CN112019446A - Interface speed limiting method, device, equipment and readable storage medium - Google Patents
Interface speed limiting method, device, equipment and readable storage medium Download PDFInfo
- Publication number
- CN112019446A CN112019446A CN202010887294.XA CN202010887294A CN112019446A CN 112019446 A CN112019446 A CN 112019446A CN 202010887294 A CN202010887294 A CN 202010887294A CN 112019446 A CN112019446 A CN 112019446A
- Authority
- CN
- China
- Prior art keywords
- interface
- rule
- speed limiting
- dpi
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 51
- 238000001514 detection method Methods 0.000 claims abstract description 37
- 238000012545 processing Methods 0.000 claims abstract description 26
- 238000004590 computer program Methods 0.000 claims description 10
- 238000000605 extraction Methods 0.000 claims description 5
- 238000004891 communication Methods 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 7
- 230000005540 biological transmission Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 238000007689 inspection Methods 0.000 description 4
- 230000005236 sound signal Effects 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000002457 bidirectional effect Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/25—Flow control; Congestion control with rate being modified by the source upon detecting a change of network conditions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/32—Flow control; Congestion control by discarding or delaying data units, e.g. packets or frames
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/70—Admission control; Resource allocation
- H04L47/80—Actions related to the user profile or the type of traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application discloses an interface speed limiting method, an interface speed limiting device, interface speed limiting equipment and a computer readable storage medium, wherein the method comprises the following steps: if the data traffic is detected from the data interface, extracting speed limit information corresponding to the data traffic; matching and detecting the speed limit information and the DPI rule corresponding to the data interface; if the target DPI rule passing the matching detection exists, carrying out speed limiting processing on the data flow according to the target bandwidth corresponding to the target DPI rule; the method sets DPI rules for the data interface and sets different bandwidth constraints for different data flows, so that different data flows passing through the same data interface can be subjected to different speed limiting processing, a complex network application scene can be adapted, the flexibility degree of interface speed limiting is improved, and the requirement of complex services is met.
Description
Technical Field
The present application relates to the field of cloud platform technologies, and in particular, to an interface speed limiting method, an interface speed limiting device, and a computer-readable storage medium.
Background
The cloud computing platform is also called a cloud platform, and is a service based on hardware resources and software resources, and provides computing, network and storage capabilities. In recent years, cloud computing is continuously developed, Openstack is used as an open source cloud computing management platform, along with the rapid development of the internet, the complexity of various network services is complicated, and in some special scenes, certain network traffic such as voice over IP (VoIP) and video streaming needs to be transmitted with minimum bandwidth constraint; while for other traffic it needs to be transmitted with a larger bandwidth constraint in order to flow enough bandwidth for other traffic, so that handling of the traffic of the network poses even higher and more challenges. When the related technology limits the speed of the interface, the bandwidth constraint is carried out on each interface, that is, all the flow passing through the interface is processed according to the same bandwidth constraint. Therefore, the speed limit of the interface in the related technology is not flexible enough, and the interface cannot cope with a plurality of complex network application scenes and cannot meet the requirements of the current service.
Therefore, how to solve the problem that the related technology cannot cope with a complex network application scenario and cannot meet the requirement of the current service is a technical problem to be solved by the technical personnel in the field.
Disclosure of Invention
In view of this, an object of the present application is to provide an interface speed limiting method, an interface speed limiting device, and a computer readable storage medium, which improve the flexibility of interface speed limiting and meet the requirements of complex services.
In order to solve the above technical problem, the present application provides an interface speed limiting method, including:
if data traffic is detected from a data interface, extracting speed limit information corresponding to the data traffic;
matching and detecting the speed limit information and a DPI rule corresponding to the data interface;
and if the target DPI rule passing the matching detection exists, carrying out speed limiting treatment on the data flow according to a target bandwidth corresponding to the target DPI rule.
Optionally, the speed-limiting the data traffic according to the target bandwidth corresponding to the target DPI rule includes:
if the target bandwidth is zero, discarding the data traffic;
and if the target bandwidth is not zero, transmitting the data traffic according to the target bandwidth.
Optionally, the extracting speed limit information corresponding to the data traffic includes:
and extracting a destination IP address, a source IP address, a destination port number, a source port number and a four-layer protocol number corresponding to the data traffic as the speed limit information.
Optionally, the matching and detecting the speed limit information and the DPI rule corresponding to the data interface includes:
judging whether a first DPI rule which takes a destination IP address and a destination port number as destination information and takes a source IP address and a source port number as source information exists;
if the first DPI rule exists, performing matching detection by using the first DPI rule and the four-layer protocol number;
if the first DPI rule does not exist, judging whether a second DPI rule which takes a source IP address and a source port number as destination information and takes the destination IP address and a destination port number as source information exists;
and if the second DPI rule exists, performing matching detection by using the second DPI rule and the four-layer protocol number.
Optionally, the method further comprises:
acquiring and analyzing configuration information to obtain DPI rule information;
and binding each data interface with the corresponding DPI rule according to the DPI rule information.
Optionally, the method further comprises:
if a rule adjusting instruction is obtained, adjusting the DPI rule according to the instruction; the rule adjusting instruction is a rule adding instruction, a rule modifying instruction or a rule deleting instruction.
Optionally, the method further comprises:
and if the target DPI rule which passes the matching detection does not exist, transmitting the data flow according to the maximum available bandwidth.
The application also provides an interface speed limiting device, including:
the extraction module is used for extracting the speed limit information corresponding to the data traffic if the data traffic is detected from the data interface;
the detection module is used for matching and detecting the speed limit information and the DPI rule corresponding to the data interface;
and the processing module is used for carrying out speed limit processing on the data flow according to the target bandwidth corresponding to the target DPI rule if the target DPI rule passing the matching detection exists.
The application also provides an interface speed limiting device, which comprises a memory and a processor, wherein:
the memory is used for storing a computer program;
the processor is used for executing the computer program to realize the interface speed limiting method.
The present application also provides a computer-readable storage medium for storing a computer program, wherein the computer program, when executed by a processor, implements the interface speed limiting method described above.
According to the interface speed limiting method provided by the application, if data traffic is detected from the data interface, speed limiting information corresponding to the data traffic is extracted; matching and detecting the speed limit information and the DPI rule corresponding to the data interface; and if the target DPI rule passing the matching detection exists, carrying out speed limiting treatment on the data flow according to the target bandwidth corresponding to the target DPI rule.
It can be seen that the method performs different processing on different data flows by using the DPI rule, after a data flow is detected at a certain data fracture, the speed limit information corresponding to the data flow is used to judge whether speed limit processing is required, if a target DPI rule corresponding to the speed limit information exists in the DPI rule corresponding to the data interface, it is indicated that the data flow needs speed limit processing, and therefore, the data flow is speed-limited according to a target bandwidth corresponding to the target DPI rule. The DPI rule is set for the data interface, and different bandwidth constraints are set for different data flows, so that different speed-limiting processing can be performed on different data flows passing through the same data interface, a complex network application scene can be adapted, all flows passing through the data interface are not processed according to the same bandwidth constraints, the flexibility degree of interface speed limitation is improved, and the requirement of complex business is met. The problem that the interface speed limit of the related technology is not flexible enough, cannot cope with complex network application scenes, and cannot meet the requirements of current services is solved.
In addition, the application also provides an interface speed limiting device, interface speed limiting equipment and a computer readable storage medium, and the beneficial effects are also achieved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a flowchart of an interface speed limiting method according to an embodiment of the present application;
fig. 2 is a flowchart of a specific interface speed limiting method according to an embodiment of the present disclosure;
fig. 3 is a schematic structural diagram of an interface speed limiting device according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of an interface speed limiting device according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Referring to fig. 1, fig. 1 is a flowchart of an interface speed limiting method according to an embodiment of the present disclosure. The method comprises the following steps:
s101: and if the data traffic is detected from the data interface, extracting the speed limit information corresponding to the data traffic.
Some or all of the steps in this embodiment may be executed by an interface speed limiting device, where the interface speed limiting device may be a device that performs data traffic transmission, and may be, for example, a firewall, a router, a virtual machine, a DHCP (Dynamic Host Configuration Protocol) server, and the like. The data interface may be a virtual interface or an entity interface, and the specific content and type of the data traffic are not limited, and may be data traffic in any form and using any data protocol. The embodiment does not limit the specific manner of detecting the data traffic, for example, the data interface may be monitored, and the data traffic is determined to be detected after the data traffic is monitored; or other detection means may be used to detect the data interface.
The speed limit information can indicate the identity of the data flow, and then the speed limit information is used for matching detection with the DPI rule to realize speed limit processing of the data flow. The speed limit information may specifically include source information and destination information, where the source information is used to indicate a source location of the data traffic (i.e., a source device, a source network, etc.), and the destination information is used to indicate a destination location of the data (a destination device, a destination network, etc.). By the source and destination of the data traffic, the identity of the data traffic can be determined, and the data traffic in the data flow direction (i.e. the direction from the source location to the destination location) or in the data link bi-directional direction (i.e. the direction from the source location to the destination location and the direction from the destination location to the source location) can be rate-limited if necessary. The source information may include a source IP address, a source port number, etc., and the destination information may include a destination IP address, a destination port number, etc.
In a specific embodiment, in order to further improve the flexibility of speed limit, a four-layer protocol number may be further included in the speed limit information. Extracting speed limit information corresponding to data flow, comprising:
step 11: and extracting a destination IP address, a source IP address, a destination port number, a source port number and a four-layer protocol number corresponding to the data traffic as speed limit information.
It should be noted that, in order to perform speed limiting more finely, the protocol number should be a four-layer protocol number. The four-layer protocol number refers to a protocol number corresponding to a TCP/IP four-layer structure (network interface layer-internet layer-transport layer-application layer). Data traffic of different purposes needs to be distinguished on an application layer, and data traffic of different purposes may need to be subjected to different speed limiting processing. Real-time data such as real-time call data and video data need to be transmitted as soon as possible, while non-real-time data such as a transmission file need not be transmitted as soon as possible. Therefore, the data traffic identity can be determined through the protocol number of the application layer only when the acquired protocol number is the four-layer protocol number.
S102: and matching and detecting the speed limit information and the DPI rule corresponding to the data interface.
Dpi (deep Packet inspection) is a Packet-based deep inspection technology, which can perform filtering control on inspection traffic according to a predefined policy by inspecting and analyzing the traffic and Packet content at key points of a network. The DPI rule in this embodiment is a policy defined in advance for performing rate-limiting processing on data traffic, and the specific form thereof is not limited. The DPI rule corresponds the speed limit information with the corresponding bandwidth, namely records the corresponding relation between the speed limit information and the bandwidth. The number of the DPI rules is multiple, and each DPI rule can record the corresponding relation between different speed limit information and different bandwidths or record the corresponding relation between the same speed limit information and different bandwidths.
After the speed limit information is obtained, matching detection is performed on the speed limit information and the DPI rule corresponding to the data interface, it should be noted that the DPI rule corresponding to the data interface may be all or part of the DPI rules, that is, not every interface corresponds to all the DPI rules. In a feasible implementation manner, corresponding DPI rules can be allocated to different interfaces according to actual needs, so that when different data interfaces acquire the same data traffic, different speed-limiting processing can be performed on the data traffic according to corresponding different DPI rules. When the speed limit information is matched with the DPI rule, a target DPI rule passing through the matching detection may exist, or any DPI rule not matched with the speed limit information may exist.
The present embodiment does not limit the specific obtaining manner of the DPI rule, for example, in a feasible implementation, the DPI rule may be input by a user, for example, the DPI rule may be obtained by parsing the rule file; or rule information can be input, and the DPI rule is generated according to the input rule information. In another possible implementation, DPI rules sent by other terminals or devices may be received, for example, DPI rules sent by other interface rate limiting devices may be received. After the DPI rule is obtained, a corresponding DPI rule needs to be specified for the data interface. In a possible implementation manner, DPI rule information may be added to the configuration information for configuring the interface speed limiting device, so as to configure the speed limiting function (belonging to the QOS function) at the same time when the interface speed limiting device is configured, without separately configuring the speed limiting function for the interface speed limiting device. Specifically, the method may further include:
step 21: and acquiring and analyzing the configuration information to obtain DPI rule information.
Step 22: and binding each data interface with the corresponding DPI rule according to the DPI rule information.
The present embodiment does not limit the specific form of the DPI rule information, and may be, for example, an array form, where a first element of the array is used to specify a data interface, and may be, for example, a serial number of the data interface; other elements of the array may be used to specify DPI rules, and each element may specify one or a set of DPI rules. And after the DPI rule corresponding to each data interface is determined, binding the data interface with the DPI rule. Each data interface may bind to multiple DPI rules, and correspondingly, each DPI rule may bind to multiple data interfaces.
Further, the DPI rule may be adjusted, for example, the DPI rule may be added, deleted, or modified. Specifically, the method may further include:
step 31: if the rule adjusting instruction is obtained, adjusting the DPI rule according to the instruction; the rule adjusting instruction is a rule adding instruction, a rule modifying instruction or a rule deleting instruction
The rule adjusting instruction may be a rule adding instruction, a rule modifying instruction or a rule deleting instruction. The rule adding instruction is used for adding a DPI rule, or can be used for adding a corresponding relation between one or more DPI rules and one or more data interfaces. The rule modification instructions may be used to modify the content of the DPI rule, e.g., may modify a bandwidth value in the DPI rule. The rule deletion instruction may be used to delete one or more DPI rules or may be used to delete a correspondence between one or more DPI rules and one or more data interfaces. It should be noted that step 31 may be performed at any time after the DPI rule is acquired, and is not a necessary step, i.e., the present embodiment does not limit whether step 31 is necessarily performed.
It should be noted that, since the source information and the destination information in the speed limit information can describe the identity of the data traffic, correspondingly, the DPI rule can also perform the speed limit function by recording the source information and the destination information, that is, a group of source information and destination information is combined with a certain bandwidth value, and after the data traffic with the group of source information and destination information is detected, the speed limit processing is performed on the data traffic according to the corresponding bandwidth value. Based on this, in a possible implementation manner, a bi-directional speed limit can be performed by using one DPI rule, that is, the speed limit is performed on both the data traffic in the direction from the source location to the destination location and the data traffic in the direction from the destination location to the source location by using corresponding bandwidth values. The S102 step may include:
step 41: and judging whether a first DPI rule which takes the destination IP address and the destination port number as destination information and takes the source IP address and the source port number as source information exists.
Step 42: and if the first DPI rule exists, performing matching detection by using the first DPI rule and the four-layer protocol number.
Step 43: if the first DPI rule does not exist, whether a second DPI rule which takes the source IP address and the source port number as destination information and takes the destination IP address and the destination port number as source information exists is judged.
Step 44: and if the second DPI rule exists, performing matching detection by using the second DPI rule and the four-layer protocol number.
When performing the matching detection, it may be determined whether a forward first DPI rule exists, that is, whether a first DPI rule exists that uses a destination IP address and a destination port number as destination information and uses a source IP address and a source port number as source information. If the data flow is matched with the four-layer protocol number, the first DPI rule is the target DPI rule. If the first DPI rule does not match the four-layer protocol number, step 43 may be performed for bi-directional inspection. If the first DPI rule does not exist, whether a second DPI rule exists is judged, namely whether the second DPI rule which takes the source IP address and the source port number as destination information and takes the destination IP address and the destination port number as source information exists is judged. If the first DPI rule exists, the second DPI rule and the four-layer protocol number are used for matching detection, namely, the steps corresponding to the case that the first DPI rule exists are executed, and the difference is that the first DPI rule is replaced by the second DPI rule. If the second DPI rule does not exist, it may be determined that there is no target DPI rule detected by the match. By using the technical scheme from step 41 to step 44, only one DPI rule can be used for bidirectional matching detection, thereby reducing the number of required DPI rules.
S103: and if the target DPI rule passing the matching detection exists, carrying out speed limiting treatment on the data flow according to the target bandwidth corresponding to the target DPI rule.
And if the target DPI rule passing the matching detection exists, the data flow needs to be subjected to speed limiting processing. And determining a corresponding target bandwidth by using a target DPI rule, and carrying out speed-limiting treatment on the data flow according to the target bandwidth. The present embodiment does not limit the specific size of the target bandwidth, and may be any non-negative number. It should be noted that the target bandwidth may be zero, in which case the data traffic may be blocked. The S103 step may include:
step 51: and if the target bandwidth is zero, discarding the data traffic.
Step 52: and if the target bandwidth is not zero, transmitting the data traffic according to the target bandwidth.
If the target bandwidth is zero, it indicates that the data traffic is not transmitted, and therefore the data traffic to be discarded. If the target bandwidth is not zero, it indicates that the data traffic needs to be rate-limited, so the data traffic is transmitted according to the target bandwidth.
In one embodiment, there may be no target DPI rule detected by matching, in which case, it may further include:
step 61: and if the target DPI rule which passes the matching detection does not exist, transmitting the data flow according to the maximum available bandwidth.
If the target DPI rule which passes the matching detection does not exist, the data traffic does not need to be subjected to speed limiting processing, so that the data traffic is transmitted according to the maximum available bandwidth, namely, the data traffic is transmitted in a best effort mode.
By applying the interface speed limiting method provided by the embodiment of the application, different data flows are processed differently by using the DPI rules, after the data flow is detected at a certain data fracture, whether the speed limiting processing is needed or not is judged by using the speed limiting information corresponding to the data flow, if the DPI rule corresponding to the data interface has the target DPI rule corresponding to the speed limiting information, the data flow needs to be subjected to the speed limiting processing, and therefore the data flow is subjected to the speed limiting processing according to the target bandwidth corresponding to the target DPI rule. The DPI rule is set for the data interface, and different bandwidth constraints are set for different data flows, so that different speed-limiting processing can be performed on different data flows passing through the same data interface, a complex network application scene can be adapted, all flows passing through the data interface are not processed according to the same bandwidth constraints, the flexibility degree of interface speed limitation is improved, and the requirement of complex business is met. The problem that the interface speed limit of the related technology is not flexible enough, cannot cope with complex network application scenes, and cannot meet the requirements of current services is solved.
Referring to fig. 2, fig. 2 is a flowchart of a specific interface speed limiting method according to an embodiment of the present application. In this embodiment, a QOS service segment is used to configure a QOS function in an Openstack deployed multi-architecture cluster environment. The QOS service end is specifically a QOS service configuration of a Neutron Server, and issues/updates a deep packet processing rule (i.e. a DPI rule) based on network flow data content, so that the DPI rule is applied to each virtual port of network transmission equipment (i.e. interface speed limiting equipment), such as virtual interfaces of DHCP, firewall, router, virtual machine and the like. The specific process is as follows:
1: a QOS service module of a control node where a Neutron Server is located issues a DPI rule to a virtual interface needing speed limiting (namely binding a data interface and the DPI rule), wherein the rule content comprises Key and a matching result; the Key contains a source and destination IP address (a source IP address and a destination IP address), a source and destination port number (a source port number and a destination port number), a four-layer protocol number, and a matching result of the rule is a speed limit peak value of the bandwidth.
2: after the network traffic (i.e. data traffic) enters the virtual interface, the QOS service module extracts the source and destination IP of the traffic, the source and destination port number, and the protocol type of the fourth layer protocol of the packet, to form a key (i.e. speed limit information) for rule matching.
3: and performing matching query operation of the DPI rule table according to the input Key.
4: according to the query result of the DPI rule table, if a certain DPI rule in the DPI rule table is hit, the data flow of the hit rule passing through the virtual interface is limited by the set bandwidth peak value according to the bandwidth peak value set in the rule hit result, and if the bandwidth of the hit result is distributed to be 0, the data flow of the hit rule is forbidden to pass through and is directly discarded at the port.
5: according to the query result of the DPI rule table, if the rule of the DPI rule table is missed, all traffic of the virtual interface will be transmitted in a "best effort" manner, i.e. data transmission is performed using the maximum available bandwidth.
6: the QOS service module may delete the DPI rule issued to the virtual interface, and at this time, it may be observed that the corresponding data traffic passing through the virtual interface is not limited by speed, and the data traffic is transmitted in a "best effort" manner at the virtual interface. That is, if the DPI rule is issued/updated to the virtual interface, the traffic normally passes.
The interface speed limiting device provided by the embodiment of the present application is introduced below, and the interface speed limiting device described below and the interface speed limiting method described above may be referred to correspondingly.
Referring to fig. 3, fig. 3 is a schematic structural diagram of an interface speed limiting device according to an embodiment of the present application, including:
the extraction module 110 is configured to extract speed limit information corresponding to data traffic if the data traffic is detected at the data interface;
the detection module 120 is configured to perform matching detection on the speed limit information and the DPI rule corresponding to the data interface;
and the processing module 130 is configured to, if the target DPI rule that passes the matching detection exists, perform speed-limiting processing on the data traffic according to a target bandwidth corresponding to the target DPI rule.
Optionally, the processing module 130 includes:
a discarding unit, configured to discard the data traffic if the target bandwidth is zero;
and the transmission unit is used for transmitting the data traffic according to the target bandwidth if the target bandwidth is not zero.
Optionally, the extraction module 110 includes:
and the first extraction unit is used for extracting a destination IP address, a source IP address, a destination port number, a source port number and a four-layer protocol number corresponding to the data traffic as speed limit information.
Optionally, the detection module 120 includes:
the first judging unit is used for judging whether a first DPI rule which takes a destination IP address and a destination port number as destination information and takes a source IP address and a source port number as source information exists or not;
the first detection unit is used for performing matching detection by using the first DPI rule and the four-layer protocol number if the first DPI rule exists;
a second judging unit, configured to judge whether a second DPI rule using the source IP address and the source port number as destination information and using the destination IP address and the destination port number as source information exists if the first DPI rule does not exist;
and the second detection unit is used for performing matching detection by using the second DPI rule and the four-layer protocol number if the second DPI rule exists.
Optionally, the method further comprises:
the information acquisition module is used for acquiring and analyzing the configuration information to obtain DPI rule information;
and the binding module is used for binding each data interface with the corresponding DPI rule according to the DPI rule information.
Optionally, the method further comprises:
the adjusting module is used for adjusting the DPI rule according to the rule adjusting instruction if the rule adjusting instruction is obtained; the rule adjusting instruction is a rule adding instruction, a rule modifying instruction or a rule deleting instruction.
Optionally, the method further comprises:
and the maximum transmission module is used for transmitting the data flow according to the maximum available bandwidth if the target DPI rule passing the matching detection does not exist.
The interface speed limiting device provided by the embodiment of the present application is introduced below, and the interface speed limiting device described below and the interface speed limiting method described above may be referred to correspondingly.
Referring to fig. 4, fig. 4 is a schematic structural diagram of an interface speed limiting device according to an embodiment of the present application. Wherein the interface speed limiting device 100 may include a processor 101 and a memory 102, and may further include one or more of a multimedia component 103, an information input/information output (I/O) interface 104, and a communication component 105.
The processor 101 is configured to control the overall operation of the interface speed limiting device 100 to complete all or part of the steps in the interface speed limiting method; the memory 102 is used to store various types of data to support the operation of the interface speed limiting device 100, which may include, for example, instructions for any application or method operating on the interface speed limiting device 100, as well as application-related data. The Memory 102 may be implemented by any type or combination of volatile and non-volatile Memory devices, such as one or more of Static Random Access Memory (SRAM), Electrically Erasable Programmable Read-Only Memory (EEPROM), Erasable Programmable Read-Only Memory (EPROM), Programmable Read-Only Memory (PROM), Read-Only Memory (ROM), magnetic Memory, flash Memory, magnetic or optical disk.
The multimedia component 103 may include a screen and an audio component. Wherein the screen may be, for example, a touch screen and the audio component is used for outputting and/or inputting audio signals. For example, the audio component may include a microphone for receiving external audio signals. The received audio signal may further be stored in the memory 102 or transmitted through the communication component 105. The audio assembly also includes at least one speaker for outputting audio signals. The I/O interface 104 provides an interface between the processor 101 and other interface modules, such as a keyboard, mouse, buttons, etc. These buttons may be virtual buttons or physical buttons. The communication module 105 is used to interface the speed limiting device 100 with other devices for wired or wireless communication. Wireless Communication, such as Wi-Fi, bluetooth, Near Field Communication (NFC), 2G, 3G, or 4G, or a combination of one or more of them, so that the corresponding Communication component 105 may include: Wi-Fi part, Bluetooth part, NFC part.
The interface speed limiting Device 100 may be implemented by one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), controllers, microcontrollers, microprocessors or other electronic components, and is configured to perform the interface speed limiting method according to the above embodiments.
The following describes a computer-readable storage medium provided in an embodiment of the present application, and the computer-readable storage medium described below and the interface speed limiting method described above may be referred to correspondingly.
The present application further provides a computer-readable storage medium, on which a computer program is stored, and the computer program, when executed by a processor, implements the steps of the interface speed limiting method described above.
The computer-readable storage medium may include: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
Those of skill would further appreciate that the various illustrative components and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
Finally, it should also be noted that, herein, relationships such as first and second, etc., are intended only to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms include, or any other variation is intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that includes a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
The principle and the implementation of the present application are explained herein by applying specific examples, and the above description of the embodiments is only used to help understand the method and the core idea of the present application; meanwhile, for a person skilled in the art, according to the idea of the present application, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application.
Claims (10)
1. An interface speed limiting method is characterized by comprising the following steps:
if data traffic is detected from a data interface, extracting speed limit information corresponding to the data traffic;
matching and detecting the speed limit information and a DPI rule corresponding to the data interface;
and if the target DPI rule passing the matching detection exists, carrying out speed limiting treatment on the data flow according to a target bandwidth corresponding to the target DPI rule.
2. The interface speed limiting method of claim 1, wherein the speed limiting of the data traffic according to the target bandwidth corresponding to the target DPI rule comprises:
if the target bandwidth is zero, discarding the data traffic;
and if the target bandwidth is not zero, transmitting the data traffic according to the target bandwidth.
3. The interface speed limiting method of claim 1, wherein the extracting the speed limiting information corresponding to the data traffic comprises:
and extracting a destination IP address, a source IP address, a destination port number, a source port number and a four-layer protocol number corresponding to the data traffic as the speed limit information.
4. The interface speed limiting method of claim 3, wherein the matching detection of the speed limiting information and the DPI rule corresponding to the data interface comprises:
judging whether a first DPI rule which takes a destination IP address and a destination port number as destination information and takes a source IP address and a source port number as source information exists;
if the first DPI rule exists, performing matching detection by using the first DPI rule and the four-layer protocol number;
if the first DPI rule does not exist, judging whether a second DPI rule which takes a source IP address and a source port number as destination information and takes the destination IP address and a destination port number as source information exists;
and if the second DPI rule exists, performing matching detection by using the second DPI rule and the four-layer protocol number.
5. The interface speed limiting method of claim 1, further comprising:
acquiring and analyzing configuration information to obtain DPI rule information;
and binding each data interface with the corresponding DPI rule according to the DPI rule information.
6. The interface speed limiting method of claim 1, further comprising:
if a rule adjusting instruction is obtained, adjusting the DPI rule according to the instruction; the rule adjusting instruction is a rule adding instruction, a rule modifying instruction or a rule deleting instruction.
7. The interface speed limiting method according to any one of claims 1 to 6, further comprising:
and if the target DPI rule which passes the matching detection does not exist, transmitting the data flow according to the maximum available bandwidth.
8. An interface speed limiting device, comprising:
the extraction module is used for extracting the speed limit information corresponding to the data traffic if the data traffic is detected from the data interface;
the detection module is used for matching and detecting the speed limit information and the DPI rule corresponding to the data interface;
and the processing module is used for carrying out speed limit processing on the data flow according to the target bandwidth corresponding to the target DPI rule if the target DPI rule passing the matching detection exists.
9. An interface speed limiting device, comprising a memory and a processor, wherein:
the memory is used for storing a computer program;
the processor is configured to execute the computer program to implement the interface speed limiting method according to any one of claims 1 to 7.
10. A computer-readable storage medium for storing a computer program, wherein the computer program when executed by a processor implements the interface speed limiting method according to any one of claims 1 to 7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010887294.XA CN112019446A (en) | 2020-08-28 | 2020-08-28 | Interface speed limiting method, device, equipment and readable storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010887294.XA CN112019446A (en) | 2020-08-28 | 2020-08-28 | Interface speed limiting method, device, equipment and readable storage medium |
Publications (1)
Publication Number | Publication Date |
---|---|
CN112019446A true CN112019446A (en) | 2020-12-01 |
Family
ID=73502932
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010887294.XA Pending CN112019446A (en) | 2020-08-28 | 2020-08-28 | Interface speed limiting method, device, equipment and readable storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112019446A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112637090A (en) * | 2020-12-30 | 2021-04-09 | 上海欣诺通信技术股份有限公司 | Dynamic multilevel flow control method based on programmable switching chip |
CN112929207A (en) * | 2021-01-25 | 2021-06-08 | 东莞中国科学院云计算产业技术创新与育成中心 | Method and device for managing quality of service of external network, computer equipment and storage medium |
CN114465956A (en) * | 2022-04-11 | 2022-05-10 | 北京金山云网络技术有限公司 | Method and device for limiting flow rate of virtual machine, electronic equipment and storage medium |
CN115277503A (en) * | 2022-06-24 | 2022-11-01 | 北京天融信网络安全技术有限公司 | Method and device for monitoring network flow, storage medium and electronic equipment |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104243332A (en) * | 2013-06-20 | 2014-12-24 | 上海博达数据通信有限公司 | Sub-channel application flow control method based on DPI identification |
WO2015096417A1 (en) * | 2013-12-27 | 2015-07-02 | 中兴通讯股份有限公司 | State migration method and switch in software defined network |
CN108900420A (en) * | 2018-06-26 | 2018-11-27 | 新华三云计算技术有限公司 | Ductility limit speed method, apparatus and server |
WO2020087523A1 (en) * | 2018-11-02 | 2020-05-07 | 阿里巴巴集团控股有限公司 | Network communication method and apparatus, and electronic device |
-
2020
- 2020-08-28 CN CN202010887294.XA patent/CN112019446A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104243332A (en) * | 2013-06-20 | 2014-12-24 | 上海博达数据通信有限公司 | Sub-channel application flow control method based on DPI identification |
WO2015096417A1 (en) * | 2013-12-27 | 2015-07-02 | 中兴通讯股份有限公司 | State migration method and switch in software defined network |
CN108900420A (en) * | 2018-06-26 | 2018-11-27 | 新华三云计算技术有限公司 | Ductility limit speed method, apparatus and server |
WO2020087523A1 (en) * | 2018-11-02 | 2020-05-07 | 阿里巴巴集团控股有限公司 | Network communication method and apparatus, and electronic device |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112637090A (en) * | 2020-12-30 | 2021-04-09 | 上海欣诺通信技术股份有限公司 | Dynamic multilevel flow control method based on programmable switching chip |
CN112929207A (en) * | 2021-01-25 | 2021-06-08 | 东莞中国科学院云计算产业技术创新与育成中心 | Method and device for managing quality of service of external network, computer equipment and storage medium |
CN114465956A (en) * | 2022-04-11 | 2022-05-10 | 北京金山云网络技术有限公司 | Method and device for limiting flow rate of virtual machine, electronic equipment and storage medium |
CN114465956B (en) * | 2022-04-11 | 2022-08-23 | 北京金山云网络技术有限公司 | Method and device for limiting flow rate of virtual machine, electronic equipment and storage medium |
CN115277503A (en) * | 2022-06-24 | 2022-11-01 | 北京天融信网络安全技术有限公司 | Method and device for monitoring network flow, storage medium and electronic equipment |
CN115277503B (en) * | 2022-06-24 | 2024-03-15 | 北京天融信网络安全技术有限公司 | Method and device for monitoring network traffic, storage medium and electronic equipment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN112019446A (en) | Interface speed limiting method, device, equipment and readable storage medium | |
US8874736B2 (en) | Event extractor | |
US20140219101A1 (en) | Feature Extraction Apparatus, and Network Traffic Identification Method, Apparatus, and System | |
US20190075049A1 (en) | Determining Direction of Network Sessions | |
EP3637259A1 (en) | Method for controlling on-demand service provisioning | |
US9413560B2 (en) | Differentiated quality of service using security as a service | |
CN110300065B (en) | Application flow identification method and system based on software defined network | |
CN103718508A (en) | Advanced determination, processing and control in communication networks | |
CN105653531B (en) | Data extraction method and device | |
CN113364804B (en) | Method and device for processing flow data | |
CN116015721A (en) | Illegal external connection detection method, system, electronic equipment and medium | |
CN105591967B (en) | A kind of data transmission method and device | |
EP2741449B1 (en) | Processing of call data records | |
CN110752994B (en) | Traffic classification processing method, device, equipment and readable storage medium | |
JP7003864B2 (en) | Sorting device, communication system and sorting method | |
CN113452714B (en) | Host clustering method and device | |
CN111163184B (en) | Method and device for extracting message features | |
JPWO2018230482A1 (en) | Traffic optimization device, communication system, traffic optimization method and program | |
Azab et al. | AVOCAD: Adaptive terrorist comms surveillance and interception using machine learning | |
Tung et al. | VoIP packets filtering for mobile instant messaging using N-gram models | |
CN113242205B (en) | Network traffic classification control method, device, server and storage medium | |
CN114301707B (en) | Data packet sequence feature extraction method, device, equipment and medium | |
CN111404940B (en) | Data packet identification method and device, electronic equipment and storage medium | |
CN113923270A (en) | Message processing method, device, equipment and readable storage medium | |
EP2827548A1 (en) | Filtering sensitive data out of a network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20201201 |
|
RJ01 | Rejection of invention patent application after publication |