CN110971391B - Message forwarding method and network equipment - Google Patents

Message forwarding method and network equipment Download PDF

Info

Publication number
CN110971391B
CN110971391B CN201811157078.9A CN201811157078A CN110971391B CN 110971391 B CN110971391 B CN 110971391B CN 201811157078 A CN201811157078 A CN 201811157078A CN 110971391 B CN110971391 B CN 110971391B
Authority
CN
China
Prior art keywords
mirror image
target aggregation
board
port
data analysis
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811157078.9A
Other languages
Chinese (zh)
Other versions
CN110971391A (en
Inventor
张洋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Technologies Co Ltd Hefei Branch
Original Assignee
New H3C Technologies Co Ltd Hefei Branch
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by New H3C Technologies Co Ltd Hefei Branch filed Critical New H3C Technologies Co Ltd Hefei Branch
Priority to CN201811157078.9A priority Critical patent/CN110971391B/en
Publication of CN110971391A publication Critical patent/CN110971391A/en
Application granted granted Critical
Publication of CN110971391B publication Critical patent/CN110971391B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Power Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a message forwarding method and network equipment, wherein the network equipment comprises a plurality of interface boards, more than one network board and more than one data analysis board, the data analysis board comprises a data acquisition unit and a plurality of data analysis units, the data acquisition unit comprises a plurality of interconnection ports which are respectively and correspondingly connected with the plurality of data analysis units, and a target aggregation port comprising a plurality of interconnection ports is created on the data acquisition unit. The data acquisition unit receives the mirror image message and the target aggregation port identification, and selects an interconnection port corresponding to the service flow to which the mirror image message belongs from a plurality of interconnection ports of the target aggregation port indicated by the target aggregation port identification according to first communication characteristic information of the mirror image message; and sending the mirror image message through the selected interconnection port. The data analysis unit connected with the selected interconnection port analyzes the received mirror image message, so that the mirror image messages belonging to the same service flow are analyzed by the same data analysis unit, and the accuracy of an analysis result can be ensured.

Description

Message forwarding method and network equipment
Technical Field
The present disclosure relates to the field of communications technologies, and in particular, to a packet forwarding method and a network device.
Background
In the related art, network devices (such as switches, routers, etc.) are generally only used for forwarding data, and cannot implement analysis and calculation of user traffic, and the application scenarios are relatively limited.
Disclosure of Invention
In view of the above, an object of the present disclosure is to provide a message forwarding method and a network device, so as to at least partially improve the above problem.
In order to achieve the purpose, the following technical scheme is adopted in the disclosure:
in a first aspect, the present disclosure provides a packet forwarding method, which is applied to a network device, where the network device includes a plurality of interface boards, more than one network board, and more than one data analysis board, where the data analysis board includes a data acquisition unit and a plurality of data analysis units, the data acquisition unit includes a plurality of interconnection ports respectively connected to the plurality of data analysis units, and a target aggregation port including the plurality of interconnection ports is created on the data acquisition unit; the method comprises the following steps:
the data acquisition unit receives the mirror image message and a target aggregation port identifier indicating a target aggregation port; selecting an interconnection port corresponding to the service flow to which the mirror image message belongs from a plurality of interconnection ports of the target aggregation port indicated by the target aggregation port identification according to the first communication characteristic information of the mirror image message; sending the mirror image message through the selected interconnection port;
and the data analysis unit connected with the selected interconnection port analyzes the received mirror image message so that the mirror image messages belonging to the same service flow are analyzed by the same data analysis unit.
In a second aspect, the present disclosure provides a network device, including a plurality of interface boards, one or more network boards, and one or more data analysis boards, where the data analysis board includes a data acquisition unit and a plurality of data analysis units, the data acquisition unit includes a plurality of interconnection ports respectively connected to the plurality of data analysis units, and a target aggregation port including the plurality of interconnection ports is created on the data acquisition unit;
the data acquisition unit receives the mirror image message and a target aggregation port identifier indicating a target aggregation port; selecting an interconnection port corresponding to the service flow to which the mirror image message belongs from a plurality of interconnection ports of the target aggregation port indicated by the target aggregation port identification according to the first communication characteristic information of the mirror image message; sending the mirror image message through the selected interconnection port;
and the data analysis unit connected with the selected interconnection port analyzes the received mirror image message so that the mirror image messages belonging to the same service flow are analyzed by the same data analysis unit.
Compared with the prior art, the method has the following beneficial effects:
the network equipment comprises a plurality of interface boards, more than one network board and more than one data analysis board, wherein the data analysis board comprises a data acquisition unit and a plurality of data analysis units, the data acquisition unit comprises a plurality of interconnection ports respectively and correspondingly connected with the data analysis units, and a target aggregation port comprising the interconnection ports is established on the data acquisition unit. The data acquisition unit receives the mirror image message and a target aggregation port identification indicating a target aggregation port, and selects an interconnection port corresponding to a service flow to which the mirror image message belongs from a plurality of interconnection ports of the target aggregation port indicated by the target aggregation port identification according to first communication characteristic information of the mirror image message; and sending the mirror image message through the selected interconnection port. And the data analysis unit connected with the selected interconnection port analyzes the mirror image message so that the mirror image messages belonging to the same service flow are analyzed by the same data analysis unit. Thus, the completeness and accuracy of the analysis result can be ensured.
Drawings
To more clearly illustrate the technical solutions of the present disclosure, the drawings needed for the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present disclosure, and therefore should not be considered as limiting the scope, and those skilled in the art can also obtain other related drawings based on the drawings without inventive efforts.
Fig. 1 is a block schematic diagram of a network device provided by the present disclosure;
FIG. 2 is a block diagram of a data analysis board provided by the present disclosure;
fig. 3 is a schematic flowchart of a message forwarding method according to the present disclosure;
fig. 4 is a schematic diagram illustrating the sub-steps of step S34 shown in fig. 3.
Icon: 10-a network device; 111. 112-data analysis board; 12-a main control board; 13-a screen plate; 141. 142-an interface board; 20-a data acquisition unit; 21. 22, 23-data analysis unit.
Detailed Description
To make the objects, technical solutions and advantages of the present disclosure clearer, the technical solutions of the present disclosure will be clearly and completely described below with reference to the accompanying drawings in the present disclosure, and it is apparent that the described embodiments are some, but not all embodiments of the present disclosure. The components of the present disclosure, as generally described and illustrated in the figures herein, may be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the present disclosure, presented in the figures, is not intended to limit the scope of the claimed disclosure, but is merely representative of selected embodiments of the disclosure. All other embodiments, which can be derived by a person skilled in the art from the embodiments disclosed herein without making any creative effort, shall fall within the protection scope of the present disclosure.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.
Referring to fig. 1, fig. 1 is a block schematic diagram of a network device 10 provided in the present disclosure, where the network device 10 may be a switch, a router, and the like, for example, a frame switch. Network device 10 includes one or more data analysis boards, such as data analysis board 111 and data analysis board 112 shown in fig. 1, for performing analysis calculations on messages.
In addition, the network device 10 further includes a main control board 12, more than one network board 13, and a plurality of interface boards (such as the interface board 141 and the interface board 142 shown in fig. 1). The plurality of interface boards are connected to the main control board 12, and a user can configure any interface board on the main control board 12, for example, configure a mirror policy on the main control board 12, and send the configured mirror policy to a specified interface board.
The network board 13 is also called a switch network board for realizing data exchange from board to board. For example, the plurality of interface boards are connected to the one or more data analysis boards through the network board 13. Alternatively, the interconnected ports of the interface board and the network board 12 in the present disclosure may be configured in a HiGig (also called HG) mode, and correspondingly, the interconnected ports of the data analysis board and the network board 13 may be configured in a HG mode. Of course, the aforementioned ports configured in HG mode may also be configured in other modes as needed, which is not limited by this disclosure.
Please refer to fig. 2, which is a block diagram of the data analysis board 111 according to the present disclosure. The data analysis board 111 includes a data acquisition unit 20 and a plurality of data analysis units, such as a data analysis unit 21, a data analysis unit 22, and a data analysis unit 23 shown in fig. 2.
The plurality of data analysis units may be a plurality of independent processors, and are configured to perform analysis calculation on the received message. The data collecting unit 20 may be a switch chip including a port P0 connected to the network board 13 and a plurality of interconnection ports respectively connected to the plurality of analyzing units, such as a port P1 connected to the data analyzing unit 21, a port P2 connected to the data analyzing unit 22, and a port P3 connected to the data analyzing unit 23. The interconnected ports of the data acquisition unit 20 and the network board 13 may be configured in HG mode, for example, the port P0 may be configured in HG mode, and may also be configured in other modes according to the requirement.
In the present disclosure, the structure of the other data analysis boards is similar to that of the data analysis board 111, and is not described herein again.
Fig. 3 is a schematic flow chart of a packet forwarding method applied to the network device shown in fig. 1 according to the present disclosure, and the steps included in the method will be described in detail below.
Step S31, the main control board 13 generates a preset mirror policy including the second communication characteristic information and the target aggregation port identifier of the target aggregation port on the specified data analysis board according to the second communication characteristic information configured by the user and the data analysis board specified by the user, and issues the generated preset mirror policy to the interface board.
In some application scenarios, for example, in scenarios requiring edge computation, attack prevention, security detection, traffic identification, or traffic visualization, a message with specific communication feature information needs to be analyzed. In the present disclosure, all messages that conform to a particular communication characteristic information are directed to the same data analysis board for analysis.
Wherein, for all messages that conform to a specific communication characteristic information, the messages can be further divided into different service flows according to requirements. By means of the preset mirror strategy issued by the main control board 12, mirror messages which need to be analyzed and calculated by different data analysis units of the same data analysis board are shunted for the first time, so that the data analysis units of the data analysis boards can be further ensured to classify different service flows for the second time, messages of the same service flow can be analyzed by one data analysis unit of one data analysis board, and therefore the accuracy and completeness of analysis results are ensured.
In addition, by the above method, load balancing of each data analysis unit on the data analysis board can be realized, and further application of the analysis result of each service flow is facilitated.
Referring back to fig. 2, in order to achieve the above object, in the present disclosure, for each data analysis board, a target aggregation port is created on a data acquisition unit of the data analysis board, and interconnection ports on the data acquisition unit, which are connected to the data analysis units of the data analysis board, are set as member ports of the created target aggregation port. Taking the data analysis board 111 shown in fig. 2 as an example, a target aggregation port P is created on the data acquisition unit 20aAnd the port P1, the port P2 and the port P3 on the data acquisition unit 20 are all set as the target aggregation port PaThe member port of (2).
Based on the above setting, in implementation, a user may configure a mirror condition (e.g., the above-mentioned specific communication feature information) on the main control board 12, and specify a corresponding data analysis board to analyze all messages that meet the mirror condition.
When detecting the user configuration, the main control board 12 searches for the target aggregation port on the data analysis board specified by the user, for example, if the user specifies the data analysis board 111, the main control board 12 may find that the target aggregation port on the data analysis board 111 is Pa. Then, a preset mirroring policy is generated, which takes the specific communication characteristic information as a mirroring condition and takes the target aggregation port on the specified data analysis board as a destination outlet (also called "mirroring destination port"), and the preset mirroring policy is issued to an interface board specified by a user.
The specific communication characteristic information is the second communication characteristic information in the present disclosure, and may specifically be port information, VLAN (Virtual Local Area Network) information, or service flow information of a packet, where the service flow information may refer to triple information, quadruple information, quintuple information, heptatuple information, and the like of the packet, and the present disclosure does not limit this.
Optionally, in this disclosure, the preset mirroring policy may be implemented by an Access Control List (ACL) rule, in which case, the second communication feature information may be used as a matching field of the ACL rule, and a message meeting the matching field is copied to a specified target aggregation port, which is a matching action of the ACL rule.
Step S32, when any interface board determines that the received message matches with the second communication characteristic information in the preset mirror image strategy, the message is copied to obtain a mirror image message; and sending the mirror image message and a target aggregation port identifier serving as an output port of the mirror image message to the network board.
In step S32, the target aggregation port id sent by the interface board to the network board is a target aggregation port id serving as an egress interface of the mirror image packet. And the mirror image message obtained by the interface board copying takes the target aggregation port indicated by the target aggregation port identifier in the preset mirror image strategy as an output interface.
In this disclosure, a user may select to configure the preset mirroring policy on an ingress port or an egress port of the packet on the interface board.
When the preset mirror image strategy is configured on an input port, the interface board judges whether the message is matched with the second communication characteristic information in the preset mirror image strategy when receiving the message through the input port, and if the message is matched with the second communication characteristic information, the message is copied to a target aggregation port appointed in the preset mirror image strategy.
When the preset mirror image strategy is configured on an output port, the interface board judges whether a message is matched with second communication characteristic information in the preset mirror image strategy when determining that a forwarding outlet of the message is the output port, and if the message is matched with the second communication characteristic information, the interface board copies the message to a target aggregation port appointed in the preset mirror image strategy.
When the interface board forwards the mirror image packet, it may determine that an outgoing interface of the mirror image packet (i.e., a target aggregation port specified in the preset mirror image policy) is not on the board, so as to send the mirror image packet and a target aggregation port identifier of the target aggregation port to the network board 13, and when the network board 13 receives the mirror image packet and the target aggregation port identifier, it may determine a data analysis board where the target aggregation port indicated by the target aggregation port identifier is located, so as to send the mirror image packet and the target aggregation port identifier to the data analysis board through a port connected to the data analysis board.
And step S33, the data acquisition unit receives the mirror image message and the target aggregation port identifier.
In the present disclosure, each data analysis board is connected to the network board 13 through a data acquisition unit, and therefore, the information sent by the network board 13 to any data analysis board will be received by the data acquisition unit of the data analysis board. For example, in the above example, the mirror message and the target aggregation port identifier sent to the data analysis board 111 will be received by the data acquisition unit 20.
Step S34, the data acquisition unit selects, according to the first communication characteristic information of the mirror image packet, an interconnection port corresponding to the service flow to which the mirror image packet belongs from the plurality of interconnection ports of the target aggregation port indicated by the target aggregation port identifier.
And step S35, the data acquisition unit sends the mirror image message through the selected interconnection port.
And step S36, the data analysis unit connected with the selected interconnection port analyzes the received mirror image message, so that the mirror image messages belonging to the same service flow are analyzed by the same data analysis unit.
In this disclosure, when receiving the mirror image packet, the data acquisition unit may determine that an output interface of the mirror image packet is a target aggregation port on the data acquisition unit, so as to select an output interface for the mirror image packet in the target aggregation port.
In practical application, all messages matched with the second communication characteristic information in the preset mirroring policy may be divided into more than one service flow according to the communication characteristic information set by the user, where the communication characteristic information set by the user is the first communication characteristic information in the present disclosure, and the first communication characteristic information may be the service flow information described above, or may be a partial field in the service flow information. The messages with the same first communication characteristic information can be regarded as belonging to the same service flow, so that the messages can be sent to the data analysis unit corresponding to the same service flow for analysis.
Based on the above analysis, in the present disclosure, when the data acquisition unit selects an interface for the mirror image packet in each member port (interconnection port) included in the target aggregation port on the board, the member port corresponding to the first communication feature information of the mirror image packet may be selected as the outgoing interface of the mirror image packet.
For a certain service flow, the first communication characteristic information of the message belonging to the service flow is determined, and then the member port corresponding to the first communication characteristic information in the target aggregation port on the data acquisition unit is also determined. And because the data analysis unit connected with each member port is also determined, the messages with the same first communication characteristic information (namely, the messages belonging to the same service flow) can be analyzed by the same data analysis unit, so that the accuracy and the completeness of an analysis result are ensured.
Optionally, in an implementation manner of the present disclosure, a corresponding relationship between different first communication characteristic information and each member port included in a target aggregation port of the data acquisition unit may be preset on the data acquisition unit. In implementation, the data acquisition unit may search for a corresponding relationship hit by the first communication characteristic information of the received mirror image packet, and determine a member port in the corresponding relationship as an output interface of the mirror image packet.
In another implementation manner of the present disclosure, the step S34 may be implemented by the steps as shown in fig. 4.
Step S41, performing hash calculation on the first communication characteristic information of the mirror image packet to obtain a hash value.
Step S42, selecting an interconnection port corresponding to the obtained hash value from the multiple interconnection ports of the target aggregation port indicated by the target aggregation port identifier as an interconnection port corresponding to the service flow to which the mirror packet belongs.
And the plurality of interconnected ports are all member ports of the target aggregation port.
In this disclosure, hash correspondences between different hash values and each member port included in a target aggregation port of the data acquisition unit may be preset on the data acquisition unit.
Thus, when the data acquisition unit of any data analysis board receives the mirror image message and the target aggregation port identifier sent by the network board 13, the hash calculation is performed on the first communication characteristic information of the mirror image message to obtain a hash value; and searching a member port corresponding to the hash value in the hash corresponding relation of the target aggregation port indicated by the target aggregation port identification. Here, it may be determined that the searched member port corresponds to the service flow having the first communication characteristic information, and therefore, the searched member port is selected as a forwarding outlet of the mirror image packet.
It should be noted that, in the present disclosure, the first communication characteristic information refers to communication characteristic information for distinguishing traffic flows, and the second communication characteristic information refers to communication characteristic information for matching a specific packet in a preset mirroring policy configured by a user.
Specific examples will be given below with reference to fig. 1 and fig. 2 to further explain the packet forwarding method provided by the present disclosure.
Referring back to fig. 1, the interface board 141 includes a port a and a port B for connecting user equipment. The port A is connected with user equipment PCA, the IP address of the PCA is 1.1.1.1, the IP protocol number is 80, and the number of a transmission layer port (also called a TCP/UDP port or a four-layer port) is 1000; the port B is connected with a user equipment PCB, the IP address of the PCB is 2.2.2.2, the IP protocol number is 80, and the port number of a transmission layer is 2000. The user equipment PCA and the port A can be directly connected or indirectly connected through other network equipment; the user equipment PCB and port B may be directly connected or indirectly connected through other network devices.
In one example, assume that the user specifies a mirroring condition on the main control board 12 for port a of the interface board 141: the source IP address is 1.1.1.1, the destination IP address is 2.2.2.2, the source transport layer port number is 1000, the destination transport layer port number is 2000, the IP protocol number is 80, and a corresponding data analysis board 111 is assigned to the mirroring condition for analyzing the packet matching with the mirroring condition.
For the above situation, the message forwarding method provided by the present disclosure may be used for processing, and the specific process may be as follows:
the first and main control boards 12 determine the target aggregation port P included in the data acquisition unit 20 of the data analysis board 111 according to the above configurationa
Secondly, the main control board 12 generates a target aggregation port P with the source IP address 1.1.1.1, the destination IP address 2.2.2.2, the source transport layer port number 1000, the destination transport layer port number 2000 and the IP protocol number 80 as mirror conditionsaThe mirror policy x1 of the destination outlet sends the mirror policy x1 to the port a of the ingress port on the interface board 141 according to the user configuration.
Wherein, the source IP address 1.1.1.1, the destination IP address 2.2.2.2, the source transport layer port number 1000, the destination transport layer port number 2000, and the IP protocol number 80 may serve as the second communication characteristic information in the present disclosure, and the mirroring policy x1 may serve as the preset mirroring policy in the present disclosure.
Third, interface board 141 receives mirror policy x1 and configures mirror policy x1 on port A.
Fourthly, when the interface board 141 receives the packet D1 through the port a, it detects whether the packet D1 matches with the mirror condition in the mirror policy x1 configured on the port a, that is, it detects whether the source IP address of the packet D1 is 1.1.1.1, the destination IP address is 2.2.2.2, the source transport layer port number is 1000, the destination transport layer port number is 2000, and the IP protocol number is 80, if the detection results are both yes, it can determine that the packet D1 and the mirror policy x1 are in the packet D1 and the mirror policy x1The mirror conditions match so that the message D1 can be mirrored to the destination egress (i.e., target aggregation port P) specified in the mirror policy x1a)。
In other words, the interface board 141 copies the packet D1 to obtain the mirror packet D2, and directs the destination exit of the mirror packet D2 to the target aggregation port PaThus, the interface board 141 will aggregate the port P with the targetaThe mirror message D2 is forwarded for the destination egress.
Fifth, the interface board 141 detects the destination exit P of the mirror image packet D2aNot on board, the mirror message D2 and the mirror message D2 are marked as target aggregation port on the outbound interface (i.e., target aggregation port P)aIdentification of) to the web tablet 13.
Sixth, the network board 13 receives the mirror image message D2 and the target aggregation port PaDetects the target aggregation port PaOn the data analysis board 111, the port connecting the board and the data analysis board 111 is searched, and the mirror image message D2 is sent to the data analysis board 111 through the port.
Since the data analysis board 111 is connected to the network board 13 through the data acquisition unit 20, the data acquisition unit 20 will receive the mirror image message D2 and the target aggregation port PaIs detected.
It is assumed here that the hash algorithm on the data collection unit 20 is preset to perform hash calculation based on five tuple information of the mirror packet, which may serve as the first communication characteristic information in the present disclosure.
Seventh, the data collection unit 20 receives the mirror image message D2 and the target aggregation port PaWhen the identification of (2), the target aggregation port P is detectedaOn the board, five-tuple information of the mirror message D2, that is, the source IP address, the destination IP address, the source transport layer port number, the destination transport layer port number, and the IP protocol number, is obtained, and hash calculation is performed on the obtained five-tuple information.
Eighth, the data acquisition unit 20 acquires the aggregation port PaIncluding different hash values and the target aggregation port PaThe corresponding relationship between different member ports.
Assume that the hash table obtained in step eight includes three hash values 0, 1, and 2, where hash value 0 corresponds to port P1, hash value 1 corresponds to port P2, and hash value 2 corresponds to port P3.
Ninthly, if the hash value calculated in the seventh step is 0, selecting a port P1 corresponding to the hash value 0, and sending the mirror image packet D2 from the port P1, so that the data analysis unit 21 connected with the port P1 analyzes the mirror image packet D2; if the hash value calculated in the seventh step is 1, selecting a port P2 corresponding to the hash value 1, and sending the mirror packet D2 from the port P2, so that the data analysis unit 22 connected through the port P2 analyzes the mirror packet D2; if the hash value calculated in step seven is 2, then port P3 is selected, and the mirror packet D2 is sent from port P3, so that the data analysis unit 23 connected through port P3 analyzes the mirror packet D2.
The hash values obtained after the hash is performed on the same information are the same, the member port corresponding to each hash value is determined, and the data analysis unit connected to each member port is also determined, so that the mirror image packet can be forwarded to the same data analysis unit for analysis as long as the first communication characteristic information of the mirror image packet is the same (i.e., belongs to the same service flow).
In other examples, the user may select to configure the mirroring policy x1 on the port B of the interface board 141, in this case, after the interface board 141 configures the mirroring policy x1 on the port B, when determining that the forwarding outlet of any packet is the port B, that is, when it is necessary to forward any packet (for example, the packet D1) from the port B, it is detected whether the packet D1 matches the mirroring condition in the mirroring policy x1, and if so, a copy of the packet D1 is copied to obtain the target aggregation port PaAnd D2, carrying out subsequent processing according to the steps from five to nine.
In another example, it is assumed that port B of the interface board 141 can receive a packet sent from a VLAN 10 device, where the packet carries the VLAN tag 10. In this scenario, the user specifies the mirroring condition on the main control board for port B of the interface board 141: the VLAN tag is 10, and a corresponding data analysis board 111 is specified for the mirroring condition, so as to analyze a packet sent by a device in the VLAN 10.
In this example, the packet forwarding method provided by the present disclosure may be implemented through the following processes:
the first and main control boards 12 determine the target aggregation port P included in the data acquisition unit 20 of the data analysis board 111 according to the above configurationa
Secondly, the main control board 12 generates a target aggregation port P with VLAN 10 as a mirror image conditionaThe mirror policy x2 of the port for the mirror purpose is issued on the port B as the ingress port according to the user configuration, and the mirror policy x2 is issued.
Where VLAN 10 may serve as the second communication feature information in this disclosure, the mirroring policy x2 may serve as the preset mirroring policy in this disclosure.
Third, interface board 141 receives mirror policy x2 and configures mirror policy x2 on port B.
Fourthly, when the interface board 141 receives the packet D3 through the port a, it determines whether the packet D3 carries the VLAN tag 10, if so, copies one packet D3 to obtain a mirror packet D4, and directs the destination exit of the mirror packet D4 to the destination aggregation port Pa
Fifth, the interface board 141 detects that the exit of the mirror message D4 is not on the board, so the mirror message D4 and the target aggregation port P are mergedaIs sent to the screen 13.
Sixth, the network board 13 receives the mirror image message D4 and the target aggregation port PaDetects the target aggregation port PaOn the data analysis board 111, the port connecting the board and the data analysis board 111 is searched, and the mirror image message D4 and the target aggregation port P are sent from the portaIs sent to the data analysis board 111.
It is assumed that the data acquisition unit 20 is preset with quintuple information according to the mirror image packet at the target aggregation port PaAnd selecting a hash algorithm of the forwarding outlet.
Seventh, the data acquisition unit 20 receives the mirror image message D4, and determines the target aggregation port PaOn the board, hash calculation is performed on the quintuple information of the mirror packet D4, that is, hash calculation is performed on the source IP address, the destination IP address, the source transport layer port number, the destination transport layer port number, and the IP protocol number of the mirror packet D4, so as to obtain a corresponding hash value (assumed to be 1).
Eighth, the data acquisition unit 20 obtains the target aggregation port PaStill taking the hash table of the previous example as an example, the data collection unit 20 selects the port P2 corresponding to the hash value 1 and sends the mirror packet D4 through the port P2, so that the data analysis unit 22 connected through the port P2 analyzes the mirror packet D4.
In summary, the present disclosure provides a packet forwarding method and a network device, where the network device includes a plurality of interface boards, more than one network board, and more than one data analysis board, the data analysis board includes a data acquisition unit and a plurality of data analysis units, the data acquisition unit includes a plurality of interconnection ports respectively connected to the plurality of data analysis units, and a target aggregation port including the plurality of interconnection ports is created on the data acquisition unit. The data acquisition unit receives a mirror image message and a target aggregation port identification indicating a target aggregation port, selects an interconnection port corresponding to a service flow to which the mirror image message belongs from a plurality of interconnection ports of the target aggregation port indicated by the target aggregation port identification according to first communication characteristic information of the mirror image message, and sends the mirror image message from the selected interconnection port. And the data analysis unit connected with the selected interconnection port analyzes the mirror image message so that the mirror image messages belonging to the same service flow are analyzed by the same data analysis unit. Therefore, the messages passing through the network equipment can be guided to the corresponding data analysis board, and the same data analysis unit is adopted on the data analysis board to analyze the messages belonging to the same service flow, so that the completeness and the accuracy of an analysis result are ensured.
In the embodiments provided in the present disclosure, it should be understood that the disclosed apparatus and method may be implemented in other ways. The embodiments described above are merely illustrative, and the flowcharts and block diagrams in the figures, for example, illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present disclosure may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present disclosure. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The above description is only for the specific embodiments of the present disclosure, but the scope of the present disclosure is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present disclosure, and all the changes or substitutions should be covered within the scope of the present disclosure. Therefore, the protection scope of the present disclosure shall be subject to the protection scope of the claims.

Claims (10)

1. A message forwarding method is characterized in that the message forwarding method is applied to network equipment, the network equipment comprises a plurality of interface boards, more than one network board and more than one data analysis board, the data analysis board comprises a data acquisition unit and a plurality of data analysis units, the data acquisition unit comprises a plurality of interconnection ports respectively connected with the plurality of data analysis units correspondingly, and a target aggregation port comprising the plurality of interconnection ports is established on the data acquisition unit; the method comprises the following steps:
the data acquisition unit receives a mirror image message and a target aggregation port identifier indicating the target aggregation port; selecting an interconnection port corresponding to a service flow to which the mirror image message belongs from a plurality of interconnection ports of the target aggregation port indicated by the target aggregation port identifier according to first communication characteristic information of the mirror image message; sending the mirror image message through the selected interconnection port;
and the data analysis unit connected with the selected interconnection port analyzes the received mirror image message so as to analyze the mirror image messages belonging to the same service flow by the same data analysis unit.
2. The method of claim 1, wherein before the data collection unit receives a mirror packet and a target aggregation port identifier as an egress interface of the mirror packet, the method further comprises:
when any interface board determines that the received message is matched with second communication characteristic information in a preset mirror image strategy, copying the message to obtain a mirror image message; sending the mirror image message and the target aggregation port identification to the network board;
the network board receives the mirror image message and the target aggregation port identification; and sending the mirror image message and the target aggregation port identifier to a data analysis board where the target aggregation port indicated by the target aggregation port identifier is located.
3. The method of claim 2, wherein the network device further comprises a master board connected to the interface board, the method further comprising:
the main control board generates a preset mirror image strategy comprising the second communication characteristic information and a target aggregation port identifier of a target aggregation port on the appointed data analysis board according to second communication characteristic information configured by a user and the data analysis board appointed by the user, and transmits the generated preset mirror image strategy to the interface board.
4. The method of claim 3, wherein the second communication feature information comprises traffic flow information, VLAN information, or port information.
5. The method according to any one of claims 1 to 4, wherein selecting, according to the first communication feature information of the mirror packet, an interconnection port corresponding to a service flow to which the mirror packet belongs from a plurality of interconnection ports of the target aggregation port indicated by the target aggregation port identifier comprises:
performing hash calculation on the first communication characteristic information of the mirror image message to obtain a hash value;
and selecting an interconnection port corresponding to the obtained hash value from a plurality of interconnection ports of the target aggregation port indicated by the target aggregation port identifier as an interconnection port corresponding to the service flow to which the mirror image packet belongs.
6. A network device is characterized by comprising a plurality of interface boards, more than one screen board and more than one data analysis board, wherein the data analysis board comprises a data acquisition unit and a plurality of data analysis units, the data acquisition unit comprises a plurality of interconnection ports respectively connected with the data analysis units correspondingly, and a target aggregation port comprising the interconnection ports is established on the data acquisition unit;
the data acquisition unit receives a mirror image message and a target aggregation port identifier indicating the target aggregation port; selecting an interconnection port corresponding to a service flow to which the mirror image message belongs from a plurality of interconnection ports of the target aggregation port indicated by the target aggregation port identifier according to first communication characteristic information of the mirror image message; sending the mirror image message through the selected interconnection port;
and the data analysis unit connected with the selected interconnection port analyzes the received mirror image message so as to analyze the mirror image messages belonging to the same service flow by the same data analysis unit.
7. The network device of claim 6,
before the data acquisition unit receives a mirror image message and a target aggregation port identifier serving as an output port of the mirror image message, when the received message is determined to be matched with second communication characteristic information in a preset mirror image strategy, any interface board copies the message to obtain the mirror image message; sending the mirror image message and the target aggregation port identification to the network board;
the network board receives the mirror image message and the target aggregation port identification; and sending the mirror image message and the target aggregation port identifier to a data analysis board where the target aggregation port indicated by the target aggregation port identifier is located.
8. The network device according to claim 7, further comprising a main control board connected to the interface board, wherein the main control board generates a preset mirror policy including the second communication feature information and a target aggregation port on the designated data analysis board according to second communication feature information configured by a user and a data analysis board designated by the user, and issues the generated preset mirror policy to the interface board.
9. The network device of claim 8, wherein the second communication feature information comprises traffic flow information, VLAN information, or port information.
10. The network device according to any one of claims 6 to 9, wherein the data acquisition unit is specifically configured to hash the first communication feature information of the mirror packet to obtain a hash value, and select, from the multiple interconnection ports of the target aggregation port indicated by the target aggregation port identifier, an interconnection port corresponding to the obtained hash value as an interconnection port corresponding to a service flow to which the mirror packet belongs.
CN201811157078.9A 2018-09-30 2018-09-30 Message forwarding method and network equipment Active CN110971391B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811157078.9A CN110971391B (en) 2018-09-30 2018-09-30 Message forwarding method and network equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811157078.9A CN110971391B (en) 2018-09-30 2018-09-30 Message forwarding method and network equipment

Publications (2)

Publication Number Publication Date
CN110971391A CN110971391A (en) 2020-04-07
CN110971391B true CN110971391B (en) 2022-03-11

Family

ID=70029026

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811157078.9A Active CN110971391B (en) 2018-09-30 2018-09-30 Message forwarding method and network equipment

Country Status (1)

Country Link
CN (1) CN110971391B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112054969B (en) * 2019-06-06 2023-03-24 中兴通讯股份有限公司 Method and device for realizing message mirror image
CN111404829B (en) * 2020-04-17 2024-02-27 杭州迪普科技股份有限公司 Port aggregation method, device, equipment and storage medium
CN114124839B (en) * 2021-09-07 2023-06-06 中国联合网络通信集团有限公司 Interface board and data processing method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106100999A (en) * 2016-08-28 2016-11-09 北京瑞和云图科技有限公司 Image network flow control protocol in a kind of virtualized network environment
CN106559233A (en) * 2015-09-28 2017-04-05 中兴通讯股份有限公司 The mirror processing method and device of data flow
CN108429768A (en) * 2018-05-29 2018-08-21 新华三云计算技术有限公司 Cloud data analysis service manages system, method and cloud server

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040003094A1 (en) * 2002-06-27 2004-01-01 Michael See Method and apparatus for mirroring traffic over a network

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106559233A (en) * 2015-09-28 2017-04-05 中兴通讯股份有限公司 The mirror processing method and device of data flow
CN106100999A (en) * 2016-08-28 2016-11-09 北京瑞和云图科技有限公司 Image network flow control protocol in a kind of virtualized network environment
CN108429768A (en) * 2018-05-29 2018-08-21 新华三云计算技术有限公司 Cloud data analysis service manages system, method and cloud server

Also Published As

Publication number Publication date
CN110971391A (en) 2020-04-07

Similar Documents

Publication Publication Date Title
US10855718B2 (en) Management of actions in a computing environment based on asset classification
US20190238410A1 (en) Verifying network intents
CN108900541B (en) System and method for sensing security situation of SDN (software defined network) of cloud data center
CN107667505B (en) System and method for monitoring and managing data center
US10708146B2 (en) Data driven intent based networking approach using a light weight distributed SDN controller for delivering intelligent consumer experience
US10129270B2 (en) Apparatus, system and method for identifying and mitigating malicious network threats
CN110971391B (en) Message forwarding method and network equipment
CN107302527B (en) Equipment anomaly detection method and device
US20160119253A1 (en) Method and system of performing service function chaining
CN108471383B (en) Message forwarding method, device and system
CN107241186A (en) Application signature is generated and distributed
EP3544237B1 (en) Sdn-based remote stream mirroring control method, implementation method, and related device
WO2017186932A1 (en) A data driven intent based networking approach using a light weight distributed sdn controller for delivering intelligent consumer experiences
CN104115463A (en) A streaming method and system for processing network metadata
US20180367431A1 (en) Heavy network flow detection method and software-defined networking switch
US10404589B2 (en) Systems and methods for determining input and output interfaces of a network device and copies of a same packet going through the network device
CN108683615B (en) Message distribution method and device and distribution switch
US10129342B2 (en) Mapping network service dependencies
US10938721B2 (en) Hash collision mitigation system
EP3565184B1 (en) Data monitoring for network switch resource
US9356876B1 (en) System and method for classifying and managing applications over compressed or encrypted traffic
CN106453367B (en) SDN-based method and system for preventing address scanning attack
CN111953810A (en) Method, apparatus and storage medium for identifying proxy internet protocol address
CN111953748A (en) Session record generation method, device and storage medium
CN112445956A (en) Lawful interception of traffic for analysis based on traffic-associated application identifiers or (URLs)

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant