WO2012105677A1 - Dispositif de traitement de paquet, procédé de traitement de paquet et programme - Google Patents

Dispositif de traitement de paquet, procédé de traitement de paquet et programme Download PDF

Info

Publication number
WO2012105677A1
WO2012105677A1 PCT/JP2012/052465 JP2012052465W WO2012105677A1 WO 2012105677 A1 WO2012105677 A1 WO 2012105677A1 JP 2012052465 W JP2012052465 W JP 2012052465W WO 2012105677 A1 WO2012105677 A1 WO 2012105677A1
Authority
WO
WIPO (PCT)
Prior art keywords
packet
rule
target
processing
processor
Prior art date
Application number
PCT/JP2012/052465
Other languages
English (en)
Japanese (ja)
Inventor
池田 聡
地引 昌弘
智義 菅原
Original Assignee
日本電気株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日本電気株式会社 filed Critical 日本電気株式会社
Priority to JP2012555968A priority Critical patent/JP5900352B2/ja
Publication of WO2012105677A1 publication Critical patent/WO2012105677A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/64Hybrid switching systems
    • H04L12/6418Hybrid transport
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/088Access security using filters or firewalls

Definitions

  • the present invention relates to a packet processing device, a packet processing method, and a program, and more particularly, to a packet processing device, a packet processing method, and a program that transmit and receive packets using a plurality of processors.
  • a packet processing apparatus When a packet processing apparatus is realized using a general-purpose OS such as Linux (registered trademark), if a high-speed network card is installed, processor processing in transmission / reception becomes a bottleneck, and communication at a wire rate becomes impossible. It becomes difficult. Even if a multi-core processor is used, bottlenecks will occur due to the concentration of packet processing on a single processor (core) that is the interrupt destination from the network interface card, and sufficient load distribution will be performed. There is a problem that can not be.
  • a general-purpose OS such as Linux (registered trademark)
  • a processor that processes a packet is uniquely determined from a plurality of processors based on header information of the packet to be processed. Specifically, a hash value is calculated from a partial field of the packet header, and a modulo operation is performed on the obtained hash value by the number of processors (number of cores) to obtain a processor number. Then, the processor having the obtained processor number is made to process the packet.
  • the modulo operation is performed by the number of processors (the number of cores)
  • the processor number is uniquely obtained by the operation.
  • the processor to be processed is also different, and packet processing can be distributed among a plurality of processors (cores). Therefore, load distribution can be realized without the processing by a single processor (core) becoming a bottleneck.
  • processor a processor and a processor core are collectively referred to as a “processor”.
  • a processor that processes a packet is uniquely determined based on a partial field of the packet header. Therefore, if the hash values calculated from some fields of the header are the same, the processor number obtained from the modulo operation is always the same, and the processor that processes the packet is fixed. Therefore, there is a problem that a processor that executes packet processing cannot be flexibly selected.
  • the objective of this invention is providing the packet processing apparatus, the packet processing method, and program which solve this subject.
  • the packet processing device provides: A rule table that holds information stored in a packet, a processing rule that indicates a first process for the packet, and a rule that associates a processor identifier that identifies a processor that performs the second process for the packet; A rule extraction unit that extracts a rule corresponding to information stored in a target packet, which is a packet to be processed, from the rule table; A rule applying unit configured to execute the first process in accordance with the processing rule for the target packet based on the extracted rule and to request the second process to the processor corresponding to the processor identifier; It has.
  • the packet processing method is: One of the plurality of processors associates the information stored in the packet, the processing rule indicating the first process for the packet, and the processor identifier that identifies the processor performing the second process for the packet Extracting a rule corresponding to information stored in a target packet, which is a packet to be processed, from a rule table holding rules; Based on the extracted rule, the one processor executes the first process according to the processing rule for the target packet, and requests the processor corresponding to the processor identifier for the second process. And a process.
  • the program according to the third aspect of the present invention is: Processing should be performed from a rule table that holds information stored in a packet, a processing rule indicating a first process for the packet, and a rule that associates a processor identifier that identifies a processor that performs the second process for the packet.
  • a process for extracting a rule corresponding to information stored in a target packet that is a packet A plurality of processes for executing the first process according to the processing rule for the target packet and performing a request for the second process to the processor corresponding to the processor identifier based on the extracted rule
  • One of the processors is executed.
  • program may be provided as a program product recorded on a non-transient computer-readable storage medium.
  • the information stored in the packet, the processing rule indicating the first processing for the packet, and the processor performing the second processing for the packet are identified. Since a rule table for associating processor identifiers with each other is provided, by setting a processor identifier in the rule table, a processor that executes packet processing can be flexibly selected from a plurality of processors.
  • the packet processing device and the packet processing method according to the present invention based on the rule corresponding to the packet to be processed, extracted from the rule table, the first process is performed on the packet and the packet is processed. Since the processor selection is executed as one process, packet processing can be performed at high speed.
  • the packet processing apparatus includes information stored in a packet, a processing rule indicating a first process for the packet, and a processor identifier for identifying a processor that performs the second process for the packet.
  • a rule table (110) that holds rules for associating each other with each other, a rule extraction unit (130) that extracts rules that match information stored in a target packet that is a packet to be processed, from the rule table (110), and an extraction A rule applying unit (140) for requesting execution of a first process according to the processing rule for the target packet and a second process for a processor corresponding to the processor identifier based on the determined rule. ing.
  • the packet processing apparatus includes a rule table (110) that holds a rule that associates a matching condition for a packet with a processor that processes the packet. Therefore, by directly setting the matching condition and the processor identifier for the rule in the rule table (110), the processor that processes the packet can be flexibly selected.
  • a processor that processes a packet group having information is not uniquely fixed according to a predetermined calculation rule. Also, according to the packet processing apparatus of the present invention, the user can easily change the rules for selecting a processor for processing a packet by rewriting the rules stored in the rule table (110).
  • the rules of the rule table (110) in the packet processing device of the present invention include information stored in a packet, a processing rule indicating a first process for the packet, and a processor that performs a second process for the packet. Associate the identifying processor identifiers with each other. Therefore, when the rule corresponding to the target packet is extracted by the rule extraction unit (130), not only the content of the first process to be executed on the packet is specified, but also the second process for the packet is performed. A processor to execute is also specified. Therefore, according to the packet processing device of the present invention, the processing rule indicating the processing for the packet is specified by referring to the table, and the processing of the packet is performed at a higher speed than when the processor for executing the processing for the packet is specified separately. be able to.
  • a processor that executes packet processing can be selected flexibly and at high speed from the plurality of processors.
  • the first process is a process for determining whether or not to discard the target packet;
  • the second process is an upper layer process for the target packet when the target packet is a packet to be received by the packet processing device, and the target packet is a packet to be transmitted by the packet processing device. In some cases, it may be a lower layer process for the target packet.
  • the rule application unit may request the processor to perform the second process on the target packet when the target packet is not a packet to be discarded in the first process.
  • the rule table defines information stored in a packet, a processing rule indicating a first process for the packet, a processor identifier for identifying a processor that performs a second process for the packet, and a flow including the packet Holds rules that associate flow definition fields that represent fields with each other,
  • the rule application unit refers to the flow definition field, and selects one of a plurality of processors corresponding to the plurality of processor identifiers.
  • the second process may be requested for all target packets included in the same flow.
  • the rule extraction unit sets a rule that matches the information in a rule setting device capable of setting the rule. You may make it request.
  • the first process is a process of determining a destination of the target packet;
  • the second process is an upper layer process for the target packet when the target packet is a packet to be received by the packet processing device, and the target packet is a packet to be transmitted by the packet processing device. In some cases, it may be a lower layer process for the target packet.
  • the rule application unit performs the second processing on the target packet. You may make it ask the said processor.
  • the rule extraction unit has a cache that temporarily holds the extracted rules, and extracts rules that match the information stored in the target packet from the cache,
  • the rule application unit when the target packet is a packet to be received by the packet processing device, and when a rule that matches the target packet is extracted from the cache by the rule extraction unit, the rule application unit
  • the second process may be requested from the processor.
  • the first process is a process of specifying control information in a transport layer when transmitting / receiving the target packet;
  • the second process is a layer 4 reception process for the target packet using the specified control information.
  • the packet When the packet is to be transmitted by the packet processing device, it may be a layer 4 or lower transmission process for the target packet using the specified control information.
  • the rule table holds a plurality of rules sorted according to priority, When a plurality of rules that match the information stored in the target packet are stored in the rule table, the rule extraction unit extracts a rule having a high priority from the plurality of rules. May be.
  • the rules in the rule table may include at least one of a source address, a destination address, a source port number, and a destination port number as information stored in the packet.
  • processing is performed from a rule table that holds information stored in a packet, a processing rule indicating a first process for the packet, and a rule that associates a processor identifier for identifying a processor that performs the second process for the packet.
  • a program to be executed by one of the processors is provided.
  • FIG. 2 is a block diagram illustrating an example of the configuration of the packet processing apparatus according to the present embodiment.
  • the packet processing apparatus according to the present embodiment includes a rule table 10, a rule setting unit 20, a rule extraction unit 30, a rule application unit 40, a processing thread 50, a transmission reception unit 60, and a reception reception unit 70. It has.
  • the packet processing apparatus includes an OS corresponding to a plurality of processors (or processor cores), is connected to a network via a network interface device, and processes packets represented by IP packets.
  • the upper layer protocol processing is performed by software (including the OS). That is, each of the components shown in FIG. 2 can be realized by software. However, some or all of the components in FIG. 2 may be realized by hardware.
  • the rule table 10 holds a filtering rule describing filtering rules for transmission and reception packets and a dispatch rule describing processor allocation rules. Filtering rules and dispatch rules are managed in a single table.
  • FIG. 3 is a diagram illustrating the rule table 10 as an example.
  • the rule table 10 is managed for each reception / transmission.
  • One rule corresponding to each row of the rule table 10 includes at least a matching condition, an action, and a processor identifier.
  • Each rule in the rule table 10 may include a flow definition field.
  • the collation condition represents a conditional expression regarding the header field of the L3 layer or higher of the packet.
  • the rule on the first line in FIG. 3 is a TCP protocol and represents a rule relating to a packet whose destination port number is 80.
  • matching conditions not only the protocol number and port number shown in FIG. 3, but also various field conditions such as SPI (Security Parameter Index) values in IP address, AH header (Authentication Header), ESP (Encapsulating Security Payload) header, etc. Can be described.
  • the action indicates a first process (first process, basic process) for a transmission / reception packet.
  • first process basic process
  • For the action for example, ACCEPT for continuing the processing of the packet or DROP for discarding the packet is used.
  • a process for rewriting part of the data of the packet may be described as an action.
  • the processing processor identifier represents a processor that processes a packet that matches the matching condition.
  • the processing processor identifier can describe zero or more processor identifiers.
  • the flow definition field represents a header field of a packet used for identifying whether or not the flow is the same.
  • the flow definition field when a plurality of processor identifiers are described in the processing processor identifier, one processor among the descriptions in the processing processor identifier is selected so that packets belonging to the same flow are processed by the same processor. Used to select.
  • the rules in the rule table 10 are managed in order of priority.
  • the rule setting unit 20 sets rules such as adding, changing, and deleting rules with respect to the rule table 10.
  • the rule setting unit 20 operates as a user application and sets a rule by performing message communication between the user and the kernel.
  • the rule extraction unit 30 collates the information stored in the transmission / reception packet with the collation conditions of the rule table 10 and searches for a matching rule. When a plurality of rules are matched, the rule extraction unit 30 returns, for example, the highest priority among matching rules as a search result.
  • the rule application unit 40 includes a basic application unit 401 and a dispatch unit 402.
  • the basic application unit 401 applies the filtering rule as the first process
  • the dispatch unit 402 applies the dispatch rule.
  • the processing is canceled due to the application of the filtering rule, the dispatch rule is not applied in the dispatch unit 402, and the processing of the packet is terminated.
  • the basic application unit 401 performs a process related to the action in the rule as the first process.
  • the rule action is DROP
  • the basic application unit 401 discards the transmission / reception packet.
  • the dispatch unit 402 determines a processing processor that processes the transmission / reception packet according to the processing processor identifier in the rule, and processes the packet to the processing thread 50 corresponding to the processor. Ask.
  • the processing thread 50 is a kernel thread prepared for each processor, and performs reception processing of layer 3 and layer 4 for received packets and transmission processing of layer 3 and layer 2 for transmission packets as second processing for packets.
  • the processing thread 50 includes a reception processing unit 501 and a transmission processing unit 502, and holds a processing queue (not shown).
  • the processing queue stores a packet and a processing classification (transmission / reception).
  • the processing thread 50 sequentially takes out the packets stored in the processing queue, and when the processing classification is transmission, performs transmission processing by the transmission processing unit 502 on the packet.
  • the processing thread 50 performs reception processing by the reception processing unit 501 on the packet.
  • the transmission processing unit 502 performs layer 3 and layer 2 transmission processing on the transmission packet, and sends the packet to the network.
  • the reception processing unit 501 performs layer 3 and layer 4 reception processing on the received packet, and performs processing of passing the received packet to the user application as necessary.
  • the transmission reception unit 60 receives a transmission packet from the user application or the kernel, collates the transmission packet by the rule extraction unit 30, and passes the rule and the transmission packet obtained as a collation result to the rule application unit 40.
  • the reception accepting unit 70 receives a received packet from the network, collates the received packet with the rule extracting unit 30, and passes the rule and the received packet obtained as a collation result to the rule applying unit 40.
  • FIG. 4 is a flowchart showing an example of the operation of the packet processing apparatus according to the present embodiment.
  • the received packet is delivered to the reception accepting unit 70.
  • the reception accepting unit 70 that has received the received packet searches the rule table 10 for a rule that matches the received packet by the rule extracting unit 30 (step S1), and passes the result to the rule applying unit 40 together with the received packet.
  • the basic applying unit 401 applies an action as the first process (step S2). If the action in the rule is DROP (No in step S3), the basic application unit 401 discards the received packet (step S4) and completes the processing of the received packet.
  • the dispatch unit 402 selects a processing processor according to the processing processor identifier of the rule (Yes in step S5, S6).
  • the processing processor identifier is not specified in the rule (No in step S5), the dispatch unit 402 is currently executing the processor (that is, the processor executing the processing of the dispatch unit 402 itself). Is selected as a processing processor (step S7).
  • the dispatch unit 402 requests processing by queuing the reception processing of the upper protocol of the received packet in the processing queue of the processing thread 50 corresponding to the determined processing processor (step S8).
  • the reception processing unit 501 of the processing thread 50 that has received the request executes a packet reception process (that is, a higher layer reception process for the received packet) as a second process for the packet.
  • step S6 when the flow definition field is used, the processing processor is determined from the processors specified by the processing processor identifier based on the hash value of the specified field. In particular, it is preferable to select a field that can identify the same flow as the flow definition field. Thereby, packets belonging to the same flow can be prevented from being distributed to a plurality of processors, and overhead caused by exclusive control and packet alignment can be reduced.
  • rule matching is performed on the transmission packet at the time of packet transmission, and the same process is performed except that the requested processing thread performs the packet transmission process. Therefore, description of the processing sequence at the time of packet transmission is omitted.
  • a dispatch rule (a matching condition and a processing processor identifier in FIG. 3) is determined in the rule table 10 in which filtering rules (a set of matching conditions and actions in FIG. 3) are described. And the flow definition field).
  • the rule to the rule table 10 can be set from the user side. Therefore, rules for selecting processing processors can be managed in a centralized manner, and flexible processor selection can be performed based on a user policy. Furthermore, since the filtering process for the packet and the selection of the processing processor that performs the second process for the packet are executed as one process, the processing time for the packet can be reduced.
  • FIG. 5 is a block diagram illustrating an example of the configuration of the packet processing apparatus according to the present embodiment.
  • the packet processing apparatus according to the present embodiment includes a rule table 11, a rule setting unit 21, a rule extraction unit 31, a rule application unit 41, a processing thread 50, a transmission reception unit 61, and a reception reception unit 71. I have.
  • the rule table 11 includes a route rule for determining a transfer destination from a destination address of a transmission / reception packet and a dispatch rule for determining a processing processor from a destination address of a transmission packet or a transmission source address of a reception packet as one table. Hold.
  • FIG. 6 is a diagram illustrating the rule table 11 as an example.
  • the rule table 11 holds a network address (address and netmask), a transfer destination gateway, an output interface, and a processing processor identifier in association with each other.
  • the correspondence relationship between the network address, the transfer destination gateway, and the output interface is used in the application of the route rule.
  • the correspondence between the network address and the processor identifier is used in the application of dispatch rules.
  • the dispatch rule is interpreted as a rule for the destination address in the transmission packet and as a rule for the transmission source address in the reception packet.
  • the rule setting unit 21 sets rules such as addition, change, and deletion of route rules and dispatch rules in the rule table 11.
  • the rule setting unit 21 operates as a user application, for example, and sets a route rule by performing message communication between the user and the kernel.
  • the rule extraction unit 31 compares the address stored in the packet with the network address of the rule table 11 and searches for a matching rule.
  • the rule extraction unit 31 may include a route cache (not shown) that holds a part of recently searched search results and can be searched at high speed.
  • the rule application unit 41 includes a basic application unit 411 and a dispatch unit 402.
  • the basic application unit 411 performs processing according to the route rule as the first processing. Specifically, the transmission packet is set to be transmitted from the output destination interface in the route rule to the gateway.
  • the basic application unit 411 performs a transfer process of the received packet. Since the operation of the dispatch unit 402 is the same as that of the first embodiment, detailed description thereof is omitted.
  • processing thread 50 is the same as that of the first embodiment, and thus detailed description thereof is omitted.
  • the transmission reception unit 61 receives a transmission packet from the user application or the kernel, searches the rule extraction unit 31 for a rule corresponding to the destination address of the transmission packet, and determines the rule and the transmission packet obtained as a search result as a rule application unit Pass to 41.
  • the reception accepting unit 71 receives a received packet from the network, and the rule extracting unit 31 searches the routing rule from the destination address of the received packet and the dispatch rule from the transmission source address.
  • the received packet is passed to the rule application unit 41.
  • the rule extraction unit 31 includes a route cache, the search for the dispatch rule may be performed using the route cache.
  • FIG. 7 is a flowchart showing an example of transmission processing by the packet processing apparatus according to the present embodiment.
  • the transmission packet is delivered to the transmission reception unit 61.
  • the transmission accepting unit 61 uses the rule extraction unit 31 to search the rule table 11 for a rule that matches the destination address of the transmission packet (step S11).
  • the rule extraction unit 31 includes a route cache, subsequent searches can be speeded up by holding the search results in the route cache.
  • the transmission reception unit 61 passes the rule search result to the rule application unit 41 together with the transmission packet.
  • the basic application unit 411 sets an output interface for the transmission packet as a first process based on the rule (step S12). ). If there is no corresponding route rule, the basic application unit 411 discards the transmission packet and completes the transmission process.
  • the dispatch unit 402 selects a processing processor according to the processing processor identifier of the rule (Yes in step S13, S14).
  • the dispatch unit 402 is the processor that is currently executing the processing (that is, the processor that is executing the processing of the dispatch unit 402 itself) ) Is selected as a processing processor (step S15).
  • the dispatch unit 402 requests processing by queuing the transmission processing of the upper protocol of the transmission packet in the processing queue of the processing thread 50 corresponding to the determined processing processor (step S16).
  • the transmission processing unit 502 of the processing thread 50 that has received the request executes a packet transmission process (a lower layer transmission process for the packet) as a second process for the packet.
  • FIG. 8 is a flowchart illustrating an example of reception processing by the packet processing device according to the present embodiment when the rule extraction unit 31 does not include a route cache.
  • the reception accepting unit 71 searches the rule table 11 for a rule that matches the destination address of the received packet by the rule extracting unit 31 (step S21).
  • the basic application unit 411 of the rule application unit 41 transfers the received packet and ends the process (step S23). ).
  • the reception receiving unit 71 uses the rule extraction unit 31 to set a dispatch rule corresponding to the transmission source address of the received packet as a rule. Search from the table 11 (step S24).
  • the dispatch unit 402 selects a processing processor according to the processing processor identifier of the rule (Yes in step S25, S26). On the other hand, when the processing processor identifier is not specified in the rule (No in step S25), the processor that is currently executing the processing (that is, the processor that is executing the processing of the dispatch unit 402) is selected as the processing processor. (Step S27).
  • the dispatch unit 402 requests processing by queuing the reception processing of the upper protocol of the received packet in the processing queue of the processing thread 50 corresponding to the selected processing processor (step S28).
  • the reception processing unit 501 of the processing thread 50 that has received the request executes a packet reception process as a second process for the packet.
  • FIG. 9 is a flowchart illustrating an example of reception processing by the packet processing device according to the present embodiment when the rule extraction unit 31 includes a path cache.
  • steps S21 to S23 and steps S25 to S28 are the same as when the rule extraction unit 31 does not include a path cache (FIG. 8), and thus detailed description thereof is omitted.
  • FIG. 9 differs from FIG. 8 in that step S29 and step S30 are included instead of step S24 in FIG.
  • the reception receiving unit 71 searches for a dispatch rule using the route cache (step S29).
  • step S30 If no rule matching the path cache is held (No in step S30), it is assumed that no processor identifier is specified, and processing is performed. As described above, when a rule is held in a route cache that can be searched at high speed (Yes in step S30), the time required for the search can be reduced by using the dispatch rule (steps S25 to S27). Can do.
  • the route cache is updated by route search in the transmission process (step S11 in FIG. 7). Therefore, if it is a received packet from an address that is periodically transmitted, a rule that matches the route cache is retained (Yes in step S30 in FIG. 9), and therefore the processor is selected based on the dispatch rule (FIG. 9). 9 steps S25 to S27) are possible.
  • a dispatch rule for determining a processing processor is set in the rule table 11.
  • the filtering process in the first embodiment is not always required in packet processing.
  • route search processing is indispensable for packet processing. Therefore, the packet processing apparatus according to the present embodiment can also be applied to packet forwarding when filtering processing is not performed, and performs flexible processor selection by setting rules in the rule table 11 from the user side. It is possible.
  • the processing for setting the output interface for the transmission packet and the processing for selecting the processor that performs the second processing for the transmission packet are performed as one processing. As a result, the processing time for the transmission packet can be reduced.
  • FIG. 10 is a block diagram illustrating an example of the configuration of the packet processing apparatus according to the present embodiment.
  • the packet processing device according to the present embodiment includes a rule table 12, a user application 22, a rule extraction unit 32, a rule application unit 42, a processing thread 52, a transmission reception unit 62, and a reception reception unit 72. I have.
  • the rule table 12 holds the correspondence between addresses, port numbers, and sockets.
  • the socket holds control data related to transport layer connection information represented by TCP, UDP, and the like, and a processor identifier associated with the control data.
  • FIG. 11 is a diagram illustrating an example of the rule table 12 in the packet processing apparatus according to the present embodiment.
  • the rule table 12 includes a processing processor identifier as a socket, in addition to control data necessary for protocol processing.
  • the user application 22 has a file descriptor for specifying the socket, and can set a processing processor identifier of the socket by using a system call (for example, setsockopt) using the file descriptor. Further, the user application 22 can send and receive data using a specific socket (connection) by specifying a file descriptor and using read and write system calls.
  • a system call for example, setsockopt
  • the rule extraction unit 32 specifies a socket representing the control information of the transport layer from the quadruple of the transmission source address and port number and the transmission destination address and port number stored in the packet.
  • the rule application unit 42 includes a basic application unit 421 and a dispatch unit 422.
  • the basic application unit 421 holds the transmission packet or the reception packet in the socket as the first processing.
  • the dispatch unit 422 selects a processor according to the processor identifier held in the socket, and performs the transmission process or the reception process of the transmission packet or the reception packet as the second process in the corresponding processing thread 52. Ask.
  • the processing thread 52 is a kernel thread prepared for each processor, like the processing thread 50 in the first embodiment. However, this embodiment is different from the first embodiment in that the reception processing unit 521 performs layer 4 reception processing on the received packet, and the transmission processing unit 522 performs layer 4 or lower transmission processing on the transmission packet. . The reception processing unit 521 finally delivers the received packet to the user application 22.
  • the transmission reception unit 62 receives a file descriptor and a transmission packet from the user application 22.
  • the transmission reception unit 62 specifies the socket indicated by the file descriptor and passes it to the rule application unit 42.
  • the reception receiving unit 72 receives a received packet from the network, and searches the rule table 12 by its address and port number. Also, the reception accepting unit 72 passes the search result socket and the received packet to the rule applying unit 42.
  • the operation of the transmission process is as follows. First, the user application 22 calls a send system call using a file descriptor for identifying a socket and a transmission packet as arguments. When the file descriptor and the transmission packet are received by the send system call, the transmission reception unit 62 specifies the socket from the file descriptor. Next, as a first process, the basic application unit 421 of the rule application unit 42 sets transmission for the transmission packet using the control information of the transport layer held in the specified socket. Further, the dispatch unit 422 selects the corresponding processing thread 52 from the processor identifier held in the socket, and requests transmission processing of the transmission packet as the second processing.
  • the operation of the reception process is as follows.
  • the reception accepting unit 72 specifies a corresponding socket from the rule table 12 based on the address and port number of the received packet.
  • the basic application unit 421 of the rule application unit 42 sets the reception process of the received packet using the control information of the transport layer held in the specified socket as the first process.
  • the dispatch unit 422 selects the corresponding processing thread 52 from the processor identifier held in the socket, and requests the reception processing of the reception packet as the second processing.
  • the socket holds the control data related to the transport layer connection information and the processing processor in association with each other, thereby setting the transmission or reception for the transmission or reception packet, and the transmission or reception. Since the selection of the processor that performs the second process on the received packet is executed as one process, the processing time for the transmitted or received packet can be reduced. Further, by using an existing system call such as setsockopt, the user application 22 can easily set a processor for performing the second process, and flexible processor selection can be performed.
  • FIG. 12 is a block diagram illustrating an example of the configuration of the packet processing apparatus according to the present embodiment.
  • the packet processing apparatus according to this embodiment includes a rule table 13, a rule extraction unit 33, a rule application unit 40, a processing thread 50, a transmission reception unit 60, and a reception reception unit 70.
  • the operations of those denoted by the same reference numerals as those in FIG. 2 are the same as the operations of the components in the first embodiment, and thus the description thereof is omitted.
  • Rules are set in the rule table 13 by a rule setting device 23 provided outside the packet processing device.
  • a rule setting device 23 provided outside the packet processing device.
  • the open flow (OpenFlow) technique described in Non-Patent Document 1 can be adopted for the rule table 13 and the rule setting device 23.
  • Open flow is an end-to-end flow of communication, and performs path control, failure recovery, load balancing, and optimization on a flow basis.
  • the OpenFlow Switch (OFS: OpenFlow Switch) that functions as a forwarding node has a secure channel for communication with the OpenFlow Controller (OFC: OpenFlow Controller) that is positioned in the control server, and is instructed to add or rewrite as appropriate from the OpenFlow Controller. It operates according to the flow table.
  • the packet processing device, the rule setting device 23, the rule table 13, and the rule stored in the rule table 13 in the present embodiment are the OpenFlow switch, OpenFlow controller, Flow table, and Flow table in OpenFlow, respectively. Corresponds to an entry.
  • FIG. 13 is a diagram illustrating an example of an OpenFlow flow table entry. Referring to FIG. 13, for each flow, a set of a collation condition to collate with a packet header, an action (actions) that defines processing contents, and flow statistical information (stats) is defined for each flow.
  • FIG. 14 is a table showing an example of action names and action contents defined in Non-Patent Document 2.
  • OUTPUT is an action to be output to a designated port (interface).
  • SET_VLAN_VID to SET_TP_DST are actions for modifying the field of the packet header.
  • the OpenFlow switch When the OpenFlow switch receives the packet, it searches the flow table (FIG. 13) for an entry having a matching condition (FlowKey) that matches the header information of the received packet. When an entry that matches the received packet is found as a result of the search, the OpenFlow switch performs the processing content described in the action field of the entry on the received packet. On the other hand, if no entry matching the received packet is found as a result of the search, the OpenFlow switch forwards the received packet to the OpenFlow controller via the secure channel, and sends it to the source / destination of the received packet. Requests the determination of the route of the packet based on it, receives a flow entry that realizes this, and updates the flow table. In this way, the OpenFlow switch transfers a packet using the entry stored in the flow table as a processing rule.
  • FlowKey a matching condition
  • the rule table 13 (FIG. 12) of the present embodiment has a matching condition field and an action field as shown in FIG.
  • collation condition field collation conditions are stored as in the rule table 10 (FIG. 3) in the first embodiment.
  • action field stores an action and a processor identifier as in the rule table 10 (FIG. 3) in the first embodiment.
  • the rule extraction unit 33 refers to the rule table 13 and inquires the rule setting device 23 corresponding to the OpenFlow controller when there is no rule in the rule table 13 that matches the processing target packet.
  • the rule setting device 23 sets a rule associated with an action and a processor identifier as a rule in the rule table 10.
  • each OpenFlow switch can flexibly and flexibly select a processor that executes packet processing from among a plurality of processors. Can be selected at high speed.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

L'invention porte sur un dispositif de traitement de paquet qui comprend une table de règles qui conserve des règles servant à corréler des informations contenues dans chaque paquet, une règle de traitement indiquant un premier traitement à appliquer au paquet, et un identificateur de processeur pour identifier un processeur qui applique un second traitement au paquet ; une unité d'extraction de règle qui extrait de la table de règles une règle qui correspond à des informations contenues dans un paquet sujet, qui est un paquet à traiter ; et une unité d'application de règle qui exécute le premier traitement relativement au paquet sujet conformément à la règle de traitement et envoie une requête, au processeur correspondant à l'identificateur de processeur, demandant d'exécuter le second traitement sur la base de la règle extraite. Dans un dispositif de transfert de paquet comprenant de multiples processeurs, un processeur qui exécute le traitement de paquet peut être sélectionné parmi les multiples processeurs d'une manière flexible et rapide.
PCT/JP2012/052465 2011-02-04 2012-02-03 Dispositif de traitement de paquet, procédé de traitement de paquet et programme WO2012105677A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2012555968A JP5900352B2 (ja) 2011-02-04 2012-02-03 パケット処理装置、パケット処理方法およびプログラム

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2011022303 2011-02-04
JP2011-022303 2011-02-04

Publications (1)

Publication Number Publication Date
WO2012105677A1 true WO2012105677A1 (fr) 2012-08-09

Family

ID=46602877

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2012/052465 WO2012105677A1 (fr) 2011-02-04 2012-02-03 Dispositif de traitement de paquet, procédé de traitement de paquet et programme

Country Status (2)

Country Link
JP (1) JP5900352B2 (fr)
WO (1) WO2012105677A1 (fr)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014042141A1 (fr) * 2012-09-11 2014-03-20 日本電気株式会社 Contrôleur, système et procédé de communications et programme
WO2015133448A1 (fr) * 2014-03-04 2015-09-11 日本電気株式会社 Dispositif de traitement de paquets, procédé de traitement de paquets, et programme
JP5917678B1 (ja) * 2014-12-26 2016-05-18 株式会社Pfu 情報処理装置、方法およびプログラム
JP2017509055A (ja) * 2014-01-29 2017-03-30 華為技術有限公司Huawei Technologies Co.,Ltd. 並列プロトコル・スタック・インスタンスに基づいてデータパケットを処理する方法および装置
WO2017110619A1 (fr) * 2015-12-21 2017-06-29 Kddi株式会社 Dispositif de contrôle d'un dispositif de transfert de paquets comportant une unité centrale de traitement (uct) multicoeur, et support de stockage lisible par ordinateur
JP2018516001A (ja) * 2015-05-11 2018-06-14 日本電気株式会社 通信装置、システム、方法、及びプログラム
US11194734B2 (en) 2016-06-08 2021-12-07 Nec Corporation Packet processing device, packet processing method, and recording medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002164928A (ja) * 2000-10-11 2002-06-07 Lucent Technol Inc 通信方法、通信システム、及び通信装置
JP2006174374A (ja) * 2004-12-20 2006-06-29 Fujitsu Ltd 中継システム
JP2007166513A (ja) * 2005-12-16 2007-06-28 Nippon Telegr & Teleph Corp <Ntt> 通信処理装置及び通信処理方法

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4827499A (en) * 1987-06-12 1989-05-02 American Telephone And Telegraph Company At&T Bell Laboratories Call control of a distributed processing communications switching system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002164928A (ja) * 2000-10-11 2002-06-07 Lucent Technol Inc 通信方法、通信システム、及び通信装置
JP2006174374A (ja) * 2004-12-20 2006-06-29 Fujitsu Ltd 中継システム
JP2007166513A (ja) * 2005-12-16 2007-06-28 Nippon Telegr & Teleph Corp <Ntt> 通信処理装置及び通信処理方法

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPWO2014042141A1 (ja) * 2012-09-11 2016-08-18 日本電気株式会社 制御装置、通信システム、通信方法及びプログラム
WO2014042141A1 (fr) * 2012-09-11 2014-03-20 日本電気株式会社 Contrôleur, système et procédé de communications et programme
US10069947B2 (en) 2014-01-29 2018-09-04 Huawei Technologies Co., Ltd. Method and apparatus for processing data packet based on parallel protocol stack instances
JP2017509055A (ja) * 2014-01-29 2017-03-30 華為技術有限公司Huawei Technologies Co.,Ltd. 並列プロトコル・スタック・インスタンスに基づいてデータパケットを処理する方法および装置
JPWO2015133448A1 (ja) * 2014-03-04 2017-04-06 日本電気株式会社 パケット処理装置、パケット処理方法およびプログラム
WO2015133448A1 (fr) * 2014-03-04 2015-09-11 日本電気株式会社 Dispositif de traitement de paquets, procédé de traitement de paquets, et programme
US10284478B2 (en) 2014-03-04 2019-05-07 Nec Corporation Packet processing device, packet processing method and program
JP5917678B1 (ja) * 2014-12-26 2016-05-18 株式会社Pfu 情報処理装置、方法およびプログラム
JP2018516001A (ja) * 2015-05-11 2018-06-14 日本電気株式会社 通信装置、システム、方法、及びプログラム
US10649847B2 (en) 2015-05-11 2020-05-12 Nec Corporation Communication apparatus, system, method, and non-transitory medium
WO2017110619A1 (fr) * 2015-12-21 2017-06-29 Kddi株式会社 Dispositif de contrôle d'un dispositif de transfert de paquets comportant une unité centrale de traitement (uct) multicoeur, et support de stockage lisible par ordinateur
JP2017117009A (ja) * 2015-12-21 2017-06-29 Kddi株式会社 マルチコアcpuを有するパケット転送装置の制御装置及びプログラム
US11194734B2 (en) 2016-06-08 2021-12-07 Nec Corporation Packet processing device, packet processing method, and recording medium

Also Published As

Publication number Publication date
JPWO2012105677A1 (ja) 2014-07-03
JP5900352B2 (ja) 2016-04-06

Similar Documents

Publication Publication Date Title
JP5900352B2 (ja) パケット処理装置、パケット処理方法およびプログラム
JP6592595B2 (ja) コンピューティングネットワークにおけるデータトラフィックを管理する方法およびシステム
KR101703088B1 (ko) Sdn 기반의 통합 라우팅 방법 및 그 시스템
US8863269B2 (en) Frontend system and frontend processing method
US20160182385A1 (en) Shortening of service paths in service chains in a communications network
WO2011118566A1 (fr) Système de transfert de paquets, appareil de contrôle, appareil de transfert, procédé de création de règles de traitement et programme
JP5800019B2 (ja) 通信経路制御システム、経路制御装置、通信経路制御方法および経路制御プログラム
WO2014112616A1 (fr) Appareil de commande, appareil de communication, système de communication, procédé et logiciel de commande de commutateur
JP5858141B2 (ja) 制御装置、通信装置、通信システム、通信方法及びプログラム
US9515926B2 (en) Communication system, upper layer switch, control apparatus, switch control method, and program
US20170070364A1 (en) Communication system, control apparatus, communication control method and program
JP5725236B2 (ja) 通信システム、ノード、パケット転送方法およびプログラム
JP2015533045A (ja) 通信システム、通信方法、情報処理装置、通信制御方法及びプログラム
KR101812856B1 (ko) 스위치 장치, vlan 설정 관리 방법, 및 컴퓨터 판독가능 저장매체
WO2015075862A1 (fr) Dispositif de commande de réseau, procédé de commande de réseau et programme
US20150381775A1 (en) Communication system, communication method, control apparatus, control apparatus control method, and program
JP6292128B2 (ja) 通信システム、ノード、制御装置、通信方法およびプログラム
KR101707073B1 (ko) Sdn 기반의 에러 탐색 네트워크 시스템
JP5854488B2 (ja) 通信システム、制御装置、処理規則の設定方法およびプログラム
JP5359357B2 (ja) パケット処理装置、該処理装置に用いられるパケット処理順序制御方法及びパケット処理順序制御プログラム
WO2014142081A1 (fr) Nœud de transfert, dispositif de commande, système de communication, procédé et programme de traitement de paquets
WO2015118811A1 (fr) Système de communication, dispositif d&#39;acheminement de paquet, procédé d&#39;acheminement de paquet et programme d&#39;acheminement de paquet
Iida et al. Network Infrastructure Technology Supporting Parallelization and Multiplexing of Services

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12742523

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2012555968

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12742523

Country of ref document: EP

Kind code of ref document: A1