CN115314564A - Message matching method, computer device and computer-readable storage medium - Google Patents
Message matching method, computer device and computer-readable storage medium Download PDFInfo
- Publication number
- CN115314564A CN115314564A CN202211048413.8A CN202211048413A CN115314564A CN 115314564 A CN115314564 A CN 115314564A CN 202211048413 A CN202211048413 A CN 202211048413A CN 115314564 A CN115314564 A CN 115314564A
- Authority
- CN
- China
- Prior art keywords
- matched
- message
- matching
- field
- matching result
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/06—Notations for structuring of protocol data, e.g. abstract syntax notation one [ASN.1]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/70—Admission control; Resource allocation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
Abstract
The application provides a message matching method, computer equipment and a computer readable storage medium, which relate to the field of network communication, and the message matching method comprises the following steps: dividing access control list ACL matched resources of the first network equipment into a fixed field resource group and a variable field resource group, wherein the fixed field resource group comprises a set of fixed fields, and the variable field resource group comprises a set of variable fields; receiving a message to be matched, and matching the message to be matched according to a fixed field in a fixed field resource group and a variable field in a variable field resource group to obtain a first matching result; and determining the matching action of the message to be matched according to the first matching result. According to the method and the device, the ACL matching resources are divided, and the message is subjected to level screening, so that the use of the whole ACL resources can be saved.
Description
Technical Field
The present application relates to the field of network communication technologies, and in particular, to a packet matching method, a computer device, and a computer-readable storage medium.
Background
Access Control List (ACL) resources of a network device are limited, and the resources are generally limited according to length and entry, for example, if the resources match 128 bytes, if the resources match 8K, the number of the resources becomes 4K when the resources match 256 bytes, and if the resources match 512 bytes, the number of the resources becomes 2K. With the development of tunnel services, it is often necessary to match the messages encapsulated in the tunnel on the network, and since the length of the tunnel header has consumed a relatively large number of message lengths, the length of the ACL resource is required to be continuously increased.
Generally, the same or repeated fields in a plurality of messages are called fixed fields, and the different or changed fields in a plurality of messages are called variable fields. In the related art, if a certain position in a message encapsulated by a tunnel needs to be subjected to flow matching. An ACL resource with a length equivalent to that of the ACL resource is required to be used for processing, for example, the tunnel header consumes 128 bytes, an ACL resource with 256 bytes is required to be used for matching to the inside, a field which needs to be matched is not in the tunnel header, and the whole tunnel header information of the data flow is the same.
Disclosure of Invention
The application aims at solving the problems in the prior art to at least a certain extent, and provides a message matching method, computer equipment and a computer readable storage medium, which can save the use of the whole ACL resources.
The technical scheme of the embodiment of the application is as follows:
in a first aspect, the present application provides a packet matching method, which is applied to a first network device, and the method includes:
dividing Access Control List (ACL) matching resources of the first network equipment into a fixed field resource group and a variable field resource group, wherein the fixed field resource group comprises a set of fixed fields, and the variable field resource group comprises a set of variable fields;
receiving a message to be matched, and matching the message to be matched according to a fixed field in the fixed field resource group and a variable field in the variable field resource group to obtain a first matching result;
and determining the matching action of the message to be matched according to the first matching result.
In a second aspect, the present application provides a packet matching method, which is applied to a first network device, and the method includes:
receiving a message to be matched, and matching a first fixed field of the message to be matched according to the fixed field in the fixed field resource group of the first network equipment to obtain a first matching result;
under the condition that the first matching result indicates that the first fixed field is matched, the message to be matched is sent to second network equipment, so that the variable field of the message to be matched is matched according to the variable field in the variable field resource group of the second network equipment, and a second matching result is obtained;
receiving the second matching result returned by the second network equipment;
and determining the matching action of the message to be matched according to the second matching result.
In a third aspect, the present application provides a packet matching method, which is applied to a first network device, and the method includes:
receiving a message to be matched, and sending the message to be matched to second network equipment so as to match a second fixed field of the message to be matched according to the fixed field in a fixed field resource group of the second network equipment to obtain a first matching result;
receiving the first matching result returned by the second network equipment;
under the condition that the first matching result indicates that the second fixed field is matched, matching the variable field of the message to be matched according to the variable field in the variable field resource group of the first network equipment to obtain a second matching result;
and determining the matching action of the message to be matched according to the second matching result.
In a fourth aspect, the present application provides a packet matching method, which is applied to a second network device, and the method includes:
receiving a message to be matched sent by first network equipment;
and matching the variable fields of the message to be matched according to the variable fields in the variable field resource group of the second network equipment to obtain a second matching result, and returning the second matching result to the first network equipment, so that the first network equipment determines the matching action of the message to be matched according to the second matching result.
In a fifth aspect, the present application provides a packet matching method, which is applied to a second network device, and the method includes:
receiving a message to be matched sent by first network equipment;
and matching a second fixed field of the message to be matched according to the fixed field in the fixed field resource group of the second network equipment to obtain a first matching result, returning the first matching result to the first network equipment, so that the first network equipment matches the variable field of the message to be matched according to the variable field in the variable field resource group of the first network equipment to obtain a second matching result, and determining the matching action of the message to be matched according to the second matching result.
In a sixth aspect, the present application provides a computer device comprising a memory and a processor, the memory having stored therein computer-readable instructions which, when executed by one or more of the processors, cause the one or more processors to perform the steps of the method as described in any one of the first, second, third, fourth and fifth aspects above.
In a seventh aspect, the present application further provides a computer-readable storage medium, which can be read by and written to by a processor, the storage medium storing computer instructions, which, when executed by one or more processors, cause the one or more processors to perform the steps of any one of the methods described in the first, second, third, fourth and fifth aspects above.
The embodiment of the application comprises the following steps: the ACL matched resources of the first network equipment are divided into fixed field resource groups and variable field resource groups, wherein the fixed field resource groups comprise a set of fixed fields, and the variable field resource groups comprise a set of variable fields; and receiving a message to be matched, and matching the message to be matched according to the fixed fields in the fixed field resource group and the variable fields in the variable field resource group to obtain a first matching result. And determining the matching action of the message to be matched according to the first matching result. Compared with the prior art that ACL resources with the length equivalent to that of the message to be matched are used for processing the message with the fixed field, and a large amount of resources are consumed, the ACL matching resources are divided, and the message is subjected to hierarchical screening, so that the use of the whole ACL resources can be saved.
Drawings
Fig. 1 is a schematic flowchart of a message matching method according to an embodiment of the present application;
FIG. 2 is a schematic flow chart illustrating a sub-step of step S120 in FIG. 1;
fig. 3 is a schematic flowchart of a message matching method according to another embodiment of the present application;
FIG. 4 is a flow chart illustrating a sub-step of step S130 in FIG. 1;
fig. 5 is a schematic flowchart of a message matching method according to another embodiment of the present application;
FIG. 6 is a flow chart illustrating a sub-step of step S240 in FIG. 5;
fig. 7 is a schematic flowchart of a message matching method according to another embodiment of the present application;
FIG. 8 is a flow chart illustrating a sub-step of step S340 in FIG. 7;
fig. 9 is a schematic flowchart of a message matching method according to another embodiment of the present application;
fig. 10 is a schematic flowchart of a message matching method according to another embodiment of the present application;
fig. 11 is a schematic diagram of loopback port matching provided by an embodiment of the present application;
fig. 12 is a schematic diagram of a second network device matching provided by an embodiment of the present application;
FIG. 13 is a schematic structural diagram of a computer device provided in an embodiment of the present application;
fig. 14 is a schematic diagram of a message matching method in the prior art.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
It should be noted that, although a logical order is illustrated in the flowcharts, in some cases, the steps illustrated or described may be performed in an order different from that in the flowcharts. The terms first, second and the like in the description and in the claims, as well as in the drawings described above, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order.
In the related art, as shown in fig. 14, a packet includes a physical address MAC, a Virtual Local Area Network (VLAN) tag, an IP address, and packet DATA, where the packet DATA may further include N ACL entries, and the packet length of the packet is long, and when matching ACL resources of a tunnel service, the corresponding entries of the packet are matched one by one using ACL resources equal to the packet, and the length of the ACL occupies more resources, so that the resources that can be used are relatively less, and more ACL resources need to be occupied for completing packet matching.
Based on this, the embodiment of the application provides a message matching method, a computer device and a computer readable storage medium, the embodiment of the application includes dividing an Access Control List (ACL) matching resource of a first network device into a fixed field resource group and a variable field resource group, the fixed field resource group includes a set of fixed fields, the variable field resource group includes a set of variable fields, and by dividing the ACL matching resource, the method is beneficial to screening messages to be matched for multiple times and reducing resource usage; the method comprises the steps of receiving a message to be matched, matching the message to be matched according to the fixed fields in the fixed field resource groups and the variable fields in the variable field resource groups to obtain a first matching result, and matching the message to be matched by using the fixed field resource groups because the set does not comprise repeated elements, so that the use of resources can be reduced, and further the use of integral ACL resources can be saved. And determining the matching action of the message to be matched according to the first matching result. Compared with the prior art that ACL resources with the length equivalent to that of a message to be matched are used for processing the message with a fixed field and a large amount of resources are consumed, the ACL matching resources are divided and the message is subjected to hierarchical screening, so that the use of the whole ACL resources can be saved.
In an embodiment, the message matching method is mainly applied to a scene that the ACL resources are insufficient or the position of a message field needing to be overlong is matched by a switch or a router, thereby enriching the use method of the ACL and saving the resources of the ACL. The message matching method is also suitable for matching short messages, and is not described herein.
The embodiments of the present application will be further explained with reference to the drawings.
Referring to fig. 1, fig. 1 shows a schematic flow diagram of a message matching method according to an embodiment of the present application, where the message matching method according to the embodiment of the present application is applied to a first network device, where the first network device may be a switch or a router, and the first network device has a receiving port and a loopback port. The message matching method includes, but is not limited to, step S110, step S120, and step S130.
Step S110, dividing the access control list ACL matching resources of the first network device into a fixed field resource group and a variable field resource group, where the fixed field resource group includes a set of fixed fields and the variable field resource group includes a set of variable fields.
In an embodiment, an access control list ACL matching resource of a first network device is divided into a fixed field resource group and a variable field resource group, where the fixed field resource group includes a set of fixed fields, the set of fixed fields is a set of fixed fields corresponding to a message that conforms to a preset ACL matching rule, the ACL matching rule includes a matching length and matching entries, the matching length may be 32 bytes or 64 bytes, and the matching length can be set according to the length of the message, which is not described herein; because the fixed field is the same or repeated field in a plurality of messages, elements in the set are different, and only one matching entry corresponding to the fixed field is provided, the matching of the fixed field of the message to be matched with the matching entry is facilitated, and the use of ACL matching resources is reduced. The variable field resource group comprises a set of variable fields corresponding to a message according with a preset ACL matching rule, the set of variable fields is a set formed by the variable fields corresponding to the message according with the preset ACL matching rule, the preset ACL matching rule comprises a matching length and matching entries, the matching length can be 32 bytes or 64 bytes, and the variable field resource group can be set according to the length of the message, which is not described again; the matching entries are a plurality of matching entries corresponding to the variable fields of the message, that is, the matching entries are an enumeration of the matching conditions of the variable fields, and matching of different fields of the message is realized. ACL matching resources are divided into fixed field resource groups and variable field resource groups, so that hierarchical screening of messages can be realized, the use of the ACL matching resources is converted from product consumption to addition consumption, and the use of the resources is reduced.
And step S120, receiving the message to be matched, and matching the message to be matched according to the fixed fields in the fixed field resource group and the variable fields in the variable field resource group to obtain a first matching result.
As shown in fig. 2, matching the message to be matched according to the fixed field in the fixed field resource group and the variable field in the variable field resource group to obtain a first matching result, which includes, but is not limited to, the following steps:
and step S121, matching the first fixed field of the message to be matched according to the fixed field in the fixed field resource group to obtain a second matching result.
In an embodiment, a first fixed field of a message to be matched is matched through a fixed field in a fixed field resource group, so as to obtain a second matching result. For the first fixed field of each message to be matched, one matching entry of the fixed field resource group is adopted for matching, instead of using a plurality of matching entries for matching, so that the use of ACL matching resources is saved. The first fixed field is a message header field packaged on the outermost layer of the message to be matched, or a field matched firstly in the message matching process; the second matching result is the matching result of the first fixed field.
In an embodiment, according to the obtained second matching result, when the second matching result indicates that the first fixed field is not matched, it indicates that the fixed field of the fixed-field resource group is matched with the fixed field of the message to be matched and the message to be matched is rejected, or the fixed field of the fixed-field resource group is not matched with the fixed field of the message to be matched, and the message to be matched is directly discarded without performing subsequent matching operation. Discarding the message to be matched is beneficial to limiting the network flow and improving the network performance.
And S122, under the condition that the second matching result indicates that the first fixed field is matched, matching the variable field of the message to be matched according to the variable field in the variable field resource group to obtain a first matching result.
In an embodiment, according to the second matching result obtained in step S121, when the second matching result indicates that the first fixed field is matched, the fixed field indicating the fixed-field resource group is matched to the first fixed field of the message to be matched, and the first fixed field of the message to be matched is allowed to pass through, and the variable field in the variable-field resource group is used to match the variable field of the message to be matched, so as to obtain the first matching result. The messages to be matched are screened in a multi-stage mode through the fixed field resource groups and the variable field resource groups, so that the matching length and the matching items can be reduced, the use of the overall ACL matching resources is reduced, and the condition that the ACL matching resources are insufficient due to the fact that the matching length is too long is avoided. The first matching result is obtained after matching the fields of the message to be matched.
As shown in fig. 3, the message matching method further includes, but is not limited to, the following steps:
step S123, configuring a fixed field resource group on a receiving port of the first network device, where the receiving port is configured to receive the message to be matched, and matching a first fixed field of the message to be matched on the receiving port according to a fixed field in the fixed field resource group, so as to obtain a second matching result.
In an embodiment, the message to be matched is received through the receiving port, and the first fixed field of the message to be matched is matched on the receiving port according to the configured fixed field resource group, so that a second matching result is obtained. By matching the first fixed field on the receiving port instead of matching all the fields, the matching length used for matching can be reduced, so that sufficient ACL matching resources are used.
Illustratively, a physical address in a tunnel message header and a label header are matched on a receiving port, the label header is located between the physical address and an IP address in the message, the physical address and the label header are both fixed fields, and the fixed fields in the fixed field resource group are used for matching the physical address and the label header. If the important field to be matched is in the physical address, matching the message to be matched is not needed, and subsequent execution action is executed according to a matching result; if the important field to be matched is not in the physical address, the matching processing of the subsequent steps is carried out.
In an embodiment, according to the obtained second matching result, when the second matching result indicates that the first fixed field is not matched, the fixed field of the fixed-field resource group is matched with the fixed field of the message to be matched and the message to be matched is rejected, or the fixed field of the fixed-field resource group is not matched with the fixed field of the message to be matched, and the message to be matched is directly discarded without performing subsequent matching operation. Discarding the message to be matched is beneficial to limiting network flow and improving network performance.
Step S124, configuring a fixed field resource group on the first loopback port of the first network device, and matching a second fixed field of the message to be matched on the first loopback port according to the fixed field in the fixed field resource group under the condition that the second matching result indicates that the first fixed field is matched, to obtain a third matching result, where the second fixed field is a fixed field other than the first fixed field.
In an embodiment, a fixed field resource group is configured on a first loopback port of a first network device, when a second matching result indicates that a first fixed field is matched, the fixed field of the fixed field resource group is matched with the first fixed field of a message to be matched, the first fixed field of the message to be matched is allowed to pass through, the message to be matched is redirected to the first loopback port, and a third matching result is obtained by matching a second fixed field of the message to be matched on the first loopback port according to the fixed field in the fixed field resource group. The message to be matched can be screened again by matching the second fixed field on the first loopback port, and the use of ACL matching resources is converted from product consumption to addition consumption by hierarchical screening, so that the use of resources is reduced. The second fixed field is a fixed field except the first fixed field, and can be a message header field packaged in the next outer layer of the message to be matched, or a field matched after the first matching in the message matching process; the third matching result is a result of matching the second fixed field; the first loopback port is a special interface, which is not a physical interface, but a logical interface invisible, one or more loopback interfaces can be created by a configuration command on the first network device, and the IP address and the mask of the loopback interface can be configured as the physical interface, and the mask of the loopback interface is generally all 1.
Illustratively, when the first loopback port matches an IP address in a tunnel message header and the IP address is a fixed field, the IP address is matched by using the fixed field in the fixed field resource group of the first loopback port. If the important field to be matched is in the IP address, matching the message to be matched is not needed, and executing subsequent execution action according to a matching result; if the important field to be matched is not in the IP address, the message to be matched is relocated to the second loopback port, the processing steps are similar to the message matching of the first loopback port, and the details are not repeated here. Through multistage matching, the use of overlong ACL matching length for matching is avoided, and further the use of the whole ACL resources can be saved.
In an embodiment, according to the obtained third matching result, when the third matching result indicates that the second fixed field is not matched, the fixed field of the fixed-field resource group is matched with the fixed field of the message to be matched and the message to be matched is rejected, or the fixed field of the fixed-field resource group is not matched with the fixed field of the message to be matched, and the message to be matched is directly discarded without performing subsequent matching operation. Discarding the message to be matched is beneficial to limiting the network flow and improving the network performance.
Step S125, configuring a variable field resource group on a second loopback port of the first network device, and matching a variable field of the message to be matched on the second loopback port according to a variable field in the variable field resource group under the condition that the third matching result indicates that the second fixed field is matched, to obtain a first matching result.
In an embodiment, a fixed field resource group is configured on a second loopback port of the first network device, when a third matching result indicates that a second fixed field is matched, the fixed field of the fixed field resource group is matched with a second fixed field of the message to be matched, the second fixed field of the message to be matched is allowed to pass through, the message to be matched is redirected to the second loopback port, and a variable field of the message to be matched is matched on the second loopback port according to a variable field in the variable field resource group to obtain a first matching result. Through the hierarchical screening, not only can the finally forwarded message be obtained, but also the use of the ACL matching resources can be converted from product consumption to addition consumption, and the use of the whole ACL matching resources is saved. The second loopback port is a special interface, which is not a physical interface, but a logical interface that is invisible.
Illustratively, in the case that the data part is a variable field, the matching of the data part is performed by using the variable field in the variable field resource group of the second loopback port. If the important field to be matched is in the data part, matching the message to be matched is not needed, and executing subsequent execution action according to a matching result; if the important field to be matched is not in the data part, the message to be matched is relocated to the next loopback port, the processing steps are similar to the message matching of the first loopback port, and the matching of the rest data parts is carried out, which is not described herein again. Through multistage matching, the use of overlong ACL matching length for matching is avoided, and the integral ACL resource use can be saved
Step S130, determining the matching action of the message to be matched according to the first matching result.
As shown in fig. 4, the determining the matching action of the message to be matched according to the first matching result includes, but is not limited to, the following steps:
step S131, under the condition that the first matching result indicates that the variable field is matched, the message to be matched is uploaded to the central processing unit or the message to be matched is forwarded.
In an embodiment, according to the first matching result obtained in step S120, when the first matching result indicates that the variable field is matched, the fixed field resource group and the variable field resource group are matched to all fields of the message to be matched, and the message to be matched is allowed to pass through, the message to be matched is uploaded to the central processing unit or the message to be matched is forwarded. When the message to be matched is uploaded to the central processing unit, the central processing unit inquires a forwarding table and forwards the message to be matched; and when the message to be matched is forwarded, directly forwarding the message according to the destination address of the message to be matched.
And step S132, under the condition that the first matching result indicates that the variable field is not matched, finishing matching and discarding the message to be matched.
In an embodiment, according to the first matching result obtained in step S120, when the first matching result indicates that the variable field is not matched, it indicates that the variable field resource group is matched to the variable field of the message to be matched and the message to be matched is rejected, or the variable field resource group is not matched to the variable field of the message to be matched, and the message to be matched is directly discarded without performing subsequent matching operation. Discarding the message to be matched is beneficial to limiting network flow and improving network performance.
In an embodiment, a variable field resource group is configured on a first loopback port of the first network device, and when the second matching result indicates that the first fixed field is matched, the variable field of the message to be matched is matched on the first loopback port according to the variable field in the variable field resource group, so as to obtain a third matching result. The messages to be matched can be screened again by matching the variable fields on the first loopback port, and the use of ACL matching resources is converted from product consumption to addition consumption by hierarchical screening, so that the use of resources is reduced. Wherein the third matching result is a result of matching the variable field.
Referring to fig. 11, fig. 11 shows a loopback port matching schematic diagram provided in an embodiment of the present application, where a receiving port, a loopback port 1, and a loopback port 2 are provided on a first network device, a message to be matched is obtained through the receiving port of the first network device when a matched important field is in a message data portion, and a physical address and a VLAN of the message to be matched are matched on the receiving port according to a fixed field resource group to obtain a first matching result, and the message to be matched is discarded when the first matching result indicates that no matching is achieved; redirecting the message to be matched to a loopback port 1 of the first network equipment under the condition that the first matching result indicates that the message is matched, and performing IP address matching on the loopback port 1 according to the variable field resource group to obtain a second matching result; under the condition that the second matching result indicates that the message is not matched, discarding the message to be matched; redirecting the message to be matched to a loopback port 2 of the first network equipment under the condition that the second matching result indicates matching, and performing message data matching on the loopback port 2 according to the variable field resource group to obtain a third matching result; under the condition that the third matching result indicates that the message is not matched, discarding the message to be matched; in the event that the third match result indicates a match is made, and a significant field is matched, the first network device forwards the message to be matched to the central processing unit. And matching different ACL entries through a plurality of loopback ports, and using ACL matching rules preset by different ports to match the ACL entries occupies less ACL resources, thereby reducing the resource occupation.
Illustratively, the source physical address of the message to be screened is: 00: 00: 12345, destination IP address: 10.10.10.1, source IP address: 20.20.20.1, the message payload to be matched is a field with 0 xeefefefef behind the IP header, and if the message is matched, the message is sent to the central processing unit. The specific matching mode is as follows: firstly, a receiving port of first network equipment receives a message to be matched, a fixed field resource group is configured, and a matching source physical address is screened: 00: 00: redirecting the 12345 message to the loopback port 1, and entering the message with all source and destination physical addresses and tunnel labels meeting the requirements into the loopback port 1; then setting a variable field resource group on the loopback port 1, and screening and matching the target IP address: 10.10.10.1, source IP address: 20.20.20.1 to loopback port 2, all of which conform to the destination IP address: 10.10.10.1, source IP address: the message of 20.20.20.1 enters the loopback port 2, finally the loopback port 2 is provided with a variable field resource group, the last 4 bytes of the matched IP header are screened to be 0 xEFEFEFEFEFEF, and the action is executed to send all messages to the central processing unit. Through three rounds of screening, the messages can be correctly matched and sent to the central processing unit, and the configuration length of each round of ACL does not exceed 32 bytes. However, if the common ACL matching method is used, a 64-byte ACL is used to match the message at this position. If there are N entries to be matched, the resource used in the embodiment of the present application is 32 × N (N + 1), and the ACL resource used in the conventional method is 64 × N, so that the message matching method can effectively reduce the resource usage.
In an embodiment, the important field for screening and matching is a message data portion of the last 4 bytes of the IP header, the message data portion may further include M ACL entries, if the matched data is located at a position behind the message data portion, or the IP header includes N ACL entries, more loopback ports need to be set on the first network device to complete multiple ACL screening, and matching of the ACL to the ultra-long message can be extended, so that matching of the message can be theoretically not limited by the length of the ACL, and use of resources can be reduced.
Referring to fig. 5, fig. 5 shows a schematic flow diagram of a message matching method according to another embodiment of the present application, where the message matching method according to the embodiment of the present application is applied to a first network device, where the first network device may be a switch or a router, and the first network device has a receiving port and a loopback port. The message matching method includes, but is not limited to, step S210, step S220, step S230, and step S240.
Step S210, receiving a message to be matched, and matching a first fixed field of the message to be matched according to the fixed field in the fixed field resource group of the first network device to obtain a first matching result.
In an embodiment, a message to be matched is received, and then a first fixed field of the message to be matched is matched through a fixed field in a fixed field resource group of a first network device, so that a first matching result is obtained. For the first fixed field of each message to be matched, one matching entry of the fixed field resource group is adopted for matching, instead of using a plurality of matching entries for matching, so that the use of ACL matching resources is saved. The first fixed field is a message header field packaged on the outermost layer of the message to be matched, or a field matched firstly in the message matching process; the first matching result is a matching result of a first fixed field of the message to be matched at the first network equipment side.
In an embodiment, according to the obtained first matching result, when the first matching result indicates that the first fixed field is not matched, it indicates that the fixed field of the fixed-field resource group is matched with the fixed field of the message to be matched and the message to be matched is rejected, or the fixed field of the fixed-field resource group is not matched with the fixed field of the message to be matched, and the message to be matched is directly discarded without performing subsequent matching operation. Discarding the message to be matched is beneficial to limiting the network flow and improving the network performance.
Step S220, under the condition that the first matching result indicates that the first fixed field is matched, the message to be matched is sent to the second network equipment, so that the variable field of the message to be matched is matched according to the variable field in the variable field resource group of the second network equipment, and a second matching result is obtained.
In an embodiment, according to the first matching result obtained in step S210, when the first matching result indicates that the first fixed field is matched, the fixed field indicating the fixed-field resource group is matched to the first fixed field of the message to be matched, and the first fixed field of the message to be matched is allowed to pass, and the message to be matched is sent to the second network device, so that the variable field of the message to be matched is matched according to the variable field in the variable-field resource group of the second network device, and the second matching result is obtained. And sending the message to be matched to second network equipment, and distributing the consumption of the ACL matched resources to a plurality of pieces of equipment to avoid the condition that the ACL matched resources on one piece of equipment are insufficient. Wherein the second matching result is a result obtained on the second network device.
Step S230, receiving a second matching result returned by the second network device.
In an embodiment, the second matching result sent by the second network device is received, and multiple matching screening is realized, so that matching by using a longer ACL is avoided, and the use of ACL resources can be reduced.
And step S240, determining the matching action of the message to be matched according to the second matching result.
As shown in fig. 6, determining the matching action of the message to be matched according to the second matching result includes:
and step S241, uploading the message to be matched to the central processing unit or forwarding the message to be matched under the condition that the second matching result indicates that the variable field is matched.
In an embodiment, according to the second matching result obtained in step S230, when the second matching result indicates that the variable field is matched, it indicates that the fixed field resource group and the variable field resource group are matched to all fields of the message to be matched, and the message to be matched is allowed to pass through, and then the message to be matched is uploaded to the central processing unit or the message to be matched is forwarded. When the message to be matched is uploaded to the central processing unit, the central processing unit inquires a forwarding table and forwards the message to be matched; when the message to be matched is forwarded, the message is directly forwarded according to the destination address of the message to be matched.
And step S242, under the condition that the second matching result indicates that the variable field is not matched, ending the matching and discarding the message to be matched.
In an embodiment, according to the second matching result obtained in step S230, when the second matching result indicates that the variable field is not matched, the variable field indicating the variable field resource group is matched to the variable field of the message to be matched and the message to be matched is rejected, or the variable field resource group is not matched to the variable field of the message to be matched, and no subsequent matching operation is performed, and the message to be matched is directly discarded. Discarding the message to be matched is beneficial to limiting network flow and improving network performance.
Referring to fig. 7, fig. 7 is a schematic flowchart illustrating a flow of a packet matching method according to another embodiment of the present application, where the packet matching method according to the embodiment of the present application is applied to a first network device, where the first network device may be a switch or a router, and the first network device has a receiving port and a loopback port. The message matching method includes, but is not limited to, step S310, step S320, step S330, and step S340.
Step S310, receiving the message to be matched, and sending the message to be matched to the second network equipment, so as to match the second fixed field of the message to be matched according to the fixed field in the fixed field resource group of the second network equipment, and obtain the first matching result.
In an embodiment, the message to be matched is received first, the first fixed field of the message to be matched may be matched through the fixed field of the fixed field resource group of the first network device, and the message to be matched is sent to the second network device under the condition that the fixed field of the fixed field resource group matches the first fixed field of the message to be matched, so that the second fixed field of the message to be matched is matched according to the fixed field in the fixed field resource group of the second network device, and a first matching result is obtained. The message to be matched is directly sent to the second network equipment for matching without processing by the first network equipment, a plurality of second network equipment are arranged, the first fixed field of the message to be matched is matched on one second network equipment by configuring the fixed field of the fixed field resource group, and then the message to be matched is redirected to the other second network equipment, so that the second fixed field of the message to be matched is matched according to the fixed field in the fixed field resource group of the second network equipment, and a first matching result is obtained. The consumption of the ACL matching resources is distributed to a plurality of devices, so that the condition that the ACL matching resources on one device are insufficient is avoided. The second fixed field is a fixed field except the first fixed field, and can be a message header field encapsulated in the next outer layer of the message to be matched, or a field matched after the first matching in the message matching process; the first matching result is a result obtained on the second network device; the number of the second network devices can be multiple, and the messages to be matched can be forwarded on the multiple second network devices for matching.
Step S320, receiving a first matching result returned by the second network device.
In an embodiment, the first matching result sent by the second network device is received, and multiple matching screening is realized, so that matching by using a longer ACL is avoided, and the use of ACL resources can be reduced.
In an embodiment, according to the obtained first matching result, when the first matching result indicates that the second fixed field is not matched, the fixed field of the fixed-field resource group is matched with the fixed field of the message to be matched and the message to be matched is rejected, or the fixed field of the fixed-field resource group is not matched with the fixed field of the message to be matched, and the message to be matched is directly discarded without performing subsequent matching operation. Discarding the message to be matched is beneficial to limiting network flow and improving network performance.
And step S330, matching the variable fields of the message to be matched according to the variable fields in the variable field resource group of the first network equipment under the condition that the first matching result indicates that the second fixed fields are matched, so as to obtain a second matching result.
In an embodiment, when the first matching result is matched with the second fixed field, the variable field of the message to be matched is matched by using the variable field in the variable field resource group of the first network device, so as to obtain a second matching result. The messages to be matched are screened in a multi-stage mode through the fixed field resource groups and the variable field resource groups, so that the matching length and the matching items can be reduced, the use of the overall ACL matching resources is reduced, and the condition that the ACL matching resources are insufficient due to the fact that the matching length is too long is avoided. And the second matching result is obtained after the fields of the message to be matched are matched by the first network equipment side.
And step S340, determining a matching action of the message to be matched according to the second matching result.
As shown in fig. 8, determining the matching action of the message to be matched according to the second matching result includes:
step S341, if the second matching result indicates that the variable field is matched, the message to be matched is uploaded to the central processing unit or forwarded.
In an embodiment, according to the second matching result obtained in step S330, when the second matching result indicates that the variable field is matched, it indicates that the fixed field resource group and the variable field resource group are matched to all fields of the message to be matched, and the message to be matched is allowed to pass through, and then the message to be matched is uploaded to the central processing unit or the message to be matched is forwarded. When the message to be matched is uploaded to the central processing unit, the central processing unit inquires a forwarding table and forwards the message to be matched; when the message to be matched is forwarded, the message is directly forwarded according to the destination address of the message to be matched.
And step S342, under the condition that the second matching result indicates that the variable field is not matched, finishing matching and discarding the message to be matched.
In an embodiment, according to the second matching result obtained in step S330, when the second matching result indicates that the variable field is not matched, the variable field indicating the variable field resource group is matched to the variable field of the message to be matched and the message to be matched is rejected, or the variable field indicating the variable field resource group is not matched to the variable field of the message to be matched, and the message to be matched is directly discarded without performing a subsequent matching operation. Discarding the message to be matched is beneficial to limiting network flow and improving network performance.
Referring to fig. 9, fig. 9 is a schematic flowchart illustrating a flow of a packet matching method according to another embodiment of the present application, where the packet matching method according to the embodiment of the present application is applied to a second network device, where the second network device may be a switch or a router, and the number of the second network devices may be multiple. The message matching method includes, but is not limited to, step S410 and step S420.
Step S410, receiving a message to be matched sent by the first network device.
In an embodiment, a to-be-matched message sent by a first network device is received, which indicates that the to-be-matched message passes through matching of a first network device side, and may be matching of a fixed field of the to-be-matched message or matching of a variable field of the to-be-matched message, so that a subsequent second network device is facilitated to match the to-be-matched message, and whether the to-be-matched message is forwarded or not is determined.
And step S420, matching the variable fields of the message to be matched according to the variable fields in the variable field resource group of the second network equipment to obtain a second matching result, and returning the second matching result to the first network equipment, so that the first network equipment determines the matching action of the message to be matched according to the second matching result.
In an embodiment, variable fields in a variable field resource group of a second network device are used for matching variable fields of a received message to be matched to obtain a second matching result, and the second matching result is returned to the first network device, so that the first network device determines a matching action of the message to be matched according to the second matching result. By distributing the consumption of the ACL-matched resources to a plurality of second network devices, the situation of insufficient ACL-matched resources on the first network device can be avoided.
Referring to fig. 10, fig. 10 is a schematic flowchart illustrating a flow of a message matching method according to another embodiment of the present application, where the message matching method according to the embodiment of the present application is applied to a second network device, where the second network device may be a switch or a router, and the number of the second network devices may be multiple. The message matching method includes, but is not limited to, step S510 and step S520.
Step S510, receiving a message to be matched sent by the first network device.
In an embodiment, a to-be-matched message sent by a first network device is received, which indicates that the to-be-matched message passes through matching at the first network device side, and the to-be-matched message can be directly sent to a second network device through matching of a first fixed field of the to-be-matched message or without matching, so that a subsequent second network device can match the to-be-matched message to determine whether to forward the to-be-matched message.
Step S520, matching a second fixed field of the message to be matched according to the fixed field in the fixed field resource group of the second network equipment to obtain a first matching result, returning the first matching result to the first network equipment, so that the first network equipment matches the variable field of the message to be matched according to the variable field in the variable field resource group of the first network equipment to obtain a second matching result, and determining the matching action of the message to be matched according to the second matching result.
In an embodiment, a fixed field in a fixed field resource group on a first network device side is matched with a first fixed field of a message to be matched and allows the message to be matched, a second fixed field of the received message to be matched is matched by using a fixed field in a fixed field resource group of a second network device to obtain a first matching result, and the second matching result is returned to the first network device, so that the first network device determines a matching action of the message to be matched according to the second matching result. The message to be matched is redirected to another second network device by using a fixed field in a fixed field resource group of one second network device to match with a first fixed field of the message to be matched and allow the message to be matched, a second fixed field of the received message to be matched is matched by using a fixed field in a fixed field resource group of another second network device to obtain a first matching result, and the second matching result is returned to the first network device, so that the first network device determines the matching action of the message to be matched according to the second matching result. By distributing the consumption of the ACL-matched resources to a plurality of second network devices, the situation of insufficient ACL-matched resources on the first network device can be avoided. And the second matching result is the matching result of the fixed field at the second network equipment side.
Referring to fig. 12, fig. 12 is a schematic diagram illustrating a second network device matching provided in the embodiment of the present application. The method comprises the steps that a loopback port is not arranged on first network equipment, matched important fields are arranged on a message data part, firstly, a message to be matched is obtained through the first network equipment, a physical address and a Virtual Local Area Network (VLAN) are matched on the message to be matched according to fixed fields of a fixed field resource group to obtain a first matching result, and the message to be matched is discarded under the condition that the first matching result indicates that the message to be matched is not matched; when the first matching result indicates that the message is matched, redirecting the message to be matched to second network equipment, and performing IP address matching on the second network equipment according to the fixed fields of the fixed field resource group to obtain a second matching result; under the condition that the second matching result indicates that the message is not matched, discarding the message to be matched; redirecting the message to be matched to first network equipment under the condition that the second matching result indicates that the message is matched, and performing message data matching by the first network equipment according to the variable fields of the variable field resource group to obtain a third matching result; under the condition that the third matching result indicates that the message is not matched, discarding the message to be matched; in case the third match result indicates a match, i.e. a match to the important field, the first network device sends the message to be matched up to the central processing unit. The matching of different ACL items is carried out through a plurality of network devices, ACL resources occupied by ACL matching rules preset by different ports for matching the ACL items are less, and the resource occupation is reduced.
Illustratively, the source physical address of the message to be screened is: 00: 00: 12345, destination IP address: 10.10.10.1, source IP address: 20.20.20.1, the message payload to be matched is a field of 0 xeffeffeef behind the IP header, and if the message is matched, the message is sent to the central processing unit. The specific matching mode is as follows: firstly, a receiving port of first network equipment receives a message to be matched, a fixed field resource group is configured, and a matching source physical address is screened: 00: 00: the 12345 message is redirected to a port 2 connected with the second network device, and the message with all source and destination physical addresses and tunnel labels meeting the requirements is sent to the second network device through the port 2; then, a fixed field resource group is set on a receiving port 2 of the second network device, and a matched destination IP address is screened: 10.10.10.1, source IP address: 20.20.20.1 to receiving port 3 of the second network device, all compliant destination IP addresses: 10.10.10.1, source IP address: the message of 20.20.20.1 is sent back to the first network device through the port 3, and finally the variable field resource group is set on the port 3 of the first network device, the last 4 bytes of the matched IP header are screened to be 0 xEFEFEFEFEFEF, and the action is executed to send all messages to the central processing unit. Through three rounds of screening between the two devices, the message can be correctly matched and sent to the central processing unit of the first network device, and the configuration length of each round of ACL does not exceed 32 bytes. If there are N entries to be matched, the resources used for matching in the embodiment of the present application are 32 × N +1, where an ACL matching resource of 32 bytes is shared to the second network device.
In an embodiment, the important field for screening matching is a message data portion of the last 4 bytes of the IP header, the message data portion may further include M ACL entries, if the matched data is located at a position behind the message data portion, multiple ACL screening is completed through multiple network devices, matching of the ACL to the ultra-long message can be extended, and matching of the ACL to the message can theoretically be not limited by the length of the ACL.
The device and the application scenario described in the embodiment of the present application are for more clearly illustrating the technical solution in the embodiment of the present application, and do not form a limitation on the technical solution provided in the embodiment of the present application, and it is known by a person skilled in the art that, with the occurrence of a new application scenario, the technical solution provided in the embodiment of the present application is also applicable to similar technical problems.
Those skilled in the art will appreciate that the loopback port matching and the second network device matching illustrated in fig. 11 and 12 do not constitute limitations on embodiments of the present application, and may include more or fewer modules than illustrated, or combine certain components, or a different arrangement of components.
The processing flow described in the above example is for more clearly explaining the technical solution of the embodiment of the present application, and does not limit the technical solution provided in the embodiment of the present application, and the processing flow is also applicable if there is a multi-path tunnel service or other service modes.
Referring to fig. 13, fig. 13 illustrates a computer device 900 provided by an embodiment of the present application. The computer device 900 may be a server or a terminal, and the internal structure of the computer device 900 includes but is not limited to:
a memory 910 for storing programs;
and a processor 920, configured to execute the program stored in the memory 910, wherein when the processor 920 executes the program stored in the memory 910, the processor 920 is configured to perform the message matching method.
The processor 920 and the memory 910 may be connected by a bus or other means.
The memory 910 is a non-transitory computer readable storage medium, and can be used to store a non-transitory software program and a non-transitory computer executable program, such as the message matching method described in any embodiment of the present application. The processor 920 implements the message matching method described above by running a non-transitory software program and instructions stored in the memory 910.
The memory 910 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area can store and execute the message matching method. Further, the memory 910 may include high-speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, the memory 910 may optionally include memory located remotely from the processor 920, and such remote memory may be coupled to the processor 920 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The non-transitory software programs and instructions needed to implement the message matching method described above are stored in the memory 910, and when executed by the one or more processors 920, perform the message matching method provided in any embodiment of the present application.
The embodiment of the present application further provides a computer-readable storage medium, which stores computer-executable instructions, where the computer-executable instructions are used to execute the above-mentioned message matching method.
In an embodiment, the storage medium stores computer-executable instructions, which are executed by one or more control processors 920, for example, by one processor 920 in the computer device 900, and can cause the one or more processors 920 to execute the message matching method provided in any embodiment of the present application.
The above described embodiments are merely illustrative, wherein elements illustrated as separate components may or may not be physically separate, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment.
One of ordinary skill in the art will appreciate that all or some of the steps, systems, and methods disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof. Some or all of the physical components may be implemented as software executed by a processor, such as a central processing unit, digital signal processor, or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). The term computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data, as is well known to those of ordinary skill in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can accessed by a computer. In addition, communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a payload, transport, or other transport mechanism and includes any information delivery media as known to those skilled in the art.
Claims (15)
1. A message matching method is applied to a first network device, and comprises the following steps:
dividing Access Control List (ACL) matching resources of the first network equipment into a fixed field resource group and a variable field resource group, wherein the fixed field resource group comprises a set of fixed fields, and the variable field resource group comprises a set of variable fields;
receiving a message to be matched, and matching the message to be matched according to a fixed field in the fixed field resource group and a variable field in the variable field resource group to obtain a first matching result;
and determining the matching action of the message to be matched according to the first matching result.
2. The method according to claim 1, wherein the matching the message to be matched according to the fixed field in the fixed-field resource group and the variable field in the variable-field resource group to obtain a first matching result includes:
matching the first fixed field of the message to be matched according to the fixed field in the fixed field resource group to obtain a second matching result;
and matching the variable fields of the message to be matched according to the variable fields in the variable field resource group under the condition that the second matching result indicates that the first fixed fields are matched, so as to obtain the first matching result.
3. The method according to claim 2, wherein the fixed field resource group is configured on a receiving port of the first network device, the receiving port is configured to receive the message to be matched, and a first fixed field of the message to be matched is matched on the receiving port according to a fixed field in the fixed field resource group to obtain a second matching result;
the fixed field resource group is configured on a first loopback port of the first network device, and under the condition that the second matching result indicates that the first fixed field is matched, a second fixed field of the message to be matched is matched on the first loopback port according to the fixed field in the fixed field resource group to obtain a third matching result, wherein the second fixed field is a fixed field except the first fixed field;
and configuring the variable field resource group on a second loopback port of the first network equipment, and matching the variable fields of the message to be matched on the second loopback port according to the variable fields in the variable field resource group under the condition that the third matching result indicates that the second fixed fields are matched, so as to obtain a first matching result.
4. The method according to claim 2 or 3, wherein after the matching is performed on the first fixed field of the packet to be matched according to the fixed field in the fixed-field resource group to obtain a second matching result, the method further comprises:
and under the condition that the second matching result indicates that the first fixed field is not matched, finishing matching and discarding the message to be matched.
5. The method according to claim 2, wherein the determining the matching action for the packet to be matched according to the first matching result comprises:
under the condition that the first matching result indicates that the variable field is matched, uploading the message to be matched to a central processing unit or forwarding the message to be matched;
and under the condition that the first matching result indicates that the variable field is not matched, finishing matching and discarding the message to be matched.
6. A message matching method is applied to a first network device, and comprises the following steps:
receiving a message to be matched, and matching a first fixed field of the message to be matched according to the fixed field in the fixed field resource group of the first network equipment to obtain a first matching result;
under the condition that the first matching result indicates that the first fixed field is matched, the message to be matched is sent to second network equipment, so that the variable field of the message to be matched is matched according to the variable field in the variable field resource group of the second network equipment, and a second matching result is obtained;
receiving the second matching result returned by the second network equipment;
and determining the matching action of the message to be matched according to the second matching result.
7. The method according to claim 6, wherein after receiving the message to be matched, and matching the first fixed field of the message to be matched according to the fixed field in the fixed-field resource group of the first network device to obtain a first matching result, the method further comprises:
and under the condition that the first matching result indicates that the first fixed field is not matched, finishing matching and discarding the message to be matched.
8. The method according to claim 6, wherein the determining the matching action for the packet to be matched according to the second matching result comprises:
under the condition that the second matching result indicates that the variable field is matched, uploading the message to be matched to a central processing unit or forwarding the message to be matched;
and under the condition that the second matching result indicates that the variable field is not matched, finishing matching and discarding the message to be matched.
9. A message matching method is applied to a first network device, and comprises the following steps:
receiving a message to be matched, and sending the message to be matched to second network equipment so as to match a second fixed field of the message to be matched according to the fixed field in a fixed field resource group of the second network equipment to obtain a first matching result;
receiving the first matching result returned by the second network equipment;
under the condition that the first matching result indicates that the second fixed field is matched, matching the variable field of the message to be matched according to the variable field in the variable field resource group of the first network equipment to obtain a second matching result;
and determining the matching action of the message to be matched according to the second matching result.
10. The method of claim 9, wherein after the receiving the first matching result returned by the second network device, the method further comprises:
and under the condition that the first matching result indicates that the second fixed field is not matched, finishing matching and discarding the message to be matched.
11. The method according to claim 9, wherein the determining the matching action for the packet to be matched according to the second matching result comprises:
under the condition that the second matching result indicates that the variable field is matched, uploading the message to be matched to a central processing unit or forwarding the message to be matched;
and under the condition that the second matching result indicates that the variable field is not matched, finishing matching and discarding the message to be matched.
12. A message matching method is applied to second network equipment, and comprises the following steps:
receiving a message to be matched sent by first network equipment;
and matching the variable fields of the message to be matched according to the variable fields in the variable field resource group of the second network equipment to obtain a second matching result, and returning the second matching result to the first network equipment, so that the first network equipment determines the matching action of the message to be matched according to the second matching result.
13. A message matching method is applied to a second network device, and comprises the following steps:
receiving a message to be matched sent by first network equipment;
and matching a second fixed field of the message to be matched according to the fixed field in the fixed field resource group of the second network equipment to obtain a first matching result, returning the first matching result to the first network equipment, so that the first network equipment matches the variable field of the message to be matched according to the variable field in the variable field resource group of the first network equipment to obtain a second matching result, and determining the matching action of the message to be matched according to the second matching result.
14. A computer device comprising a memory and a processor, the memory having stored therein computer-readable instructions which, when executed by one or more of the processors, cause the one or more processors to carry out the steps of the method as claimed in any one of claims 1 to 5, 6 to 8, 9 to 11, 12, 13.
15. A computer-readable storage medium readable by a processor, the storage medium storing computer instructions which, when executed by one or more processors, cause the one or more processors to perform the steps of the method of any one of claims 1 to 5, 6 to 8, 9 to 11, 12, 13.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211048413.8A CN115314564A (en) | 2022-08-30 | 2022-08-30 | Message matching method, computer device and computer-readable storage medium |
| PCT/CN2023/085162 WO2024045599A1 (en) | 2022-08-30 | 2023-03-30 | Message matching method, computer device, and computer-readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211048413.8A CN115314564A (en) | 2022-08-30 | 2022-08-30 | Message matching method, computer device and computer-readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115314564A true CN115314564A (en) | 2022-11-08 |
Family
ID=83863748
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211048413.8A Pending CN115314564A (en) | 2022-08-30 | 2022-08-30 | Message matching method, computer device and computer-readable storage medium |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN115314564A (en) |
| WO (1) | WO2024045599A1 (en) |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB2420043B (en) * | 2004-11-03 | 2006-11-22 | 3Com Corp | Rules engine for access control lists in network units |
| CN101409677B (en) * | 2008-11-27 | 2010-12-08 | 福建星网锐捷网络有限公司 | Access control method and apparatus |
| CN103354522B (en) * | 2013-06-28 | 2016-08-10 | 华为技术有限公司 | A kind of multilevel flow table lookup method and device |
| CN113452594B (en) * | 2021-06-28 | 2022-07-22 | 新华三信息安全技术有限公司 | Inner layer message matching method and device of tunnel message |
| CN114760108B (en) * | 2022-03-22 | 2023-04-25 | 杭州迪普科技股份有限公司 | Message matching method and device |
-
2022
- 2022-08-30 CN CN202211048413.8A patent/CN115314564A/en active Pending
-
2023
- 2023-03-30 WO PCT/CN2023/085162 patent/WO2024045599A1/en unknown
Also Published As
| Publication number | Publication date |
|---|---|
| WO2024045599A1 (en) | 2024-03-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8542679B2 (en) | Method of controlling data propagation within a network | |
| CN108600109B (en) | Message forwarding method and device | |
| CN106921578B (en) | Method and device for generating forwarding table item | |
| CN108306806B (en) | Message forwarding method and device | |
| CN108600099B (en) | Message forwarding method and device and leaf equipment | |
| US8615015B1 (en) | Apparatus, systems and methods for aggregate routes within a communications network | |
| CN111010329B (en) | Message transmission method and device | |
| CN108234422B (en) | Resource scheduling method and device | |
| US20240106751A1 (en) | Method and apparatus for processing detnet data packet | |
| US20150124808A1 (en) | Network System and Network Relay Device | |
| CN108259348B (en) | Message transmission method and device | |
| CN110391919B (en) | Multicast traffic forwarding method and device, and electronic device | |
| CN110768917B (en) | Message transmission method and device | |
| CN115426312A (en) | Method and device for managing, optimizing and forwarding identifiers in large-scale multi-modal network | |
| CN113422735B (en) | Load balancing configuration method, convergence diverter and medium | |
| US20230388223A1 (en) | Packet forwarding method, apparatus, and system | |
| CN113839862A (en) | Method, system, terminal and storage medium for synchronizing ARP information between MCLAG neighbors | |
| CN115314564A (en) | Message matching method, computer device and computer-readable storage medium | |
| CN112511440B (en) | Message forwarding method, system, storage medium and electronic equipment | |
| US11032093B2 (en) | Multicast group membership management | |
| CN115914087A (en) | Message forwarding method, device, equipment, system and storage medium | |
| CN112068972A (en) | Message queue consumption method based on multi-computer room realization and electronic equipment | |
| US7613200B1 (en) | Method and apparatus using a random indication to map items to paths and to recirculate or delay the sending of a particular item when a destination over its mapped path is unreachable | |
| CN114079634A (en) | Message forwarding method and device and computer readable storage medium | |
| CN107113244B (en) | Data forwarding method, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication |