CN113114579B - ACL issuing method and device - Google Patents
ACL issuing method and device Download PDFInfo
- Publication number
- CN113114579B CN113114579B CN202110343311.8A CN202110343311A CN113114579B CN 113114579 B CN113114579 B CN 113114579B CN 202110343311 A CN202110343311 A CN 202110343311A CN 113114579 B CN113114579 B CN 113114579B
- Authority
- CN
- China
- Prior art keywords
- message
- acl
- chip
- accepted
- target type
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/29—Flow control; Congestion control using a combination of thresholds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/32—Flow control; Congestion control by discarding or delaying data units, e.g. packets or frames
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/15—Interconnection of switching modules
Abstract
This specification provides an ACL issuing method and apparatus, the method includes: the main control board card of the frame type equipment acquires an upper limit value aiming at a target type message, splits the upper limit value into N threshold values and distributes the N switching chips respectively to generate and send one or two ACLs to each switching chip, and after any switching chip reaches the threshold value by the ACLs, the target type message received by the switching chip can also be redirected to enable other switching chips which do not reach the threshold value to accept the message, namely after the message enters the equipment, the message is discarded only after all the switching chips in a switching chip sequence reach the respective threshold value, so that a plurality of switching chips share the upper limit value, and a better speed limiting effect is achieved.
Description
Technical Field
The present disclosure relates to the field of computer application technologies, and in particular, to an ACL issuing method and apparatus.
Background
The frame device may generally receive messages sent by other devices through a plurality of switch chips, and the switch chips receiving the messages are generally located on a service board card or a switch board card of the frame device. After the switch chip receives the packet, the received packet may be discarded or forwarded by looking up the table, for example, to a Central Processing Unit (CPU) of the service board, so as to implement Processing of the packet. The process of processing the message by the switch chip according to the board card service requirement is called as an acceptance message.
Sometimes, the message volume of the target type message (message containing the specified characteristic) accepted by the machine-frame type device in unit time needs to be limited, and the message exceeding the limited upper limit value in unit time needs to be discarded, which is called to limit the speed of the message.
However, an effective speed limiting method for the target type message is not available at present.
Disclosure of Invention
In order to overcome the problem that an effective speed limiting method aiming at a target type message is lacked in the related technology, the specification provides an ACL issuing method and a device.
According to a first aspect of the embodiments of the present specification, an ACL delivery method is provided, in which for any packet with a specific feature sent to a frame device, the frame device receives the target type packet through an exchange chip in an exchange chip sequence; each switching chip in the switching chip sequence is positioned on a service board card or a switching board card of the machine frame type equipment; the exchange chip sequence comprises N exchange chips, wherein N is more than or equal to 2;
the method is applied to the main control board card of the machine frame type equipment, and comprises the following steps:
acquiring an upper limit value designated by a user; the upper limit value is used for limiting the upper limit of the message quantity of the message with the specified characteristics accepted by the frame type equipment in unit time;
splitting the upper limit value into N threshold values and respectively distributing the N threshold values to each exchange chip in the exchange chip sequence;
sending an ACL to the 1 st exchange chip in the exchange chip sequence, wherein the matching condition of the ACL comprises that the message has specified characteristics; the actions performed by the ACL include: for any matched message, if the message is accepted to cause the message amount of the accepted target type in unit time to exceed the corresponding threshold value, sending the message to the 2 nd switching chip for acceptance;
sending ACL to the ith exchange chip, wherein i is 2, … and N; the matching condition of the ACL comprises that the message has the specified characteristic and the message is received through an external port; the actions performed by the ACL include: for any matched message, if the message is accepted to cause the message amount of the accepted target type in unit time to exceed the corresponding threshold value, sending the message to the 1 st switching chip for acceptance;
respectively issuing other ACLs to the jth exchange chip, wherein j is 2, … and N-1; the matching conditions of the other ACLs comprise that the message has the specified characteristics and the message is received through the internal port; the actions performed by the other ACLs include: for any matched message, if the message is accepted to cause the message amount of the accepted target type in unit time to exceed the corresponding threshold value, sending the message to the (j + 1) th exchange chip for acceptance;
issuing other ACLs to the Nth exchange chip; the matching conditions of the other ACLs comprise that the message has the specified characteristics and the message is received through the internal port; the actions performed by the other ACLs include: and for any matched message, if the message is accepted, the message volume of the accepted target type in unit time exceeds the corresponding threshold value, and the message is discarded.
According to a second aspect of the embodiments of the present specification, there is provided a message processing method applied to each switch chip of a subrack device switch chip sequence, the method including:
the exchange chip receives the target type message;
judging whether the received message contains the matching characteristics of any ACL; the ACL is an ACL issued by the ACL issuing method according to the first aspect of the embodiment of the present specification;
and if the matched characteristic of any ACL is included, processing the message according to the strategy of the ACL.
According to a third aspect of the embodiments of the present specification, an ACL delivery apparatus is provided, where, for any packet sent to a frame device and having a specific feature, the frame device receives the target type packet through an exchange chip in an exchange chip sequence; each switching chip in the switching chip sequence is positioned on a service board card or a switching board card of the machine frame type equipment; the exchange chip sequence comprises N exchange chips, wherein N is more than or equal to 2;
the device is applied to the master control integrated circuit board of frame equipment includes:
the upper limit value acquisition module is used for acquiring an upper limit value designated by a user; the upper limit value is used for limiting the upper limit of the message quantity of the message with the specified characteristics accepted by the frame type equipment in unit time;
a threshold splitting module, configured to split the upper limit value into N thresholds and allocate the thresholds to each switch chip in the sequence of switch chips respectively;
the ACL issuing module is used for issuing ACL to the 1 st exchange chip in the exchange chip sequence, and the matching condition of the ACL comprises that the message has specified characteristics; the actions performed by the ACL include: for any matched message, if the message is accepted to cause the message amount of the accepted target type in unit time to exceed the corresponding threshold value, sending the message to the 2 nd switching chip for acceptance; sending ACL to the ith exchange chip, wherein i is 2, … and N; the matching condition of the ACL comprises that the message has the specified characteristic and the message is received through an external port; the actions performed by the ACL include: for any matched message, if the message is accepted to cause the message amount of the accepted target type in unit time to exceed the corresponding threshold value, sending the message to the 1 st switching chip for acceptance; respectively issuing other ACLs to the jth exchange chip, wherein j is 2, … and N-1; the matching conditions of the other ACLs comprise that the message has the specified characteristics and the message is received through the internal port; the actions performed by the other ACLs include: for any matched message, if the message is accepted to cause the message amount of the accepted target type in unit time to exceed the corresponding threshold value, sending the message to the (j + 1) th exchange chip for acceptance; issuing other ACLs to the Nth exchange chip; the matching conditions of the other ACLs comprise that the message has the specified characteristics and the message is received through the internal port; the actions performed by the other ACLs include: and for any matched message, if the message is accepted, the message volume of the accepted target type in unit time exceeds the corresponding threshold value, and the message is discarded.
According to a fourth aspect of the embodiments of the present specification, there is provided a message processing apparatus applied to each switch chip of a shelf-based device switch chip sequence, including:
the message receiving module is used for receiving the target type message by the exchange chip;
the ACL matching module is used for judging whether the received message contains the matching characteristics of any ACL; the ACL is an ACL issued by the ACL issuing method according to the first aspect of the embodiment of the present specification;
and the message processing module is used for processing the message according to the strategy of the ACL if the matching characteristics of any ACL are included.
According to a fifth aspect of the embodiments of the present specification, there is provided a computer-readable storage medium on which a computer program is stored, the program, when executed by a processor, implementing the ACL delivery method according to the first aspect of the embodiments of the present specification.
According to a sixth aspect of the embodiments of the present specification, there is provided a master control board card, including:
one or more processors;
a memory for storing one or more programs;
when the one or more programs are executed by the one or more processors, the one or more processors implement the ACL delivery method according to the first aspect of the embodiment of the present specification.
In one or more embodiments of the present specification, a main control board of a frame device obtains an upper limit value for a target type message, and splits the upper limit value into N thresholds, and allocates each of the N thresholds to each of the N switching chips, so as to generate and issue one or two ACLs to each of the switching chips, where the ACLs enable any one of the switching chips to reach the threshold, and the target type message received by the switching chip can also be redirected to enable other switching chips that do not reach the threshold to accept the message, that is, after the message enters the device, only after all the switching chips in a sequence of the switching chips reach their respective thresholds, the message is discarded, so that the multiple switching chips share the upper limit value, and a better speed limiting effect is achieved.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the specification.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present specification and together with the description, serve to explain the principles of the specification.
Fig. 1 is a flowchart illustrating an ACL delivery method according to an exemplary embodiment of the present disclosure.
Fig. 2 is a flowchart illustrating a message processing method according to an exemplary embodiment of the present disclosure.
Fig. 3 is a schematic diagram of a packet forwarding path according to an exemplary embodiment of the present disclosure.
Fig. 4 is a block diagram of an ACL issuing apparatus according to an exemplary embodiment shown in this specification.
Fig. 5 is a block diagram of a message processing apparatus according to an example embodiment.
Fig. 6 is a hardware configuration diagram of a computer device in which an ACL issuing apparatus according to an exemplary embodiment is shown in this specification.
Detailed Description
The frame type device (also called frame type network device) is composed of a plurality of boards, is used for complex message processing or forwarding, and can be generally used as a server, a switch, a flow auditing device and the like. The board cards of the frame type device include various board cards, such as a main control board card, a switch board card, a service board card, and the like. The main control board card is used for managing the whole machine frame type equipment, the switch board card is used for forwarding the message, and the service board card is used for service processing of the message. The switching board card and the service board card are generally provided with switching chips, the switching chips are connected with interfaces on the board cards, and communication with other equipment or other board cards is realized through the connected interfaces. The interface on the board card is divided into an internal port and an external port (the external port is also called as a panel port), and the external port is connected with other external equipment to realize the communication between the equipment and the other external equipment; the internal port is connected with the channel (back plate or screen plate) between the boards, and the communication between the board card and other board cards is realized.
An Access Control List (ACL) is a traffic Access Control technology, and includes a plurality of specified matching conditions (generally, five-tuple of a message) and specified items for executing actions, and the specified items for executing actions can be processed for the message satisfying the matching conditions through a hardware ACL (also referred to as chip ACL) of a switch chip, and the message not conforming to any ACL matching condition received by the switch chip is normally accepted according to the function of the current board. In addition, the hardware ACL can also implement speed limitation, that is, limit the message amount (number or byte number) of the messages which meet the matching condition and are received in unit time, and the speed limitation of the hardware ACL is generally implemented by a token bucket mechanism. Specifically, a plurality of tokens are stored in the token bucket, the number of tokens in the token bucket is updated every fixed period, and the number of tokens in the token bucket after each update is the speed limit upper limit value in the ACL; when a target type message enters the exchange chip and is matched with an ACL with a speed-limiting action according to characteristics carried in the message, the exchange chip can go to a token bucket corresponding to the ACL to take out tokens with the same size or quantity as the message, under the condition that the tokens can be taken out, the exchange chip can mark the message as green in a storage space of the exchange chip, and under the condition that the tokens cannot be taken out, the exchange chip can mark the message as red in the storage space of the exchange chip. The message marked as green can be normally accepted by the exchange chip, and the message marked as red can be discarded, so that the speed limit of the exchange chip to the message of the target type is realized.
If the message volume of the target type message (message with specified characteristics) accepted by the whole machine frame type equipment in unit time is limited, the speed limiting method of the hardware ACL can be used for realizing the speed limiting. However, firstly, because the speed-limiting method of the hardware ACL is implemented by hardware, the plurality of switch chips are independent from each other, and the marks of red, green and the like are not marked on the message but recorded inside the switch chips, different switch chips cannot share the same token bucket; secondly, in an actual network environment, generally, more than one switching chip for receiving a target type message needs to be provided, and this need to be considered when speed limitation is performed through an ACL.
Under the condition that more than one switching chip receives a target type message, in order to implement speed limitation on the target type message through a hardware ACL, an ACL for the target type message is generally issued to all switching chip sets (referred to as switching chip sequences in this specification) receiving the target type message, so as to implement speed limitation on the target type message. Under the condition that the upper limit value of the speed limit of the frame type equipment set by a user for a target type message is X, an ACL with the speed limit threshold value of the target type message being X is generally issued for each switching chip in a switching chip sequence comprising N switching chips, or an ACL with the speed limit threshold value of the target type message being X/N is issued for each switching chip.
However, the issued ACLs may cause problems: if ACL with a speed limit threshold value of X for a target type message is issued for each exchange chip in the exchange chip sequence, the actually reached maximum speed limit upper limit value is X times of N times under the conditions that the message volume of the message is large and the message volumes received by a plurality of exchange chips are relatively average; if ACL aiming at the speed limit threshold value of the target type message is transmitted to each exchange chip in the exchange chip sequence, under the condition that the message quantity of the target type message received by a plurality of exchange chips is not balanced, the actually reached speed limit value is only X/N and is far smaller than X.
In the related art, in order to solve the above problem, a target type of packet may be input from an interface of the same switch chip as much as possible, but this method cannot be applied in a scenario where a speed limit policy needs to be dynamically configured, and when a speed limit policy needs to be configured for other target type of packet, the connection relationship between the interface and the upstream device may still need to be adjusted. In addition, load sharing can be set in the upstream equipment, so that message flows can enter from each exchange chip in a balanced manner as much as possible; however, this load sharing method generally only shares the load of all messages flowing to the frame-type device, but cannot share the load of the target-type message, which may cause the target-type message received by each switch chip in the final switch chip sequence to be unbalanced; it is also possible that the user of the frame device does not have an operation right, resulting in the user being unable to set load sharing for the upstream device.
It can be seen that, in the case that the number of switching chips in the switching chip sequence is greater than 1, an effective speed limiting method for a target type packet is lacking in the related art.
In one or more embodiments of the present specification, a main control board of a frame device obtains an upper limit value for a target type message, and splits the upper limit value into N thresholds, and allocates each of the N thresholds to each of the N switching chips, so as to generate and issue one or two ACLs to each of the switching chips, where the ACLs enable any one of the switching chips to reach the threshold, and the target type message received by the switching chip can also be redirected to enable other switching chips that do not reach the threshold to accept the message, that is, after the message enters the device, only after all the switching chips in a sequence of the switching chips reach their respective thresholds, the message is discarded, so that the multiple switching chips share the upper limit value, and a better speed limiting effect is achieved.
In addition, the time consumed by the message forwarding between the switching chips is in the nanosecond level, and even if the message needs to be forwarded for multiple times to obtain the token, the method can not cause time delay. And the update cycle of the token bucket is millisecond level, even if the message is forwarded for many times to take the token, the method can not cause the message discarded in the update cycle of the current token bucket to occupy the token in the update cycle of the next token bucket.
The following provides a detailed description of examples of the present specification.
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present specification. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the specification, as detailed in the appended claims.
The terminology used in the description herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the description. As used in this specification and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used herein to describe various information, these information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, the first information may also be referred to as second information, and similarly, the second information may also be referred to as first information, without departing from the scope of the present specification. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
The present specification discloses an ACL issuing method, wherein for any message with specified characteristics sent to a frame-type device, the frame-type device receives the target type message through an exchange chip in an exchange chip sequence; each switching chip in the switching chip sequence is positioned on a service board card or a switching board card of the machine frame type equipment; the exchange chip sequence comprises N exchange chips, wherein N is more than or equal to 2; the method is applied to the main control board card of the machine frame type equipment.
As shown in fig. 1, fig. 1 is a flowchart of an ACL issuing method according to an exemplary embodiment in this specification, including:
102, acquiring an upper limit value designated by a user; the upper limit value is used for limiting the upper limit of the message quantity of the message with the specified characteristics accepted by the frame type equipment in unit time.
The upper limit value specified by the user may be pre-stored in a storage medium of the frame-type device main control board card, or may be an upper limit value input by the user. When the frame-type device stores the corresponding relation between the target type message and the corresponding exchange chip sequence in advance, and when a user specifies, only the specified feature (generally, a specified quintuple) of the target type message and the upper limit value of the frame-type device for the target type message can be specified; when the frame type equipment does not pre-store the corresponding relation between the target type message and the corresponding exchange chip sequence, the user can specify the specified characteristics of the target type message, and the frame type equipment aims at the upper limit value of the target type message and the identification of each exchange chip in the exchange chip sequence; or, in order to accurately confirm the bandwidth sum of the interface receiving the target type message in the switch chip sequence, the user may also specify the specified characteristics of the target type message, the upper limit value of the machine frame device for the target type message, the identifier of each switch chip in the switch chip sequence, and the identifier of the external port through which each switch chip will flow the target type message. The user can input the designated characteristics of the target type message through a character string or select one of a plurality of optional messages; the user appoints the exchange chip identification, which can be the user inputs the exchange chip identification through the character string, or the user selects at least two from several selectable exchange chips; the user designates the external port identifier of each switch chip, which may be the user inputting the external port identifier of each switch chip through a character string, or the user selecting at least one of a plurality of selectable external ports.
The correspondence between the destination type packet and the corresponding switch chip sequence is generally obtained by the upstream device connected to each interface. In one scenario, the subrack device may be a server or a switch for leasing, and a leaser generally leases the bandwidth or processing capability of the subrack device by means of a leased interface, in other words, the IP address of the device connected to each interface is known, so that when defining a message with specified characteristics, the source of the message with the specified characteristics (typically five tuples) can be known according to the connection mode. In this case, the reason for limiting the speed may be that the operator of the subrack equipment needs to limit the bandwidth occupied by different renters according to the bandwidth fee paid by each renter.
In addition, for the interactive interface of the user and the machine frame type equipment, because the processing logics of the redirection action and the speed limit action are in conflict, the interactive interface does not allow the user to input the redirection action and the speed limit action aiming at the target type message at the same time, when the user inputs the message, only the upper limit value aiming at the speed limit of the target type message is input, and the process of generating the ACL with the redirection action is executed in the main control board card of the machine frame type equipment, and the generation and issuing process is invisible to the user, so that the method reduces the operation cost of the user.
And step 104, splitting the upper limit value into N threshold values and respectively allocating the N threshold values to each exchange chip in the exchange chip sequence.
When each split threshold is not greater than the total bandwidth of the interface for each switch chip to receive the target type packet, the split threshold may be obtained by splitting the upper limit value into N random values, or by equally dividing the upper limit value into N parts. In addition, in order to achieve a better speed limiting effect, the split threshold value may be a threshold value allocated to each switch chip according to a bandwidth proportion. Specifically, the step may be: determining the bandwidth sum of an external port for receiving a target type message in a switching chip sequence; for each switch chip in the sequence of switch chips: determining the bandwidth sum of an external port for receiving a target type message in the exchange chip; generating a threshold value allocated to the switching chip according to the determined bandwidth, the proportion of the bandwidth to the total bandwidth and an upper limit value designated by a user; the proportion of the threshold value corresponding to the switching chip occupying the upper limit value is the same as the determined proportion of the bandwidth of the switching chip and the sum of the occupied bandwidth.
In addition, the sequence of the switching chips in the switching chip sequence may be ordered according to the positions of the switching chips, for example, the switching chip numbered 1 in the board card slot 1 is the 1 st switching chip, the switching chip numbered 2 in the board card slot 2 is the 2 nd switching chip, the switching chip numbered 3 in the board card slot 2 is the 3 rd switching chip, and so on; or randomly generated ordering; in addition, in order to reduce the forwarding amount of message redirection as much as possible, the switching chips may be sorted from large to small according to a threshold, in other words, in the switching chip sequence, the threshold corresponding to the kth switching chip is not less than the threshold corresponding to the (k + 1) th switching chip, where k is 1, … … N-1.
106, sending an ACL to the 1 st exchange chip in the exchange chip sequence, wherein the matching condition of the ACL comprises that the message has specified characteristics; the actions performed by the ACL include: and for any matched message, if the message is accepted, the message volume of the accepted target type in unit time exceeds a corresponding threshold value, sending the message to the 2 nd switching chip for acceptance.
Next, steps 106 to 112 will be collectively described.
In this embodiment, the execution sequence of steps 106 to 112 is not limited, in other words, the ACL of the nth switching chip may be issued first, the ACL of the 1 st switching chip may be issued first, and the ACL of any one of the intermediate switching chips may be issued first. In addition, in this embodiment of the present specification, the issued ACL may be generated in advance before issuing, or may be generated before issuing, in other words, all ACLs may be generated uniformly first and then issued one by one to the switch chip, or the ACL of the 1 st switch chip may be generated when the ACL of the 1 st switch chip needs to be issued, which is not limited herein.
Under the condition that the ACLs of a plurality of switching chips cannot share one token bucket, in order to enable the plurality of switching chips to limit the speed of a target type message and enable the speed limit value to be as close to the upper limit value set by a user as possible, a circular matching idea is considered to be adopted, so that the message received by any switching chip can be accepted by other acceptable switching chips under the condition that the switching chip cannot accept the message, and the message received by the switching chip can be discarded only under the condition that the target type message accepted by all the switching chips reaches the threshold value. In addition, it is considered that the speed limit needs to be reached to discard the message exceeding the upper limit value of the speed limit, in other words, in the case that the target type message has already passed through all the switch chips and is not accepted, the message needs to be discarded.
According to the above consideration, in the embodiment of the present specification, the main control board issues a plurality of ACLs, so that the messages that are received by the 2 nd to nth switching chips through the external port and do not reach the target type of the token may be forwarded to the 1 st switching chip, the messages that are received by the 1 st switching chip and do not reach the target type of the token may be forwarded to the 2 nd switching chip, the messages that are received by the 2 nd switching chip through the internal port and do not reach the target type of the token may be forwarded to the 3 rd switching chip, and so on, the nth switching chip discards the messages that are received through the internal port and do not reach the target type of the token, so that the speed limit process of circular matching is implemented, and only if the messages of the target type do not reach the token in all switching chips in the sequence of the switching chips, the messages are discarded. In order to enable the speed limit value to be the upper limit value set by the user, aiming at any one switching chip with two ACLs aiming at the target type message, the two ACLs share the same token bucket. According to the above idea, the ACL issued in steps 106-112 are obtained.
In addition, in the method disclosed in the embodiment of the present specification, a better timeliness may be achieved, in other words, since the time consumed for forwarding the packet between the switch chips is nanosecond level, and the token bucket update cycle is millisecond level, even if the packet is forwarded for many times to take the token, the method does not cause the packet discarded in the update cycle of the current token bucket to occupy the token in the update cycle of the next token bucket. And the time consumed by the message forwarding between the switching chips is nanosecond, and even if the message needs to be forwarded for many times to get the token, the method can not cause time delay.
The process of sending a message to another switch chip for acceptance is referred to as redirection in this specification, and the redirection process needs to use a bus communication protocol, such as a HiGig protocol. The HiGig protocol is a protocol used for carrying additional information among a plurality of switch chips in the machine frame type equipment, a HiGig message header field only exists in the machine frame type equipment, and the HiGig message header is refilled every time the switch chips send messages to other switch chips. That is, the message received and sent from the external port by the switch chip does not carry the HiGig message header; the switching chip only has one HiGig message header in the message received from the internal port, and the HiGig message header filled by other switching chips passing through before the message is not carried. The process of redirecting the message through the HiGig protocol is that the exchange chip sending the message encapsulates the HiGig message head for the message, and then the message encapsulated with the HiGig head is sent out through the internal port of the exchange chip.
Further, in consideration of the fact that in practical applications, different devices are connected to each external port of the frame device, and the destinations to which each device can forward are different, therefore, a message entering from the 1 st switch chip may need to be output from interfaces of other switch chips, in other words, a received message of a target type may still be received by internal ports of other switch chips in a switch chip sequence, which may cause the messages to collide with redirected messages, resulting in secondary speed limit of the messages, and when the number of the messages is large, the speed limit value of the frame device may not reach the upper limit value set by the user.
In order to solve the above possible problems, in the embodiments of the present specification, a redirection flag is added to a redirected message so that the redirected message that is not accepted is distinguished from the accepted message. In order to realize the purpose, when the message is redirected for the first time, a redirection mark is added to the message; adding a matching condition with a redirection mark to the message in an ACL (access control list) of the message received through an internal port under the matching condition; in addition, for the 1 st switch chip, the ACL without the message interface in the original matching condition is split into the ACLs for the external port and the internal port. In addition, considering that the header of the HiGig packet is refilled every time the packet is forwarded by the switch chip, in this embodiment of the present specification, the ACL that sends the packet to other switch chips in all the execution actions needs to be added with the execution action that adds the redirection flag to the packet, rather than only adding the execution action that adds the redirection flag to the packet only to other ACLs of the jth switch chip and all ACLs of the first switch chip.
Specifically, the matching condition of the ACL issued to the 1 st switch chip in the switch chip sequence further includes that the message is received through an external port; the act of executing the ACL further includes: and for any matched message, if the message is accepted, the message volume of the accepted target type in unit time exceeds the corresponding threshold value, adding a redirection mark to the message. The method further comprises the following steps: issuing other ACLs to the 1 st exchange chip in the exchange chip sequence; the matching conditions of the other ACLs comprise that the message has the specified characteristics, the message is received through the internal port, and the message has a redirection mark; the actions performed by the other ACLs include: for any matched message, if the message is accepted to cause the message volume of the accepted target type in unit time to exceed the corresponding threshold value, adding a redirection mark for the message, and sending the message to the 2 nd switching chip for acceptance; the actions of executing the ACL respectively issued to the ith switching chip and the other ACLs respectively issued to the jth switching chip further include: for any matched message, if the message is accepted, the message volume of the accepted target type in unit time exceeds a corresponding threshold value, adding a redirection mark to the message; the matching conditions of the other ACLs respectively issued to the jth switching chip and the other ACLs issued to the nth switching chip further include: the message has a redirect token.
The redirection mark can be added to the header of the bus communication protocol, and when the bus communication protocol used is the HiGig protocol, it is considered that one byte of the HiGig protocol header is a custom field, so that the redirection mark is added to the message by modifying the custom field to a specified value, for example, a custom byte of 1 indicates that the message has the redirection mark and is a redirected message, and a custom byte of 0 indicates that the message is a received message (the custom field of the HiGig message is generally defaulted to 0), so that the two messages can be distinguished, and a better speed limit effect is achieved. In other words, the message having the redirection flag specifically includes: the custom field of the HiGig head field of the message is a designated value.
In addition, for the messages that receive tokens, that is, the messages that do not exceed the threshold of the switch chip for the target type message, the switch chip needs to accept the messages that receive tokens normally. Specifically, the executing action of any issued ACL entry further includes: and for any matched message, if the message is accepted, the message is accepted if the message does not cause the message volume of the accepted target type in unit time to exceed the corresponding threshold value.
As shown in fig. 2, fig. 2 is a diagram illustrating the present description according to an exemplary embodiment: a flow chart of a message processing method is applied to each switching chip of a frame type equipment switching chip sequence, and comprises the following steps:
And step 206, if the matching characteristics of any ACL are included, processing the message according to the strategy of the ACL.
After receiving the message, the switch chip firstly needs to be processed by the VLAN module (check whether the VLAN ID in the VLAN label carried by the message belongs to the VLAN range of the input interface); searching matched table items through an MAC address table, searching a two-layer outlet, and marking a two-layer outlet ID on the message; if the two-layer table item prompts that a three-layer table item needs to be searched, searching a three-layer outlet through the three-layer table item (ARP table, host table, route table and the like), and marking information such as matched ARP table item IDs and the like on the message; whether the messages matched with the two-layer table items or the three-layer table items are sent to an ACL module for matching, if a certain ACL table item is matched, an execution action is marked on the message; performing execution actions (packet loss, packet change, forwarding, etc.); the messages which are not discarded are processed by the packet sending module and sent out from the designated output interface.
Through the above method, the effect shown in fig. 3 is finally achieved, wherein the solid line in fig. 3 represents the message sent by other devices outside the frame device, and the dotted line is a possible forwarding direction of the target type message when the rate-limiting ACL is matched and the token is not received. By the method disclosed by the embodiment of the specification, under the condition that any exchange chip cannot accept the target type message, when the target type message received by the machine frame type equipment does not reach the upper limit value set by a user, other exchange chips with tokens aiming at the target type message can accept the message; meanwhile, the message can be discarded only under the condition that all the exchange chips in the exchange chip sequence cannot accept the message. Thus, a better speed limiting effect is achieved.
The method disclosed in the present specification will be described below by way of an example.
For a specified quintuple message (target type message), a user sets a speed limit upper limit value of 93Mbps for the target type message, and in a switching chip sequence for receiving the target type message, the switching chip sequence comprises three switching chips, slot numbers of the three switching chips are 1, 2 and 3 respectively, wherein a port 0 of the switching chip with the slot number of 1 receives the target type message, ports 0 and 1 of the switching chip with the slot number of 2 receive the target type message, and ports 0 and 1 of the switching chip with the slot number of 3 receive the target type message, in other words, external ports for receiving the target type message are respectively: eth1_0, eth2_0, eth2_1, eth3_0, eth3_1 (the first digit in the interface name represents the slot number, the second digit represents the interface number), wherein the bandwidth of eth1_0 is 40Gbps, the bandwidth of eth2_0, the bandwidth of eth2_1 is 10Gbps, and the bandwidth of eth3_0 and the bandwidth of eth3_1 is 1 Gbps.
According to the initial value, the main control board calculates to obtain the corresponding threshold values of the three switching chips, namely 60Mbps, 30Mbps and 3Mbps, and sorts the three switching chips according to the threshold values, wherein the 1 st switching chip is a switching chip with the slot position number of 1, the 2 nd switching chip is a switching chip with the slot position number of 2, the third switching chip is a switching chip with the slot position number of 3, and then the ACL table entries shown in Table 1 are generated and issued. Wherein. A1 is an ACL issued to the 1 st switch chip, A1' is another ACL issued to the 1 st switch chip; similarly, a2 is an ACL issued to the 2 nd switch chip, and a2' is another ACL issued to the 2 nd switch chip; a3 is the ACL issued to the 3 rd switch chip, and A3' is the other ACLs issued to the 3 rd switch chip. The specific matching conditions and execution actions for each ACL are as follows. When configuring an ACL, a user may configure actions such as a statistical action, a Media Access Control Address (MAC) Address for modifying a message and/or a Virtual Local Area Network (VLAN) tag for modifying the message for the ACL, where the "system addition execution action" in the following table refers to an execution action that the system needs to add in addition to the user addition action; that is, the execution actions of the ACL include the execution actions added by the user in addition to the actions in the following table.
TABLE 1
The speed limiting effect realized by the switching chip according to the ACL is as follows: if a 50Mbps target type message is input from eth2_0, the 2 nd switch chip will match the table entry a2 according to the information and matching conditions carried in the message, and will accept the 30Mbps message according to the threshold and execution action of a2, that is, the message will be forwarded normally, while the other 20Mbps message cannot lead the token and will be marked red, and the 20Mbps red message that cannot lead the token will be redirected to the internal port of the 1 st switch chip after being added with a redirection marker (i.e., red redirection). After the internal port of the 1 st switch chip receives the 20Mbps message, the switch chip matches the table entry A1 'according to the information and matching conditions carried in the message, and the 20Mbps message is accepted according to the threshold and execution action of A1' under the condition that the 1 st switch chip does not receive other messages.
Assuming that 92Mbps target type messages are input from eth2_0 and eth2_1, after the 2 nd switch chip receives the messages, the messages are matched with the table entry A2 according to the information and matching conditions carried in the messages, and according to the threshold value and execution action of A2, the 30Mbps messages are accepted, namely the messages are forwarded normally, but 62Mbps cannot lead the token, the messages are marked in red, and the messages are redirected to the internal port of the 1 st switch chip. After the internal port of the 1 st switch chip receives the 62Mbps message, the switch chip matches the table entry a1 'according to the information and matching conditions carried in the message, and accepts the 60Mbps message according to the threshold and execution action of a1' when the 1 st switch chip does not receive other messages, and the rest 2Mbps messages are marked red and redirected to the internal port of the 2 nd switch chip. After the internal port of the 2 nd switching chip receives the 2Mbps message, the switching chip matches the table entry A2' according to the matching condition of the information carried in the message and the ACL, because the speed limiter of A2' is exhausted and no token exists, the 2Mbps message is marked red according to the execution action of A2', and is redirected to the internal port of the 3 rd switching chip. After receiving the message, the internal port of the 3 rd switch chip matches the table entry a3' according to the matching condition of the ACL and the information carried in the message, and since the 3 rd switch chip does not receive messages of other target types, the 2Mbps message is accepted by the 3 rd switch chip. It can be seen that, in the embodiments disclosed in this specification, even if the target type packets flow into each switch chip unevenly, as long as the total flow of the target type packets does not exceed the upper limit of the speed limit, the target type packets can be forwarded out normally.
Supposing that target type messages with 100Mbps and 5Mbps are respectively input from eth2_0 and eth3_0, after the 2 nd switching chip and the 3 rd switching chip receive the messages, the messages are respectively matched with table items A2 and A3 according to information carried in the messages and matching conditions of respective ACLs, according to respective thresholds and execution actions of the two, the 2 nd switching chip accepts 30Mbps messages, and the remaining 70Mbps messages are marked in red and are redirected to the 1 st switching chip; the 3 rd exchange chip will accept the 3Mbps message, and the rest 2Mbps message is marked as red and redirected to the first exchange chip. Then, the lower 1 switch chip receives the total 72Mbps message through the internal port, matches the message to the table entry a1 'according to the matching condition of the information and ACL carried in the message, accepts the 60Mbps message according to the threshold and the execution action of a1', marks the remaining 12Mbps message as red, and redirects to the 2 nd switch chip. After the 2 nd switching chip receives the messages, the messages are matched to the table entry A2', the speed limiter of the messages is exhausted, the 12Mbps messages cannot receive the token, the messages are marked to be red, and the messages are redirected to the 3 rd switching chip. Similarly, the 12Mbps message is matched with the table entry a3', the speed limiter is also exhausted, the 12Mbps message cannot receive the token, is marked red and is discarded, and finally the target type message forwarded by the device is 93 Mbps. Therefore, by the method disclosed in the embodiment of the specification, the received target type message can be discarded only when all the switch chips in the switch chip sequence cannot accept the target type message; by the method, a good speed limiting effect is achieved.
Corresponding to the embodiment of the method, the present specification also provides an embodiment of an ACL issuing device and a terminal applied thereto.
As shown in fig. 4, fig. 4 is a block diagram of an ACL issuing apparatus according to an exemplary embodiment shown in this specification, where for any message with a specific feature sent to a frame device, the frame device receives the target type message through a switch chip in a sequence of switch chips; each switching chip in the switching chip sequence is positioned on a service board card or a switching board card of the machine frame type equipment; the exchange chip sequence comprises N exchange chips, wherein N is more than or equal to 2.
The device is applied to the master control integrated circuit board of frame equipment includes:
an upper limit value obtaining module 410, configured to obtain an upper limit value specified by a user; the upper limit value is used for limiting the upper limit of the message quantity of the message with the specified characteristics accepted by the frame type equipment in unit time.
A threshold splitting module 420, configured to split the upper limit value into N thresholds and respectively allocate the thresholds to each switch chip in the sequence of switch chips.
An ACL issuing module 430, configured to issue an ACL to the 1 st exchange chip in the exchange chip sequence, where a matching condition of the ACL includes that a message has a specified feature; the actions performed by the ACL include: for any matched message, if the message is accepted to cause the message amount of the accepted target type in unit time to exceed the corresponding threshold value, sending the message to the 2 nd switching chip for acceptance; sending ACL to the ith exchange chip, wherein i is 2, … and N; the matching condition of the ACL comprises that the message has the specified characteristic and the message is received through an external port; the actions performed by the ACL include: for any matched message, if the message is accepted to cause the message amount of the accepted target type in unit time to exceed the corresponding threshold value, sending the message to the 1 st switching chip for acceptance; respectively issuing other ACLs to the jth exchange chip, wherein j is 2, … and N-1; the matching conditions of the other ACLs comprise that the message has the specified characteristics and the message is received through the internal port; the actions performed by the other ACLs include: for any matched message, if the message is accepted to cause the message amount of the accepted target type in unit time to exceed the corresponding threshold value, sending the message to the (j + 1) th exchange chip for acceptance; issuing other ACLs to the Nth exchange chip; the matching conditions of the other ACLs comprise that the message has the specified characteristics and the message is received through the internal port; the actions performed by the other ACLs include: and for any matched message, if the message is accepted, the message volume of the accepted target type in unit time exceeds the corresponding threshold value, and the message is discarded.
As shown in fig. 5, fig. 5 is a block diagram of a message processing apparatus according to an exemplary embodiment, which is applied to each switch chip of a switch chip sequence of a frame device, and includes:
a message receiving module 510, configured to receive the target type message by the switch chip.
An ACL matching module 520, configured to determine whether a received packet includes a matching feature of any ACL; the ACL is an ACL issued by the ACL issuing method according to the first aspect of the embodiment of the present specification.
And a message processing module 530, configured to process the message according to the policy of any ACL if the matching feature of the ACL is included.
The implementation process of the functions and actions of each module in the above device is specifically described in the implementation process of the corresponding step in the above method, and is not described herein again.
For the device embodiments, since they substantially correspond to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus are merely illustrative, wherein the modules described as separate parts may or may not be physically separate, and the parts displayed as modules may or may not be physical modules, may be located in one place, or may be distributed on a plurality of network modules. Some or all of the modules can be selected according to actual needs to achieve the purpose of the solution in the specification. One of ordinary skill in the art can understand and implement it without inventive effort.
As shown in fig. 6, fig. 6 is a hardware structure diagram of a computer device in which an ACL issuing apparatus according to an embodiment is located, where the hardware structure diagram may include: a processor 1010, a memory 1020, an input/output interface 1030, a communication interface 1040, and a bus 1050. Wherein the processor 1010, memory 1020, input/output interface 1030, and communication interface 1040 are communicatively coupled to each other within the device via bus 1050.
The processor 1010 may be implemented by a general-purpose CPU (Central Processing Unit), a microprocessor, an Application Specific Integrated Circuit (ASIC), or one or more Integrated circuits, and is configured to execute related programs to implement the technical solutions provided in the embodiments of the present disclosure.
The Memory 1020 may be implemented in the form of a ROM (Read Only Memory), a RAM (Random Access Memory), a static storage device, a dynamic storage device, or the like. The memory 1020 may store an operating system and other application programs, and when the technical solution provided by the embodiments of the present specification is implemented by software or firmware, the relevant program codes are stored in the memory 1020 and called to be executed by the processor 1010.
The input/output interface 1030 is used for connecting an input/output module to input and output information. The i/o module may be configured as a component in a device (not shown) or may be external to the device to provide a corresponding function. The input devices may include a keyboard, a mouse, a touch screen, a microphone, various sensors, etc., and the output devices may include a display, a speaker, a vibrator, an indicator light, etc.
The communication interface 1040 is used for connecting a communication module (not shown in the drawings) to implement communication interaction between the present apparatus and other apparatuses. The communication module can realize communication in a wired mode (such as USB, network cable and the like) and also can realize communication in a wireless mode (such as mobile network, WIFI, Bluetooth and the like).
It should be noted that although the above-mentioned device only shows the processor 1010, the memory 1020, the input/output interface 1030, the communication interface 1040 and the bus 1050, in a specific implementation, the device may also include other components necessary for normal operation. In addition, those skilled in the art will appreciate that the above-described apparatus may also include only those components necessary to implement the embodiments of the present description, and not necessarily all of the components shown in the figures.
The embodiments of the present specification further provide a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the ACL issuing method according to the first aspect of the embodiments of the present specification.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
Other embodiments of the present description will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This specification is intended to cover any variations, uses, or adaptations of the specification following, in general, the principles of the specification and including such departures from the present disclosure as come within known or customary practice within the art to which the specification pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the specification being indicated by the following claims.
It will be understood that the present description is not limited to the precise arrangements described above and shown in the drawings, and that various modifications and changes may be made without departing from the scope thereof. The scope of the present description is limited only by the appended claims.
The above description is only a preferred embodiment of the present disclosure, and should not be taken as limiting the present disclosure, and any modifications, equivalents, improvements, etc. made within the spirit and principle of the present disclosure should be included in the scope of the present disclosure.
Claims (10)
1. An ACL issuing method is characterized in that for any target type message sent to a frame-type device, the frame-type device receives the target type message through an exchange chip in an exchange chip sequence, and the target type message is a message with specified characteristics; each switching chip in the switching chip sequence is positioned on a service board card or a switching board card of the machine frame type equipment; the exchange chip sequence comprises N exchange chips, wherein N is more than or equal to 2;
the method is applied to the main control board card of the machine frame type equipment, and comprises the following steps:
acquiring an upper limit value designated by a user; the upper limit value is used for limiting the upper limit of the message quantity of the message with the specified characteristics accepted by the frame type equipment in unit time;
splitting the upper limit value into N threshold values and respectively distributing the N threshold values to each exchange chip in the exchange chip sequence; wherein the sum of the N thresholds is the upper limit value;
issuing a first ACL to a1 st exchange chip in the exchange chip sequence, wherein the matching condition of the first ACL comprises that the message has specified characteristics; the act of executing the first ACL includes: for any matched message, if the message is accepted to cause the message amount of the accepted target type in unit time to exceed the corresponding threshold value, sending the message to the 2 nd switching chip for acceptance;
respectively issuing a second ACL to the ith exchange chip, wherein i is 2, … and N; the matching condition of the second ACL comprises that the message has the specified characteristic and the message is received through an external port; the executing action of the second ACL includes: for any matched message, if the message is accepted to cause the message amount of the accepted target type in unit time to exceed the corresponding threshold value, sending the message to the 1 st switching chip for acceptance;
respectively issuing a third ACL to a jth switching chip, wherein j is 2, … and N-1; the matching condition of the third ACL comprises that the message has the specified characteristic and the message is received through the internal port; the act of executing the third ACL includes: for any matched message, if the message is accepted to cause the message amount of the accepted target type in unit time to exceed the corresponding threshold value, sending the message to the (j + 1) th exchange chip for acceptance;
issuing a fourth ACL to the Nth exchange chip; the matching condition of the fourth ACL includes that the message has the specified characteristic, and receive the message through the internal port; the executing action of the fourth ACL includes: and for any matched message, if the message is accepted, the message volume of the accepted target type in unit time exceeds the corresponding threshold value, and the message is discarded.
2. The method of claim 1, wherein splitting the upper bound into N thresholds and assigning each threshold to each switch chip in the sequence of switch chips comprises:
determining the bandwidth sum of an external port for receiving a target type message in a switching chip sequence;
for each switch chip in the sequence of switch chips: determining the bandwidth sum of an external port for receiving a target type message in the exchange chip; generating a threshold value allocated to the switching chip according to the determined bandwidth, the proportion of the bandwidth to the total bandwidth and an upper limit value designated by a user; the proportion of the threshold value corresponding to the switching chip occupying the upper limit value is the same as the determined proportion of the bandwidth of the switching chip and the sum of the occupied bandwidth.
3. The method of claim 1, wherein in the sequence of switching chips, the threshold corresponding to the kth switching chip is not less than the threshold corresponding to the (k + 1) th switching chip, where k is 1, … … N-1.
4. The method of claim 1, wherein the matching condition of the first ACL issued to the 1 st switch chip in the sequence of switch chips further comprises receiving the message through an external port; the act of executing the first ACL further includes: for any matched message, if the message is accepted, the message volume of the accepted target type in unit time exceeds a corresponding threshold value, adding a redirection mark to the message;
the method further comprises the following steps:
issuing a fifth ACL to a1 st exchange chip in the exchange chip sequence; the matching condition of the fifth ACL includes that the message has the specified characteristic, the message is received through the internal port, and the message has the redirection mark; the executing act of the fifth ACL includes: for any matched message, if the message is accepted to cause the message volume of the accepted target type in unit time to exceed the corresponding threshold value, adding a redirection mark for the message, and sending the message to the 2 nd switching chip for acceptance;
the execution actions of the second ACL respectively issued to the ith switching chip and the third ACL respectively issued to the jth switching chip further include: for any matched message, if the message is accepted, the message volume of the accepted target type in unit time exceeds a corresponding threshold value, adding a redirection mark to the message;
the matching conditions of the third ACL issued to the jth switching chip and the fourth ACL issued to the nth switching chip further include: the message has a redirect token.
5. The method of claim 4, wherein the message having the redirection flag specifically comprises:
the custom field of the HiGig head field of the message is a designated value.
6. The method of claim 1, wherein the act of performing for any issued ACL entry further comprises:
and for any matched message, if the message is accepted, the message is accepted if the message does not cause the message volume of the accepted target type in unit time to exceed the corresponding threshold value.
7. A message processing method, applied to each switch chip of a switch chip sequence of a frame-type device, the method comprising:
the exchange chip receives the target type message;
judging whether the received message contains the matching characteristics of any ACL; the ACL is issued by the ACL issuing method in any one of claims 1 to 6;
and if the matched characteristic of any ACL is included, processing the message according to the strategy of the ACL.
8. An ACL issuing device is characterized in that for any target type message sent to a frame type device, the frame type device receives the target type message through an exchange chip in an exchange chip sequence, and the target type message is a message with specified characteristics; each switching chip in the switching chip sequence is positioned on a service board card or a switching board card of the machine frame type equipment; the exchange chip sequence comprises N exchange chips, wherein N is more than or equal to 2;
the device is applied to the master control integrated circuit board of frame equipment includes:
the upper limit value acquisition module is used for acquiring an upper limit value designated by a user; the upper limit value is used for limiting the upper limit of the message quantity of the message with the specified characteristics accepted by the frame type equipment in unit time;
a threshold splitting module, configured to split the upper limit value into N thresholds and allocate the thresholds to each switch chip in the sequence of switch chips respectively; wherein the sum of the N thresholds is the upper limit value;
the ACL issuing module is used for issuing a first ACL to the 1 st exchange chip in the exchange chip sequence, and the matching condition of the first ACL comprises that the message has specified characteristics; the act of executing the first ACL includes: for any matched message, if the message is accepted to cause the message amount of the accepted target type in unit time to exceed the corresponding threshold value, sending the message to the 2 nd switching chip for acceptance; respectively issuing a second ACL to the ith exchange chip, wherein i is 2, … and N; the matching condition of the second ACL comprises that the message has the specified characteristic and the message is received through an external port; the executing action of the second ACL includes: for any matched message, if the message is accepted to cause the message amount of the accepted target type in unit time to exceed the corresponding threshold value, sending the message to the 1 st switching chip for acceptance; respectively issuing a third ACL to a jth switching chip, wherein j is 2, … and N-1; the matching condition of the third ACL comprises that the message has the specified characteristic and the message is received through the internal port; the act of executing the third ACL includes: for any matched message, if the message is accepted to cause the message amount of the accepted target type in unit time to exceed the corresponding threshold value, sending the message to the (j + 1) th exchange chip for acceptance; issuing a fourth ACL to the Nth exchange chip; the matching condition of the fourth ACL includes that the message has the specified characteristic, and receive the message through the internal port; the executing action of the fourth ACL includes: and for any matched message, if the message is accepted, the message volume of the accepted target type in unit time exceeds the corresponding threshold value, and the message is discarded.
9. A computer-readable storage medium on which a computer program is stored, which when executed by a processor implements the ACL issuing method according to any one of claims 1 to 6.
10. The utility model provides a master control integrated circuit board, its characterized in that, master control integrated circuit board includes:
one or more processors;
a memory for storing one or more programs;
when the one or more programs are executed by the one or more processors, the one or more processors are caused to implement the ACL delivery method according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110343311.8A CN113114579B (en) | 2021-03-30 | 2021-03-30 | ACL issuing method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110343311.8A CN113114579B (en) | 2021-03-30 | 2021-03-30 | ACL issuing method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113114579A CN113114579A (en) | 2021-07-13 |
| CN113114579B true CN113114579B (en) | 2022-03-25 |
Family
ID=76712880
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110343311.8A Active CN113114579B (en) | 2021-03-30 | 2021-03-30 | ACL issuing method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113114579B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114189484B (en) * | 2021-12-28 | 2023-10-27 | 杭州迪普科技股份有限公司 | Method and device for forwarding message internally |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN201563132U (en) * | 2009-07-03 | 2010-08-25 | 北京星网锐捷网络技术有限公司 | Network bandwidth control device and a router |
| CN102857510A (en) * | 2012-09-18 | 2013-01-02 | 杭州华三通信技术有限公司 | Method and device for issuing ACL (access control list) items |
| WO2016058292A1 (en) * | 2014-10-17 | 2016-04-21 | 中兴通讯股份有限公司 | Service data flow sending and forwarding method and apparatus |
| CN108632176A (en) * | 2018-04-28 | 2018-10-09 | 新华三技术有限公司 | Pile system, PE equipment and message forwarding method |
| CN109067585A (en) * | 2018-08-15 | 2018-12-21 | 杭州迪普科技股份有限公司 | A kind of inquiry ACL table item delivery method and device |
| CN110855685A (en) * | 2019-11-18 | 2020-02-28 | 苏州盛科科技有限公司 | Method and device for realizing CoPP (co-polypropylene) by multiple Slice exchange chips |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103209141A (en) * | 2012-01-17 | 2013-07-17 | 中兴通讯股份有限公司 | Method for processing data messages with switching chip and switching chip |
| CN106789759B (en) * | 2016-12-19 | 2019-12-10 | 迈普通信技术股份有限公司 | Message uploading method and exchange chip |
| CN108234318B (en) * | 2018-03-20 | 2021-01-01 | 新华三技术有限公司 | Method and device for selecting message forwarding tunnel |
| US20190044873A1 (en) * | 2018-06-29 | 2019-02-07 | Intel Corporation | Method of packet processing using packet filter rules |
-
2021
- 2021-03-30 CN CN202110343311.8A patent/CN113114579B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN201563132U (en) * | 2009-07-03 | 2010-08-25 | 北京星网锐捷网络技术有限公司 | Network bandwidth control device and a router |
| CN102857510A (en) * | 2012-09-18 | 2013-01-02 | 杭州华三通信技术有限公司 | Method and device for issuing ACL (access control list) items |
| WO2016058292A1 (en) * | 2014-10-17 | 2016-04-21 | 中兴通讯股份有限公司 | Service data flow sending and forwarding method and apparatus |
| CN108632176A (en) * | 2018-04-28 | 2018-10-09 | 新华三技术有限公司 | Pile system, PE equipment and message forwarding method |
| CN109067585A (en) * | 2018-08-15 | 2018-12-21 | 杭州迪普科技股份有限公司 | A kind of inquiry ACL table item delivery method and device |
| CN110855685A (en) * | 2019-11-18 | 2020-02-28 | 苏州盛科科技有限公司 | Method and device for realizing CoPP (co-polypropylene) by multiple Slice exchange chips |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113114579A (en) | 2021-07-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR102579059B1 (en) | Packet processing methods and devices, devices, and systems | |
| CN106998302B (en) | Service flow distribution method and device | |
| US8855116B2 (en) | Virtual local area network state processing in a layer 2 ethernet switch | |
| US7292589B2 (en) | Flow based dynamic load balancing for cost effective switching systems | |
| US9270601B2 (en) | Path resolution for hierarchical load distribution | |
| US8630171B2 (en) | Policing virtual connections | |
| CN109547343B (en) | Traffic scheduling method and system | |
| JP2002300197A (en) | Method and device for setting priority | |
| CN106453138B (en) | Message processing method and device | |
| CN104780103B (en) | Message forwarding method and device | |
| CN109873776B (en) | Multicast message load sharing balancing method and device | |
| US20200162422A1 (en) | Separating cgn forwarding and control | |
| CN105122747A (en) | Control device and control method in software defined network (sdn) | |
| CN112585914A (en) | Message forwarding method and device and electronic equipment | |
| CN110138610A (en) | A kind of sending method and device of service message | |
| CN113114579B (en) | ACL issuing method and device | |
| CN112600684A (en) | Bandwidth management and configuration method of cloud service and related device | |
| US20060007937A1 (en) | System and method for provisioning a quality of service within a switch fabric | |
| CA2963243C (en) | Allocating capacity of a network connection to data streams based on type | |
| CN109922003A (en) | A kind of data transmission method for uplink, system and associated component | |
| US20060187965A1 (en) | Creating an IP checksum in a pipeline architecture with packet modification | |
| US20060120381A1 (en) | Packet processing apparatus for realizing wire-speed, and method thereof | |
| CN106789671B (en) | Service message forwarding method and device | |
| US11870707B2 (en) | Bandwidth management and configuration method for cloud service, and related apparatus | |
| CN109005122A (en) | File transmitting method, device and the network equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |