CN109510776B - Flow control method and device - Google Patents

Flow control method and device Download PDF

Info

Publication number
CN109510776B
CN109510776B CN201811191734.7A CN201811191734A CN109510776B CN 109510776 B CN109510776 B CN 109510776B CN 201811191734 A CN201811191734 A CN 201811191734A CN 109510776 B CN109510776 B CN 109510776B
Authority
CN
China
Prior art keywords
flow
flowspec
forwarded
rule
type
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811191734.7A
Other languages
Chinese (zh)
Other versions
CN109510776A (en
Inventor
梅树
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Technologies Co Ltd Hefei Branch
Original Assignee
New H3C Technologies Co Ltd Hefei Branch
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by New H3C Technologies Co Ltd Hefei Branch filed Critical New H3C Technologies Co Ltd Hefei Branch
Priority to CN201811191734.7A priority Critical patent/CN109510776B/en
Publication of CN109510776A publication Critical patent/CN109510776A/en
Application granted granted Critical
Publication of CN109510776B publication Critical patent/CN109510776B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/20Traffic policing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/24Traffic characterised by specific attributes, e.g. priority or QoS
    • H04L47/2425Traffic characterised by specific attributes, e.g. priority or QoS for supporting services specification, e.g. SLA
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/24Traffic characterised by specific attributes, e.g. priority or QoS
    • H04L47/2441Traffic characterised by specific attributes, e.g. priority or QoS relying on flow classification, e.g. using integrated services [IntServ]
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Abstract

The application provides a flow control method and a device, which are applied to network equipment, wherein the network equipment is provided with a plurality of Flowspec rules and other flow control strategies, one Flowspec rule at least comprises corresponding flow characteristics and flow type information, and the method comprises the following steps: extracting the flow characteristics of the received flow to be forwarded, and determining a target Flowspec rule of which the flow characteristics are matched with the flow characteristics of the flow to be forwarded from the plurality of Flowspec rules; determining the flow type of the target Flowspec rule as the flow type of the flow to be forwarded; and determining the execution sequence of the target Flowspec rule and other flow control strategies according to the flow type of the flow to be forwarded, and forwarding the flow to be forwarded according to the execution sequence. Therefore, the execution sequence between the Flowspec rule and other flow control strategies can be configured, and the flexibility of the flow control of the network system is improved.

Description

Flow control method and device
Technical Field
The present application relates to the field of network communication technologies, and in particular, to a flow control method and apparatus.
Background
In some network communication scenarios, it is necessary to globally schedule traffic in a network system, for example, in the prior art, a Flowspec technology is adopted, and a Flowspec control policy is issued to each network device in the network system, so that each network device controls forwarding of the traffic according to the Flowspec control policy, thereby implementing scheduling of the traffic in the network system. However, each network device may have some local flow control policies, and due to the problem of execution sequence between the Flowspec control policy and the local flow policy of the network device, the Flowspec control policy application is affected when the local flow policy exists, and the flow scheduling cannot be flexibly performed according to the networking application condition.
Disclosure of Invention
In a first aspect, the present application provides a flow control method, which is applied to a network device, where the network device is deployed with a plurality of Flowspec rules and other flow control policies, and one of the Flowspec rules at least includes corresponding flow characteristics and flow type information, and the method includes:
extracting the flow characteristics of the received flow to be forwarded, and determining a target Flowspec rule with the flow characteristics matched with the flow characteristics of the flow to be forwarded from the plurality of Flowspec rules;
determining the flow type of the target Flowspec rule as the flow type of the flow to be forwarded;
and determining the execution sequence of the target Flowspec rule and other flow control strategies according to the flow type of the flow to be forwarded, and forwarding the flow to be forwarded according to the execution sequence.
Optionally, the method further comprises:
receiving a Flowspec message sent by a flow strategy controller;
and deploying the to-be-deployed Flowspec rule carried by the Flowspec message locally, and configuring the execution sequence of the to-be-deployed Flowspec rule and the other flow control strategies according to the flow type corresponding to the to-be-deployed Flowspec rule.
Optionally, the step of configuring the execution sequence of the Flowspec rule to be deployed and the other flow control policies according to the flow type corresponding to the Flowspec rule to be deployed includes:
extracting a TLV field of the Flowspec message;
when the Type field of the TLV field is judged to be a preset value, determining that the Flowspec message carries a Flowspec rule to be deployed, and locally deploying the Flowspec rule to be deployed;
and acquiring the flow type carried by the Value field of the TLV field, and configuring the execution sequence of the to-be-deployed Flowspec rule and other flow control strategies corresponding to the flow type.
Optionally, the Value field of the TLV field further includes identification information of at least one network device; the method further comprises the following steps:
matching the identification information of the network device with the identification information of the at least one network device to judge whether the identification information of the at least one network device is matched with the identification information of the network device;
if yes, locally deploying the Flowspec rule to be deployed;
otherwise, the Flowspec rule to be deployed is not locally deployed.
Optionally, the other flow control policy is a local flow control policy deployed in the network device; the step of determining the execution sequence of the target Flowspec rule and other flow control strategies according to the flow type of the flow to be forwarded and forwarding the flow to be forwarded according to the execution sequence comprises the following steps:
if the flow type of the flow to be forwarded is a preset first type, executing the target Flowspec rule to forward the flow to be forwarded;
if the flow type of the flow to be forwarded is a preset second type, the target Flowspec rule is executed to forward the flow to be forwarded, and then the local flow control strategy is executed to forward the flow to be forwarded;
if the flow type of the flow to be forwarded is a preset third type, the local flow control strategy is executed to forward the flow to be forwarded, and if the local flow control strategy fails to be executed, the target Flowspec rule is executed to forward the flow to be forwarded.
In a second aspect, the present application provides a flow control apparatus, applied to a network device, where several Flowspec rules and other flow control policies are deployed in the network device, where one of the Flowspec rules at least includes a flow characteristic and a flow type, and the apparatus includes:
the extraction module is used for extracting the received flow characteristics of the flow to be forwarded and determining a target Flowspec rule of which the flow characteristics are matched with the flow characteristics of the flow to be forwarded from the Flowspec rules;
a type determining module, configured to determine a traffic type of the target Flowspec rule as a traffic type of the traffic to be forwarded;
and the forwarding control module is used for determining the execution sequence of the target Flowspec rule and other flow control strategies according to the flow type of the flow to be forwarded and forwarding the flow to be forwarded according to the execution sequence.
Optionally, the apparatus further comprises:
the receiving module is used for receiving the Flowspec message sent by the flow strategy controller;
and the rule deployment module is used for locally deploying the Flowspec rule to be deployed carried by the Flowspec message, and configuring the execution sequence of the Flowspec rule to be deployed and the other flow control strategies according to the flow type corresponding to the Flowspec rule to be deployed.
Optionally, the rule deployment module is specifically configured to:
extracting a TLV field of the Flowspec message;
when the Type field of the TLV field is judged to be a preset value, determining that the Flowspec message carries a Flowspec rule to be deployed, and locally deploying the Flowspec rule to be deployed;
and acquiring the flow type carried by the Value field of the TLV field, and configuring the execution sequence of the to-be-deployed Flowspec rule and other flow control strategies corresponding to the flow type.
Optionally, the Value field of the TLV field further includes identification information of at least one network device; the rule deployment module is further to:
matching the identification information of the network equipment with the identification information of the at least one network equipment to judge whether the identification information matched with the identification information of the network equipment exists in the identification information of the at least one network equipment or not;
if yes, locally deploying the Flowspec rule to be deployed;
otherwise, the Flowspec rule to be deployed is not locally deployed.
Optionally, the other flow control policies include a local flow control policy deployed in the network device; the forwarding control module is specifically configured to:
if the flow type of the flow to be forwarded is a preset first type, executing the target Flowspec rule to forward the flow to be forwarded;
if the flow type of the flow to be forwarded is a preset second type, the target Flowspc rule is executed to forward the flow to be forwarded, and then the local flow control strategy is executed to forward the flow to be forwarded;
if the flow type of the flow to be forwarded is a preset third type, the local flow control strategy is executed to forward the flow to be forwarded, and if the local flow control strategy fails to be executed, the target Flowspec rule is executed to forward the flow to be forwarded.
Compared with the prior art, the method has the following beneficial effects:
according to the flow control method and the flow control device, the corresponding target Flowspc rule is matched according to the flow characteristics of the flow to be forwarded, the flow type of the flow to be forwarded is determined according to the target Flowspc rule, and the execution sequence of the Flowspc rule and other flow control strategies is determined according to the flow type, so that the execution sequence between the Flowspc rule and the other flow control strategies can be configured, and the flexibility of flow control of a network system is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained from the drawings without inventive effort.
Fig. 1 is a schematic flow chart of a flow control method according to an embodiment of the present application;
FIG. 2 is a schematic diagram of a control strategy selection provided in an embodiment of the present application;
fig. 3 is a schematic interaction diagram of a network device and a traffic policy controller according to an embodiment of the present application;
fig. 4 is a schematic hardware structure diagram of a network device according to an embodiment of the present application;
FIG. 5 is a schematic diagram of a functional block diagram of a flow control device according to an embodiment of the present disclosure;
fig. 6 is a second functional block diagram of a flow control device according to a second embodiment of the present disclosure.
Icon: 10-a network system; 100-a network device; 110-a flow control device; 111-an extraction module; 112-type determination module; 113-a forwarding control module; 114-a receiving module; 115-a rule deployment module; 120-machine readable storage media; 130-a processor; 200-flow strategy controller.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. The components of the embodiments of the present application, generally described and illustrated in the figures herein, can be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the present application, presented in the accompanying drawings, is not intended to limit the scope of the claimed application, but is merely representative of selected embodiments of the application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.
Referring to fig. 1, the present embodiment provides a flow control method applied to a network device, where a Flowspec policy including a plurality of Flowspec rules and other flow control policies may be pre-deployed in the network device, and one Flowspec rule at least includes a flow characteristic, flow type information, and a flow control action. The traffic characteristics may include information such as a destination network Protocol (IP) address, a destination port, a source IP address, a source port, and an application Protocol of the traffic; the traffic type information may include types of attack traffic, traffic with higher scheduling priority, traffic with lower scheduling priority, and the like; the flow control actions may include redirection, throttling, interception, etc. The following describes each step of the flow control method provided in this embodiment in detail.
And step S110, extracting the flow characteristics of the received flow to be forwarded, and determining a target Flowspec rule of which the flow characteristics are matched with the flow characteristics of the flow to be forwarded from the plurality of Flowspec rules.
And step S120, determining the flow type of the target Flowspec rule as the flow type of the flow to be forwarded.
And step S130, determining the execution sequence of the target Flowspec rule and other flow control strategies according to the flow type of the flow to be forwarded, and forwarding the flow to be forwarded according to the execution sequence.
In this embodiment, after receiving the traffic to be forwarded, the network device may perform matching according to traffic characteristics of the traffic to be forwarded and traffic characteristic information respectively corresponding to a plurality of Flowspec rules deployed locally in the network device in advance, and determine a target Flowspec rule whose traffic characteristic information matches the traffic characteristics of the traffic to be forwarded. And then taking the flow type corresponding to the determined target Flowspc rule as the flow type of the flow to be forwarded.
In this embodiment, for the flows to be forwarded of different flow types, different execution sequences (i.e., execution sequences of flow control actions) between the corresponding target Flowspec rule and other flow control policies are set, and specifically, for the flows to be forwarded of different flow types, the network device may select one of the target Flowspec rule and other flow control policies to control forwarding of the flows to be forwarded, or may select multiple ones of the target Flowspec rule and other flow control policies to control forwarding of the flows to be forwarded by using the corresponding policy execution sequences.
Optionally, in this embodiment, the other traffic control policies may include local traffic control policies deployed in the network device, and the traffic types may include, but are not limited to, the following three types.
In step S130, if the traffic type of the traffic to be forwarded is the preset first type, the target Flowspec rule may be executed only to forward the traffic to be forwarded.
Specifically, the first type of traffic may be attack traffic that needs to be intercepted, and the flow control brake corresponding to the target Flowspec rule is used to intercept the first type of traffic, so that for the first type of traffic, the target Flowspec rule corresponding to the first type of traffic needs to have the highest priority, and after the target Flowspec rule is executed to intercept the traffic, no other local traffic policy is executed to perform forwarding control.
If the flow type of the flow to be forwarded is a preset second type, the target Flowspec rule (namely, the flow control action corresponding to the target Flowspec rule) is executed first to forward the flow to be forwarded, and then other local flow control strategies (namely, the flow control actions corresponding to the other flow control strategies) are executed to forward the flow to be forwarded.
Specifically, the second type of traffic may be traffic with a higher scheduling priority, and for the second type of traffic, the target Flowspec rule may be first adopted to control the forwarding of the traffic to be forwarded, so as to control the overall scheduling direction of the traffic, and then the local flow control policy is matched according to the traffic characteristics of the traffic to be forwarded to control the forwarding of the traffic to be forwarded.
For example, referring to fig. 2, assuming that, on the network device 100A, a traffic type corresponding to a target Flowspec rule to which a certain to-be-forwarded traffic is matched is a second type, and a flow control brake corresponding to the target Flowspec rule is used to redirect the to-be-forwarded traffic to the link 1 for transmission, the target Flowspec rule may be executed to execute a redirection action first, and then other local flow control policies deployed on the link 1 are executed, and assuming that a local flow control policy for speed limiting still exists on the link 1, speed limiting control is performed on the to-be-forwarded traffic.
And if the flow type is a preset third type, executing a local flow control strategy to forward the flow to be forwarded, and if the local flow control strategy fails, executing a target Flowspec rule to forward the flow to be forwarded.
Specifically, the third type of traffic may be traffic with a lower scheduling priority, and for the third type of traffic, the forwarding of the traffic to be forwarded may be controlled by matching the local flow control policy according to the traffic characteristics of the traffic to be forwarded, and when the local flow control policy fails, the target Flowspec rule is executed to control the forwarding of the traffic to be forwarded.
For example, referring to fig. 2 again, assuming that, on the network device 100A, the traffic type of a target Flowspec rule matched with a certain to-be-forwarded traffic is a third type, and the flow control braking is used to redirect the to-be-forwarded traffic to the link 2 for transmission, but a local flow control policy that redirects the to-be-forwarded traffic to the link 3 for transmission also exists on the network device 100A, the local flow control policy is preferentially executed, the to-be-forwarded traffic is redirected to the link 3 for transmission, and after the local flow control policy fails, the target Flowspec rule is executed again, and the to-be-forwarded traffic is redirected to the link 2 for transmission.
Based on the above design, in the flow control method provided in this embodiment, the execution order of the Flowspec rule and other flow control policies can be determined for the to-be-forwarded flows of different flow types, so that a conflict between the Flowspec rule and other flow control policies is avoided.
Optionally, in an implementation manner of this embodiment, the Flowspec policy may be pre-deployed in the network device.
In another implementation manner of this embodiment, referring to fig. 3, a plurality of network devices 100 are all interconnected through a Border Gateway Protocol (BGP), or are networked through a Route Reflector (Route Reflector), and then a plurality of network devices 100 may communicate with one traffic policy controller 200.
The traffic policy controller 200 may issue Flowspec policies to each network device 100 in the network system 10. The traffic policy controller 200 may be an ADWAN controller used in a software-driven Wide Area Network (ADWAN) technology. The network device 100 may receive the Flowspec message sent by the traffic policy controller 200.
In this embodiment, after receiving the Flowspec message sent by the traffic policy controller 200, the network device 100 extracts the Flowspec rule to be deployed from the Flowspec message, locally deploys the Flowspec rule to be deployed, and determines the execution sequence of the flow control action of the Flowspec rule to be deployed and the flow control action of other flow control policies according to the traffic type corresponding to the Flowspec rule to be deployed.
Specifically, the Flowspec message may be a BGP message carrying a Flowspec rule in a Network Layer Reachability Information (NLRI) field. The network device 100 may extract a TLV (type-length-value) field of the Flowspec packet after receiving the Flowspec packet. And when the Type field of the TLV field is judged to be a preset value, determining that the Flowspec message carries the FLowspec rule to be deployed, and locally deploying the FLowspec rule to be deployed. For example, the preset value may be 13, and when detecting the TLV field with the Type field of 13, the network device 100 determines that the received Flowspec packet carries the Flowspec rule to be deployed.
Then, the network device 100 obtains the traffic type carried in the Value field of the TLV field, and locally configures the flow control action of the to-be-deployed Flowspec rule corresponding to the traffic type and the execution sequence of the flow control action of other flow control policies.
Optionally, in this embodiment, the Value field of the TLV field may further include identification information of at least one network device. For example, a router id, an IP address, a Media Access Control (MAC) address, or other identifiers for uniquely characterizing the network device identity of at least one network device 100 may be recorded in the Value field of the TLV field.
After receiving the FLowspec message carrying the FLowspec rule to be deployed, the network device 100 matches the identification information of itself with the identification information of at least one network device carried in the FLowspec message, so as to determine whether the identification information of at least one network device has identification information matched with the identification information of itself.
If yes, the network device 100 locally deploys the Flowspec rule to be deployed;
otherwise, the network device 100 does not locally deploy the Flowspec rule to be deployed.
Based on the above design, in the method provided in this embodiment, the Flowspec policy may be uniformly issued by the traffic policy controller 200, and Flowspec rules of different combinations are deployed for different network devices, so that the overall planning management may be performed on the traffic of the entire network system.
Referring to fig. 4, fig. 4 is a block diagram of the network device 100 shown in fig. 3. Network device 100 may include a machine-readable storage medium 120 and a processor 130.
The machine-readable storage medium 120 and the processor 130 are in direct or indirect electrical communication to enable the transfer or interaction of data. For example, the components may be electrically connected to each other via one or more communication buses or signal lines. Also, the processor 130 may perform the flow control method described above by reading and executing machine executable instructions corresponding to the flow control logic in the machine readable storage medium 120 by the processor 130.
The machine-readable storage medium 120 referred to herein may be any electronic, magnetic, optical, or other physical storage device that can contain or store information such as executable instructions, data, and the like. For example, the machine-readable storage medium 120 may be: a RAM (random Access Memory), a volatile Memory, a non-volatile Memory, a flash Memory, a storage drive (e.g., a hard drive), a solid state drive, any type of storage disk (e.g., an optical disk, a dvd, etc.), or similar storage medium, or a combination thereof.
Referring to fig. 5, the embodiment further provides a flow control apparatus 110, where the flow control apparatus 110 includes at least one software functional module that may be stored in a machine-readable storage medium 120 in the form of software or firmware (firmware) or solidified in an Operating System (OS) of the network device 100. The processor 130 may execute executable modules stored in the machine-readable storage medium 120, such as software functional modules and computer programs included in the flow control device 110. The flow control device 110 may include an extraction module 111, a type determination module 112, and a forwarding control module 113.
The extraction module 111 is configured to extract a traffic characteristic of the received traffic to be forwarded, and determine a target Flowspec rule whose traffic characteristic matches the traffic characteristic of the traffic to be forwarded from the multiple Flowspec rules.
In this embodiment, the extracting module 111 may be configured to execute step S110 shown in fig. 1, and reference may be made to the description of step S110 for a detailed description of the extracting module 111.
The type determining module 112 is configured to determine the traffic type of the target Flowspec rule as the traffic type of the traffic to be forwarded.
In this embodiment, the type determining module 112 may be configured to execute step S120 shown in fig. 2, and the detailed description about the type determining module 112 may refer to the description about step S120.
The forwarding control module 113 is configured to determine an execution sequence of the target Flowspec rule and other flow control policies according to the flow type of the flow to be forwarded, and forward the flow to be forwarded according to the execution sequence.
In this embodiment, the forwarding control module 113 may be configured to execute step S130 shown in fig. 2, and reference may be made to the description of step S130 for a detailed description of the forwarding control module 113.
Optionally, referring to fig. 6, in the present embodiment, the flow control device 110 further includes a receiving module 114 and a rule deploying module 115.
The receiving module 114 is configured to receive the Flowspec message sent by the traffic policy controller 200.
The rule deployment module 115 is configured to deploy the Flowspec rule to be deployed carried by the Flowspec message locally, and configure an execution sequence of the Flowspec rule to be deployed and the other flow control policies according to a flow type corresponding to the Flowspec rule to be deployed.
Optionally, the rule deployment module 115 is specifically configured to:
extracting a TLV field of the Flowspec message;
when the Type field of the TLV field is judged to be a preset value, determining that the Flowspec message carries a Flowspec rule to be deployed, and locally deploying the Flowspec rule to be deployed;
and acquiring the flow type carried by the Value field of the TLV field, and configuring the execution sequence of the to-be-deployed Flowspec rule and other flow control strategies corresponding to the flow type.
Optionally, the Value field of the TLV field further includes identification information of the at least one network device. The rule deployment module 115 is further configured to:
matching the identification information of the network equipment with the identification information of the at least one network equipment to judge whether the identification information matched with the identification information of the network equipment exists in the identification information of the at least one network equipment or not;
if yes, locally deploying the Flowspec rule to be deployed;
otherwise, the Flowspec rule to be deployed is not locally deployed.
Optionally, the other flow control policies include local flow control policies deployed in the network device. The forwarding control module 113 is specifically configured to:
if the flow type of the flow to be forwarded is a preset first type, executing the target Flowspec rule to forward the flow to be forwarded;
if the flow type of the flow to be forwarded is a preset second type, the target Flowspec rule is executed to forward the flow to be forwarded, and then the local flow control strategy is executed to forward the flow to be forwarded;
if the flow type of the flow to be forwarded is a preset third type, the local flow control strategy is executed to forward the flow to be forwarded, and if the local flow control strategy fails to be executed, the target Flowspec rule is executed to forward the flow to be forwarded.
In summary, the flow control method and apparatus provided by the present application determine the flow type of the flow to be forwarded according to the target Flowspec rule by matching the corresponding target Flowspec rule according to the flow characteristics of the flow to be forwarded, and determine the execution sequence of the Flowspec rule and other flow control policies according to the flow type, so that the execution sequence between the Flowspec rule and other flow control policies can be configured, thereby improving the flexibility of flow control of the network system.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The apparatus embodiments described above are merely illustrative, and for example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
It should be noted that, in this document, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (10)

1. A flow control method is applied to a network device, wherein a plurality of Flowspec rules and other flow control strategies are deployed in the network device, one of the Flowspec rules at least comprises corresponding flow characteristics and flow type information, and the method comprises the following steps:
extracting the flow characteristics of the received flow to be forwarded, and determining a target Flowspec rule with the flow characteristics matched with the flow characteristics of the flow to be forwarded from the plurality of Flowspec rules;
determining the flow type of the target Flowspec rule as the flow type of the flow to be forwarded;
and determining the execution sequence of the target Flowspec rule and other flow control strategies according to the flow type of the flow to be forwarded, and forwarding the flow to be forwarded according to the execution sequence.
2. The method of claim 1, further comprising:
receiving a Flowspec message sent by a flow strategy controller;
and deploying the to-be-deployed Flowspec rule carried by the Flowspec message locally, and configuring the execution sequence of the to-be-deployed Flowspec rule and the other flow control strategies according to the flow type corresponding to the to-be-deployed Flowspec rule.
3. The method according to claim 2, wherein the step of locally deploying the Flowspec rule to be deployed carried by the Flowspec message, and configuring the execution sequence of the Flowspec rule to be deployed and the other flow control policies according to the flow type corresponding to the Flowspec rule to be deployed comprises:
extracting a TLV field of the Flowspec message;
when the Type field of the TLV field is judged to be a preset value, determining that the Flowspec message carries a Flowspec rule to be deployed, and locally deploying the Flowspec rule to be deployed;
and acquiring the flow type carried by the Value field of the TLV field, and configuring the execution sequence of the to-be-deployed Flowspec rule and other flow control strategies corresponding to the flow type.
4. The method of claim 3, wherein a Value field of the TLV field further comprises identification information of at least one network device; the method further comprises the following steps:
matching the identification information of the network equipment with the identification information of the at least one network equipment to judge whether the identification information matched with the identification information of the network equipment exists in the identification information of the at least one network equipment or not;
if yes, locally deploying the Flowspec rule to be deployed;
otherwise, the Flowspec rule to be deployed is not locally deployed.
5. The method of claim 1, wherein the other flow control policy is a local flow control policy deployed in the network device; the step of determining the execution sequence of the target Flowspec rule and other flow control strategies according to the flow type of the flow to be forwarded and forwarding the flow to be forwarded according to the execution sequence comprises the following steps:
if the flow type of the flow to be forwarded is a preset first type, executing the target Flowspec rule to forward the flow to be forwarded;
if the flow type of the flow to be forwarded is a preset second type, the target Flowspec rule is executed to forward the flow to be forwarded, and then the local flow control strategy is executed to forward the flow to be forwarded;
if the flow type of the flow to be forwarded is a preset third type, the local flow control strategy is executed to forward the flow to be forwarded, and if the local flow control strategy fails to be executed, the target Flowspec rule is executed to forward the flow to be forwarded.
6. A flow control apparatus, applied to a network device, where a plurality of Flowspec rules and other flow control policies are deployed in the network device, and one of the Flowspec rules at least includes corresponding flow characteristics and flow type information, the apparatus comprising:
the extraction module is used for extracting the received flow characteristics of the flow to be forwarded and determining a target Flowspec rule of which the flow characteristics are matched with the flow characteristics of the flow to be forwarded from the Flowspec rules;
a type determining module, configured to determine a flow type of the target Flowspec rule as a flow type of the flow to be forwarded;
and the forwarding control module is used for determining the execution sequence of the target Flowspec rule and other flow control strategies according to the flow type of the flow to be forwarded and forwarding the flow to be forwarded according to the execution sequence.
7. The apparatus of claim 6, further comprising:
the receiving module is used for receiving the Flowspec message sent by the flow strategy controller;
and the rule deployment module is used for locally deploying the to-be-deployed Flowspec rule carried by the Flowspec message, and configuring the execution sequence of the to-be-deployed Flowspec rule and the other flow control strategies according to the flow type corresponding to the to-be-deployed Flowspec rule.
8. The apparatus of claim 7, wherein the rule deployment module is specifically configured to:
extracting a TLV field of the Flowspec message;
when the Type field of the TLV field is judged to be a preset value, determining that the Flowspec message carries a Flowspec rule to be deployed, and locally deploying the Flowspec rule to be deployed;
and acquiring the flow type carried by the Value field of the TLV field, and configuring the execution sequence of the to-be-deployed Flowspec rule and other flow control strategies corresponding to the flow type.
9. The apparatus of claim 8, wherein a Value field of the TLV field further comprises identification information of at least one network device; the rule deployment module is further configured to:
matching the identification information of the network equipment with the identification information of the at least one network equipment to judge whether the identification information matched with the identification information of the network equipment exists in the identification information of the at least one network equipment or not;
if yes, locally deploying the Flowspec rule to be deployed;
otherwise, the Flowspec rule to be deployed is not locally deployed.
10. The apparatus of claim 6, wherein the other flow control policies comprise local flow control policies deployed in the network device; the forwarding control module is specifically configured to:
if the flow type of the flow to be forwarded is a preset first type, executing the target Flowspec rule to forward the flow to be forwarded;
if the flow type of the flow to be forwarded is a preset second type, the target Flowspc rule is executed to forward the flow to be forwarded, and then the local flow control strategy is executed to forward the flow to be forwarded;
if the flow type of the flow to be forwarded is a preset third type, the local flow control strategy is executed to forward the flow to be forwarded, and if the local flow control strategy fails to be executed, the target Flowspec rule is executed to forward the flow to be forwarded.
CN201811191734.7A 2018-10-12 2018-10-12 Flow control method and device Active CN109510776B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811191734.7A CN109510776B (en) 2018-10-12 2018-10-12 Flow control method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811191734.7A CN109510776B (en) 2018-10-12 2018-10-12 Flow control method and device

Publications (2)

Publication Number Publication Date
CN109510776A CN109510776A (en) 2019-03-22
CN109510776B true CN109510776B (en) 2022-07-12

Family

ID=65746559

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811191734.7A Active CN109510776B (en) 2018-10-12 2018-10-12 Flow control method and device

Country Status (1)

Country Link
CN (1) CN109510776B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112019431B (en) * 2019-05-29 2023-04-18 阿里巴巴集团控股有限公司 Method, device and equipment for processing forwarding rule
CN111817960B (en) * 2020-07-23 2022-02-01 杭州迪普信息技术有限公司 Message forwarding method and device of flow control equipment
CN115834491A (en) * 2021-09-16 2023-03-21 华为技术有限公司 Message processing method, stream specification transmission method, device, system and storage medium

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103078794A (en) * 2013-01-08 2013-05-01 杭州华三通信技术有限公司 Message processing control method and device
CN103346974A (en) * 2013-06-03 2013-10-09 华为技术有限公司 Controlling method of service process and network device
CN104811326A (en) * 2014-01-24 2015-07-29 中兴通讯股份有限公司 Service chain management method, service chain management system, and devices
WO2015174968A1 (en) * 2014-05-13 2015-11-19 Hewlett-Packard Development Company, L.P. Network access control at controller
CN105871602A (en) * 2016-03-29 2016-08-17 华为技术有限公司 Control method, device and system for counting traffic
CN107026791A (en) * 2016-01-29 2017-08-08 华为技术有限公司 VPN vpn service optimization method and equipment
CN107404439A (en) * 2016-05-18 2017-11-28 华为技术有限公司 For redirecting the method and system, the network equipment and control device of data flow
CN107547432A (en) * 2017-08-28 2018-01-05 新华三信息安全技术有限公司 A kind of flow control methods and device
CN107925624A (en) * 2016-07-01 2018-04-17 华为技术有限公司 Message forwarding method, device and system based on business function chain SFC
CN108199965A (en) * 2017-12-28 2018-06-22 新华三技术有限公司 Flow spec list items delivery method, the network equipment, controller and autonomous system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160182300A1 (en) * 2014-12-17 2016-06-23 Cisco Technology, Inc., A Corporation Of California Selective Configuring of Throttling Engines for Flows of Packet Traffic

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103078794A (en) * 2013-01-08 2013-05-01 杭州华三通信技术有限公司 Message processing control method and device
CN103346974A (en) * 2013-06-03 2013-10-09 华为技术有限公司 Controlling method of service process and network device
CN104811326A (en) * 2014-01-24 2015-07-29 中兴通讯股份有限公司 Service chain management method, service chain management system, and devices
WO2015174968A1 (en) * 2014-05-13 2015-11-19 Hewlett-Packard Development Company, L.P. Network access control at controller
CN107026791A (en) * 2016-01-29 2017-08-08 华为技术有限公司 VPN vpn service optimization method and equipment
CN105871602A (en) * 2016-03-29 2016-08-17 华为技术有限公司 Control method, device and system for counting traffic
CN107404439A (en) * 2016-05-18 2017-11-28 华为技术有限公司 For redirecting the method and system, the network equipment and control device of data flow
CN107925624A (en) * 2016-07-01 2018-04-17 华为技术有限公司 Message forwarding method, device and system based on business function chain SFC
CN107547432A (en) * 2017-08-28 2018-01-05 新华三信息安全技术有限公司 A kind of flow control methods and device
CN108199965A (en) * 2017-12-28 2018-06-22 新华三技术有限公司 Flow spec list items delivery method, the network equipment, controller and autonomous system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
一种基于Flow-Spec的网络异常流量防护策略;黄卓君;《广东通信技术》;20120515(第05期);全文 *
基于BGP增强的流量调度技术;罗雨佳等;《电信科学》;20160320(第03期);全文 *

Also Published As

Publication number Publication date
CN109510776A (en) 2019-03-22

Similar Documents

Publication Publication Date Title
CN109510776B (en) Flow control method and device
US10027626B2 (en) Method for providing authoritative application-based routing and an improved application firewall
CN107078950B (en) Method, apparatus, and computer-readable storage medium for establishing a service chain
JP7373560B2 (en) Synergistic DNS security updates
CN106330714B (en) Method and device for realizing service function chain
EP2995042B1 (en) Data plane learning of bi-directional service chains
US20160119253A1 (en) Method and system of performing service function chaining
CN106713137B (en) VPN method, device and system based on segmented routing and SDN technology
WO2017100365A1 (en) Directing data traffic between intra-server virtual machines
EP1675326A1 (en) Method and apparatus for configuring a communication path
US20110149743A1 (en) Network distribution prevention when virtual chassis system undergoes splits and merges
CN113347097B (en) Apparatus, system, and method for providing node protection across label switched paths
CN110430076B (en) Route management method and device
US10735308B2 (en) Attestation based routing
EP3534570B1 (en) Route detection method and network device
US11811879B2 (en) Networking connection management based on container identification
CN107547386B (en) Message forwarding method and device
CN109561004B (en) Message forwarding method and device and switch
US20180083870A1 (en) Simple hierarchical label-switched paths
US11016852B1 (en) Guarded mode boot up and/or recovery of a network device
EP3503494B1 (en) Security system and security method for a data network and for terminal devices connected to the data network
US11831775B1 (en) Using secure tokens for stateless software defined networking
CN112153173B (en) IPv6 address rapid deployment and distribution method and device
CN107070787B (en) Default route revocation method and device
US20160277285A1 (en) Data routing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant