09 华为技术有限公司 Controlling method of service process and network device
CN104811326A (en) * 2014-01-24 2015-07-29 中兴通讯股份有限公司 Service chain management method, service chain management system, and devices
WO2015174968A1 (en) * 2014-05-13 2015-11-19 Hewlett-Packard Development Company, L.P. Network access control at controller
US20160182300A1 (en) * 2014-12-17 2016-06-23 Cisco Technology, Inc., A Corporation Of California Selective Configuring of Throttling Engines for Flows of Packet Traffic
CN107026791A (en) * 2016-01-29 2017-08-08 华为技术有限公司 VPN vpn service optimization method and equipment
CN105871602A (en) * 2016-03-29 2016-08-17 华为技术有限公司 Control method, device and system for counting traffic
CN107404439A (en) * 2016-05-18 2017-11-28 华为技术有限公司 For redirecting the method and system, the network equipment and control device of data flow
CN107925624A (en) * 2016-07-01 2018-04-17 华为技术有限公司 Message forwarding method, device and system based on business function chain SFC
CN107547432A (en) * 2017-08-28 2018-01-05 新华三信息安全技术有限公司 A kind of flow control methods and device
CN108199965A (en) * 2017-12-28 2018-06-22 新华三技术有限公司 Flow spec list items delivery method, the network equipment, controller and autonomous system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
罗雨佳等: "基于BGP增强的流量调度技术", 《电信科学》 *
黄卓君: "一种基于Flow-Spec的网络异常流量防护策略", 《广东通信技术》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112019431A (en) * 2019-05-29 2020-12-01 阿里巴巴集团控股有限公司 Method, device and equipment for processing forwarding rule
CN112019431B (en) * 2019-05-29 2023-04-18 阿里巴巴集团控股有限公司 Method, device and equipment for processing forwarding rule
CN111817960A (en) * 2020-07-23 2020-10-23 杭州迪普信息技术有限公司 Message forwarding method and device of flow control equipment
WO2023040729A1 (en) * 2021-09-16 2023-03-23 华为技术有限公司 Packet processing method, flow specification transmission method, and device, system and storage medium

Also Published As

Publication number Publication date
CN109510776B (en) 2022-07-12

Similar Documents

Publication Publication Date Title
US10158561B2 (en) Data plane learning of bi-directional service chains
US10505804B2 (en) System and method of discovering paths in a network
US20230041892A1 (en) Event driven route control
CN106506274B (en) Dynamically-expandable efficient single-packet tracing method
CN106105115B (en) Method, medium and the device of service chaining for being originated by service node
US10084685B2 (en) Route reflector as a service
US9369435B2 (en) Method for providing authoritative application-based routing and an improved application firewall
US20160119253A1 (en) Method and system of performing service function chaining
US20200177606A1 (en) Synergistic dns security update
US11018937B2 (en) Determining an effect of a network configuration change
US20140181292A1 (en) Systems and methods for topology discovery and application in a border gateway protocol based data center
US20210160263A1 (en) Systems and methods for causation analysis of network traffic anomalies and security threats
CN109510776A (en) Flow control methods and device
CN104852840B (en) A kind of method and device exchanged visits between control virtual machine
CN106105165A (en) There is the dynamic service chain of network address translation detection
US20210226866A1 (en) Threat detection of application traffic flows
CN106713005A (en) Designated forwarder (DF) election based on static DF election procedure
US11516184B2 (en) Firewall service insertion across secure fabric preserving security group tags end to end with dual homed firewall
US11811613B2 (en) Method and apparatus for automated spanning-tree loop detection in networks
WO2018099309A1 (en) Route detection method and network device
CN112272145A (en) Message processing method, device, equipment and machine readable storage medium
CN114128217A (en) In-data plane network policy enforcement using IP addresses
EP3334105A1 (en) Embedding of context information in networking packets
US9954761B2 (en) Dynamic detection of VPN sites
CN107896188A (en) Data forwarding method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant