WO2007147310A1 - Procédé et appareil pour réaliser le partage d'une charge de trafic de réseau - Google Patents

Procédé et appareil pour réaliser le partage d'une charge de trafic de réseau Download PDF

Info

Publication number
WO2007147310A1
WO2007147310A1 PCT/CN2007/001110 CN2007001110W WO2007147310A1 WO 2007147310 A1 WO2007147310 A1 WO 2007147310A1 CN 2007001110 W CN2007001110 W CN 2007001110W WO 2007147310 A1 WO2007147310 A1 WO 2007147310A1
Authority
WO
WIPO (PCT)
Prior art keywords
network traffic
port
virtual
virtual hash
hash bucket
Prior art date
Application number
PCT/CN2007/001110
Other languages
English (en)
Chinese (zh)
Inventor
Yikang Lei
Xueqin Liu
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2007147310A1 publication Critical patent/WO2007147310A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/66Arrangements for connecting between networks having differing types of switching systems, e.g. gateways

Definitions

  • the present invention relates to a network traffic distribution technique, and more particularly to a method and apparatus for implementing network traffic load sharing, and a router. Background of the invention
  • the Internet can provide a variety of content that enriches people's daily lives, it can also be used by social unscrupulous elements. If the Internet cannot be effectively managed and monitored, it will bring various harms to the network security of the country, enterprises and individuals. Therefore, it is very important to protect information security.
  • the current technology is mainly used for shunting and blocking.
  • the traffic is introduced into the router through the optical splitter, and is decomposed and filtered by the Access Control List (ACL) rules for the back-end server system to perform correlation analysis and processing.
  • ACL Access Control List
  • the offloading may be one or more levels of offloading until the granularity that the host can handle.
  • Each port group consists of multiple ports, and each port group corresponds to one server system. Because the traffic to be processed is large and the data is large, each server system adopts an array mode, and load balancing is performed among multiple hosts for common processing. This requires the router to load balance traffic between multiple output ports of the port group and distribute it evenly across multiple hosts.
  • the current HASH algorithm uses the HASH key value calculated according to the HASH element to obtain the output port by taking the number of ports. For example, the number of ports in the port group is 256.
  • the HASH key value calculated by 16-bit XOR according to the IP source address 10.0.0.1 and the destination address 10.0.0.2 is 3, and the 256 is obtained after modulo.
  • the advantage of this method is that the single tube is easy to operate.
  • the key length of the HASH calculation is not too long, the number of ports is large enough to be evenly hashed. It is suitable for small systems where the IP address does not change much and the number of output ports is not much.
  • the embodiment of the present invention provides A method for implementing network traffic load sharing, an apparatus for implementing the method, and a router.
  • a method for implementing network traffic load sharing includes: decomposing and filtering network traffic introduced to a router by using an access control list ACL rule; and distributing the decomposed and filtered network traffic to the HASH algorithm.
  • an apparatus for implementing network traffic load sharing includes introducing The network traffic splitter, the filter for decomposing and filtering the imported network traffic, further includes: a virtual HASH bucket, configured to carry network traffic decomposed and filtered by the filter, and the network traffic passes the number based on the virtual HASH bucket.
  • the HASH algorithm is allocated to the virtual HASH bucket; the actual port is configured to receive network traffic allocated from the virtual HASH bucket, and deliver the network traffic to the server system.
  • a router includes: a filtering unit, configured to decompose and filter network traffic entering the router by using an access control list ACL rule; and an allocation unit, configured to perform a hash algorithm according to a HASH algorithm and a mapping operation method Allocate the decomposed and filtered network traffic;
  • the allocation unit includes: a HASH operation unit, configured to allocate the decomposed and filtered network traffic by using a HASH algorithm; a virtual HASH bucket for carrying network traffic allocated by the HASH operation unit; and a mapping operation unit, configured to The distribution of network traffic is distributed from the virtual HASH bucket to the actual port.
  • the virtual HASH bucket is used, and the number of virtual HASH buckets can be flexibly set according to requirements, so that the decomposed and filtered network traffic can be hashed in more buckets, if the traffic is offloaded.
  • the network traffic in the virtual HASH bucket can be directly allocated to the actual port; when the network traffic is unevenly distributed, when the network traffic is allocated from the virtual HASH bucket to the actual port, try to select the unused port or traffic.
  • the smallest port when there are multiple ports with the smallest traffic, select the port with the highest port rate, that is, balance the network traffic of each port as much as possible to ensure that network traffic can be allocated to the actual port.
  • FIG. 1 is a schematic block diagram of a method for implementing network traffic load sharing according to an embodiment of the present invention.
  • FIG. 2 is a schematic structural diagram of an apparatus for implementing network traffic load sharing according to an embodiment of the present invention.
  • FIG. 3 is a flowchart of an implementation manner of a method for implementing network traffic load sharing according to an embodiment of the present invention.
  • FIG. 4 is a schematic structural diagram of a router according to an embodiment of the present invention. Mode for carrying out the invention
  • FIG. 1 is a schematic block diagram of a method for implementing network traffic load sharing according to an embodiment of the present invention.
  • the decomposed and filtered network traffic is allocated to the virtual HASH bucket through the HASH algorithm, and then the network traffic is allocated to the actual port through the mapping algorithm, thereby achieving uniform load sharing of the network traffic.
  • FIG. 2 is a schematic structural diagram of an apparatus for implementing network traffic load sharing according to an embodiment of the present invention.
  • the apparatus includes a splitter 201, a filter 202, a HASH operator 203, a virtual HASH bucket 204, a mapping operator 205, and an actual port 206 of the router. among them:
  • the splitter 201 introduces network traffic into the filter 202;
  • the filter 202 decomposes and filters the imported network traffic according to the ACL rule, and specifically: in the ACL rule, configure a rule for classifying the network traffic according to the source address, the destination address, the port number, or the protocol type of the network traffic, These rules are applied to the router interface, and the filter 202 determines, according to these rules, that the introduced network traffic is received, discarded, or redirected to a port or a port group, thereby realizing the decomposition and filtering of the network traffic;
  • the HASH operator 203 allocates the network traffic filtered by the filter 202 to the virtual HASH bucket 204 through the HASH algorithm;
  • the virtual HASH bucket 204 carries the decomposed and filtered network traffic
  • the mapping operator 205 allocates network traffic in the virtual HASH bucket 204 to the actual port 206 of the router;
  • the actual port 206 provided by the router receives the network traffic allocated from the virtual HASH bucket 204, and hands the network traffic to the host 207 of the server system for processing.
  • the network traffic is introduced by the splitter 201, decomposed and filtered by the filter 202, and then the network traffic is distributed to the virtual HASH bucket 204 by the HASH algorithm.
  • the virtual HASH bucket 204 is mapped to the actual port, and the network traffic is sent to the actual port corresponding to the virtual HASH bucket 204.
  • the network traffic splitting is detected to be uneven, the following is taken. Distribution method.
  • FIG. 4 is a schematic structural diagram of a router according to an embodiment of the present invention. As shown in FIG. 4, the router includes a filtering unit 401, an allocating unit 400, and an actual port 406.
  • the filtering unit 401 decomposes and filters the network traffic introduced to the router by using an access control list ACL rule.
  • the allocating unit 400 allocates the decomposed and filtered network traffic according to the HASH algorithm and the mapping operation.
  • the actual port 406 sends the network traffic allocated by the allocation unit 400 to the server system. There are multiple physical ports 406 in the router, and for convenience, only one actual port is drawn.
  • the allocation unit 400 includes: a HASH operation unit 402, a virtual HASH bucket 403, and a mapping operation unit 405.
  • the HASH operation unit 402 allocates the decomposed and filtered network traffic through the HASH algorithm.
  • the virtual HASH bucket 403 carries the network traffic allocated by the HASH operation unit 402.
  • the mapping operation unit 405 allocates the network traffic from the virtual HASH bucket 403 to the actual port 406 according to the distribution of the network traffic.
  • the allocation unit 400 in the router may further include a virtual HASH bucket number determining unit 407.
  • the virtual HASH bucket number determining unit 407 determines the number of virtual HASH buckets according to the actual number of ports or the number of the decomposed network traffic, and sends the number of virtual HASH buckets to the HASH operation unit; the HASH computing unit passes the decomposed and filtered network traffic. The allocation is performed based on the HASH algorithm of the number of virtual HASH buckets.
  • the allocation unit in the router may further include a network traffic distribution judging unit 404.
  • the network is unchecked, and the judgment result is sent to the mapping operation unit 405.
  • the mapping operation unit 405 in the router includes: a mapping module 4051 and an operation module, wherein when the network traffic distribution is uniform from the judgment result received by the network traffic distribution determining unit 404, the mapping module 4051 maps the virtual HASH bucket 403 to the actual Port 406, and send network traffic to its corresponding actual port 406; when it is judged from network traffic distribution When the judgment result received by the breaking unit 404 is that the network traffic distribution is uneven, the operation module 4052 allocates network traffic to the actual port 406 by an algorithm.
  • the network traffic is introduced by the optical splitter, and is decomposed and filtered by the filter, and then allocated to the virtual HASH bucket.
  • the number of virtual HASH buckets is 10000, and the number of actual ports is 100.
  • the virtual HASH bucket with the serial number of 1 to 100 corresponds to the actual port 1
  • the virtual HASH bucket with the serial number of 101 to 200 corresponds to the actual port 2
  • the virtual HASH bucket with the serial number of 201 to 300 corresponds to the actual port 3.
  • the virtual HASH bucket is associated with the actual port, and the network traffic allocated to a virtual HASH bucket is allocated to the corresponding actual port, thereby realizing the traffic distribution of the network traffic. Since the network traffic is relatively uniform during the offloading, the network traffic can be evenly distributed after being allocated to the actual port.
  • the number of actual ports of the router is 256, and the length of the HASH key is 16 bits, and the range of change is 0 65535. Therefore, if the actual port is used as the HASH bucket, it is bound to have multiple network traffic falling in the same On the port, the number of network traffic allocated by each port is not uniform; and the size of the data packet itself is not limited, so the traffic on each port is not uniform.
  • the virtual HASH bucket After the virtual HASH bucket is set, you can use the statistics of the HASH bucket to determine whether the network traffic is decomposed and filtered. If the network traffic after the decomposition and filtering is uniform, you can pass the mapping between the virtual HASH bucket and the actual port. The relationship maps the network traffic in a virtual HASH bucket to the actual port corresponding to the virtual HASH bucket. If the network traffic after the decomposition and filtering is not uniform, the network traffic cannot be simply mapped to the real relationship according to the foregoing relationship. Instead, you need to select the actual port with the lowest traffic by traversing the traffic load of the actual port, and then assign the network traffic to the actual port. The following describes the load balancing scheme of network traffic in the case of uneven network traffic through a specific embodiment.
  • FIG. 3 is a flowchart of a method for implementing network traffic load sharing according to an embodiment of the present invention.
  • the number of the actual port is 256
  • the number of the virtual HASH bucket is 256000
  • the network traffic is uneven.
  • the method for implementing network traffic load sharing mainly includes the following steps:
  • Step 301 The optical splitter introduces network traffic.
  • Step 302 Decompose and filter the imported network traffic according to the ACL rule.
  • Step 303 Assign the decomposed and filtered network traffic to the virtual HASH bucket through the HASH algorithm.
  • Step 304 traverse the actual port;
  • Step 307 Find The port Fa[i]min with the smallest network traffic statistics and the status is UP;
  • Step 308 Determine whether the port with the smallest network traffic statistics and the status is UP is unique, if yes, go to step 309, otherwise go to step 310;
  • Step 309 Select the port with the smallest network traffic statistics, and increase the number of network traffic Fn[i] allocated by the selected port by 1, and increase the actual network traffic Fa[i] of the port.
  • Step 310 Search for the port in the port with the smallest network traffic statistics and the status is UP. The port with the highest port rate;
  • Step 311 Determine whether the network traffic statistics are the smallest, the status is UP, and the port with the highest port rate is unique. If yes, go to step 312, otherwise go to step 313;
  • Step 312 Select the port with the smallest network traffic statistics, the status is UP, and the port rate is the largest. If the number of network traffic Fn[i] allocated by the selected port is increased by 1, the actual network traffic Fa[i] of the port increases.
  • Step 313 Find the port Fn[i]min with the smallest number of allocated ports in the port with the smallest network traffic statistics, the state of the UP, and the maximum port rate.
  • Step 314 Determine whether the network traffic statistics are the smallest, the state is UP, the port rate is the largest, and the port with the least number of times is the only ones. If yes, go to step 315, otherwise go to step 316;
  • Step 315 Select the port with the smallest network traffic statistics, the status is UP, the port rate is the largest, and the number of allocated times is the least. If the number of network traffic Fn[i] allocated by the selected port is increased by 1, the actual network traffic of the port is Fa [ i] increase;
  • Step 316 randomly select one port to allocate traffic from multiple ports with the smallest network traffic statistics, the state is UP, the port rate is the largest, and the least number of times is allocated. The number of network traffic Fn[i] allocated by the selected port is increased by 1, then The actual network traffic of the port Fa[i] is increased.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

L'invention concerne un procédé pour réaliser le partage d'une charge de trafic de réseau et un appareil et un routeur pour réaliser le procédé. Le trafic de réseau importé sur un routeur est décomposé et filtré sur la base de la règle de la liste de commande d'accès (ACL); le trafic de réseau décomposé et filtré est distribué par l'algorithme de hachage sur le compartiment de hachage virtuel pour porter le trafic de réseau; le trafic de réseau est attribué à partir des compartiments de hachage virtuels au port réel sur la base de la condition de distribution du trafic de réseau. Les compartiments de hachage virtuels étant adoptés et le nombre des compartiments de hachage virtuels pouvant être configuré de manière flexible sur la base des besoins, le trafic de réseau décomposé et filtré peut être haché dans plus de compartiments. Lorsque le trafic de réseau est distribué irrégulièrement, le port qui n'est pas utilisé ou dont le trafic de réseau est faible est choisi lorsque le trafic de réseau est corrélé à partir du compartiment de hachage virtuel au port réel, ce qui garantit que le trafic de réseau est attribué régulièrement au port réel.
PCT/CN2007/001110 2006-06-15 2007-04-05 Procédé et appareil pour réaliser le partage d'une charge de trafic de réseau WO2007147310A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CNB2006100875691A CN100561937C (zh) 2006-06-15 2006-06-15 一种实现网络流量负载分担的方法及装置
CN200610087569.1 2006-06-15

Publications (1)

Publication Number Publication Date
WO2007147310A1 true WO2007147310A1 (fr) 2007-12-27

Family

ID=38783149

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2007/001110 WO2007147310A1 (fr) 2006-06-15 2007-04-05 Procédé et appareil pour réaliser le partage d'une charge de trafic de réseau

Country Status (2)

Country Link
CN (1) CN100561937C (fr)
WO (1) WO2007147310A1 (fr)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130268646A1 (en) * 2012-04-04 2013-10-10 Radware, Ltd. Techniques for providing scalable application delivery controller services
US10375158B2 (en) 2012-04-04 2019-08-06 Radware, Ltd. Techniques for adaptive traffic direction via scalable application delivery controller services
CN111082959A (zh) * 2019-03-28 2020-04-28 新华三技术有限公司 负载分担方法、装置及网络设备
CN111262756A (zh) * 2020-01-20 2020-06-09 长沙理工大学 一种高速网络大象流精确测量方法及架构

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101425960B (zh) * 2007-11-02 2011-07-13 中兴通讯股份有限公司 实现负载均分的方法和设备
CN101296185B (zh) * 2008-06-05 2011-12-14 杭州华三通信技术有限公司 一种均衡组的流量控制方法及装置
CN101355519B (zh) * 2008-09-12 2010-11-10 杭州华三通信技术有限公司 一种实现业务流负载分担的方法和装置
CN102316021B (zh) * 2011-07-04 2014-12-10 杭州华三通信技术有限公司 一种实现交换机聚合口负载分担的方法和交换机
WO2013078579A1 (fr) * 2011-11-28 2013-06-06 华为技术有限公司 Procédé, appareil et système d'envoi d'un message
CN102870382B (zh) * 2012-06-29 2014-12-03 华为技术有限公司 转发方法、接收方法、第一路由器以及第二路由器
CN103534996B (zh) * 2012-11-29 2016-06-08 华为技术有限公司 实现负载均衡的方法及设备
CN105704059A (zh) * 2016-03-31 2016-06-22 北京百卓网络技术有限公司 一种负载均衡方法和系统
CN106209672B (zh) * 2016-07-21 2019-04-09 湖南智卓创新金融电子有限公司 一种网络负载均衡的方法及系统
CN109831388A (zh) * 2017-11-23 2019-05-31 中国电信股份有限公司 用于优化流量负载均衡的方法和装置
CN109558423A (zh) * 2018-10-31 2019-04-02 深圳壹账通智能科技有限公司 一种基于键值对的数据查找方法、装置及设备
CN109483748B (zh) * 2019-01-11 2021-08-17 上海大学(浙江·嘉兴)新兴产业研究院 一种高精度晶圆切割机集中控制系统、方法和装置
CN116886777B (zh) * 2023-09-06 2024-01-26 苏州浪潮智能科技有限公司 一种容器编排平台服务流量分配方法和装置

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002021296A1 (fr) * 2000-09-07 2002-03-14 Mazu Networks, Inc. Collecte de statistiques pour trafic de reseau
US20040032829A1 (en) * 1999-08-25 2004-02-19 Bonn David Wayne Network packet classification
CN1564547A (zh) * 2004-03-25 2005-01-12 上海复旦光华信息科技股份有限公司 保持连接特性的高速过滤分流方法

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040032829A1 (en) * 1999-08-25 2004-02-19 Bonn David Wayne Network packet classification
WO2002021296A1 (fr) * 2000-09-07 2002-03-14 Mazu Networks, Inc. Collecte de statistiques pour trafic de reseau
CN1564547A (zh) * 2004-03-25 2005-01-12 上海复旦光华信息科技股份有限公司 保持连接特性的高速过滤分流方法

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130268646A1 (en) * 2012-04-04 2013-10-10 Radware, Ltd. Techniques for providing scalable application delivery controller services
US9386085B2 (en) * 2012-04-04 2016-07-05 Radware, Ltd. Techniques for providing scalable application delivery controller services
US10375158B2 (en) 2012-04-04 2019-08-06 Radware, Ltd. Techniques for adaptive traffic direction via scalable application delivery controller services
CN111082959A (zh) * 2019-03-28 2020-04-28 新华三技术有限公司 负载分担方法、装置及网络设备
CN111082959B (zh) * 2019-03-28 2022-08-26 新华三技术有限公司 负载分担方法、装置及网络设备
CN111262756A (zh) * 2020-01-20 2020-06-09 长沙理工大学 一种高速网络大象流精确测量方法及架构
CN111262756B (zh) * 2020-01-20 2022-05-06 长沙理工大学 一种高速网络大象流精确测量方法及装置

Also Published As

Publication number Publication date
CN101051939A (zh) 2007-10-10
CN100561937C (zh) 2009-11-18

Similar Documents

Publication Publication Date Title
WO2007147310A1 (fr) Procédé et appareil pour réaliser le partage d'une charge de trafic de réseau
US10904203B2 (en) Augmenting network flow with passive DNS information
Xiong et al. Robust dynamic network traffic partitioning against malicious attacks
US20130254872A1 (en) System and method for mitigating a denial of service attack using cloud computing
US7852756B2 (en) Network interface system with filtering function
US8861359B2 (en) Network system, control method thereof and controller
CN100596351C (zh) 一种基于高速网络数据处理平台的防火墙方法和系统
CN100596062C (zh) 分布式报文传输安全保护装置和方法
US8194667B2 (en) Method and system for inheritance of network interface card capabilities
US9172651B2 (en) Denial of service prevention in a software defined network
CA2464784A1 (fr) Architecture de pare-feu multicouche
US8175271B2 (en) Method and system for security protocol partitioning and virtualization
KR100996288B1 (ko) 가상 mac 주소를 이용하여 arp 스푸핑 공격에 대응하는 방법
CN104853001A (zh) 一种arp报文的处理方法和设备
US11025639B2 (en) Security access for a switch device
CN113037716B (zh) 一种基于内容分发网络的攻击防御方法
US20080043755A1 (en) Shared and separate network stack instances
JP2004242222A (ja) ネットワーク制御方法及びネットワーク制御装置
CN110247893B (zh) 一种数据传输方法和sdn控制器
KR20150116092A (ko) 슬라이싱을 기반으로 네트워크를 분리하는 방법 및 장치
US20190238569A1 (en) Indicating malicious entities based on multicast communication patterns
US8677471B2 (en) Port allocation in a firewall cluster
WO2003038621A1 (fr) Systeme de commande de transmission de paquets a pare-feu inverse
RU2576488C1 (ru) СПОСОБ ПОСТРОЕНИЯ СЕТЕЙ ПЕРЕДАЧИ ДАННЫХ С ПОВЫШЕННЫМ УРОВНЕМ ЗАЩИТЫ ОТ DDоS-АТАК
CN101242255B (zh) 一种实现业务n+1冗余备份及负荷分担的方法及系统

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07720683

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07720683

Country of ref document: EP

Kind code of ref document: A1