CN113765798A - QoS method, device, computer equipment and medium using external filter - Google Patents
QoS method, device, computer equipment and medium using external filter Download PDFInfo
- Publication number
- CN113765798A CN113765798A CN202111317762.0A CN202111317762A CN113765798A CN 113765798 A CN113765798 A CN 113765798A CN 202111317762 A CN202111317762 A CN 202111317762A CN 113765798 A CN113765798 A CN 113765798A
- Authority
- CN
- China
- Prior art keywords
- interface
- routing table
- message
- flow
- qos
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/302—Route determination based on requested QoS
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/24—Traffic characterised by specific attributes, e.g. priority or QoS
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
Abstract
The method comprises the steps of configuring a routing table and a flow table, placing a three-layer interconnection interface in the routing table according to the configured routing table and the flow table, and matching a two-layer gateway interface to the routing table for processing through the flow table; and forwarding the internal flow passing through the three-layer interconnection interface or the two-layer gateway interface to an external filter according to a QoS rule. All internal flows are forwarded to the public network gateway, all the internal flows are forwarded to an external firewall filter, are uniformly filtered through a firewall and then are returned to the public network gateway and the QoS equipment, all the internal flows pass through the external firewall, and the method of passing through the flow table and the routing table is high in performance and flexible in expansion.
Description
Technical Field
The present application relates to the field of communications technologies, and in particular, to a QoS method and apparatus using an external filter, a computer device, and a medium.
Background
The popularization of the internet and the wave of cloud computing make people increasingly unable to leave the network environment. With the rapid development of the mobile internet, various applications and services are layered endlessly, application developers, service providers and the like need to implement their projects or products rapidly, and generally need to arrange themselves or rent server equipment and also need to build a complex network by themselves in the conventional IDC data center, which necessarily requires a lot of time and is very error-prone and also not easy to expand and implement disaster-tolerant.
Cloud service of a traditional enterprise is trending, but the difficulty of migrating all original services to the cloud within a short time is high, so that the situation that the traditional services and the cloud services are kept by the enterprise within a certain time at the same time is common, and a cloud provider needs to provide cloud service traffic and also needs a traditional traffic processing method.
Quality of Service, Chinese name "Quality of Service". QoS is a security mechanism for networks, and is a technique for solving the problems of network delay and congestion. Today's routers typically support QoS. As a general requirement of the cloud network era, a QoS method generally deploys QoS devices (devices supporting QoS functions) at an entrance and an exit of a cloud complete solution to perform policy speed limitation on traffic, and the like. When the private cloud is provided for a client as a complete set of solution, the client usually needs to arrange a firewall on the whole system to serve as a filtering function of a main access, internal and external flows of the internet can pass through the firewall, and the key is that the flow of mutual access between internal virtual machines can be directly routed and rotated on QoS equipment, so that how to enable the internal flow to pass through the external firewall first becomes a key point of the private cloud solution.
At present, there is no general method for externally arranging a filter on a QoS device, wherein one method is to forward all traffic entering the QoS device to the filter, but this method does not follow a standard traffic processing method, so it is not beneficial to the expansion of the system and flexible processing when the traffic changes.
Disclosure of Invention
The present application aims to provide a QoS method, apparatus, computer device and medium using an external filter, so as to solve the problem that the current flows entering the QoS device are all forwarded to the filter, and a standard-compliant flow processing method is not available, which is not conducive to system expansion and flexible processing during service change.
In order to solve the above technical problem, the present application provides a QoS method using an external filter based on a routing table and a flow table, which adopts the following technical solutions:
the method comprises the following steps:
configuring a routing table and a flow table, placing a three-layer interconnection interface in the routing table according to the configured routing table and the flow table, and matching a two-layer gateway interface to the routing table for processing through the flow table;
and forwarding the internal flow passing through the three-layer interconnection interface or the two-layer gateway interface to an external filter according to a QoS rule.
Further, the step of configuring the routing table and the flow table further includes:
configuring at least one in2out interface and one out2in interface for the QoS device, establishing a first routing table vrf0 and a second routing table vrf1, configuring the in2out interface in the second routing table vrf1, and configuring the out2in interface in the first routing table vrf 0;
adding a default route in the second routing table vrf1, sending out a next hop as a public network gateway through an out2in interface, adding a 32-bit EIP backhaul route in the first routing table vrf0, and sending out the route through an in2out interface;
creating a loopback interface loopback, and configuring a gateway address of a corresponding network segment on the loopback interface;
the loopback interface loopback is bridged with the in2out interface through a Virtual Local Area Network (VLAN);
creating a first flow table, matching the IP message, and setting the routing table of the IP message as a second routing table vrf 1;
creating a second flow table, matching the source IP of the IP message, and finding a corresponding QoS rule for speed limiting;
establishing a third flow table, matching the target IP of the IP message, and finding a corresponding QoS rule for speed limiting;
the second flow table is applied to the in2out interface, the first and second flow tables are applied to the ring interface loopback, and the third flow table is applied to the out2in interface.
Further, according to the configured routing table and the flow table, the step of placing the three-layer interconnection interface in the routing table, and matching the two-layer gateway interface to the routing table for processing through the flow table specifically includes:
and establishing a mapping relation between the routing table and the three-layer interconnection interface and the two-layer gateway interface.
Further, the step of forwarding the internal traffic passing through the three-layer interconnection interface or the two-layer gateway interface to the external filter according to the QoS rule specifically includes:
the message is sent to a virtual machine VM gateway net/len gw by an internal virtual machine VM directly interconnected with a QoS device in a two-layer mode;
the message enters from the in2out interface and is sent to the loopback interface loopback through the virtual local area network vlan;
the loopback interface loopback matches the first flow table, and sets the routing table of the message as a second routing table vrf 1;
the message is matched with the second flow table, and the speed is limited according to the QoS rule;
searching a second routing table vrf1 for the message allowing passing, matching the second routing table to a default route, and sending the message to the public network gateway through an out2in interface;
the public network gateway sends the message to a filter for strategy filtering;
the message allowing the passing is sent back to the public network gateway by the firewall;
the public network gateway sends the message back to the out2in interface;
the out2in interface is matched with the third flow table, and the speed is limited according to the QoS rule;
searching a first routing table vrf0 for the message allowed to pass, and matching the first routing table to a backhaul route, wherein a sending port of the backhaul route is a backhaul interface;
the message is sent out through a backhaul interface loopback, and the message is sent to the corresponding virtual machine VM through the in2out interface through the virtual local area network vlan.
Further, the step of forwarding the internal traffic passing through the three-layer interconnection interface or the two-layer gateway interface to the external filter according to the QoS rule further includes:
a message sent by the virtual machine is routed to an in2out interface of the QoS equipment through the router;
the In2out interface is matched with the second flow table, and speed limit processing is carried out according to the QoS rule;
searching a second routing table vrf1 for the allowed message, matching the allowed message to a default route, and sending the message to a public network gateway through an out2in interface;
the public network gateway sends the message to a filter for strategy filtering;
the message allowing the passing is sent back to the public network gateway by the firewall;
the public network gateway sends the message to an out2in interface;
the out2in interface is matched with the third flow table, and speed limit processing is carried out according to the QoS rule;
the allowed message looks up the first routing table vrf0, matches to the backhaul route, and sends the message to the corresponding virtual machine VM through the in2out interface.
Further, after the step of forwarding the internal traffic passing through the three-layer interconnection interface or the two-layer gateway interface to the external filter according to the QoS rule, the method further includes:
and storing the network flow information filtered by the internal flow passing through the three-layer interconnection interface or the two-layer gateway interface into a block chain according to a QoS rule.
In order to solve the above technical problem, the present application further provides a QoS device using an external filter based on a routing table and a flow table, which adopts the following technical solution, including:
the configuration module is used for configuring a routing table and a flow table, placing a three-layer interconnection interface in the routing table according to the configured routing table and the flow table, and matching a two-layer gateway interface to the routing table for processing through the flow table;
and the forwarding module is used for forwarding the internal flow passing through the three-layer interconnection interface or the two-layer gateway interface to the external filter according to the QoS rule.
Further, the configuration module includes:
an interface and routing table configuring module, configured to configure at least one in2out interface and one out2in interface for the QoS device, establish a first routing table vrf0 and a second routing table vrf1, configure the in2out interface in the second routing table vrf1, configure the out2in interface in the first routing table vrf0,
a default route is added to the second routing table vrf1, the next hop is sent out as a public network gateway through the out2in interface, a 32-bit EIP backhaul route is added to the first routing table vrf0, the route is sent out through the in2out interface,
creating a loopback interface loopback, configuring a gateway address of a corresponding network segment on the loopback interface,
the loopback interface loopback is bridged with the in2out interface through a Virtual Local Area Network (VLAN);
the flow table configuration module is used for creating a first flow table, matching the IP message, setting the routing table of the IP message as a second routing table vrf1, creating a second flow table, matching the source IP of the IP message, finding a corresponding QoS rule to limit the speed, creating a third flow table, matching the target IP of the IP message, finding a corresponding QoS rule to limit the speed, applying the second flow table to an in2out interface, applying the first flow table and the second flow table to a ring interface loopback, and applying the third flow table to an out2in interface.
In order to solve the above technical problem, the present application further provides a computer device, which adopts the following technical scheme:
comprising a memory having computer readable instructions stored therein and a processor that when executed implement the steps of the QoS method using external filters based on routing tables and flow tables as described above.
In order to solve the above technical problem, the present application further provides a computer-readable storage medium, which adopts the following technical solutions:
the computer readable storage medium has stored thereon computer readable instructions which, when executed by a processor, perform the steps of the above-described QoS method using external filters based on routing tables and flow tables.
Compared with the prior art, the application mainly has the following beneficial effects: by placing the in2out interface and out2in interface of the QoS device in different virtual route forwarding vrf tables, the virtual routing forwarding table vrf to which the in2out interface belongs only performs default routing forwarding, the virtual routing forwarding table vrf to which the out2in interface belongs is responsible for backhaul routing forwarding of EIP, and then the two-layer gateway loops back to the loopback interface, sets the received message as the virtual routing forwarding table vrf1 through the flow table, even the message of the second layer can firstly carry out the forwarding of the default route, and all the internal traffic can be firstly forwarded to the public network gateway in such a way, therefore, all the flow is transferred to an external firewall filter, is uniformly filtered through a firewall and then is returned to a public network gateway and QoS equipment, the QoS equipment searches for a virtual route forwarding vrf0 at an out2in interface and sends a message to a loopback interface loopback or directly sends the message to a corresponding virtual machine VM through an in2out interface. By the method, all internal flow can pass through an external firewall firstly, the method of passing through the flow table and the routing table has high performance and is flexible to expand, for example, according to an internal strategy, some flow can be selectively sent to the external firewall, the virtual route forwarding vrf1 can be directly set, or the matching rule of the flow table 1 can be set.
Drawings
In order to more clearly illustrate the solution of the present application, the drawings needed for describing the embodiments of the present application will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present application, and that other drawings can be obtained by those skilled in the art without inventive effort.
FIG. 1 is an exemplary system architecture diagram in which the present application may be applied;
FIG. 2 is a flow diagram of one embodiment of a QoS method using an external filter based on routing tables and flow tables according to the present application;
fig. 3 is a flowchart of an embodiment of data trend in the three-layer traffic data forwarding process employed in fig. 2;
FIG. 4 is a flow diagram of one embodiment of data trends in the two-tier traffic data forwarding process used in FIG. 2;
fig. 5 is a flow chart of the routing table and flow table configuration employed in fig. 2;
FIG. 6 is a flow diagram of another embodiment of a QoS method using an external filter based on a routing table and flow table according to the present application;
fig. 7 is a schematic block diagram illustrating an embodiment of a QoS device using an external filter based on a routing table and a flow table according to the present application;
FIG. 8 is a schematic block diagram of one embodiment of a computer device according to the present application.
Detailed Description
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs; the terminology used in the description of the application herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application; the terms "including" and "having," and any variations thereof, in the description and claims of this application and the description of the above figures are intended to cover non-exclusive inclusions. The terms "first," "second," and the like in the description and claims of this application or in the above-described drawings are used for distinguishing between different objects and not for describing a particular order.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the application. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is explicitly and implicitly understood by one skilled in the art that the embodiments described herein can be combined with other embodiments.
In order to make the technical solutions better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings.
As shown in fig. 1, the system architecture 100 may include a first terminal device 101, a second terminal device 102, a third terminal device 103, a network 104, and a server 105. The network 104 is used to provide a medium of communication links between the first terminal device 101, the second terminal device 102, the third terminal device 103 and the server 105. Network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
The user may use the first terminal device 101, the second terminal device 102, the third terminal device 103 to interact with the server 105 via the network 104 to receive or send messages or the like. Various communication client applications, such as a web browser application, a shopping application, a search application, an instant messaging tool, a mailbox client, social platform software, and the like, may be installed on the first terminal device 101, the second terminal device 102, and the third terminal device 103.
The first terminal device 101, the second terminal device 102, and the third terminal device 103 may be various electronic devices having a display screen and supporting web browsing, including but not limited to a smart phone, a tablet computer, an E-book reader, an MP3 player (qospecs Group Audio Layer III using an external filter based on a routing table and a flow table by Moving Picture E, mpeg compression standard Audio Layer 3), an MP4 player (spectra Group Audio Layer IV using an external filter based on a routing table and a flow table by Moving Picture E, mpeg compression standard Audio Layer 4), a laptop, a desktop computer, and the like.
The server 105 may be a server that provides various services, such as a background server that provides support for pages displayed on the first terminal apparatus 101, the second terminal apparatus 102, and the third terminal apparatus 103.
It should be noted that, the QoS method using an external filter based on the routing table and the flow table provided in the embodiment of the present application is generally executed by the server/terminal device, and accordingly, the QoS device using an external filter based on the routing table and the flow table is generally disposed in the server/terminal device.
It should be understood that the number of terminal devices, networks, and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
With continued reference to fig. 2, a flow diagram of one embodiment of a method for QoS using external filters based on routing tables and flow tables is shown, in accordance with the present application. The QoS method using the external filter based on the routing table and the flow table comprises the following steps:
step S201, configuring a routing table and a flow table, placing a three-layer interconnection interface in the routing table according to the configured routing table and the flow table, and matching a two-layer gateway interface to the routing table for processing through the flow table.
Fig. 5 is a flow chart of the routing table and flow table configuration employed in fig. 2. As shown in fig. 5, in this embodiment, the step of configuring the routing table and the flow table further includes:
step S301, configuring at least one in2out interface and one out2in interface for the QoS device, establishing a first routing table vrf0 and a second routing table vrf1, configuring the in2out interface in the second routing table vrf1, and configuring the out2in interface in the first routing table vrf 0;
step S302, adding a default route in the second route table vrf1, sending out a next hop as a public network gateway through an out2in interface, adding a 32-bit EIP backhaul route in the first route table vrf0, and sending out the route through an in2out interface;
step S303, establishing a loopback interface loopback, and configuring a gateway address of a corresponding network segment on the loopback interface;
step S304, the loop interface loopback is bridged with the in2out interface through the virtual local area network VLAN;
step S305, creating a first flow table, matching the IP message, and setting the routing table of the IP message as a second routing table vrf 1;
step S306, a second flow table is created, the source IP of the IP message is matched, and the corresponding QoS rule is searched for speed limit;
step S307, a third flow table is created, the target IP of the IP message is matched, and the corresponding QoS rule is searched for speed limiting;
step S308, apply the second flow table to the in2out interface, apply the first flow table and the second flow table to the ring interface loopback, and apply the third flow table to the out2in interface.
In this embodiment, an electronic device (e.g., the server/terminal device shown in fig. 1) on which the QoS method using the external filter based on the routing table and the flow table operates may receive the QoS request using the external filter based on the routing table and the flow table through a wired connection manner or a wireless connection manner. It should be noted that the wireless connection manners may include, but are not limited to, 3G/4G/5G connection, WiFi connection, bluetooth connection, QoS connection of WiMA using external filters based on routing tables and flow tables, Zigbee connection, uwb (ultra wideband) connection, and other wireless connection manners now known or developed in the future.
In this embodiment, according to the configuration of the routing table and the flow table, placing the three-layer interconnect interface in the routing table, and matching the two-layer gateway interface to the routing table for processing through the flow table further includes: and establishing a mapping relation between the routing table and the three-layer interconnection interface and the two-layer gateway interface. For example, if in2out is set as route vrf1, then incoming traffic from in2out will go to routing table vrf1 for routing and forwarding, and loop0 does not set its routing table, then by default routing table vrf0, but since the flow table is processed in preference to the routing table, incoming traffic from loop0 will be processed in preference to the routing table, and the routing table to be looked up after the packet is set in the flow table may be another designated one.
Step S202, the internal flow passing through the three-layer interconnection interface or the two-layer gateway interface is forwarded to an external filter according to the QoS rule.
In this embodiment, the step of forwarding the internal traffic passing through the three-layer interconnection interface or the two-layer gateway interface to the external filter according to the QoS rule may be distinguished according to the two-layer traffic and the three-layer traffic, and different flow forwarding flows are performed. Fig. 4 is a flowchart of an embodiment of data trend in the two-layer traffic data forwarding process adopted in fig. 2. As shown in fig. 4, the data forwarding process of the layer two traffic specifically includes:
the message is sent to a virtual machine VM gateway net/len gw by an internal virtual machine VM directly interconnected with a QoS device in a two-layer mode;
the message enters from the in2out interface and is sent to the loopback interface loopback through the virtual local area network vlan;
the loopback interface loopback matches the first flow table, and sets the routing table of the message as a second routing table vrf 1;
the message is matched with the second flow table, and the speed is limited according to the QoS rule;
searching a second routing table vrf1 for the message allowing passing, matching the second routing table to a default route, and sending the message to the public network gateway through an out2in interface;
the public network gateway sends the message to a filter for strategy filtering;
the message allowing the passing is sent back to the public network gateway by the firewall;
the public network gateway sends the message back to the out2in interface;
the out2in interface is matched with the third flow table, and the speed is limited according to the QoS rule;
searching a first routing table vrf0 for the message allowed to pass, and matching the first routing table to a backhaul route, wherein a sending port of the backhaul route is a backhaul interface;
the message is sent out through a backhaul interface loopback, and the message is sent to the corresponding virtual machine VM through the in2out interface through the virtual local area network vlan.
The QoS device can provide both three-layer access and two-layer access, where the three-layer access means that received traffic is forwarded through another router, and the two-layer access means that the QoS device is directly interconnected with the two layers of the virtual machine VM, for example, the IP address of the virtual machine VM is 192.168.0.100/24, the QoS device sets the gateway address of 192.168.0.1/24, the gateway address is set to a loopback interface, and the loopback interface is connected to the real physical interface in2out of the QoS device by means of bridging, or is bridged to the virtual interface vlan of the physical interface in2 out. When a virtual machine VM needs to send a message to the internet, it needs to first send the message to its gateway, i.e. the gateway address on the loopback interface on the QoS device.
Fig. 3 is a flowchart of an embodiment of data flow in the three-layer traffic data forwarding process adopted in fig. 2. As shown in fig. 3, the data forwarding process of the three-layer traffic specifically includes:
a message sent by the virtual machine is routed to an in2out interface of the QoS equipment through the router;
the In2out interface is matched with the second flow table, and speed limit processing is carried out according to the QoS rule;
searching a second routing table vrf1 for the allowed message, matching the allowed message to a default route, and sending the message to a public network gateway through an out2in interface;
the public network gateway sends the message to a filter for strategy filtering;
the message allowing the passing is sent back to the public network gateway by the firewall;
the public network gateway sends the message to an out2in interface;
the out2in interface is matched with the third flow table, and speed limit processing is carried out according to the QoS rule;
the allowed message looks up the first routing table vrf0, matches to the backhaul route, and sends the message to the corresponding virtual machine VM through the in2out interface.
The step of forwarding the internal traffic passing through the three-layer interconnection interface or the two-layer gateway interface to the external filter according to the QOS rule specifically comprises:
the message is sent to a virtual machine VM gateway net/len gw by an internal virtual machine VM directly connected with a QOS device in a two-layer mode;
the message enters from the in2out interface and is sent to the loopback interface loopback through the virtual local area network vlan;
the loopback interface loopback matches the first flow table, and sets the routing table of the message as a second routing table vrf 1;
the message is matched with the second flow table, and the speed is limited according to the QoS rule;
searching a second routing table vrf1 for the message allowing passing, matching the second routing table to a default route, and sending the message to the public network gateway through an out2in interface;
the public network gateway sends the message to a filter for strategy filtering;
the message allowing the passing is sent back to the public network gateway by the firewall;
the public network gateway sends the message back to the out2in interface;
the out2in interface is matched with the third flow table, and the speed is limited according to the QoS rule;
searching a first routing table vrf0 for the message allowed to pass, and matching the first routing table to a backhaul route, wherein a sending port of the backhaul route is a backhaul interface;
the message is sent out through a backhaul interface loopback, and the message is sent to the corresponding virtual machine VM through the in2out interface through the virtual local area network vlan.
After the step of forwarding the internal traffic passing through the three-layer interconnection interface or the two-layer gateway interface to the external filter according to the QoS rule, the method further includes:
and storing the network flow information filtered by the internal flow passing through the three-layer interconnection interface or the two-layer gateway interface into a block chain according to a QoS rule.
The flow processing mode of the gateway interface of the two-layer interconnection is that there is no method to directly set only the routing table to forward the flow on the gateway interface through the default route, because after the gateway interface is configured with the gateway address such as 192.168.0.1/24, the routing table to which the gateway interface belongs naturally has the direct route of 192.168.0.0/24, if the flow table is not used to set the flow processed by the gateway interface, the message processed by the gateway interface will be matched with the direct route and forwarded, so the flow table is needed to be used to set the flow processed by the gateway interface to another routing table. According to the method and the device, the two-layer flow and the three-layer flow are distinguished, different data forwarding mechanisms are adopted, and the data forwarding time is shortened.
Fig. 6 is a flow diagram of another embodiment of a QoS method using an external filter based on a routing table and a flow table according to the present application. As shown in fig. 6, in a QoS method using an external filter based on a routing table and a flow table, a flow is transmitted through the steps of:
s401, an In2out interface receives flow;
s402, judging whether the received flow belongs to a two-layer flow, if so, entering a step S403, and if not, entering a step S406;
s403, sending the data to a loopback interface of the loopback through the vlan;
s404, matching the flow table 1;
s405, setting vrf1 the message;
s406, matching the flow table 2;
s407, finding out QoS to carry out speed limit processing;
s408, judging whether the current flow is allowed to pass through, if so, entering a step S409, and if not, entering a step S414 to discard the message;
s409, finding vrf1, and using a default route;
s410, sending the data to a public network gateway through an out2in interface;
s411, the public network gateway sends the information to a firewall for strategy filtering;
s412, judging whether the passage is allowed, if so, entering the step S413, otherwise, entering the step S414;
s413, the firewall sends the message back to the public network gateway, and then to an out2in interface, and step S415 is executed;
and S414, discarding the message.
S415, out2in receives the traffic;
s416, matching flow table 3;
s417, finding out QoS to carry out speed limit processing;
s418, judging whether the passage is allowed, if the passage is allowed, entering a step S419, otherwise, entering a step S414;
s419, finding vrf0 to find the backhaul route;
s420, judging whether the loop back interface loop back is required to be sent out, if so, entering a step S421, otherwise, entering a step S422;
s421, sending to loop interface loop, and sending to in2out interface through vlan;
and S422, the signal is sent out by the in2out interface.
It is emphasized that, to further ensure the privacy and security of the filtered network traffic information, the filtered network traffic information may also be stored in a node of a blockchain.
The block chain referred by the application is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism, an encryption algorithm and the like. A block chain (Blockchain), which is essentially a decentralized database, is a series of data blocks associated by using a cryptographic method, and each data block contains information of a batch of network transactions, so as to verify the validity (anti-counterfeiting) of the information and generate a next block. The blockchain may include a blockchain underlying platform, a platform product service layer, an application service layer, and the like.
The application is operational with numerous general purpose or special purpose computing system environments or configurations. For example: personal computers, server computers, hand-held or portable devices, tablet-type devices, multiprocessor systems, microprocessor-based systems, set top boxes, programmable consumer electronics, network PCs, minicomputers, mainframe computers, distributed computing environments that include any of the above systems or devices, and the like. The application may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The application may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware associated with computer readable instructions, which can be stored in a computer readable storage medium, and when executed, the processes of the embodiments of the methods described above can be included. The storage medium may be a non-volatile storage medium such as a magnetic disk, an optical disk, a Read-Only Memory (ROM), or a Random Access Memory (RAM).
It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and may be performed in other orders unless explicitly stated herein. Moreover, at least a portion of the steps in the flow chart of the figure may include multiple sub-steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, which are not necessarily performed in sequence, but may be performed alternately or alternately with other steps or at least a portion of the sub-steps or stages of other steps.
With further reference to fig. 7, as an implementation of the method shown in fig. 2, the present application provides an embodiment of a QoS device using an external filter based on a routing table and a flow table, which corresponds to the method shown in fig. 2, and which is particularly applicable to various electronic devices.
As shown in fig. 4, the QoS device 400 using an external filter based on a routing table and a flow table according to this embodiment includes: a configuration module 401 and a forwarding module 402. Wherein: a configuration module 401, configured to configure a routing table and a flow table, place a three-layer interconnect interface in the routing table according to the configured routing table and flow table, and match a two-layer gateway interface to the routing table for processing through the flow table; a forwarding module 402, configured to forward the internal traffic passing through the three-layer interconnection interface or the two-layer gateway interface to the external filter according to the QoS rule.
In some optional implementations of this embodiment, the configuration module 401 may further include:
an interface and routing table configuring module 411, configured to configure at least one in2out interface and one out2in interface for a QoS device, establish a first routing table vrf0 and a second routing table vrf1, configure the in2out interface in the second routing table vrf1, configure the out2in interface in the first routing table vrf0, add a default route in the second routing table vrf1, send out a next hop as a public network gateway through the out2in interface, add a 32-bit EIP backhaul route in the first routing table vrf0, send out through the in2out interface,
creating a loopback interface loopback, configuring a gateway address of a corresponding network segment on the loopback interface,
the loopback interface loopback is bridged with the in2out interface through a Virtual Local Area Network (VLAN);
flow table configuration module 412 to create a first flow table, match the IP packet, set the routing table of the IP packet to a second routing table vrf1,
creating a second flow table, matching the source IP of the IP message, finding out a corresponding QoS rule for limiting the speed,
creating a third flow table, matching the target IP of the IP message, finding out a corresponding QoS rule for speed limiting,
the second flow table is applied to the in2out interface, the first and second flow tables are applied to the ring interface loopback, and the third flow table is applied to the out2in interface.
With the present embodiment, by placing the in2out interface and out2in interface of the QoS device in different virtual route forwarding vrf tables, the virtual routing forwarding table vrf to which the in2out interface belongs only performs default routing forwarding, the virtual routing forwarding table vrf to which the out2in interface belongs is responsible for backhaul routing forwarding of EIP, and then the two-layer gateway loops back to the loopback interface, sets the received message as the virtual routing forwarding table vrf1 through the flow table, even the message of the second layer can firstly carry out the forwarding of the default route, and all the internal traffic can be firstly forwarded to the public network gateway in such a way, therefore, all the flow is transferred to an external firewall filter, is uniformly filtered through a firewall and then is returned to a public network gateway and QoS equipment, the QoS equipment searches for a virtual route forwarding vrf0 at an out2in interface and sends a message to a loopback interface loopback or directly sends the message to a corresponding virtual machine VM through an in2out interface. By the method, all internal flow can pass through an external firewall firstly, the method of passing through the flow table and the routing table has high performance and is flexible to expand, for example, according to an internal strategy, some flow can be selectively sent to the external firewall, the virtual route forwarding vrf1 can be directly set, or the matching rule of the flow table 1 can be set.
In order to solve the technical problem, an embodiment of the present application further provides a computer device. Referring to fig. 8, fig. 8 is a block diagram of a basic structure of a computer device according to the present embodiment.
The computer device 6 comprises a memory 61, a processor 62, a network interface 63 communicatively connected to each other via a system bus. It is noted that only a computer device 6 having components 61-63 is shown, but it is understood that not all of the shown components are required to be implemented, and that more or fewer components may be implemented instead. As will be understood by those skilled in the art, the computer device is a device capable of automatically performing numerical calculation and/or information processing according to a preset or stored instruction, and the hardware includes, but is not limited to, a microprocessor, an Application Specific Integrated Circuit (ASIC), a Programmable Gate Array (FPGA), a Digital Signal Processor (DSP), an embedded device, and the like.
The computer device can be a desktop computer, a notebook, a palm computer, a cloud server and other computing devices. The computer equipment can carry out man-machine interaction with a user through a keyboard, a mouse, a remote controller, a touch panel or voice control equipment and the like.
The memory 61 includes at least one type of readable storage medium including a flash memory, a hard disk, a multimedia card, a card type memory (e.g., a QoS memory in which an SD or D uses an external filter based on a routing table and a flow table, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a Read Only Memory (ROM), an Electrically Erasable Programmable Read Only Memory (EEPROM), a Programmable Read Only Memory (PROM), a magnetic memory, a magnetic disk, an optical disk, etc. In some embodiments, the memory 61 may be an internal storage unit of the computer device 6, such as a hard disk or a memory of the computer device 6. In other embodiments, the memory 61 may also be an external storage device of the computer device 6, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like, which are provided on the computer device 6. Of course, the memory 61 may also comprise both an internal storage unit of the computer device 6 and an external storage device thereof. In this embodiment, the memory 61 is generally used for storing an operating system installed in the computer device 6 and various types of application software, such as computer readable instructions of a QoS method using an external filter based on a routing table and a flow table. Further, the memory 61 may also be used to temporarily store various types of data that have been output or are to be output.
The processor 62 may be a Central Processing Unit (CPU), controller, microcontroller, microprocessor, or other data Processing chip in some embodiments. The processor 62 is typically used to control the overall operation of the computer device 6. In this embodiment, the processor 62 is configured to execute computer readable instructions stored in the memory 61 or process data, for example, execute computer readable instructions of the QoS method using an external filter based on the routing table and the flow table.
The network interface 63 may comprise a wireless network interface or a wired network interface, and the network interface 63 is typically used for establishing a communication connection between the computer device 6 and other electronic devices.
With the present embodiment, by placing the in2out interface and out2in interface of the QoS device in different virtual route forwarding vrf tables, the virtual routing forwarding table vrf to which the in2out interface belongs only performs default routing forwarding, the virtual routing forwarding table vrf to which the out2in interface belongs is responsible for backhaul routing forwarding of EIP, and then the two-layer gateway loops back to the loopback interface, sets the received message as the virtual routing forwarding table vrf1 through the flow table, even the message of the second layer can firstly carry out the forwarding of the default route, and all the internal traffic can be firstly forwarded to the public network gateway in such a way, therefore, all the flow is transferred to an external firewall filter, is uniformly filtered through a firewall and then is returned to a public network gateway and QoS equipment, the QoS equipment searches for a virtual route forwarding vrf0 at an out2in interface and sends a message to a loopback interface loopback or directly sends the message to a corresponding virtual machine VM through an in2out interface. By the method, all internal flow can pass through an external firewall firstly, the method of passing through the flow table and the routing table has high performance and is flexible to expand, for example, according to an internal strategy, some flow can be selectively sent to the external firewall, the virtual route forwarding vrf1 can be directly set, or the matching rule of the flow table 1 can be set.
The present application further provides another embodiment that provides a computer-readable storage medium having stored thereon computer-readable instructions executable by at least one processor to cause the at least one processor to perform the steps of the QoS method using external filters based on routing tables and flow tables as described above.
With the present embodiment, by placing the in2out interface and out2in interface of the QoS device in different virtual route forwarding vrf tables, the virtual routing forwarding table vrf to which the in2out interface belongs only performs default routing forwarding, the virtual routing forwarding table vrf to which the out2in interface belongs is responsible for backhaul routing forwarding of EIP, and then the two-layer gateway loops back to the loopback interface, sets the received message as the virtual routing forwarding table vrf1 through the flow table, even the message of the second layer can firstly carry out the forwarding of the default route, and all the internal traffic can be firstly forwarded to the public network gateway in such a way, therefore, all the flow is transferred to an external firewall filter, is uniformly filtered through a firewall and then is returned to a public network gateway and QoS equipment, the QoS equipment searches for a virtual route forwarding vrf0 at an out2in interface and sends a message to a loopback interface loopback or directly sends the message to a corresponding virtual machine VM through an in2out interface. By the method, all internal flow can pass through an external firewall firstly, the method of passing through the flow table and the routing table has high performance and is flexible to expand, for example, according to an internal strategy, some flow can be selectively sent to the external firewall, the virtual route forwarding vrf1 can be directly set, or the matching rule of the flow table 1 can be set.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present application may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (such as a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present application.
It is to be understood that the above-described embodiments are merely illustrative of some, but not restrictive, of the broad invention, and that the appended drawings illustrate preferred embodiments of the invention and do not limit the scope of the invention. This application is capable of embodiments in many different forms and is provided for the purpose of enabling a thorough understanding of the disclosure of the application. Although the present application has been described in detail with reference to the foregoing embodiments, it will be apparent to one skilled in the art that the present application may be practiced without modification or with equivalents of some of the features described in the foregoing embodiments. All equivalent structures made by using the contents of the specification and the drawings of the present application are directly or indirectly applied to other related technical fields and are within the protection scope of the present application.
Claims (10)
1. A QoS method using an external filter based on a routing table and a flow table, comprising the steps of:
configuring a routing table and a flow table, placing a three-layer interconnection interface in the routing table according to the configured routing table and the flow table, and matching a two-layer gateway interface to the routing table for processing through the flow table;
and forwarding the internal flow passing through the three-layer interconnection interface or the two-layer gateway interface to an external filter according to a QoS rule.
2. The QoS method using external filters based on routing tables and flow tables according to claim 1, wherein the step of configuring routing tables and flow tables further comprises:
configuring at least one in2out interface and one out2in interface for the QoS device, establishing a first routing table vrf0 and a second routing table vrf1, configuring the in2out interface in the second routing table vrf1, and configuring the out2in interface in the first routing table vrf 0;
adding a default route in the second routing table vrf1, sending out a next hop as a public network gateway through an out2in interface, adding a 32-bit EIP backhaul route in the first routing table vrf0, and sending out the route through an in2out interface;
creating a loopback interface loopback, and configuring a gateway address of a corresponding network segment on the loopback interface;
the loopback interface loopback is bridged with the in2out interface through a Virtual Local Area Network (VLAN);
creating a first flow table, matching the IP message, and setting the routing table of the IP message as a second routing table vrf 1;
creating a second flow table, matching the source IP of the IP message, and finding a corresponding QoS rule for speed limiting;
establishing a third flow table, matching the target IP of the IP message, and finding a corresponding QoS rule for speed limiting;
the second flow table is applied to the in2out interface, the first and second flow tables are applied to the ring interface loopback, and the third flow table is applied to the out2in interface.
3. The QoS method according to claim 1, wherein the step of placing a three-layer interconnect interface in the routing table according to the configured routing table and flow table, and matching a two-layer gateway interface to the routing table through the flow table for processing specifically comprises:
and establishing a mapping relation between the routing table and the three-layer interconnection interface and the two-layer gateway interface.
4. The QoS method according to claim 2, wherein the step of forwarding the internal traffic passing through the three-layer interconnect interface or the two-layer gateway interface to the external filter according to the QoS rule specifically comprises:
the message is sent to a virtual machine VM gateway net/len gw by an internal virtual machine VM directly interconnected with a QoS device in a two-layer mode;
the message enters from the in2out interface and is sent to the loopback interface loopback through the virtual local area network vlan;
the loopback interface loopback matches the first flow table, and sets the routing table of the message as a second routing table vrf 1;
the message is matched with the second flow table, and the speed is limited according to the QoS rule;
searching a second routing table vrf1 for the message allowing passing, matching the second routing table to a default route, and sending the message to the public network gateway through an out2in interface;
the public network gateway sends the message to a filter for strategy filtering;
the message allowing the passing is sent back to the public network gateway by the firewall;
the public network gateway sends the message back to the out2in interface;
the out2in interface is matched with the third flow table, and the speed is limited according to the QoS rule;
searching a first routing table vrf0 for the message allowed to pass, and matching the first routing table to a backhaul route, wherein a sending port of the backhaul route is a backhaul interface;
the message is sent out through a backhaul interface loopback, and the message is sent to the corresponding virtual machine VM through the in2out interface through the virtual local area network vlan.
5. The QoS method according to claim 2, wherein the step of forwarding the internal traffic passing through the three-layer interconnect interface or the two-layer gateway interface to the external filter according to the QoS rule comprises:
a message sent by the virtual machine is routed to an in2out interface of the QoS equipment through the router;
the In2out interface is matched with the second flow table, and speed limit processing is carried out according to the QoS rule;
searching a second routing table vrf1 for the allowed message, matching the allowed message to a default route, and sending the message to a public network gateway through an out2in interface;
the public network gateway sends the message to a filter for strategy filtering;
the message allowing the passing is sent back to the public network gateway by the firewall;
the public network gateway sends the message to an out2in interface;
the out2in interface is matched with the third flow table, and speed limit processing is carried out according to the QoS rule;
the allowed message looks up the first routing table vrf0, matches to the backhaul route, and sends the message to the corresponding virtual machine VM through the in2out interface.
6. The QoS method using an external filter based on the routing table and the flow table according to any one of claims 1 to 5, wherein after the step of forwarding the internal traffic passing through the three-layer interconnect interface or the two-layer gateway interface to the external filter according to the QoS rule, the method further comprises:
and storing the network flow information filtered by the internal flow passing through the three-layer interconnection interface or the two-layer gateway interface into a block chain according to a QoS rule.
7. A QoS device using an external filter based on a routing table and a flow table, comprising:
the configuration module is used for configuring a routing table and a flow table, placing a three-layer interconnection interface in the routing table according to the configured routing table and the flow table, and matching a two-layer gateway interface to the routing table for processing through the flow table;
and the forwarding module is used for forwarding the internal flow passing through the three-layer interconnection interface or the two-layer gateway interface to the external filter according to the QoS rule.
8. The QoS device using external filters based on routing tables and flow tables according to claim 7, wherein said configuration module comprises:
an interface and routing table configuration module, configured to configure at least one in2out interface and one out2in interface for a QoS device, establish a first routing table vrf0 and a second routing table vrf1, configure the in2out interface in a second routing table vrf1, configure the out2in interface in a first routing table vrf0, add a default route in a second routing table vrf1, send out a next hop as a public network gateway through an out2in interface, add a 32-bit EIP backhaul route in the first routing table vrf0, send out through an in2out interface, create a loopback interface loopback, configure a gateway address of a corresponding network segment on the loopback interface, and the loopback interface loopback is bridged with the in2out interface through a virtual local area network VLAN;
the flow table configuration module is used for creating a first flow table, matching the IP message, setting the routing table of the IP message as a second routing table vrf1, creating a second flow table, matching the source IP of the IP message, finding a corresponding QoS rule to limit the speed, creating a third flow table, matching the target IP of the IP message, finding a corresponding QoS rule to limit the speed, applying the second flow table to an in2out interface, applying the first flow table and the second flow table to a ring interface loopback, and applying the third flow table to an out2in interface.
9. A computer device comprising a memory having computer readable instructions stored therein and a processor that when executed performs the steps of the QoS method using external filters based on routing tables and flow tables of any of claims 1 to 6.
10. A computer readable storage medium having stored thereon computer readable instructions which, when executed by a processor, perform the steps of the QoS method using external filters based on routing tables and flow tables according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111317762.0A CN113765798B (en) | 2021-11-09 | 2021-11-09 | QoS method, device, computer equipment and medium using external filter |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111317762.0A CN113765798B (en) | 2021-11-09 | 2021-11-09 | QoS method, device, computer equipment and medium using external filter |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113765798A true CN113765798A (en) | 2021-12-07 |
| CN113765798B CN113765798B (en) | 2022-02-08 |
Family
ID=78784705
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111317762.0A Active CN113765798B (en) | 2021-11-09 | 2021-11-09 | QoS method, device, computer equipment and medium using external filter |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113765798B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114520790A (en) * | 2021-12-20 | 2022-05-20 | 杭州迪普信息技术有限公司 | Message filtering method and device |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104022973A (en) * | 2014-06-18 | 2014-09-03 | 福建星网锐捷网络有限公司 | Message forwarding method, switching module, firewall card and switch |
| CN105337894A (en) * | 2014-06-24 | 2016-02-17 | 华为技术有限公司 | Apparatus, system and method for providing QoS for service message |
| CN106034052A (en) * | 2015-03-13 | 2016-10-19 | 北京网御星云信息技术有限公司 | System and method for monitoring two-layer traffic among virtual machines |
| US20180077229A1 (en) * | 2016-05-31 | 2018-03-15 | Sonus, Inc. | Methods and apparatus for load balancing in sdn networks |
| CN108989352A (en) * | 2018-09-03 | 2018-12-11 | 平安科技(深圳)有限公司 | Method of realizing fireproof wall, device, computer equipment and storage medium |
| CN113315706A (en) * | 2021-04-30 | 2021-08-27 | 上海云轴信息科技有限公司 | Private cloud flow control method, device and system |
-
2021
- 2021-11-09 CN CN202111317762.0A patent/CN113765798B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104022973A (en) * | 2014-06-18 | 2014-09-03 | 福建星网锐捷网络有限公司 | Message forwarding method, switching module, firewall card and switch |
| CN105337894A (en) * | 2014-06-24 | 2016-02-17 | 华为技术有限公司 | Apparatus, system and method for providing QoS for service message |
| CN106034052A (en) * | 2015-03-13 | 2016-10-19 | 北京网御星云信息技术有限公司 | System and method for monitoring two-layer traffic among virtual machines |
| US20180077229A1 (en) * | 2016-05-31 | 2018-03-15 | Sonus, Inc. | Methods and apparatus for load balancing in sdn networks |
| CN108989352A (en) * | 2018-09-03 | 2018-12-11 | 平安科技(深圳)有限公司 | Method of realizing fireproof wall, device, computer equipment and storage medium |
| CN113315706A (en) * | 2021-04-30 | 2021-08-27 | 上海云轴信息科技有限公司 | Private cloud flow control method, device and system |
Non-Patent Citations (1)
| Title |
|---|
| 王树太等: ""私有云安全云管平台关键技术与应用研究"", 《信息安全与通信保密》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114520790A (en) * | 2021-12-20 | 2022-05-20 | 杭州迪普信息技术有限公司 | Message filtering method and device |
| CN114520790B (en) * | 2021-12-20 | 2024-03-22 | 杭州迪普信息技术有限公司 | Message filtering method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113765798B (en) | 2022-02-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11128626B2 (en) | Security service for an unmanaged device | |
| US7558266B2 (en) | System and method for restricting network access using forwarding databases | |
| US20180048568A1 (en) | Method for increasing layer-3 longest prefix match scale | |
| CN103581062B (en) | Method and system for handling unknown unicast data packets | |
| WO2017173952A1 (en) | Method, device, and system for centralizing management of virtual machines and implementing communications between virtual machines | |
| CN107733795B (en) | Ethernet virtual private network EVPN and public network intercommunication method and device | |
| US20200213215A1 (en) | Access device blockchain network systems and methods | |
| CN107707557A (en) | Anonymous access method, apparatus, the network equipment and readable storage medium storing program for executing | |
| CN107409119A (en) | Prestige is determined by network characteristic | |
| CN113765798B (en) | QoS method, device, computer equipment and medium using external filter | |
| CN113890767A (en) | Network access method, device, equipment and storage medium | |
| CN111371608B (en) | Method, device and medium for deploying SFC service chain | |
| CN107612923B (en) | Service access method and device based on network policy group | |
| CN112491789A (en) | OpenStack framework-based virtual firewall construction method and storage medium | |
| Vairagade et al. | Enabling machine learning‐based side‐chaining for improving QoS in blockchain‐powered IoT networks | |
| CN114760108A (en) | Message matching method and device | |
| CN114143191A (en) | Distributed gateway-based micro-service arranging method and device and related equipment | |
| CN110933015B (en) | Data transmission method, device and system | |
| CN116647425B (en) | IPSec-VPN implementation method and device of OVN architecture, electronic equipment and storage medium | |
| CN103346950A (en) | Sharing method and device of load between user service boards of rack-mounted wireless controller | |
| CN106664305B (en) | Apparatus, system, and method for determining reputation of data | |
| CN108768861B (en) | Method and device for sending service message | |
| CN109756409B (en) | Bridge forwarding method | |
| CN112737850B (en) | Mutually exclusive access method and device | |
| CN114629853A (en) | Traffic classification control method based on security service chain analysis in security resource pool |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |