CN111490972A - Table item management method, device and equipment and machine readable storage medium - Google Patents

Table item management method, device and equipment and machine readable storage medium Download PDF

Info

Publication number
CN111490972A
CN111490972A CN202010133012.7A CN202010133012A CN111490972A CN 111490972 A CN111490972 A CN 111490972A CN 202010133012 A CN202010133012 A CN 202010133012A CN 111490972 A CN111490972 A CN 111490972A
Authority
CN
China
Prior art keywords
entry
group
access control
control list
table entry
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202010133012.7A
Other languages
Chinese (zh)
Inventor
徐绍虎
崔广美
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Security Technologies Co Ltd
Original Assignee
New H3C Security Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by New H3C Security Technologies Co Ltd filed Critical New H3C Security Technologies Co Ltd
Priority to CN202010133012.7A priority Critical patent/CN111490972A/en
Publication of CN111490972A publication Critical patent/CN111490972A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The present disclosure provides a table entry management method, apparatus, device and machine-readable storage medium, the method comprising: acquiring a table item group to be inserted, wherein the table item group to be inserted comprises table items to be inserted which need to be inserted into a pre-established access control list; acquiring the insertion position of each table entry to be inserted of the table entry group to be inserted; adjusting an access control list according to the insertion position of each table entry to be inserted in the table entry group to be inserted; and inserting the table entry to be inserted of the table entry group to be inserted into the access control list. According to the technical scheme, the information of a plurality of to-be-inserted table entries of the to-be-inserted table entries is acquired, the existing table entries in the access control list needing to be adjusted are migrated at one time, and then the plurality of to-be-inserted table entries are inserted at one time, so that the migration quantity of the table entries in the access control list is reduced, and the problem of huge migration quantity of the table entries is solved.

Description

Table item management method, device and equipment and machine readable storage medium
Technical Field
The present disclosure relates to the field of communications technologies, and in particular, to a method, an apparatus, a device, and a machine-readable storage medium for entry management.
Background
These instruction lists are used to tell the network device which packets can be received and which packets need to be rejected.
The access control list has a number of functions such as limiting network traffic, improving network performance, control of communication traffic, e.g., the AC L may limit or simplify the length of routing update information, thereby limiting communication traffic through a network segment of the router, providing a basic means of network security access, deciding at a router port which type of communication traffic is to be forwarded or blocked, e.g., a user may allow E-mail communication traffic to be routed, deny all Telnet communication traffic, etc.
The TCAM (ternary Content Addressable memory) is a ternary Content Addressable memory, mainly used for fast searching for items such as AC L, routing and the like, and is developed on the basis of the CAM, the general CAM memory has only two states of each bit, namely 0 or 1, and each bit in the TCAM has three states, except 0 and 1, and also has a don't care state, so the state is called as ternary state, and the ternary Content Addressable memory is realized through a mask.
The current method for adjusting the access control list is that when each table entry is inserted, all the table entry positions behind the table entry need to be migrated backwards, so that when the issued table entries are frequent and large in number, the migration amount of the table entries is huge, and the running resources of the device are occupied.
Disclosure of Invention
In view of the above, the present disclosure provides a method and an apparatus for entry management, an electronic device, and a machine-readable storage medium to solve the problem of huge entry migration.
The present disclosure provides a table entry management method, applied to a network device, the method including: acquiring a table item group to be inserted, wherein the table item group to be inserted comprises table items to be inserted which need to be inserted into a pre-established access control list; acquiring the insertion position of each table entry to be inserted of the table entry group to be inserted; adjusting an access control list according to the insertion position of each table entry to be inserted in the table entry group to be inserted; and inserting the table entry to be inserted of the table entry group to be inserted into the access control list.
As a technical scheme, the method comprises the following steps: and caching the table items to be inserted of the table item group to be inserted before the table items to be inserted of the table item group to be inserted are inserted into the access control list.
As a technical solution, the adjusting an access control list according to an insertion position of each entry to be inserted of a group of entries to be inserted includes: when the access control list is adjusted, if a newly added table entry to be inserted is received, adding the newly added table entry to be inserted into the table entry group to be inserted; updating the insertion position of each table entry to be inserted in the table entry group to be inserted; and adjusting the access control list according to the insertion position of each table entry to be inserted in the updated table entry group to be inserted.
As a technical solution, the obtaining an insertion position of each entry to be inserted of the entry group to be inserted includes: and determining the insertion position of the table entry to be inserted according to the priority of the table entry to be inserted.
The present disclosure also provides a table item management device, which is applied to a network device, and the device includes: the processing module is used for acquiring a to-be-inserted table item group, wherein the to-be-inserted table item group comprises to-be-inserted table items which need to be inserted into a pre-established access control list, and the processing module is also used for acquiring the insertion positions of all to-be-inserted table items of the to-be-inserted table item group; and the table item module is used for adjusting the access control list according to the insertion position of each table item to be inserted of the table item group to be inserted, and is also used for inserting the table item to be inserted of the table item group to be inserted into the access control list.
As a technical solution, the apparatus further includes a storage module, configured to cache an entry to be inserted of the entry group to be inserted before the entry to be inserted of the entry group to be inserted is inserted in the access control list.
As a technical solution, the adjusting an access control list according to an insertion position of each entry to be inserted of a group of entries to be inserted includes: when the table entry module adjusts the access control list, if a processing module receives a newly added table entry to be inserted, adding the newly added table entry to be inserted into the table entry group to be inserted; the processing module updates the insertion position of each table entry to be inserted in the table entry group to be inserted; and the table item module adjusts the access control list according to the updated insertion position of each table item to be inserted in the table item group to be inserted.
As a technical solution, the obtaining an insertion position of each entry to be inserted of the entry group to be inserted includes: and determining the insertion position of the table entry to be inserted according to the priority of the table entry to be inserted.
The present disclosure also provides an electronic device, including a processor and a machine-readable storage medium, where the machine-readable storage medium stores machine-executable instructions capable of being executed by the processor, and the processor executes the machine-executable instructions to implement the aforementioned table entry management method.
The present disclosure also provides a machine-readable storage medium having stored thereon machine-executable instructions that, when invoked and executed by a processor, cause the processor to implement the aforementioned entry management method.
The technical scheme provided by the disclosure at least brings the following beneficial effects:
the method comprises the steps of obtaining information of a plurality of to-be-inserted table entries of the to-be-inserted table entries, migrating existing table entries in an access control list needing to be adjusted at one time, and then inserting the plurality of to-be-inserted table entries at one time, so that the migration amount of the table entries in the access control list is reduced, and the problem of huge migration amount of the table entries is solved.
Drawings
In order to more clearly illustrate the embodiments of the present disclosure or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments of the present disclosure or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in the present disclosure, and other drawings can be obtained by those skilled in the art according to the drawings of the embodiments of the present disclosure.
FIG. 1 is a flow diagram of a method for entry management in one embodiment of the present disclosure;
FIG. 2 is a block diagram of an entry management device in an embodiment of the present disclosure;
FIG. 3 is a block diagram of an entry management device in one embodiment of the present disclosure;
fig. 4 is a hardware configuration diagram of an electronic device in an embodiment of the present disclosure.
Detailed Description
The terminology used in the embodiments of the present disclosure is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. As used in this disclosure and the claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein is meant to encompass any and all possible combinations of one or more of the associated listed items.
It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information in the embodiments of the present disclosure, such information should not be limited by these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present disclosure. Depending on the context, moreover, the word "if" as used may be interpreted as "at … …" or "when … …" or "in response to a determination".
The TCAM entries are determined according to addresses and sorted according to a predetermined direction according to priority, for example, the lower the address is, the higher the priority is, or the higher the address is, the higher the priority is. When searching for the table entry of the TCAM, the TCAM may be matched with all the tables, but according to the matching priority, a table entry result with a high priority is returned, and the queried address or the corresponding content is returned. If only one table entry can be matched, only one result is returned; but if there are more entries that can be matched, the highest priority entry of all the matched entries is returned, and the low priority table will not return the result.
The AC L matching is often used in network devices such as Ethernet products, security products and the like, so that the items of the type need to be managed, the required items are put into the corresponding priorities, otherwise, return errors may occur, and the corresponding priorities of all the items need to be managed.
Currently, it is desired to insert a table entry X1Is inserted to the total length of A1To AmIn the access control list of m entries in total, and the position is AnAfter that An+1Before, then A needs to be addedn+1To AmThe total m-n list items are moved backwards one by one to the space of one list item, and then the list item X is inserted1. If the table entry X to be inserted exists2The above operations are repeated after the insertion is completed, so that if a plurality of entries to be inserted exist, the existing entries need to be repeatedly migrated for many times, and the number of entry migration operations is huge in this way.
In view of the above, the present disclosure provides a method and an apparatus for entry management, an electronic device, and a machine-readable storage medium to solve the problem of huge entry migration.
The specific technical scheme is as follows.
In one embodiment, the present disclosure provides an entry management method applied to a network device, where the method includes: acquiring a table item group to be inserted, wherein the table item group to be inserted comprises table items to be inserted which need to be inserted into a pre-established access control list; acquiring the insertion position of each table entry to be inserted of the table entry group to be inserted; adjusting an access control list according to the insertion position of each table entry to be inserted in the table entry group to be inserted; and inserting the table entry to be inserted of the table entry group to be inserted into the access control list.
The total length of the present embodiment is A1To AmAn access control list of m entries in total, and two entries X to be inserted1、X2For example. When more than two table entries to be inserted are needed, the same or similar mode is used for implementation, and then the table entry insertion can be completed.
If only one entry to be inserted exists, the technical scheme provided by the present disclosure may also be used, but in practical applications, the technical scheme provided by the present disclosure is not used in an application scenario of only one entry to be inserted, and the entry migration amount is also only one time, so detailed description is not provided herein.
Specifically, as shown in fig. 1, the present embodiment includes the steps of:
step S11, obtaining the table item group to be inserted, the table item group to be inserted includes the table item to be inserted which needs to be inserted into the access control list which is established in advance.
Firstly, an entry group to be inserted is obtained, wherein the entry group to be inserted is composed of a plurality of entries to be inserted, and the entries to be inserted can be continuous or discontinuous.
Step S12, the insertion position of each entry to be inserted of the entry group to be inserted is obtained.
Here, the two cases are explained, and the obtained insertion position of the entry to be inserted indicates X1、X2Two continuous table entries to be inserted are inserted at the position AnAfter that An+1Before, or, if X1、X2For two discontinuous table entries to be inserted, X1At the insertion position of ApAfter that Ap+1Before, X2At the insertion position of AqAfter that Aq+1Before.
Step S13, according to the insertion position of each table item to be inserted in the table item group to be inserted, the access control list is adjusted.
If X1、X2Two continuous table entries to be inserted are inserted at the position AnAfter that An+1Before, obtain An+1To AmIn total, m-n entries need to be migrated backwards, and the migration amount is the space of two entries.
If X1、X2For two discontinuous table entries to be inserted, X1At the insertion position of ApAfter that Ap+1Before, X2At the insertion position of AqAfter that Aq+1Before, obtain Ap+1To AmThe total m-p entries need to be migrated backwards, wherein Ap+1To AqThe total transfer amount of q-p table entries is the space of one table entry, Aq+1To AmThe total transfer amount of m-q table entries is the space of two table entries. In the scheme, since q is set to be larger than p, if p is larger than q, the above is opposite, the implementation of the scheme is not influenced, and X is used1、X2Is discontinuous, and p is not equal to q.
In the above embodiments, m, n, p, and q are all positive integers.
According to the above, the existing entries in the access control list are migrated once as required.
In step S14, the entry to be inserted of the entry group to be inserted is inserted into the access control list.
After the existing table items in the access control list are migrated according to the needs, X is migrated once1、X2Two entries are inserted into the set aside list space.
The table item management is completed in the above way no matter X1、X2Whether two entries are consecutive, An+1To AmA total of m-n entries or Ap+1To AmIn the total m-p table entries, each table entry is migrated only once.
If the technical solution of the present embodiment is not adopted, then X is1、X2When two entries are consecutive, An+1To AmEach table entry in the m-n total table entries needs to be migrated twice, if X is1、X2When two table entries are continuous, Ap+1To AqEach table entry in the total q-p table entries needs to be migrated once, Aq+1To AmEach entry in the m-q total entries needs to be migrated twice.
In summary, the present embodiment improves the problem of huge entry migration amount.
In one embodiment, the method comprises: and caching the table items to be inserted of the table item group to be inserted before the table items to be inserted of the table item group to be inserted are inserted into the access control list.
And caching each table entry to be inserted, and simultaneously adjusting the sequence and editing in a cache space as required, thereby providing convenience for subsequent one-time insertion.
In an embodiment, the adjusting the access control list according to the insertion position of each entry to be inserted in the entry group to be inserted includes: when the access control list is adjusted, if a newly added table entry to be inserted is received, adding the newly added table entry to be inserted into the table entry group to be inserted; updating the insertion position of each table entry to be inserted in the table entry group to be inserted; and adjusting the access control list according to the insertion position of each table entry to be inserted in the updated table entry group to be inserted.
If a new entry to be inserted is added in the process of adjusting the access control list according to the embodiment, the insertion position of each entry to be inserted and the position of the existing entry in the access control list, which needs to be migrated, are obtained through recalculation, the entries that have been migrated are compared, and then the access control list is continuously adjusted according to the result.
In an embodiment, the obtaining an insertion position of each entry to be inserted of the entry group to be inserted includes: and determining the insertion position of the table entry to be inserted according to the priority of the table entry to be inserted.
And comparing the priority of the to-be-inserted table entry with the priority of other to-be-inserted table entries and the priority of the existing table entries in the access control list according to the priority of the to-be-inserted table entry, and then arranging to obtain the insertion position and the sequence of each to-be-inserted table entry.
In an embodiment, the present disclosure also provides an entry management apparatus applied to a network device, where the apparatus includes: the processing module is used for acquiring a to-be-inserted table item group, wherein the to-be-inserted table item group comprises to-be-inserted table items which need to be inserted into a pre-established access control list, and the processing module is also used for acquiring the insertion positions of all to-be-inserted table items of the to-be-inserted table item group; and the table item module is used for adjusting the access control list according to the insertion position of each table item to be inserted of the table item group to be inserted, and is also used for inserting the table item to be inserted of the table item group to be inserted into the access control list.
The total length of the present embodiment is A1To AmAn access control list of m entries in total, and two entries X to be inserted1、X2For example. When more than two table entries to be inserted are needed, the same or similar mode is used for implementation, and then the table entry insertion can be completed.
If only one entry to be inserted exists, the technical scheme provided by the present disclosure may also be used, but in practical applications, the technical scheme provided by the present disclosure is not used in an application scenario of only one entry to be inserted, and the entry migration amount is also only one time, so detailed description is not provided herein.
Specifically, as shown in fig. 2, the apparatus provided in this embodiment is as follows:
the processing module 21 is configured to obtain a to-be-inserted table entry group, where the to-be-inserted table entry group includes a to-be-inserted table entry that needs to be inserted into a pre-established access control list, and the processing module is further configured to obtain an insertion position of each to-be-inserted table entry of the to-be-inserted table entry group.
The table entry module 22 is configured to adjust the access control list according to an insertion position of each table entry to be inserted of the table entry group to be inserted, and the table entry module is further configured to insert the table entry to be inserted of the table entry group to be inserted into the access control list.
Firstly, an entry group to be inserted is obtained, wherein the entry group to be inserted is composed of a plurality of entries to be inserted, and the entries to be inserted can be continuous or discontinuous.
Here, the two cases are explained, and the obtained insertion position of the entry to be inserted indicates X1、X2Two continuous table entries to be inserted are inserted at the position AnAfter that An+1Before, or, if X1、X2For two discontinuous table entries to be inserted, X1At the insertion position of ApAfter that Ap+1Before, X2At the insertion position of AqAfter that Aq+1Before.
If X1、X2Two continuous table entries to be inserted are inserted at the position AnAfter that An+1Before, obtain An+1To AmIn total, m-n entries need to be migrated backwards, and the migration amount is the space of two entries.
If X1、X2For two discontinuous table entries to be inserted, X1At the insertion position of ApAfter that Ap+1Before, X2At the insertion position of AqAfter that Aq+1Before, obtain Ap+1To AmThe total m-p entries need to be migrated backwards, wherein Ap+1To AqThe total transfer amount of q-p table entries is the space of one table entry, Aq+1To AmThe total transfer amount of m-q table entries is the space of two table entries. In the scheme, since q is set to be larger than p, if p is larger than q, the above is opposite, the implementation of the scheme is not influenced, and X is used1、X2Is discontinuous, and p is not equal to q.
In the above embodiments, m, n, p, and q are all positive integers.
According to the above, the existing entries in the access control list are migrated once as required.
After the existing table items in the access control list are migrated according to the needs, X is migrated once1、X2Two entries are inserted into the set aside list space.
The table item management is completed in the above way no matter X1、X2Whether two entries are consecutive, An+1To AmA total of m-n entries or Ap+1To AmIn the total m-p table entries, each table entry is migrated only once.
If the technical solution of the present embodiment is not adopted, then X is1、X2When two entries are consecutive, An+1To AmEach table entry in the m-n total table entries needs to be migrated twice, if X is1、X2When two table entries are continuous, Ap+1To AqEach table entry in the total q-p table entries needs to be migrated once, Aq+1To AmEach entry in the m-q total entries needs to be migrated twice.
In summary, the present embodiment improves the problem of huge entry migration amount.
In an embodiment, as shown in fig. 3, the apparatus further includes a storage module 23, configured to cache the entry to be inserted of the entry group to be inserted before the entry to be inserted of the entry group to be inserted is inserted in the access control list.
And caching each table entry to be inserted, and simultaneously adjusting the sequence and editing in a cache space as required, thereby providing convenience for subsequent one-time insertion.
In an embodiment, the adjusting the access control list according to the insertion position of each entry to be inserted in the entry group to be inserted includes: when the table entry module adjusts the access control list, if a processing module receives a newly added table entry to be inserted, adding the newly added table entry to be inserted into the table entry group to be inserted; the processing module updates the insertion position of each table entry to be inserted in the table entry group to be inserted; and the table item module adjusts the access control list according to the updated insertion position of each table item to be inserted in the table item group to be inserted.
If a new entry to be inserted is added in the process of adjusting the access control list according to the embodiment, the insertion position of each entry to be inserted and the position of the existing entry in the access control list, which needs to be migrated, are obtained through recalculation, the entries that have been migrated are compared, and then the access control list is continuously adjusted according to the result.
In an embodiment, the obtaining an insertion position of each entry to be inserted of the entry group to be inserted includes: and determining the insertion position of the table entry to be inserted according to the priority of the table entry to be inserted.
And comparing the priority of the to-be-inserted table entry with the priority of other to-be-inserted table entries and the priority of the existing table entries in the access control list according to the priority of the to-be-inserted table entry, and then arranging to obtain the insertion position and the sequence of each to-be-inserted table entry.
In an embodiment, the present disclosure provides an electronic device, including a processor and a machine-readable storage medium, where the machine-readable storage medium stores machine-executable instructions capable of being executed by the processor, and the processor executes the machine-executable instructions to implement the aforementioned table entry management method, and from a hardware level, a schematic diagram of a hardware architecture may be as shown in fig. 4.
In one embodiment, the present disclosure provides a machine-readable storage medium having stored thereon machine-executable instructions that, when invoked and executed by a processor, cause the processor to implement the aforementioned entry management method.
Here, a machine-readable storage medium may be any electronic, magnetic, optical, or other physical storage device that can contain or store information such as executable instructions, data, and so forth. For example, the machine-readable storage medium may be: a RAM (random access Memory), a volatile Memory, a non-volatile Memory, a flash Memory, a storage drive (e.g., a hard drive), a solid state drive, any type of storage disk (e.g., an optical disk, a dvd, etc.), or similar storage medium, or a combination thereof.
The systems, devices, modules or units described in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. A typical implementation device is a computer, which may take the form of a personal computer, laptop computer, cellular telephone, camera phone, smart phone, personal digital assistant, media player, navigation device, email messaging device, game console, tablet computer, wearable device, or a combination of any of these devices.
For convenience of description, the above devices are described as being divided into various units by function, and are described separately. Of course, the functionality of the various elements may be implemented in the same one or more software and/or hardware implementations in practicing the disclosure.
As will be appreciated by one skilled in the art, embodiments of the present disclosure may be provided as a method, system, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present disclosure may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and so forth) having computer-usable program code embodied therein.
The present disclosure is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the disclosure. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Furthermore, these computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
As will be appreciated by one skilled in the art, embodiments of the present disclosure may be provided as a method, system, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present disclosure may take the form of a computer program product embodied on one or more computer-usable storage media (which may include, but is not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The above description is only an embodiment of the present disclosure, and is not intended to limit the present disclosure. Various modifications and variations of this disclosure will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present disclosure should be included in the scope of the claims of the present disclosure.

Claims (10)

1. An entry management method applied to a network device, the method comprising:
acquiring a table item group to be inserted, wherein the table item group to be inserted comprises table items to be inserted which need to be inserted into a pre-established access control list;
acquiring the insertion position of each table entry to be inserted of the table entry group to be inserted;
adjusting an access control list according to the insertion position of each table entry to be inserted in the table entry group to be inserted;
and inserting the table entry to be inserted of the table entry group to be inserted into the access control list.
2. The method according to claim 1, characterized in that it comprises:
and caching the table items to be inserted of the table item group to be inserted before the table items to be inserted of the table item group to be inserted are inserted into the access control list.
3. The method of claim 1, wherein said adjusting the access control list according to the insertion position of each entry to be inserted of the entry group to be inserted comprises:
when the access control list is adjusted, if a newly added table entry to be inserted is received, adding the newly added table entry to be inserted into the table entry group to be inserted;
updating the insertion position of each table entry to be inserted in the table entry group to be inserted;
and adjusting the access control list according to the insertion position of each table entry to be inserted in the updated table entry group to be inserted.
4. The method of claim 1, wherein the obtaining the insertion position of each entry to be inserted of the entry group comprises:
and determining the insertion position of the table entry to be inserted according to the priority of the table entry to be inserted.
5. An entry management apparatus applied to a network device, the apparatus comprising:
the processing module is used for acquiring a to-be-inserted table item group, wherein the to-be-inserted table item group comprises to-be-inserted table items which need to be inserted into a pre-established access control list, and the processing module is also used for acquiring the insertion positions of all to-be-inserted table items of the to-be-inserted table item group;
and the table item module is used for adjusting the access control list according to the insertion position of each table item to be inserted of the table item group to be inserted, and is also used for inserting the table item to be inserted of the table item group to be inserted into the access control list.
6. The method of claim 5, wherein the apparatus further comprises a storage module configured to cache the entry to be inserted of the entry group to be inserted before the entry to be inserted of the entry group to be inserted is inserted into the access control list.
7. The method of claim 5, wherein adjusting the access control list according to the insertion position of each entry to be inserted of the set of entries to be inserted comprises:
when the table entry module adjusts the access control list, if a processing module receives a newly added table entry to be inserted, adding the newly added table entry to be inserted into the table entry group to be inserted;
the processing module updates the insertion position of each table entry to be inserted in the table entry group to be inserted;
and the table item module adjusts the access control list according to the updated insertion position of each table item to be inserted in the table item group to be inserted.
8. The method of claim 5, wherein the obtaining the insertion position of each entry to be inserted of the entry group comprises:
and determining the insertion position of the table entry to be inserted according to the priority of the table entry to be inserted.
9. An electronic device, comprising: a processor and a machine-readable storage medium storing machine-executable instructions executable by the processor to perform the method of any one of claims 1 to 4.
10. A machine-readable storage medium having stored thereon machine-executable instructions which, when invoked and executed by a processor, cause the processor to implement the method of any of claims 1-4.
CN202010133012.7A 2020-02-29 2020-02-29 Table item management method, device and equipment and machine readable storage medium Withdrawn CN111490972A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010133012.7A CN111490972A (en) 2020-02-29 2020-02-29 Table item management method, device and equipment and machine readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010133012.7A CN111490972A (en) 2020-02-29 2020-02-29 Table item management method, device and equipment and machine readable storage medium

Publications (1)

Publication Number Publication Date
CN111490972A true CN111490972A (en) 2020-08-04

Family

ID=71810719

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010133012.7A Withdrawn CN111490972A (en) 2020-02-29 2020-02-29 Table item management method, device and equipment and machine readable storage medium

Country Status (1)

Country Link
CN (1) CN111490972A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113901274A (en) * 2021-09-10 2022-01-07 锐捷网络股份有限公司 Method, device, equipment and medium for moving TCAM (ternary content addressable memory) table items

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113901274A (en) * 2021-09-10 2022-01-07 锐捷网络股份有限公司 Method, device, equipment and medium for moving TCAM (ternary content addressable memory) table items

Similar Documents

Publication Publication Date Title
US11811660B2 (en) Flow classification apparatus, methods, and systems
US8032529B2 (en) Enhanced bloom filters
US8750144B1 (en) System and method for reducing required memory updates
US8341187B2 (en) Method and device for storage
CN107528783B (en) IP route caching with two search phases for prefix length
CN107896169B (en) ACL management method and device
CN107391758A (en) Database switching method, device and equipment
CN108259346B (en) Equivalent routing table item establishing method and device
CN109032533B (en) Data storage method, device and equipment
US11500851B2 (en) System and method for state object data store
CN106789859B (en) Message matching method and device
US7739445B1 (en) Circuit, apparatus, and method for extracting multiple matching entries from a content addressable memory (CAM) device
CN106487769B (en) Method and device for realizing Access Control List (ACL)
CN111245732A (en) Flow control method, device and equipment
CN110191135B (en) ACL configuration method, device and electronic equipment
CN111490972A (en) Table item management method, device and equipment and machine readable storage medium
CN110557335A (en) Ternary Content Addressable Memory (TCAM) table item processing method and device
CN107896194B (en) Route searching method, device and storage medium
CN114721594A (en) Distributed storage method, device, equipment and machine readable storage medium
CN107547378B (en) VPN route learning method and device
CN110837647A (en) Method and device for managing access control list
CN109413225B (en) MAC table item processing method and equipment
US8924640B2 (en) Dynamic allocation of records to clusters in a ternary content addressable memory
CN114035924A (en) Distributed speed limit queue implementation method and device
EP3299965B1 (en) Method and physical device for managing linked lists

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20200804