CN112367277B - Message processing method and device - Google Patents

Message processing method and device Download PDF

Info

Publication number
CN112367277B
CN112367277B CN202011192020.5A CN202011192020A CN112367277B CN 112367277 B CN112367277 B CN 112367277B CN 202011192020 A CN202011192020 A CN 202011192020A CN 112367277 B CN112367277 B CN 112367277B
Authority
CN
China
Prior art keywords
message
service
network
quintuple information
dscp value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011192020.5A
Other languages
Chinese (zh)
Other versions
CN112367277A (en
Inventor
陆洋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Big Data Technologies Co Ltd
Original Assignee
New H3C Big Data Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by New H3C Big Data Technologies Co Ltd filed Critical New H3C Big Data Technologies Co Ltd
Priority to CN202011192020.5A priority Critical patent/CN112367277B/en
Publication of CN112367277A publication Critical patent/CN112367277A/en
Application granted granted Critical
Publication of CN112367277B publication Critical patent/CN112367277B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/20Support for services
    • H04L49/208Port mirroring
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5005Allocation of resources, e.g. of the central processing unit [CPU] to service a request
    • G06F9/5027Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/50Queue scheduling
    • H04L47/62Queue scheduling characterised by scheduling criteria
    • H04L47/625Queue scheduling characterised by scheduling criteria for service slots or service orders
    • H04L47/6275Queue scheduling characterised by scheduling criteria for service slots or service orders based on priority

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application provides a message processing method and a device, wherein the method is applied to firewall equipment and comprises the following steps: receiving a mirror image message sent by a core switch in a network where firewall equipment is located; if the service type of the mirror image message is determined to be the audio and video service, extracting quintuple information of the mirror image message; and sending the quintuple information to network control equipment in the network so that the network control equipment sends the quintuple information to all access layer equipment in the network, generating corresponding table entries when each access layer equipment does not locally store table entries which comprise the quintuple information and are used for adjusting the message priority, modifying the DSCP value carried in the second service message into an appointed DSCP value according to action items in the table entries when receiving the second service message matched with the table entries, and forwarding the modified second service message according to the modified DSCP value. The CPU load of the specified network equipment can be reduced.

Description

Message processing method and device
Technical Field
The present application relates to the field of communications technologies, and in particular, to a method and an apparatus for processing a packet.
Background
With the gradual evolution of office modes, remote office becomes a main office mode of many enterprises, and online conferences replace offline conferences to become a main communication mode, so that the application of audio and video services is more and more extensive.
At present, in order to improve user experience of a user of an audio/video service, a network device responsible for forwarding a service message is usually designated in a network to which the service is applied, for example, the network device may be an Access switch, an Access Point (AP), or the like, and after receiving the service message, the network device performs a mirroring operation on the service message to obtain a mirror message; then, for the service packet, the network device determines whether a table entry (e.g., Access Control List (ACL) table entry) for adjusting the packet priority, which is matched with a source Internet Protocol (IP) address of the service packet, is stored locally, and forwards the service packet according to a Differential Service Code Point (DSCP) value carried in the service packet if the determination result is negative; and if so, the network equipment modifies the DSCP value carried in the service message into an appointed DSCP value according to the action item in the relevant matched table item, wherein the priority of the modified DSCP value is higher than that of the DSCP value carried in the service message, and forwards the modified service message according to the modified DSCP value, so that the user experience of the user of the audio and video service is improved.
For the mirror image message, a Central Processing Unit (CPU) of the network device analyzes the mirror image message; and when the CPU determines that the service type of the mirror image message is the audio and video service, extracting quintuple information of the mirror image message and generating a table entry comprising the quintuple information and used for adjusting the message priority.
As can be seen, for the above network device, no matter which service packet of a service is received, the service packet needs to be mirrored to the CPU for analyzing the service type and generating an entry for adjusting the priority of the packet, which further causes a heavy load on the CPU.
Disclosure of Invention
In order to overcome the problems in the related art, the application provides a message processing method and device.
According to a first aspect of the embodiments of the present application, a method for processing a packet is provided, where the method is applied to a firewall device, and the method includes:
receiving a mirror image message sent by a core switch in a network where the firewall device is located, wherein the mirror image message is obtained after the core switch performs mirror image operation on a first service message after receiving the first service message;
if the service type of the mirror image message is determined to be the audio and video service, extracting quintuple information of the mirror image message;
sending the quintuple information to a network control device in the network, so that the network control device sends the quintuple information to all access layer devices in the network, generating an entry for adjusting the message priority, which includes the quintuple information, when each access layer device does not locally store an entry for adjusting the message priority, which includes the quintuple information, and modifying a DSCP value carried in a second service message to an appointed DSCP value according to an action item in the entry when the second service message matched with the entry is received, and forwarding the modified second service message according to the modified DSCP value, wherein the priority of the appointed DSCP value is higher than the priority of the DSCP value carried in the second service message.
According to a second aspect of the embodiments of the present application, a method for processing a packet is provided, where the method is applied to an access stratum device, and the method includes:
receiving quintuple information sent by a network control device in a network where the access layer device is located, wherein the quintuple information is sent to all the access layer devices in the network after the network control device receives the quintuple information sent by a firewall device in the network, and the quintuple information is sent to the network control device after extracting the quintuple information of a mirror message when the firewall device receives the mirror message sent by a core switch in the network and determines that the service type of the mirror message is an audio/video service, and the mirror message is obtained after the core switch performs mirror operation on a first service message after receiving the first service message;
when the list item which comprises the quintuple information and is used for adjusting the priority of the message is not stored locally, generating a list item which comprises the quintuple information and is used for adjusting the priority of the message;
when a second service message matched with the table entry is received, modifying the DSCP value carried in the second service message into a specified DSCP value according to the action item in the table entry, and forwarding the modified second service message according to the modified DSCP value, wherein the priority of the specified DSCP value is higher than that of the DSCP value carried in the second service message.
According to a third aspect of the embodiments of the present application, there is provided a message processing method, where the method is applied to a core switch, and the method includes:
after receiving a first service message, carrying out mirror image operation on the first service message to obtain a mirror image message;
forwarding the first service message according to a DSCP value carried in the first service message, and sending the mirror image message to a firewall device in a network where the core switch is located, so that the firewall device extracts quintuple information of the mirror image message when determining that the service type of the mirror image message is an audio/video service, and sends the quintuple information to a network control device in the network, the network control device sends the quintuple information to all access layer devices in the network, so that when each access layer device does not locally store an entry for adjusting the priority of the message, the entry for adjusting the priority of the message including the quintuple information is generated, and when receiving a second service message matched with the entry, according to an action entry in the entry, and modifying the DSCP value carried in the second service message into a specified DSCP value, and forwarding the modified second service message according to the modified DSCP value, wherein the priority of the specified DSCP value is higher than that of the DSCP value carried in the second service message.
According to a fourth aspect of the embodiments of the present application, there is provided a packet processing apparatus, where the apparatus is applied to a firewall device, and the apparatus includes:
the receiving module is used for receiving a mirror image message sent by a core switch in a network where the firewall device is located, wherein the mirror image message is obtained by performing mirror image operation on a first service message after the core switch receives the first service message;
the extraction module is used for extracting quintuple information of the mirror image message if the service type of the mirror image message is determined to be an audio and video service;
a sending module, configured to send the quintuple information to a network control device in the network, so that the network control device sends the quintuple information to all access stratum devices in the network, so that when each access stratum device does not locally store a table entry for adjusting a priority of a packet that includes the quintuple information, a table entry for adjusting the priority of the packet that includes the quintuple information is generated, and when a second service packet that matches the table entry is received, a DSCP value carried in the second service packet is modified to an assigned DSCP value according to an action entry in the table entry, and the modified second service packet is forwarded according to the modified DSCP value, where the priority of the assigned DSCP value is higher than the priority of the DSCP value carried in the second service packet.
According to a fifth aspect of the embodiments of the present application, there is provided a packet processing apparatus, where the apparatus is applied to an access stratum device, and the apparatus includes:
the receiving module is used for receiving quintuple information sent by a network control device in a network where the access layer device is located, wherein the quintuple information is sent to all the access layer devices in the network after the network control device receives the quintuple information sent by a firewall device in the network, the quintuple information is sent to the network control device after extracting the quintuple information of a mirror message when the firewall device receives the mirror message sent by a core switch in the network and determines that the service type of the mirror message is an audio/video service, and the mirror message is obtained after the core switch performs mirror operation on a first service message after receiving the first service message;
a generating module, configured to generate a table entry for adjusting the priority of the packet, where the table entry includes the quintuple information, and the table entry is not stored locally;
and the forwarding module is used for modifying the DSCP value carried in the second service message into a specified DSCP value according to the action item in the table item and forwarding the modified second service message according to the modified DSCP value when the second service message matched with the table item is received, wherein the priority of the specified DSCP value is higher than that of the DSCP value carried in the second service message.
According to a sixth aspect of the embodiments of the present application, there is provided a packet processing apparatus, where the apparatus is applied to a core switch, and the apparatus includes:
the mirror image module is used for carrying out mirror image operation on the first service message after receiving the first service message to obtain a mirror image message;
a forwarding module, configured to forward the first service packet according to a DSCP value carried in the first service packet, and send the mirror packet to a firewall device in a network where the core switch is located, so that when the firewall device determines that the service type of the mirror packet is an audio/video service, the firewall device extracts quintuple information of the mirror packet, and sends the quintuple information to a network control device in the network, and the network control device sends the quintuple information to all access stratum devices in the network, so that when each access stratum device does not locally store a table entry for adjusting a packet priority, the access stratum device generates a table entry for adjusting a packet priority, which includes the quintuple information, and when a second service packet matched with the table entry is received, and modifying the DSCP value carried in the second service message into a specified DSCP value according to the action item in the table item, and forwarding the modified second service message according to the modified DSCP value, wherein the priority of the specified DSCP value is higher than that of the DSCP value carried in the second service message.
The technical scheme provided by the embodiment of the application can have the following beneficial effects:
in the embodiment of the application, in the network applying the audio and video service, no special network equipment is designated, which is not only responsible for the mirroring operation of the service message, but also responsible for the analysis of the service type and the generation of the list item for adjusting the message priority by the CPU, but instead the core switch, firewall device, network control device and access layer device cooperate to accomplish these operations, namely, the core switch is responsible for the mirroring operation of the service messages, the firewall device is responsible for the analysis and extraction operation of the service types of the mirrored messages, the network control device is responsible for forwarding the relevant information extracted by the firewall device to the corresponding access layer device, and the corresponding access layer device is responsible for generating the table entry for adjusting the priority of the messages and performing the operation of improving the priority of the relevant service messages, so that the CPU load of the specified special network device is greatly reduced.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this application, illustrate embodiments consistent with the present application and together with the description, serve to explain the principles of the application.
Fig. 1 is a schematic flow chart of a message processing method according to an embodiment of the present application;
fig. 2 is a second schematic flowchart of a message processing method according to an embodiment of the present application;
fig. 3 is a third schematic flowchart of a message processing method according to an embodiment of the present application;
fig. 4 is a schematic architecture diagram of a network applying an audio/video service according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of a message processing apparatus according to an embodiment of the present application;
fig. 6 is a second schematic structural diagram of a message processing apparatus according to an embodiment of the present application;
fig. 7 is a third schematic structural diagram of a message processing apparatus according to an embodiment of the present application.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present application. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
Next, examples of the present application will be described in detail.
The embodiment of the present application provides a message processing method, which is applied to a firewall device, that is, a message processing method is described by standing on a firewall device side, as shown in fig. 1, the method may include the following steps:
and S11, receiving the mirror image message sent by the core switch in the network where the firewall equipment is located.
Specifically, in this step, the mirror message is obtained by the core switch performing mirror operation on the first service message after receiving the first service message.
In this embodiment, for the core switch, after performing mirroring operation on the first service packet, the core switch further forwards the first service packet according to the DSCP value carried in the first service packet.
And S12, if the service type of the mirror image message is determined to be the audio/video service, extracting quintuple information of the mirror image message.
Specifically, in this step, the firewall device may determine the service type of the mirror packet by:
judging whether a source User Datagram Protocol (UDP) port number of the mirror image message is a UDP port number corresponding to the audio and video service;
and if so, determining that the service type of the mirror image message is an audio/video service.
And if not, determining that the service type of the mirror image message is not the audio and video service.
It should be noted that, in the embodiment of the present application, when it is determined that the service type of the mirror image packet is not the audio/video service, the firewall device discards the mirror image packet.
And S13, sending the quintuple information to a network control device in the network, so that the network control device sends the quintuple information to all access layer devices in the network, and when each access layer device does not locally store a table entry for adjusting the message priority, the table entry for adjusting the message priority, which comprises the quintuple information, is generated, and when a second service message matched with the table entry is received, the DSCP value carried in the second service message is modified into a specified DSCP value according to an action item in the table entry, and the modified second service message is forwarded according to the modified DSCP value.
Specifically, in this step, when the firewall device sends the quintuple information to the Network control device in the Network, the firewall device may send the quintuple information to the Network control device through a Network configuration Protocol (NETCONF) connection channel established between the firewall device and the Network control device in the Network.
It should be noted that, in the embodiment of the present application, the priority of the specified DSCP value is higher than the priority of the DSCP value carried in the second service packet, for example, the specified DSCP value may be set to 46. In addition, the network control device may be a network controller or the like; the access layer device may be an access switch, an AP, or the like.
It should be further noted that the message processing method may be specifically executed by a Deep Packet analysis (DPI) component in the firewall device.
The embodiment of the present application further provides a message processing method, which is applied to an access stratum device, that is, a station describes a message processing method on an access stratum device side, as shown in fig. 2, the method may include the following steps:
and S21, receiving quintuple information sent by the network control equipment in the network where the access layer equipment is located.
Specifically, in this step, the access stratum device may receive the quintuple information sent by the network control device through a NETCONF connection channel established between the access stratum device and the network control device.
The quintuple information is sent to all access layer devices in the network after the network control device receives the quintuple information sent by the firewall device in the network, and the quintuple information is sent to the network control device after extracting the quintuple information of the mirror image message when the firewall device receives the mirror image message sent by the core switch in the network and determines that the service type of the mirror image message is the audio and video service.
The mirror image message is obtained by the core switch after the core switch receives the first service message and performs mirror image operation on the first service message.
And S22, when the list item for adjusting the priority of the message, which comprises the quintuple information, is not stored locally, generating the list item for adjusting the priority of the message, which comprises the quintuple information.
Specifically, in the embodiment of the present application, for the access stratum device, when the entry for adjusting the priority of the packet, which includes the quintuple information, is locally stored, the quintuple information may be discarded, so as to avoid repeated generation and reduce the load of the device.
S23, when receiving the second service message matched with the table entry, modifying the DSCP value carried in the second service message into the appointed DSCP value according to the action item in the table entry, and forwarding the modified second service message according to the modified DSCP value.
It should be noted that the priority of the designated DSCP value is higher than the priority of the DSCP value carried in the second service packet, for example, the designated DSCP value may be set to 46.
In addition, the network control device may be a network controller or the like; the access layer device may be an access switch, an AP, or the like.
An embodiment of the present application further provides a message processing method, which is applied to a core switch, that is, a station describes a message processing method on the core switch side, as shown in fig. 3, the method may include the following steps:
and S31, after receiving the first service message, performing mirror image operation on the first service message to obtain a mirror image message.
S32, according to the DSCP value carried in the first service message, forwarding the first service message, and sending the mirror image message to the firewall device in the network of the core switch, so that when the firewall device determines that the service type of the mirror image message is audio/video service, extracting the quintuple information of the mirror image message, and sending the quintuple information to the network control device in the network, the network control device sending the quintuple information to all the access layer devices in the network, so that when each access layer device does not locally store the table entry for adjusting the message priority including the quintuple information, the table entry for adjusting the message priority including the quintuple information is generated, and when receiving the second service message matched with the table entry, the DSCP value carried in the second service message is modified into the designated DSCP value according to the action item in the table entry, and forwarding the modified second service message according to the modified DSCP value.
It should be noted that the priority of the designated DSCP value is higher than the priority of the DSCP value carried in the second service packet, for example, the designated DSCP value may be set to 46.
In addition, the network control device may be a network controller or the like; the access layer device may be an access switch, an AP, or the like.
The following describes the above message processing method in detail with reference to specific embodiments.
Assuming that a network architecture applying the audio/video service is shown in fig. 4, taking an example that a user uses a computer device 41 to send a service message 1 with a service type of the audio/video service to a cloud server 47, a specific message processing process is as follows:
after receiving the service message 1 sent by the computer device 41, the access switch 43 finds that the destination IP address of the service message 1 is not the IP address of itself, further determines whether an entry matching the source IP address of the service message 1 exists in the entries for adjusting the message priority locally, and if the determination result is no, the access switch 43 forwards the service message 1 to the next-hop device (i.e., the aggregation switch 45). Here, the specific process of the access switch 43 determining the next hop device is the prior art and will not be described in detail here.
After receiving the service message 1, the aggregation switch 46 finds that the destination IP address of the service message 1 is not its own IP address, and continues to forward the service message 1 to the next-hop device (i.e., the core switch 47). Here, the specific process of the access switch 43 determining the next hop device is the prior art and will not be described in detail here.
After receiving the service message 1, the core switch 47 finds that the destination IP address of the service message 1 is not its own IP address, and performs mirroring operation on the service message 1 to obtain a mirrored message; then, according to the DSCP value carried in the service packet 1, the service packet 1 is forwarded to the cloud server 50, and the mirror packet is sent to the firewall device 48.
After receiving the mirror image message, the firewall device 48 determines whether the source UDP port number of the mirror image message is the UDP port number corresponding to the audio/video service, and because the determination result is yes, the firewall device 48 determines that the service type of the mirror image message is the audio/video service, further extracts quintuple information of the mirror image message, and sends the quintuple information to the network controller 49 in the network.
The network controller 49 queries all the access stratum devices in the network after receiving the five-tuple information, and then the network controller 49 sends the five-tuple information to all the access stratum devices (such as the access switch and AP44 shown in fig. 4).
Taking the example that the access switch 43 receives quintuple information, after the access switch 43 receives the quintuple information, it determines whether a table entry for adjusting the priority of the message including the quintuple information is stored locally, and since no relevant table entry is stored at present, the access switch 43 generates a table entry for adjusting the priority of the message including the quintuple information, so that if a subsequent service message matching with the table entry is received, the DSCP value carried in the service message can be modified into an assigned DSCP value according to an action entry in the table entry (the priority of the assigned DSCP value is higher than that carried in the service message), and the modified service message is forwarded according to the modified DSCP value, so as to implement the service message of preferentially sending the audio and video services, thereby improving the user experience of the user of the audio and video services.
It should be noted that, for the access switch 43, if the above five-tuple information is received again subsequently, because the entry for adjusting the priority of the packet including the five-tuple information has been stored, the discard processing is performed.
It can be seen from the above technical solutions that, in the embodiment of the present application, in the network applying the audio/video service, no special network device is designated, which is not only responsible for the mirroring operation of the service packet, but also responsible for the analysis of the service type and the generation of the table entry for adjusting the priority of the packet by its CPU, but instead the core switch, firewall device, network control device and access layer device cooperate to accomplish these operations, namely, the core switch is responsible for the mirroring operation of the service messages, the firewall device is responsible for the analysis and extraction operation of the service types of the mirrored messages, the network control device is responsible for forwarding the relevant information extracted by the firewall device to the corresponding access layer device, and the corresponding access layer device is responsible for generating the table entry for adjusting the priority of the messages and performing the operation of improving the priority of the relevant service messages, so that the CPU load of the specified special network device is greatly reduced.
Based on the same inventive concept, the present application further provides a packet processing apparatus, which is applied to a firewall device, and a schematic structural diagram of the packet processing apparatus is shown in fig. 5, and the packet processing apparatus specifically includes:
a receiving module 51, configured to receive a mirror image packet sent by a core switch in a network where the firewall device is located, where the mirror image packet is obtained by performing a mirror image operation on a first service packet after the core switch receives the first service packet;
the extracting module 52 is configured to extract quintuple information of the mirror image packet if it is determined that the service type of the mirror image packet is an audio/video service;
a sending module 53, configured to send the quintuple information to a network control device in the network, so that the network control device sends the quintuple information to all access stratum devices in the network, so that when each access stratum device does not locally store a table entry for adjusting a priority of a packet that includes the quintuple information, a table entry for adjusting a priority of a packet that includes the quintuple information is generated, and when a second service packet that matches the table entry is received, a DSCP value carried in the second service packet is modified to an assigned DSCP value according to an action entry in the table entry, and the modified second service packet is forwarded according to the modified DSCP value, where a priority of the assigned DSCP value is higher than a priority of the DSCP value carried in the second service packet.
Preferably, the extracting module 52 is specifically configured to:
judging whether the source UDP port number of the mirror image message is the UDP port number corresponding to the audio/video service;
and if so, determining that the service type of the mirror image message is an audio/video service.
Preferably, the sending module 53 is specifically configured to send the quintuple information to the network control device through a NETCONF connection channel established between the firewall device and the network control device in the network.
The present application further provides a packet processing apparatus, which is applied to an access stratum device, and a schematic structural diagram of the apparatus is shown in fig. 6, and specifically includes:
a receiving module 61, configured to receive quintuple information sent by a network control device in a network where the access layer device is located, where the quintuple information is sent to all access layer devices in the network after the network control device receives the quintuple information sent by a firewall device in the network, and the quintuple information is sent to the network control device after extracting the quintuple information of a mirror message when the firewall device receives the mirror message sent by a core switch in the network and determines that the service type of the mirror message is an audio/video service, where the mirror message is obtained after the core switch performs a mirror operation on a first service message after receiving the first service message;
a generating module 62, configured to generate a table entry for adjusting the priority of the packet that includes the quintuple information when the table entry for adjusting the priority of the packet that includes the quintuple information is not locally stored;
a forwarding module 63, configured to modify, when a second service packet matching the table entry is received, a DSCP value carried in the second service packet to an assigned DSCP value according to an action item in the table entry, and forward the modified second service packet according to the modified DSCP value, where a priority of the assigned DSCP value is higher than a priority of the DSCP value carried in the second service packet.
Preferably, the apparatus further comprises:
a discarding module (not shown in fig. 6) configured to discard the five-tuple information when the entry for adjusting the priority of the packet, including the five-tuple information, is locally stored.
Preferably, the receiving module 61 is specifically configured to receive quintuple information sent by the network control device through a NETCONF connection channel established between the access stratum device and the network control device.
The present application further provides a packet processing apparatus, which is applied to a core switch, and a schematic structural diagram of the apparatus is shown in fig. 7, and the apparatus specifically includes:
the mirror image module 71 is configured to perform mirror image operation on a first service packet after receiving the first service packet, so as to obtain a mirror image packet;
a forwarding module 72, configured to forward the first service packet according to a DSCP value of a differentiated services code point carried in the first service packet, and send the mirror packet to a firewall device in a network where the core switch is located, so that when the firewall device determines that the service type of the mirror packet is an audio/video service, the firewall device extracts quintuple information of the mirror packet, and sends the quintuple information to a network control device in the network, and the network control device sends the quintuple information to all access stratum devices in the network, so that when each access stratum device does not locally store a table entry for adjusting a priority of a packet that includes the quintuple information, a table entry for adjusting the priority of the packet that includes the quintuple information is generated, and when a second service packet that matches the table entry is received, and modifying the DSCP value carried in the second service message into a specified DSCP value according to the action item in the table item, and forwarding the modified second service message according to the modified DSCP value, wherein the priority of the specified DSCP value is higher than that of the DSCP value carried in the second service message.
It can be seen from the above technical solutions that, in the embodiment of the present application, in the network applying the audio/video service, no special network device is designated, which is not only responsible for the mirroring operation of the service packet, but also responsible for the analysis of the service type and the generation of the table entry for adjusting the priority of the packet by its CPU, but instead the core switch, firewall device, network control device and access layer device cooperate to accomplish these operations, namely, the core switch is responsible for the mirroring operation of the service messages, the firewall device is responsible for the analysis and extraction operation of the service types of the mirrored messages, the network control device is responsible for forwarding the relevant information extracted by the firewall device to the corresponding access layer device, and the corresponding access layer device is responsible for generating the table entry for adjusting the priority of the messages and performing the operation of improving the priority of the relevant service messages, so that the CPU load of the specified special network device is greatly reduced.
The above description is only exemplary of the present application and should not be taken as limiting the present application, as any modification, equivalent replacement, or improvement made within the spirit and principle of the present application should be included in the scope of protection of the present application.

Claims (10)

1. A message processing method is applied to firewall equipment, and is characterized in that the method comprises the following steps:
receiving a mirror image message sent by a core switch in a network where the firewall device is located, wherein the mirror image message is obtained after the core switch performs mirror image operation on a first service message after receiving the first service message;
if the service type of the mirror image message is determined to be the audio and video service, extracting quintuple information of the mirror image message;
sending the quintuple information to a network control device in the network, so that the network control device sends the quintuple information to all access layer devices in the network, generating an entry for adjusting the priority of a message, which comprises the quintuple information, when each access layer device does not locally store an entry for adjusting the priority of the message, which comprises the quintuple information, and modifying a DSCP value carried in a second service message into an appointed DSCP value according to an action item in the entry when the second service message matched with the entry is received, and forwarding the modified second service message according to the modified DSCP value, wherein the priority of the appointed DSCP value is higher than the priority of the DSCP value carried in the second service message.
2. The method of claim 1, wherein the traffic type of the mirror packet is determined by:
judging whether the source User Datagram Protocol (UDP) port number of the mirror image message is a UDP port number corresponding to the audio/video service;
and if so, determining that the service type of the mirror image message is an audio/video service.
3. The method according to claim 1, wherein sending the five-tuple information to a network control device in the network specifically comprises:
and sending the quintuple information to the network control equipment through a network configuration protocol NETCONF connection channel established between the firewall equipment and the network control equipment in the network.
4. A message processing method is applied to access layer equipment, and is characterized in that the method comprises the following steps:
receiving quintuple information sent by a network control device in a network where the access layer device is located, wherein the quintuple information is sent to all the access layer devices in the network after the network control device receives the quintuple information sent by a firewall device in the network, and the quintuple information is sent to the network control device after extracting the quintuple information of a mirror message when the firewall device receives the mirror message sent by a core switch in the network and determines that the service type of the mirror message is an audio/video service, and the mirror message is obtained after the core switch performs mirror operation on a first service message after receiving the first service message;
when the list item which comprises the quintuple information and is used for adjusting the priority of the message is not stored locally, generating a list item which comprises the quintuple information and is used for adjusting the priority of the message;
when a second service message matched with the table entry is received, according to an action item in the table entry, a Differentiated Services Code Point (DSCP) value carried in the second service message is modified into a specified DSCP value, and the modified second service message is forwarded according to the modified DSCP value, wherein the priority of the specified DSCP value is higher than that of the DSCP value carried in the second service message.
5. The method of claim 4, further comprising:
and when the table entry which comprises the quintuple information and is used for adjusting the message priority is locally stored, discarding the quintuple information.
6. The method according to claim 4, wherein receiving quintuple information sent by a network control device in a network in which the access stratum device is located specifically includes:
and receiving quintuple information sent by the network control equipment through a network configuration protocol NETCONF connection channel established between the access layer equipment and the network control equipment.
7. A message processing method is applied to a core switch, and is characterized by comprising the following steps:
after receiving a first service message, carrying out mirror image operation on the first service message to obtain a mirror image message;
forwarding the first service message according to a DSCP value carried in the first service message, and sending the mirror image message to a firewall device in a network where the core switch is located, so that the firewall device extracts quintuple information of the mirror image message and sends the quintuple information to a network control device in the network when determining that the service type of the mirror image message is an audio/video service, the network control device sends the quintuple information to all access layer devices in the network, so that when each access layer device does not locally store a table entry for adjusting the message priority, the table entry for adjusting the message priority, which includes the quintuple information, is generated, and when a second service message matched with the table entry is received, and modifying the DSCP value carried in the second service message into a specified DSCP value according to the action item in the table item, and forwarding the modified second service message according to the modified DSCP value, wherein the priority of the specified DSCP value is higher than that of the DSCP value carried in the second service message.
8. A message processing apparatus, wherein the apparatus is applied to a firewall device, and the apparatus comprises:
the receiving module is used for receiving a mirror image message sent by a core switch in a network where the firewall device is located, wherein the mirror image message is obtained by performing mirror image operation on a first service message after the core switch receives the first service message;
the extraction module is used for extracting quintuple information of the mirror image message if the service type of the mirror image message is determined to be an audio and video service;
a sending module, configured to send the quintuple information to a network control device in the network, so that the network control device sends the quintuple information to all access layer devices in the network, so that when each access layer device does not locally store a table entry for adjusting a priority of a packet that includes the quintuple information, a table entry for adjusting the priority of the packet that includes the quintuple information is generated, and when a second service packet that matches the table entry is received, according to an action entry in the table entry, a DSCP value of a differentiated service code point carried in the second service packet is modified to an assigned DSCP value, and the modified second service packet is forwarded according to the modified DSCP value, where the priority of the assigned DSCP value is higher than the priority of the DSCP value carried in the second service packet.
9. A message processing apparatus, wherein the apparatus is applied to an access stratum device, and the apparatus comprises:
the receiving module is used for receiving quintuple information sent by a network control device in a network where the access layer device is located, wherein the quintuple information is sent to all the access layer devices in the network after the network control device receives the quintuple information sent by a firewall device in the network, the quintuple information is sent to the network control device after extracting the quintuple information of a mirror message when the firewall device receives the mirror message sent by a core switch in the network and determines that the service type of the mirror message is an audio/video service, and the mirror message is obtained after the core switch performs mirror operation on a first service message after receiving the first service message;
a generating module, configured to generate a table entry for adjusting the priority of the packet, where the table entry includes the quintuple information, and the table entry is not stored locally;
and the forwarding module is used for modifying a DSCP value of a Differentiated Service Code Point (DSCP) carried in the second service message into a specified DSCP value according to an action item in the table entry when the second service message matched with the table entry is received, and forwarding the modified second service message according to the modified DSCP value, wherein the priority of the specified DSCP value is higher than that of the DSCP value carried in the second service message.
10. A message processing apparatus, wherein the apparatus is applied to a core switch, and the apparatus comprises:
the mirror image module is used for carrying out mirror image operation on the first service message after receiving the first service message to obtain a mirror image message;
a forwarding module, configured to forward the first service packet according to a DSCP value of a differentiated services code point carried in the first service packet, and send the mirror packet to a firewall device in a network where the core switch is located, so that when the firewall device determines that a service type of the mirror packet is an audio/video service, the firewall device extracts quintuple information of the mirror packet, and sends the quintuple information to a network control device in the network, and the network control device sends the quintuple information to all access stratum devices in the network, so that when each access stratum device does not locally store a table entry for adjusting a priority of a packet that includes the quintuple information, a table entry for adjusting the priority of the packet that includes the quintuple information is generated, and when a second service packet matching the table entry is received, and modifying the DSCP value carried in the second service message into a specified DSCP value according to the action item in the table item, and forwarding the modified second service message according to the modified DSCP value, wherein the priority of the specified DSCP value is higher than that of the DSCP value carried in the second service message.
CN202011192020.5A 2020-10-30 2020-10-30 Message processing method and device Active CN112367277B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011192020.5A CN112367277B (en) 2020-10-30 2020-10-30 Message processing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011192020.5A CN112367277B (en) 2020-10-30 2020-10-30 Message processing method and device

Publications (2)

Publication Number Publication Date
CN112367277A CN112367277A (en) 2021-02-12
CN112367277B true CN112367277B (en) 2022-03-29

Family

ID=74513925

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011192020.5A Active CN112367277B (en) 2020-10-30 2020-10-30 Message processing method and device

Country Status (1)

Country Link
CN (1) CN112367277B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104283805A (en) * 2014-10-27 2015-01-14 杭州华三通信技术有限公司 SDN message transmitting method and device
WO2017161999A1 (en) * 2016-03-22 2017-09-28 华为技术有限公司 Packet processing method and related device
CN109510785A (en) * 2018-12-27 2019-03-22 杭州迪普科技股份有限公司 A kind of method and apparatus of mirror image message
CN110784375A (en) * 2019-10-24 2020-02-11 新华三信息安全技术有限公司 Network data monitoring method and device, electronic equipment and storage medium
CN111083792A (en) * 2018-10-22 2020-04-28 华为技术有限公司 Data transmission method, device and equipment in WiFi network

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9154819B2 (en) * 2013-03-15 2015-10-06 Cisco Technology, Inc. Video content priority aware congestion management
CN109005126B (en) * 2017-06-06 2020-06-02 华为技术有限公司 Data stream processing method, device and computer readable storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104283805A (en) * 2014-10-27 2015-01-14 杭州华三通信技术有限公司 SDN message transmitting method and device
WO2017161999A1 (en) * 2016-03-22 2017-09-28 华为技术有限公司 Packet processing method and related device
CN111083792A (en) * 2018-10-22 2020-04-28 华为技术有限公司 Data transmission method, device and equipment in WiFi network
CN109510785A (en) * 2018-12-27 2019-03-22 杭州迪普科技股份有限公司 A kind of method and apparatus of mirror image message
CN110784375A (en) * 2019-10-24 2020-02-11 新华三信息安全技术有限公司 Network data monitoring method and device, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN112367277A (en) 2021-02-12

Similar Documents

Publication Publication Date Title
WO2021207922A1 (en) Packet transmission method, device, and system
US9800491B1 (en) Application based packet forwarding
US10103978B2 (en) Service processing method, device, and system
US10771475B2 (en) Techniques for exchanging control and configuration information in a network visibility system
US9571382B2 (en) Method, controller, and system for processing data packet
US10084706B2 (en) Method and device for processing service function chaining
US10609181B2 (en) Method and apparatus for controlling service chain of service flow
EP2773073B1 (en) Entry generation method, message receiving method, and corresponding device and system
US10015091B2 (en) Method of low-bandwidth data transport
US20130294449A1 (en) Efficient application recognition in network traffic
EP2991313B1 (en) Method and system for forwarding information in distributed network
CN106656615B (en) Message processing method and device based on TRACERT command
CN105099921A (en) User-based rapid business processing method and device
CN112367277B (en) Message processing method and device
US20160099891A1 (en) Packet processing method, apparatus and system
CN112671651A (en) Message forwarding method and device
KR20130044002A (en) Router and method for application awareness and traffic control on flow based router
US9893997B2 (en) System and method for creating session entry
CN108777654B (en) Message forwarding method and routing equipment
EP3059909A1 (en) Method, apparatus and system for controlling forwarding of service data in virtual network
EP3968584A1 (en) Method and apparatus for implementing multicasting
CN110120956B (en) Message processing method and device based on virtual firewall
US11991560B2 (en) Propagation of Quality of Service (QoS) management through a heterogenous network
CN109714259B (en) Traffic processing method and device
CN102595375B (en) The implementation method of packet switching service and system between roamer and ownership place

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant