WO2009103225A1 - A packet forwarding method and equipment - Google Patents

A packet forwarding method and equipment Download PDF

Info

Publication number
WO2009103225A1
WO2009103225A1 PCT/CN2009/070378 CN2009070378W WO2009103225A1 WO 2009103225 A1 WO2009103225 A1 WO 2009103225A1 CN 2009070378 W CN2009070378 W CN 2009070378W WO 2009103225 A1 WO2009103225 A1 WO 2009103225A1
Authority
WO
WIPO (PCT)
Prior art keywords
storage space
packet
flow table
forwarding
type
Prior art date
Application number
PCT/CN2009/070378
Other languages
French (fr)
Chinese (zh)
Inventor
张�浩
龙志平
田向远
李维
顾晓浩
邵建树
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2009103225A1 publication Critical patent/WO2009103225A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks

Definitions

  • the fast forwarding of the packet is performed according to the corresponding key segment of the packet, and the packet is forwarded by the key segment of the packet, such as the MAC (Media Access Control) address of the packet.
  • the IP address or the quintuple of the packet for example, the source IP address of the packet, the destination IP address, the protocol number, the source port number, the destination port number, etc.
  • the seven-tuple for example, the source of the packet
  • IP address for example, the source IP address of the packet, the destination IP address, protocol number, source port number, destination port number, service type, input interface composition, etc.
  • the flow table mechanism that combines the multi-level hash table and the TCAM can implement fast forwarding of packets and implement storage of packets in the device. Balance between capacity and forwarding speed, reduce packet storage conflicts, achieve fast convergence of flow tables, and thus meet the network operator's requirements for capacity and speed, save costs, and facilitate more value-added business.
  • FIG. 1 is a schematic flowchart of a method for forwarding a packet according to Embodiment 2 of the present invention
  • FIG. 4 is a schematic diagram of a device for forwarding a packet according to Embodiment 4 of the present invention.
  • the flow table is established for the packet;
  • the flow table is created in the second type of storage space for the packet.
  • the locked packet is unlocked.
  • an embodiment of the present invention provides a device for forwarding a packet, where the device includes:
  • the obtaining unit 5021 is configured to obtain a flow table of a current storage space of the first type of storage space.
  • An obtaining unit configured to obtain a hash value of a key segment of the packet
  • a judging unit configured to determine, after the obtaining unit obtains a hash value of the key segment of the packet, whether the packet with the same hash value is being locked,
  • the receiving and obtaining module 701 is configured to receive a packet, and obtain a key segment of the packet.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

A packet forwarding method and equipment belonging to the communication field is disclosed. The method comprises: receiving a packet and acquiring a key field of the packet; according to the key field, searching whether there is a flow table corresponding to the key field in a storage space of a first type, if yes, forwarding the packet according to the flow table; otherwise, according to the key field, searching whether there is a flow table corresponding to the key field in a storage space of a second type, if yes, forwarding the packet according to the flow table which is found in the storage space of the second type. The equipment comprises a receiving and acquiring module and a searching and forwarding module. By adopting a flow table mechanism that combines the multilevel hash table with the TCAM, the fast-forwarding of packet, the balance between the storage volume of packets and the forwarding speed as well as the fast convergence of flow table are achieved, the packet storage collision is reduced, the request for capability and speed of the network operator is satisfied and the cost is saved.

Description

说 明 书  Description
一种报文转发的方法和设备 技术领域  Method and device for forwarding messages
本发明涉及通信领域, 特别涉及一种报文转发的方法和设备。 背景技术  The present invention relates to the field of communications, and in particular, to a packet forwarding method and device. Background technique
随着 IP (Internet Protocol,网络之间互连的协议)技术的不断发展, IP网络从承载单 一的 Internet 数据业务向承载语音、 数据、 视频、 大客户专线、 3G (3rd Generation, 第 三代数字通信)、 NGN (Next/New Generation Network) , 下 /新一代网络) 等运营级多业务 方向转型。 由于, 过去 IP网络主要承载普通 Internet的数据服务, 如收发 Emai l、 上网页 看新闻等等, 因此对网络的带宽方面的要求并不高, 通常 56Kpbs的访问速度已经能够满足 需求。 但是随着 IP 网络的转型, 需要服务于各种层出不穷的新业务, 如网络游戏、 P2P (Peer-to-Peer, 对等技术)、 视频、 语音等等, 于是, 在转型过程中, 对 IP 网络在转 发性能、 容量、 安全、 业务服务质量上等方面提出了更高的要求。  With the continuous development of IP (Internet Protocol) technology, IP networks carry a single Internet data service to carry voice, data, video, large customer lines, 3G (3rd Generation, third generation digital Communication, NGN (Next/New Generation Network), Next/New Generation Network, etc. Because in the past, the IP network mainly carried the data services of the ordinary Internet, such as sending and receiving Emai l, viewing the web page, and so on. Therefore, the bandwidth requirement of the network is not high. Generally, the access speed of 56Kpbs can meet the demand. But with the transformation of the IP network, it needs to serve a variety of new services, such as online games, P2P (Peer-to-Peer, peer-to-peer technology), video, voice, etc. So, in the process of transformation, to IP The network puts forward higher requirements in terms of forwarding performance, capacity, security, and service quality.
目前, 在 IP网络的骨干网的转发速率已经达到 40G甚至 100G, 汇聚层、 接入层的转发 速率也已经普遍达到 10G, 通常是采用网络处理器以及多核处理器来实现高速转发, 如何在 网络处理器或多核处理器中实现对大容量的报文的快速转发, 是亟需解决的问题。  At present, the forwarding rate of the backbone network of the IP network has reached 40G or even 100G. The forwarding rate of the aggregation layer and the access layer has generally reached 10G. Usually, the network processor and the multi-core processor are used to implement high-speed forwarding. How to use the network The fast forwarding of large-capacity messages in a processor or a multi-core processor is an urgent problem to be solved.
当前, 对于报文的快速转发主要根据报文的相应关键字段进行相应动作后将报文转发 出去, 其中, 报文的关键字段如报文的 MAC (Media Access Control , 介质访问控制)地址, IP地址或者报文的五元组 (如, 由报文的源 IP地址,目的 IP地址,协议号,源端口号,目的 端口号构成等)、 七元组 (如, 由报文的源 IP地址、 目的 IP地址、 协议号、 源端口号、 目 的端口号、 服务类型、 输入接口构成等)等等。 相应地, 在转发设备如防火墙、 深度报文解 析、 会话边界控制器中, 采用基于报文的关键字段组合而形成的流表(即会话表)以及由相 应参数和动作组成的动作表两部分组成的流表机制 (其中流表和动作表是一一对应的关系, 根据实现方式的不同, 可以将流表和动作表统一在一起也可以将流表和动作表进行分别存 储), 从而实现报文的快速转发。 但是, 转发设备需要能够提供大容量的存储空间来存放大 量由报文的关键字段组成的流表, 同时又需要转发设备提供高速的访问和转发速度。 目前 转发设备中的存储装置在使用时存在不同程度的缺陷: 容量大价格低的存储装置如 SRAM ( Static Random-Access Memory, 静态随机存取存储器)、 DRAM (Dynamic Random-Access Memory, 动态随机存储器)等, 访问速度往往就比较低; 而访问速度大的存储装置如 TCAM ( Triple Content Addressable Memory, 三态内容可寻址存储器) 其容量往往较小, 价格也较高。 Currently, the fast forwarding of the packet is performed according to the corresponding key segment of the packet, and the packet is forwarded by the key segment of the packet, such as the MAC (Media Access Control) address of the packet. , the IP address or the quintuple of the packet (for example, the source IP address of the packet, the destination IP address, the protocol number, the source port number, the destination port number, etc.), the seven-tuple (for example, the source of the packet) IP address, destination IP address, protocol number, source port number, destination port number, service type, input interface composition, etc. Correspondingly, in a forwarding device such as a firewall, a deep packet parsing, and a session border controller, a flow table formed by combining message-based key fields (ie, a session table) and an action table composed of corresponding parameters and actions are used. Partial flow table mechanism (in which the flow table and the action table are one-to-one correspondences, according to different implementation manners, the flow table and the action table may be unified together, and the flow table and the action table may be separately stored) Implement fast forwarding of packets. However, the forwarding device needs to be able to provide a large-capacity storage space to store a large number of flow tables consisting of key fields of the message, and at the same time, the forwarding device needs to provide high-speed access and forwarding speed. At present, the storage devices in the forwarding device have different degrees of defects in use: storage devices with large capacity and low price, such as SRAM (Static Random-Access Memory), DRAM (Dynamic Random-Access Memory, dynamic random access memory) ), etc., the access speed is often low; and the access speed of the storage device such as TCAM (Triple Content Addressable Memory) The capacity is often small and the price is high.
同时在进行报文存储时, 以什么样的组织形式存放这些由报文的关键字段组合而成的 流表也是必须考虑的问题。 如果以直接表或者链表的形式直接存放大量的流表, 需要大量 的存储空间, 难以提供高速的访问速度。 目前主要的办法是采用将流表中的部分关键字段 存放在直接表或者链表中, 实现对存储空间和访问速度的平衡, 而这样有可能由于不同的 报文其部分关键字段相同, 而导致存放时出现冲突; 采用树的形式以最长匹配或者完全匹 配的方式存放这些流表, 可以解决上述冲突的问题, 但这种方法比较复杂, 而且性能不高。  At the same time, in the case of message storage, it is also a question that must be considered to store the flow tables composed of the key fields of the message in what kind of organization. If a large number of flow tables are directly stored in the form of a direct table or a linked list, a large amount of storage space is required, and it is difficult to provide high-speed access speed. At present, the main method is to store some key fields in the flow table in a direct table or a linked list, thereby achieving a balance between storage space and access speed, and thus it is possible that some of the key segments of the different messages are the same. This causes conflicts during storage. The use of the tree to store these flow tables in the longest match or exact match can solve the above conflicts, but this method is more complicated and the performance is not high.
现有的流表实现机制中, 普遍采用树的形式或者链表的方式来存放流表, 在树的形式 的实现方式中, 根据报文的关键字段 (如五元组)以最长匹配或者完全匹配等方式来建立和 查找流表; 在链表的实现方式中, 采用多级链表的方式, 每级查找表下含有多个辅助链表 来建立和查找流表。 这两种方式虽然都可以解决冲突问题, 但仅适用于访问速度和容量要 求不高的场合, 但是, 随着对报文的转发速度的要求的日益提高, 如在目前普遍要求达到 10G 的转发速度的接入层和汇聚层中, 存在大量的业务报文需要大量的存储空间和高速转 发, 如果采用树的形式或者链表的方法存放流表就会出现树的深度越来越深, 链表级数越 来越大, 从而导致访问速度越来越慢, 难以实现报文的快速转发。 发明内容  In the existing flow table implementation mechanism, the flow table is generally stored in the form of a tree or a linked list. In the implementation manner of the tree, the key segment (such as a quintuple) of the packet is matched by the longest or Complete matching and other methods to establish and find a flow table; In the implementation of the linked list, a multi-level linked list is used, and each level of the lookup table contains multiple auxiliary linked lists to establish and find a flow table. Although these two methods can solve the conflict problem, they are only applicable to the occasions where the access speed and capacity requirements are not high. However, as the requirements for the forwarding speed of packets are increasing, for example, it is generally required to achieve 10G forwarding. In the access layer and the aggregation layer of the speed, a large number of service packets require a large amount of storage space and high-speed forwarding. If the flow table is stored in the form of a tree or a linked list, the depth of the tree becomes deeper and deeper, and the list level is The number is getting larger and larger, which makes the access speed slower and slower, and it is difficult to achieve fast forwarding of packets. Summary of the invention
为了实现报文的快速转发, 实现流表的快速收敛, 本发明实施例提供了一种报文转发 的方法和设备。 所述技术方案如下:  The present invention provides a method and a device for forwarding a packet, in order to implement the fast forwarding of the packet and the fast convergence of the flow table. The technical solution is as follows:
一方面, 本发明实施例提供了一种报文转发的方法, 所述方法包括:  In one aspect, the embodiment of the present invention provides a method for packet forwarding, where the method includes:
接收报文, 获取所述报文的关键字段;  Receiving a message, and obtaining a key field of the message;
根据所述关键字段, 查找第一类存储空间中是否有与所述关键字段对应的流表, 如果 是, 根据所述流表转发所述报文; 否则, 根据所述关键字段, 查找第二类存储空间是否有 与所述关键字段对应的流表; 如果是, 根据在所述第二类存储空间中查找到的流表转发所 述报文。  Determining, according to the key field, a flow table corresponding to the key field in the first type of storage space, and if yes, forwarding the message according to the flow table; otherwise, according to the key field, Finding whether the second type of storage space has a flow table corresponding to the key field; if yes, forwarding the message according to the flow table found in the second type of storage space.
另一方面, 本发明实施例提供了一种报文转发设备, 所述设备包括:  On the other hand, an embodiment of the present invention provides a packet forwarding device, where the device includes:
接收及获取模块, 用于接收报文, 获取所述报文的关键字段;  a receiving and acquiring module, configured to receive a packet, and obtain a key segment of the packet;
查找及转发模块, 用于根据所述关键字段, 查找第一类存储空间中是否有与所述接收 及获取模块获取到的关键字段对应的流表, 如果是, 根据所述流表转发所述报文; 否则, 根据所述关键字段, 查找第二类存储空间是否有与所述关键字段对应的流表; 如果是, 根 据在所述第二类存储空间中查找到的流表转发所述报文。 a search and forwarding module, configured to search, according to the key field, a flow table corresponding to the key segment obtained by the receiving and acquiring module in the first type of storage space, and if yes, forwarding according to the flow table The packet; otherwise, according to the keyword segment, searching whether the second type of storage space has a flow table corresponding to the key segment; if yes, the root And forwarding the packet according to the flow table found in the second type of storage space.
本发明实施例提供的技术方案的有益效果是:  The beneficial effects of the technical solutions provided by the embodiments of the present invention are:
通过采用多级存储空间 (第一类存储空间和第二类存储空间), 将多级哈希表与 TCAM 相结合的流表机制, 可以实现报文的快速转发, 在设备中实现存储报文的容量和转发速度 之间的平衡, 减少报文存储的冲突, 实现流表的快速收敛, 从而很好的满足网络运营商对 容量和速度的要求, 节约了成本, 方便其开展更多的增值业务。 附图说明  By using a multi-level storage space (the first type of storage space and the second type of storage space), the flow table mechanism that combines the multi-level hash table and the TCAM can implement fast forwarding of packets and implement storage of packets in the device. Balance between capacity and forwarding speed, reduce packet storage conflicts, achieve fast convergence of flow tables, and thus meet the network operator's requirements for capacity and speed, save costs, and facilitate more value-added business. DRAWINGS
图 1是本发明实施例 2提供的报文转发的方法的流程示意图;  1 is a schematic flowchart of a method for forwarding a packet according to Embodiment 2 of the present invention;
图 2是本发明实施例 2提供的建立流表的流程示意图;  2 is a schematic flowchart of establishing a flow table according to Embodiment 2 of the present invention;
图 3是本发明实施例 3提供的报文转发的方法的流程示意图;  3 is a schematic flowchart of a method for forwarding a packet according to Embodiment 3 of the present invention;
图 4是本发明实施例 4提供的报文转发的设备示意图;  4 is a schematic diagram of a device for forwarding a packet according to Embodiment 4 of the present invention;
图 5是本发明实施例 5提供的报文转发的设备示意图;  FIG. 5 is a schematic diagram of a device for forwarding a packet according to Embodiment 5 of the present invention; FIG.
图 6是本发明实施例 6提供的报文转发的设备示意图;  6 is a schematic diagram of a device for forwarding a packet according to Embodiment 6 of the present invention;
图 7是本发明实施例 7提供的报文转发的设备示意图。 具体实施方式  FIG. 7 is a schematic diagram of a device for forwarding a packet according to Embodiment 7 of the present invention. detailed description
为使本发明的目的、 技术方案和优点更加清楚, 下面将结合附图对本发明实施方式作 进一步地详细描述。 实施例 1  The embodiments of the present invention will be further described in detail below with reference to the accompanying drawings. Example 1
本发明实施例提供的方案通过采用多级哈希表与 TCAM相结合的转发流表机制, 通过使 用 N+1级存储空间, 前面 N级使用价格低廉的存储空间 (如 DRAM等) 利用报文的关键字段 采用哈希算法存储流表, 最后一级采用 TCAM存储流表。 其中, 当存储报文建立流表时, 如 果前面 N级都存在报文存储的冲突, 便直接利用最后一级的 TCAM存储报文建立流表, 实现 快速收敛。其中,前面 N级使用的价格低廉的存储空间称为第一类存储空间,最后一级 TCAM 称为第二类存储空间, 或称为高速存储空间。 方法包括:  The solution provided by the embodiment of the present invention uses a forwarding flow table mechanism combining a multi-level hash table and a TCAM, and uses the N+1-level storage space, and the front N-stage uses a low-cost storage space (such as DRAM) to utilize the message. The key segment uses a hash algorithm to store the flow table, and the last level uses the TCAM storage flow table. If the packet is stored in the flow table, if the packet storage conflict exists in the previous N-level, the flow table is created by using the last-level TCAM storage packet to implement fast convergence. Among them, the low-cost storage space used in the previous N-level is called the first-class storage space, and the last-level TCAM is called the second-type storage space, or high-speed storage space. Methods include:
当接收到报文后, 获取报文的关键字段; 然后根据关键字段, 查找第一类存储空间中 是否有与关键字段对应的流表, 如果是, 根据在第一类存储空间中查找到的流表转发报文; 否则, 根据关键字段, 查找第二类存储空间中是否有与关键字段对应的流表; 如果是, 根 据在第二类存储空间中查找到的流表转发报文。 其中, 当第一类存储空间为多级存储空间时, 需要对第一类存储空间的各级存储空间 进行依次查找, 根据命中的流表进行报文的转发, 具体内容为: After receiving the packet, the key segment of the packet is obtained. Then, according to the keyword segment, it is found whether there is a flow table corresponding to the key segment in the first type of storage space, and if so, according to the storage space in the first type. The found flow table forwards the packet; otherwise, according to the key field, it finds whether there is a flow table corresponding to the key segment in the second type of storage space; if yes, according to the flow table found in the second type storage space Forward the message. When the first type of storage space is a multi-level storage space, the storage space of each storage space of the first type of storage space needs to be searched in turn, and the packet is forwarded according to the hit flow table. The specific content is as follows:
获取第一类存储空间的当前存储空间的流表, 当查找到与关键字段相对应的流表, 则 根据流表转发报文, 否则, 查找当前存储空间的下一级存储空间; 当第一类存储空间的各 级存储空间中没有查找到与关键字段相对应的流表时, 查找第二类存储空间是否有与关键 字段对应的流表, 然后根据在第二类存储空间中命中的流表进行报文的转发。  Obtaining a flow table of the current storage space of the first type of storage space. When the flow table corresponding to the key field is found, the packet is forwarded according to the flow table, otherwise, the next storage space of the current storage space is searched; When no flow table corresponding to the key field is found in the storage space of each type of storage space, the second type storage space is searched for whether there is a flow table corresponding to the key field, and then according to the second type storage space. The hit flow table forwards the message.
进一步地, 在获取第一类存储空间的当前存储空间的流表时, 可以通过以下方式实现: 首先, 对报文的关键字段进行哈希运算, 计算得到该报文的关键字段的哈希值; 通过 当前存储空间的大小获取掩码; 对哈希值与掩码进行相与获取一个索引;  Further, when the flow table of the current storage space of the first type of storage space is obtained, the method can be implemented as follows: First, the key field of the packet is hashed, and the key segment of the packet is calculated. The hash value is obtained by the size of the current storage space; the hash value is matched with the mask to obtain an index;
然后, 计算索引和报文的关键字段的乘积值; 根据乘积值与当前的存储空间的基址之 和, 获取当前存储空间的地址;  Then, calculating a product value of the index field of the index and the message; obtaining an address of the current storage space according to the sum of the product value and the base address of the current storage space;
最后, 根据当前存储空间的地址获取当前存储空间的流表。  Finally, the flow table of the current storage space is obtained according to the address of the current storage space.
进一步地, 当查找到与关键字段相对应的流表, 根据流表转发报文时, 还需要判断流 表是否空闲, 如果当前存储空间的流表不空闲, 则需要查找当前存储空间的流表, 当在当 前存储空间的流表中查找到与关键字段相应的流表, 则根据该查找到的流表转发报文; 如 果当前存储空间的流表空闲, 查找当前存储空间的下一级存储空间。  Further, when the flow table corresponding to the key field is found, and the flow table is forwarded according to the flow table, it is also required to determine whether the flow table is idle. If the current storage space flow table is not idle, the current storage space needs to be searched. If the flow table corresponding to the key field is found in the flow table of the current storage space, the flow table is forwarded according to the searched flow table; if the current storage space flow table is idle, the next storage space is searched. Storage space.
综上所述, 本发明实施例实现了根据报文的关键字段采用哈希算法后, 在第一类存储 空间逐级进行查找; 如果第一类存储空间都查找失败, 则可以直接在第二类存储空间中进 行快速查找。 当命中了流表后, 就可以实现报文的快速转发。  In summary, the embodiment of the present invention implements a step-by-step search in the first type of storage space according to the keyword segment of the packet, and if the first type of storage space fails to be searched, Quickly find in the second type of storage space. When the flow table is hit, the packet can be quickly forwarded.
本发明实施例提供的技术方案, 当第二类存储空间中没有与关键字段对应的流表时, 即此时报文无法命中第一类存储空间和第二类存储空间中的流表, 说明该报文的相应的流 表还没有建立, 于是需要为该报文建立流表。 其中, 为该报文建立流表的过程如下:  According to the technical solution provided by the embodiment of the present invention, when there is no flow table corresponding to the key segment in the storage space of the second type, the packet cannot be hit in the flow table of the first type storage space and the second type storage space, The corresponding flow table of the message has not been established yet, so a flow table needs to be established for the message. The process of establishing a flow table for the packet is as follows:
首先, 获取报文的关键字段的哈希值; 通过第一类存储空间的当前存储空间的大小获 取掩码; 对哈希值与掩码相与获取索引; 计算索引和关键字段的乘积值;  First, the hash value of the key field of the message is obtained; the size of the current storage space of the first type of storage space is obtained; the hash value is matched with the mask to obtain the index; and the product of the index and the key field is calculated. Value
然后, 根据乘积值和当前存储空间的基址, 获取当前存储空间中的地址 (该当前存储 空间中的地址对应于在该存储空间中的某一流表),判断地址对应的流表是否空闲,如果是, 在当前存储空间的地址为报文建立流表; 否则, 查找当前存储空间的下一级存储空间; 当 第一类存储空间的各级存储空间中的地址对应的流表均为非空闲状态时, 在第二类存储空 间为报文建立流表。  Then, according to the product value and the base address of the current storage space, obtain an address in the current storage space (the address in the current storage space corresponds to a certain flow table in the storage space), and determine whether the flow table corresponding to the address is idle. If yes, the current storage space address is a flow table for the packet; otherwise, the next storage space of the current storage space is searched; when the flow table corresponding to the address in each storage space of the first type of storage space is non- In the idle state, a flow table is created for the packet in the second type of storage space.
其中, 在进行报文查流表转发的时候, 还可以记录下第一类存储空间的各级存储空间 中的地址对应的流表的空闲信息; 于是, 相应地, 为报文建立流表的过程具体如下: 首先, 获取报文的关键字段的哈希值; When the packet flow table is forwarded, the idle information of the flow table corresponding to the address in the storage space of the first type of storage space may be recorded; accordingly, the flow table is configured for the packet. The process is as follows: First, obtain a hash value of the key field of the message;
然后, 通过查找记录的第一类存储空间的各级存储空间中的地址对应的流表的空闲信 息, 在各级存储空间中首次出现空闲的存储空间的地址, 为报文建立流表; 当第一类存储 空间的各级存储空间中的地址对应的流表是非空闲状态时, 在第二类存储空间为报文建立 流表。  Then, by searching for the idle information of the flow table corresponding to the address in the storage space of the first type of storage space of the record, the address of the idle storage space appears for the first time in the storage space of each level, and the flow table is established for the packet; When the flow table corresponding to the address in the storage space of the first type of storage space is in the non-idle state, the flow table is created in the second type of storage space for the packet.
通过上述方法, 本发明实施例实现了为报文建立流表。 在这里需要特别注意的是, 当 为报文进行建表时, 需要判断是否有相同哈希值的报文正在被加锁, 如果是, 等待相同哈 希值的报文解锁后, 对报文执行相应的动作, 如果否, 则对报文加锁。  Through the foregoing method, the embodiment of the present invention implements a flow table for a message. It is important to note that when you create a table for a packet, you need to determine whether the packet with the same hash value is being locked. If yes, wait for the packet with the same hash value to be unlocked. Perform the corresponding action. If no, the message is locked.
相应地, 在为报文建立流表后, 对被加锁的报文进行解锁。  Correspondingly, after the flow table is created for the packet, the locked packet is unlocked.
其中, 等待相同哈希值的报文解锁后, 对报文执行相应的动作, 具体为:  After the packet waiting for the same hash value is unlocked, the corresponding action is performed on the packet, which is specifically:
根据获取报文的关键字段的哈希值, 判断报文和相同哈希值的报文是否属于同一类型, 如果是, 则等待相同哈希值的报文解锁后, 根据相同哈希值的报文建立的流表, 进行报文 的快速转发; 否则, 报文等待相同哈希值的报文解锁后, 为报文建立流表。  According to the hash value of the key segment of the obtained packet, it is determined whether the packet and the packet with the same hash value belong to the same type. If yes, the packet waiting for the same hash value is unlocked according to the same hash value. The flow table created by the packet is used to forward the packet. Otherwise, the packet is sent to the packet with the same hash value.
本发明实施例提供的报文转发的方法, 通过采用了第一类存储空间和第二类存储空间 相结合的转发机制, 在设备中实现存储报文的容量和转发速度之间的平衡, 减少报文存储 的冲突, 实现流表的快速收敛, 从而很好的满足网络运营商对容量和速度的要求, 节约了 成本, 方便其开展更多的增值业务。  The packet forwarding method provided by the embodiment of the present invention achieves a balance between the capacity of the stored message and the forwarding speed by using a forwarding mechanism combining the storage space of the first type and the storage space of the second type, and reduces the balance between the storage capacity and the forwarding speed of the device. The conflicts in packet storage enable fast convergence of the flow table, which satisfies the requirements of the network operator for capacity and speed, saves costs, and facilitates more value-added services.
针对本实施例提供的报文转发的方案, 下面以多个实施例针对查找和建表进行详细的 说明。 实施例 2  For the scheme of packet forwarding provided in this embodiment, a detailed description will be given below for the search and construction of the table in various embodiments. Example 2
参见图 1, 本发明实施例提供了一种报文转发的方法, 本实施例以设置了 N+1级别存储 空间为例进行说明, 其中前 N级为由普通存储设备如 SRAM\DRAM等提供的存储空间, 第 N+1 级为由 TCAM等存储设备提供的高速存储空间, 利用本发明实施例提供的方法, 报文转发时 根据报文的关键字段采用哈希算法获得的键值在前 N级存储空间逐级进行查找; 如果前 N 级存储空间都查找失败, 则直接在 TCAM中进行快速查找。 具体内容包括如下:  Referring to FIG. 1, an embodiment of the present invention provides a method for forwarding a message. This embodiment is described by taking an N+1 level storage space as an example. The first N level is provided by a common storage device such as SRAM\DRAM. The storage space, the N+1 level is a high-speed storage space provided by a storage device such as a TCAM, and the method provided by the embodiment of the present invention uses a hash value obtained by using a hash algorithm according to a key segment of the packet during packet forwarding. The first N-level storage space is searched step by step; if the first N-level storage space fails to find, the fast search is performed directly in the TCAM. The specific contents include the following:
设备对接收到的报文进行转发时, 需要从设备自身的存储空间中查找该报文对应的流 表, 当查找到流表后, 获取到相关的动作表信息, 才能完成该报文的成功转发, 其中, 具 体内容如下:  When the device forwards the received packet, it needs to find the flow table corresponding to the packet in the storage space of the device. After the flow table is found, the related action table information is obtained. Forward, where the specific content is as follows:
101: 接收转发报文, 获取该报文的关键字段, 对关键字段采用哈希算法, 得到一个哈 希值。 其中, 本实施例中报文的关键字段以常用的五元组 (源 IP地址,目的 IP地址,协议号, 源端口号,目的端口号) 为例进行说明。 101: Receive a forwarding packet, obtain a key segment of the packet, and adopt a hash algorithm on the key segment to obtain a hash value. The key field of the packet in this embodiment is described by using a common five-tuple (source IP address, destination IP address, protocol number, source port number, and destination port number) as an example.
102: 根据第 z' ( l≤z'≤N )级的存储空间的大小, 获取一个掩码, 将获取到的该掩码与 102: Obtain a mask according to the size of the storage space of the z'th (l≤z'≤N) level, and obtain the mask and
101 中得到的哈希值进行相与操作, 从而获取一个索引; 根据该第级存储空间的基址 (起 始地址)、 报文的五元组大小和所述索引, 计算获取一个该第级存储空间的地址。 The hash value obtained in 101 is phase-and-operated to obtain an index; according to the base address (starting address) of the first-level storage space, the quintuple size of the message, and the index, a first level is obtained. The address of the storage space.
其中, 根据存储空间的大小, 获取一个掩码时, 掩码全 1 ; 通常, 为了避免冲突的产生, 存储空间越大对应着掩码取值位数越多。 在获取存储空间的地址时, 通常采用计算方法如 下:  When a mask is obtained according to the size of the storage space, the mask is all 1; usually, in order to avoid conflicts, the larger the storage space, the more the number of bits corresponding to the mask. When obtaining the address of the storage space, the calculation method is usually as follows:
存储空间的地址=存储空间的基址十五元组大小 X索引;  Address of storage space = base address of storage space 15-tuple size X index;
103: 根据获取的存储空间的地址, 通过查看该地址对应流表的标志位, 判断该流表是 否空闲, 如果是, 则执行 105 ; 否则, 执行 104。  103: Determine, according to the address of the obtained storage space, whether the flow table is idle by checking the address of the corresponding flow table, and if yes, execute 105; otherwise, execute 104.
例如, 如果该地址对应的流表的标志位为 " 0 ", 表示该流表为空闲状态; 如果该地址 对应的流表的标志位为 " 1 ", 表示该流表为非空闲状态。  For example, if the flag of the flow table corresponding to the address is “0”, it indicates that the flow table is idle; if the flag of the flow table corresponding to the address is “1”, it indicates that the flow table is not idle.
104: 判断该报文的五元组和该级存储空间对应的流表中存放的五元组是否完全匹配, 如果是, 说明该报文命中流表, 执行 108 ; 否则, 说明该报文在该级存储空间进行流表查找 时, 出现了冲突, 执行 105。  104: Determine whether the quintuple of the packet matches the quintuple stored in the flow table corresponding to the storage space of the level, and if yes, the packet hits the flow table, and executes 108; otherwise, the packet is When the level storage space performs a flow table lookup, a conflict occurs, and execution 105 is performed.
105: 判断是否已经查找到第 N级, 如果是, 则执行 107 ; 否则, 执行步骤 106。  105: Determine whether the Nth level has been found, if yes, execute 107; otherwise, go to step 106.
106: i = i + l , 执行步骤 102。  106: i = i + l , go to step 102.
107: 取得该报文的五元组在 TCAM 中执行快速查找, 判断是否命中相应的流表, 如果 是, 执行 108 ; 否则, 执行 109。  107: The quintuple that obtains the message performs a quick lookup in the TCAM to determine whether to hit the corresponding flow table, and if so, executes 108; otherwise, executes 109.
108: 查找该报文的相关信息, 进行该报文的快速转发, 结束。  108: Find the related information of the packet, perform fast forwarding of the packet, and end.
本步骤中查找该报文的相关信息, 主要是查找该报文对应的流表和其动作表的对应关 系, 通过流表和动作表结合在一起, 才能完成报文的快速转发。  In this step, the related information of the packet is searched for, and the corresponding relationship between the flow table corresponding to the packet and the action table is searched for, and the flow table and the action table are combined to complete the fast forwarding of the packet.
109: 说明该报文为首包, 为该报文建立流表。  109: The packet is the first packet, and a flow table is created for the packet.
本实施例将在 N+1 级存储空间中, 能够命中流表的报文称为后续包, 后续包取得相关 信息后, 读取动作表进行了相关动作后, 就能够实现报文快速转发; 在 N+1 级存储空间都 没有命中流表的报文, 称为首包, 对于首包需要建立流表, 同时也需要首包建立动作表, 将相关动作存放在动作表中, 建立并维护动作表和流表对应关系, 以便以后接收到相同的 报文时, 该报文在命中流表查找到流表和动作表的对应关系后, 根据动作表中的动作进行 相应处理。  In this embodiment, in the N+1 level storage space, the packet that can hit the flow table is called a subsequent packet, and after the subsequent packet obtains the related information, the read action table performs related actions, and the packet can be quickly forwarded. In the N+1 storage space, there is no packet that hits the flow table, which is called the first packet. For the first packet, the flow table needs to be established. At the same time, the first packet needs to be created, and the related actions are stored in the action table to establish and maintain the action. Correspondence between the table and the flow table, so that when the same message is received in the future, the message is processed according to the action in the action table after the hit flow table finds the correspondence between the flow table and the action table.
下文会针对报文为首包时如何实现建立流表进行详细的说明: 所谓流表的建立, 是指设备在第一次接收到某条报文时, 由于在设备的存储空间中没 有记录该报文的流表, 所以需要为该报文建立流表, 以便以后再收到相同报文后可以命中 流表, 从而实现快速转发。 当设备收到该报文, 查找到空闲的存储空间的情况下, 将报文 的相应内容插入到空闲的存储空间中。 如果在前 N级的存储空间中, 都没有空闲的存储空 间, 则将报文的相应内容直接存储在第 N+1级的 TCAM中, 从而实现快速收敛。 The following is a detailed description of how to implement the flow table when the message is the first package: The establishment of a flow table means that when a device receives a certain packet for the first time, since the flow table of the packet is not recorded in the storage space of the device, a flow table needs to be established for the packet, so that After receiving the same packet, you can hit the flow table to implement fast forwarding. When the device receives the packet and finds the free storage space, it inserts the corresponding content of the packet into the free storage space. If there is no free storage space in the storage space of the first N levels, the corresponding content of the message is directly stored in the T+1 of the N+1th level, thereby achieving fast convergence.
通常情况, 由于报文是双向的 (正向报文和反向报文), 因此建立流表时, 相应地, 需 要建立双向流表, 即正向流表和反向流表, 下面以建立正向流表为例, 其步骤如下:  Generally, since the packet is bidirectional (forward packet and reverse packet), when the flow table is established, correspondingly, a bidirectional flow table, that is, a forward flow table and a reverse flow table, For example, the forward flow table is as follows:
201: 获取报文的关键字段, 对关键字段采用哈希算法, 得到一个哈希值。  201: Acquire a key field of the message, and adopt a hash algorithm on the key field to obtain a hash value.
其中, 该步骤 201处理过程, 与前述步骤 101类似, 不再赘述。  The process of the step 201 is similar to the foregoing step 101 and will not be described again.
其中, 本实施例中报文的关键字段以常用的五元组 (源 IP地址,目的 IP地址,协议号, 源端口号,目的端口号) 为例进行说明。 相应地, 正向流表和反向流表的区别在于, 对于正 向报文而言的源 IP地址为反向报文的目的 IP地址、 源端口号为反向报文的目的端口号, 相应地, 正向报文的目的 IP地址为反向报文的源 IP地址、 目的端口号为反向报文的源端 口号。  The key field of the packet in this embodiment is described by using a common five-tuple (source IP address, destination IP address, protocol number, source port number, and destination port number) as an example. Correspondingly, the difference between the forward flow table and the reverse flow table is that the source IP address of the forward packet is the destination IP address of the reverse packet, and the source port number is the destination port number of the reverse packet. Correspondingly, the destination IP address of the forward packet is the source IP address of the reverse packet and the destination port number is the source port number of the reverse packet.
202: 为了确保建立流表时不出现错误, 执行加锁动作。  202: To ensure that the flow table is created without errors, perform the lock action.
其中, 进行加锁的目的, 是为了保证为该首包报文建立流表时, 只能进行原子操作(即 在建立流表的时刻, 此时只针对拥有相同哈希值的报文一个报文进行建表处理), 防止在为 该首包报文建立流表时, 出现了与该目标首包报文的哈希值相同的报文 (如, 隶属于同一 数据报文流、 拥有相同的关键字段) 的第二个报文,; 或在为该首包报文建立流表的时间段 内, 出现来自其它类的数据报文流中的首包, 但是该首包获取到的哈希值和目标首包报文 的哈希值相同, 此时就会出现报文的建立过程的冲突, 为了避免出现此类型的报文冲突, 所以本步骤需要进行加锁动作。 即建立流表时只能进行原子操作, 防止建立流表出现错误, 即此时只针对该报文执行下面的操作, 保证了此时只针对拥有相同哈希值的报文一个报文 进行建表处理,  The purpose of the locking is to ensure that only the atomic operation can be performed when the flow table is created for the first packet (that is, at the time of establishing the flow table, only one message with the same hash value is reported at this time) The file is configured to prevent the hash table having the same hash value as the first packet of the target packet when the flow table is created for the first packet (for example, belonging to the same data packet stream, having the same The second packet of the key segment, or during the time period in which the flow table is created for the first packet, the first packet in the data packet stream from other classes appears, but the first packet is obtained. The hash value is the same as the hash value of the first packet of the target. At this time, the conflict of the packet establishment process occurs. In order to avoid this type of packet conflict, this step needs to be locked. That is, only the atomic operation can be performed when the flow table is established, and the flow table is prevented from being in error. That is, the following operations are performed only for the packet, ensuring that only one packet with the same hash value is constructed at this time. Table processing,
203:根据第 z ( l≤z'≤N )级的存储空间的大小,获取一个掩码,将获取到的该掩码与 201 中得到的哈希值进行相与操作, 从而获取一个索引; 根据该第 z级的存储空间的基址, 该报 文的五元组的大小和计算得到的索引, 计算获取第 z级存储空间的一个地址。  203: Obtain a mask according to the size of the storage space of the zth (l≤z'≤N) level, and perform the AND operation on the obtained hash value with the hash value obtained in 201, thereby obtaining an index; According to the base address of the storage space of the zth stage, the size of the quintuple of the message and the calculated index are calculated to obtain an address of the z-th storage space.
204: 根据获取的地址取得该地址对应的流表的内容, 根据流表的标志位, 判断获取的 地址对应的流表是否为空闲, 如果是, 则执行 205 ; 否则执行 206。  204: Obtain the content of the flow table corresponding to the address according to the obtained address, and determine, according to the flag of the flow table, whether the flow table corresponding to the obtained address is idle, and if yes, execute 205; otherwise, execute 206.
205: 将报文的相应内容存储到该地址对应的位置中建立流表, 并设置相应的标志位, 表示此时该位置的流表已被占用, 然后执行 209。 206: 判断此时 z是否等于 N, 即判断是否已经查找到第 N级, 如果是, 执行 207 ; 否则 执行 208。 205: Store the corresponding content of the message in the location corresponding to the address to establish a flow table, and set a corresponding flag bit, indicating that the flow table of the location is occupied at this time, and then execute 209. 206: Determine whether z is equal to N at this time, that is, determine whether the Nth level has been found, if yes, execute 207; otherwise, execute 208.
207:说明在前 N级的存储空间中,都没有空闲的存储空间来存放该报文的相应内容(即 在前 N级的存储空间都出现了建立该报文流表的冲突), 则直接将报文的相应内容存放到第 N+1级的 TCAM中, 在 TCAM中建立流表, 置相应的标志位, 从而实现了快速收敛。  207: It is indicated that in the storage space of the first N levels, there is no free storage space for storing the corresponding content of the packet (that is, a conflict occurs in the storage space of the first N level to establish the packet flow table), The corresponding content of the message is stored in the TCAM of the N+1th level, and the flow table is established in the TCAM, and the corresponding flag bit is set, thereby achieving fast convergence.
208: 令 z' = z' + l后, 返回执行步骤 203。  208: After z' = z' + l, return to step 203.
209: 当流表建立成功后, 进行解锁, 此时, 正向流表就成功建立。  209: After the flow table is successfully established, the unlocking is performed, and the forward flow table is successfully established.
上述以建立正向流表为例进行的说, 当建立反向流表时, 方法类似, 不再赘述。  The above example takes the establishment of a forward flow table as an example. When a reverse flow table is established, the method is similar and will not be described again.
综上所述, 为本发明实施例提供的查找和建立流表的实现报文的快速转发的过程, 查 找时, 根据报文的关键字段采用哈希算法获得键值在前 N级逐级查找。 如果前 N级存储空 间都失败, 则直接在 TCAM中快速查找; 建表时, 根据报文的关键字段采用哈希算法获得键 值在前 N级逐级查找空闲空间, 若空闲则直接插入, 若冲突则往后逐级查找; 如果前 N级 哈希存储空间都冲突, 则直接存储到 TCAM中。  In summary, the method for searching and establishing a flow table to implement fast forwarding of a packet is provided in the embodiment of the present invention. When searching, a hash algorithm is used according to a key segment of the packet to obtain a key value in the first N level. Find. If the first N-level storage space fails, it is directly searched in the TCAM. When the table is built, the hash value is used according to the key segment of the packet to obtain the key value. The free space is searched in the first N level. If it is idle, it is directly inserted. If there is a conflict, it will be searched step by step. If the previous N-level hash storage spaces conflict, it will be directly stored in the TCAM.
需要特别地注意的是, 在流表建立过程中, 需要保证一次只处理一个具有相同哈希值 的报文。 如前文所述, 例如: 当在进行首包的流表建立时, 如果出现了隶属于同一类数据 报文 (即拥有相同关键字段的报文) 的伪首包也需要建立流表的情况, 如当在数据流中的 首包 A建立流表的过程中, ώ于该数据流报文对应的流表还未建立, 导致该数据流中的报 文 Β无法命中相应的流表, 而出现了需要建立流表的需求, 此时, 称该报文 Β为伪首包, 针对该情况, 由于对首包 Α执行了加锁, 所以伪首包 B处于等待状态, 等待首包 A建立流 表解锁后, 伪首包 B就可以根据首包 A建立的流表进行转发。  It is important to note that during the flow table creation process, it is necessary to ensure that only one message with the same hash value is processed at a time. As described above, for example: When the flow table of the first packet is created, if a pseudo-first packet belonging to the same type of data packet (that is, a packet having the same key segment) is present, the flow table needs to be established. For example, in the process of establishing the flow table in the first packet A in the data stream, the flow table corresponding to the data flow message has not been established, so that the message in the data flow cannot hit the corresponding flow table, and There is a need to establish a flow table. At this time, the message is said to be a pseudo first packet. For this case, since the first packet is locked, the pseudo first packet B is in a waiting state, waiting for the first packet A to be established. After the flow table is unlocked, the pseudo first packet B can be forwarded according to the flow table established by the first package A.
还需要注意的是, 当处理具有相同哈希值的不同类数据报文的首包时, 如果当在进行 第一类报文的首包的流表建立时, 出现了另一类型的具有相同哈希值的报文的首包需要建 立流表, 由于该两类报文的首包计算获取到的哈希值相同, 同时对该两类报文的首包进行 处理会导致流表建立时出现冲突, 造成建表错误。 本实施例为了避免建立流表的冲突, 所 以采用加锁的方法, 即在为第一类报文的首包建立流表时, 执行加锁, 当该类首包建表成 功, 解锁后, 再执行第二类报文的首包的建表, 从而确保了虽然是具有相同哈希值的报文, 但是会在不同的地址对应的流表位置建立各自的流表, 确保了建表的准确性。  It should also be noted that when processing the first packet of different types of data packets having the same hash value, if another type of data packet is created when the flow table of the first packet of the first type packet is created, The first packet of the hashed packet needs to be created. The hash value obtained by the first packet of the two types of packets is the same, and the first packet of the two types of packets is processed. A conflict has occurred, causing a mistake in building a table. In this embodiment, in order to avoid conflicts in the flow table, the locking method is adopted, that is, when the flow table is created for the first packet of the first type of packet, the locking is performed. When the first packet is successfully created, after the unlocking, Then, the first packet of the second type of packet is constructed, thereby ensuring that although the packets have the same hash value, the flow tables are established at different flow table locations corresponding to different addresses, thereby ensuring the construction of the table. accuracy.
本发明实施例采用普通存储空间中多级哈希表存储和 TCAM直接存储相结合的办法, 减 少了存储流表的冲突概率。 本发明实施例采用的 N+ 1级存储空间模式, 前 N级存储空间还 可以根据流表规格需要及性能需求进行动态配置级数,最后一级采用 TCAM实现了快速收敛, 从而实现了成本规格及性能的平衡, 有利于网络运营商开展各种丰富类型的业务。 实施例 3 The embodiment of the invention adopts a combination of multi-level hash table storage and TCAM direct storage in a common storage space, which reduces the collision probability of the storage flow table. In the N+1 storage space mode adopted by the embodiment of the present invention, the first N level storage space can also dynamically configure the number of stages according to the flow table specification requirements and performance requirements, and the last stage adopts TCAM to achieve fast convergence, thereby realizing cost specifications and The balance of performance is conducive to network operators to carry out a variety of rich types of business. Example 3
参见图 3, 本发明实施例提供了一种报文转发的方法, 本实施例仍以设置了 N+1级别存 储空间为例进行说明, 其中前 N级为普通存储设备如 SRAM\DRAM等提供的存储空间, 第 N+1 级为 TCAM等存储设备提供的高速存储空间, 利用本发明实施例提供的方法, 报文转发时根 据报文的关键字段采用哈希算法获得的键值在前 N级存储空间逐级进行查找; 如果前 N级 存储空间都查找失败, 则直接在 TCAM中进行快速查找, 并在查找的过程中通过记录下的存 储空间的地址对应的空闲流表的相关信息, 当报文为首包时, 可以直接通过记录的信息, 将报文存储到对应的存储空间的空闲流表中。 具体内容包括如下:  Referring to FIG. 3, an embodiment of the present invention provides a method for forwarding a packet. This embodiment is described by taking an N+1 storage space as an example. The first N level is provided for a common storage device such as SRAM\DRAM. The storage space, the N+1 level is a high-speed storage space provided by a storage device such as a TCAM, and the method provided by the embodiment of the present invention uses a hash algorithm to obtain a key value according to a key segment of the packet when the packet is forwarded. The N-level storage space is searched step by step. If the first N-level storage space fails to be searched, the fast search is performed directly in the TCAM, and the information about the idle flow table corresponding to the address of the storage space recorded in the process of searching is obtained. When the packet is the first packet, the packet can be directly stored in the idle flow table of the corresponding storage space by using the recorded information. The specific contents include the following:
301: 接收转发报文, 获取该报文的关键字段, 对关键字段采用哈希算法, 得到一个哈 希值。  301: Receive a forwarding packet, obtain a key segment of the packet, and adopt a hash algorithm on the key segment to obtain a hash value.
其中, 本实施例中报文的关键字段以常用的五元组 (源 IP地址,目的 IP地址,协议号, 源端口号,目的端口号) 为例进行说明。  The key field of the packet in this embodiment is described by using a common five-tuple (source IP address, destination IP address, protocol number, source port number, and destination port number) as an example.
302: 根据第 z' ( l≤z'≤N )级的存储空间的大小, 获取一个掩码, 将获取到的该掩码与 301 中得到的哈希值进行相与操作, 从而获取一个索引; 根据该第 z'级存储空间的基址 (起 始地址)、 报文的五元组大小和所述索引, 计算获取一个该第级存储空间的地址。  302: Obtain a mask according to the size of the storage space of the z'th (l≤z'≤N) level, and perform the AND operation on the obtained mask and the hash value obtained in 301, thereby obtaining an index. And obtaining an address of the first-level storage space according to the base address (starting address) of the z-th storage space, the quintuple size of the message, and the index.
其中, 根据存储空间的大小, 获取一个掩码时, 掩码全 1 ; 通常, 为了避免冲突的产生, 存储空间越大对应着掩码取值位数越多。 在获取存储空间的地址时, 通常采用计算方法如 下:  When a mask is obtained according to the size of the storage space, the mask is all 1; usually, in order to avoid conflicts, the larger the storage space, the more the number of bits corresponding to the mask. When obtaining the address of the storage space, the calculation method is usually as follows:
存储空间的地址=存储空间的基址十五元组大小 X索引;  Address of storage space = base address of storage space 15-tuple size X index;
303: 根据获取的存储空间的地址, 通过查看该地址对应流表的标志位, 判断该流表是 否空闲, 如果是, 则执行 305 ; 否则, 执行 304。  303: Determine, according to the address of the obtained storage space, whether the flow table is idle according to the address of the obtained storage space, and if yes, execute 305; otherwise, execute 304.
304: 判断该报文的五元组和该级存储空间对应的流表中存放的五元组是否完全匹配, 如果是, 说明该报文命中流表, 执行 309 ; 否则, 说明该报文在该级存储空间进行流表查找 时, 出现了冲突, 执行 306。  304: Determine whether the quintuple of the packet matches the quintuple stored in the flow table corresponding to the storage space of the level, and if yes, the packet hits the flow table, and executes 309; otherwise, the packet is When the level storage space performs a flow table lookup, a conflict occurs, and execution 306 is performed.
305: 记录下该空闲流表的相关信息后, 执行 306。  305: After recording the information about the idle flow table, execute 306.
306: 判断是否已经是查找第 N级, 如果是, 则执行 307 ; 否则, 执行步骤 308。  306: Determine whether it is already searching for the Nth level, if yes, execute 307; otherwise, go to step 308.
307: 取得该报文的五元组在 TCAM 中执行快速查找, 判断是否命中相应的流表, 如果 是, 执行 309 ; 否则, 执行 310。  307: The quintuple that obtains the message performs a fast lookup in the TCAM to determine whether to hit the corresponding flow table, and if so, executes 309; otherwise, executes 310.
308: i = i + l , 执行步骤 302。  308: i = i + l , go to step 302.
309: 查找该报文的相关信息, 进行该报文的快速转发, 结束。  309: Find the related information of the packet, perform fast forwarding of the packet, and end.
本步骤中查找该报文的相关信息, 主要是查找该报文对应的流表和其动作表的对应关 系, 通过流表和动作表结合在一起, 才能完成报文的快速转发。 In this step, the related information of the packet is searched, mainly to find the corresponding flow table of the packet and the corresponding relationship of the action table. Therefore, the flow table and the action table are combined to complete the fast forwarding of the message.
310: 说明该报文为首包, 需要为该报文建立流表; 记录 TCAM 中下该空闲流表的相关 信息, 然后执行 311。  310: The packet is the first packet, and a flow table needs to be established for the packet; the related information of the idle flow table in the TCAM is recorded, and then 311 is performed.
311: 执行加锁动作。  311: Perform the lock action.
312: 根据记录的空闲流表的相关信息, 将该报文存入相应的存储空间中。  312: The message is stored in the corresponding storage space according to the related information of the recorded idle flow table.
例如, 在查找过程中, 记录下的空闲流表的相关信息具体为存储空间的标识、 存储空 间的地址的标识以及空闲状态等信息。 参见表 1, 提供了一种记录相关信息的示意表。  For example, in the search process, the information about the idle flow table recorded is specifically the identifier of the storage space, the identifier of the address of the storage space, and the idle state. See Table 1, which provides a schematic table for recording relevant information.
表 1  Table 1
Figure imgf000012_0001
Figure imgf000012_0001
如表 1 所示, 此时将该报文存入第一次出现空闲的存储空间中 (即在第二级存储空间 的地址为 B的位置建立流表), 当前 N级的存储空间都处于非空闲状态, 则直接在第 N+1级 的 TCAM存储空间为该报文建立流表, 从而实现快速收敛。  As shown in Table 1, the message is stored in the first free storage space (that is, the flow table is established at the address of the second-level storage space B), and the current N-level storage space is In the non-idle state, a flow table is created for the packet in the T+1 storage space of the N+1th level, thereby achieving fast convergence.
313: 执行解锁动作。  313: Perform an unlock action.
本发明实施例采用普通存储空间中多级哈希表存储和 TCAM直接存储相结合的办法, 减 少了存储流表的冲突概率; 同时, 收到报文后, 通过在查找流表的过程中记录下空闲流表 的相关信息的方式, 当该报文为首包时, 利用记录的空闲流表的相关信息为该报文建立流 表, 节约了建立流表的时间。 本发明实施例采用的 N+ 1级存储空间模式, 前 N级存储空间 还可以根据流表规格需要及性能需求进行动态配置级数, 最后一级采用 TCAM实现了快速收 敛, 从而实现了成本规格及性能的平衡, 有利于网络运营商开展各种丰富类型的业务。 实施例 4  The embodiment of the present invention adopts a combination of multi-level hash table storage and TCAM direct storage in a common storage space, which reduces the collision probability of the storage flow table. Meanwhile, after receiving the message, the record is recorded in the process of searching the flow table. In the manner of the information about the idle flow table, when the packet is the first packet, the flow table is created for the packet by using the related information of the recorded idle flow table, thereby saving the time for establishing the flow table. In the N+1 storage space mode adopted by the embodiment of the present invention, the first N level storage space can also dynamically configure the number of stages according to the flow table specification requirements and performance requirements, and the last stage adopts TCAM to achieve fast convergence, thereby realizing cost specifications and The balance of performance is conducive to network operators to carry out a variety of rich types of business. Example 4
参见图 4, 本发明实施例提供了一种报文转发的设备, 设备包括:  Referring to FIG. 4, an embodiment of the present invention provides a device for forwarding a packet, where the device includes:
接收及获取模块 401, 用于接收报文, 获取报文的关键字段;  The receiving and obtaining module 401 is configured to receive a packet, and obtain a key segment of the packet.
查找及转发模块 402, 用于根据关键字段, 查找第一类存储空间中是否有与接收及获取 模块 401 获取到的关键字段对应的流表, 如果是, 根据流表转发报文; 否则, 根据关键字 段, 查找第二类存储空间是否有与关键字段对应的流表; 如果是, 根据在第二类存储空间 中查找到的流表转发报文。  The search and forward module 402 is configured to search, according to the keyword segment, whether the flow table corresponding to the key segment obtained by the receiving and obtaining module 401 is in the first type of storage space, and if yes, forward the packet according to the flow table; otherwise, And searching, according to the keyword segment, whether the second type of storage space has a flow table corresponding to the key field; if yes, forwarding the packet according to the flow table found in the second type of storage space.
本发明实施例提供的报文转发的设备, 采用多级存储空间, 减少了存储流表的冲突概 率。 多级存储空间的最后一级为第二类存储空间 (即高速存储空间), 各级还可以根据流表 规格需要及性能需求进行动态配置级数, 最后一级采用高速存储空间实现了快速收敛, 从 而实现了成本规格及性能的平衡, 有利于网络运营商开展各种丰富类型的业务。 实施例 5 The device for forwarding a packet according to the embodiment of the present invention uses a multi-level storage space, which reduces the conflict of the storage flow table. Rate. The last level of the multi-level storage space is the second type of storage space (ie, high-speed storage space). The levels can also be dynamically configured according to the flow table specification requirements and performance requirements. The final stage uses high-speed storage space to achieve fast convergence. In order to achieve a balance between cost specifications and performance, it is beneficial for network operators to carry out various types of services. Example 5
参见图 5, 本发明实施例提供了一种报文转发的设备, 设备包括:  Referring to FIG. 5, an embodiment of the present invention provides a device for forwarding a packet, where the device includes:
接收及获取模块 501, 用于接收报文, 获取报文的关键字段;  The receiving and obtaining module 501 is configured to receive a packet, and obtain a key segment of the packet.
查找及转发模块 502, 用于根据关键字段, 查找第一类存储空间中是否有与接收及获取 模块 501 获取到的关键字段对应的流表, 如果是, 根据流表转发报文; 否则, 根据关键字 段, 查找第二类存储空间是否有与关键字段对应的流表; 如果是, 根据在第二类存储空间 中查找到的流表转发报文。  The locating and forwarding module 502 is configured to: according to the keyword segment, search for a flow table corresponding to the key segment obtained by the receiving and obtaining module 501 in the first type of storage space, and if yes, forward the packet according to the flow table; otherwise, And searching, according to the keyword segment, whether the second type of storage space has a flow table corresponding to the key field; if yes, forwarding the packet according to the flow table found in the second type of storage space.
其中, 该查找及转发模块 502具体包括:  The lookup and forwarding module 502 specifically includes:
获取单元 5021, 用于获取第一类存储空间的当前存储空间的流表;  The obtaining unit 5021 is configured to obtain a flow table of a current storage space of the first type of storage space.
查找及转发单元 5022,用于根据获取单元 5021获取到的第一类存储空间的当前存储空 间的流表, 当查找到与关键字段相对应的流表, 则根据查找到的与关键字段相对应的流表 转发报文, 否则, 查找当前存储空间的下一级存储空间; 当第一类存储空间的各级存储空 间中没有查找到与关键字段相对应的流表时, 查找第二类存储空间。  The lookup and forwarding unit 5022 is configured to: according to the flow table of the current storage space of the first type of storage space acquired by the obtaining unit 5021, when the flow table corresponding to the key segment is found, according to the found and the key segment The corresponding flow table forwards the packet. Otherwise, it searches for the next-level storage space of the current storage space. When the flow table corresponding to the key segment is not found in the storage space of the first-class storage space, the search is performed. The second type of storage space.
其中, 获取单元 5021具体包括:  The obtaining unit 5021 specifically includes:
计算子单元, 用于计算关键字段的哈希值; 通过当前存储空间的大小获取掩码; 对哈 希值与掩码相与获取索引; 计算索引和关键字段的乘积值; 根据乘积值与存储空间的基址 之和, 获取当前存储空间的地址;  a calculation subunit, configured to calculate a hash value of the key segment; obtain a mask by the size of the current storage space; and obtain an index by summing the hash value and the mask; calculating a product value of the index and the key segment; according to the product value The sum of the base address of the storage space, and the address of the current storage space;
获取子单元, 用于根据计算子单元获取的当前存储空间的地址获取查找当前存储空间 的流表。  The obtaining subunit is configured to obtain a flow table for finding a current storage space according to an address of a current storage space obtained by the calculation subunit.
本发明实施例提供的报文转发的设备, 采用多级存储空间, 减少了存储流表的冲突概 率。 多级存储空间的最后一级为第二类存储空间 (即高速存储空间), 各级还可以根据流表 规格需要及性能需求进行动态配置级数, 最后一级采用高速存储空间实现了快速收敛, 从 而实现了成本规格及性能的平衡, 有利于网络运营商开展各种丰富类型的业务。 实施例 6  The device for forwarding a packet according to the embodiment of the present invention uses a multi-level storage space, which reduces the probability of collision of the storage flow table. The last level of the multi-level storage space is the second type of storage space (ie, high-speed storage space). The levels can also be dynamically configured according to the flow table specification requirements and performance requirements. The final stage uses high-speed storage space to achieve fast convergence. In order to achieve a balance between cost specifications and performance, it is beneficial for network operators to carry out various types of services. Example 6
参见图 6, 本发明实施例提供了一种报文转发的设备,设备包括:  Referring to FIG. 6, an embodiment of the present invention provides a device for forwarding a packet, where the device includes:
接收及获取模块 601, 用于接收报文, 获取报文的关键字段; 查找及转发模块 602, 用于根据关键字段, 查找第一类存储空间中是否有与接收及获取 模块 601 获取到的关键字段对应的流表, 如果是, 根据流表转发报文; 否则, 根据关键字 段, 查找第二类存储空间是否有与关键字段对应的流表; 如果是, 根据在第二类存储空间 中查找到的流表转发报文。 The receiving and obtaining module 601 is configured to receive a packet, and obtain a key segment of the packet. The locating and forwarding module 602 is configured to: according to the keyword segment, find, in the first type of storage space, a flow table corresponding to the key segment obtained by the receiving and obtaining module 601, and if yes, forward the packet according to the flow table; otherwise, And searching, according to the keyword segment, whether the second type of storage space has a flow table corresponding to the key field; if yes, forwarding the packet according to the flow table found in the second type of storage space.
建表模块 603,用于当查找及转发模块 602查找第二类存储空间没有与关键字段对应的 流表时, 为报文建立流表, 其中, 该建表模块 603具体包括:  The table construction module 603 is configured to: when the lookup and forwarding module 602 searches for the flow table that is not corresponding to the key field in the second type of storage space, the flow table is created for the message, where the table construction module 603 specifically includes:
获取单元, 用于获取报文的关键字段的哈希值;  An obtaining unit, configured to obtain a hash value of a key segment of the packet;
处理单元, 用于根据获取单元获取的哈希值, 通过第一类存储空间的当前存储空间的 大小获取掩码; 对哈希值与掩码相与获取索引; 计算索引和关键字段的乘积值; 根据乘积 值和当前存储空间的基址, 获取当前存储空间中的地址, 判断地址对应的流表是否空闲, 如果是, 在当前存储空间的地址为报文建立流表; 否则, 查找当前存储空间的下一级存储 空间; 当第一类存储空间的各级存储空间中的地址对应的流表是非空闲状态, 在第二类存 储空间为报文建立流表。  a processing unit, configured to obtain a mask according to a size of a current storage space of the first type of storage space according to a hash value obtained by the acquiring unit; and obtain an index by comparing the hash value with the mask; and calculate a product of the index and the key segment The value of the current storage space is obtained according to the product value and the base address of the current storage space, and the flow table corresponding to the address is determined to be idle. If yes, the current storage space address is a flow table for the packet; otherwise, the current search is performed. The next-level storage space of the storage space; when the flow table corresponding to the address in the storage space of the first-class storage space is a non-idle state, the flow table is established for the packet in the storage space of the second type.
进一步地, 建表模块 603还包括:  Further, the table building module 603 further includes:
判断单元, 用于当获取单元获取到报文的关键字段的哈希值后, 判断是否有相同哈希 值的报文正在被加锁,  a judging unit, configured to determine, after the obtaining unit obtains a hash value of the key segment of the packet, whether the packet with the same hash value is being locked,
第一处理单元, 用于当判断单元判断的结果为是, 报文等待相同哈希值的报文解锁后, 执行相应的动作;  a first processing unit, configured to: when the judgment unit determines that the result is yes, the message waits for the message with the same hash value to be unlocked, and performs a corresponding action;
加锁单元, 用于当判断单元判断的结果为否, 对报文加锁;  The locking unit is configured to lock the message when the judgment unit determines that the result is no;
相应地, 建表模块 603还包括:  Accordingly, the table building module 603 further includes:
解锁单元, 用于当为报文建立流表后, 对被加锁的报文进行解锁。  The unlocking unit is configured to unlock the locked packet after the flow table is created for the packet.
第一处理单元具体包括:  The first processing unit specifically includes:
处理子单元, 用于根据获取单元获取的报文的关键字段的哈希值; 判断报文和相同的 哈希值的报文是否属于同一类型, 如果是, 则报文等待相同哈希值的报文解锁后, 根据相 同哈希值的报文建立的流表, 进行报文的快速转发; 否则, 报文等待相同哈希值的报文解 锁后, 为报文建立流表。  a processing subunit, configured to: according to the hash value of the key field of the packet obtained by the obtaining unit; determine whether the packet and the same hash value belong to the same type, and if yes, the message waits for the same hash value After the packet is unlocked, the packet is fast forwarded according to the flow table created by the same hash value. Otherwise, after the packet waits for the same hash value to be unlocked, the flow table is created for the packet.
本发明实施例提供的报文转发的设备, 采用多级存储空间, 减少了存储流表的冲突概 率。 多级存储空间的最后一级为第二类存储空间 (即高速存储空间), 各级还可以根据流表 规格需要及性能需求进行动态配置级数, 最后一级采用高速存储空间实现了快速收敛, 从 而实现了成本规格及性能的平衡, 有利于网络运营商开展各种丰富类型的业务。 实施例 7 The device for forwarding a packet according to the embodiment of the present invention adopts a multi-level storage space, which reduces the collision probability of the storage flow table. The last level of the multi-level storage space is the second type of storage space (ie, high-speed storage space). The levels can also be dynamically configured according to the flow table specification requirements and performance requirements. The final stage uses high-speed storage space to achieve fast convergence. In order to achieve a balance between cost specifications and performance, it is beneficial for network operators to carry out various types of services. Example 7
参见图 7, 本发明实施例提供了一种报文转发的设备,设备包括:  Referring to FIG. 7, an embodiment of the present invention provides a device for forwarding a packet, where the device includes:
接收及获取模块 701, 用于接收报文, 获取报文的关键字段;  The receiving and obtaining module 701 is configured to receive a packet, and obtain a key segment of the packet.
查找及转发模块 702, 用于根据关键字段, 查找第一类存储空间中是否有与接收及获取 模块 701 获取到的关键字段对应的流表, 如果是, 根据流表转发报文; 否则, 根据关键字 段, 查找第二类存储空间是否有与关键字段对应的流表; 如果是, 根据在第二类存储空间 中查找到的流表转发报文。  The locating and forwarding module 702 is configured to search, according to the keyword segment, whether the flow table corresponding to the key segment obtained by the receiving and obtaining module 701 is in the first type of storage space, and if yes, forward the packet according to the flow table; otherwise, And searching, according to the keyword segment, whether the second type of storage space has a flow table corresponding to the key field; if yes, forwarding the packet according to the flow table found in the second type of storage space.
记录模块 703, 用于当查找及转发模块 702进行查找和转发时, 记录第一类存储空间的 各级存储空间中的地址对应的流表的空闲信息;  The recording module 703 is configured to: when the lookup and forwarding module 702 searches and forwards, record idle information of the flow table corresponding to the address in each storage space of the first type of storage space;
建表模块 704,用于当查找及转发模块 702查找第二类存储空间没有与关键字段对应的 流表时, 为报文建立流表, 其中, 该建表模块 704具体包括:  The table construction module 704 is configured to: when the lookup and forwarding module 702 searches for the flow table that is not corresponding to the key field in the second type of storage space, the flow table is created for the message, where the table construction module 704 specifically includes:
获取单元, 用于获取报文的关键字段的哈希值;  An obtaining unit, configured to obtain a hash value of a key segment of the packet;
处理单元, 用于根据获取单元获取的哈希值, 根据记录模块 703 记录的空闲信息, 在 各级存储空间中首次出现空闲的存储空间的地址, 为报文建立流表; 当第一类存储空间的 各级存储空间中的地址对应的流表是非空闲状态, 在第二类存储空间为报文建立流表。  a processing unit, configured to: according to the hash value obtained by the obtaining unit, according to the idle information recorded by the recording module 703, the address of the idle storage space appears for the first time in each storage space, and the flow table is established for the packet; The flow table corresponding to the address in the storage space of the space is a non-idle state, and the flow table is established for the packet in the second type of storage space.
进一步地, 建表模块 704还包括:  Further, the table building module 704 further includes:
判断单元, 用于当获取单元获取到报文的关键字段的哈希值后, 判断是否有相同哈希 值的报文正在被加锁,  a judging unit, configured to determine, after the obtaining unit obtains a hash value of the key segment of the packet, whether the packet with the same hash value is being locked,
第一处理单元, 用于当判断单元判断的结果为是, 报文等待相同哈希值的报文解锁后, 执行相应的动作;  a first processing unit, configured to: when the judgment unit determines that the result is yes, the message waits for the message with the same hash value to be unlocked, and performs a corresponding action;
加锁单元, 用于当判断单元判断的结果为否, 对报文加锁;  The locking unit is configured to lock the message when the judgment unit determines that the result is no;
相应地, 建表模块 704还包括:  Accordingly, the build module 704 also includes:
解锁单元, 用于当为报文建立流表后, 对被加锁的报文进行解锁。  The unlocking unit is configured to unlock the locked packet after the flow table is created for the packet.
第一处理单元具体包括:  The first processing unit specifically includes:
处理子单元, 用于根据获取单元获取的报文的关键字段的哈希值; 判断报文和相同的 哈希值的报文是否属于同一类型, 如果是, 则报文等待相同哈希值的报文解锁后, 根据相 同哈希值的报文建立的流表, 进行报文的快速转发; 否则, 报文等待相同哈希值的报文解 锁后, 为报文建立流表。  a processing subunit, configured to: according to the hash value of the key field of the packet obtained by the obtaining unit; determine whether the packet and the same hash value belong to the same type, and if yes, the message waits for the same hash value After the packet is unlocked, the packet is fast forwarded according to the flow table created by the same hash value. Otherwise, after the packet waits for the same hash value to be unlocked, the flow table is created for the packet.
本发明实施例提供的报文转发的设备, 采用多级存储空间, 减少了存储流表的冲突概 率。 多级存储空间的最后一级为第二类存储空间 (即高速存储空间), 各级还可以根据流表 规格需要及性能需求进行动态配置级数, 最后一级采用高速存储空间实现了快速收敛, 从 而实现了成本规格及性能的平衡, 有利于网络运营商开展各种丰富类型的业务。 The device for forwarding a packet according to the embodiment of the present invention adopts a multi-level storage space, which reduces the collision probability of the storage flow table. The last level of the multi-level storage space is the second type of storage space (ie, high-speed storage space). The levels can also be dynamically configured according to the flow table specification requirements and performance requirements. The final stage uses high-speed storage space to achieve fast convergence. , From The balance between cost specifications and performance is realized, which is beneficial to network operators to carry out various types of services.
本发明实施例中的部分步骤, 可以利用软件实现, 相应的软件程序可以存储在可读取 的存储介质中, 如光盘或硬盘等。  Some of the steps in the embodiment of the present invention may be implemented by software, and the corresponding software program may be stored in a readable storage medium such as an optical disk or a hard disk.
以上所述仅为本发明的具体实施例, 并不用以限制本发明, 对于本技术领域的普通技 术人员来说, 凡在不脱离本发明原理的前提下, 所作的任何修改、 等同替换、 改进等, 均 应包含在本发明的保护范围之内。  The above is only a specific embodiment of the present invention, and is not intended to limit the present invention, and any modifications, equivalents, and improvements made by those skilled in the art without departing from the principles of the present invention. And so on, should be included in the scope of protection of the present invention.

Claims

权 利 要 求 书 Claim
1.一种报文转发的方法, 其特征在于, 所述方法包括:  A method for forwarding a packet, the method comprising:
接收报文, 获取所述报文的关键字段;  Receiving a message, and obtaining a key field of the message;
根据所述关键字段, 查找第一类存储空间中是否有与所述关键字段对应的流表, 如果 是, 根据所述流表转发所述报文; 否则, 根据所述关键字段, 查找第二类存储空间是否有 与所述关键字段对应的流表; 如果是, 根据在所述第二类存储空间中查找到的流表转发所 述报文。  Determining, according to the key field, a flow table corresponding to the key field in the first type of storage space, and if yes, forwarding the message according to the flow table; otherwise, according to the key field, Finding whether the second type of storage space has a flow table corresponding to the key field; if yes, forwarding the message according to the flow table found in the second type of storage space.
2. 如权利要求 1所述的报文转发的方法, 其特征在于, 所述第一类存储空间为多级存 储空间, 相应地, 所述根据所述关键字段, 查找第一类存储空间中是否有与所述关键字段 对应的流表, 如果是, 根据所述流表转发所述报文; 否则, 根据所述关键字段, 查找第二 类存储空间是否有与所述关键字段对应的流表, 包括:  The packet forwarding method according to claim 1, wherein the first type of storage space is a multi-level storage space, and correspondingly, the first type of storage space is searched according to the key segment. Whether there is a flow table corresponding to the key field, and if yes, forwarding the message according to the flow table; otherwise, searching for the second type of storage space and the keyword according to the key segment The flow table corresponding to the segment, including:
获取所述第一类存储空间的当前存储空间的流表, 当查找到与所述关键字段相对应的 流表, 则根据所述流表转发所述报文, 否则, 查找所述当前存储空间的下一级存储空间; 当所述第一类存储空间的各级存储空间中均没有查找到与所述关键字段相对应的流表时, 查找所述第二类存储空间是否有与所述关键字段对应的流表。  Obtaining a flow table of the current storage space of the first type of storage space, and when the flow table corresponding to the key field is found, forwarding the packet according to the flow table, otherwise, searching for the current storage The storage space of the next level of space; when no flow table corresponding to the key field is found in each storage space of the first type of storage space, whether the storage space of the second type is found The flow table corresponding to the key field.
3. 如权利要求 2所述的报文转发的方法, 其特征在于, 所述获取所述第一类存储空间 的当前存储空间的流表, 具体包括:  The method for forwarding a packet according to claim 2, wherein the obtaining a flow table of the current storage space of the first type of storage space comprises:
计算所述关键字段的哈希值;  Calculating a hash value of the key field;
通过当前存储空间的大小获取掩码;  Obtain a mask by the size of the current storage space;
对所述哈希值与所述掩码相与获取索引;  And obtaining an index by comparing the hash value with the mask;
计算所述索引和所述关键字段的乘积值;  Calculating a product value of the index and the key segment;
根据所述乘积值与所述存储空间的基址之和, 获取所述当前存储空间的地址; 根据所述当前存储空间的地址, 获取所述当前存储空间的流表。  And obtaining an address of the current storage space according to the sum of the product value and the base address of the storage space; and acquiring a flow table of the current storage space according to the address of the current storage space.
4. 如权利要求 2所述的报文转发的方法, 其特征在于, 所述当查找到与所述关键字段 相对应的流表, 则根据所述流表转发所述报文, 否则, 查找所述当前存储空间的下一级存 储空间包括:  The packet forwarding method according to claim 2, wherein, when the flow table corresponding to the key field is found, the message is forwarded according to the flow table, otherwise, Finding the next-level storage space of the current storage space includes:
判断所述流表是否空闲, 如果所述流表不空闲, 则查找所述流表, 当查找到与所述关 键字段相应的流表, 则根据所述流表转发所述报文; 如果所述流表空闲, 查找所述当前存 储空间的下一级存储空间。  Determining whether the flow table is idle, if the flow table is not idle, searching for the flow table, and when the flow table corresponding to the key field is found, forwarding the message according to the flow table; The flow table is idle, and the next-level storage space of the current storage space is searched.
5. 如权利要求 2所述的报文转发的方法, 其特征在于, 所述方法还包括:  5. The method of packet forwarding according to claim 2, wherein the method further comprises:
当查找所述第二类存储空间没有与所述关键字段对应的流表时, 为所述报文建立流表。 When the flow table corresponding to the key segment is not found in the second type of storage space, a flow table is created for the packet.
6. 如权利要求 5 所述的报文转发的方法, 其特征在于,所述为所述报文建立流表, 具 体包括: The method for forwarding a packet according to claim 5, wherein the establishing a flow table for the packet includes:
获取所述报文的关键字段的哈希值; 通过第一类存储空间的当前存储空间的大小获取 掩码; 对所述哈希值与所述掩码相与获取索引; 计算所述索引和所述关键字段的乘积值; 根据所述乘积值和所述当前存储空间的基址, 获取所述当前存储空间中的地址, 判断所述 地址对应的流表是否空闲, 如果是, 在所述当前存储空间的地址为所述报文建立流表; 否 贝 U, 查找所述当前存储空间的下一级存储空间; 当所述第一类存储空间的各级存储空间中 的地址对应的流表都是非空闲状态, 在所述第二类存储空间为所述报文建立流表。  Obtaining a hash value of the key field of the packet; obtaining a mask by using a size of a current storage space of the first type of storage space; acquiring an index with the hash value and the mask; and calculating the index a product value of the key field; obtaining an address in the current storage space according to the product value and a base address of the current storage space, and determining whether the flow table corresponding to the address is idle, and if so, The address of the current storage space is a flow table for the packet; the second U is used to find the next-level storage space of the current storage space; and the addresses in the storage spaces of the first-class storage spaces are corresponding to each other. The flow table is in a non-idle state, and a flow table is created for the message in the second type of storage space.
7. 如权利要求 5所述的报文转发的方法, 其特征在于, 所述方法还包括: 记录所述第 一类存储空间的各级存储空间中的地址对应的流表的空闲信息;  The method for forwarding a packet according to claim 5, wherein the method further comprises: recording idle information of a flow table corresponding to an address in each storage space of the first type of storage space;
相应地, 所述为所述报文建立流表, 具体包括:  Correspondingly, the establishing a flow table for the packet includes:
获取所述报文的关键字段的哈希值, 通过查找记录的所述第一类存储空间的各级存储 空间中的地址对应的流表的空闲信息, 在各级存储空间中首次出现空闲的存储空间的地址, 为所述报文建立流表; 当所述第一类存储空间的各级存储空间中的地址对应的流表都是非 空闲状态, 在所述第二类存储空间为所述报文建立流表。  Obtaining a hash value of the key field of the packet, and finding idle information in the storage space of each level by searching for the idle information of the flow table corresponding to the address in each storage space of the first type storage space of the record The address of the storage space is used to establish a flow table for the packet; when the flow table corresponding to the address in each storage space of the first type of storage space is a non-idle state, the second type of storage space is The message is created in a flow table.
8. 如权利要求 6或 7所述的报文转发的方法, 其特征在于, 所述获取所述报文的关键 字段的哈希值之后, 还包括:  The method for forwarding a packet according to claim 6 or 7, wherein after the obtaining the hash value of the key field of the packet, the method further includes:
判断是否有相同哈希值的报文正在被加锁, 如果是, 等待所述相同哈希值的报文解锁 后, 对所述报文执行相应的动作, 如果否, 则对所述报文加锁。  Determining whether a packet having the same hash value is being locked. If yes, after waiting for the packet with the same hash value to be unlocked, performing a corresponding action on the packet, and if not, the packet is Locked.
9. 如权利要求 8所述的报文转发的方法, 其特征在于, 所述方法还包括:  The method of packet forwarding according to claim 8, wherein the method further comprises:
当为所述报文建立流表后, 对所述报文解锁。  After the flow table is created for the packet, the packet is unlocked.
10. 如权利要求 8 所述的报文转发的方法, 其特征在于, 所述等待所述相同哈希值的 报文解锁后, 对所述报文执行相应的动作, 具体为:  The method for forwarding a packet according to claim 8, wherein after the message waiting for the same hash value is unlocked, performing a corresponding action on the packet, specifically:
根据获取所述报文的关键字段的哈希值, 判断所述报文和所述相同哈希值的报文是否 属于同一类型, 如果是, 则所述报文等待所述相同哈希值的报文解锁后, 根据所述相同哈 希值的报文建立的流表, 进行报文的快速转发; 否则, 所述报文等待所述相同哈希值的报 文解锁后, 为所述报文建立流表。  Determining, according to the hash value of the key segment of the packet, whether the packet and the packet with the same hash value belong to the same type, and if yes, the packet waits for the same hash value. After the packet is unlocked, the packet is quickly forwarded according to the flow table established by the packet with the same hash value; otherwise, after the packet waits for the packet with the same hash value to be unlocked, The packet is created with a flow table.
11 . 如权利要求 4所述的报文转发的方法, 其特征在于, 所述判断所述流表是否空闲 具体为:  The packet forwarding method according to claim 4, wherein the determining whether the flow table is idle is specifically:
通过查看所述当前存储空间的地址对应的标识位判断所述流表是否空闲。  Whether the flow table is idle is determined by checking the identifier bit corresponding to the address of the current storage space.
12. 如权利要求 1或 2所述的报文转发的方法, 其特征在于, 所述第二类存储空间包 括三态内容可寻址存储器。 The packet forwarding method according to claim 1 or 2, wherein the second type of storage space package Includes tri-state content addressable memory.
13. 一种报文转发设备, 其特征在于, 所述设备包括:  A packet forwarding device, the device comprising:
接收及获取模块, 用于接收报文, 获取所述报文的关键字段;  a receiving and acquiring module, configured to receive a packet, and obtain a key segment of the packet;
查找及转发模块, 用于根据所述关键字段, 查找第一类存储空间中是否有与所述接收 及获取模块获取到的关键字段对应的流表, 如果是, 根据所述流表转发所述报文; 否则, 根据所述关键字段, 查找第二类存储空间是否有与所述关键字段对应的流表; 如果是, 根 据在所述第二类存储空间中查找到的流表转发所述报文。  a search and forwarding module, configured to search, according to the key field, a flow table corresponding to the key segment obtained by the receiving and acquiring module in the first type of storage space, and if yes, forwarding according to the flow table If the message is found, according to the keyword segment, whether the second type of storage space has a flow table corresponding to the key field; and if so, according to the flow found in the second type of storage space. The table forwards the message.
14. 如权利要求 13所述的报文转发设备, 其特征在于, 所述查找及转发模块具体包括: 获取单元, 用于获取所述第一类存储空间的当前存储空间的流表;  The packet forwarding device according to claim 13, wherein the searching and forwarding module specifically includes: an obtaining unit, configured to acquire a flow table of a current storage space of the first type of storage space;
查找及转发单元, 用于根据所述获取单元获取到的流表, 当查找到与所述关键字段相 对应的流表, 则根据所述流表转发所述报文, 否则, 查找所述当前存储空间的下一级存储 空间; 当所述第一类存储空间的各级存储空间中没有查找到与所述关键字段相对应的流表 时, 查找所述第二类存储空间。  a lookup and forwarding unit, configured to: according to the flow table obtained by the obtaining unit, when the flow table corresponding to the key field is found, forwarding the message according to the flow table, otherwise, searching for the message The next-level storage space of the current storage space; when the flow table corresponding to the key segment is not found in the storage spaces of the first-class storage space, the second-type storage space is searched.
15. 如权利要求 14所述的报文转发设备, 其特征在于, 所述获取单元具体包括: 计算子单元, 用于计算所述关键字段的哈希值; 通过当前存储空间的大小获取掩码; 对所述哈希值与所述掩码相与获取索引; 计算所述索引和所述关键字段的乘积值; 根据所 述乘积值与所述存储空间的基址之和, 获取所述当前存储空间的地址;  The packet forwarding device according to claim 14, wherein the obtaining unit specifically includes: a calculating subunit, configured to calculate a hash value of the key segment; and acquiring a mask by using a size of a current storage space a code; obtaining an index on the hash value and the mask; calculating a product value of the index and the key segment; obtaining a location according to a sum of the product value and a base address of the storage space The address of the current storage space;
获取子单元, 用于根据所述计算子单元获取的当前存储空间的地址, 获取查找所述当 前存储空间的流表。  And an obtaining sub-unit, configured to obtain, according to the address of the current storage space acquired by the computing sub-unit, a flow table that searches for the current storage space.
16. 如权利要求 14所述的报文转发设备, 其特征在于, 当所述查找及转发模块查找所 述第二类存储空间没有与所述关键字段对应的流表时, 所述设备还包括建表模块;  The packet forwarding device according to claim 14, wherein when the searching and forwarding module searches for the flow table corresponding to the key segment in the second type of storage space, the device further Including the construction of the module;
所述建表模块具体包括:  The building module specifically includes:
获取单元, 用于获取所述报文的关键字段的哈希值;  An obtaining unit, configured to obtain a hash value of a key segment of the packet;
处理单元, 用于根据所述获取单元获取的哈希值, 通过第一类存储空间的当前存储空 间的大小获取掩码; 对所述哈希值与所述掩码相与获取索引; 计算所述索引和所述关键字 段的乘积值; 根据所述乘积值和所述当前存储空间的基址, 获取所述当前存储空间中的地 址, 判断所述地址对应的流表是否空闲, 如果是, 在所述当前存储空间的地址为所述报文 建立流表; 否则, 查找所述当前存储空间的下一级存储空间; 当所述第一类存储空间的各 级存储空间中的地址对应的流表都是非空闲状态, 在所述第二类存储空间为所述报文建立 流表。  a processing unit, configured to acquire, according to a hash value obtained by the acquiring unit, a size of a current storage space of the first type of storage space; and obtain an index by using the hash value and the mask; Determining, by the product value, an address in the current storage space, determining whether the flow table corresponding to the address is idle, if And establishing, in the current storage space, a flow table for the packet; otherwise, searching for a next-level storage space of the current storage space; and corresponding to an address in each storage space of the first-type storage space The flow table is in a non-idle state, and a flow table is created for the message in the second type of storage space.
17. 如权利要求 14所述的报文转发设备, 其特征在于, 所述设备还包括: 记录模块, 用于当所述查找及转发模块进行查找和转发时, 记录所述第一类存储空间 的各级存储空间中的地址对应的流表的空闲信息; The packet forwarding device according to claim 14, wherein the device further comprises: a recording module, configured to record idle information of a flow table corresponding to an address in each storage space of the first type of storage space when the searching and forwarding module performs the searching and forwarding;
相应地, 所述建表模块, 包括:  Correspondingly, the building module includes:
获取单元, 用于获取所述报文的关键字段的哈希值;  An obtaining unit, configured to obtain a hash value of a key segment of the packet;
处理单元, 用于根据所述获取单元获取的哈希值, 根据所述记录模块记录的空闲信息, 在各级存储空间中首次出现空闲的存储空间的地址, 为所述报文建立流表; 当所述第一类 存储空间的各级存储空间中的地址对应的流表都是非空闲状态, 在所述第二类存储空间为 所述报文建立流表。  a processing unit, configured to: according to the hash value acquired by the acquiring unit, the address of the idle storage space first appears in the storage space of each level according to the idle information recorded by the recording module, and establish a flow table for the packet; When the flow table corresponding to the address in the storage space of the first type of storage space is in a non-idle state, the flow table is established in the second type of storage space for the packet.
18. 如权利要求 16或 17所述的报文转发设备, 其特征在于, 所述建表模块还包括: 判断单元, 用于当所述获取单元获取到所述报文的关键字段的哈希值后, 判断是否有 相同哈希值的报文正在被加锁;  The packet forwarding device according to claim 16 or 17, wherein the table construction module further comprises: a determining unit, configured to: when the obtaining unit acquires a key segment of the packet After the Greek value, it is judged whether the message with the same hash value is being locked;
第一处理单元, 用于当所述判断单元判断的结果为是, 所述报文等待所述相同哈希值 的报文解锁后, 执行相应的动作;  a first processing unit, configured to: when the result of the determining by the determining unit is yes, after the message waits for the message of the same hash value to be unlocked, perform a corresponding action;
加锁单元, 用于当所述判断单元判断的结果为否, 对所述报文加锁;  a locking unit, configured to lock the message when the result of the determining by the determining unit is negative;
解锁单元, 用于当为所述报文建立流表后, 对所述被加锁的报文进行解锁。  The unlocking unit is configured to unlock the locked message after the flow table is created for the packet.
19. 如权利要求 18所述的报文转发设备, 其特征在于, 所述第一处理单元具体包括: 处理子单元, 用于根据所述获取单元获取的所述报文的关键字段的哈希值; 判断所述 报文和所述相同的哈希值的报文是否属于同一类型, 如果是, 则等待所述相同哈希值的报 文解锁后, 根据所述相同哈希值的报文建立的流表, 对所述报文进行快速转发; 否则, 所 述报文等待所述相同哈希值的报文解锁后, 为所述报文建立流表。  The packet forwarding device according to claim 18, wherein the first processing unit specifically includes: a processing subunit, configured to: according to the key segment of the packet acquired by the acquiring unit a value of the same hash value after the message of the same hash value is unlocked, if yes, if the message of the same hash value is the same type. The flow table is configured to perform fast forwarding on the packet; otherwise, after the packet is forged to be unlocked, the flow table is created for the packet.
PCT/CN2009/070378 2008-02-18 2009-02-06 A packet forwarding method and equipment WO2009103225A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN2008100081997A CN101247337B (en) 2008-02-18 2008-02-18 Packet forwarding method and equipment
CN200810008199.7 2008-02-18

Publications (1)

Publication Number Publication Date
WO2009103225A1 true WO2009103225A1 (en) 2009-08-27

Family

ID=39947547

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2009/070378 WO2009103225A1 (en) 2008-02-18 2009-02-06 A packet forwarding method and equipment

Country Status (2)

Country Link
CN (1) CN101247337B (en)
WO (1) WO2009103225A1 (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102469006A (en) * 2010-11-01 2012-05-23 杭州华三通信技术有限公司 Method and device for quickly forwarding data report
US20130170495A1 (en) * 2010-09-08 2013-07-04 Yoji Suzuki Switching system, switching control system, and storage medium
WO2014166073A1 (en) * 2013-04-09 2014-10-16 华为技术有限公司 Packet forwarding method and network device
US10212083B2 (en) 2013-10-30 2019-02-19 Lenovo Enterprise Solutions (Singapore) Pte. Ltd. Openflow data channel and control channel separation
CN110048961A (en) * 2019-04-24 2019-07-23 盛科网络(苏州)有限公司 Duplicate message detection method and system based on ASIC
CN112866115A (en) * 2020-12-31 2021-05-28 杭州迪普科技股份有限公司 Method, device, electronic equipment and storage medium for realizing transparent serial connection
CN113098858A (en) * 2021-03-29 2021-07-09 上海辰锐信息科技公司 Lock-free processing system and method for link establishment message
CN113489659A (en) * 2021-06-30 2021-10-08 新华三信息安全技术有限公司 Message processing method and device
CN113746749A (en) * 2020-05-29 2021-12-03 阿里巴巴集团控股有限公司 Network connection device
CN114338529A (en) * 2021-12-29 2022-04-12 杭州迪普信息技术有限公司 Quintuple rule matching method and device
WO2022193929A1 (en) * 2021-03-19 2022-09-22 翱捷科技股份有限公司 Network device, and method for sharing sending and receiving caches thereof

Families Citing this family (35)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101247337B (en) * 2008-02-18 2012-11-21 华为技术有限公司 Packet forwarding method and equipment
CN101364987B (en) * 2008-09-22 2011-11-16 华为技术有限公司 Frame processing method, apparatus and system
CN101572670B (en) * 2009-05-07 2011-08-10 成都市华为赛门铁克科技有限公司 Data packet processing method based on flow table, device and network system
EP2515487B1 (en) * 2010-01-26 2019-01-23 Huawei Technologies Co., Ltd. Method and device for storing and searching keyword
CN101977177B (en) * 2010-07-30 2013-08-14 北京星网锐捷网络技术有限公司 Method and device for establishing table entry of flow table and method and device for querying table entry of flow table
CN102754394B (en) 2010-08-19 2015-07-22 华为技术有限公司 Method for hash table storage, method for hash table lookup, and devices thereof
US9098601B2 (en) 2012-06-27 2015-08-04 Futurewei Technologies, Inc. Ternary content-addressable memory assisted packet classification
CN103546520B (en) * 2012-07-17 2018-03-09 中兴通讯股份有限公司 message distributing method and device
CN103907318B (en) * 2012-10-29 2017-04-12 华为技术有限公司 Method and device for refreshing flow table
CN102930011B (en) * 2012-10-31 2016-08-03 杭州华三通信技术有限公司 The processing method and processing device of stream forwarding list item
CN103078869B (en) * 2013-01-16 2016-05-25 华为技术有限公司 A kind of system and method thereof of accelerating session forwarding
CN103117931B (en) * 2013-02-21 2015-07-01 烽火通信科技股份有限公司 Media access control (MAC) address hardware learning method and system based on hash table and ternary content addressable memory (TCAM) table
CN103227751A (en) * 2013-05-14 2013-07-31 盛科网络(苏州)有限公司 Method and device for improving spatial utilization ratio of forwarding table item
CN103354522B (en) * 2013-06-28 2016-08-10 华为技术有限公司 A kind of multilevel flow table lookup method and device
CN104580027B (en) 2013-10-25 2018-03-20 新华三技术有限公司 A kind of OpenFlow message forwarding methods and equipment
CN103581023A (en) * 2013-11-06 2014-02-12 盛科网络(苏州)有限公司 Method and device for realizing longest mask matching
CN105814843B (en) * 2013-12-10 2019-05-03 华为技术有限公司 A kind of generation method and device of flow table
CN104866502B (en) 2014-02-25 2020-10-13 深圳市中兴微电子技术有限公司 Data matching method and device
US9473405B2 (en) * 2014-03-10 2016-10-18 Palo Alto Research Center Incorporated Concurrent hashes and sub-hashes on data streams
CN104009924B (en) * 2014-05-19 2017-04-12 北京东土科技股份有限公司 Message processing method and device based on TCAM and FPGA
CN104168201B (en) * 2014-08-06 2017-11-24 福建星网锐捷网络有限公司 A kind of method and device of multipath forwarding
CN105812164B (en) * 2014-12-31 2019-07-23 北京东土科技股份有限公司 Rule index management implementation method and device based on TCAM multilevel flow table
CN106533947B (en) * 2015-09-11 2019-10-08 新华三技术有限公司 Message processing method and device
CN107765992B (en) * 2016-08-22 2021-01-15 华为技术有限公司 Method and device for processing data
CN106301970A (en) * 2016-10-27 2017-01-04 盛科网络(苏州)有限公司 A kind of chip implementing method using forward table convergence to consume with minimizing TCAM list item
US11159427B2 (en) * 2017-03-31 2021-10-26 Intel Corporation Single lookup entry for symmetric flows
CN109600313A (en) * 2017-09-30 2019-04-09 迈普通信技术股份有限公司 Message forwarding method and device
CN109995662A (en) * 2019-03-07 2019-07-09 盛科网络(苏州)有限公司 A kind of chip implementing method of the short address key compatible portion ipv6 ACL
CN110365590B (en) * 2019-07-12 2021-06-04 北京大学深圳研究生院 Two-stage caching method and two-stage timeout flow table structure
CN112491723B (en) * 2020-12-07 2022-03-01 上海励驰半导体有限公司 Gateway message forwarding method, device, storage medium and gateway
CN113779320B (en) * 2021-08-18 2024-02-27 北京计算机技术及应用研究所 Method for solving table entry storage address conflict
CN115801675A (en) * 2021-09-09 2023-03-14 华为技术有限公司 Message processing method and related device
CN114499889B (en) * 2022-02-24 2023-06-30 成都北中网芯科技有限公司 Method suitable for network processing chip to store oversized conversation
CN114780537A (en) * 2022-03-23 2022-07-22 阿里巴巴(中国)有限公司 Flow table storage and message forwarding method, device, computing equipment and medium
CN115914102B (en) * 2023-02-08 2023-05-23 阿里巴巴(中国)有限公司 Data forwarding method, flow table processing method, equipment and system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1406073A (en) * 2001-08-14 2003-03-26 深圳市中兴通讯股份有限公司上海第二研究所 Method for selecting route based on user' IP address route
US20030214948A1 (en) * 2002-05-18 2003-11-20 Jin Seung-Eui Router providing differentiated quality of service (QoS) and fast internet protocol packet classifying method for the router
US20040255045A1 (en) * 2003-05-26 2004-12-16 Hyesook Lim IP address lookup method and hardware architecture using hashing
CN101094179A (en) * 2007-07-16 2007-12-26 中兴通讯股份有限公司 Method and device for looking up route indexed in multiple stages
CN101247337A (en) * 2008-02-18 2008-08-20 华为技术有限公司 Packet forwarding method and equipment

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6272133B1 (en) * 1998-05-21 2001-08-07 Inviscid Networks, Inc. Packet filtering method
KR100340953B1 (en) * 2000-07-05 2002-06-20 강승민 a hyper speed router and method therefor
CN1216473C (en) * 2003-03-28 2005-08-24 清华大学 TCAM high-speed search method and system supporting multiple nexthop
JP4341413B2 (en) * 2003-07-11 2009-10-07 株式会社日立製作所 PACKET TRANSFER APPARATUS HAVING STATISTICS COLLECTION APPARATUS AND STATISTICS COLLECTION METHOD
CN100531097C (en) * 2007-02-16 2009-08-19 华为技术有限公司 A bridging method and device
CN100446486C (en) * 2007-05-11 2008-12-24 北京工业大学 Extracting method for behaviour analysis parameter of network behaviour

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1406073A (en) * 2001-08-14 2003-03-26 深圳市中兴通讯股份有限公司上海第二研究所 Method for selecting route based on user' IP address route
US20030214948A1 (en) * 2002-05-18 2003-11-20 Jin Seung-Eui Router providing differentiated quality of service (QoS) and fast internet protocol packet classifying method for the router
US20040255045A1 (en) * 2003-05-26 2004-12-16 Hyesook Lim IP address lookup method and hardware architecture using hashing
CN101094179A (en) * 2007-07-16 2007-12-26 中兴通讯股份有限公司 Method and device for looking up route indexed in multiple stages
CN101247337A (en) * 2008-02-18 2008-08-20 华为技术有限公司 Packet forwarding method and equipment

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130170495A1 (en) * 2010-09-08 2013-07-04 Yoji Suzuki Switching system, switching control system, and storage medium
KR20150039877A (en) * 2010-09-08 2015-04-13 닛본 덴끼 가부시끼가이샤 Switching system, switching control method, and memory medium
KR101627475B1 (en) 2010-09-08 2016-06-03 닛본 덴끼 가부시끼가이샤 Switching system, switching control method, and memory medium
US9577931B2 (en) * 2010-09-08 2017-02-21 Nec Corporation Switching system, switching control system, and storage medium
CN102469006A (en) * 2010-11-01 2012-05-23 杭州华三通信技术有限公司 Method and device for quickly forwarding data report
WO2014166073A1 (en) * 2013-04-09 2014-10-16 华为技术有限公司 Packet forwarding method and network device
US10212083B2 (en) 2013-10-30 2019-02-19 Lenovo Enterprise Solutions (Singapore) Pte. Ltd. Openflow data channel and control channel separation
CN110048961A (en) * 2019-04-24 2019-07-23 盛科网络(苏州)有限公司 Duplicate message detection method and system based on ASIC
CN113746749A (en) * 2020-05-29 2021-12-03 阿里巴巴集团控股有限公司 Network connection device
CN112866115A (en) * 2020-12-31 2021-05-28 杭州迪普科技股份有限公司 Method, device, electronic equipment and storage medium for realizing transparent serial connection
CN112866115B (en) * 2020-12-31 2023-04-07 杭州迪普科技股份有限公司 Method, device, electronic equipment and storage medium for realizing transparent serial connection
WO2022193929A1 (en) * 2021-03-19 2022-09-22 翱捷科技股份有限公司 Network device, and method for sharing sending and receiving caches thereof
CN113098858A (en) * 2021-03-29 2021-07-09 上海辰锐信息科技公司 Lock-free processing system and method for link establishment message
CN113098858B (en) * 2021-03-29 2023-07-14 上海辰锐信息科技有限公司 Lock-free processing system and method for link establishment message
CN113489659A (en) * 2021-06-30 2021-10-08 新华三信息安全技术有限公司 Message processing method and device
CN114338529A (en) * 2021-12-29 2022-04-12 杭州迪普信息技术有限公司 Quintuple rule matching method and device
CN114338529B (en) * 2021-12-29 2024-03-08 杭州迪普信息技术有限公司 Five-tuple rule matching method and device

Also Published As

Publication number Publication date
CN101247337B (en) 2012-11-21
CN101247337A (en) 2008-08-20

Similar Documents

Publication Publication Date Title
WO2009103225A1 (en) A packet forwarding method and equipment
US10623308B2 (en) Flow routing system
US9871728B2 (en) Exact match hash lookup databases in network switch devices
US7990976B2 (en) Negotiated secure fast table lookups for protocols with bidirectional identifiers
US20070171911A1 (en) Routing system and method for managing rule entry thereof
JP4716909B2 (en) Method and apparatus for providing a network connection table
US20080225874A1 (en) Stateful packet filter and table management method thereof
US20100036820A1 (en) Method and System for Processing Access Control Lists Using a Hashing Scheme
WO2016206511A1 (en) Method and device for implementing nat
TWI661698B (en) Method and device for forwarding Ethernet packet
US6529897B1 (en) Method and system for testing filter rules using caching and a tree structure
WO2014101777A1 (en) Flow table matching method and device, and switch
WO2017186159A1 (en) Packet transmission
US10547547B1 (en) Uniform route distribution for a forwarding table
CN101651628A (en) Implementation method of three-state content addressable memory and device
Li et al. An improved trie-based name lookup scheme for named data networking
CN116545921A (en) Message forwarding method, device, equipment and storage medium based on ECMP
US20120233240A1 (en) Sctp association endpoint relocation in a load balancing system
RU2483457C2 (en) Message routing platform
US9019951B2 (en) Routing apparatus and method for processing network packet thereof
WO2012130054A1 (en) Routing address inquiry method and apparatus
JP2004056340A (en) Ip flow multistage hash apparatus, ip flow multistage hash method, ip flow multistage hash program, and recording medium therefor
WO2014067055A1 (en) Method and device for refreshing flow table
US12010008B2 (en) Network communication method and apparatus
JP5022412B2 (en) Route information management system, route information management method, and program

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09712759

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09712759

Country of ref document: EP

Kind code of ref document: A1