CN112367277B - Message processing method and device - Google Patents
Message processing method and device Download PDFInfo
- Publication number
- CN112367277B CN112367277B CN202011192020.5A CN202011192020A CN112367277B CN 112367277 B CN112367277 B CN 112367277B CN 202011192020 A CN202011192020 A CN 202011192020A CN 112367277 B CN112367277 B CN 112367277B
- Authority
- CN
- China
- Prior art keywords
- message
- service
- network
- quintuple information
- dscp value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/20—Support for services
- H04L49/208—Port mirroring
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/50—Allocation of resources, e.g. of the central processing unit [CPU]
- G06F9/5005—Allocation of resources, e.g. of the central processing unit [CPU] to service a request
- G06F9/5027—Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/50—Queue scheduling
- H04L47/62—Queue scheduling characterised by scheduling criteria
- H04L47/625—Queue scheduling characterised by scheduling criteria for service slots or service orders
- H04L47/6275—Queue scheduling characterised by scheduling criteria for service slots or service orders based on priority
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application provides a message processing method and a device, wherein the method is applied to firewall equipment and comprises the following steps: receiving a mirror image message sent by a core switch in a network where firewall equipment is located; if the service type of the mirror image message is determined to be the audio and video service, extracting quintuple information of the mirror image message; and sending the quintuple information to network control equipment in the network so that the network control equipment sends the quintuple information to all access layer equipment in the network, generating corresponding table entries when each access layer equipment does not locally store table entries which comprise the quintuple information and are used for adjusting the message priority, modifying the DSCP value carried in the second service message into an appointed DSCP value according to action items in the table entries when receiving the second service message matched with the table entries, and forwarding the modified second service message according to the modified DSCP value. The CPU load of the specified network equipment can be reduced.
Description
Technical Field
The present application relates to the field of communications technologies, and in particular, to a method and an apparatus for processing a packet.
Background
With the gradual evolution of office modes, remote office becomes a main office mode of many enterprises, and online conferences replace offline conferences to become a main communication mode, so that the application of audio and video services is more and more extensive.
At present, in order to improve user experience of a user of an audio/video service, a network device responsible for forwarding a service message is usually designated in a network to which the service is applied, for example, the network device may be an Access switch, an Access Point (AP), or the like, and after receiving the service message, the network device performs a mirroring operation on the service message to obtain a mirror message; then, for the service packet, the network device determines whether a table entry (e.g., Access Control List (ACL) table entry) for adjusting the packet priority, which is matched with a source Internet Protocol (IP) address of the service packet, is stored locally, and forwards the service packet according to a Differential Service Code Point (DSCP) value carried in the service packet if the determination result is negative; and if so, the network equipment modifies the DSCP value carried in the service message into an appointed DSCP value according to the action item in the relevant matched table item, wherein the priority of the modified DSCP value is higher than that of the DSCP value carried in the service message, and forwards the modified service message according to the modified DSCP value, so that the user experience of the user of the audio and video service is improved.
For the mirror image message, a Central Processing Unit (CPU) of the network device analyzes the mirror image message; and when the CPU determines that the service type of the mirror image message is the audio and video service, extracting quintuple information of the mirror image message and generating a table entry comprising the quintuple information and used for adjusting the message priority.
As can be seen, for the above network device, no matter which service packet of a service is received, the service packet needs to be mirrored to the CPU for analyzing the service type and generating an entry for adjusting the priority of the packet, which further causes a heavy load on the CPU.
Disclosure of Invention
In order to overcome the problems in the related art, the application provides a message processing method and device.
According to a first aspect of the embodiments of the present application, a method for processing a packet is provided, where the method is applied to a firewall device, and the method includes:
receiving a mirror image message sent by a core switch in a network where the firewall device is located, wherein the mirror image message is obtained after the core switch performs mirror image operation on a first service message after receiving the first service message;
if the service type of the mirror image message is determined to be the audio and video service, extracting quintuple information of the mirror image message;
sending the quintuple information to a network control device in the network, so that the network control device sends the quintuple information to all access layer devices in the network, generating an entry for adjusting the message priority, which includes the quintuple information, when each access layer device does not locally store an entry for adjusting the message priority, which includes the quintuple information, and modifying a DSCP value carried in a second service message to an appointed DSCP value according to an action item in the entry when the second service message matched with the entry is received, and forwarding the modified second service message according to the modified DSCP value, wherein the priority of the appointed DSCP value is higher than the priority of the DSCP value carried in the second service message.
According to a second aspect of the embodiments of the present application, a method for processing a packet is provided, where the method is applied to an access stratum device, and the method includes:
receiving quintuple information sent by a network control device in a network where the access layer device is located, wherein the quintuple information is sent to all the access layer devices in the network after the network control device receives the quintuple information sent by a firewall device in the network, and the quintuple information is sent to the network control device after extracting the quintuple information of a mirror message when the firewall device receives the mirror message sent by a core switch in the network and determines that the service type of the mirror message is an audio/video service, and the mirror message is obtained after the core switch performs mirror operation on a first service message after receiving the first service message;
when the list item which comprises the quintuple information and is used for adjusting the priority of the message is not stored locally, generating a list item which comprises the quintuple information and is used for adjusting the priority of the message;
when a second service message matched with the table entry is received, modifying the DSCP value carried in the second service message into a specified DSCP value according to the action item in the table entry, and forwarding the modified second service message according to the modified DSCP value, wherein the priority of the specified DSCP value is higher than that of the DSCP value carried in the second service message.
According to a third aspect of the embodiments of the present application, there is provided a message processing method, where the method is applied to a core switch, and the method includes:
after receiving a first service message, carrying out mirror image operation on the first service message to obtain a mirror image message;
forwarding the first service message according to a DSCP value carried in the first service message, and sending the mirror image message to a firewall device in a network where the core switch is located, so that the firewall device extracts quintuple information of the mirror image message when determining that the service type of the mirror image message is an audio/video service, and sends the quintuple information to a network control device in the network, the network control device sends the quintuple information to all access layer devices in the network, so that when each access layer device does not locally store an entry for adjusting the priority of the message, the entry for adjusting the priority of the message including the quintuple information is generated, and when receiving a second service message matched with the entry, according to an action entry in the entry, and modifying the DSCP value carried in the second service message into a specified DSCP value, and forwarding the modified second service message according to the modified DSCP value, wherein the priority of the specified DSCP value is higher than that of the DSCP value carried in the second service message.
According to a fourth aspect of the embodiments of the present application, there is provided a packet processing apparatus, where the apparatus is applied to a firewall device, and the apparatus includes:
the receiving module is used for receiving a mirror image message sent by a core switch in a network where the firewall device is located, wherein the mirror image message is obtained by performing mirror image operation on a first service message after the core switch receives the first service message;
the extraction module is used for extracting quintuple information of the mirror image message if the service type of the mirror image message is determined to be an audio and video service;
a sending module, configured to send the quintuple information to a network control device in the network, so that the network control device sends the quintuple information to all access stratum devices in the network, so that when each access stratum device does not locally store a table entry for adjusting a priority of a packet that includes the quintuple information, a table entry for adjusting the priority of the packet that includes the quintuple information is generated, and when a second service packet that matches the table entry is received, a DSCP value carried in the second service packet is modified to an assigned DSCP value according to an action entry in the table entry, and the modified second service packet is forwarded according to the modified DSCP value, where the priority of the assigned DSCP value is higher than the priority of the DSCP value carried in the second service packet.
According to a fifth aspect of the embodiments of the present application, there is provided a packet processing apparatus, where the apparatus is applied to an access stratum device, and the apparatus includes:
the receiving module is used for receiving quintuple information sent by a network control device in a network where the access layer device is located, wherein the quintuple information is sent to all the access layer devices in the network after the network control device receives the quintuple information sent by a firewall device in the network, the quintuple information is sent to the network control device after extracting the quintuple information of a mirror message when the firewall device receives the mirror message sent by a core switch in the network and determines that the service type of the mirror message is an audio/video service, and the mirror message is obtained after the core switch performs mirror operation on a first service message after receiving the first service message;
a generating module, configured to generate a table entry for adjusting the priority of the packet, where the table entry includes the quintuple information, and the table entry is not stored locally;
and the forwarding module is used for modifying the DSCP value carried in the second service message into a specified DSCP value according to the action item in the table item and forwarding the modified second service message according to the modified DSCP value when the second service message matched with the table item is received, wherein the priority of the specified DSCP value is higher than that of the DSCP value carried in the second service message.
According to a sixth aspect of the embodiments of the present application, there is provided a packet processing apparatus, where the apparatus is applied to a core switch, and the apparatus includes:
the mirror image module is used for carrying out mirror image operation on the first service message after receiving the first service message to obtain a mirror image message;
a forwarding module, configured to forward the first service packet according to a DSCP value carried in the first service packet, and send the mirror packet to a firewall device in a network where the core switch is located, so that when the firewall device determines that the service type of the mirror packet is an audio/video service, the firewall device extracts quintuple information of the mirror packet, and sends the quintuple information to a network control device in the network, and the network control device sends the quintuple information to all access stratum devices in the network, so that when each access stratum device does not locally store a table entry for adjusting a packet priority, the access stratum device generates a table entry for adjusting a packet priority, which includes the quintuple information, and when a second service packet matched with the table entry is received, and modifying the DSCP value carried in the second service message into a specified DSCP value according to the action item in the table item, and forwarding the modified second service message according to the modified DSCP value, wherein the priority of the specified DSCP value is higher than that of the DSCP value carried in the second service message.
The technical scheme provided by the embodiment of the application can have the following beneficial effects:
in the embodiment of the application, in the network applying the audio and video service, no special network equipment is designated, which is not only responsible for the mirroring operation of the service message, but also responsible for the analysis of the service type and the generation of the list item for adjusting the message priority by the CPU, but instead the core switch, firewall device, network control device and access layer device cooperate to accomplish these operations, namely, the core switch is responsible for the mirroring operation of the service messages, the firewall device is responsible for the analysis and extraction operation of the service types of the mirrored messages, the network control device is responsible for forwarding the relevant information extracted by the firewall device to the corresponding access layer device, and the corresponding access layer device is responsible for generating the table entry for adjusting the priority of the messages and performing the operation of improving the priority of the relevant service messages, so that the CPU load of the specified special network device is greatly reduced.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this application, illustrate embodiments consistent with the present application and together with the description, serve to explain the principles of the application.
Fig. 1 is a schematic flow chart of a message processing method according to an embodiment of the present application;
fig. 2 is a second schematic flowchart of a message processing method according to an embodiment of the present application;
fig. 3 is a third schematic flowchart of a message processing method according to an embodiment of the present application;
fig. 4 is a schematic architecture diagram of a network applying an audio/video service according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of a message processing apparatus according to an embodiment of the present application;
fig. 6 is a second schematic structural diagram of a message processing apparatus according to an embodiment of the present application;
fig. 7 is a third schematic structural diagram of a message processing apparatus according to an embodiment of the present application.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present application. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
Next, examples of the present application will be described in detail.
The embodiment of the present application provides a message processing method, which is applied to a firewall device, that is, a message processing method is described by standing on a firewall device side, as shown in fig. 1, the method may include the following steps:
and S11, receiving the mirror image message sent by the core switch in the network where the firewall equipment is located.
Specifically, in this step, the mirror message is obtained by the core switch performing mirror operation on the first service message after receiving the first service message.
In this embodiment, for the core switch, after performing mirroring operation on the first service packet, the core switch further forwards the first service packet according to the DSCP value carried in the first service packet.
And S12, if the service type of the mirror image message is determined to be the audio/video service, extracting quintuple information of the mirror image message.
Specifically, in this step, the firewall device may determine the service type of the mirror packet by:
judging whether a source User Datagram Protocol (UDP) port number of the mirror image message is a UDP port number corresponding to the audio and video service;
and if so, determining that the service type of the mirror image message is an audio/video service.
And if not, determining that the service type of the mirror image message is not the audio and video service.
It should be noted that, in the embodiment of the present application, when it is determined that the service type of the mirror image packet is not the audio/video service, the firewall device discards the mirror image packet.
And S13, sending the quintuple information to a network control device in the network, so that the network control device sends the quintuple information to all access layer devices in the network, and when each access layer device does not locally store a table entry for adjusting the message priority, the table entry for adjusting the message priority, which comprises the quintuple information, is generated, and when a second service message matched with the table entry is received, the DSCP value carried in the second service message is modified into a specified DSCP value according to an action item in the table entry, and the modified second service message is forwarded according to the modified DSCP value.
Specifically, in this step, when the firewall device sends the quintuple information to the Network control device in the Network, the firewall device may send the quintuple information to the Network control device through a Network configuration Protocol (NETCONF) connection channel established between the firewall device and the Network control device in the Network.
It should be noted that, in the embodiment of the present application, the priority of the specified DSCP value is higher than the priority of the DSCP value carried in the second service packet, for example, the specified DSCP value may be set to 46. In addition, the network control device may be a network controller or the like; the access layer device may be an access switch, an AP, or the like.
It should be further noted that the message processing method may be specifically executed by a Deep Packet analysis (DPI) component in the firewall device.
The embodiment of the present application further provides a message processing method, which is applied to an access stratum device, that is, a station describes a message processing method on an access stratum device side, as shown in fig. 2, the method may include the following steps:
and S21, receiving quintuple information sent by the network control equipment in the network where the access layer equipment is located.
Specifically, in this step, the access stratum device may receive the quintuple information sent by the network control device through a NETCONF connection channel established between the access stratum device and the network control device.
The quintuple information is sent to all access layer devices in the network after the network control device receives the quintuple information sent by the firewall device in the network, and the quintuple information is sent to the network control device after extracting the quintuple information of the mirror image message when the firewall device receives the mirror image message sent by the core switch in the network and determines that the service type of the mirror image message is the audio and video service.
The mirror image message is obtained by the core switch after the core switch receives the first service message and performs mirror image operation on the first service message.
And S22, when the list item for adjusting the priority of the message, which comprises the quintuple information, is not stored locally, generating the list item for adjusting the priority of the message, which comprises the quintuple information.
Specifically, in the embodiment of the present application, for the access stratum device, when the entry for adjusting the priority of the packet, which includes the quintuple information, is locally stored, the quintuple information may be discarded, so as to avoid repeated generation and reduce the load of the device.
S23, when receiving the second service message matched with the table entry, modifying the DSCP value carried in the second service message into the appointed DSCP value according to the action item in the table entry, and forwarding the modified second service message according to the modified DSCP value.
It should be noted that the priority of the designated DSCP value is higher than the priority of the DSCP value carried in the second service packet, for example, the designated DSCP value may be set to 46.
In addition, the network control device may be a network controller or the like; the access layer device may be an access switch, an AP, or the like.
An embodiment of the present application further provides a message processing method, which is applied to a core switch, that is, a station describes a message processing method on the core switch side, as shown in fig. 3, the method may include the following steps:
and S31, after receiving the first service message, performing mirror image operation on the first service message to obtain a mirror image message.
S32, according to the DSCP value carried in the first service message, forwarding the first service message, and sending the mirror image message to the firewall device in the network of the core switch, so that when the firewall device determines that the service type of the mirror image message is audio/video service, extracting the quintuple information of the mirror image message, and sending the quintuple information to the network control device in the network, the network control device sending the quintuple information to all the access layer devices in the network, so that when each access layer device does not locally store the table entry for adjusting the message priority including the quintuple information, the table entry for adjusting the message priority including the quintuple information is generated, and when receiving the second service message matched with the table entry, the DSCP value carried in the second service message is modified into the designated DSCP value according to the action item in the table entry, and forwarding the modified second service message according to the modified DSCP value.
It should be noted that the priority of the designated DSCP value is higher than the priority of the DSCP value carried in the second service packet, for example, the designated DSCP value may be set to 46.
In addition, the network control device may be a network controller or the like; the access layer device may be an access switch, an AP, or the like.
The following describes the above message processing method in detail with reference to specific embodiments.
Assuming that a network architecture applying the audio/video service is shown in fig. 4, taking an example that a user uses a computer device 41 to send a service message 1 with a service type of the audio/video service to a cloud server 47, a specific message processing process is as follows:
after receiving the service message 1 sent by the computer device 41, the access switch 43 finds that the destination IP address of the service message 1 is not the IP address of itself, further determines whether an entry matching the source IP address of the service message 1 exists in the entries for adjusting the message priority locally, and if the determination result is no, the access switch 43 forwards the service message 1 to the next-hop device (i.e., the aggregation switch 45). Here, the specific process of the access switch 43 determining the next hop device is the prior art and will not be described in detail here.
After receiving the service message 1, the aggregation switch 46 finds that the destination IP address of the service message 1 is not its own IP address, and continues to forward the service message 1 to the next-hop device (i.e., the core switch 47). Here, the specific process of the access switch 43 determining the next hop device is the prior art and will not be described in detail here.
After receiving the service message 1, the core switch 47 finds that the destination IP address of the service message 1 is not its own IP address, and performs mirroring operation on the service message 1 to obtain a mirrored message; then, according to the DSCP value carried in the service packet 1, the service packet 1 is forwarded to the cloud server 50, and the mirror packet is sent to the firewall device 48.
After receiving the mirror image message, the firewall device 48 determines whether the source UDP port number of the mirror image message is the UDP port number corresponding to the audio/video service, and because the determination result is yes, the firewall device 48 determines that the service type of the mirror image message is the audio/video service, further extracts quintuple information of the mirror image message, and sends the quintuple information to the network controller 49 in the network.
The network controller 49 queries all the access stratum devices in the network after receiving the five-tuple information, and then the network controller 49 sends the five-tuple information to all the access stratum devices (such as the access switch and AP44 shown in fig. 4).
Taking the example that the access switch 43 receives quintuple information, after the access switch 43 receives the quintuple information, it determines whether a table entry for adjusting the priority of the message including the quintuple information is stored locally, and since no relevant table entry is stored at present, the access switch 43 generates a table entry for adjusting the priority of the message including the quintuple information, so that if a subsequent service message matching with the table entry is received, the DSCP value carried in the service message can be modified into an assigned DSCP value according to an action entry in the table entry (the priority of the assigned DSCP value is higher than that carried in the service message), and the modified service message is forwarded according to the modified DSCP value, so as to implement the service message of preferentially sending the audio and video services, thereby improving the user experience of the user of the audio and video services.
It should be noted that, for the access switch 43, if the above five-tuple information is received again subsequently, because the entry for adjusting the priority of the packet including the five-tuple information has been stored, the discard processing is performed.
It can be seen from the above technical solutions that, in the embodiment of the present application, in the network applying the audio/video service, no special network device is designated, which is not only responsible for the mirroring operation of the service packet, but also responsible for the analysis of the service type and the generation of the table entry for adjusting the priority of the packet by its CPU, but instead the core switch, firewall device, network control device and access layer device cooperate to accomplish these operations, namely, the core switch is responsible for the mirroring operation of the service messages, the firewall device is responsible for the analysis and extraction operation of the service types of the mirrored messages, the network control device is responsible for forwarding the relevant information extracted by the firewall device to the corresponding access layer device, and the corresponding access layer device is responsible for generating the table entry for adjusting the priority of the messages and performing the operation of improving the priority of the relevant service messages, so that the CPU load of the specified special network device is greatly reduced.
Based on the same inventive concept, the present application further provides a packet processing apparatus, which is applied to a firewall device, and a schematic structural diagram of the packet processing apparatus is shown in fig. 5, and the packet processing apparatus specifically includes:
a receiving module 51, configured to receive a mirror image packet sent by a core switch in a network where the firewall device is located, where the mirror image packet is obtained by performing a mirror image operation on a first service packet after the core switch receives the first service packet;
the extracting module 52 is configured to extract quintuple information of the mirror image packet if it is determined that the service type of the mirror image packet is an audio/video service;
a sending module 53, configured to send the quintuple information to a network control device in the network, so that the network control device sends the quintuple information to all access stratum devices in the network, so that when each access stratum device does not locally store a table entry for adjusting a priority of a packet that includes the quintuple information, a table entry for adjusting a priority of a packet that includes the quintuple information is generated, and when a second service packet that matches the table entry is received, a DSCP value carried in the second service packet is modified to an assigned DSCP value according to an action entry in the table entry, and the modified second service packet is forwarded according to the modified DSCP value, where a priority of the assigned DSCP value is higher than a priority of the DSCP value carried in the second service packet.
Preferably, the extracting module 52 is specifically configured to:
judging whether the source UDP port number of the mirror image message is the UDP port number corresponding to the audio/video service;
and if so, determining that the service type of the mirror image message is an audio/video service.
Preferably, the sending module 53 is specifically configured to send the quintuple information to the network control device through a NETCONF connection channel established between the firewall device and the network control device in the network.
The present application further provides a packet processing apparatus, which is applied to an access stratum device, and a schematic structural diagram of the apparatus is shown in fig. 6, and specifically includes:
a receiving module 61, configured to receive quintuple information sent by a network control device in a network where the access layer device is located, where the quintuple information is sent to all access layer devices in the network after the network control device receives the quintuple information sent by a firewall device in the network, and the quintuple information is sent to the network control device after extracting the quintuple information of a mirror message when the firewall device receives the mirror message sent by a core switch in the network and determines that the service type of the mirror message is an audio/video service, where the mirror message is obtained after the core switch performs a mirror operation on a first service message after receiving the first service message;
a generating module 62, configured to generate a table entry for adjusting the priority of the packet that includes the quintuple information when the table entry for adjusting the priority of the packet that includes the quintuple information is not locally stored;
a forwarding module 63, configured to modify, when a second service packet matching the table entry is received, a DSCP value carried in the second service packet to an assigned DSCP value according to an action item in the table entry, and forward the modified second service packet according to the modified DSCP value, where a priority of the assigned DSCP value is higher than a priority of the DSCP value carried in the second service packet.
Preferably, the apparatus further comprises:
a discarding module (not shown in fig. 6) configured to discard the five-tuple information when the entry for adjusting the priority of the packet, including the five-tuple information, is locally stored.
Preferably, the receiving module 61 is specifically configured to receive quintuple information sent by the network control device through a NETCONF connection channel established between the access stratum device and the network control device.
The present application further provides a packet processing apparatus, which is applied to a core switch, and a schematic structural diagram of the apparatus is shown in fig. 7, and the apparatus specifically includes:
the mirror image module 71 is configured to perform mirror image operation on a first service packet after receiving the first service packet, so as to obtain a mirror image packet;
a forwarding module 72, configured to forward the first service packet according to a DSCP value of a differentiated services code point carried in the first service packet, and send the mirror packet to a firewall device in a network where the core switch is located, so that when the firewall device determines that the service type of the mirror packet is an audio/video service, the firewall device extracts quintuple information of the mirror packet, and sends the quintuple information to a network control device in the network, and the network control device sends the quintuple information to all access stratum devices in the network, so that when each access stratum device does not locally store a table entry for adjusting a priority of a packet that includes the quintuple information, a table entry for adjusting the priority of the packet that includes the quintuple information is generated, and when a second service packet that matches the table entry is received, and modifying the DSCP value carried in the second service message into a specified DSCP value according to the action item in the table item, and forwarding the modified second service message according to the modified DSCP value, wherein the priority of the specified DSCP value is higher than that of the DSCP value carried in the second service message.
It can be seen from the above technical solutions that, in the embodiment of the present application, in the network applying the audio/video service, no special network device is designated, which is not only responsible for the mirroring operation of the service packet, but also responsible for the analysis of the service type and the generation of the table entry for adjusting the priority of the packet by its CPU, but instead the core switch, firewall device, network control device and access layer device cooperate to accomplish these operations, namely, the core switch is responsible for the mirroring operation of the service messages, the firewall device is responsible for the analysis and extraction operation of the service types of the mirrored messages, the network control device is responsible for forwarding the relevant information extracted by the firewall device to the corresponding access layer device, and the corresponding access layer device is responsible for generating the table entry for adjusting the priority of the messages and performing the operation of improving the priority of the relevant service messages, so that the CPU load of the specified special network device is greatly reduced.
The above description is only exemplary of the present application and should not be taken as limiting the present application, as any modification, equivalent replacement, or improvement made within the spirit and principle of the present application should be included in the scope of protection of the present application.
Claims (10)
1. A message processing method is applied to firewall equipment, and is characterized in that the method comprises the following steps:
receiving a mirror image message sent by a core switch in a network where the firewall device is located, wherein the mirror image message is obtained after the core switch performs mirror image operation on a first service message after receiving the first service message;
if the service type of the mirror image message is determined to be the audio and video service, extracting quintuple information of the mirror image message;
sending the quintuple information to a network control device in the network, so that the network control device sends the quintuple information to all access layer devices in the network, generating an entry for adjusting the priority of a message, which comprises the quintuple information, when each access layer device does not locally store an entry for adjusting the priority of the message, which comprises the quintuple information, and modifying a DSCP value carried in a second service message into an appointed DSCP value according to an action item in the entry when the second service message matched with the entry is received, and forwarding the modified second service message according to the modified DSCP value, wherein the priority of the appointed DSCP value is higher than the priority of the DSCP value carried in the second service message.
2. The method of claim 1, wherein the traffic type of the mirror packet is determined by:
judging whether the source User Datagram Protocol (UDP) port number of the mirror image message is a UDP port number corresponding to the audio/video service;
and if so, determining that the service type of the mirror image message is an audio/video service.
3. The method according to claim 1, wherein sending the five-tuple information to a network control device in the network specifically comprises:
and sending the quintuple information to the network control equipment through a network configuration protocol NETCONF connection channel established between the firewall equipment and the network control equipment in the network.
4. A message processing method is applied to access layer equipment, and is characterized in that the method comprises the following steps:
receiving quintuple information sent by a network control device in a network where the access layer device is located, wherein the quintuple information is sent to all the access layer devices in the network after the network control device receives the quintuple information sent by a firewall device in the network, and the quintuple information is sent to the network control device after extracting the quintuple information of a mirror message when the firewall device receives the mirror message sent by a core switch in the network and determines that the service type of the mirror message is an audio/video service, and the mirror message is obtained after the core switch performs mirror operation on a first service message after receiving the first service message;
when the list item which comprises the quintuple information and is used for adjusting the priority of the message is not stored locally, generating a list item which comprises the quintuple information and is used for adjusting the priority of the message;
when a second service message matched with the table entry is received, according to an action item in the table entry, a Differentiated Services Code Point (DSCP) value carried in the second service message is modified into a specified DSCP value, and the modified second service message is forwarded according to the modified DSCP value, wherein the priority of the specified DSCP value is higher than that of the DSCP value carried in the second service message.
5. The method of claim 4, further comprising:
and when the table entry which comprises the quintuple information and is used for adjusting the message priority is locally stored, discarding the quintuple information.
6. The method according to claim 4, wherein receiving quintuple information sent by a network control device in a network in which the access stratum device is located specifically includes:
and receiving quintuple information sent by the network control equipment through a network configuration protocol NETCONF connection channel established between the access layer equipment and the network control equipment.
7. A message processing method is applied to a core switch, and is characterized by comprising the following steps:
after receiving a first service message, carrying out mirror image operation on the first service message to obtain a mirror image message;
forwarding the first service message according to a DSCP value carried in the first service message, and sending the mirror image message to a firewall device in a network where the core switch is located, so that the firewall device extracts quintuple information of the mirror image message and sends the quintuple information to a network control device in the network when determining that the service type of the mirror image message is an audio/video service, the network control device sends the quintuple information to all access layer devices in the network, so that when each access layer device does not locally store a table entry for adjusting the message priority, the table entry for adjusting the message priority, which includes the quintuple information, is generated, and when a second service message matched with the table entry is received, and modifying the DSCP value carried in the second service message into a specified DSCP value according to the action item in the table item, and forwarding the modified second service message according to the modified DSCP value, wherein the priority of the specified DSCP value is higher than that of the DSCP value carried in the second service message.
8. A message processing apparatus, wherein the apparatus is applied to a firewall device, and the apparatus comprises:
the receiving module is used for receiving a mirror image message sent by a core switch in a network where the firewall device is located, wherein the mirror image message is obtained by performing mirror image operation on a first service message after the core switch receives the first service message;
the extraction module is used for extracting quintuple information of the mirror image message if the service type of the mirror image message is determined to be an audio and video service;
a sending module, configured to send the quintuple information to a network control device in the network, so that the network control device sends the quintuple information to all access layer devices in the network, so that when each access layer device does not locally store a table entry for adjusting a priority of a packet that includes the quintuple information, a table entry for adjusting the priority of the packet that includes the quintuple information is generated, and when a second service packet that matches the table entry is received, according to an action entry in the table entry, a DSCP value of a differentiated service code point carried in the second service packet is modified to an assigned DSCP value, and the modified second service packet is forwarded according to the modified DSCP value, where the priority of the assigned DSCP value is higher than the priority of the DSCP value carried in the second service packet.
9. A message processing apparatus, wherein the apparatus is applied to an access stratum device, and the apparatus comprises:
the receiving module is used for receiving quintuple information sent by a network control device in a network where the access layer device is located, wherein the quintuple information is sent to all the access layer devices in the network after the network control device receives the quintuple information sent by a firewall device in the network, the quintuple information is sent to the network control device after extracting the quintuple information of a mirror message when the firewall device receives the mirror message sent by a core switch in the network and determines that the service type of the mirror message is an audio/video service, and the mirror message is obtained after the core switch performs mirror operation on a first service message after receiving the first service message;
a generating module, configured to generate a table entry for adjusting the priority of the packet, where the table entry includes the quintuple information, and the table entry is not stored locally;
and the forwarding module is used for modifying a DSCP value of a Differentiated Service Code Point (DSCP) carried in the second service message into a specified DSCP value according to an action item in the table entry when the second service message matched with the table entry is received, and forwarding the modified second service message according to the modified DSCP value, wherein the priority of the specified DSCP value is higher than that of the DSCP value carried in the second service message.
10. A message processing apparatus, wherein the apparatus is applied to a core switch, and the apparatus comprises:
the mirror image module is used for carrying out mirror image operation on the first service message after receiving the first service message to obtain a mirror image message;
a forwarding module, configured to forward the first service packet according to a DSCP value of a differentiated services code point carried in the first service packet, and send the mirror packet to a firewall device in a network where the core switch is located, so that when the firewall device determines that a service type of the mirror packet is an audio/video service, the firewall device extracts quintuple information of the mirror packet, and sends the quintuple information to a network control device in the network, and the network control device sends the quintuple information to all access stratum devices in the network, so that when each access stratum device does not locally store a table entry for adjusting a priority of a packet that includes the quintuple information, a table entry for adjusting the priority of the packet that includes the quintuple information is generated, and when a second service packet matching the table entry is received, and modifying the DSCP value carried in the second service message into a specified DSCP value according to the action item in the table item, and forwarding the modified second service message according to the modified DSCP value, wherein the priority of the specified DSCP value is higher than that of the DSCP value carried in the second service message.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011192020.5A CN112367277B (en) | 2020-10-30 | 2020-10-30 | Message processing method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011192020.5A CN112367277B (en) | 2020-10-30 | 2020-10-30 | Message processing method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN112367277A CN112367277A (en) | 2021-02-12 |
CN112367277B true CN112367277B (en) | 2022-03-29 |
Family
ID=74513925
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202011192020.5A Active CN112367277B (en) | 2020-10-30 | 2020-10-30 | Message processing method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112367277B (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104283805A (en) * | 2014-10-27 | 2015-01-14 | 杭州华三通信技术有限公司 | SDN message transmitting method and device |
WO2017161999A1 (en) * | 2016-03-22 | 2017-09-28 | 华为技术有限公司 | Packet processing method and related device |
CN109510785A (en) * | 2018-12-27 | 2019-03-22 | 杭州迪普科技股份有限公司 | A kind of method and apparatus of mirror image message |
CN110784375A (en) * | 2019-10-24 | 2020-02-11 | 新华三信息安全技术有限公司 | Network data monitoring method and device, electronic equipment and storage medium |
CN111083792A (en) * | 2018-10-22 | 2020-04-28 | 华为技术有限公司 | Data transmission method, device and equipment in WiFi network |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9154819B2 (en) * | 2013-03-15 | 2015-10-06 | Cisco Technology, Inc. | Video content priority aware congestion management |
CN109005126B (en) * | 2017-06-06 | 2020-06-02 | 华为技术有限公司 | Data stream processing method, device and computer readable storage medium |
-
2020
- 2020-10-30 CN CN202011192020.5A patent/CN112367277B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104283805A (en) * | 2014-10-27 | 2015-01-14 | 杭州华三通信技术有限公司 | SDN message transmitting method and device |
WO2017161999A1 (en) * | 2016-03-22 | 2017-09-28 | 华为技术有限公司 | Packet processing method and related device |
CN111083792A (en) * | 2018-10-22 | 2020-04-28 | 华为技术有限公司 | Data transmission method, device and equipment in WiFi network |
CN109510785A (en) * | 2018-12-27 | 2019-03-22 | 杭州迪普科技股份有限公司 | A kind of method and apparatus of mirror image message |
CN110784375A (en) * | 2019-10-24 | 2020-02-11 | 新华三信息安全技术有限公司 | Network data monitoring method and device, electronic equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN112367277A (en) | 2021-02-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2021207922A1 (en) | Packet transmission method, device, and system | |
US9800491B1 (en) | Application based packet forwarding | |
US10103978B2 (en) | Service processing method, device, and system | |
US10771475B2 (en) | Techniques for exchanging control and configuration information in a network visibility system | |
US9571382B2 (en) | Method, controller, and system for processing data packet | |
US10084706B2 (en) | Method and device for processing service function chaining | |
US10609181B2 (en) | Method and apparatus for controlling service chain of service flow | |
EP2773073B1 (en) | Entry generation method, message receiving method, and corresponding device and system | |
US10015091B2 (en) | Method of low-bandwidth data transport | |
US20130294449A1 (en) | Efficient application recognition in network traffic | |
EP2991313B1 (en) | Method and system for forwarding information in distributed network | |
CN106656615B (en) | Message processing method and device based on TRACERT command | |
CN105099921A (en) | User-based rapid business processing method and device | |
CN112367277B (en) | Message processing method and device | |
US20160099891A1 (en) | Packet processing method, apparatus and system | |
CN112671651A (en) | Message forwarding method and device | |
KR20130044002A (en) | Router and method for application awareness and traffic control on flow based router | |
US9893997B2 (en) | System and method for creating session entry | |
CN108777654B (en) | Message forwarding method and routing equipment | |
EP3059909A1 (en) | Method, apparatus and system for controlling forwarding of service data in virtual network | |
EP3968584A1 (en) | Method and apparatus for implementing multicasting | |
CN110120956B (en) | Message processing method and device based on virtual firewall | |
US11991560B2 (en) | Propagation of Quality of Service (QoS) management through a heterogenous network | |
CN109714259B (en) | Traffic processing method and device | |
CN102595375B (en) | The implementation method of packet switching service and system between roamer and ownership place |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |