WO2007147310A1 - A method and an apparatus for realizing partaking of network traffic load - Google Patents

A method and an apparatus for realizing partaking of network traffic load Download PDF

Info

Publication number
WO2007147310A1
WO2007147310A1 PCT/CN2007/001110 CN2007001110W WO2007147310A1 WO 2007147310 A1 WO2007147310 A1 WO 2007147310A1 CN 2007001110 W CN2007001110 W CN 2007001110W WO 2007147310 A1 WO2007147310 A1 WO 2007147310A1
Authority
WO
WIPO (PCT)
Prior art keywords
network traffic
port
virtual
virtual hash
hash bucket
Prior art date
Application number
PCT/CN2007/001110
Other languages
French (fr)
Chinese (zh)
Inventor
Yikang Lei
Xueqin Liu
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2007147310A1 publication Critical patent/WO2007147310A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/66Arrangements for connecting between networks having differing types of switching systems, e.g. gateways

Definitions

  • the present invention relates to a network traffic distribution technique, and more particularly to a method and apparatus for implementing network traffic load sharing, and a router. Background of the invention
  • the Internet can provide a variety of content that enriches people's daily lives, it can also be used by social unscrupulous elements. If the Internet cannot be effectively managed and monitored, it will bring various harms to the network security of the country, enterprises and individuals. Therefore, it is very important to protect information security.
  • the current technology is mainly used for shunting and blocking.
  • the traffic is introduced into the router through the optical splitter, and is decomposed and filtered by the Access Control List (ACL) rules for the back-end server system to perform correlation analysis and processing.
  • ACL Access Control List
  • the offloading may be one or more levels of offloading until the granularity that the host can handle.
  • Each port group consists of multiple ports, and each port group corresponds to one server system. Because the traffic to be processed is large and the data is large, each server system adopts an array mode, and load balancing is performed among multiple hosts for common processing. This requires the router to load balance traffic between multiple output ports of the port group and distribute it evenly across multiple hosts.
  • the current HASH algorithm uses the HASH key value calculated according to the HASH element to obtain the output port by taking the number of ports. For example, the number of ports in the port group is 256.
  • the HASH key value calculated by 16-bit XOR according to the IP source address 10.0.0.1 and the destination address 10.0.0.2 is 3, and the 256 is obtained after modulo.
  • the advantage of this method is that the single tube is easy to operate.
  • the key length of the HASH calculation is not too long, the number of ports is large enough to be evenly hashed. It is suitable for small systems where the IP address does not change much and the number of output ports is not much.
  • the embodiment of the present invention provides A method for implementing network traffic load sharing, an apparatus for implementing the method, and a router.
  • a method for implementing network traffic load sharing includes: decomposing and filtering network traffic introduced to a router by using an access control list ACL rule; and distributing the decomposed and filtered network traffic to the HASH algorithm.
  • an apparatus for implementing network traffic load sharing includes introducing The network traffic splitter, the filter for decomposing and filtering the imported network traffic, further includes: a virtual HASH bucket, configured to carry network traffic decomposed and filtered by the filter, and the network traffic passes the number based on the virtual HASH bucket.
  • the HASH algorithm is allocated to the virtual HASH bucket; the actual port is configured to receive network traffic allocated from the virtual HASH bucket, and deliver the network traffic to the server system.
  • a router includes: a filtering unit, configured to decompose and filter network traffic entering the router by using an access control list ACL rule; and an allocation unit, configured to perform a hash algorithm according to a HASH algorithm and a mapping operation method Allocate the decomposed and filtered network traffic;
  • the allocation unit includes: a HASH operation unit, configured to allocate the decomposed and filtered network traffic by using a HASH algorithm; a virtual HASH bucket for carrying network traffic allocated by the HASH operation unit; and a mapping operation unit, configured to The distribution of network traffic is distributed from the virtual HASH bucket to the actual port.
  • the virtual HASH bucket is used, and the number of virtual HASH buckets can be flexibly set according to requirements, so that the decomposed and filtered network traffic can be hashed in more buckets, if the traffic is offloaded.
  • the network traffic in the virtual HASH bucket can be directly allocated to the actual port; when the network traffic is unevenly distributed, when the network traffic is allocated from the virtual HASH bucket to the actual port, try to select the unused port or traffic.
  • the smallest port when there are multiple ports with the smallest traffic, select the port with the highest port rate, that is, balance the network traffic of each port as much as possible to ensure that network traffic can be allocated to the actual port.
  • FIG. 1 is a schematic block diagram of a method for implementing network traffic load sharing according to an embodiment of the present invention.
  • FIG. 2 is a schematic structural diagram of an apparatus for implementing network traffic load sharing according to an embodiment of the present invention.
  • FIG. 3 is a flowchart of an implementation manner of a method for implementing network traffic load sharing according to an embodiment of the present invention.
  • FIG. 4 is a schematic structural diagram of a router according to an embodiment of the present invention. Mode for carrying out the invention
  • FIG. 1 is a schematic block diagram of a method for implementing network traffic load sharing according to an embodiment of the present invention.
  • the decomposed and filtered network traffic is allocated to the virtual HASH bucket through the HASH algorithm, and then the network traffic is allocated to the actual port through the mapping algorithm, thereby achieving uniform load sharing of the network traffic.
  • FIG. 2 is a schematic structural diagram of an apparatus for implementing network traffic load sharing according to an embodiment of the present invention.
  • the apparatus includes a splitter 201, a filter 202, a HASH operator 203, a virtual HASH bucket 204, a mapping operator 205, and an actual port 206 of the router. among them:
  • the splitter 201 introduces network traffic into the filter 202;
  • the filter 202 decomposes and filters the imported network traffic according to the ACL rule, and specifically: in the ACL rule, configure a rule for classifying the network traffic according to the source address, the destination address, the port number, or the protocol type of the network traffic, These rules are applied to the router interface, and the filter 202 determines, according to these rules, that the introduced network traffic is received, discarded, or redirected to a port or a port group, thereby realizing the decomposition and filtering of the network traffic;
  • the HASH operator 203 allocates the network traffic filtered by the filter 202 to the virtual HASH bucket 204 through the HASH algorithm;
  • the virtual HASH bucket 204 carries the decomposed and filtered network traffic
  • the mapping operator 205 allocates network traffic in the virtual HASH bucket 204 to the actual port 206 of the router;
  • the actual port 206 provided by the router receives the network traffic allocated from the virtual HASH bucket 204, and hands the network traffic to the host 207 of the server system for processing.
  • the network traffic is introduced by the splitter 201, decomposed and filtered by the filter 202, and then the network traffic is distributed to the virtual HASH bucket 204 by the HASH algorithm.
  • the virtual HASH bucket 204 is mapped to the actual port, and the network traffic is sent to the actual port corresponding to the virtual HASH bucket 204.
  • the network traffic splitting is detected to be uneven, the following is taken. Distribution method.
  • FIG. 4 is a schematic structural diagram of a router according to an embodiment of the present invention. As shown in FIG. 4, the router includes a filtering unit 401, an allocating unit 400, and an actual port 406.
  • the filtering unit 401 decomposes and filters the network traffic introduced to the router by using an access control list ACL rule.
  • the allocating unit 400 allocates the decomposed and filtered network traffic according to the HASH algorithm and the mapping operation.
  • the actual port 406 sends the network traffic allocated by the allocation unit 400 to the server system. There are multiple physical ports 406 in the router, and for convenience, only one actual port is drawn.
  • the allocation unit 400 includes: a HASH operation unit 402, a virtual HASH bucket 403, and a mapping operation unit 405.
  • the HASH operation unit 402 allocates the decomposed and filtered network traffic through the HASH algorithm.
  • the virtual HASH bucket 403 carries the network traffic allocated by the HASH operation unit 402.
  • the mapping operation unit 405 allocates the network traffic from the virtual HASH bucket 403 to the actual port 406 according to the distribution of the network traffic.
  • the allocation unit 400 in the router may further include a virtual HASH bucket number determining unit 407.
  • the virtual HASH bucket number determining unit 407 determines the number of virtual HASH buckets according to the actual number of ports or the number of the decomposed network traffic, and sends the number of virtual HASH buckets to the HASH operation unit; the HASH computing unit passes the decomposed and filtered network traffic. The allocation is performed based on the HASH algorithm of the number of virtual HASH buckets.
  • the allocation unit in the router may further include a network traffic distribution judging unit 404.
  • the network is unchecked, and the judgment result is sent to the mapping operation unit 405.
  • the mapping operation unit 405 in the router includes: a mapping module 4051 and an operation module, wherein when the network traffic distribution is uniform from the judgment result received by the network traffic distribution determining unit 404, the mapping module 4051 maps the virtual HASH bucket 403 to the actual Port 406, and send network traffic to its corresponding actual port 406; when it is judged from network traffic distribution When the judgment result received by the breaking unit 404 is that the network traffic distribution is uneven, the operation module 4052 allocates network traffic to the actual port 406 by an algorithm.
  • the network traffic is introduced by the optical splitter, and is decomposed and filtered by the filter, and then allocated to the virtual HASH bucket.
  • the number of virtual HASH buckets is 10000, and the number of actual ports is 100.
  • the virtual HASH bucket with the serial number of 1 to 100 corresponds to the actual port 1
  • the virtual HASH bucket with the serial number of 101 to 200 corresponds to the actual port 2
  • the virtual HASH bucket with the serial number of 201 to 300 corresponds to the actual port 3.
  • the virtual HASH bucket is associated with the actual port, and the network traffic allocated to a virtual HASH bucket is allocated to the corresponding actual port, thereby realizing the traffic distribution of the network traffic. Since the network traffic is relatively uniform during the offloading, the network traffic can be evenly distributed after being allocated to the actual port.
  • the number of actual ports of the router is 256, and the length of the HASH key is 16 bits, and the range of change is 0 65535. Therefore, if the actual port is used as the HASH bucket, it is bound to have multiple network traffic falling in the same On the port, the number of network traffic allocated by each port is not uniform; and the size of the data packet itself is not limited, so the traffic on each port is not uniform.
  • the virtual HASH bucket After the virtual HASH bucket is set, you can use the statistics of the HASH bucket to determine whether the network traffic is decomposed and filtered. If the network traffic after the decomposition and filtering is uniform, you can pass the mapping between the virtual HASH bucket and the actual port. The relationship maps the network traffic in a virtual HASH bucket to the actual port corresponding to the virtual HASH bucket. If the network traffic after the decomposition and filtering is not uniform, the network traffic cannot be simply mapped to the real relationship according to the foregoing relationship. Instead, you need to select the actual port with the lowest traffic by traversing the traffic load of the actual port, and then assign the network traffic to the actual port. The following describes the load balancing scheme of network traffic in the case of uneven network traffic through a specific embodiment.
  • FIG. 3 is a flowchart of a method for implementing network traffic load sharing according to an embodiment of the present invention.
  • the number of the actual port is 256
  • the number of the virtual HASH bucket is 256000
  • the network traffic is uneven.
  • the method for implementing network traffic load sharing mainly includes the following steps:
  • Step 301 The optical splitter introduces network traffic.
  • Step 302 Decompose and filter the imported network traffic according to the ACL rule.
  • Step 303 Assign the decomposed and filtered network traffic to the virtual HASH bucket through the HASH algorithm.
  • Step 304 traverse the actual port;
  • Step 307 Find The port Fa[i]min with the smallest network traffic statistics and the status is UP;
  • Step 308 Determine whether the port with the smallest network traffic statistics and the status is UP is unique, if yes, go to step 309, otherwise go to step 310;
  • Step 309 Select the port with the smallest network traffic statistics, and increase the number of network traffic Fn[i] allocated by the selected port by 1, and increase the actual network traffic Fa[i] of the port.
  • Step 310 Search for the port in the port with the smallest network traffic statistics and the status is UP. The port with the highest port rate;
  • Step 311 Determine whether the network traffic statistics are the smallest, the status is UP, and the port with the highest port rate is unique. If yes, go to step 312, otherwise go to step 313;
  • Step 312 Select the port with the smallest network traffic statistics, the status is UP, and the port rate is the largest. If the number of network traffic Fn[i] allocated by the selected port is increased by 1, the actual network traffic Fa[i] of the port increases.
  • Step 313 Find the port Fn[i]min with the smallest number of allocated ports in the port with the smallest network traffic statistics, the state of the UP, and the maximum port rate.
  • Step 314 Determine whether the network traffic statistics are the smallest, the state is UP, the port rate is the largest, and the port with the least number of times is the only ones. If yes, go to step 315, otherwise go to step 316;
  • Step 315 Select the port with the smallest network traffic statistics, the status is UP, the port rate is the largest, and the number of allocated times is the least. If the number of network traffic Fn[i] allocated by the selected port is increased by 1, the actual network traffic of the port is Fa [ i] increase;
  • Step 316 randomly select one port to allocate traffic from multiple ports with the smallest network traffic statistics, the state is UP, the port rate is the largest, and the least number of times is allocated. The number of network traffic Fn[i] allocated by the selected port is increased by 1, then The actual network traffic of the port Fa[i] is increased.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A method for realizing partaking of network traffic load and an apparatus and router for realizing the method are provided. The network traffic imported to a router is decomposed and filtered based on the access control list (ACL) rule; the decomposed and filtered network traffic is distributed by the HASH algorithm to the virtual HASH bucket for bearing the network traffic; the network traffic is allocated from the virtual HASH buckets to the actual port based on the distribution condition of the network traffic. Because the virtual HASH buckets are adopted and the number of the virtual HASH buckets may be flexibly configured based on the needs, so the decomposed and filtered network traffic may be hashed in more buckets. When the network traffic is distributed unevenly, the port that is not be used or whose network traffic is small is chosen when the network traffic is mapped from the virtual HASH bucket to the actual port, so it ensures that the network traffic is allocated evenly to the actual port.

Description

一种实现网络流量负载分担的方法及装置 技术领域  Method and device for realizing network traffic load sharing
本发明涉及网络流量分配技术, 具体地说是一种实现网络流量负载 分担的方法及装置, 以及一种路由器。 发明背景  The present invention relates to a network traffic distribution technique, and more particularly to a method and apparatus for implementing network traffic load sharing, and a router. Background of the invention
随着各种 IP技术和传输技术的不断发展,互联网技术的应用日益广 泛, 用户数和网络流量持续增长。 虽然互联网可以提供各种内容, 使人 们的日常生活得到丰富, 但也会被社会不法份子所利用。 如果不能对互 联网进行有效管理和监控, 将会给国家、 企业、 个人的网络安全带来各 种危害。 因此, 保障信息安全非常重要。  With the continuous development of various IP technologies and transmission technologies, the application of Internet technologies has become increasingly widespread, and the number of users and network traffic have continued to grow. Although the Internet can provide a variety of content that enriches people's daily lives, it can also be used by social unscrupulous elements. If the Internet cannot be effectively managed and monitored, it will bring various harms to the network security of the country, enterprises and individuals. Therefore, it is very important to protect information security.
对于信息的监控, 当前采用的技术主要是分流和阻断。 分流是通过 分光器将网络的流量引入到路由器, 通过访问控制列表(ACL, Access Control List )规则进行分解和过滤后, 供后端服务器系统进行相关分析 和处理。 分流可能是一级或者多级分流, 直到主机能够处理的粒度。 后 端服务器系统可能有多个, 分别处理不同类型的数据, 因此需要在分流 设备上进行端口分组, 每个端口组由多个端口组成, 每个端口组对应于 一个服务器系统。 由于需要处理的流量较大, 数据较多, 每个服务器系 统将采用阵列方式, 在多台主机间进行负载分担, 共同处理。 这就要求 路由器在端口组的多个输出端口间进行流量的负载分担, 均匀地分配到 多台主机上。  For the monitoring of information, the current technology is mainly used for shunting and blocking. The traffic is introduced into the router through the optical splitter, and is decomposed and filtered by the Access Control List (ACL) rules for the back-end server system to perform correlation analysis and processing. The offloading may be one or more levels of offloading until the granularity that the host can handle. There may be multiple back-end server systems that handle different types of data, so port grouping is required on the offloading device. Each port group consists of multiple ports, and each port group corresponds to one server system. Because the traffic to be processed is large and the data is large, each server system adopts an array mode, and load balancing is performed among multiple hosts for common processing. This requires the router to load balance traffic between multiple output ports of the port group and distribute it evenly across multiple hosts.
为了将流量更为均匀地分配到各输出端口上, 流量在端口组内如何 选取输出端口是关键。目前的 HASH算法是采用根据 HASH元素计算的 HASH键值对端口数取模得到输出端口。 例如: 端口组内端口数目为 256 , 根据 IP源地址 10.0.0.1、 目的地 址 10.0.0.2采用 16比特异或计算的 HASH键值为 3,对 256取模后得到In order to distribute traffic more evenly to each output port, it is critical that traffic is selected in the port group. The current HASH algorithm uses the HASH key value calculated according to the HASH element to obtain the output port by taking the number of ports. For example, the number of ports in the port group is 256. The HASH key value calculated by 16-bit XOR according to the IP source address 10.0.0.1 and the destination address 10.0.0.2 is 3, and the 256 is obtained after modulo.
3, 即选择端口组内序号为 3的出端口。 3, that is, select the outbound port with serial number 3 in the port group.
这种方法的优点在于筒单易行, 当 HASH计算的键值长度不太长 时, 端口数目足够大, 能均匀散列。 适用于 IP地址变化范围不大, 且输 出端口数目要求不多的小型系统。  The advantage of this method is that the single tube is easy to operate. When the key length of the HASH calculation is not too long, the number of ports is large enough to be evenly hashed. It is suitable for small systems where the IP address does not change much and the number of output ports is not much.
但是, 发明人在实现本发明的过程中, 发现这种方法也存在着以下 缺点:  However, in the process of implementing the present invention, the inventors have found that this method also has the following disadvantages:
首先, 如果 HASH计算的键值长度与端口数目相差不大, 将造成 HASH结果在各 HASH桶(即各端口) 内散列不开, 势必造成输出不均 匀。 其次, 如果需要更大的 IP地址变化范围, 需要增加键值长度; 为了 使散列更为均匀, 需要增加 HASH桶数目, 即增加端口数目, 将造成配 置频繁改动, 并增加计算 HASH键值所需要的内存等设备代价。 发明内容  First, if the key length of the HASH calculation is not much different from the number of ports, the HASH result will not be hashed in each HASH bucket (that is, each port), which will inevitably result in uneven output. Secondly, if you need a larger IP address range, you need to increase the key length. In order to make the hash more uniform, you need to increase the number of HASH buckets, that is, increase the number of ports, which will cause frequent configuration changes and increase the calculation of HASH key values. Equipment cost such as memory required. Summary of the invention
为了解决现有技术中当 HASH计算的键值长度与端口数目相差不 大时,造成输出不均匀的问题, 以及当需要 IP地址变化大而使实现成本 增加的问题, 本发明的实施例提供了一种实现网络流量负载分担的方 法, 一种实现该方法的装置, 以及一种路由器。  In order to solve the problem that the length of the key value of the HASH calculation is not much different from the number of ports in the prior art, the problem of uneven output is caused, and the problem that the implementation cost increases when the IP address change is large, the embodiment of the present invention provides A method for implementing network traffic load sharing, an apparatus for implementing the method, and a router.
根据本发明的实施例, 一种实现网络流量负载分担的方法包括: 通过访问控制列表 ACL规则对引入到路由器的网络流量进行分解 和过滤;将分解并过滤后的网絡流量通过 HASH算法分配到用于承载网 络流量的虚拟 HASH桶; 根据网络流量的分布情况, 将网络流量从虚拟 HASH桶中分配给实际端口。  According to an embodiment of the present invention, a method for implementing network traffic load sharing includes: decomposing and filtering network traffic introduced to a router by using an access control list ACL rule; and distributing the decomposed and filtered network traffic to the HASH algorithm. A virtual HASH bucket that carries network traffic. According to the distribution of network traffic, network traffic is allocated from the virtual HASH bucket to the actual port.
根据本发明的实施例, 一种实现网络流量负载分担的装置包括引入 网络流量的分光器, 对引入的网络流量进行分解和过滤的过滤器, 还包 括: 虚拟 HASH桶, 用于承载由过滤器分解并过滤后的网络流量, 网络 流量通过基于虚拟 HASH桶的数目的 HASH算法分配到虚拟 HASH桶; 实际端口, 用于接收从虚拟 HASH桶分配过来的网络流量, 并将该网络 流量交给服务器系统。 According to an embodiment of the present invention, an apparatus for implementing network traffic load sharing includes introducing The network traffic splitter, the filter for decomposing and filtering the imported network traffic, further includes: a virtual HASH bucket, configured to carry network traffic decomposed and filtered by the filter, and the network traffic passes the number based on the virtual HASH bucket. The HASH algorithm is allocated to the virtual HASH bucket; the actual port is configured to receive network traffic allocated from the virtual HASH bucket, and deliver the network traffic to the server system.
根据本发明的实施例, 一种路由器包括: 过滤单元, 用于通过访问 控制列表 ACL规则对 ]入到所述路由器的网络流量进行分解和过滤; 分配单元,用于根据 HASH算法以及映射运算方法对分解和过滤后 的网络流量进行分配;  According to an embodiment of the present invention, a router includes: a filtering unit, configured to decompose and filter network traffic entering the router by using an access control list ACL rule; and an allocation unit, configured to perform a hash algorithm according to a HASH algorithm and a mapping operation method Allocate the decomposed and filtered network traffic;
实际端口, 用于将来自分配单元的网络流量发送至服务器系统。 其中, 分配单元包括: HASH运算单元, 用于将分解并过滤后的网 络流量通过 HASH算法进行分配; 虚拟 HASH桶, 用于承载由 HASH 运算单元分配来的网络流量; 映射运算单元, 用于根据网络流量的分布 情况, 将网络流量从虚拟 HASH桶中分配给实际端口。  The actual port used to send network traffic from the distribution unit to the server system. The allocation unit includes: a HASH operation unit, configured to allocate the decomposed and filtered network traffic by using a HASH algorithm; a virtual HASH bucket for carrying network traffic allocated by the HASH operation unit; and a mapping operation unit, configured to The distribution of network traffic is distributed from the virtual HASH bucket to the actual port.
在本发明的实施例中, 由于釆用了虚拟 HASH桶, 而虚拟 HASH桶 的数目可以根据需要进行灵活设置, 从而使分解并过滤后的网络流量可 以在更多的桶中散列, 如果分流比较均匀, 直接将虚拟 HASH桶中的网 络流量分配到实际端口中即可; 在网络流量分配不均勾时, 将网络流量 从虚拟 HASH桶分配到实际端口时尽量选择未被使用的端口或者流量 最小的端口, 当流量最小的端口有多个时, 选择端口速率最大的端口, 即尽量使各端口的网络流量实现平衡, 从而保证网络流量可以均勾地分 配到实际端口。 附图简要说明  In the embodiment of the present invention, the virtual HASH bucket is used, and the number of virtual HASH buckets can be flexibly set according to requirements, so that the decomposed and filtered network traffic can be hashed in more buckets, if the traffic is offloaded. Uniformly, the network traffic in the virtual HASH bucket can be directly allocated to the actual port; when the network traffic is unevenly distributed, when the network traffic is allocated from the virtual HASH bucket to the actual port, try to select the unused port or traffic. The smallest port, when there are multiple ports with the smallest traffic, select the port with the highest port rate, that is, balance the network traffic of each port as much as possible to ensure that network traffic can be allocated to the actual port. BRIEF DESCRIPTION OF THE DRAWINGS
图 1为本发明实施例的实现网络流量负载分担的方法的原理框图。 图 2 为本发明实施例的实现网络流量负载分担的装置的结构示意 图。 FIG. 1 is a schematic block diagram of a method for implementing network traffic load sharing according to an embodiment of the present invention. FIG. 2 is a schematic structural diagram of an apparatus for implementing network traffic load sharing according to an embodiment of the present invention.
图 3为本发明实施例的实现网络流量负载分担的方法的一种实施方 式的流程图。  FIG. 3 is a flowchart of an implementation manner of a method for implementing network traffic load sharing according to an embodiment of the present invention.
图 4为本发明实施例中路由器的结构示意图。 实施本发明的方式  FIG. 4 is a schematic structural diagram of a router according to an embodiment of the present invention. Mode for carrying out the invention
以下结合附图及实施例,对本发明进行进一步详细说明。应当理解, 此处所描述的具体实施例仅仅用于解释本发明, 并不用于限定本发明。  The present invention will be further described in detail below with reference to the accompanying drawings and embodiments. It is understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
下面结合附图和实施例对本发明进一步说明, 但不作为对本发明的 限定。  The present invention is further described with reference to the accompanying drawings and embodiments, but is not intended to limit the invention.
图 1 为本发明的实施例中实现网络流量负载分担的方法 原理框 图。 如图 1 所示, 本发明的实施例中, 将分解过滤后的网络流量通过 HASH算法分配给虚拟 HASH桶, 然后通过映射算法将网络流量分配给 实际端口, 从而实现网络流量的均匀负载分担。  FIG. 1 is a schematic block diagram of a method for implementing network traffic load sharing according to an embodiment of the present invention. As shown in FIG. 1 , in the embodiment of the present invention, the decomposed and filtered network traffic is allocated to the virtual HASH bucket through the HASH algorithm, and then the network traffic is allocated to the actual port through the mapping algorithm, thereby achieving uniform load sharing of the network traffic.
为了实现上述方法, 需要建立实现网络流量负载分担的装置。 图 2 为本发明的实施例中实现网络流量负载分担的装置的结构示意图。 如图 2所示, 该装置包括分光器 201、 过滤器 202、 HASH运算器 203、 虛拟 HASH桶 204、 映射运算器 205和路由器的实际端口 206。 其中:  In order to implement the above method, it is necessary to establish a device for implementing network traffic load sharing. FIG. 2 is a schematic structural diagram of an apparatus for implementing network traffic load sharing according to an embodiment of the present invention. As shown in FIG. 2, the apparatus includes a splitter 201, a filter 202, a HASH operator 203, a virtual HASH bucket 204, a mapping operator 205, and an actual port 206 of the router. among them:
分光器 201将网络流量引入过滤器 202;  The splitter 201 introduces network traffic into the filter 202;
过滤器 202根据 ACL规则将引入的网络流量进行分解并过滤, 具 体为: 在 ACL规则中, 配置根据网络流量的源地址、 目的地址、 端口 号或者协议类型等对网絡流量进行分类的规则, 把这些规则运用到路由 器接口上,过滤器 202根据这些规则,判断对引入的网络流量进行接收、 丟弃、 或重定向到端口或端口组, 从而实现对网络流量的分解和过滤; HASH运算器 203将过滤器 202过滤后的网络流量通过 HASH算法 分配给虚拟 HASH桶 204; The filter 202 decomposes and filters the imported network traffic according to the ACL rule, and specifically: in the ACL rule, configure a rule for classifying the network traffic according to the source address, the destination address, the port number, or the protocol type of the network traffic, These rules are applied to the router interface, and the filter 202 determines, according to these rules, that the introduced network traffic is received, discarded, or redirected to a port or a port group, thereby realizing the decomposition and filtering of the network traffic; The HASH operator 203 allocates the network traffic filtered by the filter 202 to the virtual HASH bucket 204 through the HASH algorithm;
虚拟 HASH桶 204承载分解并过滤后的网络流量;  The virtual HASH bucket 204 carries the decomposed and filtered network traffic;
映射运算器 205将虚拟 HASH桶 204中的网络流量分配到路由器的 实际端口 206;  The mapping operator 205 allocates network traffic in the virtual HASH bucket 204 to the actual port 206 of the router;
路由器提供的实际端口 206接收从虚拟 HASH桶 204分配过来的网 络流量, 并将该网絡流量交给服务器系统的主机 207进行处理。  The actual port 206 provided by the router receives the network traffic allocated from the virtual HASH bucket 204, and hands the network traffic to the host 207 of the server system for processing.
下面结合上述装置阐述实现网络流量均匀负载分担的流程。  The process of implementing uniform load sharing of network traffic is described below in conjunction with the above apparatus.
首先,将网络流量由分光器 201引入,并经过滤器 202分解和过滤, 然后将网络流量用 HASH算法分配到虚拟 HASH桶 204。  First, the network traffic is introduced by the splitter 201, decomposed and filtered by the filter 202, and then the network traffic is distributed to the virtual HASH bucket 204 by the HASH algorithm.
当检测到网絡流量分流比较均勾时,将虚拟 HASH桶 204映射到实 际端口, 将网络流量发送到与虛拟 HASH桶 204相对应的实际端口; 当 检测到网络流量分流不均匀时, 采取以下的分配方法。 如图 3所示, 遍 历路由器的实际端口, 寻找没有分配网络流量的端口, 如果找到, 则将 网络流量分配给该端口;如果没找到,则寻找网络流量统计最小的端口, 找到后将网络流量分配给网络流量统计最小的端口; 如果存在多个网络 流量统计最小的端口, 则从这些端口中寻找端口速率最大的端口, 找到 后将网络流量分配给该端口速率最大的端口; 如果存在多个端口速率最 大的端口, 则从多个端口速率最大的端口中寻找已分配次数最少的端 口, 找到后将流量分配给已分配次数最少的端口; 如果存在多个已分配 次数最少的端口, 则从中随机选择一个端口, 将流量分配给该端口。 上 述过程中所寻找的端口均为状态为 UP的端口。  When the network traffic splitting comparison is checked, the virtual HASH bucket 204 is mapped to the actual port, and the network traffic is sent to the actual port corresponding to the virtual HASH bucket 204. When the network traffic splitting is detected to be uneven, the following is taken. Distribution method. As shown in Figure 3, traverse the actual port of the router, look for the port that does not allocate network traffic, if found, assign network traffic to the port; if not found, look for the port with the lowest network traffic statistics, find the network traffic The port with the lowest network traffic statistics; if there are multiple ports with the lowest network traffic statistics, look for the port with the highest port rate from these ports, and then assign the network traffic to the port with the highest rate on the port; The port with the highest port rate searches for the port with the least number of allocated ports from the port with the highest port rate. After it is found, it allocates the traffic to the port with the least number of allocated times. If there are multiple ports with the least number of allocated times, Randomly select a port to assign traffic to that port. The ports looked for in the above process are all ports with the status UP.
本发明的实施例还提出一种路由器。 图 4 为本发明实施例中路由 器的结构示意图。如图 4所示,路由器包括过滤单元 401 ,分配单元 400, 和实际端口 406。 过滤单元 401通过访问控制列表 ACL规则对引入到路由器的网络 流量进行分解和过滤。 Embodiments of the present invention also propose a router. FIG. 4 is a schematic structural diagram of a router according to an embodiment of the present invention. As shown in FIG. 4, the router includes a filtering unit 401, an allocating unit 400, and an actual port 406. The filtering unit 401 decomposes and filters the network traffic introduced to the router by using an access control list ACL rule.
分配单元 400根据 HASH算法以及映射运算对分解和过滤后的网络 流量进行分配。  The allocating unit 400 allocates the decomposed and filtered network traffic according to the HASH algorithm and the mapping operation.
实际端口 406将分配单元 400 分配的网絡流量发送到服务器系统 中。 在路由器中有多个实际端口 406, 这里为了方便, 仅绘制一个实际 端口。  The actual port 406 sends the network traffic allocated by the allocation unit 400 to the server system. There are multiple physical ports 406 in the router, and for convenience, only one actual port is drawn.
其中,分配单元 400包括: HASH运算单元 402,虛拟 HASH桶 403 , 映射运算单元 405。 HASH运算单元 402将分解并过滤后的网络流量通 过 HASH算法进行分配。虚拟 HASH桶 403承载由 HASH运算单元 402 分配来的网络流量。 映射运算单元 405才艮据网络流量的分布情况, 将网 络流量从虚拟 HASH桶 403中分配给实际端口 406。  The allocation unit 400 includes: a HASH operation unit 402, a virtual HASH bucket 403, and a mapping operation unit 405. The HASH operation unit 402 allocates the decomposed and filtered network traffic through the HASH algorithm. The virtual HASH bucket 403 carries the network traffic allocated by the HASH operation unit 402. The mapping operation unit 405 allocates the network traffic from the virtual HASH bucket 403 to the actual port 406 according to the distribution of the network traffic.
路由器中的分配单元 400还可以包括虛拟 HASH桶数目确定单元 407。 虛拟 HASH桶数目确定单元 407根据实际端口数目或分解后的网 络流量的数目来确定虚拟 HASH桶数目,并将虚拟 HASH桶数目发送给 HASH运算单元; HASH运算单元将分解并过滤后的网络流量通过基于 所述虚拟 HASH桶数目的 HASH算法进行分配。  The allocation unit 400 in the router may further include a virtual HASH bucket number determining unit 407. The virtual HASH bucket number determining unit 407 determines the number of virtual HASH buckets according to the actual number of ports or the number of the decomposed network traffic, and sends the number of virtual HASH buckets to the HASH operation unit; the HASH computing unit passes the decomposed and filtered network traffic. The allocation is performed based on the HASH algorithm of the number of virtual HASH buckets.
路由器中的分配单元还可以包括网络流量分布判断单元 404。 网络 否均勾, 并将判断结果发送给映射运算单元 405。  The allocation unit in the router may further include a network traffic distribution judging unit 404. The network is unchecked, and the judgment result is sent to the mapping operation unit 405.
路由器中的映射运算单元 405 包括: 映射模块 4051 和运算模块 其中, 当从网络流量分布判断单元 404收到的判断结果得知网络流 量分布均匀时 , 映射模块 4051将虚拟 HASH桶 403映射到的实际端口 406, 并将网络流量发送到其对应的实际端口 406; 当从网络流量分布判 断单元 404收到的判断结果得知网络流量分布不均匀时,运算模块 4052 通过算法将网络流量分配到实际端口 406。 The mapping operation unit 405 in the router includes: a mapping module 4051 and an operation module, wherein when the network traffic distribution is uniform from the judgment result received by the network traffic distribution determining unit 404, the mapping module 4051 maps the virtual HASH bucket 403 to the actual Port 406, and send network traffic to its corresponding actual port 406; when it is judged from network traffic distribution When the judgment result received by the breaking unit 404 is that the network traffic distribution is uneven, the operation module 4052 allocates network traffic to the actual port 406 by an algorithm.
在本发明的实施例中, 将网络流量由分光器引入, 并经过滤器分解 和过滤后分配给虚拟 HASH桶, 假设虛拟 HASH桶的数目为 10000, 且 实际端口的数目为 100, 如果此时网络流量分流比较均匀, 定义序号为 1 ~ 100的虚拟 HASH桶对应实际端口 1,序号为 101 ~ 200的虚拟 HASH 桶对应实际端口 2, 序号为 201 ~ 300的虚拟 HASH桶对应实际端口 3, 以此类推, 将虛拟 HASH桶与实际端口对应起来, 将分配到某个虚拟 HASH桶的网络流量分配给与之对应的实际端口, 从而实现网络流量的 分流。 由于在分流时网络流量就比较均匀, 因此分配到实际端口后也可 以保持网络流量均匀负载分担。  In the embodiment of the present invention, the network traffic is introduced by the optical splitter, and is decomposed and filtered by the filter, and then allocated to the virtual HASH bucket. The number of virtual HASH buckets is 10000, and the number of actual ports is 100. The virtual HASH bucket with the serial number of 1 to 100 corresponds to the actual port 1, the virtual HASH bucket with the serial number of 101 to 200 corresponds to the actual port 2, and the virtual HASH bucket with the serial number of 201 to 300 corresponds to the actual port 3. Similarly, the virtual HASH bucket is associated with the actual port, and the network traffic allocated to a virtual HASH bucket is allocated to the corresponding actual port, thereby realizing the traffic distribution of the network traffic. Since the network traffic is relatively uniform during the offloading, the network traffic can be evenly distributed after being allocated to the actual port.
在另一种情况中, 定路由器实际端口的数目为 256, 而 HASH键 值长度为 16bit, 其变化范围为 0 65535, 因此, 如果采用实际端口作 为 HASH桶, 势必有多个网络流量落在同一端口上, 使得各端口分配的 网络流量数目上不均匀; 而且数据包本身大小不限, 因此每个端口上的 流量也不均匀。  In another case, the number of actual ports of the router is 256, and the length of the HASH key is 16 bits, and the range of change is 0 65535. Therefore, if the actual port is used as the HASH bucket, it is bound to have multiple network traffic falling in the same On the port, the number of network traffic allocated by each port is not uniform; and the size of the data packet itself is not limited, so the traffic on each port is not uniform.
采用虛拟 HASH桶, 设置其数目为 256 X 1000 = 256000, 将分解并 过滤后的 65536个网络流量散列开来,每个虚拟 HASH桶内最多只有一 个网絡流量。 将散列在 256000个虚拟 HASH桶内的流量( 65536个 ) 分配到实际的 256个端口中去。  The virtual HASH bucket is set to 256 X 1000 = 256000, and the 65536 network traffic that is decomposed and filtered is hashed. There is at most one network traffic in each virtual HASH bucket. The traffic (65536) hashed into 256,000 virtual HASH buckets is allocated to the actual 256 ports.
在设置了虚拟 HASH桶后,可以利用 HASH桶的统计值判断分解和 过滤后的网络流量是否均勾, 如果分解和过滤后的网络流量均匀, 则可 以通过虛拟 HASH桶与实际端口之间的对应关系将一虚拟 HASH桶中的 网络流量映射到该虚拟 HASH桶对应的实际端口; 如果分解和过滤后的 网络流量不均勾, 则无法简单地 >据上述对应关系将网络流量映射到实 际端口, 而是需要通过遍历实际端口的流量负载情况选择流量最小的实 际端口, 然后将网络流量分配给实际端口。 下面通过一具体实施例对网 络流量不均匀的情况下网络流量的负载分担方案进行阐述。 After the virtual HASH bucket is set, you can use the statistics of the HASH bucket to determine whether the network traffic is decomposed and filtered. If the network traffic after the decomposition and filtering is uniform, you can pass the mapping between the virtual HASH bucket and the actual port. The relationship maps the network traffic in a virtual HASH bucket to the actual port corresponding to the virtual HASH bucket. If the network traffic after the decomposition and filtering is not uniform, the network traffic cannot be simply mapped to the real relationship according to the foregoing relationship. Instead, you need to select the actual port with the lowest traffic by traversing the traffic load of the actual port, and then assign the network traffic to the actual port. The following describes the load balancing scheme of network traffic in the case of uneven network traffic through a specific embodiment.
图 3为本发明实施例的实现网络流量负载分担的方法的流程图。 在 本实施例中, 假设实际端口的数目为 256 , 虚拟 HASH桶的数目为 256000, 并且网络流量不均勾, 从图 3可见, 实现网络流量负载分担的 方法主要包括以下步骤:  FIG. 3 is a flowchart of a method for implementing network traffic load sharing according to an embodiment of the present invention. In this embodiment, the number of the actual port is 256, the number of the virtual HASH bucket is 256000, and the network traffic is uneven. As shown in FIG. 3, the method for implementing network traffic load sharing mainly includes the following steps:
步骤 301: 分光器引入网络流量;  Step 301: The optical splitter introduces network traffic.
步骤 302: 将引入的网络流量根据 ACL规则进行分解和过滤; 步骤 303: 将分解并过滤后的网络流量通过 HASH算法分配给虚拟 HASH桶;  Step 302: Decompose and filter the imported network traffic according to the ACL rule. Step 303: Assign the decomposed and filtered network traffic to the virtual HASH bucket through the HASH algorithm.
假定某条网络流量 F采用虛拟 HASH桶计算得到的 HASH结果为 m, 每个实际端口上分配的网络流量数目用数组 Fn[i]表示, 其中 0 i 255 ,每个实际端口上的实际网络流量用数组 Fa[i]表示,其中 0 < 255; 步驟 304: 遍历实际端口;  Assume that the HASH result calculated by a virtual HASH bucket is m, and the number of network traffic allocated on each actual port is represented by an array Fn[i], where 0 i 255 , the actual network traffic on each actual port Represented by the array Fa[i], where 0 < 255; Step 304: traverse the actual port;
步骤 305: 查找是否有分配的网络流量 Fn[i] = 0, 且状态为 UP的端 口, 如果有, 执行步骤 306, 否则执行步骤 307;  Step 305: Find whether there is an allocated network traffic Fn[i] = 0, and the port is in the state of UP, if yes, go to step 306, otherwise go to step 307;
步骤 306: 选择分配的网络流量 Fn[i] = 0的端口 , 选中的端口所分 配的网络流量数目 Fn[i]增加 1, 则该端口的实际网络流量 Fa[i]增加; 步骤 307: 寻找网络流量统计最小且状态为 UP的端口 Fa[i]min; 步骤 308: 判断网络流量统计最小且状态为 UP的端口是否唯一, 如果是, 执行步骤 309, 否则执行步骤 310;  Step 306: Select the port with the assigned network traffic Fn[i] = 0, and increase the number of network traffic Fn[i] allocated by the selected port by 1, then the actual network traffic Fa[i] of the port increases; Step 307: Find The port Fa[i]min with the smallest network traffic statistics and the status is UP; Step 308: Determine whether the port with the smallest network traffic statistics and the status is UP is unique, if yes, go to step 309, otherwise go to step 310;
步骤 309: 选择该网络流量统计最小的端口, 选中的端口所分配网 络流量数目 Fn[i]增加 1 , 则该端口的实际网络流量 Fa[i]增加;  Step 309: Select the port with the smallest network traffic statistics, and increase the number of network traffic Fn[i] allocated by the selected port by 1, and increase the actual network traffic Fa[i] of the port.
步骤 310: 在多个网络流量统计最小且状态为 UP的端口中寻找端 口速率最大的端口; Step 310: Search for the port in the port with the smallest network traffic statistics and the status is UP. The port with the highest port rate;
步骤 311 : 判断网络流量统计最小、 状态为 UP且端口速率最大的 端口是否唯一, 如果是, 执行步骤 312, 否则执行步骤 313;  Step 311: Determine whether the network traffic statistics are the smallest, the status is UP, and the port with the highest port rate is unique. If yes, go to step 312, otherwise go to step 313;
步骤 312: 选择该网络流量统计最小、 状态为 UP且端口速率最大 的端口, 选中的端口所分配的网络流量数目 Fn[i]增加 1 , 则该端口的实 际网络流量 Fa[i]增加; ·  Step 312: Select the port with the smallest network traffic statistics, the status is UP, and the port rate is the largest. If the number of network traffic Fn[i] allocated by the selected port is increased by 1, the actual network traffic Fa[i] of the port increases.
步骤 313: 在多个网絡流量统计最小、 状态为 UP且端口速率最大 的端口中寻找已分配次数最小的端口 Fn[i]min;  Step 313: Find the port Fn[i]min with the smallest number of allocated ports in the port with the smallest network traffic statistics, the state of the UP, and the maximum port rate.
步骤 314: 判断网络流量统计最小、 状态为 UP且端口速率最大且 已分配次数最少的端口是否唯一, 如果是, 执行步骤 315, 否则执行步 骤 316;  Step 314: Determine whether the network traffic statistics are the smallest, the state is UP, the port rate is the largest, and the port with the least number of times is the only ones. If yes, go to step 315, otherwise go to step 316;
步骤 315: 选择该网络流量统计最小、 状态为 UP且端口速率最大 且已分配次数最少的端口,选中的端口所分配的网络流量数目 Fn[i]增加 1 , 则该端口的实际网絡流量 Fa[i]增加;  Step 315: Select the port with the smallest network traffic statistics, the status is UP, the port rate is the largest, and the number of allocated times is the least. If the number of network traffic Fn[i] allocated by the selected port is increased by 1, the actual network traffic of the port is Fa [ i] increase;
步骤 316: 从多个网络流量统计最小、 状态为 UP且端口速率最大 且已分配次数最少的端口中随机选择一个端口分配流量, 选中的端口所 分配的网络流量数目 Fn[i]增加 1, 则该端口的实际网络流量 Fa[i]增力口。  Step 316: randomly select one port to allocate traffic from multiple ports with the smallest network traffic statistics, the state is UP, the port rate is the largest, and the least number of times is allocated. The number of network traffic Fn[i] allocated by the selected port is increased by 1, then The actual network traffic of the port Fa[i] is increased.
重复步骤 304 ~ 316, 将每个虚拟 HASH桶中的流量分配到所选择 的实际端口, 从而实现了网絡流量的均匀负载分担。  Repeat steps 304 ~ 316 to distribute the traffic in each virtual HASH bucket to the selected actual port, thus achieving uniform load sharing of network traffic.
以上所述仅为本发明的较佳实施例而已, 并不用以限制本发明, 凡 在本发明的精神和原则之内所作的任何修改、 等同替换和改进等, 均应 包含在本发明的保护范围之内。  The above is only the preferred embodiment of the present invention, and is not intended to limit the present invention. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should be included in the protection of the present invention. Within the scope.

Claims

权利要求书 Claim
1、 一种实现网络流量负载分担的方法, 其特征在于, 包括: 通过访问控制列表 ACL规则对引入到路由器的网络流量进行分解 和过滤;  A method for implementing network traffic load sharing, comprising: decomposing and filtering network traffic introduced to a router by using an access control list ACL rule;
将所述分解并过滤后的网络流量通过 HASH 算法分配到用于承载 网络流量的虚拟 HASH桶;  And allocating the filtered and filtered network traffic to a virtual HASH bucket for carrying network traffic by using an HASH algorithm;
根据网络流量的分布情况,将所述网络流量从所述虛拟 HASH桶中 分配给实际端口。  The network traffic is allocated from the virtual HASH bucket to the actual port according to the distribution of network traffic.
2、 根据权利要求 1 所述的实现网络流量负载分担的方法, 其特征 在于, 所述将分解并过滤后的网络流量通过 HASH 算法分配到虚拟 HASH桶包括:  The method for implementing network traffic load balancing according to claim 1, wherein the splitting and filtering the network traffic to the virtual HASH bucket by using the HASH algorithm includes:
确定虛拟 HASH桶的数目;  Determine the number of virtual HASH buckets;
通过基于所确定的虚拟 HASH桶的数目的 HASH算法确定一个虛拟 HASH桶;  Determining a virtual HASH bucket by using a HASH algorithm based on the determined number of virtual HASH buckets;
将所述分解并过滤后的网络流量分配到所确定的虛拟 HASH桶。 The decomposed and filtered network traffic is allocated to the determined virtual HASH bucket.
3、 根据权利要求 2所述的实现网络流量负载分担的方法, 其特征 在于, 所述虚拟 HASH桶的数目大于分解后的网络流量的数目。 The method for implementing network traffic load sharing according to claim 2, wherein the number of the virtual HASH buckets is greater than the number of the decomposed network traffic.
4、 根据权利要求 2所述的实现网络流量负载分担的方法, 其特征 在于, 确定所述虚拟 HASH桶的数目为实际端口数的倍数。  The method for implementing network traffic load balancing according to claim 2, wherein the number of the virtual HASH buckets is determined to be a multiple of the actual port number.
5、 根据权利要求 1至 4之任意一项所述的实现网络流量负载分担 的方法,其特征在于,所述网络流量的分布情况是通过以下方法确定的: 根据虛拟 HASH桶的统计值确定网络流量分布是否均匀。  The method for implementing network traffic load sharing according to any one of claims 1 to 4, wherein the distribution of the network traffic is determined by the following method: determining a network according to a statistical value of a virtual HASH bucket Whether the flow distribution is uniform.
6、 根据权利要求 5 所述的实现网络流量负载分担的方法, 其特征 在于, 所述的网络流量从虛拟 HASH桶分配到实际端口包括:  The method for implementing network traffic load sharing according to claim 5, wherein the allocating the network traffic from the virtual HASH bucket to the actual port includes:
当确定了网络流量分配均匀时 , 将虛拟 HASH桶与实际端口映射, 将虚拟 HASH桶上的网络流量发送至与虚拟 HASH桶对应的实际端口。When the network traffic distribution is determined to be uniform, the virtual HASH bucket is mapped to the actual port. Send the network traffic on the virtual HASH bucket to the actual port corresponding to the virtual HASH bucket.
7、 根据权利要求 5 所述的实现网络流量负载分担的方法, 其特征 在于, 所述的网络流量从虚拟 HASH桶分配到实际端口包括: The method for implementing network traffic load sharing according to claim 5, wherein the allocating the network traffic from the virtual HASH bucket to the actual port includes:
当确定了网络流量分配不均匀时, 遍历实际端口, 寻找没有分配网 络流量且状态为 UP的端口, 如果找到, 则将网络流量分配到所述没有 分配网络流量且状态为 UP的端口; 否则, 寻找网络流量统计最小且状 态为 UP的端口,将网络流量分配到所述网络流量统计最小且状态为 UP 的端口。  When it is determined that the network traffic is unevenly distributed, the actual port is traversed, and a port whose status is UP is not allocated, and if found, the network traffic is allocated to the port that has no network traffic and the state is UP; otherwise, Look for the port with the smallest network traffic statistics and the status is UP, and allocate the network traffic to the port with the smallest network traffic statistics and the status is UP.
8、 根据权利要求 7所述的实现网络流量负载分担的方法, 其特征 在于, 还包括:  The method for implementing network traffic load sharing according to claim 7, further comprising:
如果寻找到两个或两个以上网络流量统计最小且状态为 UP 的端 口, 则将流量分配到所述网络流量统计最小且状态为 UP的端口中端口 速率最大的端口。  If two or more ports with the lowest traffic statistics and the status of UP are found, the traffic is allocated to the port with the highest port rate among the ports with the smallest network traffic statistics and the status of UP.
9、 根据权利要求 8所述的实现网络流量负载分担的方法, 其特征 在于, 还包括:  The method for implementing network traffic load sharing according to claim 8, further comprising:
如果所述网络流量统计最小且状态为 UP的端口中有多个端口速率 最大的端口, 则将网络流量分配到所述端口速率最大的端口中已分配次 数最少的端口。  If the port with the smallest network traffic statistics and the status of UP has multiple ports with the highest port rate, the network traffic is allocated to the port with the least number of allocated ports with the highest port rate.
10、 根据权利要求 9所述的实现网络流量负载分担的方法, 其特征 在于, 还包括:  The method for implementing network traffic load sharing according to claim 9, further comprising:
如果所述网络流量统计最小且状态为 UP且端口速率最大的端口中 有多个已分配次数最少的端口, 则从中随机选择一个端口分配流量。  If the network traffic statistics are the smallest and the port with the highest status and the highest port rate has the least number of allocated ports, then one port is randomly selected to allocate traffic.
11、 一种实现网络流量负载分担的装置, 包括引入网络流量的分光 器和对引入的网络流量进行分解和过滤的过滤器, 其特征在于, 该装置 还包括: 虚拟 HASH桶, 用于承载由过滤器分解并过滤后的网络流量, 所述 网絡流量通过基于虚拟 HASH桶的数目的 HASH算法分配到虚拟 HASH 桶; A device for implementing network traffic load sharing, comprising: a splitter that introduces network traffic, and a filter that decomposes and filters the incoming network traffic, wherein the device further includes: a virtual HASH bucket, configured to carry network traffic decomposed and filtered by the filter, where the network traffic is allocated to the virtual HASH bucket by using a HASH algorithm based on the number of virtual HASH buckets;
实际端口, 用于接收从虚拟 HASH桶分配过来的网絡流量, 并将该 网络流量交给^ I良务器系统。  The actual port is used to receive network traffic allocated from the virtual HASH bucket, and hand the network traffic to the server.
12、 根据权利要求 11 所述的实现网络流量负载分担的装置, 其特 征在于, 还包括:  12. The apparatus for implementing network traffic load sharing according to claim 11, wherein the method further comprises:
HASH运算单元, 设置于所述过滤器与所述虛拟 HASH桶之间, 用 于通过基于虚拟 HASH桶的数目的 HASH算法确定一个虛拟 HASH桶, 将过滤器分解并过滤后的网络流量分配给所确定的虛拟 HASH桶。  An HASH operation unit is disposed between the filter and the virtual HASH bucket, configured to determine a virtual HASH bucket by using a HASH algorithm based on the number of virtual HASH buckets, and allocate network traffic that is decomposed and filtered by the filter to the Determine the virtual HASH bucket.
13、 根据权利要求 11或 12所述的实现网络流量负载分担的装置, 其特征在于, 还包括:  The device for implementing network traffic load sharing according to claim 11 or 12, further comprising:
映射运算单元, 设置于所述虚拟 HASH桶与所述实际端口之间, 用 于将虚拟 HASH桶中的网絡流量分配到实际端口。  The mapping operation unit is disposed between the virtual HASH bucket and the actual port, and is configured to allocate network traffic in the virtual HASH bucket to the actual port.
14、 一种路由器, 其特征在于, 包括:  14. A router, comprising:
过滤单元, 用于通过访问控制列表 ACL规则对引入到所述路由器 的网络流量进行分解和过滤;  a filtering unit, configured to decompose and filter network traffic introduced to the router by using an access control list ACL rule;
分配单元,用于根据 HASH算法以及映射运算方法对由所述过滤单 元分解和过滤后的网络流量进行分配;  An allocating unit, configured to allocate network traffic decomposed and filtered by the filtering unit according to a HASH algorithm and a mapping operation method;
实际端口, 用于将来自分配单元的网络流量发送至服务器系统。 The actual port used to send network traffic from the distribution unit to the server system.
15、 根据权利要求 14所述的路由器, 其特征在于, 所述分配单元 包括: The router according to claim 14, wherein the allocating unit comprises:
HASH运算单元, 用于将所述分解并过滤后的网络流量通过 HASH 算法进行分配;  a HASH operation unit, configured to allocate the decomposed and filtered network traffic by using a HASH algorithm;
虚拟 HASH桶, 用于承载由 HASH运算单元分配来的网络流量; 映射运算单元, 用于才艮据网络流量的分布情况, 将所述网络流量从 所述虚拟 HASH桶中分配给实际端口。 a virtual HASH bucket for carrying network traffic allocated by the HASH operation unit; The mapping operation unit is configured to allocate the network traffic from the virtual HASH bucket to the actual port according to the distribution of the network traffic.
16、 根据权利要求 15所述的路由器, 其特征在于, 所述分配单元 还包括: 虚拟 HASH桶数目确定单元, 用于根据实际端口数目或分解后 的网络流量的数目来确定虚拟 HASH桶数目,并发送所述虛拟 HASH桶 数目到 HASH运算单元; HASH运算单元, 用于将所述分解并过滤后的 网絡流量通过基于所述虚拟 HASH桶数目的 HASH算法进行分配。  The router according to claim 15, wherein the allocating unit further comprises: a virtual HASH bucket number determining unit, configured to determine the number of virtual HASH buckets according to the actual number of ports or the number of decomposed network traffic, And sending the number of the virtual HASH buckets to the HASH operation unit; the HASH operation unit is configured to allocate the decomposed and filtered network traffic by using a HASH algorithm based on the number of the virtual HASH buckets.
17、 根据权利要求 15或 16所述的路由器, 其特征在于, 所述分配 单元还包括:  The router according to claim 15 or 16, wherein the allocating unit further comprises:
网絡流量分布判断单元,用于根据所述虚拟 HASH桶的统计值确定 网络流量分布是否均勾, 并将判断结果发送给所述映射运算单元。  The network traffic distribution determining unit is configured to determine whether the network traffic distribution is consistent according to the statistical value of the virtual HASH bucket, and send the determination result to the mapping operation unit.
18、 根据权利要求 17 所述的路由器, 其特征在于, 所述映射运算 单元包括:  The router according to claim 17, wherein the mapping operation unit comprises:
映射模块, 用于在网络流量分布判断单元发来的判断结果是网络流 量分布均匀时,将虚拟 HASH桶映射到实际端口,并将虛拟 HASH桶的 网络流量发送到其对应的实际端口。  The mapping module is configured to map the virtual HASH bucket to the actual port and send the network traffic of the virtual HASH bucket to the corresponding actual port when the network traffic distribution determining unit sends the network traffic to the actual port.
19、 根据权利要求 17 所述的路由器, 其特征在于, 所述映射运算 单元包括:  The router according to claim 17, wherein the mapping operation unit comprises:
运算模块, '用于在网络流量分布判断单元发来的判断结果是网络流 量分布不均勾时, 通过算法将网络流量分配到实际端口, 以使实际端口 的网络流量均匀。  The operation module, 'When the judgment result sent by the network traffic distribution judgment unit is that the network traffic distribution is uneven, the network traffic is allocated to the actual port by the algorithm, so that the network traffic of the actual port is uniform.
PCT/CN2007/001110 2006-06-15 2007-04-05 A method and an apparatus for realizing partaking of network traffic load WO2007147310A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CNB2006100875691A CN100561937C (en) 2006-06-15 2006-06-15 A kind of method and device of realizing network flow load sharing
CN200610087569.1 2006-06-15

Publications (1)

Publication Number Publication Date
WO2007147310A1 true WO2007147310A1 (en) 2007-12-27

Family

ID=38783149

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2007/001110 WO2007147310A1 (en) 2006-06-15 2007-04-05 A method and an apparatus for realizing partaking of network traffic load

Country Status (2)

Country Link
CN (1) CN100561937C (en)
WO (1) WO2007147310A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130268646A1 (en) * 2012-04-04 2013-10-10 Radware, Ltd. Techniques for providing scalable application delivery controller services
US10375158B2 (en) 2012-04-04 2019-08-06 Radware, Ltd. Techniques for adaptive traffic direction via scalable application delivery controller services
CN111082959A (en) * 2019-03-28 2020-04-28 新华三技术有限公司 Load sharing method, device and network equipment
CN111262756A (en) * 2020-01-20 2020-06-09 长沙理工大学 High-speed network elephant flow accurate measurement method and structure

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101425960B (en) * 2007-11-02 2011-07-13 中兴通讯股份有限公司 Method and apparatus for load equalizing implementation
CN101296185B (en) * 2008-06-05 2011-12-14 杭州华三通信技术有限公司 Flow control method and device of equalization group
CN101355519B (en) * 2008-09-12 2010-11-10 杭州华三通信技术有限公司 Method and apparatus for implementing share of business stream load
CN102316021B (en) * 2011-07-04 2014-12-10 杭州华三通信技术有限公司 Method for realizing load sharing of switch aggregation port and switch
WO2013078579A1 (en) * 2011-11-28 2013-06-06 华为技术有限公司 Method, apparatus and system for sending message
CN102870382B (en) * 2012-06-29 2014-12-03 华为技术有限公司 Forwarding method, receiving method, first router an second router
CN103534996B (en) * 2012-11-29 2016-06-08 华为技术有限公司 Realize the method and apparatus of load balancing
CN105704059A (en) * 2016-03-31 2016-06-22 北京百卓网络技术有限公司 Load balancing method and load balancing system
CN106209672B (en) * 2016-07-21 2019-04-09 湖南智卓创新金融电子有限公司 A kind of method and system of Network Load Balance
CN109831388A (en) * 2017-11-23 2019-05-31 中国电信股份有限公司 Method and apparatus for optimizing flow load balance
CN109558423A (en) * 2018-10-31 2019-04-02 深圳壹账通智能科技有限公司 A kind of data search method based on key-value pair, device and equipment
CN109483748B (en) * 2019-01-11 2021-08-17 上海大学(浙江·嘉兴)新兴产业研究院 High-precision wafer cutting machine centralized control system, method and device
CN116886777B (en) * 2023-09-06 2024-01-26 苏州浪潮智能科技有限公司 Service flow distribution method and device for container arrangement platform

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002021296A1 (en) * 2000-09-07 2002-03-14 Mazu Networks, Inc. Statistics collection for network traffic
US20040032829A1 (en) * 1999-08-25 2004-02-19 Bonn David Wayne Network packet classification
CN1564547A (en) * 2004-03-25 2005-01-12 上海复旦光华信息科技股份有限公司 High speed filtering and stream dividing method for keeping connection features

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040032829A1 (en) * 1999-08-25 2004-02-19 Bonn David Wayne Network packet classification
WO2002021296A1 (en) * 2000-09-07 2002-03-14 Mazu Networks, Inc. Statistics collection for network traffic
CN1564547A (en) * 2004-03-25 2005-01-12 上海复旦光华信息科技股份有限公司 High speed filtering and stream dividing method for keeping connection features

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130268646A1 (en) * 2012-04-04 2013-10-10 Radware, Ltd. Techniques for providing scalable application delivery controller services
US9386085B2 (en) * 2012-04-04 2016-07-05 Radware, Ltd. Techniques for providing scalable application delivery controller services
US10375158B2 (en) 2012-04-04 2019-08-06 Radware, Ltd. Techniques for adaptive traffic direction via scalable application delivery controller services
CN111082959A (en) * 2019-03-28 2020-04-28 新华三技术有限公司 Load sharing method, device and network equipment
CN111082959B (en) * 2019-03-28 2022-08-26 新华三技术有限公司 Load sharing method, device and network equipment
CN111262756A (en) * 2020-01-20 2020-06-09 长沙理工大学 High-speed network elephant flow accurate measurement method and structure
CN111262756B (en) * 2020-01-20 2022-05-06 长沙理工大学 High-speed network elephant flow accurate measurement method and device

Also Published As

Publication number Publication date
CN101051939A (en) 2007-10-10
CN100561937C (en) 2009-11-18

Similar Documents

Publication Publication Date Title
WO2007147310A1 (en) A method and an apparatus for realizing partaking of network traffic load
US10904203B2 (en) Augmenting network flow with passive DNS information
Xiong et al. Robust dynamic network traffic partitioning against malicious attacks
US20130254872A1 (en) System and method for mitigating a denial of service attack using cloud computing
US7852756B2 (en) Network interface system with filtering function
US8861359B2 (en) Network system, control method thereof and controller
CN100596351C (en) Firewall method and system based on high-speed network data processing platform
CN100596062C (en) Secure protection device and method for distributed packet transfer
US9172651B2 (en) Denial of service prevention in a software defined network
CA2464784A1 (en) Multi-layered firewall architecture
CN106534394B (en) Apparatus, system, and method for managing ports
KR100996288B1 (en) A method for neutralizing the ARP spoofing attack by using counterfeit MAC addresses
CN104853001A (en) Address resolution protocol (ARP) message processing method and device
US20080240432A1 (en) Method and system for security protocol partitioning and virtualization
US20200076820A1 (en) Security access for a switch device
JP2004242222A (en) Method and apparatus of network control
CN110247893B (en) Data transmission method and SDN controller
KR20150116092A (en) Method and apparatus for partitoning newtork based on slicing
WO2003038621A1 (en) Reverse firewall packet transmission control system
RU2576488C1 (en) METHOD OF CONSTRUCTING DATA NETWORKS WITH HIGH LEVEL OF SECURITY FROM DDoS ATTACKS
JP3819368B2 (en) Communication control device, communication control method, server device with communication control, communication control method and communication control program using server device with communication control
US10897471B2 (en) Indicating malicious entities based on multicast communication patterns
CN116668191A (en) Internet of things application virtual gateway with data encryption convergence function
CN101242255B (en) A method and system for realizing N+1 redundant backup and load share
US8873555B1 (en) Privilege-based access admission table

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07720683

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07720683

Country of ref document: EP

Kind code of ref document: A1