CN114374622B - Shunting method based on fusion shunting equipment and fusion shunting equipment - Google Patents
Shunting method based on fusion shunting equipment and fusion shunting equipment Download PDFInfo
- Publication number
- CN114374622B CN114374622B CN202111665640.0A CN202111665640A CN114374622B CN 114374622 B CN114374622 B CN 114374622B CN 202111665640 A CN202111665640 A CN 202111665640A CN 114374622 B CN114374622 B CN 114374622B
- Authority
- CN
- China
- Prior art keywords
- flow
- rule
- server
- address
- hash table
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 51
- 230000004927 fusion Effects 0.000 title claims abstract description 30
- 238000001914 filtration Methods 0.000 claims abstract description 157
- 238000012545 processing Methods 0.000 claims abstract description 93
- 238000004804 winding Methods 0.000 claims abstract description 13
- 238000005516 engineering process Methods 0.000 abstract description 5
- 238000012216 screening Methods 0.000 abstract description 5
- 230000000694 effects Effects 0.000 abstract description 4
- 238000010276 construction Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000011664 signaling Effects 0.000 description 2
- 230000000903 blocking effect Effects 0.000 description 1
- 230000010485 coping Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 239000006185 dispersion Substances 0.000 description 1
- 239000002360 explosive Substances 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008707 rearrangement Effects 0.000 description 1
- 239000000523 sample Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0876—Network utilisation, e.g. volume of load or congestion level
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/02—Capturing of monitoring data
- H04L43/028—Capturing of monitoring data by filtering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
- H04L45/745—Address table lookup; Address filtering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
- H04L45/745—Address table lookup; Address filtering
- H04L45/7453—Address table lookup; Address filtering using hashing
Abstract
The embodiment of the invention discloses a shunting method based on fusion shunting equipment and the fusion shunting equipment. Wherein the method comprises the following steps: the server generates a filtering rule according to the flow characteristics of the application program; when the rule winding piece is met, the server sends the filtering rule to the flow distribution board card; and the flow distribution board card acquires the flow output by the light distribution equipment, and performs flow distribution processing on the flow based on the filtering rule. According to the embodiment of the invention, the problems of low granularity, low filtering flexibility and the like of the filtered content in the related technology are solved by the method, the filtered content is associated with the application program, the effect of targeted flow screening is achieved, and the filtering capability and the filtering flexibility of low-value flow are improved.
Description
Technical Field
The embodiment of the invention relates to a computer flow acquisition and analysis technology, in particular to a flow distribution method based on a fusion flow distribution device and the fusion flow distribution device.
Background
In recent years, the national importance of network security is increasingly enhanced, and the construction of various supervision systems is continuously perfected, so that the supervision and coping capacity of the national network security is gradually improved. Meanwhile, with the continuous innovation of network technology, traffic in a network is in explosive growth, and the difficulty of traffic collection construction of basic telecom enterprises and supervision departments is gradually increased. The number of the collection devices is increased, the matching requirement on a machine room is increased, the maintenance cost of the system is increased, the field environment can not meet the requirement, and the problems of high construction investment, standing difficulty and the like of the safety collection system are caused.
The inventor finds that the defects existing in the prior art are: in the current stage, the large-flow collection and analysis work is influenced by a plurality of technical factors such as flow load balance, machine room dispersion, a plurality of links and the like, and the collection and analysis system is constructed by relying on the cooperation of the convergence and distribution equipment and the collection and analysis equipment to completely collect the flow. The current convergence and distribution equipment has the capacity of flow filtration, but the filtering method relies on a five-tuple blocking mode, so that the problems of low granularity of filtered contents, low filtering flexibility and the like exist. In practice, the traffic such as video and instant messaging in the existing network has lower correlation with network safety and little analysis significance, but the partial traffic accounts for more than 40-70 percent.
Disclosure of Invention
The embodiment of the invention provides a flow dividing method based on a fusion flow dividing device and the fusion flow dividing device, so that targeted flow screening is realized, and the effect of filtering low-value flow is achieved.
In a first aspect, an embodiment of the present invention provides a splitting method based on a converged splitting device, where the converged splitting device includes a server and a splitting board, and the server is electrically connected with the splitting board, and includes:
The server generates a filtering rule according to the flow characteristics of the application program, wherein the flow characteristics of the application program are determined based on a preset rule file;
when the rule winding piece is met, the server sends the filtering rule to the flow distribution board card;
and the flow distribution board card acquires the flow output by the light distribution equipment, and performs flow distribution processing on the flow based on the filtering rule.
Further, the server generates a filtering rule according to the flow characteristics of the application program, including: the server obtains the corresponding relation between the domain name and the IP address corresponding to the application program in the preset rule file; the server updates a domain name hash table according to the domain name, and updates an IP hash table according to an IP address corresponding to the domain name; and the server generates a rule hash table according to the domain name hash table and the IP hash table, wherein the rule hash table is used for recording filtering rules.
Further, the server generates a rule hash table according to the domain name hash table and the IP hash table, including: and for the target domain name in the domain name hash table, the server generates a filtering rule according to each IP address corresponding to the target domain name in the IP hash table, and updates the filtering rule to the rule hash table.
Further, the server generates a filtering rule according to the flow characteristics of the application program, and the method further includes: the server updates the IP hash table according to the IP address corresponding to the application program in the preset rule file; the server updates a port hash table according to the port identification corresponding to the application program in the preset rule file; and updating the rule hash table according to the IP hash table and/or the port hash table.
Further, after the splitter board card obtains the flow output by the splitter device, the method further includes: the flow dividing board card obtains domain name flow in the flow according to the port identification of the flow, and sends the domain name flow to the server; and the server acquires the corresponding relation between the domain name and the service IP address in the domain name flow, and updates the rule hash table according to the corresponding relation between the domain name and the service IP address.
Further, before the server sends the filtering rule to the splitter board, the method further includes: the server obtains the number of filtering rules in the rule hash table; and if the number exceeds the set number threshold, deleting the filtering rules exceeding the set number threshold in the rule hash table according to the rule generation time by the server.
Further, the server sends the filtering rule to the splitter card, including: the server acquires a source IP address and/or a source port identifier corresponding to each filtering rule, and a destination IP address and/or a destination port identifier; the server generates a first rule file according to the source IP address and/or the source port identifier corresponding to each filtering rule, and generates a second rule file according to the destination IP address and/or the destination port identifier corresponding to each filtering rule; and the server sends the first rule file to the exchange board card in the distribution board card and sends the second rule file to the service board card in the distribution board card.
Further, the flow splitting board card obtains the flow output by the light splitting device, performs the flow splitting processing on the flow based on the filtering rule, and includes: the flow distribution board card obtains the flow output by the light distribution equipment; the flow distribution board card obtains a source IP address and a destination IP address of the flow, and determines to execute forwarding or discarding processing on the flow according to the source IP address, the destination IP address, the first rule file and the second rule file.
Further, the flow splitting board card obtains the flow output by the light splitting device, performs the flow splitting processing on the flow based on the filtering rule, and includes: the flow distribution board card obtains the flow output by the light distribution equipment; the flow distribution board card acquires a source port identifier and a destination port identifier of the flow, and determines a first processing mode of the flow according to the source port identifier, the destination port identifier, the first rule file and the second rule file; the flow dividing board card acquires a source IP address and a destination IP address of the flow, and determines a second processing mode of the flow according to the source IP address, the destination IP address, the first rule file and the second rule file; and determining to execute forwarding or discarding processing on the traffic according to the first processing mode and the second processing mode.
Further, after the flow is split based on the filtering rule, the method further includes: the server obtains a shunting processing result of the flow corresponding to each IP address in the rule hash table, and determines the obtaining time of each IP address according to the shunting processing result; and if the time difference value between the acquired time and the current time is larger than a preset time threshold value, deleting the corresponding IP address from the filtering rule contained in the rule hash table.
In a second aspect, an embodiment of the present invention further provides a fusion and splitting device, where the fusion and splitting device includes a server and a splitting board card, where the server is electrically connected to the splitting board card, where the server performs a splitting method based on the fusion and splitting device according to any embodiment of the present invention, and the splitting board card performs a splitting method based on the fusion and splitting device according to any embodiment of the present invention.
According to the technical scheme provided by the embodiment of the invention, the filter rule is generated by the server according to the flow characteristics of the application program; when the rule winding piece is met, the server sends the filtering rule to the flow distribution board card; and the flow distribution board card acquires the flow output by the light distribution equipment, and performs flow distribution processing on the flow based on the filtering rule. The problems of low granularity, low filtering flexibility and the like of the filtering content in the related technology are solved, the filtering content is associated with the application program, the effect of targeted flow screening is achieved, and the filtering capability and the filtering flexibility of low-value flow are improved.
Drawings
Fig. 1 is a flowchart of a shunting method based on a fusion shunting device according to a first embodiment of the present invention;
fig. 2 is a flowchart of another shunting method based on a fusion shunting device according to a second embodiment of the present invention;
fig. 3 is a flowchart of another shunting method based on a fusion shunting device according to a third embodiment of the present invention;
fig. 4 is a flowchart of another shunting method based on a fusion shunting device according to a fourth embodiment of the present invention;
fig. 5 is a block diagram of a fusion and shunt device according to a fifth embodiment of the present invention.
Detailed Description
The invention is described in further detail below with reference to the drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting thereof. It should be further noted that, for convenience of description, only some, but not all of the structures related to the present invention are shown in the drawings.
Example 1
Fig. 1 is a flowchart of a shunting method based on a fusion shunting device according to a first embodiment of the present invention. The embodiment can be suitable for the condition of screening the flow by the fusion and shunt equipment. The method of the present embodiment may be performed by a converged offload device, which may be implemented in software and/or hardware.
Correspondingly, the method specifically comprises the following steps:
s110, the server generates a filtering rule according to the flow characteristics of the application program, wherein the flow characteristics of the application program are determined based on a preset rule file.
The server can be a server unit capable of inserting a plurality of cards into a rack-mounted chassis with standard height, is a low-cost server platform for realizing HAHD (High Availability High Density, high availability and high density), and is specially designed for special application industry and high-density computing environment. Specifically, the server may be an X86 architecture blade server, where the X86 architecture blade server implements management, rule generation, and issuing of the flow filtering rule of the splitter card. The flow characteristics of the application program can be that the flow characteristics corresponding to the corresponding application program are determined according to a preset rule file. The filtering rules may be rules that set up corresponding filtering due to differences in traffic characteristics of the application.
Illustratively, assume that the server may be a blade server of the X86 architecture. First, the blade server loads a pre-configured blacklist, which may be made up of application-related rule files. And acquiring the content in the rule file line by line, and generating a filtering rule according to the flow characteristics in the content. Wherein the traffic characteristics include domain name, IP address, port identification, etc. .
And S120, when the winding part meets the rule, the server sends the filtering rule to the flow distribution board card.
The flow dividing board card can realize the access of the flow, the filtration of the flow and the homologous and homogeneous distribution of the flow, and the flow of the DNS (Domain Name System ) is filtered according to the port and then is transmitted to the blade server of the X86 architecture.
The rule issuing condition is a condition that the server issues the filtering rule to the splitter plate card. For example, the rule issuing condition may be a timing issuing or issuing at set time intervals or the like.
Specifically, when the system time meets the rule issuing condition, the server may send a corresponding filtering rule to the splitter board card.
S130, the flow distribution board card obtains the flow output by the light distribution equipment, and the flow is subjected to flow distribution processing based on the filtering rule.
In the mobile communication network, the light splitting device is used as a special probe for signaling monitoring, and the original signaling data acquisition is mainly realized. Specifically, the optical splitter device may input the flow into the splitter card. The flow splitting treatment can be that the flow splitting board card can perform flow splitting treatment operation on corresponding flow according to the filtering rule.
Specifically, the flow distribution board card can obtain corresponding output flow from the light distribution equipment, and the flow distribution board card can perform distribution processing on the flow obtained from the light distribution equipment based on the filtering rule, so that corresponding distribution processing results can be obtained, and the corresponding distribution processing results can be fed back to the server.
According to the technical scheme provided by the embodiment of the invention, the filter rule is generated by the server according to the flow characteristics of the application program; when the rule winding piece is met, the server sends the filtering rule to the flow distribution board card; and the flow distribution board card acquires the flow output by the light distribution equipment, and performs flow distribution processing on the flow based on the filtering rule. The problems of low granularity, low filtering flexibility and the like of the filtering content in the related technology are solved, the filtering content is associated with the application program, the effect of targeted flow screening is achieved, and the filtering capability and the filtering flexibility of low-value flow are improved.
Optionally, after the splitter board card obtains the flow output by the splitter device, the method further includes: the flow dividing board card obtains domain name flow in the flow according to the port identification of the flow, and sends the domain name flow to the server; and the server acquires the corresponding relation between the domain name and the service IP address in the domain name flow, and updates the rule hash table according to the corresponding relation between the domain name and the service IP address.
The flow carries a port identifier, the splitter card obtains the port identifier by analyzing the flow, and domain name flow is filtered from the obtained flow based on the port identifier. The domain name traffic can be traffic containing domain name information which can be obtained by the splitter card in the traffic according to the port identification of the traffic. The regular hash table may map the key value to a location in the table to access the record to speed up the lookup. Specifically, each domain name corresponds to one or more service IP addresses, and the corresponding service IP address can be found according to the search domain name.
In this embodiment, the server is assumed to be a blade server of the X86 architecture. The splitter plate card can acquire corresponding output flow from the splitter device, and when the splitter plate card acquires the flow, the corresponding domain name flow can be identified according to the port identification of the flow. Further, the splitter card may send domain name traffic to the X86 architecture blade server. The blade server of the X86 architecture can establish a corresponding relation between the domain name and the service IP address according to the domain name flow, so that the blade server of the X86 architecture can update the rule hash table according to the corresponding relation.
The advantages of this arrangement are that: the domain name traffic is sent to the server through the splitter card, and the server can further update the rule hash table according to the corresponding relation between the domain name and the service IP address in the domain name traffic. Therefore, the relationship between the domain name and the service IP address can be more conveniently and accurately established, and the collection operation of the flow can be better carried out.
Optionally, before the server sends the filtering rule to the splitter board, the method further includes: the server obtains the number of filtering rules in the rule hash table; and if the number exceeds the set number threshold, deleting the filtering rules exceeding the set number threshold in the rule hash table according to the rule generation time by the server.
The set number threshold may be set based on a number value of filtering rules that the flow board can process. If the number exceeds the set number threshold, the server needs to delete the filtering rules exceeding the set number threshold in the rule hash table; if the number does not exceed the set number threshold, the server may issue the filter rules to the card in full quantity.
By way of example, assume that the server set number threshold may be 10. Because the number of the filtering rules which can be processed by the flow board card is 10, when the number of the filtering rules in the rule hash table is 8, the server can issue the corresponding filtering rules in a full quantity because the number does not exceed the set number threshold value by 10. When the number of the filtering rules in the rule hash table is 11, because the number exceeds the set number threshold by 10, the server deletes the filtering rules exceeding the set number threshold in the rule hash table according to the rule generation time, and specifically, the server needs to delete 1 filtering rule with earlier generation time in the rule hash table.
The advantages of this arrangement are that: the rule hash table can be updated timely by comparing the number with the set number threshold, so that the condition that the existence of a plurality of filtering rules exceeds the maximum processing capacity of the splitter plate card and the processing overload of the splitter plate card is caused is avoided. This allows for better acquisition of the flow.
Optionally, after the flow is split based on the filtering rule, the method further includes: the server obtains a shunting processing result of the flow corresponding to each IP address in the rule hash table, and determines the obtaining time of each IP address according to the shunting processing result; and if the time difference value between the acquired time and the current time is larger than a preset time threshold value, deleting the corresponding IP address from the filtering rule contained in the rule hash table.
The flow splitting processing result can be that the flow splitting board card performs flow splitting processing on the flow according to the filtering rule, a corresponding processing result is obtained, and the server can obtain the corresponding flow splitting processing result from the flow splitting board card. The preset time threshold may be a maximum difference between the acquisition time and the current time set by the server. Specifically, when the time difference between the acquired time and the current time is greater than a preset time threshold, the server needs to delete the corresponding IP address from the filtering rule included in the rule hash table. When the time difference between the acquired time and the current time is smaller than or equal to a preset time threshold, the server needs to keep the corresponding IP address in the filtering rule contained in the rule hash table.
For example, assume that the server preset time threshold is 10 days. The server obtains the shunting processing result of the corresponding flow of each IP address in the rule hash table, determines that the obtaining time of a certain IP address is 18 days of 11 months in 2020 according to the shunting processing result, and the current time is 30 days of 11 months in 2020, namely the IP address appears in the last 12 days. Because the time difference is 12 days, the time difference between the acquired time and the current time is 12 days greater than the preset time threshold for 10 days, and the server needs to delete the corresponding IP address from the filtering rules contained in the rule hash table.
Further, it is assumed that the acquisition time is 18 days 11 in 2020, and the current time is 22 days 11 in 2020. Because the time difference is 4 days, the time difference between the acquired time and the current time is less than the preset time threshold for 10 days, and the server needs to keep the corresponding IP address in the filtering rule contained in the rule hash table.
The advantages of this arrangement are that: by comparing the time difference between the acquired time and the current time with a preset time threshold, when the time difference is larger than the preset time threshold, the non-appeared IP address corresponding to the time exceeding the preset time threshold can be deleted from the filtering rule, so that the update processing of the IP address can be realized, and the flow diversion processing can be more accurately carried out.
Example two
Fig. 2 is a flowchart of another shunting method based on a fusion shunting device according to a second embodiment of the present invention. The present embodiment is refined based on the above embodiments, and in this embodiment, the filter rule is further refined for the server according to the traffic characteristics of the application program.
Correspondingly, the method specifically comprises the following steps:
s210, the server acquires the corresponding relation between the domain name and the IP address corresponding to the application program in the preset rule file.
S220, the server updates a domain name hash table according to the domain name, and updates an IP hash table according to the IP address corresponding to the domain name.
The domain name hash table may be a table storing a plurality of domain names, and the server may directly access the data structure according to the key code value of the domain name, and specifically, the server may update the domain name hash table according to the domain name. The IP hash table may be a table storing a plurality of IPs, and the server may directly access the data structure according to key values of the IPs, and in particular, the server may update the IP hash table according to the IPs.
S230, for the target domain name in the domain name hash table, the server generates a filtering rule according to each IP address corresponding to the target domain name in the IP hash table, and updates the filtering rule to the rule hash table.
The rule hash table is used for recording filtering rules.
In this embodiment, for the target domain name in the domain name hash table, the server may generate the corresponding filtering rule according to each IP address corresponding to the target domain name in the IP hash table. Further, the filter rules may be updated to the rule hash table.
And S240, when the rule winding piece is met, the server sends the filtering rule to the flow distribution board card.
Optionally, the server generates the filtering rule according to the traffic characteristics of the application program, and further includes: the server updates the IP hash table according to the IP address corresponding to the application program in the preset rule file; the server updates a port hash table according to the port identification corresponding to the application program in the preset rule file; and updating the rule hash table according to the IP hash table and/or the port hash table.
The port hash table may be a table storing a plurality of ports, and the server may directly access the data structure according to the key code value of the ports, and specifically, the server may update the port hash table according to the ports.
In this embodiment, first, the server updates the IP hash table according to the IP address corresponding to the application program in the preset rule file; further, the server updates the port hash table according to the port identifier corresponding to the application program in the preset rule file; accordingly, the rule hash table may be updated according to the IP hash table, the port hash table, and the IP hash table and the port hash table.
The advantages of this arrangement are that: the rule hash table can be updated according to the IP hash table, the port hash table, and the IP hash table and the port hash table. Therefore, the updating operation of the rule hash table can be enriched, and various processing conditions can be dealt with, so that the flow diversion processing can be more accurately carried out.
S250, the flow distribution board card obtains the flow output by the light distribution equipment, and the flow is subjected to flow distribution processing based on the filtering rule.
According to the technical scheme provided by the embodiment of the invention, the corresponding relation between the domain name and the IP address corresponding to the application program in the preset rule file is obtained through the server; the server updates a domain name hash table according to the domain name, and updates an IP hash table according to an IP address corresponding to the domain name; for a target domain name in the domain name hash table, the server generates a filtering rule according to each IP address corresponding to the target domain name in the IP hash table, and updates the filtering rule to the rule hash table; when the rule winding piece is met, the server sends the filtering rule to the flow distribution board card; and the flow distribution board card acquires the flow output by the light distribution equipment, and performs flow distribution processing on the flow based on the filtering rule. The updating operation of the rule hash table can be enriched, and various processing conditions can be dealt with, so that the flow diversion processing can be more accurately carried out.
Example III
Fig. 3 is a flowchart of another shunting method based on a fusion shunting device according to a third embodiment of the present invention. The present embodiment is refined based on the above embodiments, in the present embodiment, the filtering rule is further refined by sending the filtering rule to the splitter card by the server, and forwarding or discarding processing is performed on the traffic based on the IP address determination.
Correspondingly, the method specifically comprises the following steps:
s310, the server generates a filtering rule according to the flow characteristics of the application program.
The flow characteristics of the application program are determined based on a preset rule file.
And S320, when the rule winding part is met, the server acquires the source IP address and/or the source port identifier and the destination IP address and/or the destination port identifier corresponding to each filtering rule.
The source IP address may be an identifier for identifying the location of the object, where the information in transmission has the source IP address, and identifies the source nodes of the communication, i.e. the source. The source port identification may be a source port identification number of the network enabled application software. The destination IP address may be that the information in the transmission carries the destination IP address, respectively identifying the destination node, i.e. the sink, of the communication. The destination port identification may be a destination port identification number of the network enabled application software.
S330, the server generates a first rule file according to the source IP address and/or the source port identifier corresponding to each filtering rule, and generates a second rule file according to the destination IP address and/or the destination port identifier corresponding to each filtering rule.
The first rule file may be a rule file generated by the server according to a source IP address, a source port identifier, and a source IP address and a source port identifier corresponding to each filtering rule. The second rule file may be a rule file generated by the server according to the destination IP address, the destination port identifier, and the destination IP address and the destination port identifier corresponding to each filtering rule.
S340, the server sends the first rule file to the exchange board card in the distribution board card, and sends the second rule file to the service board card in the distribution board card.
The switch board card may be a board card for performing information exchange processing in the splitter board card, and the server may send the first rule file to the switch board card. The service card may be a card that performs service processing in the distribution card, and the server may send the second rule file to the service card.
S350, the flow distribution board card obtains the flow output by the light distribution equipment.
S360, the flow distribution board card acquires a source IP address and a destination IP address of the flow, and determines to forward or discard the flow according to the source IP address, the destination IP address, the first rule file and the second rule file.
In this embodiment, when the splitter card obtains a source IP address and a destination IP address of a flow, the server generates a first rule file according to a source IP address, a source port identifier, and a source IP address and a source port identifier corresponding to each filtering rule; and the server generates a second rule file according to the destination IP address, the destination port identifier, the destination IP address and the destination port identifier corresponding to each filtering rule. The flow distribution board card can further perform flow distribution processing according to the source IP address, the destination IP address, the first rule file and the second rule file. Specifically, when the flow meets the filtering rule, the flow dividing board card performs discarding treatment on the flow; and when the flow does not meet the filtering rule, the flow distribution board card executes forwarding processing on the flow. And forwarding the flow subjected to forwarding to a network safety flow acquisition and analysis system, and performing relevant analysis on the flow through the network safety flow acquisition and analysis system.
According to the technical scheme provided by the embodiment of the invention, the corresponding relation between the domain name and the IP address corresponding to the application program in the preset rule file is obtained through the server; the server updates a domain name hash table according to the domain name, and updates an IP hash table according to an IP address corresponding to the domain name; for a target domain name in the domain name hash table, the server generates a filtering rule according to each IP address corresponding to the target domain name in the IP hash table, and updates the filtering rule to the rule hash table; when the rule winding part is met, the server acquires a source IP address and/or a source port identifier and a destination IP address and/or a destination port identifier corresponding to each filtering rule; the server generates a first rule file according to the source IP address and/or the source port identifier corresponding to each filtering rule, and generates a second rule file according to the destination IP address and/or the destination port identifier corresponding to each filtering rule; the server sends the first rule file to the exchange board card in the distribution board card and sends the second rule file to the service board card in the distribution board card; the flow distribution board card obtains the flow output by the light distribution equipment; the flow distribution board card obtains a source IP address and a destination IP address of the flow, and determines to execute forwarding or discarding processing on the flow according to the source IP address, the destination IP address, the first rule file and the second rule file. The embodiment determines forwarding or discarding processing of the traffic based on the source IP address, the source port identifier, the source IP address and the source port identifier, and the destination IP address, the destination port identifier, the destination IP address and the destination port, respectively, and determines forwarding or discarding processing of the traffic based on the IP address of the traffic, so that traffic splitting processing can be accurately performed, and the analysis efficiency of the network security traffic acquisition and analysis system is improved.
Example IV
Fig. 4 is a flowchart of another shunting method based on a fusion shunting device according to a fourth embodiment of the present invention. The present embodiment is refined based on the above embodiments, in this embodiment, the filtering rule is further refined by sending the filtering rule to the splitter card by the server, and forwarding or discarding processing is determined to be performed on the traffic based on both the port identification and the IP address.
Correspondingly, the method specifically comprises the following steps:
s410, the server generates a filtering rule according to the flow characteristics of the application program.
The flow characteristics of the application program are determined based on a preset rule file.
And S420, when the rule winding part is met, the server acquires a source IP address and/or a source port identifier and a destination IP address and/or a destination port identifier corresponding to each filtering rule.
S430, the server generates a first rule file according to the source IP address and/or the source port identifier corresponding to each filtering rule, and generates a second rule file according to the destination IP address and/or the destination port identifier corresponding to each filtering rule.
S440, the server sends the first rule file to the exchange board card in the distribution board card, and sends the second rule file to the service board card in the distribution board card.
S450, the flow distribution board card obtains the flow output by the light distribution equipment.
S460, the flow distribution board card acquires a source port identifier and a destination port identifier of the flow, and determines a first processing mode of the flow according to the source port identifier, the destination port identifier, the first rule file and the second rule file.
The first processing mode may be a processing mode of determining the flow by the splitter card according to the source port identifier, the destination port identifier, the first rule file and the second rule file.
And S470, the flow distribution board card acquires a source IP address and a destination IP address of the flow, and determines a second processing mode of the flow according to the source IP address, the destination IP address, the first rule file and the second rule file.
The second processing mode may be a processing mode of determining the flow by the splitter card according to the source IP address, the destination IP address, the first rule file and the second rule file.
Specifically, the source port identification of the flow obtained by the flow distribution board card is matched with the first rule file. And if the filtering rule containing the source port identification is matched in the first rule file, judging that the matching is successful. And the destination port identification of the acquired flow is matched with the second rule file. And if the filtering rule containing the destination port identification is matched in the second rule file, judging that the matching is successful. If at least one of the matching results is successful, determining that the first processing mode of the corresponding flow is discarding. Otherwise, determining the first processing mode of the corresponding flow as forwarding.
Further, when the first processing mode of the traffic is discarding, the source IP address of the traffic obtained by the card is matched with the first rule file. And if the filtering rule containing the IP address is matched in the first rule file, judging that the matching is successful. And the destination IP address of the acquired flow is matched with the second rule file. And if the filtering rule containing the destination IP address is matched in the second rule file, judging that the matching is successful. And if at least one of the matching results is successful, determining that the second processing mode of the corresponding flow is discarding. Otherwise, determining the second processing mode of the corresponding flow as forwarding.
S480, determining to execute forwarding or discarding processing on the traffic according to the first processing mode and the second processing mode.
For example, if the first treatment mode is the same as the second treatment mode, the corresponding traffic is treated in either the first treatment mode or the second treatment mode.
And if the first processing mode is different from the second processing mode, processing the corresponding flow in the second processing mode.
According to the technical scheme provided by the embodiment of the invention, the corresponding relation between the domain name and the IP address corresponding to the application program in the preset rule file is obtained through the server; the server updates a domain name hash table according to the domain name, and updates an IP hash table according to an IP address corresponding to the domain name; for a target domain name in the domain name hash table, the server generates a filtering rule according to each IP address corresponding to the target domain name in the IP hash table, and updates the filtering rule to the rule hash table; when the rule winding part is met, the server acquires a source IP address and/or a source port identifier and a destination IP address and/or a destination port identifier corresponding to each filtering rule; the server generates a first rule file according to the source IP address and/or the source port identifier corresponding to each filtering rule, and generates a second rule file according to the destination IP address and/or the destination port identifier corresponding to each filtering rule; the server sends the first rule file to the exchange board card in the distribution board card and sends the second rule file to the service board card in the distribution board card; the flow distribution board card obtains the flow output by the light distribution equipment; the flow distribution board card acquires a source port identifier and a destination port identifier of the flow, and determines a first processing mode of the flow according to the source port identifier, the destination port identifier, the first rule file and the second rule file; the flow dividing board card acquires a source IP address and a destination IP address of the flow, and determines a second processing mode of the flow according to the source IP address, the destination IP address, the first rule file and the second rule file; and determining to execute forwarding or discarding processing on the traffic according to the first processing mode and the second processing mode. According to the embodiment, forwarding or discarding processing of the traffic is determined based on the IP address and the port identifier of the traffic, so that traffic splitting processing can be more accurately performed by combining the IP address and the port identifier of the traffic, and the efficiency of the traffic splitting processing is improved.
Example five
Fig. 5 is a block diagram of a fusion and shunt device according to a fifth embodiment of the present invention. The fusion splitting device 510 includes a server 520 and a splitting board 530, and the server 520 is electrically connected to the splitting board 530.
The server 520 is configured to perform a splitting method based on the converged splitting device 510; the splitting device is configured to perform a splitting method based on the fusion splitting device 510. Wherein the method comprises the following steps: the server 520 generates a filtering rule according to the flow characteristics of the application program, wherein the flow characteristics of the application program are determined based on a preset rule file; when the rule winding piece is satisfied, the server 520 sends the filtering rule to the flow distribution card 530; the splitter board 530 acquires the flow output by the splitter device, and performs splitting processing on the flow based on the filtering rule.
Optionally, the server 520 generates the filtering rule according to the traffic characteristics of the application program, including: the server 520 obtains the correspondence between the domain name and the IP address corresponding to the application program in the preset rule file; the server 520 updates a domain name hash table according to the domain name, and updates an IP hash table according to the IP address corresponding to the domain name; the server 520 generates a rule hash table according to the domain name hash table and the IP hash table, where the rule hash table is used to record filtering rules.
Optionally, the server 520 generates a rule hash table according to the domain name hash table and the IP hash table, including: for the target domain name in the domain name hash table, the server 520 generates a filtering rule according to each IP address corresponding to the target domain name in the IP hash table, and updates the filtering rule to the rule hash table.
Optionally, the server 520 generates the filtering rule according to the traffic characteristics of the application program, and further includes: the server 520 updates the IP hash table according to the IP address corresponding to the application program in the preset rule file; the server 520 updates a port hash table according to the port identifier corresponding to the application program in the preset rule file; and updating the rule hash table according to the IP hash table and/or the port hash table.
Optionally, after the splitter board 530 obtains the flow output by the splitter device, the method further includes: the splitter board 530 obtains the domain name traffic in the traffic according to the port identifier of the traffic, and sends the domain name traffic to the server 520; the server 520 obtains the correspondence between the domain name and the service IP address in the domain name traffic, and updates the rule hash table according to the correspondence between the domain name and the service IP address.
Optionally, before the server 520 sends the filtering rules to the board card 530, the method further includes: the server 520 obtains the number of filtering rules in the rule hash table; if the number exceeds a set number threshold, the server 520 deletes the filtering rule exceeding the set number threshold in the rule hash table according to the rule generation time.
Optionally, the server 520 sends the filtering rules to the splitter card 530, including: the server 520 obtains a source IP address and/or a source port identifier, and a destination IP address and/or a destination port identifier, which correspond to each filtering rule; the server 520 generates a first rule file according to the source IP address and/or the source port identifier corresponding to each filtering rule, and generates a second rule file according to the destination IP address and/or the destination port identifier corresponding to each filtering rule; the server 520 sends the first rule file to the switch board in the splitter board 530, and sends the second rule file to the service board in the splitter board 530.
Optionally, the splitting board 530 acquires a flow output by the splitting device, performs splitting processing on the flow based on the filtering rule, and includes: the splitter board 530 acquires the flow output by the splitter device; the splitter card 530 obtains a source IP address and a destination IP address of the traffic, and determines to perform forwarding or discarding processing on the traffic according to the source IP address, the destination IP address, the first rule file, and the second rule file.
Optionally, the splitting board 530 acquires a flow output by the splitting device, performs splitting processing on the flow based on the filtering rule, and includes: the splitter board 530 acquires the flow output by the splitter device; the splitter board 530 obtains a source port identifier and a destination port identifier of the flow, and determines a first processing mode for the flow according to the source port identifier, the destination port identifier, the first rule file and the second rule file; the splitter board 530 obtains a source IP address and a destination IP address of the traffic, and determines a second processing manner for the traffic according to the source IP address, the destination IP address, the first rule file and the second rule file; and determining to execute forwarding or discarding processing on the traffic according to the first processing mode and the second processing mode.
Optionally, after the flow is split based on the filtering rule, the method further includes: the server 520 obtains the shunting processing result of the flow corresponding to each IP address in the rule hash table, and determines the obtaining time of each IP address according to the shunting processing result; and if the time difference value between the acquired time and the current time is larger than a preset time threshold value, deleting the corresponding IP address from the filtering rule contained in the rule hash table.
Note that the above is only a preferred embodiment of the present invention and the technical principle applied. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, while the invention has been described in connection with the above embodiments, the invention is not limited to the embodiments, but may be embodied in many other equivalent forms without departing from the spirit or scope of the invention, which is set forth in the following claims.
Claims (10)
1. The shunting method based on the fusion shunting equipment is characterized in that the fusion shunting equipment comprises a server and a shunting board card, and the server is electrically connected with the shunting board card;
the server generates a filtering rule according to the flow characteristics of the application program, wherein the flow characteristics of the application program are determined based on a preset rule file;
when the rule winding piece is met, the server sends the filtering rule to the flow distribution board card; the flow distribution board card is used for realizing the access of the flow, the filtration of the flow and the homologous and homogeneous distribution of the flow;
And the flow distribution board card acquires the flow output by the light distribution equipment, and performs flow distribution processing on the flow based on the filtering rule.
The server generates a filtering rule according to the flow characteristics of the application program, and the filtering rule comprises the following steps:
the server obtains the corresponding relation between the domain name and the IP address corresponding to the application program in the preset rule file;
the server updates a domain name hash table according to the domain name, and updates an IP hash table according to an IP address corresponding to the domain name;
and the server generates a rule hash table according to the domain name hash table and the IP hash table, wherein the rule hash table is used for recording filtering rules.
2. The method of claim 1, wherein the server generating a rule hash table from the domain name hash table and the IP hash table comprises:
and for the target domain name in the domain name hash table, the server generates a filtering rule according to each IP address corresponding to the target domain name in the IP hash table, and updates the filtering rule to the rule hash table.
3. The method of claim 1, wherein the server generates the filter rule based on traffic characteristics of the application, further comprising:
The server updates the IP hash table according to the IP address corresponding to the application program in the preset rule file;
the server updates a port hash table according to the port identification corresponding to the application program in the preset rule file;
and updating the rule hash table according to the IP hash table and/or the port hash table.
4. The method of claim 1, wherein after the splitter board acquires the flow output by the splitter device, further comprising:
the flow dividing board card obtains domain name flow in the flow according to the port identification of the flow, and sends the domain name flow to the server;
and the server acquires the corresponding relation between the domain name and the service IP address in the domain name flow, and updates the rule hash table according to the corresponding relation between the domain name and the service IP address.
5. The method of claim 1, further comprising, prior to the server sending the filtering rules to the manifold card:
the server obtains the number of filtering rules in the rule hash table;
and if the number exceeds the set number threshold, deleting the filtering rules exceeding the set number threshold in the rule hash table according to the rule generation time by the server.
6. The method of claim 1, wherein the server sending the filtering rules to the manifold card comprises:
the server acquires a source IP address and/or a source port identifier corresponding to each filtering rule, and a destination IP address and/or a destination port identifier;
the server generates a first rule file according to the source IP address and/or the source port identifier corresponding to each filtering rule, and generates a second rule file according to the destination IP address and/or the destination port identifier corresponding to each filtering rule;
and the server sends the first rule file to the exchange board card in the distribution board card and sends the second rule file to the service board card in the distribution board card.
7. The method of claim 1, wherein the splitting board card obtains a flow output by the splitting device, and performs splitting processing on the flow based on the filtering rule, and the method comprises the steps of:
the flow distribution board card obtains the flow output by the light distribution equipment;
the flow distribution board card obtains a source IP address and a destination IP address of the flow, and determines to forward or discard the flow according to the source IP address, the destination IP address, the first rule file and the second rule file.
8. The method of claim 1, wherein the splitting board card obtains a flow output by the splitting device, and performs splitting processing on the flow based on the filtering rule, and the method comprises the steps of:
the flow distribution board card obtains the flow output by the light distribution equipment;
the flow distribution board card acquires a source port identifier and a destination port identifier of the flow, and determines a first processing mode of the flow according to the source port identifier, the destination port identifier, the first rule file and the second rule file;
the flow dividing board card acquires a source IP address and a destination IP address of the flow, and determines a second processing mode of the flow according to the source IP address, the destination IP address, the first rule file and the second rule file;
and determining to execute forwarding or discarding processing on the traffic according to the first processing mode and the second processing mode.
9. The method of claim 1, further comprising, after splitting the traffic based on the filtering rules:
the server obtains a shunting processing result of the flow corresponding to each IP address in the rule hash table, and determines the obtaining time of each IP address according to the shunting processing result;
And if the time difference value between the acquired time and the current time is larger than a preset time threshold value, deleting the corresponding IP address from the filtering rule contained in the rule hash table.
10. The fusion and distribution equipment is characterized by comprising a server and a distribution board card, wherein the server is electrically connected with the distribution board card:
the server for performing the splitting method of any of claims 1-9;
the split board card is used for executing the split method as claimed in any one of claims 1 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111665640.0A CN114374622B (en) | 2021-12-31 | 2021-12-31 | Shunting method based on fusion shunting equipment and fusion shunting equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111665640.0A CN114374622B (en) | 2021-12-31 | 2021-12-31 | Shunting method based on fusion shunting equipment and fusion shunting equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114374622A CN114374622A (en) | 2022-04-19 |
| CN114374622B true CN114374622B (en) | 2023-12-19 |
Family
ID=81142438
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111665640.0A Active CN114374622B (en) | 2021-12-31 | 2021-12-31 | Shunting method based on fusion shunting equipment and fusion shunting equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114374622B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117240735B (en) * | 2023-11-09 | 2024-01-19 | 湖南戎腾网络科技有限公司 | Method, system, equipment and storage medium for filtering audio and video streams |
Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1564547A (en) * | 2004-03-25 | 2005-01-12 | 上海复旦光华信息科技股份有限公司 | High speed filtering and stream dividing method for keeping connection features |
| CN104468636A (en) * | 2015-01-09 | 2015-03-25 | 李忠 | SDN structure for DDoS threatening filtering and link reallocating and working method |
| CN104539594A (en) * | 2014-12-17 | 2015-04-22 | 南京晓庄学院 | SDN (software defined network) framework, system and working method combining DDoS (distributed denial of service) threat filtering and routing optimization |
| CN104754066A (en) * | 2013-12-26 | 2015-07-01 | 华为技术有限公司 | Message processing method and message processing equipment |
| CN105323173A (en) * | 2014-07-18 | 2016-02-10 | 中兴通讯股份有限公司 | Network rule entry setting method and device |
| CN105871773A (en) * | 2015-01-18 | 2016-08-17 | 吴正明 | DDoS filtering method based on SDN network architecture |
| CN106549944A (en) * | 2016-10-17 | 2017-03-29 | 上海斐讯数据通信技术有限公司 | A kind of domain filter method based on linux kernel Hash table |
| CN110808913A (en) * | 2018-08-30 | 2020-02-18 | 华为技术有限公司 | Message processing method, device and related equipment |
| CN112272193A (en) * | 2020-11-19 | 2021-01-26 | 天津光电通信技术有限公司 | Filtering and shunting platform for effectively solving message multi-hit flow and implementation method |
| CN112350833A (en) * | 2020-11-25 | 2021-02-09 | 杭州迪普信息技术有限公司 | Flow filtering method and device |
| US10924456B1 (en) * | 2020-07-14 | 2021-02-16 | Centripetal Networks, Inc. | Methods and systems for efficient encrypted SNI filtering for cybersecurity applications |
| CN112491901A (en) * | 2020-11-30 | 2021-03-12 | 北京锐驰信安技术有限公司 | Network flow fine screening device and method |
| CN112929376A (en) * | 2021-02-10 | 2021-06-08 | 恒安嘉新(北京)科技股份公司 | Flow data processing method and device, computer equipment and storage medium |
| CN113382019A (en) * | 2021-06-30 | 2021-09-10 | 山石网科通信技术股份有限公司 | Flow data processing method |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8201252B2 (en) * | 2002-09-03 | 2012-06-12 | Alcatel Lucent | Methods and devices for providing distributed, adaptive IP filtering against distributed denial of service attacks |
| US8380870B2 (en) * | 2009-08-05 | 2013-02-19 | Verisign, Inc. | Method and system for filtering of network traffic |
| US9219747B2 (en) * | 2013-10-28 | 2015-12-22 | At&T Intellectual Property I, L.P. | Filtering network traffic using protected filtering mechanisms |
-
2021
- 2021-12-31 CN CN202111665640.0A patent/CN114374622B/en active Active
Patent Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1564547A (en) * | 2004-03-25 | 2005-01-12 | 上海复旦光华信息科技股份有限公司 | High speed filtering and stream dividing method for keeping connection features |
| CN104754066A (en) * | 2013-12-26 | 2015-07-01 | 华为技术有限公司 | Message processing method and message processing equipment |
| CN105323173A (en) * | 2014-07-18 | 2016-02-10 | 中兴通讯股份有限公司 | Network rule entry setting method and device |
| CN104539594A (en) * | 2014-12-17 | 2015-04-22 | 南京晓庄学院 | SDN (software defined network) framework, system and working method combining DDoS (distributed denial of service) threat filtering and routing optimization |
| CN104468636A (en) * | 2015-01-09 | 2015-03-25 | 李忠 | SDN structure for DDoS threatening filtering and link reallocating and working method |
| CN105871773A (en) * | 2015-01-18 | 2016-08-17 | 吴正明 | DDoS filtering method based on SDN network architecture |
| CN106549944A (en) * | 2016-10-17 | 2017-03-29 | 上海斐讯数据通信技术有限公司 | A kind of domain filter method based on linux kernel Hash table |
| CN110808913A (en) * | 2018-08-30 | 2020-02-18 | 华为技术有限公司 | Message processing method, device and related equipment |
| US10924456B1 (en) * | 2020-07-14 | 2021-02-16 | Centripetal Networks, Inc. | Methods and systems for efficient encrypted SNI filtering for cybersecurity applications |
| CN112272193A (en) * | 2020-11-19 | 2021-01-26 | 天津光电通信技术有限公司 | Filtering and shunting platform for effectively solving message multi-hit flow and implementation method |
| CN112350833A (en) * | 2020-11-25 | 2021-02-09 | 杭州迪普信息技术有限公司 | Flow filtering method and device |
| CN112491901A (en) * | 2020-11-30 | 2021-03-12 | 北京锐驰信安技术有限公司 | Network flow fine screening device and method |
| CN112929376A (en) * | 2021-02-10 | 2021-06-08 | 恒安嘉新(北京)科技股份公司 | Flow data processing method and device, computer equipment and storage medium |
| CN113382019A (en) * | 2021-06-30 | 2021-09-10 | 山石网科通信技术股份有限公司 | Flow data processing method |
Non-Patent Citations (4)
| Title |
|---|
| Hugo Gonzalez ; Natalia Stakhanova ; Ali A. Ghorbani." A Performance Evaluation of Hash Functions for IP Reputation Lookup Using Bloom Filters".《2015 10th International Conference on Availability, Reliability and Security》.2015,全文. * |
| Marc Antoine Gosselin-Lavigne * |
| 基于Libpcap的局域网流量测量系统设计与实现;李若霖;王金一;陶智勇;陈琦;南凯;阎保平;;计算机应用研究(第10期);全文 * |
| 针对DDoS攻击的检测与控制系统;金伟;崔鸿;王志;郭发勤;汪屹文;贺帅;;网络空间安全(第Z3期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114374622A (en) | 2022-04-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109257326B (en) | Method and device for defending against data stream attack, storage medium and electronic equipment | |
| WO2016150131A1 (en) | Load balancing method, device and system for service function chain | |
| CN107769992B (en) | Message parsing and shunting method and device | |
| CN107092686B (en) | File management method and device based on cloud storage platform | |
| CN114374622B (en) | Shunting method based on fusion shunting equipment and fusion shunting equipment | |
| CN110278152B (en) | Method and device for establishing fast forwarding table | |
| CN111049849A (en) | Network intrusion detection method, device, system and storage medium | |
| CN112929376A (en) | Flow data processing method and device, computer equipment and storage medium | |
| CN104883362A (en) | Method and device for controlling abnormal access behaviors | |
| CN115826444A (en) | Security access control method, system, device and equipment based on DNS analysis | |
| CN113595900B (en) | Routing control method, device and system and border gateway protocol peer | |
| CN111131479B (en) | Flow processing method and device and flow divider | |
| CN106790411B (en) | The non-polymeric port cascade system and method for virtual switch and physical switches | |
| CN111600971A (en) | Equipment management method and equipment management device | |
| CN114157611B (en) | Message de-duplication method, device and storage medium | |
| CN101552747A (en) | Method, device and system for route management | |
| CN111654452B (en) | Message processing method and device | |
| CN108833724B (en) | CDR synthesis method and device | |
| CN111695148B (en) | Security filtering method and device for self-learning of network node | |
| CN111629276B (en) | Security filtering method and device for controlling self-conversion of items | |
| US20200341968A1 (en) | Differential Update of Local Cache from Central Database | |
| CN111629275B (en) | Safety filtering method for multicast table item self-aggregation | |
| CN102142996B (en) | Method and device for identifying physical node in cloud operating system | |
| CN113691607B (en) | Flow load balancing control method and device and electronic equipment | |
| CN113824720B (en) | Message processing method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |