CN113839885A - Message flow monitoring system and method based on switch - Google Patents
Message flow monitoring system and method based on switch Download PDFInfo
- Publication number
- CN113839885A CN113839885A CN202110969789.1A CN202110969789A CN113839885A CN 113839885 A CN113839885 A CN 113839885A CN 202110969789 A CN202110969789 A CN 202110969789A CN 113839885 A CN113839885 A CN 113839885A
- Authority
- CN
- China
- Prior art keywords
- message
- processing unit
- central processing
- switch
- flow
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000012544 monitoring process Methods 0.000 title claims abstract description 59
- 238000000034 method Methods 0.000 title claims abstract description 29
- 238000012545 processing Methods 0.000 claims abstract description 157
- 238000001914 filtration Methods 0.000 claims abstract description 28
- 238000002955 isolation Methods 0.000 claims description 13
- 238000007726 management method Methods 0.000 claims description 8
- 238000007493 shaping process Methods 0.000 claims description 8
- 238000004458 analytical method Methods 0.000 claims description 6
- 230000007246 mechanism Effects 0.000 claims description 5
- 230000009467 reduction Effects 0.000 claims description 5
- 238000001514 detection method Methods 0.000 claims description 4
- 230000003139 buffering effect Effects 0.000 claims description 3
- 238000005516 engineering process Methods 0.000 claims description 3
- 230000006870 function Effects 0.000 description 8
- 101100163897 Caenorhabditis elegans asic-2 gene Proteins 0.000 description 5
- 230000008569 process Effects 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000002159 abnormal effect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 230000005856 abnormality Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000004148 unit process Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/10—Packet switching elements characterised by the switching fabric construction
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/12—Avoiding congestion; Recovering from congestion
- H04L47/125—Avoiding congestion; Recovering from congestion by balancing the load, e.g. traffic engineering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/22—Traffic shaping
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/55—Prevention, detection or correction of errors
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Abstract
The invention provides a message flow monitoring system and method based on a switch, wherein the system comprises: the system comprises a switch and an auxiliary processor, wherein a special application integrated circuit and a central processing unit are arranged in the switch. The auxiliary processor is respectively connected with the special application integrated circuit and the central processor through Ethernet channels. The special application integrated circuit is used for processing, forwarding and analyzing the message service flow of the switch. And the central processor is used for overall management of the switch. And the auxiliary processor is used for receiving the message sent by the special application integrated circuit, isolating and monitoring the message flow between the special application integrated circuit and the central processing unit, and controlling the message speed sent to the central processing unit by monitoring the working state of the central processing unit. The invention realizes the filtration and flow control of the message, avoids the risk of safety or performance problems in the message sent to the central processing unit by the switch, and ensures the working reliability of the central processing unit.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a message flow monitoring system and a message flow monitoring method based on a switch.
Background
Currently, in a common switch design, an ASIC (application specific integrated circuit) specially designed for network application is generally used for processing, forwarding, analyzing, and the like of switch service traffic; the CPU (central processing unit) of the switch is mainly responsible for the overall management of the switch, such as the hardware operating state. In order to monitor the functions of the ASICs, the CPU of the switch also needs to process some messages sent on the ASICs, such as control related messages of LLDP (link layer discovery protocol), STP (spanning tree protocol), ARP (address resolution protocol), or related messages of routing protocols.
For an ASIC specially aiming at processing network messages, the ASIC is good at processing various types of network messages, but the CPU is not, for the ASIC, although a large number of network messages can be easily processed, a large number of message processing can occupy a large amount of CPU resources, slow down the response speed of the CPU, and even affect other works of the CPU, such as the hardware management function of the switch, and the like, especially on a low-cost switch platform with weak CPU performance, unpredictable CPU errors can be caused, causing the CPU to be down, and affecting the overall normal work of the switch.
On the other hand, the existing switch also has a certain safety problem when processing messages, once malicious messages are sent to the CPU through the ASIC, the messages will cause more serious influence on the overall normal operation of the switch.
It can be seen that how to monitor and statistically analyze the flow of the message sent to the CPU is an urgent problem to be solved in order to avoid the risk of the security or performance problems in the message sent to the CPU by the switch and ensure the reliability of the operation of the CPU.
Disclosure of Invention
In view of the above problems, an object of the present invention is to provide a message flow monitoring system and method based on a switch, which implement filtering and flow control of messages, avoid the risk of safety or performance problems in messages sent from the switch to a central processing unit, and ensure the reliability of the central processing unit.
In order to achieve the purpose, the invention is realized by the following technical scheme: a message flow monitoring system based on a switch comprises: the system comprises a switch and an auxiliary processor, wherein a special application integrated circuit and a central processing unit are arranged in the switch. The auxiliary processor is respectively in data connection with the special application integrated circuit and the central processing unit through an Ethernet channel.
The special application integrated circuit is used for processing and analyzing the message service flow of the switch and sending the message to the auxiliary processor.
The auxiliary processor is used for receiving the message sent by the special application integrated circuit, isolating and monitoring the message flow between the special application integrated circuit and the central processing unit, determining the message sending speed by monitoring the working state of the central processing unit, and sending the message to the central processing unit at the determined message sending speed.
And the central processing unit is used for carrying out overall management on the switch according to the sent message.
Further, the auxiliary processor includes:
the isolation unit is used for carrying out statistical technology and content filtering analysis on the uploaded message, and redirecting the message to the central processing unit if the content filtering analysis is normal; when the CPU needs to reply to the ASIC with a message, the message is received and redirected to the ASIC. The isolation unit plays a role in isolating and monitoring the flow between the ASIC and the CPU.
And the monitoring unit is used for monitoring the working load of the central processing unit.
And the buffer unit is used for buffering the messages sent by the special application integrated circuit.
And the uploading speed control unit is used for starting a speed reduction strategy to control the rate of the uploading message according to the working load of the central processing unit.
Further, the isolation unit includes:
the filtering module is used for starting a preset filtering rule to filter out potential risk traffic and unnecessary traffic in the message traffic and directly discarding the traffic; and uploading the filtered message flow to a central processing unit, and recording the message flow into a log. Potential negative effects can occur to the central processor in an efficient manner.
And the protection module is used for starting a preset safety mechanism to identify illegal message flow in the message flow, directly discarding the illegal message flow and recording the illegal message flow into a log.
Further, the monitoring unit includes:
and the power consumption detection module is used for determining the working load of the central processing unit by detecting the power consumption of the central processing unit. The state of the central processing unit can be monitored efficiently.
Further, the speed reduction strategy comprises: when the work load of the central processing unit reaches 80% of the total load, the message sending rate is reduced to 80% of the initial rate, if the work load of the central processing unit continues to increase, the message sending rate is reduced according to a preset function curve, and if the work load of the central processing unit reaches 98% of the total load, the message sending is stopped.
Further, the auxiliary processor further comprises:
and the priority setting unit is used for determining the priority of the message according to the preset key value of the message and establishing a corresponding message uploading queue according to the priority of the message.
Correspondingly, the invention also discloses a message flow monitoring method based on the switch, which comprises the following steps:
s1: processing and analyzing the message service flow of the switch by using a special application integrated circuit, and uploading the message service flow to an auxiliary processor;
s2: after receiving the message, the auxiliary processor carries out isolation and monitoring processing of message flow, determines the speed of the message to be sent to the central processing unit by monitoring the working state of the central processing unit, and sends the processed message to the central processing unit at the determined sending speed;
s3: and the central processing unit performs the overall management of the switch according to the processed message.
Further, the step S2 includes:
the auxiliary processor receives the message sent by the special application integrated circuit;
judging whether the message meets the filtering rule, if so, directly discarding; otherwise, determining whether the message is a safe message by carrying out safety check on the message;
if the message is not a safe message, directly discarding the message; if the message is a safe message, determining the working load of the central processing unit by reading the power of the power supply of the central processing unit, and carrying out flow shaping and speed limiting on the message according to the load of the central processing unit and then uploading the message to the central processing unit.
Further, the filtering rules include:
setting unnecessary message types and message types with potential risks;
identifying whether the type of the current message is an unnecessary message type, if so, directly discarding; if not, identifying whether the type of the current message is a message type with potential risk;
if yes, directly discarding, and if not, finishing filtering.
Further, the step of performing traffic shaping and speed limiting on the message according to the load of the central processing unit and then sending the message to the central processing unit specifically comprises:
if the work load of the central processing unit is lower than 80% of the total load, the message is directly sent to the central processing unit; if the workload of the central processing unit reaches 80% of the total load, the rate of the message to be sent is reduced to 80% of the initial rate;
after the uploading rate is reduced, determining the priority of the message which is not uploaded by reading a preset key value of the message which is not uploaded; in the non-uploading guarantee, the message with the highest priority is uploaded to a central processing unit, and the rest messages are temporarily stored in a cache unit to wait for uploading; if the current cache unit has no storage space, directly discarding the rest messages;
if the current flow of the uploaded message is larger than the preset bandwidth of the central processing unit, temporarily storing the message with the preset proportion to a cache unit.
Compared with the prior art, the invention has the beneficial effects that:
1. the invention improves the safety of the message sent to the central processing unit from the special application integrated circuit, can effectively prevent the sending of error messages and malicious messages, and ensures the normal work of the switch.
2. The invention can effectively reduce the burden of the CPU for processing the message sent by the special application integrated circuit, and the auxiliary processor can discard some redundant or secondary messages before the CPU, thereby reducing the processing burden for the CPU.
3. The invention provides the flow shaping and speed limiting functions, can prevent the conditions of downtime, abnormality and the like of the central processing unit caused by abnormal message uploading conditions, and further ensures the working reliability of the central processing unit.
4. The invention has the priority queue function and can ensure the processing of the central processing unit on the important service of the switch under the condition of meeting the advantages.
5. The invention can directly utilize the prior auxiliary processor for monitoring the peripheral equipment of the switch, can further ensure the working reliability of the central processing unit under the condition of not increasing other components and improves the utilization efficiency of the auxiliary processor.
Therefore, compared with the prior art, the invention has prominent substantive features and remarkable progress, and the beneficial effects of the implementation are also obvious.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
FIG. 1 is a system block diagram of the present invention;
FIG. 2 is a flow chart of the method of the present invention;
FIG. 3 is a flow chart of the operation of the auxiliary processor of the present invention.
In the figure, 1 is an auxiliary processor; 2 is an ASIC; 3 is a central processing unit; 4 is an isolation unit; 5 is a monitoring unit; 6 is a buffer unit; 7 is an upper feeding speed control unit; 8 is a priority setting unit; 41 is a filtering module; 42 is a protection module; reference numeral 51 denotes a power consumption detection module.
Detailed Description
The core of the invention is to provide a message flow monitoring system based on a switch, and in the prior art, the message sent to a CPU by the switch has the risk of safety or performance problems, so that the working reliability of the CPU cannot be guaranteed.
The invention provides a message flow monitoring system based on a switch, which adopts an auxiliary processor to be respectively connected with a special application integrated circuit and a central processing unit through an Ethernet channel. And the auxiliary processor is used for receiving the message sent by the special application integrated circuit, isolating and monitoring the message flow between the special application integrated circuit and the central processing unit, and controlling the speed of the message sent to the central processing unit by monitoring the working state of the central processing unit.
Therefore, the invention realizes the filtration and flow control of the message, avoids the risk of safety or performance problems in the message sent to the central processing unit by the switch, and ensures the working reliability of the central processing unit.
In order that those skilled in the art will better understand the disclosure, the invention will be described in further detail with reference to the accompanying drawings and specific embodiments. It is to be understood that the described embodiments are merely exemplary of the invention, and not restrictive of the full scope of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The first embodiment is as follows:
as shown in fig. 1, this embodiment provides a message traffic monitoring system based on a switch, including: the system comprises a switch and an auxiliary processor 1, wherein an application specific integrated circuit 2 and a central processing unit 3 are arranged in the switch. The auxiliary processor 1 is respectively connected with the application specific integrated circuit 2 and the central processor 3 through Ethernet channels. And the special application integrated circuit 2 is used for processing, forwarding and analyzing the message service flow of the switch and sending the message to the auxiliary processor 1. And the central processing unit 3 is used for overall management of the message switch according to the sent message.
The auxiliary processor 1 is used for receiving the messages sent by the special application integrated circuit, isolating and monitoring the message flow between the special application integrated circuit 2 and the central processing unit 3, and controlling the speed of the messages sent to the central processing unit 3 by monitoring the working state of the central processing unit 3.
The auxiliary processor 1 includes: the device comprises an isolation unit 4, a monitoring unit 5, a buffer unit 6, an uploading speed control unit 7 and a priority setting unit 8.
The isolation unit 4 is used for carrying out statistical technology and content filtering analysis on the uploaded message, and redirecting the message to the central processing unit 3 if the content filtering analysis is normal; when the central processing unit 3 needs to reply to the asic 2 with a message, it receives the message sent down and redirects it to the asic 2. The isolation unit 4 is used for isolating and monitoring the flow between the asic 2 and the cpu 3.
The isolation unit 4 specifically includes:
the filtering module 41 is configured to start a preset filtering rule to filter out potential risk traffic and unnecessary traffic in the packet traffic, and directly discard the potential risk traffic and the unnecessary traffic; and uploading the filtered message flow to the central processing unit 3, and recording the message flow in a log. The filtering module 41 can directly discard the traffic with potential risk or unnecessary traffic on the auxiliary processor 1 to improve performance, so that the traffic is not sent to the central processing unit 3, potential negative effects on the central processing unit 3 are prevented, and meanwhile, the received hit traffic is recorded in a log, so that query and inspection in the future are facilitated;
and the protection module 42 is configured to start a preset security mechanism to identify an illegal message traffic in the message traffic, directly discard the illegal message traffic, and record the discarded illegal message traffic in a log. The preset security mechanism can adopt the self-contained security mechanism and anti-attack measures on the auxiliary processor 1, automatically identify a part of dangerous or illegal message flow, automatically discard the messages and record the messages;
and the monitoring unit 5 is used for monitoring the working load of the central processing unit 3. The monitoring unit 5 includes: and a power consumption detection module 51, configured to determine a workload of the central processing unit 3 by detecting power consumption of the central processing unit 3. The state of the central processing unit 3 can be monitored efficiently. Because the auxiliary processor 1 is also generally responsible for the state control of the peripheral equipments of the switches such as the fan, the power supply and the like, the monitoring of the load of the central processor 3 can be directly reflected by the power consumption of the central processor, when the power consumption is increased, the load of the central processor can be considered to be increased, the power when the central processor is fully loaded is taken as the reference of 100% of the load, and the monitoring unit 5 monitors the working load of the central processor by adopting the mode, so that the monitoring is more efficient and accurate.
And the buffer unit 6 is used for buffering the messages sent by the ASIC 2. The cache unit 6 is specifically configured to: 1. when the load of the central processing unit is too high, the message with low real-time requirement is cached, and when the load of the central processing unit is reduced, the message is uploaded. 2. When a large number of messages are uploaded, the uploading speed is firstly maintained unchanged, messages which are not uploaded are stored in the cache unit 6, and the uploading speed is slowly increased when the cache space of the cache unit 6 occupies too much space, so that the situation that a large number of messages are uploaded to the central processing unit 3 suddenly is prevented. Therefore, by using the cache unit 6, the shaping of the message flow is realized, that is, a large number of messages are prevented from being sent to the central processing unit 3 suddenly, which causes the load of the central processing unit 3 to rise rapidly and affects other functions of the central processing unit.
And the uploading speed control unit 7 is used for starting a speed reduction strategy to control the speed of the uploading message according to the working load of the central processing unit. The speed reduction strategy comprises the following steps: when the work load of the central processing unit reaches 80% of the total load, the message sending rate is reduced to 80% of the initial rate, if the work load of the central processing unit continues to increase, the message sending rate is reduced according to a preset function curve, and if the work load of the central processing unit reaches 98% of the total load, the message sending is stopped.
And the priority setting unit 8 is used for determining the priority of the message according to the preset key value of the message and establishing a corresponding message uploading queue according to the priority of the message. Therefore, the uploading sequence of the messages is determined according to the priority of the message uploading queue, and for the messages with important or high real-time requirements, the messages are preferentially uploaded or are not interrupted when the flow is increased or the work load of the central processing unit is overlarge, so that the interruption of important services is prevented.
In addition, a redundant connection channel is designed between the ASIC 2 and the CPU 3, so that the message traffic can still be guaranteed to be sent once the auxiliary processor 1 fails.
The embodiment provides a message flow monitoring system based on a switch, which adopts an auxiliary processor to be respectively in data connection with a special application integrated circuit and a central processing unit through an Ethernet channel. The auxiliary processor receives the message sent by the special application integrated circuit, isolates and monitors the message flow between the special application integrated circuit and the central processing unit, and controls the speed of the message sent to the central processing unit by monitoring the working state of the central processing unit. The method and the device realize the filtering and flow control of the message, avoid the risk of safety or performance problems in the message sent to the central processing unit by the switch, and ensure the working reliability of the central processing unit.
Example two:
based on the first embodiment, as shown in fig. 2, the present invention also discloses a message traffic monitoring method based on the switch, which includes the following steps:
s1: the message service flow of the switch is processed and analyzed through the special application integrated circuit and is uploaded to the auxiliary processor.
S2: after receiving the message, the auxiliary processor carries out isolation and monitoring processing of message flow, determines the speed of the message to be sent to the central processing unit by monitoring the working state of the central processing unit, and sends the processed message to the central processing unit at the determined sending speed.
This step provides a work flow of the auxiliary processor, as shown in fig. 3, specifically:
the auxiliary processor receives the message sent by the special application integrated circuit; judging whether the message meets the filtering rule, if so, directly discarding; otherwise, determining whether the message is a safe message by carrying out safety check on the message; if the message is not a safe message, directly discarding the message; and if the message is a safety message, determining the working load of the central processing unit by reading the power of the power supply of the central processing unit.
At this time, the message is sent to the central processing unit after the flow shaping and the speed limiting are carried out on the message according to the load of the central processing unit. The method specifically comprises the following steps: if the work load of the central processing unit is lower than 80% of the total load, the message is directly sent to the central processing unit; if the workload of the central processing unit reaches 80% of the total load, the rate of the message to be sent is reduced to 80% of the initial rate; after the uploading rate is reduced, determining the priority of the message which is not uploaded by reading a preset key value of the message which is not uploaded; in the non-uploading guarantee, the message with the highest priority is uploaded to a central processing unit, and the rest messages are temporarily stored in a cache unit to wait for uploading; if the current cache unit has no storage space, directly discarding the rest messages; if the current flow of the uploaded message is larger than the preset bandwidth of the central processing unit, temporarily storing the message with the preset proportion to a cache unit.
In the above method, the adopted filtering rule specifically includes: first, unnecessary message types and potentially risky message types are set. Then, identifying whether the type of the current message is an unnecessary message type, and if so, directly discarding the message; if not, continuously identifying whether the type of the current message is a message type with potential risk; if yes, directly discarding, and if not, finishing filtering.
S3: and the central processing unit performs the overall management of the switch according to the processed message.
The embodiment provides a message flow monitoring method based on a switch, which improves the security of a message sent to a central processing unit on a special application integrated circuit, can effectively prevent the sending of an error message and a malicious message, and ensures the normal work of the switch. The embodiment effectively reduces the burden of the central processing unit for processing the messages sent by the special application integrated circuit, and the auxiliary processor can discard some redundant or secondary messages before the central processing unit, thereby reducing the processing burden for the central processing unit. The embodiment also realizes the functions of flow shaping, speed limiting and priority queue, ensures that the central processing unit processes important services of the switch, can prevent the conditions of central processing unit downtime, abnormity and the like caused by abnormal message uploading conditions, and further ensures the working reliability of the central processing unit.
In conclusion, the invention realizes the filtering and flow control of the message, avoids the risk of safety or performance problems in the message sent to the central processing unit by the switch, and ensures the working reliability of the central processing unit.
The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other. The method disclosed by the embodiment corresponds to the system disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the description of the method part.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
In the embodiments provided by the present invention, it should be understood that the disclosed system, system and method can be implemented in other ways. For example, the above-described system embodiments are merely illustrative, and for example, the division of the units is only one logical functional division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, systems or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional modules in the embodiments of the present invention may be integrated into one processing unit, or each module may exist alone physically, or two or more modules are integrated into one unit.
Similarly, each processing unit in the embodiments of the present invention may be integrated into one functional module, or each processing unit may exist physically, or two or more processing units are integrated into one functional module.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The message flow monitoring system and method based on the switch provided by the invention are introduced in detail above. The principles and embodiments of the present invention are explained herein using specific examples, which are presented only to assist in understanding the method and its core concepts. It should be noted that, for those skilled in the art, it is possible to make various improvements and modifications to the present invention without departing from the principle of the present invention, and those improvements and modifications also fall within the scope of the claims of the present invention.
Claims (10)
1. A message flow monitoring system based on a switch is characterized by comprising: the system comprises a switch and an auxiliary processor, wherein a special application integrated circuit and a central processing unit are arranged in the switch, and the auxiliary processor is respectively in data connection with the special application integrated circuit and the central processing unit through Ethernet channels;
the special application integrated circuit is used for processing and analyzing the message service flow of the switch and sending a message to the auxiliary processor;
the auxiliary processor is used for receiving the message sent by the special application integrated circuit, isolating and monitoring the message flow between the special application integrated circuit and the central processing unit, determining the message sending speed by monitoring the working state of the central processing unit, and sending the message to the central processing unit at the determined message sending speed;
and the central processing unit is used for carrying out overall management on the switch according to the sent message.
2. The switch-based message traffic monitoring system of claim 1, wherein the auxiliary processor comprises:
the isolation unit is used for carrying out statistical technology and content filtering analysis on the uploaded message, and redirecting the message to the central processing unit if the content filtering analysis is normal; when the central processing unit needs to reply to the special application integrated circuit by using the message, receiving the sent message and redirecting the message to the special application integrated circuit;
the monitoring unit is used for monitoring the working load of the central processing unit;
the buffer unit is used for buffering the message sent by the special application integrated circuit;
and the uploading speed control unit is used for starting a speed reduction strategy to control the rate of the uploading message according to the working load of the central processing unit.
3. The switch-based message traffic monitoring system of claim 2, wherein the isolation unit comprises:
the filtering module is used for starting a preset filtering rule to filter out potential risk traffic and unnecessary traffic in the message traffic and directly discarding the traffic; uploading the filtered message flow to a central processing unit, and recording the message flow into a log; and the protection module is used for starting a preset safety mechanism to identify illegal message flow in the message flow, directly discarding the illegal message flow and recording the illegal message flow into a log.
4. The switch-based message traffic monitoring system of claim 2, wherein the monitoring unit comprises:
and the power consumption detection module is used for determining the working load of the central processing unit by detecting the power consumption of the central processing unit.
5. The switch-based message traffic monitoring system of claim 2, wherein the speed-down policy comprises:
when the work load of the central processing unit reaches 80% of the total load, the message sending rate is reduced to 80% of the initial rate, if the work load of the central processing unit continues to increase, the message sending rate is reduced according to a preset function curve, and if the work load of the central processing unit reaches 98% of the total load, the message sending is stopped.
6. The switch-based message traffic monitoring system of claim 2, wherein the auxiliary processor further comprises:
and the priority setting unit is used for determining the priority of the message according to the preset key value of the message and establishing a corresponding message uploading queue according to the priority of the message.
7. A message flow monitoring method based on a switch is characterized by comprising the following steps:
s1: processing and analyzing the message service flow of the switch by using a special application integrated circuit, and uploading the message service flow to an auxiliary processor;
s2: after receiving the message, the auxiliary processor carries out isolation and monitoring processing of message flow, determines the speed of the message to be sent to the central processing unit by monitoring the working state of the central processing unit, and sends the processed message to the central processing unit at the determined sending speed;
s3: and the central processing unit performs the overall management of the switch according to the processed message.
8. The switch-based message traffic monitoring method according to claim 7, wherein the step S2 includes:
the auxiliary processor receives the message sent by the special application integrated circuit;
judging whether the message meets the filtering rule, if so, directly discarding; otherwise, determining whether the message is a safe message by carrying out safety check on the message;
if the message is not a safe message, directly discarding the message; if the message is a safe message, determining the working load of the central processing unit by reading the power of the power supply of the central processing unit, and carrying out flow shaping and speed limiting on the message according to the load of the central processing unit and then uploading the message to the central processing unit.
9. The switch-based message traffic monitoring method of claim 8, wherein the filtering rules comprise:
setting unnecessary message types and message types with potential risks;
identifying whether the type of the current message is an unnecessary message type, if so, directly discarding; if not, identifying whether the type of the current message is a message type with potential risk;
if yes, directly discarding, and if not, finishing filtering.
10. The message traffic monitoring method based on the switch according to claim 8, wherein the sending of the message to the central processor after traffic shaping and speed limiting according to the load of the central processor is specifically:
if the work load of the central processing unit is lower than 80% of the total load, the message is directly sent to the central processing unit;
if the workload of the central processing unit reaches 80% of the total load, the rate of the message to be sent is reduced to 80% of the initial rate;
after the uploading rate is reduced, determining the priority of the message which is not uploaded by reading a preset key value of the message which is not uploaded; in the non-uploading guarantee, the message with the highest priority is uploaded to a central processing unit, and the rest messages are temporarily stored in a cache unit to wait for uploading; if the current cache unit has no storage space, directly discarding the rest messages;
if the current flow of the uploaded message is larger than the preset bandwidth of the central processing unit, temporarily storing the message with the preset proportion to a cache unit.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110969789.1A CN113839885B (en) | 2021-08-23 | 2021-08-23 | Message flow monitoring system and method based on switch |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110969789.1A CN113839885B (en) | 2021-08-23 | 2021-08-23 | Message flow monitoring system and method based on switch |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113839885A true CN113839885A (en) | 2021-12-24 |
| CN113839885B CN113839885B (en) | 2023-08-18 |
Family
ID=78961018
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110969789.1A Active CN113839885B (en) | 2021-08-23 | 2021-08-23 | Message flow monitoring system and method based on switch |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113839885B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117041172A (en) * | 2023-10-09 | 2023-11-10 | 苏州元脑智能科技有限公司 | White box switch interface request processing method and device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6499107B1 (en) * | 1998-12-29 | 2002-12-24 | Cisco Technology, Inc. | Method and system for adaptive network security using intelligent packet analysis |
| CN101355567A (en) * | 2008-09-03 | 2009-01-28 | 中兴通讯股份有限公司 | Method for protecting safety of route-exchanging device central processing unit |
| CN111526064A (en) * | 2020-04-03 | 2020-08-11 | 北京星网锐捷网络技术有限公司 | Data stream processing method and device, electronic equipment and storage medium |
-
2021
- 2021-08-23 CN CN202110969789.1A patent/CN113839885B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6499107B1 (en) * | 1998-12-29 | 2002-12-24 | Cisco Technology, Inc. | Method and system for adaptive network security using intelligent packet analysis |
| CN101355567A (en) * | 2008-09-03 | 2009-01-28 | 中兴通讯股份有限公司 | Method for protecting safety of route-exchanging device central processing unit |
| CN111526064A (en) * | 2020-04-03 | 2020-08-11 | 北京星网锐捷网络技术有限公司 | Data stream processing method and device, electronic equipment and storage medium |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117041172A (en) * | 2023-10-09 | 2023-11-10 | 苏州元脑智能科技有限公司 | White box switch interface request processing method and device |
| CN117041172B (en) * | 2023-10-09 | 2024-02-02 | 苏州元脑智能科技有限公司 | White box switch interface request processing method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113839885B (en) | 2023-08-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11637845B2 (en) | Method and apparatus for malicious attack detection in a software defined network (SDN) | |
| JP5201415B2 (en) | Log information issuing device, log information issuing method and program | |
| CN105429824B (en) | Industrial control protocol self-adaptive depth detection device and method | |
| US8683033B2 (en) | Apparatus, system, and method for server failover to standby server during broadcast storm or denial-of-service attack | |
| CN109558366B (en) | Firewall based on multiprocessor architecture | |
| US20070234425A1 (en) | Multistep integrated security management system and method using intrusion detection log collection engine and traffic statistic generation engine | |
| CN101635652B (en) | Method and equipment for recovering fault of multi-core system | |
| EP2933954A1 (en) | Network anomaly notification method and apparatus | |
| CN101729231B (en) | Industrial Ethernet in distributed control system | |
| JP4152866B2 (en) | Storage device, storage device system, and communication control method | |
| CN113839885B (en) | Message flow monitoring system and method based on switch | |
| CN115484047A (en) | Method, device, equipment and storage medium for identifying flooding attack in cloud platform | |
| CN112260899B (en) | Network monitoring method and device based on MMU (memory management unit) | |
| CN101442439A (en) | Method for reporting interruption and PCI bus system | |
| CN107210969B (en) | Data processing method based on software defined network and related equipment | |
| CN114301644B (en) | Network anomaly detection system and method | |
| US10181997B2 (en) | Methods, systems and computer readable media for providing receive port resiliency in a network equipment test device | |
| CN116233018A (en) | Message processing method and device, electronic equipment and storage medium | |
| CN111327577A (en) | Switch-based security access method and device | |
| US7385980B2 (en) | Network relay device | |
| JP2006050442A (en) | Traffic monitoring method and system | |
| CN114598615B (en) | Firewall abnormality monitoring method, device, equipment and medium | |
| CN116074844B (en) | 5G slice escape attack detection method based on full-flow adaptive detection | |
| CN114124666B (en) | Network handling method, device, computer equipment and storage medium | |
| CN114124854B (en) | Message processing method and device, electronic equipment and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |