CN109510776A - Flow control methods and device - Google Patents
Flow control methods and device Download PDFInfo
- Publication number
- CN109510776A CN109510776A CN201811191734.7A CN201811191734A CN109510776A CN 109510776 A CN109510776 A CN 109510776A CN 201811191734 A CN201811191734 A CN 201811191734A CN 109510776 A CN109510776 A CN 109510776A
- Authority
- CN
- China
- Prior art keywords
- forwarded
- flow
- flowspec
- rule
- flow control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/20—Traffic policing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/24—Traffic characterised by specific attributes, e.g. priority or QoS
- H04L47/2425—Traffic characterised by specific attributes, e.g. priority or QoS for supporting services specification, e.g. SLA
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/24—Traffic characterised by specific attributes, e.g. priority or QoS
- H04L47/2441—Traffic characterised by specific attributes, e.g. priority or QoS relying on flow classification, e.g. using integrated services [IntServ]
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application provides a kind of flow control methods and device, applied to the network equipment, network equipment has several Flowspec rules and other flow control policies, one Flowspec rule includes at least corresponding traffic characteristic and discharge pattern information, method includes: to extract the traffic characteristic of the flow to be forwarded received, and the target Flowspec for determining that the traffic characteristic of traffic characteristic and flow to be forwarded matches from several Flowspec rules is regular;The discharge pattern of target Flowspec rule is determined as to the discharge pattern of flow to be forwarded;According to the discharge pattern of flow to be forwarded, determine target Flowspec rule and other flow control policies executes sequence, and treats converting flow according to execution sequence and be forwarded.In this way, configure the execution sequence between Flowspec rule and other flow control policies can, the flexibility of network system flow control is improved.
Description
Technical field
This application involves network communication technology fields, in particular to a kind of flow control methods and device.
Background technique
In some network communications scenarios, need to carry out the flow in network system scheduling of overall importance, for example, existing
Flowspec technology is used in technology, Flowspec control strategy is issued by each network equipment into network system, is made each
The network equipment controls the forwarding of flow according to Flowspec control strategy, thus realize to the flow in network system into
Row scheduling.But each network equipment itself is there may be some local flow control policies, due to Flowspec control strategy and
There are problems that executing sequencing between the local traffic policy of the network equipment, cause when there is local traffic policy
Flowspec control strategy application will receive influence, flexibly cannot carry out flow scheduling according to networking application situation.
Summary of the invention
In a first aspect, the application provides a kind of flow control methods, it is applied to the network equipment, the network equipment has
Several Flowspec rules and other flow control policies, it is special that a Flowspec rule includes at least corresponding flow
Discharge pattern of seeking peace information, which comprises
The traffic characteristic of the flow to be forwarded received is extracted, and determines outflow from several Flowspec rules
The target Flowspec rule that the traffic characteristic of feature and the flow to be forwarded matches;
The discharge pattern of the target Flowspec rule is determined as to the discharge pattern of the flow to be forwarded;
According to the discharge pattern of the flow to be forwarded, the target Flowspec rule and other flow control plans are determined
That omits executes sequence, and is forwarded according to the execution sequence to the flow to be forwarded.
Optionally, the method also includes:
Receive the Flowspec message that flow strategy controller is sent;
The Flowspec rule to be disposed that the Flowspec message carries is deployed in local, and according to described wait dispose
The corresponding discharge pattern of Flowspec rule, the configuration Flowspec rule to be disposed and other flow control policies
Execute sequence.
Optionally, the corresponding discharge pattern of the Flowspec rule to be disposed, the configuration Flowspec rule to be disposed
Then the step of execution sequence with other flow control policies, comprising:
Extract the TLV field of the Flowspec message;
When determining the type field of the TLV field for preset value, determine that the Flowspec message is carried to portion
Affix one's name to FLowspec rule, and the FLowspec rule to be disposed described in local disposition;
Obtain the TLV field Value field carry discharge pattern, configure it is corresponding with the discharge pattern described in
Deployment Flowspec rule and other flow control policies execute sequence.
Optionally, the Value field of the TLV field further includes the identification information of at least one network equipment;The side
Method further include:
The identification information of itself is matched with the identification information of at least one network equipment, it is described extremely with judgement
The identification information to match in the identification information of few network equipment with the presence or absence of the identification information with itself;
If it exists, then the Flowspec to be disposed described in local disposition is regular;
Otherwise, the Flowspec to be disposed described in local disposition is not regular.
Optionally, other flow control policies are the local flow control policy disposed in the network equipment;Institute
The discharge pattern according to the flow to be forwarded is stated, determines holding for the target Flowspec rule and other flow control policies
Row sequence, and the step of flow to be forwarded is forwarded according to the execution sequence, comprising:
If the discharge pattern of the flow to be forwarded is the preset first kind, the target Flowspec rule is executed
The flow to be forwarded is forwarded;
If the discharge pattern of the flow to be forwarded is preset Second Type, the target Flowspec is first carried out
Rule is forwarded the flow to be forwarded, then executes the local flow control policy and turn to the flow to be forwarded
Hair;
If the discharge pattern of the flow to be forwarded is preset third type, the local flow control plan is first carried out
Slightly the flow to be forwarded is forwarded, if the local flow control policy executes failure, executes the target
Flowspec rule is forwarded the flow to be forwarded.
Second aspect, the application provide a kind of volume control device, are applied to the network equipment, if the network equipment has
Dry Flowspec rule and other flow control policies, a Flowspec rule include at least traffic characteristic and class of traffic
Type, described device include:
Extraction module is advised for extracting the traffic characteristic of the flow to be forwarded received, and from several Flowspec
The target Flowspec rule that the traffic characteristic of traffic characteristic and the flow to be forwarded matches is determined in then;
Determination type module, for the discharge pattern of the target Flowspec rule to be determined as the flow to be forwarded
Discharge pattern;
Control module is forwarded, for the discharge pattern according to the flow to be forwarded, determines the target Flowspec rule
Then with the sequence that executes of other flow control policies, and the flow to be forwarded is forwarded according to execution sequence.
Optionally, described device further include:
Receiving module, for receiving the Flowspec message of flow strategy controller transmission;
Regular deployment module, the Flowspec rule to be disposed for carrying the Flowspec message are deployed in this
Ground, and according to the regular corresponding discharge pattern of the Flowspec to be disposed, the configuration Flowspec rule to be disposed and institute
That states other flow control policies executes sequence.
Optionally, the regular deployment module is specifically used for:
Extract the TLV field of the Flowspec message;
When determining the type field of the TLV field for preset value, determine that the Flowspec message is carried to portion
Affix one's name to FLowspec rule, and the FLowspec rule to be disposed described in local disposition;
Obtain the TLV field Value field carry discharge pattern, configure it is corresponding with the discharge pattern described in
Deployment Flowspec rule and other flow control policies execute sequence.
Optionally, the Value field of the TLV field further includes the identification information of at least one network equipment;The rule
Then deployment module is also used to:
The identification information of itself is matched with the identification information of at least one network equipment, it is described extremely with judgement
The identification information to match in the identification information of few network equipment with the presence or absence of the identification information with itself;
If it exists, then the Flowspec to be disposed described in local disposition is regular;
Otherwise, the Flowspec to be disposed described in local disposition is not regular.
Optionally, other flow control policies include the local flow control policy disposed in the network equipment;
The forwarding control module is specifically used for:
If the discharge pattern of the flow to be forwarded is the preset first kind, the target Flowspec rule are executed
Then the flow to be forwarded is forwarded;
If the discharge pattern of the flow to be forwarded is preset Second Type, the target Flowspec is first carried out
Rule is forwarded the flow to be forwarded, then executes the local flow control policy and turn to the flow to be forwarded
Hair;
If the discharge pattern of the flow to be forwarded is preset third type, the local flow control plan is first carried out
Slightly the flow to be forwarded is forwarded, if the local flow control policy executes failure, executes the target
Flowspec rule is forwarded the flow to be forwarded.
In terms of existing technologies, the application has the advantages that
Flow control methods and device provided by the present application, it is corresponding by being matched according to the traffic characteristic of flow to be forwarded
Target Flowspec rule, the discharge pattern of flow to be forwarded is determined according to target Flowspec rule, and according to discharge pattern
Determine Flowspec rule and other flow control policies executes sequence, in this way, making Flowspec rule and other flow controls
Execution sequence between system strategy can configure, and improve the flexibility to network system flow control.
Detailed description of the invention
Technical solution in ord to more clearly illustrate embodiments of the present application, below will be to needed in the embodiment attached
Figure is briefly described, it should be understood that the following drawings illustrates only some embodiments of the application, therefore is not construed as pair
The restriction of range for those of ordinary skill in the art without creative efforts, can also be according to this
A little attached drawings obtain other relevant attached drawings.
Fig. 1 is the flow diagram of flow control methods provided by the embodiments of the present application;
Fig. 2 is that control strategy provided by the embodiments of the present application selects schematic diagram;
Fig. 3 is the interaction schematic diagram of the network equipment provided by the embodiments of the present application and traffic policy controller;
Fig. 4 is the hardware structural diagram of the network equipment provided by the embodiments of the present application;
Fig. 5 is one of the functional block diagram of volume control device provided by the embodiments of the present application;
Fig. 6 is the two of the functional block diagram of volume control device provided by the embodiments of the present application.
Icon: 10- network system;The 100- network equipment;110- volume control device;111- extraction module;112- type
Determining module;113- forwards control module;114- receiving module;115- rule deployment module;120- machine readable storage is situated between
Matter;130- processor;200- traffic policy controller.
Specific embodiment
To keep the purposes, technical schemes and advantages of the embodiment of the present application clearer, below in conjunction with the embodiment of the present application
In attached drawing, the technical scheme in the embodiment of the application is clearly and completely described, it is clear that described embodiment is
Some embodiments of the present application, instead of all the embodiments.The application being usually described and illustrated herein in the accompanying drawings is implemented
The component of example can be arranged and be designed with a variety of different configurations.
Therefore, the detailed description of the embodiments herein provided in the accompanying drawings is not intended to limit below claimed
Scope of the present application, but be merely representative of the selected embodiment of the application.Based on the embodiment in the application, this field is common
Technical staff's every other embodiment obtained without creative efforts belongs to the model of the application protection
It encloses.
It should also be noted that similar label and letter indicate similar terms in following attached drawing, therefore, once a certain Xiang Yi
It is defined in a attached drawing, does not then need that it is further defined and explained in subsequent attached drawing.
Fig. 1 is please referred to, it, can in the network equipment the present embodiment provides a kind of flow control methods applied to the network equipment
To be deployed with the Flowspec strategy comprising several Flowspec rules and other flow control policies, a Flowspec in advance
Rule includes at least traffic characteristic, discharge pattern information and flow control movement.Wherein, traffic characteristic may include the mesh of flow
The letter such as network protocol (Internet Protocol, IP) address, destination port, source IP address, source port, application protocol
Breath;Discharge pattern information may include the classes such as attack traffic, the higher flow of dispatching priority, the lower flow of dispatching priority
Type;Flow control movement may include the movement such as redirection, speed limit, interception.Below to flow control side provided in this embodiment
Each step of method is described in detail.
Step S110 extracts the traffic characteristic of the flow to be forwarded received, and determines from several Flowspec rules
The target Flowspec rule that the traffic characteristic of outflow feature and flow to be forwarded matches.
The discharge pattern of target Flowspec rule is determined as the discharge pattern of flow to be forwarded by step S120.
Step S130 determines target Flowspec rule and other flow controls according to the discharge pattern of flow to be forwarded
Strategy executes sequence, and treats converting flow according to execution sequence and be forwarded.
It in the present embodiment, can be according to the traffic characteristic of flow to be forwarded after the network equipment receives flow to be forwarded
It is matched, is determined with the corresponding traffic characteristic information of several Flowspec rule for being previously deployed at network equipment local
The target Flowspec rule that the traffic characteristic of outflow characteristic information and flow to be forwarded matches.Then the mesh that will be determined
Mark discharge pattern of the corresponding discharge pattern of Flowspec rule as the flow to be forwarded.
In the present embodiment, for the flow to be forwarded of different discharge pattern, it is provided with corresponding target Flowspec rule
It is then different between other flow control policies to execute sequence (i.e. flow control movement execute sequence), specifically, being directed to
The flow to be forwarded of different flow type, the network equipment can select in target Flowspec rule and other flow control policies
The forwarding for treating converting flow is taken to be controlled, it can also be in target Flowspec rule and other flow control policies
It chooses multiple, is controlled using the forwarding that corresponding strategy execution sequence treats converting flow.
Optionally, in the present embodiment, other flow control policies may include the local flow disposed in the network equipment
Control strategy, discharge pattern can include but is not limited to following three types.
It in step s 130, can only performance objective if the discharge pattern of flow to be forwarded is the preset first kind
Flowspec rule is treated converting flow and is forwarded.
Specifically, the flow of the first kind can be the attack traffic intercepted, and target Flowspec rule is right
The flow control movement answered is the flow for intercepting the first kind, therefore is directed to the flow of the first kind, corresponding target
Flowspec rule needs highest priority, and after performance objective Flowspec rule intercepts flow, no longer
It executes other local traffic policies and is forwarded control.
If the discharge pattern of flow to be forwarded is preset Second Type, first carries out target Flowspec rule and (hold
The corresponding flow control movement of row target Flowspec rule) it treats converting flow and is forwarded, then execute other local flows
Control strategy (executing the corresponding flow control movement of other flow control policies) is treated converting flow and is forwarded.
Specifically, the flow of Second Type can be that the higher flow of dispatching priority can for the flow of Second Type
It is controlled with the forwarding for first target Flowspec rule being used to treat converting flow, it is always square with the overall scheduling for controlling flow
To the forwarding for then treating converting flow further according to the local flow control policy of traffic characteristic matching of flow to be forwarded is controlled
System.
For example, referring to figure 2., it is assumed that on network equipment 100A, target Flowspec that certain flow matches to be forwarded arrives
The corresponding discharge pattern of rule is Second Type, and the corresponding flow control movement of target Flowspec rule is that this is to be forwarded
Flow is redirected to link 1 and is sent, then can first carry out target Flowspec rule and execute redirection movement, then execute
The other local flow control policies disposed on detection link 1, it is assumed that detect that there is also the local streams for speed limit on link 1
Control strategy is measured, then Control for Speed Limitation is being carried out to the flow to be forwarded.
If discharge pattern is preset third type, first carries out local flow control policy and treat converting flow and turned
Hair, if local flow control policy failure, then performance objective Flowspec rule are treated converting flow and be forwarded.
Specifically, the flow of third type can be that the lower flow of dispatching priority can for the flow of third type
The forwarding that local flow control policy treats converting flow is matched according to the traffic characteristic of flow to be forwarded with elder generation to be controlled,
When the local flow control policy fails, then performance objective Flowspec rule is treated the forwarding of converting flow and is controlled.
For example, referring once again to Fig. 2, it is assumed that on network equipment 100A, target that certain flow matches to be forwarded arrives
The discharge pattern of Flowspec rule be third type, flow control movement for by the flow to be forwarded be redirected to link 2 into
Row is sent, but there is also the flow to be forwarded is redirected to the local flow that link 3 is sent on network equipment 100A
Control strategy, then it is preferential to execute local flow control policy, which is redirected to link 3 and is sent, at this
After the failure of ground flow control policy, then performance objective Flowspec rule, which is redirected to link 2 and is sent out
It send.
It, can be for the to be forwarded of different flow type in flow control methods provided in this embodiment based on above-mentioned design
Flow, determine Flowspec rule and other flow control policies executes sequence, so as to avoid Flowspec rule and its
Its flow control policy generates conflict.
Optionally, in an embodiment of the present embodiment, Flowspec strategy can be previously deployed at the network equipment
In.
In the another embodiment of the present embodiment, referring to figure 3., multiple network equipments 100 are assisted by borde gateway
It is totally interconnected to discuss (Border Gateway Protocol, abbreviation BGP), or passes through Router Reflector (Route Reflector) group
Net, then, multiple network equipments 100 can be communicated with a traffic policy controller 200.
Traffic policy controller 200 can issue Flowspec strategy to each network equipment 100 in network system 10.
The traffic policy controller 200 can be software-driven wide area network (Application-driven Wide Area
Network, abbreviation ADWAN) the ADWAN controller that uses in technology.The network equipment 100 can receive traffic policy control
The Flowspec message that device 200 is sent.
In this embodiment, the network equipment 100 is in the Flowspec message for receiving the transmission of flow strategy controller 200
Afterwards, Flowspec rule to be disposed is extracted from the Flowspec message, and is somebody's turn to do Flowspec rule to be disposed in local disposition,
And the flow control of the Flowspec rule to be disposed is determined according to the regular corresponding discharge pattern of the Flowspec to be disposed
What movement and the flow control of other flow control policies acted executes sequence.
Specifically, Flowspec message can be Network Layer Reachable Information (Network Layer Reachability
Information, abbreviation NLRI) the BGP message of Flowspec rule is carried in field.The network equipment 100 can receive
To after Flowspec message, TLV (type-length-value, type-length-value) field of Flowspec message is extracted.
When determining the Type field of the TLV field for preset value, determine that Flowspec message carries FLowspec rule to be disposed
Then, and in local disposition it is somebody's turn to do FLowspec rule to be disposed.For example, preset value can be 13, the network equipment 100 is being detected
When the TLV field that the type field is 13, determine that the Flowspec message received carries FLowspec rule to be disposed.
Then the network equipment 100 obtains the discharge pattern that the Value field of TLV field carries, and is being locally configured and is being somebody's turn to do
The flow control movement and the flow control of other flow control policies of the corresponding Flowspec rule to be disposed of discharge pattern are dynamic
Work executes sequence.
It optionally, in the present embodiment, can also include at least one network equipment in the Value field of TLV field
Identification information.For example, the router of at least one network equipment 100 can be can recorde in the Value field of the TLV field
Id, IP address, the media access control address (Media Access Control, MAC) or other for uniquely characterize network set
The mark of standby identity.
The network equipment 100 after receiving the Flowspec message carried wait dispose FLowspec rule, by itself
The identification information of at least one network equipment carried in identification information and Flowspec message is matched, with judgement at least one
The identification information to match in the identification information of a network equipment with the presence or absence of the identification information with itself.
If it exists, then the Flowspec to be disposed is regular in local disposition for the network equipment 100;
Otherwise the network equipment 100 is not somebody's turn to do Flowspec rule to be disposed in local disposition.
It, can be by traffic policy controller 200 uniformly in the method that provides in the present embodiment based on above-mentioned design
Flowspec strategy is issued, for the Flowspec rule of different network equipment various combinations, so as to entire
The flow of network system carries out Global motion planning management.
Referring to figure 4., Fig. 4 is the block diagram of the network equipment 100 shown in Fig. 3.The network equipment 100 may include
Machine readable storage medium 120 and processor 130.
It is directly or indirectly electrically connected between machine readable storage medium 120 and processor 130, to realize the biography of data
Defeated or interaction.It is electrically connected for example, these elements can be realized between each other by one or more communication bus or signal wire.And
And processor 130 is executable by reading and executing machine corresponding with flow control logic in machine readable storage medium 120
Above-described flow control methods can be performed in instruction, processor 130.
Machine readable storage medium 120 referred to herein can be any electronics, magnetism, optics or other physical stores
Device may include or store information, such as executable instruction, data, etc..For example, machine readable storage medium 120 can be with
It is: RAM (Radom Access Memory, random access memory), volatile memory, nonvolatile memory, flash memory, deposits
Store up driver (such as hard disk drive), solid state hard disk, any kind of storage dish (such as CD, dvd) or similar storage
Medium or their combination.
Referring to figure 5., the present embodiment also provides a kind of volume control device 110, which includes extremely
Few one can be stored in machine readable storage medium 120 or be solidificated in network in the form of software or firmware (firmware) and set
Software function module in standby 100 operating system (operating system, OS).Processor 130 can execute machine can
Read the executable module that stores in storage medium 120, for example, execute software function module included by volume control device 110 and
Computer program etc..The volume control device 110 may include extraction module 111, determination type module 112 and forwarding control mould
Block 113.
Extraction module 111 is used to extract the traffic characteristic of the flow to be forwarded received, and regular from several Flowspec
In determine the target Flowspec rule that the traffic characteristic of traffic characteristic and flow to be forwarded matches.
In the present embodiment, extraction module 111 can be used for executing step S110 shown in FIG. 1, the tool about extraction module 111
Body description can join the description to step S110.
Determination type module 112 is for obtaining the stream that the discharge pattern of target Flowspec rule is determined as to flow to be forwarded
Measure type.
In the present embodiment, determination type module 112 can be used for executing step S120 shown in Fig. 2, determine mould about type
The specific descriptions of block 112 can join the description to step S120.
It forwards control module 113 to be used for the discharge pattern according to flow to be forwarded, determines target Flowspec rule and its
Its flow control policy executes sequence, and treats converting flow according to execution sequence and be forwarded.
In the present embodiment, forwarding control module 113 can be used for executing step S130 shown in Fig. 2, control mould about forwarding
The specific descriptions of block 113 can join the description to step S130.
Optionally, Fig. 6 is please referred to, in the present embodiment, volume control device 110 further includes receiving module 114 and rule
Deployment module 115.
Receiving module 114 is used to receive the Flowspec message of the transmission of flow strategy controller 200.
Regular deployment module 115 is used to the Flowspec rule to be disposed that the Flowspec message carries being deployed in this
Ground, and according to the regular corresponding discharge pattern of the Flowspec to be disposed, the configuration Flowspec rule to be disposed and institute
That states other flow control policies executes sequence.
Optionally, regular deployment module 115 is specifically used for:
Extract the TLV field of the Flowspec message;
When determining the type field of the TLV field for preset value, determine that the Flowspec message is carried to portion
Affix one's name to FLowspec rule, and the FLowspec rule to be disposed described in local disposition;
Obtain the TLV field Value field carry discharge pattern, configure it is corresponding with the discharge pattern described in
Deployment Flowspec rule and other flow control policies execute sequence.
Optionally, the Value field of TLV field further includes the identification information of at least one network equipment.Rule deployment mould
Block 115 is also used to:
The identification information of itself is matched with the identification information of at least one network equipment, it is described extremely with judgement
The identification information to match in the identification information of few network equipment with the presence or absence of the identification information with itself;
If it exists, then the Flowspec to be disposed described in local disposition is regular;
Otherwise, the Flowspec to be disposed described in local disposition is not regular.
Optionally, other flow control policies include the local flow control policy disposed in the network equipment.Forwarding control
Module 113 is specifically used for:
If the discharge pattern of the flow to be forwarded is the preset first kind, the target Flowspec rule are executed
Then the flow to be forwarded is forwarded;
If the discharge pattern of the flow to be forwarded is preset Second Type, the target Flowspec is first carried out
Rule is forwarded the flow to be forwarded, then executes the local flow control policy and turn to the flow to be forwarded
Hair;
If the discharge pattern of the flow to be forwarded is preset third type, the local flow control plan is first carried out
Slightly the flow to be forwarded is forwarded, if the local flow control policy executes failure, executes the target
Flowspec rule is forwarded the flow to be forwarded.
In conclusion flow control methods provided by the present application and device, pass through the traffic characteristic according to flow to be forwarded
Corresponding target Flowspec rule is matched, the discharge pattern of flow to be forwarded, and root are determined according to target Flowspec rule
Execute sequence according to what discharge pattern determined Flowspec rule and other flow control policies, in this way, make Flowspec rule and
Execution sequence between other flow control policies can configure, and improve the flexibility to network system flow control.
In embodiment provided herein, it should be understood that disclosed device and method, it can also be by other
Mode realize.The apparatus embodiments described above are merely exemplary, for example, the flow chart and block diagram in attached drawing are shown
According to device, the architectural framework in the cards of method and computer program product, function of multiple embodiments of the application
And operation.In this regard, each box in flowchart or block diagram can represent one of a module, section or code
Point, a part of the module, section or code includes one or more for implementing the specified logical function executable
Instruction.It should also be noted that function marked in the box can also be attached to be different from some implementations as replacement
The sequence marked in figure occurs.For example, two continuous boxes can actually be basically executed in parallel, they sometimes may be used
To execute in the opposite order, this depends on the function involved.It is also noted that each of block diagram and or flow chart
The combination of box in box and block diagram and or flow chart can be based on the defined function of execution or the dedicated of movement
The system of hardware is realized, or can be realized using a combination of dedicated hardware and computer instructions.
In addition, each functional module in each embodiment of the application can integrate one independent portion of formation together
Point, it is also possible to modules individualism, an independent part can also be integrated to form with two or more modules.
It, can be with if the function is realized and when sold or used as an independent product in the form of software function module
It is stored in a computer readable storage medium.Based on this understanding, the technical solution of the application is substantially in other words
The part of the part that contributes to existing technology or the technical solution can be embodied in the form of software products, the meter
Calculation machine software product is stored in a storage medium, including some instructions are used so that a computer equipment (can be a
People's computer, server or network equipment etc.) execute each embodiment the method for the application all or part of the steps.
And storage medium above-mentioned includes: that USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), arbitrary access are deposited
The various media that can store program code such as reservoir (RAM, Random Access Memory), magnetic or disk.
It should be noted that, in this document, relational terms such as first and second and the like are used merely to a reality
Body or operation are distinguished with another entity or operation, are deposited without necessarily requiring or implying between these entities or operation
In any actual relationship or order or sequence.Moreover, the terms "include", "comprise" or its any other variant are intended to
Non-exclusive inclusion, so that the process, method, article or equipment including a series of elements is not only wanted including those
Element, but also including other elements that are not explicitly listed, or further include for this process, method, article or equipment
Intrinsic element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that
There is also other identical elements in process, method, article or equipment including the element.
The above, the only specific embodiment of the application, but the protection scope of the application is not limited thereto, it is any
Those familiar with the art within the technical scope of the present application, can easily think of the change or the replacement, and should all contain
Lid is within the scope of protection of this application.Therefore, the protection scope of the application shall be subject to the protection scope of the claim.
Claims (10)
1. a kind of flow control methods, which is characterized in that be applied to the network equipment, the network equipment has several
Flowspec rule and other flow control policies, a Flowspec rule include at least corresponding traffic characteristic and stream
Measure type information, which comprises
The traffic characteristic of the flow to be forwarded received is extracted, and determines traffic characteristic from several Flowspec rules
The target Flowspec rule to match with the traffic characteristic of the flow to be forwarded;
The discharge pattern of the target Flowspec rule is determined as to the discharge pattern of the flow to be forwarded;
According to the discharge pattern of the flow to be forwarded, the target Flowspec rule and other flow control policies are determined
Sequence is executed, and the flow to be forwarded is forwarded according to the execution sequence.
2. the method according to claim 1, wherein the method also includes:
Receive the Flowspec message that flow strategy controller is sent;
The Flowspec rule to be disposed that the Flowspec message carries is deployed in local, and according to described wait dispose
The corresponding discharge pattern of Flowspec rule, the configuration Flowspec rule to be disposed and other flow control policies
Execute sequence.
3. according to the method described in claim 2, it is characterized in that, it is described by the Flowspec message carry wait dispose
Flowspec rule is deployed in local, and according to the corresponding discharge pattern of the Flowspec rule to be disposed, configuration it is described to
The step of execution sequence of deployment Flowspec rule and other flow control policies, comprising:
Extract the TLV field of the Flowspec message;
When determining the type field of the TLV field for preset value, determine that the Flowspec message is carried wait dispose
FLowspec rule, and the FLowspec rule to be disposed described in local disposition;
The discharge pattern that the Value field of the TLV field carries is obtained, is configured corresponding with the discharge pattern described wait dispose
Flowspec rule and other flow control policies execute sequence.
4. according to the method described in claim 3, it is characterized in that, the Value field of the TLV field further includes at least one
The identification information of the network equipment;The method also includes:
The identification information of itself is matched with the identification information of at least one network equipment, to judge described at least one
The identification information to match in the identification information of a network equipment with the presence or absence of the identification information with itself;
If it exists, then the Flowspec to be disposed described in local disposition is regular;
Otherwise, the Flowspec to be disposed described in local disposition is not regular.
5. the method according to claim 1, wherein other flow control policies are in the network equipment
The local flow control policy of deployment;The discharge pattern according to the flow to be forwarded, determines the target Flowspec
Regular and other flow control policies execute sequence, and the flow to be forwarded is forwarded according to the execution sequence
Step, comprising:
If the discharge pattern of the flow to be forwarded is the preset first kind, the target Flowspec rule is executed to institute
Flow to be forwarded is stated to be forwarded;
If the discharge pattern of the flow to be forwarded is preset Second Type, it is right to first carry out the target Flowspec rule
The flow to be forwarded is forwarded, then is executed the local flow control policy and be forwarded to the flow to be forwarded;
If the discharge pattern of the flow to be forwarded is preset third type, the local flow control policy pair is first carried out
The flow to be forwarded is forwarded, if the local flow control policy executes failure, executes the target Flowspec
Rule is forwarded the flow to be forwarded.
6. a kind of volume control device, which is characterized in that be applied to the network equipment, the network equipment has several
Flowspec rule and other flow control policies, a Flowspec rule include at least corresponding traffic characteristic and stream
Type information is measured, described device includes:
Extraction module, for extracting the traffic characteristic of the flow to be forwarded received, and from several Flowspec rules
Determine the target Flowspec rule that the traffic characteristic of traffic characteristic and the flow to be forwarded matches;
Determination type module, for the discharge pattern of the target Flowspec rule to be determined as to the stream of the flow to be forwarded
Measure type;
Forward control module, for the discharge pattern according to the flow to be forwarded, determine the target Flowspec rule and
Other flow control policies execute sequence, and are forwarded according to the execution sequence to the flow to be forwarded.
7. device according to claim 6, which is characterized in that described device further include:
Receiving module, for receiving the Flowspec message of flow strategy controller transmission;
Regular deployment module, the Flowspec rule to be disposed for carrying the Flowspec message are deployed in local, and
According to the corresponding discharge pattern of Flowspec the to be disposed rule, the Flowspec rule to be disposed and described other is configured
Flow control policy executes sequence.
8. device according to claim 7, which is characterized in that the rule deployment module is specifically used for:
Extract the TLV field of the Flowspec message;
When determining the type field of the TLV field for preset value, determine that the Flowspec message is carried wait dispose
FLowspec rule, and the FLowspec rule to be disposed described in local disposition;
The discharge pattern that the Value field of the TLV field carries is obtained, is configured corresponding with the discharge pattern described wait dispose
Flowspec rule and other flow control policies execute sequence.
9. device according to claim 6, which is characterized in that the Value field of the TLV field further includes at least one
The identification information of the network equipment;The rule deployment module is also used to:
The identification information of itself is matched with the identification information of at least one network equipment, to judge described at least one
The identification information to match in the identification information of a network equipment with the presence or absence of the identification information with itself;
If it exists, then the Flowspec to be disposed described in local disposition is regular;
Otherwise, the Flowspec to be disposed described in local disposition is not regular.
10. device according to claim 6, which is characterized in that other flow control policies include that the network is set
The local flow control policy of standby middle deployment;The forwarding control module is specifically used for:
If the discharge pattern of the flow to be forwarded is the preset first kind, the target Flowspec rule is executed to institute
Flow to be forwarded is stated to be forwarded;
If the discharge pattern of the flow to be forwarded is preset Second Type, it is right to first carry out the target Flowspec rule
The flow to be forwarded is forwarded, then is executed the local flow control policy and be forwarded to the flow to be forwarded;
If the discharge pattern of the flow to be forwarded is preset third type, the local flow control policy pair is first carried out
The flow to be forwarded is forwarded, if the local flow control policy executes failure, executes the target Flowspec
Rule is forwarded the flow to be forwarded.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811191734.7A CN109510776B (en) | 2018-10-12 | 2018-10-12 | Flow control method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811191734.7A CN109510776B (en) | 2018-10-12 | 2018-10-12 | Flow control method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109510776A true CN109510776A (en) | 2019-03-22 |
CN109510776B CN109510776B (en) | 2022-07-12 |
Family
ID=65746559
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811191734.7A Active CN109510776B (en) | 2018-10-12 | 2018-10-12 | Flow control method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109510776B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111817960A (en) * | 2020-07-23 | 2020-10-23 | 杭州迪普信息技术有限公司 | Message forwarding method and device of flow control equipment |
CN112019431A (en) * | 2019-05-29 | 2020-12-01 | 阿里巴巴集团控股有限公司 | Method, device and equipment for processing forwarding rule |
WO2023040729A1 (en) * | 2021-09-16 | 2023-03-23 | 华为技术有限公司 | Packet processing method, flow specification transmission method, and device, system and storage medium |
Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103078794A (en) * | 2013-01-08 | 2013-05-01 | 杭州华三通信技术有限公司 | Message processing control method and device |
CN103346974A (en) * | 2013-06-03 | 2013-10-09 | 华为技术有限公司 | Controlling method of service process and network device |
CN104811326A (en) * | 2014-01-24 | 2015-07-29 | 中兴通讯股份有限公司 | Service chain management method, service chain management system, and devices |
WO2015174968A1 (en) * | 2014-05-13 | 2015-11-19 | Hewlett-Packard Development Company, L.P. | Network access control at controller |
US20160182300A1 (en) * | 2014-12-17 | 2016-06-23 | Cisco Technology, Inc., A Corporation Of California | Selective Configuring of Throttling Engines for Flows of Packet Traffic |
CN105871602A (en) * | 2016-03-29 | 2016-08-17 | 华为技术有限公司 | Control method, device and system for counting traffic |
CN107026791A (en) * | 2016-01-29 | 2017-08-08 | 华为技术有限公司 | VPN vpn service optimization method and equipment |
CN107404439A (en) * | 2016-05-18 | 2017-11-28 | 华为技术有限公司 | For redirecting the method and system, the network equipment and control device of data flow |
CN107547432A (en) * | 2017-08-28 | 2018-01-05 | 新华三信息安全技术有限公司 | A kind of flow control methods and device |
CN107925624A (en) * | 2016-07-01 | 2018-04-17 | 华为技术有限公司 | Message forwarding method, device and system based on business function chain SFC |
CN108199965A (en) * | 2017-12-28 | 2018-06-22 | 新华三技术有限公司 | Flow spec list items delivery method, the network equipment, controller and autonomous system |
-
2018
- 2018-10-12 CN CN201811191734.7A patent/CN109510776B/en active Active
Patent Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103078794A (en) * | 2013-01-08 | 2013-05-01 | 杭州华三通信技术有限公司 | Message processing control method and device |
CN103346974A (en) * | 2013-06-03 | 2013-10-09 | 华为技术有限公司 | Controlling method of service process and network device |
CN104811326A (en) * | 2014-01-24 | 2015-07-29 | 中兴通讯股份有限公司 | Service chain management method, service chain management system, and devices |
WO2015174968A1 (en) * | 2014-05-13 | 2015-11-19 | Hewlett-Packard Development Company, L.P. | Network access control at controller |
US20160182300A1 (en) * | 2014-12-17 | 2016-06-23 | Cisco Technology, Inc., A Corporation Of California | Selective Configuring of Throttling Engines for Flows of Packet Traffic |
CN107026791A (en) * | 2016-01-29 | 2017-08-08 | 华为技术有限公司 | VPN vpn service optimization method and equipment |
CN105871602A (en) * | 2016-03-29 | 2016-08-17 | 华为技术有限公司 | Control method, device and system for counting traffic |
CN107404439A (en) * | 2016-05-18 | 2017-11-28 | 华为技术有限公司 | For redirecting the method and system, the network equipment and control device of data flow |
CN107925624A (en) * | 2016-07-01 | 2018-04-17 | 华为技术有限公司 | Message forwarding method, device and system based on business function chain SFC |
CN107547432A (en) * | 2017-08-28 | 2018-01-05 | 新华三信息安全技术有限公司 | A kind of flow control methods and device |
CN108199965A (en) * | 2017-12-28 | 2018-06-22 | 新华三技术有限公司 | Flow spec list items delivery method, the network equipment, controller and autonomous system |
Non-Patent Citations (2)
Title |
---|
罗雨佳等: "基于BGP增强的流量调度技术", 《电信科学》 * |
黄卓君: "一种基于Flow-Spec的网络异常流量防护策略", 《广东通信技术》 * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112019431A (en) * | 2019-05-29 | 2020-12-01 | 阿里巴巴集团控股有限公司 | Method, device and equipment for processing forwarding rule |
CN112019431B (en) * | 2019-05-29 | 2023-04-18 | 阿里巴巴集团控股有限公司 | Method, device and equipment for processing forwarding rule |
CN111817960A (en) * | 2020-07-23 | 2020-10-23 | 杭州迪普信息技术有限公司 | Message forwarding method and device of flow control equipment |
WO2023040729A1 (en) * | 2021-09-16 | 2023-03-23 | 华为技术有限公司 | Packet processing method, flow specification transmission method, and device, system and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN109510776B (en) | 2022-07-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10158561B2 (en) | Data plane learning of bi-directional service chains | |
US10505804B2 (en) | System and method of discovering paths in a network | |
US20230041892A1 (en) | Event driven route control | |
CN106506274B (en) | Dynamically-expandable efficient single-packet tracing method | |
CN106105115B (en) | Method, medium and the device of service chaining for being originated by service node | |
US10084685B2 (en) | Route reflector as a service | |
US9369435B2 (en) | Method for providing authoritative application-based routing and an improved application firewall | |
US20160119253A1 (en) | Method and system of performing service function chaining | |
US20200177606A1 (en) | Synergistic dns security update | |
US11018937B2 (en) | Determining an effect of a network configuration change | |
US20140181292A1 (en) | Systems and methods for topology discovery and application in a border gateway protocol based data center | |
US20210160263A1 (en) | Systems and methods for causation analysis of network traffic anomalies and security threats | |
CN109510776A (en) | Flow control methods and device | |
CN104852840B (en) | A kind of method and device exchanged visits between control virtual machine | |
CN106105165A (en) | There is the dynamic service chain of network address translation detection | |
US20210226866A1 (en) | Threat detection of application traffic flows | |
CN106713005A (en) | Designated forwarder (DF) election based on static DF election procedure | |
US11516184B2 (en) | Firewall service insertion across secure fabric preserving security group tags end to end with dual homed firewall | |
US11811613B2 (en) | Method and apparatus for automated spanning-tree loop detection in networks | |
WO2018099309A1 (en) | Route detection method and network device | |
CN112272145A (en) | Message processing method, device, equipment and machine readable storage medium | |
CN114128217A (en) | In-data plane network policy enforcement using IP addresses | |
EP3334105A1 (en) | Embedding of context information in networking packets | |
US9954761B2 (en) | Dynamic detection of VPN sites | |
CN107896188A (en) | Data forwarding method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |