CN1933443A - Business sensing system in high-speed network - Google Patents
Business sensing system in high-speed network Download PDFInfo
- Publication number
- CN1933443A CN1933443A CNA2006100371045A CN200610037104A CN1933443A CN 1933443 A CN1933443 A CN 1933443A CN A2006100371045 A CNA2006100371045 A CN A2006100371045A CN 200610037104 A CN200610037104 A CN 200610037104A CN 1933443 A CN1933443 A CN 1933443A
- Authority
- CN
- China
- Prior art keywords
- business
- packet
- tcp
- module
- stream
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004458 analytical method Methods 0.000 claims abstract description 20
- 230000015572 biosynthetic process Effects 0.000 claims description 27
- 238000003745 diagnosis Methods 0.000 claims description 19
- 238000000034 method Methods 0.000 claims description 17
- 230000008447 perception Effects 0.000 claims description 14
- 238000012545 processing Methods 0.000 claims description 13
- 230000006870 function Effects 0.000 claims description 11
- 238000005516 engineering process Methods 0.000 description 10
- 239000000523 sample Substances 0.000 description 6
- 230000019771 cognition Effects 0.000 description 5
- 238000004891 communication Methods 0.000 description 5
- 238000011160 research Methods 0.000 description 4
- 239000000047 product Substances 0.000 description 3
- 230000006978 adaptation Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 241000239290 Araneae Species 0.000 description 1
- 241001269238 Data Species 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 239000012141 concentrate Substances 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 239000012467 final product Substances 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000007619 statistical method Methods 0.000 description 1
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
A service sensing system in high speed network comprises TCP connection table, data packet sorter, storage and a numbers of stream analyzer. It can be used to carry out content analysis and statistics on service transmitted in digital family network.
Description
Technical field
The present invention relates to the technical field of network communication in the digital home, specifically, related to a kind of method and apparatus that can carry out content analysis and statistics the business of transmitting in the digital home network.
Background technology
1, digital home network
Digital home network is along with the digitlization of development of internet technology and household equipment grows up, and it is a kind of next generation network that is different from present IP network.
In digital home network, the equipment of access no longer is confined to traditional computer terminal, and household electrical appliances such as digitized phone, TV, refrigerator also will be parts important in the network; That is to say that digital home network will be a network that merges multiple business such as IP phone, Digital Television, remote household electrical appliance control.
Because the integration of multiple business, it is very big that the volume of transmitted data of digital home network will become; Simultaneously, different business exists difference for the requirement of data transmission quality, such as IP phone ensures that for the speed and the order of transfer of data requirement is just relatively harsher, and the data downloading request of PC is relatively loose.Because digital home network, legacy network is the sort of ignores professional difference or the network adjustment technology that ensures based on simple QoS can't meet the demands, and this just needs new network method of adjustment appearance.But the adjustment of network is based on the statistics of the miscellaneous service that transmits in the network, so we need an energy perception digital home network service, and the system that transport service is carried out statistical analysis.
2, professional cognition technology introduction
Professional cognition technology is a kind of technology of distinguishing different business stream in the network, and it can draw the affiliated type of service of these data by some special field or the characteristic of packet in the phase-split network.
At present, professional cognition technology still is in developing stage, technical some insurmountable difficulty that also exist; Some products based on professional cognition technology have appearred on the market, but substantially all be by technology such as analysis port, TOS fields, also really do not reach the degree of utilizing characteristic to discern, but the business diagnosis that is based on port is in many occasions and inapplicable, the business that can change for some ports does not particularly reach instructions for use especially based on the business diagnosis of port.
3, Related product and patent
Though digital home is present popular direction, many achievements have also appearred in the research to this respect, but most studies is the digital household appliances product, and the research at the Network Transmission aspect is seldom arranged, for the research of analyzing digital home network and improving network service quality still less; Simultaneously, because professional cognition technology itself is immature, in also can't the large scale investment practical application, therefore, research and the patent relevant with professional perception mainly concentrate on how to carry out the perception aspect, and concrete as how it is built a network adjustment framework, how to apply it in the digital home network or blank out for the basis, this blank has just in time been filled up in the design that this paper proposes.
Summary of the invention
The present invention has overcome above deficiency, has proposed business sensing system in a kind of express network, and this system comprises TCP connection table, packet classifier, memory and some stream analyzers:
The function of TCP connection table is to preserve the information data that all connect through the TCP of network node.
The function of packet classifier is after packet flows into wherein, and be connected table with TCP mutual, obtains the affiliated TCP link information of this packet.
The main function of memory is to coordinate the speed of express network data flow and stream analyzer, and when the stream analyzer analysis speed was slower than network flow speed, this memory buffer had added the tcp data bag of attached TCP link information.
The function of stream analyzer is to analyze the data of each TCP stream, and the concrete analysis of professional perception is operated in wherein to be finished.
Described packet classifier is by a) packet header of fetching data; B) calculate hashed value; C) search the stream table; D) preserve four parts of flow data and form, its workflow is as being: a data of 1) taking out packet in the packet; 2) data is carried out hash computing (MD5 is the method for using always), gets the hashed value of data to the end; 3) according to hashed value, search TCP stream table, find out and change the TCP stream that packet is consistent; 4) data of TCP bag are kept at (can be equipment such as internal memory, hard disk) on the memory.
The treatment step of described stream analyzer is as being:
1) the TCP logic flow arrives, and wherein the content of TCP logic flow be the attached tcp data bag of TCP link information of order, and packet is put into the wait processing queue;
2) task distributor is taken out a packet from wait for processing queue, puts into the traffic identification formation, if the class of business that this stream analyzer can be analyzed is N, puts into N copy of traffic identification formation so and goes into formation;
3) service identification module m takes out m packet copy in the formation, packet is analyzed, if judged result is not one's own business, m+1 copy analyzed in the service identification module m+1 taking-up formation so, analyze copy q up to service identification module q, think that packet is one's own business, empty all copies in the traffic identification formation so, other modules of module q back are no longer discerned, discern the successfully laggard step (4) of going into, if recognize the identification that module N does not have success, enter step (5) so;
4) business does not have corresponding analysis module under the recognition failures, this packet, and flow process finishes;
5) business diagnosis module q and the service identification module q-1 in its front are carried out place-exchange, when carrying out business module identification so next time, discern for module q earlier packet, and then identification q-1, the benefit of doing like this is discharged to the front for the analysis module that can make the normal Business Stream that occurs in the network in formation, the Business Stream relevant recognition module of less appearance comes the formation back, can improve recognition speed like this, reduces the expense of service identification module recognition failures;
6) packet is sent to the corresponding business analysis module, the particular content of packet is analyzed, specifically being operated in the business diagnosis module of business diagnosis and perception carried out.
Technical characterstic of the present invention is:
1) network of adaptation high-speed transfer.
This patent can be realized the professional perceptional function to the stream of the TCP/IP in the express network, this effect have benefited from native system in added memory module and in stream analyzer, added the wait processing queue, when network has burst high-speed data-flow and the processing speed of system not to reach the speed identical with network data, still can analyze all packets in the network, and the unconventional method of handling too late packet of abandoning, have the effect of handling the express network data flow and also have benefited from stream analyzer, having added the wait processing queue.
2) extendible service sensing ability.
The system that this method realizes can increase new professional sensing module easily.This effect has benefited from different service identification module and adopts the form of formation to organize together, and increases new professional sensing module as long as increase and increase new analysis logic in new identification module and the business diagnosis module in the service identification module formation.
3) self adaptation is adjusted the traffic identification order.
If some business often occurs in network, when so newly arriving a packet, with the relevant recognition module of the normal business that occurs packet is discerned earlier, if non-common business is discerned packet with the lower service identification module of the frequency of occurrences so again.This effect has benefited from the dynamic adjustment of the service identification module position in the service identification module formation, referring to the step (5) of stream analyzer implementation structure.
4) based on the perception of business tine.
Based on the communication port of ICP/IP protocol, this effect does not have benefited from having adopted service identification module to traffic identification, and the content of each packet is carried out signature analysis.
Description of drawings
Fig. 1 is business sensing system implementation structure figure;
Fig. 2 implements structure chart for packet classifier;
Fig. 3 is packet classifier processing procedure figure;
Fig. 4 is the enforcement structure chart of stream analyzer;
Fig. 5 is case study on implementation figure.
Embodiment
Below in conjunction with accompanying drawing business sensing system in the express network is further set forth.
For data flow transmitted in the sensing network is to belong to which kind of business, we install a business sensing system at the network node place, and this system will analyze all and flow through wherein network packet, to realize professional perceptional function.This system comprises TCP connection table, packet classifier, memory and some stream analyzers, and its general structure as shown in Figure 1.
The processing procedure of business sensing system is in the express network:
1) TCP connection table has been preserved information datas of the TCP connection of all process network nodes, and after packet flowed into packet classifier, packet classifier is connected table with TCP mutual, obtains the affiliated TCP link information of this packet.
2) then the tcp data bag that has added attached TCP link information is sent in the memory.This memory can be the equipment that hard disk, internal memory etc. have the storage data capability, its main function in this system is to coordinate the speed of express network data flow and stream analyzer, when the stream analyzer analysis speed was slower than network flow speed, this memory buffer had added the tcp data bag of attached TCP link information.
3) the tcp data bag of the attached TCP link information of taking-up sends stream analyzer to from memory.Stream analyzer is a thread, analyzes the data of each TCP stream in stream analyzer, and the concrete analysis of professional perception is operated in here to be finished.Stream analyzer takes out a tcp data bag at every turn and analyzes from memory, have in the system that a plurality of stream analyzers can walk abreast or concurrent (if hardware does not possess parallel ability) work, these stream analyzers are stored in the thread pool, and this design is in order to save that thread starts and system overhead when destroying.
As shown in Figure 2, packet classifier is by a) packet header of fetching data; B) calculate hashed value; C) search the stream table; D) preserve four parts of flow data and form, its workflow is as being:
1) data of taking-up packet in the packet;
2) data is carried out hash computing (MD5 is the method for using always), gets the hashed value of data to the end;
3) according to hashed value, search TCP stream table, find out and change the TCP stream that packet is consistent;
4) data of TCP bag are kept at (can be equipment such as internal memory, hard disk) on the memory.
For the processing speed that makes packet classifier improves, we use the working method of streamline, and 4 steps in the top one-tenth streamline, each step is independently opened a thread process, and the processing actual step of packet classifier can be represented with Fig. 3 like this.
The implementation structure of stream analyzer as shown in Figure 4, wherein task distributor and business diagnosis module all are placed in the thread pool, the thread pool is here shared by all stream analyzers, be not the thread pool that each stream analyzer has oneself, all stream analyzers are shared a traffic distributor thread pool and a business diagnosis module thread pool.The treatment step of stream analyzer is as follows:
1) the TCP logic flow arrives, and wherein the content of TCP logic flow be the attached tcp data bag of TCP link information of order, and packet is put into the wait processing queue;
2) task distributor is taken out a packet from wait for processing queue, puts into the traffic identification formation, if the class of business that this stream analyzer can be analyzed is N, puts into N copy of traffic identification formation so and goes into formation;
3) service identification module m takes out m packet copy in the formation, packet is analyzed, if judged result is not one's own business, m+1 copy analyzed in the service identification module m+1 taking-up formation so, analyze copy q up to service identification module q, think that packet is one's own business, empty all copies in the traffic identification formation so, other modules of module q back are no longer discerned, discern the successfully laggard step (4) of going into, if recognize the identification that module N does not have success, enter step (5) so;
4) business does not have corresponding analysis module under the recognition failures, this packet, and flow process finishes;
5) business diagnosis module q and the service identification module q-1 in its front are carried out place-exchange, when carrying out business module identification so next time, discern for module q earlier packet, and then identification q-1, the benefit of doing like this is discharged to the front for the analysis module that can make the normal Business Stream that occurs in the network in formation, the Business Stream relevant recognition module of less appearance comes the formation back, can improve recognition speed like this, reduces the expense of service identification module recognition failures;
6) packet is sent to the corresponding business analysis module, the particular content of packet is analyzed, specifically being operated in the business diagnosis module of business diagnosis and perception carried out.
The business sensing system of realizing with the method for this patent can be installed on any network line, and the circuit here includes spider lines and wireless network.
Case study on implementation figure as shown in Figure 5, a plurality of digital home networks have been comprised in this network, these digital home networks are connected to again on the switch, the circuit that is connected on the switch is the only network outlet of these digital home networks, switch is connected to Internet, and all pass through this switch to the visit of Internet digital home.We want to monitor the digital home network users now has which to the main business that Internet visits, so that the service that hommization more is provided is to the user, so our circuit on switch and Internet is installed a professional perception probe.The device of this probe can realize that all packets of switch and Internet all pass through this probe with the common computer main frame.
This case study on implementation is each professional data traffic of simple statistics.For statistic flow, simply the packet size is added to work in the flow so only do one in our the business diagnosis module in stream analyzer.
Through the statistics of business diagnosis module, the keeper can learn that N digital home network is A1 for the use traffic of professional A, and the use traffic of professional B is B2+B3, and the use traffic of professional C is C3.
Top example has just simply been added up each professional network traffics, professional perception probe in this patent provides an extendible systems approach of high speed, can do various statistical work to business, only need the business diagnosis module in the replacing system to get final product.As the frequency of utilization of statistical service, professional use particular content etc. have had these statistical informations, and we can provide better service for home network user.
Claims (8)
1, business sensing system in a kind of express network is characterized in that this system comprises TCP connection table, packet classifier, memory and some stream analyzers:
The function of TCP connection table is to preserve the information data that all connect through the TCP of network node;
The function of packet classifier is after packet flows into wherein, and be connected table with TCP mutual, obtains the affiliated TCP link information of this packet;
The main function of memory is to coordinate the speed of express network data flow and stream analyzer, and when the stream analyzer analysis speed was slower than network flow speed, this memory buffer had added the tcp data bag of attached TCP link information;
The function of stream analyzer is to analyze the data of each TCP stream, and the concrete analysis of professional perception is operated in wherein to be finished.
2, business sensing system in the express network according to claim 1 is characterized in that packet classifier is by a) packet header of fetching data; B) calculate hashed value; C) search the stream table; D) preserving four parts of flow data forms.
3, business sensing system in the express network according to claim 1 and 2 is characterized in that the packet classifier workflow is as being: a data of 1) taking out packet in the packet; 2) data is carried out the hash computing, gets the hashed value of data to the end; 3) according to hashed value, search TCP stream table, find out and change the TCP stream that packet is consistent; 4) data of TCP bag are kept on the memory.
4, business sensing system in the express network according to claim 1 is characterized in that memory can be the equipment that hard disk, internal memory etc. have the storage data capability.
5, business sensing system in the express network according to claim 1 is characterized in that packet classifier uses the working method of streamline, and each step is independently opened a thread process.
6, business sensing system in the express network according to claim 1 is characterized in that the shared traffic distributor thread pool of all stream analyzers and a business diagnosis module thread pool.
7, business sensing system in the express network according to claim 6 is characterized in that wherein task distributor and business diagnosis module all are placed in the thread pool, and the thread pool is here shared by all stream analyzers.
8, business sensing system in the express network according to claim 1, the treatment step that it is characterized in that stream analyzer is as being:
1) the TCP logic flow arrives, and wherein the content of TCP logic flow be the attached tcp data bag of TCP link information of order, and packet is put into the wait processing queue;
2) task distributor is taken out a packet from wait for processing queue, puts into the traffic identification formation, if the class of business that this stream analyzer can be analyzed is N, puts into N copy of traffic identification formation so and goes into formation;
3) service identification module m takes out m packet copy in the formation, packet is analyzed, if judged result is not one's own business, m+1 copy analyzed in the service identification module m+1 taking-up formation so, analyze copy q up to service identification module q, think that packet is one's own business, empty all copies in the traffic identification formation so, other modules of module q back are no longer discerned, discern the successfully laggard step (4) of going into, if recognize the identification that module N does not have success, enter step (5) so;
4) business does not have corresponding analysis module under the recognition failures, this packet, and flow process finishes;
5) business diagnosis module q and the service identification module q-1 in its front are carried out place-exchange, when carrying out business module identification so next time, discern for module q earlier packet, and then identification q-1, the benefit of doing like this is discharged to the front for the analysis module that can make the normal Business Stream that occurs in the network in formation, the Business Stream relevant recognition module of less appearance comes the formation back, can improve recognition speed like this, reduces the expense of service identification module recognition failures;
6) packet is sent to the corresponding business analysis module, the particular content of packet is analyzed, specifically being operated in the business diagnosis module of business diagnosis and perception carried out.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2006100371045A CN1933443A (en) | 2006-08-18 | 2006-08-18 | Business sensing system in high-speed network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2006100371045A CN1933443A (en) | 2006-08-18 | 2006-08-18 | Business sensing system in high-speed network |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1933443A true CN1933443A (en) | 2007-03-21 |
Family
ID=37879072
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2006100371045A Pending CN1933443A (en) | 2006-08-18 | 2006-08-18 | Business sensing system in high-speed network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1933443A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101702121B (en) * | 2009-10-29 | 2013-02-06 | 珠海金山软件有限公司 | Device for controlling network flow of program in Windows system |
-
2006
- 2006-08-18 CN CNA2006100371045A patent/CN1933443A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101702121B (en) * | 2009-10-29 | 2013-02-06 | 珠海金山软件有限公司 | Device for controlling network flow of program in Windows system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102739473B (en) | Network detecting method using intelligent network card | |
| CN1158615C (en) | Load balancing method and equipment for convective medium server | |
| CN1913528A (en) | P2P data message detection method based on character code | |
| CN1206600C (en) | Full distribution type aggregation network servicer system | |
| CN104125167A (en) | Flow control method and device | |
| CN1941716A (en) | Method, device and system for accounting application flow | |
| CN106101015A (en) | A kind of mobile Internet traffic classes labeling method and system | |
| CN1414746A (en) | Method of providing internal service apparatus in network for saving IP address | |
| CN101052043A (en) | TCP sending algorithm based on sending window and reciprocating time | |
| CN1838627A (en) | Method for realizing QinQ access | |
| CN100337432C (en) | Data flow statistic method and device | |
| WO2021000874A1 (en) | Service flow identification method and apparatus, and model generation method and apparatus | |
| CN1881899A (en) | Network flow monitoring system and method | |
| CN102571946B (en) | Realization method of protocol identification and control system based on P2P (peer-to-peer network) | |
| CN108111558A (en) | A kind of high-speed packet disposal method, apparatus and system | |
| CN106789242A (en) | A kind of identification application intellectual analysis engine based on mobile phone client software behavioral characteristics storehouse | |
| CN102891809A (en) | Interface order-preserving method and system of messages of multi-core network device | |
| CN101039234A (en) | Method for realizing distributed DHCP relay | |
| CN102868636A (en) | Method and system for stream-based order preservation of multi-core network equipment packet | |
| CN1881938A (en) | Method and system for preventing and detecting proxy | |
| CN1933443A (en) | Business sensing system in high-speed network | |
| CN1642142A (en) | Multimedia communication device using software and hardware protocol stacks and communication method thereof | |
| CN1291567C (en) | A high-performance multi-service network security processing equipment | |
| CN1708013A (en) | Accelerated per-flow traffic estimation | |
| CN104348675A (en) | Bidirectional service data flow identification method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |