CN111935021A - Method and system for quickly matching network data packets - Google Patents

Method and system for quickly matching network data packets Download PDF

Info

Publication number
CN111935021A
CN111935021A CN202011028474.9A CN202011028474A CN111935021A CN 111935021 A CN111935021 A CN 111935021A CN 202011028474 A CN202011028474 A CN 202011028474A CN 111935021 A CN111935021 A CN 111935021A
Authority
CN
China
Prior art keywords
network connection
network
hash value
quintuple information
collision
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011028474.9A
Other languages
Chinese (zh)
Other versions
CN111935021B (en
Inventor
周侨
高玫涛
曾毅
薄一帆
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Aojie Intelligent Technology Shanghai Co ltd
Original Assignee
Aojie Intelligent Technology Shanghai Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Aojie Intelligent Technology Shanghai Co ltd filed Critical Aojie Intelligent Technology Shanghai Co ltd
Priority to CN202011028474.9A priority Critical patent/CN111935021B/en
Publication of CN111935021A publication Critical patent/CN111935021A/en
Application granted granted Critical
Publication of CN111935021B publication Critical patent/CN111935021B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • H04L45/741Routing in networks with a plurality of addressing schemes, e.g. with both IPv4 and IPv6
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • H04L45/742Route cache; Operation thereof
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • H04L45/745Address table lookup; Address filtering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application discloses a method for quickly matching network data packets. Step S10: tables one to six are set in the internal cache, and tables eleven to fourteen are set in the external memory. Step S20: the network packet is read and the quintuple is extracted. Step S30: a hash value is calculated. Step S40: and matching the calculated hash value with the hash value which is used as an index in the table I or the table II. Step S50: and judging whether the five-tuple recorded by the matched table entry in the table I or the table II exists in the table five or the table six. Step S60: the five tuples of the network data packet are compared with the five tuples read in table five or table six or table eleven or table twelve. Step S70: and judging whether the matched table entry in the table I or the table II has a collision table entry recorded in the table III or the table IV. The method and the device dynamically update the matching content in real time, select the matched network data packet for special processing, filter the unmatched network data packet and perform common processing.

Description

Method and system for quickly matching network data packets
Technical Field
The application relates to a network data packet processing method.
Background
Different network services of network devices usually have different special requirements such as priority, bandwidth, etc., and these special requirements are usually distinguished by quintuple information of different network connections. The quintuple information of the network connection refers to a source IP address, a destination IP address, a source port, a destination port and a protocol of the network connection. The receiving device needs to perform special processing on the data packets of these network services with special requirements, such as prioritization, accelerated processing by hardware and/or software, allocation of more bandwidth, etc.
Disclosure of Invention
The technical problem to be solved by the present application is to provide a method for quickly matching network data packets, which selects data packets belonging to some network connections from all network connections on a network device according to configuration to perform special processing, and performs general processing on data packets of other network connections.
In order to solve the above technical problem, the present application provides a method for quickly matching network data packets, which includes the following steps. Step S10: tables one to six are set in an internal cache of the network device, and tables eleven to fourteen are set in an external memory of the network device. In table one, each table entry takes a hash value of the five-tuple information of the IPv4 network connection as an index, and records whether the five-tuple information of the IPv4 network connection corresponding to the hash value exists in table five; whether present in table eleven; as present in table five, the position in table five; if there is a collision situation, the collision entry is the location in table three. In table two, each table entry takes the hash value of the five-tuple information of the IPv6 network connection as an index, and records whether the five-tuple information of the IPv6 network connection corresponding to the hash value exists in table six; whether or not present in table twelve; as present in table six, the position in table six; if there is a collision situation, the collision entry is the location in Table four. In table three, each table entry records whether quintuple information of a certain IPv4 network connection exists in table thirteen when the hash value collision situation exists; as present in table thirteen, positions in table thirteen; whether it is present in Table five; as present in table five, at the position in table five. In table four, each table entry records whether quintuple information of a certain IPv6 network connection exists in table fourteen when hash value collision exists; as present in table fourteen, the position in table fourteen; whether it is present in table six; as present in table six, at the position in table six. Table five is used to record five-tuple information for a plurality of IPv4 network connections. Table six is used to record five tuple information for a plurality of IPv6 network connections. The table eleven is used for recording five-tuple information of a plurality of IPv4 network connections and hash values of the five-tuple information; table five is a subset of table eleven. The table twelve is used for recording five-tuple information and hash values of a plurality of IPv6 network connections; table six is a subset of table twelve. Table thirteen is used to record the quintuple information of IPv4 network connection when there is a hash value collision scenario. Table fourteen is used to record quintuple information for IPv6 network connections when hash value collision situations exist. Step S20: and reading the network data packet and extracting quintuple information of the network connection corresponding to the network data packet. Step S30: and calculating the hash value of the quintuple information of the network connection corresponding to the network data packet. Step S40: and matching the calculated hash value of the quintuple information of the network connection corresponding to the network data packet with the hash value used as the index in the table I or the table II respectively according to different network connections of IPv4 or IPv 6. If a matching entry is found, the process proceeds to step S50. And if the matched table entry is not found, performing ordinary processing on the network data packet. Step S50: and judging whether the quintuple information of the network connection recorded by the matched table entry in the table I or the table II exists in the table five or the table six. If yes, finding the position of the five-tuple information of the corresponding network connection in the table five or the table six according to the matched table entry in the table one or the table two. If not, finding whether the corresponding quintuple information of the network connection exists in the table eleven or the table twelve according to the matched table entry in the table one or the table two; if so, finding the position of the corresponding network connection quintuple information in the table eleven or the table twelve according to the matched table entry in the table one or the table two; if not, the network data packet is processed normally. Step S60: and comparing the quintuple information of the network connection corresponding to the network data packet with the quintuple information of the network connection read in the table five or the table six or the table eleven or the table twelve. If the two are completely consistent, the network data packet is specially processed. If the two are not completely identical, the process proceeds to step S70. Step S70: and judging whether the matched table entry in the table I or the table II has a collision table entry recorded in the table III or the table IV. If so, finding a corresponding collision table entry in the third table or the fourth table according to the matched table entry in the first table or the second table, and finding the position of the quintuple information of the corresponding network connection in the thirteenth table or the fourteenth table according to each collision table entry found in the third table or the fourth table; comparing quintuple information of the network connection corresponding to the network data packet with quintuple information of the network connection corresponding to each collision table entry read in a thirteen table or a fourteen table; if any comparison is completely consistent, the network data packet is specially processed; and if all the comparisons are inconsistent, performing ordinary processing on the network data packet. If not, the network data packet is processed normally.
Furthermore, the table entries recorded in table one, table two, table eleven and table twelve are the maximum network connection number M1 supported by the network device to perform special processing; assuming that the hash value is stored in H-bit binary bits, M1 satisfies 2H–1<M1≤2H
Further, if the hash values generated by the five-tuple information of K different IPv4 network connections are the same, it is said that the hash values of the five-tuple information of the K IPv4 network connections collide; at this time, a certain table entry is recorded in table one, and the corresponding quintuple information of the IPv4 network connection is recorded in table five or table eleven; and recording the corresponding K-1 pieces of quintuple information of IPv4 network connection in a table thirteen. If the hash values generated by the five-tuple information of K different IPv6 network connections are the same, the hash values of the five-tuple information of the K IPv6 network connections are called to collide; at this time, a certain table entry is recorded in table two, and the corresponding quintuple information of an IPv6 network connection is recorded in table six or table twelve; and recording the corresponding K-1 pieces of quintuple information of IPv6 network connection in a table fourteen.
Further, the number of the table entries recorded in table three, table four, table thirteen and table fourteen is C; c satisfies C/2 < M1 x p ≦ C, assuming that the collision rate of the hash algorithm on the network connection quintuple information is p, p < 1.
Furthermore, the table entries in table five and table six are both M2, and M2 < M1.
Further, in step S60, if the quintuple information of the network connection corresponding to the network packet is completely consistent with the quintuple information of the network connection read in table five or table six or table eleven or table twelve, the following operations are performed while performing special processing on the network packet. If the corresponding network connection five-tuple information is not recorded in the table five or the table six but recorded in the table eleven or the table twelve according to the matched table entries in the table one or the table two, filling the corresponding network connection five-tuple information and the hash value thereof in the table eleven or the table twelve into the idle entries of the table five or the table six; if no free item exists in the table five or the table six, the least recently used LRU algorithm is adopted to delete the least recently used item, and then the five-tuple information of the corresponding network connection and the hash value thereof in the table eleven or the table twelve are filled into the free item of the table five or the table six.
Further, in step S10, tables seven to eight are also set in the external memory of the network device; the content recorded in the table I and the table VII are kept synchronous; the contents of table two are kept in synchronization with table eight. Synchronously updating table one or table two according to table seven or table eight includes the following steps. Step S81: if the network device detects that a new network connection exists, the hash value of the new network connection is not recorded in table seven or table eight, and the quintuple information of the new network connection is not recorded in table eleven or table twelve or table thirteen or table fourteen, the network device records the hash value and the related information of the new network connection in table seven or table eight, and also records the quintuple information of the network connection in table eleven or table twelve. Step S82: and the network equipment opens the hardware lock of the table I or the table II and synchronizes the updated content of the table seven or the table eight into the table I or the table II. Step S83: and after the synchronization is finished, the network equipment closes the hardware lock of the table I or the table II.
Further, if the network device detects that the network connection corresponding to a certain table entry originally recorded in the table one or the table two is disconnected, deleting the table entry corresponding to the hash value of the disconnected network connection from the table one or the table two; and if the quintuple information of the disconnected network connection is recorded in table five or table six, deleting the quintuple information of the disconnected network connection from table five or table six at the same time.
Further, in step S10, tables nine to ten are also set in the external memory of the network device. In the content recorded in table three, whether quintuple information of a certain IPv4 network connection exists in table thirteen when the hash value collision exists; as present in table thirteen, the two items in the position in table thirteen remain synchronized with table nine. In the contents recorded in table four, whether quintuple information of a certain IPv6 network connection exists in table fourteen when there is a hash value collision; as present in table fourteen, the contents of the two entries at the location in table fourteen remain synchronized with table ten. Synchronously updating table three or table four according to table nine or table ten comprises the following steps. Step S91: if the network device detects that a new network connection exists, the hash value of the new network connection is recorded in table seven or table eight and the corresponding hash value has a collision situation, and the quintuple information of the new network connection is not recorded in table eleven or table twelve or table thirteen or table fourteen, the network device records the hash value and the related information of the new network connection in table nine or table ten, and also records the quintuple information of the network connection in table thirteen or table fourteen. Step S92: and the network equipment opens the hardware lock of the table three or the table four and synchronizes the updated content of the table nine or the table ten into the table three or the table four. Step S93: and after the synchronization is finished, the network equipment closes the hardware lock of the third table or the fourth table.
Further, if the network device detects that the network connection corresponding to a certain table entry originally recorded in table three or table four is disconnected, the table entry corresponding to the hash value of the disconnected network connection is deleted from table three or table four; if the quintuple information of the disconnected network connection is recorded in table thirteen or table fourteen, the quintuple information of the disconnected network connection is simultaneously deleted from table thirteen or table fourteen.
The application also provides a system for rapidly matching the network data packet, which comprises a setting unit, an extraction unit, a calculation unit, a first matching unit, a second matching unit, a third matching unit, a collision detection unit, a special processing unit and a common processing unit. The setting unit is used for setting tables I to VI in an internal cache of the network equipment and setting tables eleven to fourteen in an external memory of the network equipment. In table one, each table entry takes a hash value of the five-tuple information of the IPv4 network connection as an index, and records whether the five-tuple information of the IPv4 network connection corresponding to the hash value exists in table five; whether present in table eleven; as present in table five, the position in table five; if there is a collision situation, the collision entry is the location in table three. In table two, each table entry takes the hash value of the five-tuple information of the IPv6 network connection as an index, and records whether the five-tuple information of the IPv6 network connection corresponding to the hash value exists in table six; whether or not present in table twelve; as present in table six, the position in table six; if there is a collision situation, the collision entry is the location in Table four. In table three, each table entry records whether quintuple information of a certain IPv4 network connection exists in table thirteen when the hash value collision situation exists; as present in table thirteen, positions in table thirteen; whether it is present in Table five; as present in table five, at the position in table five. In table four, each table entry records whether quintuple information of a certain IPv6 network connection exists in table fourteen when hash value collision exists; as present in table fourteen, the position in table fourteen; whether it is present in table six; as present in table six, at the position in table six. Table five is used to record five-tuple information for a plurality of IPv4 network connections. Table six is used to record five tuple information for a plurality of IPv6 network connections. The table eleven is used for recording five-tuple information of a plurality of IPv4 network connections and hash values of the five-tuple information; table five is a subset of table eleven. The table twelve is used for recording five-tuple information and hash values of a plurality of IPv6 network connections; table six is a subset of table twelve. Table thirteen is used to record the quintuple information of IPv4 network connection when there is a hash value collision scenario. Table fourteen is used to record quintuple information for IPv6 network connections when hash value collision situations exist. The extraction unit is used for reading the network data packet and extracting the quintuple information of the network connection corresponding to the network data packet. The computing unit is used for computing the hash value of the quintuple information of the network connection corresponding to the network data packet. And the matching unit is used for matching the calculated hash value of the quintuple information of the network connection corresponding to the network data packet with the hash value which is used as an index in the table I or the table II according to different IPv4 or IPv6 network connections. If the matched table entry is found, the matched table entry in the table I or the table II is handed over to the matching unit II for processing. If no matched list item is found, the network data packet is delivered to the common processing unit. And the matching unit is used for judging whether the quintuple information of the network connection recorded by the matched table entry in the table I or the table II exists in the table five or the table six. If yes, finding the position of the five-tuple information of the corresponding network connection in the table five or the table six according to the matched table entry in the table one or the table two. If not, finding whether the corresponding quintuple information of the network connection exists in the table eleven or the table twelve according to the matched table entry in the table one or the table two; if yes, finding the position of the corresponding network connection quintuple information in the table eleven or the table twelve according to the matched table entry in the table one or the table two; if not, the network data packet is delivered to the common processing unit. The matching unit is used for comparing the quintuple information of the network connection corresponding to the network data packet with the quintuple information of the network connection read in the table five or the table six or the table eleven or the table twelve. If the two are completely consistent, the network data packet is delivered to the special processing unit. And if the two are not completely consistent, the network data packet is processed by the collision detection unit. The collision detection unit is used for judging whether collision table entries exist in the table three or the table four in the table one or the table two matched with the hash value of the network connection quintuple information corresponding to the network data packet. If so, finding a corresponding collision table entry in the third table or the fourth table according to the matched table entry in the first table or the second table, and finding the position of the quintuple information of the corresponding network connection in the thirteenth table or the fourteenth table according to each collision table entry found in the third table or the fourth table; the collision detection unit compares quintuple information of the network connection corresponding to the network data packet with quintuple information of the network connection corresponding to each collision table entry read in a table thirteen or a table fourteen; if any one of the comparison is completely consistent, the network data packet is delivered to the special processing unit; if all the network data packets are inconsistent, the network data packets are delivered to the common processing unit. If not, the network data packet is delivered to the common processing unit. The special processing unit is used for carrying out special processing on the network data packet. The ordinary processing unit is used for carrying out conventional processing on the network data packet.
The technical effect that this application obtained is: and dynamically updating the matching content in real time through system control, selecting the matched network data packets, and filtering out unmatched network data packets. Network equipment needs to quickly and accurately match and filter network data packets, the network data packets with matching conditions are screened out for special processing, and the network data packets which do not meet the matching conditions are subjected to common processing; when the requirement or the environment changes, the network equipment can update the matched filtering content in real time and dynamically adjust.
Drawings
Fig. 1 is a flow chart of a method for fast matching network packets as proposed in the present application.
FIG. 2 is a flowchart of one implementation method of the present application for synchronously updating table one or table two in the internal cache according to table seven or table eight in the external memory.
FIG. 3 is a flowchart of one implementation method of the present application for synchronously updating table three or table four in the internal cache according to table nine or table ten in the external memory.
Fig. 4 is a schematic structural diagram of a system for fast matching network packets according to the present application.
The reference numbers in the figures illustrate: 10 is a setting unit, 20 is an extracting unit, 30 is a calculating unit, 40 is a matching unit I, 50 is a matching unit II, 60 is a matching unit III, 70 is a collision detecting unit, 80 is a special processing unit, and 90 is a common processing unit.
Detailed Description
Referring to fig. 1, the method for fast matching network packets provided in the present application includes the following steps.
Step S10: setting tables I to VI in an internal cache of the network equipment for hardware acceleration processing; and setting tables eleven to fourteen in an external memory of the network equipment for recording, updating and maintaining states of software.
The table is an IPv4 version in the quick lookup table, each table entry takes a Hash value (also called a Hash value) of the quintuple information connected by the IPv4 network as an index, and records whether the quintuple information connected by the IPv4 network corresponding to the Hash value exists in an IPv4 version (table five) in the quintuple table; recording whether the quintuple information of IPv4 network connection corresponding to the hash value exists in the external IPv4 version (table eleven) of the quintuple table; recording the position of the quintuple information of the IPv4 network connection corresponding to the hash value in the table five if the quintuple information exists in the table five; and recording the position of the collision table entry in IPv4 version (table III) inside the collision fast lookup table if the collision situation exists in the hash value. The number of entries recorded in table one is the maximum number of network connections M1 that the network device supports for special handling. Assuming that the hash value is stored in H-bit binary bits (bits), then M1 satisfies 2H–1<M1≤2H
Table two is IPv6 version in the fast lookup table, each table entry takes the hash value of the IPv6 network connection quintuple information as an index, and records whether the IPv6 network connection quintuple information corresponding to the hash value exists in IPv6 version (table six) in the quintuple table; recording whether the quintuple information of IPv6 network connection corresponding to the hash value exists in the external IPv6 version (Table twelve) of the quintuple table; recording the position of the quintuple information of the IPv6 network connection corresponding to the hash value in the table six if the quintuple information exists in the table six; and recording the position of the collision table entry in IPv6 version (table four) inside the collision fast lookup table if the collision situation exists in the hash value. The number of entries recorded in table two is M1. Assuming that the hash value is stored in H-bit binary bits, M1 satisfies 2H–1<M1≤2H
And the third table is an IPv4 version inside the collision fast lookup table and is used for recording IPv4 collision table entries when the hash value collision situation exists. Each IPv4 collision table entry records whether quintuple information of a certain IPv4 network connection exists in IPv4 (table thirteen) outside a collision quintuple table when the collision situation of the hash value exists; recording the position of a certain IPv4 network connection quintuple information in a thirteen table if the quintuple information exists in the thirteen table when the hash value collision condition exists; whether quintuple information of a certain IPv4 network connection exists in an IPv4 version (table five) in the quintuple table when the hash value collision situation exists is also recorded; and recording the position of the quintuple information of a certain IPv4 network connection in the presence of the hash value collision situation in the table five if the quintuple information exists in the table five. A certain hash value can be generated from the quintuple information of a certain IPv4 network connection. But, in turn, a certain hash value may correspond to five-tuple information for one or more IPv4 network connections. If the hash values generated by the five-tuple information of K different IPv4 network connections are the same, the hash values of the five-tuple information of the K IPv4 network connections are called collision. At this time, a certain table entry is recorded in the IPv4 version (table one) in the fast lookup table, and the corresponding quintuple information of an IPv4 network connection is recorded in the IPv4 version (table five) in the quintuple table or the IPv4 version (table eleven) outside the quintuple table; and recording the five-tuple information of the corresponding K-1 IPv4 network connection in IPv4 version (table thirteen) outside the collision five-tuple table. The number of the table entries recorded in table three is C. C satisfies C/2 < M1 multiplied by p ≦ C, assuming that the collision rate of the hash algorithm on the quintuple information of the IPv4 network connection is p, and p is less than 1.
And the fourth table is an IPv6 version inside the collision fast lookup table and is used for recording IPv6 collision table entries when the hash value collision situation exists. Each IPv6 collision table entry records whether quintuple information of a certain IPv6 network connection exists in an IPv6 version (table fourteen) outside a collision quintuple table when the hash value collision situation exists; recording the position of a certain IPv6 network connection quintuple information in the fourteen table if the quintuple information exists in the fourteen table in the case of hash value collision; whether quintuple information of a certain IPv6 network connection exists in an IPv6 version (table six) in the quintuple table when the hash value collision situation exists is also recorded; the position of a certain piece of IPv6 network connection's quintuple information, if present in Table six, when there is a hash value collision situation, is also recorded. A certain hash value can be generated from the quintuple information of a certain IPv6 network connection. But, in turn, a certain hash value may correspond to five-tuple information of one or more IPv6 network connections. If the hash values generated by the five-tuple information of K different IPv6 network connections are the same, the hash values of the five-tuple information of the K IPv6 network connections are called collision. At this time, a certain table entry is recorded in the IPv6 version (table two) inside the fast lookup table, and the corresponding quintuple information of an IPv6 network connection is recorded in the IPv6 version (table six) inside the quintuple table or the IPv6 version (table twelve) outside the quintuple table; and recording the five-tuple information of the corresponding K-1 IPv6 network connection in IPv6 version (table fourteen) outside the collision five-tuple table. The number of entries recorded in table four is C. C satisfies C/2 < M1 multiplied by p ≦ C, assuming that the collision rate of the hash algorithm on the quintuple information of the IPv6 network connection is p, and p is less than 1.
Table five is a quintuple table internal IPv4 version used to record quintuple information for a plurality of IPv4 network connections. The number of entries recorded in table five is M2. M2 < M1. Preferably, M2 < M1/10 in order to save internal cache resources of the network device.
Table six is the internal IPv6 version of the quintuple table, which is used to record the quintuple information of a plurality of IPv6 network connections. The number of entries recorded in table six is M2.
Table eleven is an external IPv4 version of the quintuple table, and is used to record the quintuple information and its hash value of a plurality of IPv4 network connections. The number of entries recorded in table eleven is M1. Table five is a subset of table eleven. Table five in the internal cache is configured according to table eleven in the external memory.
And the twelfth table is an external IPv6 version of the quintuple table and is used for recording the quintuple information and the hash value of a plurality of IPv6 network connections. The number of entries recorded in table twelve is M1. Table six is a subset of table twelve. Table six in the internal cache is configured according to table twelve in the external memory.
Table thirteen is the external IPv4 version of collision quintuple table, used to record quintuple information of IPv4 network connection when there is a hash collision situation. The number of entries recorded in table thirteen is C. If there are collision of hash values of five tuple information of K different IPv4 network connections, wherein the five tuple information of one IPv4 network connection is recorded in the IPv4 version (table five) inside the five tuple table or the IPv4 version (table eleven) outside the five tuple table, and the five tuple information of K-1 IPv4 network connection is recorded in the IPv4 version (table thirteen) outside the collision five tuple table.
Table fourteen is the external IPv6 version of collision quintuple table, which is used to record quintuple information of IPv6 network connection when there is hash collision. The number of entries recorded in table fourteen is C. If there are collision of hash values of five tuple information of K different IPv6 network connections, wherein the five tuple information of one IPv6 network connection is recorded in the IPv6 version (table six) inside the five tuple table or the IPv6 version (table twelve) outside the five tuple table, and the five tuple information of K-1 IPv6 network connection is recorded in the IPv6 version (table fourteen) outside the collision five tuple table.
Step S20: the network device reads the received network data packet from the external memory, extracts quintuple information of network connection corresponding to the network data packet, and distinguishes IPv4 or IPv6 network connection.
Step S30: and the network equipment calculates the hash value of the quintuple information of the network connection corresponding to the network data packet.
Step S40: and the network equipment matches the calculated hash value of the quintuple information of the network connection corresponding to the network data packet with the hash value which is used as an index in the IPv4 version (table one) in the quick query table or the IPv6 version (table two) in the quick query table respectively according to different IPv4 or IPv6 network connections.
If a matching entry is found, the process proceeds to step S50.
And if the matched table entry is not found, performing ordinary processing on the network data packet.
Step S50: the network device judges whether the quintuple information of the network connection recorded by the matched table entry in the table I or the table II exists in the internal IPv4 version (table five) of the quintuple table or the internal IPv6 version (table six) of the quintuple table.
If so, the network device finds the position of the quintuple information of the corresponding network connection in the IPv4 version (table five) inside the quintuple table or the IPv6 version (table six) inside the quintuple table according to the matched table entry in the table one or the table two.
If not, the network device finds whether the corresponding quintuple information of the network connection exists in the external IPv4 version of the quintuple table (table eleven) or the external IPv6 version of the quintuple table (table twelve) according to the matched table entry in the table I or the table II. If so, the network device finds the position of the corresponding quintuple information of the network connection in the external IPv4 version (table eleven) of the quintuple table or the external IPv6 version (table twelve) of the quintuple table according to the matched table entry in the table I or the table II. If not, the network data packet is processed normally.
Step S60: the network device compares the quintuple information of the network connection corresponding to the network data packet with the quintuple information of the network connection read in table five or table six or table eleven or table twelve.
If the two are identical, special processing is performed on the network packet, such as prioritization, accelerated processing by hardware and/or software, allocation of more bandwidth, and so forth. And if the network equipment finds out that the corresponding quintuple information of the network connection is not recorded in the internal IPv4 version (table five) of the quintuple table or the internal IPv6 version (table six) of the quintuple table or the external IPv4 version (table eleven) of the quintuple table or the external IPv6 version (table twelve) of the quintuple table according to the matched table entries in the table one or the table two, filling the quintuple information of the network connection matched with the hash value in the table eleven or the table twelve and the hash value thereof into the idle entry of the table five or the table six. If no free item exists in the table five or the table six, an LRU (Least recently used) algorithm is adopted to delete the Least recently used item, and then the five-tuple information of the network connection matched with the hash value in the table eleven or the table twelve and the hash value thereof are filled into the free item in the table five or the table six.
If the two are not completely identical, the process proceeds to step S70.
Step S70: and the network equipment carries out collision detection processing on the network data packet. The collision detection processing is: the network equipment judges whether the matched table entry in the table I or the table II has a collision table entry recorded in the IPv4 version (table III) inside the collision fast query table or the IPv6 version (table IV) inside the collision fast query table.
If so, the network device finds the corresponding collision table entry in IPv4 version (table three) inside the collision fast query table or IPv6 version (table four) inside the collision fast query table according to the matched table entry in the table one or the table two, and finds the position of the corresponding quintuple information of the network connection in IPv4 version (table thirteen) outside the collision quintuple table or IPv6 version (table fourteen) outside the collision quintuple table according to each collision table entry found in the table three or the table four. The network device compares the quintuple information of the network connection corresponding to the network data packet with the quintuple information of the network connection corresponding to each collision table entry read in the thirteen or fourteen table. If the quintuple information of the network connection corresponding to the network data packet is completely consistent with the quintuple information of the network connection corresponding to any collision table entry, the network data packet is subjected to special processing, such as priority processing, accelerated processing by hardware and/or software, more bandwidth allocation and the like. And if all the network data packets are inconsistent, performing ordinary processing on the network data packets.
If not, the network data packet is processed normally.
As a preferred example, M1 takes a value of 4096, H takes a value of 12, M2 takes a value of 64, C takes a value of 256, and each entry in table one and table two has a length of 16 bits.
Further, tables seven to eight are also set in the external memory of the network device.
Table seven is the fast lookup table external IPv4 version, and the contents recorded in table one are in principle identical to those in table seven. The method synchronously updates the table one in the internal cache according to the table seven in the external memory.
Table eight is the fast lookup table external IPv6 version, and the contents described in table two are in principle identical to table eight. According to the method, the second table in the internal cache is synchronously updated according to the eighth table in the external memory.
Referring to fig. 2, this is an implementation method for synchronously updating table one or table two in the internal cache according to table seven or table eight in the external memory, and includes the following steps.
Step S81: if the network device detects that a new network connection exists, the hash value of the new network connection is not recorded in the external IPv4 version (table seven) of the fast lookup table or the external IPv6 version (table eight) of the fast lookup table, and the quintuple information of the new network connection is not recorded in the external IPv4 version (table eleven) of the quintuple table or the external IPv6 version (table twelve) of the quintuple table or the external IPv4 version (table thirteen) of the collision quintuple table or the external IPv6 version (table fourteen) of the collision quintuple table, the network device records the relevant information of the new network connection, such as the hash value of the new network connection, in the table seven or the table eight, and also records the quintuple information of the network connection in the table eleven or the table twelve.
Step S82: and the network equipment opens a hardware lock of the internal IPv4 version (table one) of the quick lookup table or the internal IPv6 version (table two) of the quick lookup table and synchronizes the updated contents of the table seven or the table eight into the table one or the table two. Because the hardware lock is unlocked, table one or table two cannot be used by other hardware logic in the process.
Step S83: after the synchronization is finished, the network equipment closes the hardware lock of the table I or the table II, and allows other hardware logics to use.
In addition, if the network device detects that the network connection corresponding to a certain entry originally described in the table one or the table two is disconnected, the entry corresponding to the hash value of the disconnected network connection is deleted from the table one or the table two. If the quintuple information of the disconnected network connection is recorded in the internal IPv4 version of the quintuple table (table five) or the internal IPv6 version of the quintuple table (table six), the quintuple information of the disconnected network connection is simultaneously deleted from the table five or the table six.
Further, tables nine to ten are also set in the external memory of the network device.
Table nine is the external IPv4 version of the collision fast lookup table, and the following two items of contents described in table three are completely the same as table nine in principle. The content one is as follows: whether quintuple information of a certain IPv4 network connection exists in the external IPv4 version (table thirteen) of the collision quintuple table when the hash value collision situation exists. And II, content II: the five tuple information of a certain IPv4 network connection when there is a hash collision situation is in the position in table thirteen, if it exists in table thirteen. The method synchronously updates the related content of the third table in the internal cache according to the ninth table in the external memory.
Table ten is the external IPv6 version of the collision fast lookup table, and the following two items of contents described in table four are completely the same as table ten in principle. The content one is as follows: whether quintuple information of a certain IPv6 network connection exists in the external IPv6 version (table fourteen) of the collision quintuple table when the hash value collision situation exists. And II, content II: the quintuple information of a certain IPv6 network connection when there is a hash collision is located in table fourteen if it exists in table fourteen. The method synchronously updates the related content of the table four in the internal cache according to the table ten in the external memory.
Referring to fig. 3, this is an implementation method for synchronously updating the related contents in table three or table four in the internal cache according to table nine or table ten in the external memory, and includes the following steps.
Step S91: if the network device detects that a new network connection exists, the hash value of the new network connection records that the corresponding hash value has a collision situation in the external IPv4 version (table seven) of the fast lookup table or the external IPv6 version (table eight) of the fast lookup table, and the quintuple information of the new network connection is not recorded in the external IPv4 version (table eleven) of the quintuple table or the external IPv6 version (table twelve) of the quintuple table or the external IPv4 version (table thirteen) of the collision quintuple table or the external IPv6 version (table fourteen) of the collision quintuple table, the network device records the relevant information of the hash value and the like of the new network connection in the external IPv4 version (table nine) of the collision fast lookup table or the external IPv6 version (table ten) of the collision fast lookup table, and also records the quintuple information of the network connection in table thirteen or table fourteen.
Step S92: and the network equipment opens a hardware lock of IPv4 version (table three) inside the collision fast query table or IPv6 version (table four) inside the collision fast query table, and synchronizes the updated contents of table nine or table ten into table three or table four. Table three or table four cannot be used by other hardware logic in this process because the hardware lock is open.
Step S93: after the synchronization is finished, the network equipment closes the hardware lock of the table three or the table four, and allows other hardware logics to use.
If the network device detects that the network connection corresponding to one of the entries originally described in table three or table four is disconnected, the entry corresponding to the hash value of the disconnected network connection is deleted from table three or table four. If quintuple information of the disconnected network connection is recorded in the external IPv4 version (table thirteen) of the collision quintuple table or the external IPv6 version (table fourteen) of the collision quintuple table, the quintuple information of the disconnected network connection is simultaneously deleted from the table thirteen or fourteen.
Referring to fig. 4, the system for fast matching network packets provided by the present application includes a setting unit 10, an extracting unit 20, a calculating unit 30, a first matching unit 40, a second matching unit 50, a third matching unit 60, a collision detecting unit 70, a special processing unit 80, and a general processing unit 90.
A setting unit 10, configured to set tables one to six in an internal cache of a network device, for hardware acceleration processing; and setting tables eleven to fourteen in an external memory of the network equipment for recording, updating and maintaining states of software.
The extracting unit 20 is configured to read the received network packet from the external memory of the network device, and extract quintuple information of a network connection corresponding to the network packet to distinguish an IPv4 or IPv6 network connection.
The calculating unit 30 is configured to calculate a hash value of five tuple information of the network connection corresponding to the network packet.
And the matching unit I40 is used for matching the calculated hash value of the quintuple information of the network connection corresponding to the network data packet with the hash value which is used as an index in the IPv4 version (table I) in the quick query table or the IPv6 version (table II) in the quick query table respectively according to different IPv4 or IPv6 network connections.
If a matching entry is found, the matching entry in table one or table two is handed over to matching unit two 50 for processing.
If no matching entry is found, the network packet is delivered to the normal processing unit 90.
And the second matching unit 50 is used for judging whether the quintuple information of the network connection recorded by the matched table entry in the first table or the second table exists in the internal IPv4 version (table five) of the quintuple table or the internal IPv6 version (table six) of the quintuple table.
If yes, finding the position of the quintuple information of the corresponding network connection in the IPv4 version (table five) inside the quintuple table or the IPv6 version (table six) inside the quintuple table according to the matched table entry in the table one or the table two.
If not, according to the matched table entries in the table one or the table two, finding out whether the corresponding quintuple information of the network connection exists in the external IPv4 version of the quintuple table (table eleven) or the external IPv6 version of the quintuple table (table twelve). If yes, finding the position of the corresponding quintuple information of the network connection in the IPv4 version outside the quintuple table (table eleven) or the IPv6 version outside the quintuple table (table twelve) according to the matched table entry in the table I or the table II. If not, the network packet is delivered to the general processing unit 90.
And the matching unit three 60 is used for comparing the quintuple information of the network connection corresponding to the network data packet with the quintuple information of the network connection read in the table five or the table six or the table eleven or the table twelve.
If the two are identical, the network packet is delivered to the special processing unit 80. And if the quintuple information of the corresponding network connection is found according to the matched table entries in the table I or the table II and is not recorded in the internal IPv4 version (table five) of the quintuple table or the internal IPv6 version (table six) of the quintuple table or the external IPv4 version (table eleven) of the quintuple table or the external IPv6 version (table twelve) of the quintuple table, filling the quintuple information of the network connection with the matched hash value in the table eleven or the table twelve and the hash value thereof into the idle entry of the table five or the table six. If no free item exists in the table five or the table six, the least recently used item is deleted by adopting an LRU algorithm, and then the five-tuple information of the network connection matched with the hash value in the table eleven or the table twelve and the hash value thereof are filled in the free item of the table five or the table six.
If the two are not identical, the network packet is processed by the collision detection unit 70.
And a collision detection unit 70 for performing collision detection processing on the network data packet. The collision detection processing is: and judging whether collision table entries exist in the table I or the table II matched with the hash values of the network connection quintuple information corresponding to the network data packet or not, wherein the collision table entries are recorded in an IPv4 version (table III) inside the collision fast query table or an IPv6 version (table IV) inside the collision fast query table.
If so, according to the matched table entries in the table one or the table two, finding the corresponding collision table entries in the IPv4 version (table three) inside the collision fast query table or the IPv6 version (table four) inside the collision fast query table, and finding the positions of the corresponding quintuple information of the network connection in the IPv4 version (table thirteen) outside the collision quintuple table or the IPv6 version (table fourteen) outside the collision quintuple table according to each collision table entry found in the table three or the table four. The collision detection unit 70 compares the quintuple information of the network connection corresponding to the network packet with the quintuple information of the network connection corresponding to each collision entry read in table thirteen or table fourteen. If the quintuple information of the network connection corresponding to the network packet is completely consistent with the quintuple information of the network connection corresponding to any collision table entry, the network packet is handed over to the special processing unit 80. If all disagreements, the network packet is delivered to the general processing unit 90.
If not, the network packet is delivered to the normal processing unit 90.
A special processing unit 80 for performing special processing on the network data packet, such as prioritization, accelerated processing by hardware and/or software, allocation of more bandwidth, and the like.
And a general processing unit 90 for performing conventional processing on the network data packet. The treatment modes except the special treatment are conventional treatment.
The method and the system for rapidly matching the network data packet have the following beneficial effects. Firstly, the matching is automatically completed by the hardware of the network equipment, so that the processing resource of the cpu is saved. Secondly, the values of M1, C, M2 and H, as well as system hardware parameters such as a hash algorithm and an LRY algorithm can be configured, and the method is flexible to implement according to requirements. Thirdly, synchronously updating the table one or the table two in the internal cache according to the table seven or the table eight in the external memory, and synchronously updating the table three or the table four in the internal cache according to the table nine or the table ten in the external memory, so that the matching content can be dynamically configured to determine which network connection is specially processed, and the control is flexible. Fourthly, tables I to VI are arranged in the internal cache of the network equipment, so that quick and accurate matching is realized, and the delay is small. Fifthly, the internal cache and the external memory of the network equipment have an interactive synchronous design, so that internal cache resources are saved. Sixthly, the hash value is used as indexes of the first table and the second table, so that the matching speed is increased; the hash collision scenario is considered, increasing the accuracy of the match.
The above are merely preferred embodiments of the present application and are not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.

Claims (11)

1. A method for fast matching network data packets is characterized by comprising the following steps;
step S10: setting tables I to VI in an internal cache of the network equipment, and setting tables eleven to fourteen in an external memory of the network equipment;
in table one, each table entry takes a hash value of the five-tuple information of the IPv4 network connection as an index, and records whether the five-tuple information of the IPv4 network connection corresponding to the hash value exists in table five; whether present in table eleven; as present in table five, the position in table five; if the collision situation exists, the position of the collision table entry in the table III is determined;
in table two, each table entry takes the hash value of the five-tuple information of the IPv6 network connection as an index, and records whether the five-tuple information of the IPv6 network connection corresponding to the hash value exists in table six; whether or not present in table twelve; as present in table six, the position in table six; if there is a collision situation, the position of the collision table entry in table four;
in table three, each table entry records whether quintuple information of a certain IPv4 network connection exists in table thirteen when the hash value collision situation exists; as present in table thirteen, positions in table thirteen; whether it is present in Table five; as present in table five, the position in table five;
in table four, each table entry records whether quintuple information of a certain IPv6 network connection exists in table fourteen when hash value collision exists; as present in table fourteen, the position in table fourteen; whether it is present in table six; as present in table six, the position in table six;
table five is used to record five-tuple information of a plurality of IPv4 network connections;
table six is used to record five-tuple information of a plurality of IPv6 network connections;
the table eleven is used for recording five-tuple information of a plurality of IPv4 network connections and hash values of the five-tuple information; table five is a subset of table eleven;
the table twelve is used for recording five-tuple information and hash values of a plurality of IPv6 network connections; table six is a subset of table twelve;
table thirteen is used to record the quintuple information of IPv4 network connection when there is a hash value collision situation;
the table fourteen is used for recording quintuple information of IPv6 network connection when the hash value collision condition exists;
step S20: reading a network data packet and extracting quintuple information of network connection corresponding to the network data packet;
step S30: calculating a hash value of quintuple information of network connection corresponding to the network data packet;
step S40: matching the calculated hash value of the quintuple information of the network connection corresponding to the network data packet with the hash value serving as an index in the table I or the table II respectively according to different IPv4 or IPv6 network connections;
if a matching entry is found, go to step S50;
if the matched table entry is not found, the network data packet is processed normally;
step S50: judging whether the quintuple information of the network connection recorded by the matched table entry in the table I or the table II exists in the table five or the table six;
if so, finding the position of the corresponding network connection quintuple information in the table five or the table six according to the matched table entry in the table one or the table two;
if not, finding whether the corresponding quintuple information of the network connection exists in the table eleven or the table twelve according to the matched table entry in the table one or the table two; if so, finding the position of the corresponding network connection quintuple information in the table eleven or the table twelve according to the matched table entry in the table one or the table two; if not, the network data packet is processed normally;
step S60: comparing quintuple information of the network connection corresponding to the network data packet with quintuple information of the network connection read in table five or table six or table eleven or table twelve;
if the two are completely consistent, the network data packet is specially processed;
if the two are not completely consistent, go to step S70;
step S70: judging whether the matched table entries in the table I or the table II have collision table entries recorded in a table III or a table IV;
if so, finding a corresponding collision table entry in the third table or the fourth table according to the matched table entry in the first table or the second table, and finding the position of the quintuple information of the corresponding network connection in the thirteenth table or the fourteenth table according to each collision table entry found in the third table or the fourth table; comparing quintuple information of the network connection corresponding to the network data packet with quintuple information of the network connection corresponding to each collision table entry read in a thirteen table or a fourteen table; if any comparison is completely consistent, the network data packet is specially processed; if all the comparisons are inconsistent, the network data packet is processed normally;
if not, the network data packet is processed normally.
2. The method for rapidly matching network packets according to claim 1, wherein the numbers of entries recorded in table one, table two, table eleven and table twelve are the maximum number of network connections M1 supported by the network device for special processing; assuming that the hash value is stored in H-bit binary bits, M1 satisfies 2H–1<M1≤2H
3. The method of claim 1, wherein if there are K different IPv4 network connection quintuple information generating the same hash value, the K IPv4 network connection quintuple information hash values are said to collide; at this time, a certain table entry is recorded in table one, and the corresponding quintuple information of the IPv4 network connection is recorded in table five or table eleven; when the hash value collision exists, other K-1 entries are called collision entries and are recorded in a table III, and the corresponding K-1 quintuple information connected with the IPv4 network is recorded in a table thirteen;
if the hash values generated by the five-tuple information of K different IPv6 network connections are the same, the hash values of the five-tuple information of the K IPv6 network connections are called to collide; at this time, a certain table entry is recorded in table two, and the corresponding quintuple information of an IPv6 network connection is recorded in table six or table twelve; and recording the corresponding K-1 pieces of quintuple information of IPv6 network connection in a table fourteen.
4. The method of claim 2, wherein the number of entries recorded in table three, table four, table thirteen, and table fourteen is C; c satisfies C/2 < M1 x p ≦ C, assuming that the collision rate of the hash algorithm on the network connection quintuple information is p, p < 1.
5. The method of claim 2, wherein the numbers of entries in table five and table six are M2, M2 < M1.
6. The method of claim 1, wherein in step S60, if the quintuple information of the network connection corresponding to the network packet is completely identical to the quintuple information of the network connection read in table five or table six or table eleven or table twelve, the network packet is specially processed and the following operations are performed;
if the corresponding network connection five-tuple information is not recorded in the table five or the table six but recorded in the table eleven or the table twelve according to the matched table entries in the table one or the table two, filling the corresponding network connection five-tuple information and the hash value thereof in the table eleven or the table twelve into the idle entries of the table five or the table six; if no free item exists in the table five or the table six, the least recently used LRU algorithm is adopted to delete the least recently used item, and then the five-tuple information of the corresponding network connection and the hash value thereof in the table eleven or the table twelve are filled into the free item of the table five or the table six.
7. The method for fast matching network packets according to claim 1, wherein in step S10, tables seven to eight are further provided in the external memory of the network device; the content recorded in the table I and the table VII are kept synchronous; the contents recorded in table two and table eight are kept synchronous;
synchronously updating table one or table two according to table seven or table eight comprises the following steps;
step S81: if the network device detects that a new network connection exists, the hash value of the new network connection is not recorded in table seven or table eight, and the quintuple information of the new network connection is not recorded in table eleven or table twelve or table thirteen or table fourteen, the network device records the hash value and the related information of the new network connection in table seven or table eight, and also records the quintuple information of the network connection in table eleven or table twelve;
step S82: the network equipment opens a hardware lock of the table I or the table II and synchronizes the updated content of the table seven or the table eight into the table I or the table II;
step S83: and after the synchronization is finished, the network equipment closes the hardware lock of the table I or the table II.
8. The method according to claim 7, wherein if the network device detects that the network connection corresponding to an entry originally written in the table one or the table two is disconnected, the entry corresponding to the hash value of the disconnected network connection is deleted from the table one or the table two; and if the quintuple information of the disconnected network connection is recorded in table five or table six, deleting the quintuple information of the disconnected network connection from table five or table six at the same time.
9. The method for fast matching network packets according to claim 1, wherein in step S10, tables nine to ten are further set in the external memory of the network device;
in the content recorded in table three, whether quintuple information of a certain IPv4 network connection exists in table thirteen when the hash value collision exists; as present in table thirteen, the two items in the position in table thirteen remain synchronized with table nine;
in the contents recorded in table four, whether quintuple information of a certain IPv6 network connection exists in table fourteen when there is a hash value collision; as present in table fourteen, the contents of the two entries at the location in table fourteen remain synchronized with table ten;
synchronously updating table three or table four according to table nine or table ten comprises the following steps;
step S91: if the network device detects that a new network connection exists, the hash value of the new network connection records that the corresponding hash value exists in table seven or table eight, and the quintuple information of the new network connection is not recorded in table eleven or table twelve or table thirteen or table fourteen, the network device records the hash value and the related information of the new network connection in table nine or table ten, and also records the quintuple information of the network connection in table thirteen or table fourteen;
step S92: the network equipment opens a hardware lock of the third table or the fourth table and synchronizes the updated content of the ninth table or the tenth table to the third table or the fourth table;
step S93: and after the synchronization is finished, the network equipment closes the hardware lock of the third table or the fourth table.
10. The method according to claim 9, wherein if the network device detects that the network connection corresponding to a table entry originally recorded in table three or table four is disconnected, the table entry corresponding to the hash value of the disconnected network connection is deleted from table three or table four; if the quintuple information of the disconnected network connection is recorded in table thirteen or table fourteen, the quintuple information of the disconnected network connection is simultaneously deleted from table thirteen or table fourteen.
11. A system for quickly matching network data packets is characterized by comprising a setting unit, an extraction unit, a calculation unit, a first matching unit, a second matching unit, a third matching unit, a collision detection unit, a special processing unit and a common processing unit;
the setting unit is used for setting tables I to VI in an internal cache of the network equipment and setting tables eleven to fourteen in an external memory of the network equipment;
in table one, each table entry takes a hash value of the five-tuple information of the IPv4 network connection as an index, and records whether the five-tuple information of the IPv4 network connection corresponding to the hash value exists in table five; whether present in table eleven; as present in table five, the position in table five; if the collision situation exists, the position of the collision table entry in the table III is determined;
in table two, each table entry takes the hash value of the five-tuple information of the IPv6 network connection as an index, and records whether the five-tuple information of the IPv6 network connection corresponding to the hash value exists in table six; whether or not present in table twelve; as present in table six, the position in table six; if there is a collision situation, the position of the collision table entry in table four;
in table three, each table entry records whether quintuple information of a certain IPv4 network connection exists in table thirteen when the hash value collision situation exists; as present in table thirteen, positions in table thirteen; whether it is present in Table five; as present in table five, the position in table five;
in table four, each table entry records whether quintuple information of a certain IPv6 network connection exists in table fourteen when hash value collision exists; as present in table fourteen, the position in table fourteen; whether it is present in table six; as present in table six, the position in table six;
table five is used to record five-tuple information of a plurality of IPv4 network connections;
table six is used to record five-tuple information of a plurality of IPv6 network connections;
the table eleven is used for recording five-tuple information of a plurality of IPv4 network connections and hash values of the five-tuple information; table five is a subset of table eleven;
the table twelve is used for recording five-tuple information and hash values of a plurality of IPv6 network connections; table six is a subset of table twelve;
table thirteen is used to record the quintuple information of IPv4 network connection when there is a hash value collision situation;
the table fourteen is used for recording quintuple information of IPv6 network connection when the hash value collision condition exists;
the extraction unit is used for reading the network data packet and extracting the quintuple information of the network connection corresponding to the network data packet;
the computing unit is used for computing a hash value of quintuple information of network connection corresponding to the network data packet;
the matching unit is used for matching the calculated hash value of the quintuple information of the network connection corresponding to the network data packet with the hash value which is used as an index in the table I or the table II according to different IPv4 or IPv6 network connections;
if the matched table entry is found, the matched table entry in the table I or the table II is handed to the matching unit II for processing;
if no matched table item is found, the network data packet is delivered to a common processing unit;
the matching unit is used for judging whether the quintuple information of the network connection recorded by the matched table entry in the table I or the table II exists in the table five or the table six;
if so, finding the position of the corresponding network connection quintuple information in the table five or the table six according to the matched table entry in the table one or the table two;
if not, finding whether the corresponding quintuple information of the network connection exists in the table eleven or the table twelve according to the matched table entry in the table one or the table two; if yes, finding the position of the corresponding network connection quintuple information in the table eleven or the table twelve according to the matched table entry in the table one or the table two; if not, the network data packet is delivered to the common processing unit;
the matching unit is used for comparing quintuple information of network connection corresponding to the network data packet with quintuple information of network connection read in table five or table six or table eleven or table twelve;
if the two are completely consistent, the network data packet is delivered to a special processing unit;
if the two are not completely consistent, the network data packet is processed by a collision detection unit;
the collision detection unit is used for judging whether collision table entries exist in the table I or the table II in the table matched with the hash value of the network connection quintuple information corresponding to the network data packet or not;
if so, finding a corresponding collision table entry in the third table or the fourth table according to the matched table entry in the first table or the second table, and finding the position of the quintuple information of the corresponding network connection in the thirteenth table or the fourteenth table according to each collision table entry found in the third table or the fourth table; the collision detection unit compares quintuple information of the network connection corresponding to the network data packet with quintuple information of the network connection corresponding to each collision table entry read in a table thirteen or a table fourteen; if any one of the comparison is completely consistent, the network data packet is delivered to the special processing unit; if all the network data packets are inconsistent, the network data packets are delivered to a common processing unit;
if not, the network data packet is delivered to the common processing unit;
the special processing unit is used for carrying out special processing on the network data packet;
the ordinary processing unit is used for carrying out conventional processing on the network data packet.
CN202011028474.9A 2020-09-27 2020-09-27 Method and system for quickly matching network data packets Active CN111935021B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011028474.9A CN111935021B (en) 2020-09-27 2020-09-27 Method and system for quickly matching network data packets

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011028474.9A CN111935021B (en) 2020-09-27 2020-09-27 Method and system for quickly matching network data packets

Publications (2)

Publication Number Publication Date
CN111935021A true CN111935021A (en) 2020-11-13
CN111935021B CN111935021B (en) 2020-12-25

Family

ID=73333618

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011028474.9A Active CN111935021B (en) 2020-09-27 2020-09-27 Method and system for quickly matching network data packets

Country Status (1)

Country Link
CN (1) CN111935021B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022193929A1 (en) * 2021-03-19 2022-09-22 翱捷科技股份有限公司 Network device, and method for sharing sending and receiving caches thereof

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070280258A1 (en) * 2006-06-05 2007-12-06 Balaji Rajagopalan Method and apparatus for performing link aggregation
CN101827137A (en) * 2010-04-13 2010-09-08 西安邮电学院 Hash table-based and extended memory-based high-performance IPv6 address searching method
CN105357128A (en) * 2015-10-30 2016-02-24 迈普通信技术股份有限公司 Stream table creating and querying method
CN105827530A (en) * 2016-03-11 2016-08-03 中国互联网络信息中心 IP binary searching method and apparatus with compatibility with IPV4/IPV6
WO2017041737A1 (en) * 2015-09-11 2017-03-16 杭州华三通信技术有限公司 Packet processing
CN107197461A (en) * 2017-06-09 2017-09-22 上海寰创通信科技股份有限公司 A kind of ipv6 message redirecting methods based on linux system
CN108848034A (en) * 2018-07-17 2018-11-20 新华三技术有限公司 A kind of network equipment and list item learning method
CN111245726A (en) * 2019-12-27 2020-06-05 国家计算机网络与信息安全管理中心 Method for realizing efficient matching of IP network segments

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070280258A1 (en) * 2006-06-05 2007-12-06 Balaji Rajagopalan Method and apparatus for performing link aggregation
CN101827137A (en) * 2010-04-13 2010-09-08 西安邮电学院 Hash table-based and extended memory-based high-performance IPv6 address searching method
WO2017041737A1 (en) * 2015-09-11 2017-03-16 杭州华三通信技术有限公司 Packet processing
CN105357128A (en) * 2015-10-30 2016-02-24 迈普通信技术股份有限公司 Stream table creating and querying method
CN105827530A (en) * 2016-03-11 2016-08-03 中国互联网络信息中心 IP binary searching method and apparatus with compatibility with IPV4/IPV6
CN107197461A (en) * 2017-06-09 2017-09-22 上海寰创通信科技股份有限公司 A kind of ipv6 message redirecting methods based on linux system
CN108848034A (en) * 2018-07-17 2018-11-20 新华三技术有限公司 A kind of network equipment and list item learning method
CN111245726A (en) * 2019-12-27 2020-06-05 国家计算机网络与信息安全管理中心 Method for realizing efficient matching of IP network segments

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
KAMALDEEP等: "Implementation of single-packet hybrid IP traceback for IPv4 and IPv6 networks", 《IET INFORMATION SECURITY》 *
吉萌: "高性能业务路由器系统软件研究", 《万方学位论文库》 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022193929A1 (en) * 2021-03-19 2022-09-22 翱捷科技股份有限公司 Network device, and method for sharing sending and receiving caches thereof

Also Published As

Publication number Publication date
CN111935021B (en) 2020-12-25

Similar Documents

Publication Publication Date Title
CN109921996B (en) High-performance OpenFlow virtual flow table searching method
US9871728B2 (en) Exact match hash lookup databases in network switch devices
CN111226205B (en) KVS tree database
US6768739B1 (en) Router with a cache having a high hit probability
US6842791B2 (en) Method and apparatus for memory efficient fast VLAN lookups and inserts in hardware-based packet switches
US8542686B2 (en) Ethernet forwarding database method
US20070168377A1 (en) Method and apparatus for classifying Internet Protocol data packets
JP2003510963A (en) Method and apparatus for a four-way hash table
US20010028651A1 (en) Cache table management device for router and program recording medium thereof
US20070171911A1 (en) Routing system and method for managing rule entry thereof
US7861291B2 (en) System and method for implementing ACLs using standard LPM engine
EP1156432A2 (en) Apparatus, method, data structure and recording medium for data retrieval by accessing retrieval tables
CN103873371A (en) Name routing fast matching search method and device
KR20200097050A (en) Method for managing index
CN111935021B (en) Method and system for quickly matching network data packets
US20200349165A1 (en) Computer program for processing a pivot query
CN104702508B (en) List item dynamic updating method and system
CN109522242A (en) A kind of method and apparatus for searching for Cache data
CN115334013B (en) Flow statistics method, network card and electronic equipment
CN111541617A (en) Data flow table processing method and device for high-speed large-scale concurrent data flow
CN113810298B (en) OpenFlow virtual flow table elastic acceleration searching method supporting network flow jitter
CN111865804B (en) Method and system for improving route issuing efficiency through hardware packet issuing mechanism
CN114840498A (en) Method and device for realizing memory key value data management based on Java technology
JP2009017439A (en) Packet transfer device and method
CN112269784A (en) Hash table structure based on hardware realization and inserting, inquiring and deleting method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant