WO2012167559A1 - Method and triple layer device for fast forwarding data packets - Google Patents

Method and triple layer device for fast forwarding data packets Download PDF

Info

Publication number
WO2012167559A1
WO2012167559A1 PCT/CN2011/082301 CN2011082301W WO2012167559A1 WO 2012167559 A1 WO2012167559 A1 WO 2012167559A1 CN 2011082301 W CN2011082301 W CN 2011082301W WO 2012167559 A1 WO2012167559 A1 WO 2012167559A1
Authority
WO
WIPO (PCT)
Prior art keywords
data packet
forwarding
module
quintuple
forwarding table
Prior art date
Application number
PCT/CN2011/082301
Other languages
French (fr)
Chinese (zh)
Inventor
郭红燕
靳海燕
王日红
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2012167559A1 publication Critical patent/WO2012167559A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks

Definitions

  • the present invention relates to routing technologies in the field of communications, and in particular, to a method for rapidly forwarding data packets and a three-layer device. Background technique
  • the network is increasingly becoming an indispensable tool in people's daily lives. Almost everyone uses the Internet to query data, send and receive emails, and play online games. Users are increasingly demanding data transmission speeds. In a network, the speed of data transmission depends on the device that acts as a route, such as a Layer 3 device.
  • the three-layer device needs to undergo a large amount of processing for forwarding data packets.
  • the processing process includes: after receiving the data packet, the three-layer device performs type identification of the data packet, records the receiving port number, and then performs a series of processing such as path finding by the protocol stack. , the packet is sent after the processing is completed.
  • all packets that are normally forwarded by a Layer 3 device use the same path.
  • the object of the present invention is to provide a method for rapidly forwarding data packets and a Layer 3 device, which can reduce the repetitive work performed by the Layer 3 device to forward data packets and improve the packet forwarding speed.
  • the present invention provides a method for rapidly forwarding a data packet, the method comprising the following steps:
  • the layer 3 device determines whether the data packet can be quickly forwarded, and if so, rewrites the data packet and forwards the data packet; if not, the data packet It is forwarded by the protocol stack and then forwarded.
  • the determining whether the data packet can be quickly forwarded includes: if the Internet Protocol (IP) version number in the data packet is IPV4 or IPV6, the fragment identifier in the data packet is not fragmented, and the data packet is in the data packet.
  • IP Internet Protocol
  • the IP protocol is the Transmission Control Protocol (TCP) or the User Datagram Protocol (UDP), and the five records recorded in the five-group and three-layer devices in the data packet are recorded in any one of the forwarding tables. If the tuples are the same, the data packets can be forwarded quickly, and vice versa.
  • TCP Transmission Control Protocol
  • UDP User Datagram Protocol
  • the rewriting the data packet includes: the three-layer device uses the quintuple of the data packet to select a forwarding table, and then uses the information in the forwarding table to control the source medium access control (MAC, Media Access Control) in the data packet.
  • MAC Media Access Control
  • the forwarding table is related information that records a data packet that can be quickly forwarded in a connection, and specific content that needs to be rewritten when the data packet is quickly forwarded; the related information includes: a quintuple, a NAT type, The IP address after the NAT, the port number after the NAT, the source MAC address, the destination MAC address, and the VLAN value when the packet is sent.
  • the Layer 3 device has multiple forwarding tables at the same time. The identifier of the forwarding table.
  • the method before the forwarding, further includes: determining, by the third layer device, whether the data packet to be forwarded satisfies a condition for establishing a forwarding table for the connection that is in the connection, and if not, does not establish a forwarding table, if the condition is met. Then, the forwarding table is created and saved by using the information in the connection tracking table and the related information in the data packet to be sent.
  • the condition for establishing the forwarding table includes: the three-layer device finds the corresponding connection tracking table according to the quintuple in the data packet, and the usage record of the help function in the connection tracking table is unused, and the IP protocol is TCP. Or UDP, and the connection status is the established connection, the forwarding identifier is forwarded; the layer 3 device checks the fragment identifier in the data packet as unfragmented; the layer 3 device extracts the quintuple of the data packet, using the quintuple group Lookup in the forwarding table already in the Layer 3 device, not found Record the forwarding table for the five-tuple.
  • the method further includes: the three-layer device starts the timer in the connection tracking table after any one of the connection tracking tables is completed, and after the timer expires, the three-layer device queries the same five. If the forwarding table is not accessed between the current query and the last query, the Layer 3 device deletes the forwarding table and deletes the connection tracking table; otherwise, no operation is performed.
  • the present invention further provides a Layer 3 device for rapidly forwarding data packets, where the Layer 3 device includes: a fast forwarding module, a protocol processing module, and a sending module;
  • the fast forwarding module is configured to determine whether the data packet can be quickly forwarded. When the data packet can be quickly forwarded, the data packet is rewritten and sent to the sending module. When the data packet cannot be quickly forwarded, the data packet is sent to the protocol processing module.
  • a protocol processing module configured to receive a data packet sent by the fast forwarding module, and send the data packet to the sending module after being processed by the protocol stack of the layer 3 device;
  • the sending module is configured to receive the rewritten data packet sent by the fast forwarding module, the processed data packet sent by the protocol processing module, and send the data packet.
  • the fast forwarding module determines whether the data packet can be quickly forwarded as: extracting an IP version number, a fragment identifier, and a quintuple in the data packet. If the IP version number is IPV4 or IPV6, the fragment identifier is not divided.
  • the IP protocol in the quintuple is TCP or UDP, and all the forwarding tables stored in the quintuple are used for comparison. If the same quintuple appears in the forwarding table, the packet It can be forwarded quickly, otherwise it cannot be forwarded quickly.
  • the fast forwarding module rewrites the data packet to: use the quintuple of the data packet to select the forwarding table, and then use the information in the forwarding table to use the source MAC address, the destination MAC address, and the NAT in the data packet. Replace the information such as the IP address, port number after NAT, and VLAN value.
  • the sending module is further configured to determine whether the data packet satisfies the condition for establishing a forwarding table before sending the data packet, and does not perform an operation when the condition is not met, and when the condition is met, The information required to establish the forwarding table in the data packet is sent to the fast forwarding module to be sent to the fast forwarding module.
  • the fast forwarding module is further configured to receive the information in the notification after receiving the notification of the forwarding table sent by the sending module. Obtaining the information required to establish a forwarding table in the connection tracking table from the protocol processing module, and establishing a forwarding table;
  • the protocol processing module is further configured to send, to the fast forwarding module, information required to establish a transfer in the connection tracking table.
  • the sending module is further configured to extract a quintuple and a shard identifier in the data packet, and obtain a corresponding connection tracking table from the protocol processing module by using the arbitrarily obtained acquisition request, if the connection tracking table is The usage of the help function is recorded as unused, the IP protocol is TCP or UDP, and the connection status is the established connection.
  • the forwarding identifier is forwarded, the fragmentation identifier of the data packet is unfragmented, and the quintuple is used to write the ratio.
  • Sending the comparison instruction to the fast forwarding module, and then receiving the comparison result returned by the fast forwarding module, the comparison result is that the forwarding table of the quintuple does not exist, and a forwarding table is established for the connection of the data packet;
  • the protocol processing module is further configured to receive an acquisition request sent by the sending module, analyze the quintuple in the obtaining request, find the connection tracking table corresponding to the quintuple, and then send a connection tracking table to the sending module;
  • the fast forwarding module is further configured to receive a comparison instruction of the sending module, and extract a quintuple in the comparison instruction to find whether there is a forwarding table for recording the quintuple, and if yes, send the presence of the five to the sending module.
  • the comparison result of the forwarding table of the tuple if not, sends a comparison result of the forwarding table in which the quintuple does not exist to the transmitting module.
  • the protocol processing module is further configured to enable a timer in the connection tracking table after any one of the connection tracking tables is completed. When the timer expires, the received response is a forwarding table in this time. If the query and the last query have never been accessed, delete the connection tracking table and send the finger to the fast forwarding module to delete the forwarding table with the same five-tuple. Order, otherwise do not operate;
  • the fast forwarding module is further configured to receive the query information of the protocol processing module, and send the reply information that has never been visited between the current query and the last query according to the usage of the forwarding table or in the present
  • the reply information that has been accessed between the secondary query and the last query is deleted by the receiving protocol processing module and deleting the forwarding table having the same five-tuple forwarding table.
  • the Layer 3 device includes: a packet receiving module, configured to receive a data packet, determine whether the fast forwarding module is enabled, and if it is enabled, send the data packet to the fast forwarding module, if not, the data packet is Sent to the protocol processing module;
  • the fast forwarding module is further configured to send a start notification to the packet receiving module, and receive the data packet sent by the packet receiving module;
  • the protocol processing module is further configured to receive a data packet sent by the packet receiving module.
  • the method for rapidly forwarding data packets and the three-layer device provided by the invention have the following advantages and features:
  • the three-layer device can use the quintuple of the data packet to determine whether it can be quickly forwarded, so that the same connection is received by the three-layer device.
  • the data packets do not need to be forwarded and uploaded to the protocol stack for processing, so that the data packet transmission time can be greatly reduced, and the repetitive work of the Layer 3 device forwarding the data packets in the same connection is reduced. In turn, the packet forwarding speed of the Layer 3 device is improved.
  • FIG. 1 is a schematic flowchart of an implementation process of a method for rapidly forwarding a data packet according to the present invention
  • FIG. 2 is a schematic structural diagram of a three-layer device for rapidly forwarding data packets according to the present invention. detailed description
  • the three-layer device determines whether the data packet can be quickly forwarded, and if so, the data packet is rewritten and directly forwarded; if not, the data packet is forwarded by the protocol stack and then forwarded.
  • the method for rapidly forwarding a data packet includes the following steps: Step 101: After receiving a data packet, the layer 3 device determines whether the data packet can be quickly forwarded. If yes, step 102 is performed, if not, , step 103 is performed;
  • the data packet mainly includes: a quintuple, a VLAN value, a fragment identifier, an IP version number, a source MAC address, a destination MAC address, and the like; wherein, the quintuple refers to: an IP source address,
  • IP destination address source port, destination port, and IP protocol number.
  • the determining whether the data packet can be quickly forwarded includes: if the data packet
  • the IP version number is IPV4 or IPV6.
  • the fragment ID in the data packet is not fragmented.
  • the IP protocol in the data packet is TCP, or UDP. Any one of the five-group and three-layer devices in the data packet is transferred. If the quintuple recorded in the publication is the same, the data packet can be forwarded quickly, and vice versa.
  • the forwarding table records the related information of the data packet that can be quickly forwarded in the connection and the specific content that needs to be rewritten when the data packet is quickly forwarded; the forwarding table includes: a quintuple, a NAT type, and an IP after the NAT The address, the port number after the NAT, the source MAC address, the destination MAC address, and the VLAN value when the packet is sent.
  • the Layer 3 device can have multiple forwarding tables at the same time. The quintuple is used to distinguish the identifiers of the forwarding tables. .
  • Step 102 The layer 3 device selects the forwarding table by using the quintuple of the data packet, and rewrites the data packet by using the information in the forwarding table, and then performs step 104;
  • the rewriting data packet refers to replacing the content in the related field in the data packet according to the information in the forwarding table, and the replaced content includes: a source MAC address, a destination MAC address, an IP address and a port number after the NAT, and a VLAN value. .
  • Step 103 The layer 3 device hands over the data packet to its own protocol stack for processing
  • step 103 the processing process of the protocol stack is determined by the processing function existing in the three-layer device.
  • the three-layer device performs NAT on the data packet, and modifies the source of the data packet.
  • the Layer 3 device also uses connection tracking technology to record information about packets at different stages, and uses this information to establish a connection tracking table for the connection to which the packet resides.
  • the connection tracking table includes: 5-tuple, NAT type, NAT IP address, port number after NAT, source MAC address when the packet is sent, destination MAC address, timer, status of the connection, forwarding identifier, usage record of the help function, etc.
  • Step 104 Add a data packet to the sending queue, and determine whether the data packet meets the condition for establishing a forwarding table. If the condition is met, a forwarding table is established for the connection where the data packet is located. If the condition is not met, the forwarding table is not established.
  • the sending queue is a FIFO (First Input First Output) queue set by a three-layer device.
  • FIFO First Input First Output
  • the establishing the forwarding table refers to: firstly selecting a corresponding connection tracking table by using a quintuple in the data packet, and then extracting a NAT type in the connection tracking table, an IP address after NAT, a port number after NAT, and the like; The source MAC address, the destination MAC address and the VLAN value, and the PPP header content when the data packet is sent are extracted from the packet. Finally, the forwarding table is created and saved by using the extracted content.
  • Whether the condition for establishing the forwarding table is satisfied includes: checking, according to the quintuple in the data packet, the connection tracking table of the connection where the data packet is located, whether the usage record of the help function in the connection tracking table is unused, and whether the IP protocol is TCP or UDP, and whether the connection status is an established connection, whether the forwarding identifier is forwarded or not; check whether the fragment identifier in the data packet is unfragmented; and check whether there is an existing forwarding table in the Layer 3 device. Record the forwarding table for the quintuple.
  • Step 105 The layer 3 device extracts the data packet from the sending queue for transmission.
  • the forwarding of data packets that are forwarded locally through a connection can be completed.
  • the Layer 3 device can be set by software according to the actual situation.
  • the layer 3 device also deletes the forwarding table, and the deleting process includes: After the third layer device completes any operation in any one of the connection tracking tables, the timer of the connection tracking table is started, and when the timer expires The Layer 3 device queries the usage of the forwarding table with the same five-tuple. If the forwarding table is not accessed between the current query and the last query, the Layer 3 device deletes the forwarding table and deletes the connection tracking. Table; otherwise no action.
  • any one of the operations refers to all operations in the three-layer device regarding the connection tracking table, such as: querying or extracting information of the connection tracking table when the forwarding table is established, and processing the data packet when the protocol stack of the three-layer device processes the data packet.
  • the operation of the connection tracking table for information extraction of the data packet and status recording;
  • the forwarding table is accessed, and refers to: In the foregoing steps 101 and 102, the layer 3 device uses the forwarding table to compare with the data packet, and uses the forwarding table to rewrite the data packet.
  • the three-layer device for rapidly forwarding data packets of the present invention includes: a fast forwarding module 21, a protocol processing module 22, and a sending module 23;
  • the fast forwarding module 21 is configured to determine whether the data packet can be quickly forwarded. When the data packet can be quickly forwarded, the data packet is rewritten and sent to the sending module. When the data packet cannot be quickly forwarded, the data packet is sent to the protocol processing module.
  • the data packet includes: an IP source address, an IP destination address, a source port, a destination port, an IP protocol, a VLAN value, a fragment identifier, an IP protocol version number, a PPP encapsulation identifier source MAC address, and a gateway MAC address.
  • Etc.; The quintuple refers to: IP source address, IP destination address, source port, destination port, and ten office number.
  • the protocol processing module 22 is configured to receive the data packet sent by the fast forwarding module, and process the data packet to the sending module after being processed by the protocol stack of the layer 3 device.
  • the specific process of the protocol processing module processing the data packet is determined by the processing function existing in the three-layer device.
  • the sending module 23 is configured to receive the rewritten data packet sent by the fast forwarding module, and The processed data packet sent by the processing module is sent, and the data packet is sent.
  • the sending of the data packet refers to the sending of the data packet from the queue after the data packet is placed in the FIFO queue.
  • the fast forwarding module 21 is specifically configured to extract an IP protocol version number, a fragment identifier, an IP protocol, and a quintuple in the data packet. If the IP protocol version number in the data packet is IPV4 or IPV6, the packet in the data packet The slice identifier is not fragmented. The IP protocol in the data packet is TCP or UDP, and the quintuple in the data packet is the same as the quintuple recorded in the forwarding table. The data packet can be forwarded quickly, otherwise the data packet cannot be fast. Forward.
  • the fast forwarding module 21 is further configured to select a forwarding table by using a quintuple of the data packet, and then use the information in the forwarding table to access the source medium in the data packet to control the MAC address, the destination MAC address, the IP address after the NAT, Replace the port number after the NAT, the VLAN value of the virtual LAN, and so on;
  • the forwarding table records information about a data packet that can be quickly forwarded, and the information includes: a quintuple, a NAT type, an IP address after NAT, a port number after NAT, a source MAC address, a MAC address of a gateway, and a VLAN value.
  • the content of the quintuple refers to the IP source address, the IP destination address, the source port, the destination port, and the ten-party negotiation number.
  • the fast forwarding module 21 is also used to save the forwarding table.
  • the sending module 23 is further configured to determine whether the data packet satisfies the condition for establishing a forwarding table for the connection before the data packet is sent, and does not perform the operation when the condition is not met; when the condition is met, the forwarding table is established in the data packet.
  • the notification that the information is written to establish the forwarding table is sent to the fast forwarding module 21; correspondingly, the fast forwarding module 21 is further configured to receive the information in the notification after the notification of the forwarding table sent by the sending module 23, and the protocol processing module 22: Obtain the information required to establish the forwarding table in the connection tracking table, and finally establish a forwarding table.
  • the protocol processing module 22 is further configured to send, to the fast forwarding module 21, information required to establish a forwarding table in the connection tracking table.
  • the sending module 23 is further configured to extract a quintuple and a fragment identifier in the data packet, and utilize the five
  • the acquisition request written by the tuple obtains the corresponding connection tracking table from the protocol processing module 22. If the usage record of the help function in the connection tracking table is unused, the IP protocol is TCP or UDP, and the connection status is an established connection.
  • the forwarding identifier is forwarded, and the fragment identifier of the data packet is unfragmented, and then the quintuple is used to write the comparison instruction, and the comparison instruction is sent to the fast forwarding module 21; after receiving the comparison result sent by the fast forwarding module, If the result is that there is no forwarding table of the quintuple, a forwarding table is established for the connection where the data packet is located;
  • the protocol processing module 22 is further configured to receive the acquisition request sent by the sending module, analyze the quintuple in the obtaining request, find the connection tracking table corresponding to the quintuple, and then send the connection tracking to the sending module 23.
  • the fast forwarding module 21 is further configured to receive the comparison instruction of the sending module 23, and extract the quintuple in the comparison instruction to find out whether the forwarding table of the quintuple is recorded, and if yes, send The module 23 transmits the comparison result of the forwarding table in which the quintu is present, and if not, transmits the comparison result of the forwarding table in which the quintuple does not exist to the transmitting module 23.
  • the protocol processing module 22 is specifically configured to process a data packet by using an existing processing function, perform NAT on the data packet, modify a source MAC address, a destination MAC address, and a modified VLAN value of the data packet, and finally Selecting a sending port for the data packet; also for using the connection tracking technology to record information about packets at different stages, and using the information to establish a connection tracking table of the connection where the data packet is located;
  • the connection tracking table includes: a quintuple, a NAT type, an IP address after NAT, a port number after NAT, a source MAC address when the data packet is sent, a destination MAC address, a timer, a connection status, and a forwarding identifier.
  • Information such as the usage record of the help function.
  • the protocol processing module 22 is further configured to: after any one of the connection tracking tables completes any operation, start a timer in the connection tracking table, and when the timer expires, reply to the fast forwarding to the forwarding table in the query and If the secondary query has never been accessed, the connection tracking table is deleted, and the fast forwarding module 21 is sent an instruction to delete the forwarding table having the same five-tuple. Otherwise do not operate;
  • the fast forwarding module 21 is further configured to receive the query information of the protocol processing module 22, and send the reply information that has never been visited between the current query and the last query according to the usage of the forwarding table or The reply information that has been accessed between the current query and the last query deletes the forwarding table after receiving the instruction sent by the protocol processing module 22 to delete the forwarding table having the same five-tuple.
  • the above-mentioned three-layer device further includes: a packet receiving module 24, configured to receive a data packet, determine whether the fast forwarding module 21 is enabled, and if it is enabled, send the data packet to the fast forwarding module 21, if not, the data is The packet is sent to the protocol processing module 22;
  • the fast forwarding module 21 is further configured to send a start notification to the message receiving module 24, and receive the data packet sent by the message receiving module 24.
  • the protocol processing module 22 is further configured to receive the data packet sent by the message receiving module 24. .
  • the fast forwarding module 21 can determine whether to enable according to the actual situation.
  • the packet forwarding operation in the locally forwarded connection can be completed by using the above module, and the fast forwarding module can be started according to the actual situation.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

Disclosed in the present invention is a method for fast forwarding data packets, which comprises: a triple layer device estimates whether the packets can be fast forwarded; if so, then it rewrites the packets and forwards the packets directly; if not so, it transfers the packets to its own protocol stack and forwards the packets after processed by the protocol stack. The present invention also discloses a triple layer device for fast forwarding data packets. The present invention enables the triple layer device reducing repetition work of forwarding data packets and improving speed of forwarding data packets.

Description

一种快速转发数据包的方法及三层设备 技术领域  Method for quickly forwarding data packets and three-layer device
本发明涉及通信领域的路由技术, 尤其涉及一种快速转发数据包的方 法及三层设备。 背景技术  The present invention relates to routing technologies in the field of communications, and in particular, to a method for rapidly forwarding data packets and a three-layer device. Background technique
网络日益成为人们日常生活中必不可少的工具, 几乎每个人都要使用 网络查询数据、 收发电子邮件和玩联机游戏, 用户对数据传输速度的要求 也越来越高。 在网络中, 数据传输速度取决于起到路由作用的设备, 比如 三层设备。  The network is increasingly becoming an indispensable tool in people's daily lives. Almost everyone uses the Internet to query data, send and receive emails, and play online games. Users are increasingly demanding data transmission speeds. In a network, the speed of data transmission depends on the device that acts as a route, such as a Layer 3 device.
目前, 三层设备转发数据包需要经过大量处理, 其处理过程包括: 三 层设备接收数据包之后先进行数据包的类型识别、 记录接收端口号, 再交 由协议栈进行寻路等一系列处理, 处理完成后发送数据包。 但是, 通常由 三层设备转发的任意一个连接的所有数据包都使用相同的路径。  At present, the three-layer device needs to undergo a large amount of processing for forwarding data packets. The processing process includes: after receiving the data packet, the three-layer device performs type identification of the data packet, records the receiving port number, and then performs a series of processing such as path finding by the protocol stack. , the packet is sent after the processing is completed. However, all packets that are normally forwarded by a Layer 3 device use the same path.
可见, 三层设备在转发的过程中做了大量的重复工作, 从而严重降低 了数据包转发的速度。 发明内容  It can be seen that the three-layer device does a lot of repetitive work in the process of forwarding, thereby seriously reducing the speed of packet forwarding. Summary of the invention
有鉴于此, 本发明的目的在于提供一种快速转发数据包的方法及三层 设备, 能减少三层设备转发数据包所做的重复工作, 提高数据包转发速度。  In view of the above, the object of the present invention is to provide a method for rapidly forwarding data packets and a Layer 3 device, which can reduce the repetitive work performed by the Layer 3 device to forward data packets and improve the packet forwarding speed.
为达到上述目的, 本发明的技术方案是这样实现的:  In order to achieve the above object, the technical solution of the present invention is achieved as follows:
本发明提供了一种快速转发数据包的方法, 该方法包括以下步驟: 三层设备判断数据包是否可以快速转发, 如果可以, 则将数据包进行 改写后转发; 如果不可以, 则将数据包交由自身协议栈处理后转发。 上述方案中, 所述判断数据包是否可以快速转发包括: 如果数据包中 的互联网协议( IP, Internet Protocol )版本号为 IPV4或 IPV6, 数据包中的 分片标识为不分片,数据包中的 IP协议为传输控制协议( TCP, Transmission Control Protocol )或用户数据包协议(UDP, User Datagram Protocol ), 数 据包中的五元组与三层设备中所保存的任意一个转发表中记录的五元组相 同, 则数据包可以快速转发, 反之则不可以快速转发。 The present invention provides a method for rapidly forwarding a data packet, the method comprising the following steps: The layer 3 device determines whether the data packet can be quickly forwarded, and if so, rewrites the data packet and forwards the data packet; if not, the data packet It is forwarded by the protocol stack and then forwarded. In the foregoing solution, the determining whether the data packet can be quickly forwarded includes: if the Internet Protocol (IP) version number in the data packet is IPV4 or IPV6, the fragment identifier in the data packet is not fragmented, and the data packet is in the data packet. The IP protocol is the Transmission Control Protocol (TCP) or the User Datagram Protocol (UDP), and the five records recorded in the five-group and three-layer devices in the data packet are recorded in any one of the forwarding tables. If the tuples are the same, the data packets can be forwarded quickly, and vice versa.
上述方案中, 所述将数据包进行改写包括: 三层设备利用数据包的五 元组选择转发表, 再利用转发表中的信息将数据包中的源介质访问控制 ( MAC, Media Access Control )地址、目的 MAC地址、网络地址转换( NAT, Network Address Translation )后的 IP地址、 NAT后的端口号和虚拟局域网 ( VLAN , Virtual Local Area Network )值替换。  In the above solution, the rewriting the data packet includes: the three-layer device uses the quintuple of the data packet to select a forwarding table, and then uses the information in the forwarding table to control the source medium access control (MAC, Media Access Control) in the data packet. Address, destination MAC address, IP address after NAT (Network Address Translation), port number after NAT, and virtual local area network (VLAN) value replacement.
上述方案中, 所述转发表为记录有一个连接中可以快速转发的数据包 的相关信息、 以及快速转发数据包时所需改写的具体内容; 所述相关信息 包括: 五元组、 NAT类型、 NAT后的 IP地址、 NAT后的端口号、 数据包 发送时的源 MAC地址、 目的 MAC地址和 VLAN值等内容; 所述三层设备 中同时存在多个转发表, 使用五元组作为区分各个转发表的标识。  In the foregoing solution, the forwarding table is related information that records a data packet that can be quickly forwarded in a connection, and specific content that needs to be rewritten when the data packet is quickly forwarded; the related information includes: a quintuple, a NAT type, The IP address after the NAT, the port number after the NAT, the source MAC address, the destination MAC address, and the VLAN value when the packet is sent. The Layer 3 device has multiple forwarding tables at the same time. The identifier of the forwarding table.
上述方案中, 所述转发之前, 该方法还包括: 三层设备判断即将被转 发的数据包是否满足为其所在的连接建立转发表的条件, 如果不满足, 则 不建立转发表, 如果满足条件, 则利用连接跟踪表中的信息以及即将发送 的数据包中的相关信息建立转发表并保存。  In the foregoing solution, before the forwarding, the method further includes: determining, by the third layer device, whether the data packet to be forwarded satisfies a condition for establishing a forwarding table for the connection that is in the connection, and if not, does not establish a forwarding table, if the condition is met. Then, the forwarding table is created and saved by using the information in the connection tracking table and the related information in the data packet to be sent.
上述方案中, 所述建立转发表的条件包括: 三层设备根据数据包中的 五元组查到对应的连接跟踪表, 连接跟踪表中的帮助函数的使用记录为未 使用, IP协议为 TCP或 UDP, 且连接状态为已建立的连接, 转发标识为经 过转发; 三层设备查看数据包中的分片标识为未分片; 三层设备提取数据 包的五元组, 利用五元组在三层设备中已有的转发表中查找, 没有查找到 记录的该五元组的转发表。 In the foregoing solution, the condition for establishing the forwarding table includes: the three-layer device finds the corresponding connection tracking table according to the quintuple in the data packet, and the usage record of the help function in the connection tracking table is unused, and the IP protocol is TCP. Or UDP, and the connection status is the established connection, the forwarding identifier is forwarded; the layer 3 device checks the fragment identifier in the data packet as unfragmented; the layer 3 device extracts the quintuple of the data packet, using the quintuple group Lookup in the forwarding table already in the Layer 3 device, not found Record the forwarding table for the five-tuple.
上述方案中, 所述转发之后, 该方法还包括: 三层设备在任意一个连 接跟踪表完成任何一个操作后开启连接跟踪表中的定时器, 当定时器超时 后, 三层设备查询有相同五元组的转发表的使用情况, 如果在本次查询和 上次查询之间, 转发表没有被访问过, 则三层设备删除转发表, 且删除该 连接跟踪表; 否则不做操作。  In the above solution, after the forwarding, the method further includes: the three-layer device starts the timer in the connection tracking table after any one of the connection tracking tables is completed, and after the timer expires, the three-layer device queries the same five. If the forwarding table is not accessed between the current query and the last query, the Layer 3 device deletes the forwarding table and deletes the connection tracking table; otherwise, no operation is performed.
本发明还提供了一种快速转发数据包的三层设备, 该三层设备包括: 快速转发模块、 协议处理模块和发送模块; 其中,  The present invention further provides a Layer 3 device for rapidly forwarding data packets, where the Layer 3 device includes: a fast forwarding module, a protocol processing module, and a sending module;
快速转发模块, 用于判断数据包是否可以快速转发, 可以快速转发时, 将数据包进行改写后发送给发送模块; 不可以快速转发时, 将数据包发送 给协议处理模块;  The fast forwarding module is configured to determine whether the data packet can be quickly forwarded. When the data packet can be quickly forwarded, the data packet is rewritten and sent to the sending module. When the data packet cannot be quickly forwarded, the data packet is sent to the protocol processing module.
协议处理模块, 用于接收快速转发模块发送的数据包, 经三层设备的 协议栈处理后发送给发送模块;  a protocol processing module, configured to receive a data packet sent by the fast forwarding module, and send the data packet to the sending module after being processed by the protocol stack of the layer 3 device;
发送模块, 用于接收快速转发模块发送的改写后的数据包、 协议处理 模块发送的经过处理的数据包, 并发送数据包。  The sending module is configured to receive the rewritten data packet sent by the fast forwarding module, the processed data packet sent by the protocol processing module, and send the data packet.
上述方案中, 所述快速转发模块判断数据包是否可以快速转发为: 提 取数据包中的 IP版本号、分片标识和五元组,如果 IP版本号为 IPV4或 IPV6, 分片标识为不分片, 五元组中的 IP协议为 TCP或 UDP, 且用五元组^ ^莫 块中所保存的所有转发表做比对, 如果有相同的五元组出现在转发表中, 则数据包可以快速转发, 反之则不可以快速转发。  In the foregoing solution, the fast forwarding module determines whether the data packet can be quickly forwarded as: extracting an IP version number, a fragment identifier, and a quintuple in the data packet. If the IP version number is IPV4 or IPV6, the fragment identifier is not divided. The IP protocol in the quintuple is TCP or UDP, and all the forwarding tables stored in the quintuple are used for comparison. If the same quintuple appears in the forwarding table, the packet It can be forwarded quickly, otherwise it cannot be forwarded quickly.
上述方案中, 所述快速转发模块将数据包进行改写为: 利用数据包的 五元组选中转发表,再利用转发表中的信息将数据包中的源 MAC地址、 目 的 MAC地址、 NAT后的 IP地址、 NAT后的端口号、 VLAN值等信息替换。  In the above solution, the fast forwarding module rewrites the data packet to: use the quintuple of the data packet to select the forwarding table, and then use the information in the forwarding table to use the source MAC address, the destination MAC address, and the NAT in the data packet. Replace the information such as the IP address, port number after NAT, and VLAN value.
上述方案中, 所述发送模块, 还用于在发送数据包之前判断数据包是 否满足为其建立转发表的条件, 不满足条件时不做操作, 满足条件时则将 数据包中建立转发表所需信息写成建立转发表的通知发给快速转发模块; 相应的, 所述快速转发模块, 还用于接收发送模块发送的建立转发表 的通知后提取通知中的信息, 从协议处理模块获取连接跟踪表中建立转发 表所需的信息, 建立转发表; In the above solution, the sending module is further configured to determine whether the data packet satisfies the condition for establishing a forwarding table before sending the data packet, and does not perform an operation when the condition is not met, and when the condition is met, The information required to establish the forwarding table in the data packet is sent to the fast forwarding module to be sent to the fast forwarding module. Correspondingly, the fast forwarding module is further configured to receive the information in the notification after receiving the notification of the forwarding table sent by the sending module. Obtaining the information required to establish a forwarding table in the connection tracking table from the protocol processing module, and establishing a forwarding table;
所述协议处理模块, 还用于向快速转发模块发送连接跟踪表中建立转 发表所需的信息。  The protocol processing module is further configured to send, to the fast forwarding module, information required to establish a transfer in the connection tracking table.
上述方案中, 所述发送模块, 还用于提取数据包中的五元组和分片标 识, 利用五元组写成的获取请求从协议处理模块中获取相应的连接跟踪表, 如果连接跟踪表中的帮助函数的使用记录为未使用, IP协议为 TCP或 UDP, 且连接状态为已建立的连接, 转发标识为经过转发, 数据包的分片标识为 未分片, 再利用五元组写成比对指令, 将比对指令发送给快速转发模块, 之后接收快速转发模块返回的比对结果, 比对结果为不存在该五元组的转 发表, 为该数据包所在连接建立转发表;  In the above solution, the sending module is further configured to extract a quintuple and a shard identifier in the data packet, and obtain a corresponding connection tracking table from the protocol processing module by using the arbitrarily obtained acquisition request, if the connection tracking table is The usage of the help function is recorded as unused, the IP protocol is TCP or UDP, and the connection status is the established connection. The forwarding identifier is forwarded, the fragmentation identifier of the data packet is unfragmented, and the quintuple is used to write the ratio. Sending the comparison instruction to the fast forwarding module, and then receiving the comparison result returned by the fast forwarding module, the comparison result is that the forwarding table of the quintuple does not exist, and a forwarding table is established for the connection of the data packet;
相应的, 所述协议处理模块, 还用于接收发送模块发送的获取请求, 分析获取请求中的五元组后查找到该五元组对应的连接跟踪表, 之后向发 送模块发送连接跟踪表;  Correspondingly, the protocol processing module is further configured to receive an acquisition request sent by the sending module, analyze the quintuple in the obtaining request, find the connection tracking table corresponding to the quintuple, and then send a connection tracking table to the sending module;
所述快速转发模块, 还用于接收发送模块的比对指令, 提取比对指令 中的五元组后查找是否有记录该五元组的转发表, 如果有, 则向发送模块 发送存在该五元组的转发表的比较结果, 如果没有则向发送模块发送不存 在该五元组的转发表的比较结果。  The fast forwarding module is further configured to receive a comparison instruction of the sending module, and extract a quintuple in the comparison instruction to find whether there is a forwarding table for recording the quintuple, and if yes, send the presence of the five to the sending module. The comparison result of the forwarding table of the tuple, if not, sends a comparison result of the forwarding table in which the quintuple does not exist to the transmitting module.
上述方案中, 所述协议处理模块, 进一步用于在任意一个连接跟踪表 完成任何一个操作之后开启该连接跟踪表中的定时器, 当定时器超时后, 接收到的回复为转发表在本次查询和上次查询之间从没有被访问过, 则删 除该连接跟踪表, 并向快速转发模块发送删除有相同五元组的转发表的指 令, 否则不做操作; In the above solution, the protocol processing module is further configured to enable a timer in the connection tracking table after any one of the connection tracking tables is completed. When the timer expires, the received response is a forwarding table in this time. If the query and the last query have never been accessed, delete the connection tracking table and send the finger to the fast forwarding module to delete the forwarding table with the same five-tuple. Order, otherwise do not operate;
相应的, 所述快速转发模块, 还用于接收协议处理模块的询问信息, 根据转发表的使用情况, 发送在本次查询和上次查询之间从没有被访问过 的回复信息或者是在本次查询和上次查询之间被访问过的回复信息, 接收 协议处理模块发送的删除有相同五元组的转发表的指令后删除该转发表。  Correspondingly, the fast forwarding module is further configured to receive the query information of the protocol processing module, and send the reply information that has never been visited between the current query and the last query according to the usage of the forwarding table or in the present The reply information that has been accessed between the secondary query and the last query is deleted by the receiving protocol processing module and deleting the forwarding table having the same five-tuple forwarding table.
上述方案中, 该三层设备包括: 报文接收模块, 用于接收数据包, 判 断快速转发模块是否开启, 如果已开启, 则将数据包发送给快速转发模块, 如果没有开启, 则将数据包发送给协议处理模块;  In the foregoing solution, the Layer 3 device includes: a packet receiving module, configured to receive a data packet, determine whether the fast forwarding module is enabled, and if it is enabled, send the data packet to the fast forwarding module, if not, the data packet is Sent to the protocol processing module;
相应的, 所述快速转发模块, 还用于为报文接收模块发送开启通知, 接收报文接收模块发送的数据包;  Correspondingly, the fast forwarding module is further configured to send a start notification to the packet receiving module, and receive the data packet sent by the packet receiving module;
所述协议处理模块, 还用于接收报文接收模块发送的数据包。  The protocol processing module is further configured to receive a data packet sent by the packet receiving module.
本发明所提供的快速转发数据包的方法及三层设备, 具有以下的优点 和特点: 三层设备可以利用数据包的五元组判断是否可以快速转发, 这样 三层设备接收到的同一个连接的数据包不需要每个数据包都进行转发寻路 和上传到协议栈进行处理, 从而能大大减少数据包的传送时间, 减少三层 设备转发同一个连接中的数据包所做的重复工作, 进而提高三层设备的数 据包转发速度。 附图说明  The method for rapidly forwarding data packets and the three-layer device provided by the invention have the following advantages and features: The three-layer device can use the quintuple of the data packet to determine whether it can be quickly forwarded, so that the same connection is received by the three-layer device. The data packets do not need to be forwarded and uploaded to the protocol stack for processing, so that the data packet transmission time can be greatly reduced, and the repetitive work of the Layer 3 device forwarding the data packets in the same connection is reduced. In turn, the packet forwarding speed of the Layer 3 device is improved. DRAWINGS
图 1为本发明快速转发数据包的方法的实现流程示意图;  1 is a schematic flowchart of an implementation process of a method for rapidly forwarding a data packet according to the present invention;
图 2为本发明快速转发数据包的三层设备的组成结构示意图。 具体实施方式  FIG. 2 is a schematic structural diagram of a three-layer device for rapidly forwarding data packets according to the present invention. detailed description
本发明的基本思想是: 三层设备判断数据包是否可以快速转发, 如果 可以, 则将数据包进行改写后直接转发; 如果不可以, 则将数据包交由协 议栈处理之后转发。 下面结合附图及具体实施例对本发明再做进一步详细的说明。 The basic idea of the present invention is: The three-layer device determines whether the data packet can be quickly forwarded, and if so, the data packet is rewritten and directly forwarded; if not, the data packet is forwarded by the protocol stack and then forwarded. The present invention will be further described in detail below with reference to the accompanying drawings and specific embodiments.
如图 1所示, 本发明快速转发数据包的方法, 包括以下步驟: 步驟 101 : 三层设备接收到数据包后, 判断数据包是否可以快速转发, 如果可以, 则执行步驟 102, 如果不可以, 则执行步驟 103;  As shown in FIG. 1 , the method for rapidly forwarding a data packet includes the following steps: Step 101: After receiving a data packet, the layer 3 device determines whether the data packet can be quickly forwarded. If yes, step 102 is performed, if not, , step 103 is performed;
这里, 所述数据包主要包括: 五元组、 VLAN值、 分片标识、 IP版本 号、 源 MAC地址、 目的 MAC地址等; 其中, 所述五元组指: IP源地址、 Here, the data packet mainly includes: a quintuple, a VLAN value, a fragment identifier, an IP version number, a source MAC address, a destination MAC address, and the like; wherein, the quintuple refers to: an IP source address,
IP目的端地址、 源端口、 目的端口和 IP协议号。 IP destination address, source port, destination port, and IP protocol number.
本步驟中, 所述判断数据包是否可以快速转发包括: 如果数据包中的 In this step, the determining whether the data packet can be quickly forwarded includes: if the data packet
IP版本号为 IPV4或 IPV6, 数据包中的分片标识为不分片, 数据包中的 IP 协议为 TCP、 或 UDP, 数据包中的五元组与三层设备中所保存的任意一个 转发表中记录的五元组相同, 则数据包可以快速转发, 反之则不可以快速 转发; The IP version number is IPV4 or IPV6. The fragment ID in the data packet is not fragmented. The IP protocol in the data packet is TCP, or UDP. Any one of the five-group and three-layer devices in the data packet is transferred. If the quintuple recorded in the publication is the same, the data packet can be forwarded quickly, and vice versa.
其中, 所述转发表记录有一个连接中可以快速转发的数据包的相关信 息及快速转发数据包时所需改写的具体内容; 所述转发表包括: 五元组、 NAT类型、 NAT后的 IP地址、 NAT后的端口号, 数据包发送时的源 MAC 地址、 目的 MAC地址和 VLAN值等内容; 三层设备中可以同时存在多个 转发表, 使用五元组来做区分各个转发表的标识。  The forwarding table records the related information of the data packet that can be quickly forwarded in the connection and the specific content that needs to be rewritten when the data packet is quickly forwarded; the forwarding table includes: a quintuple, a NAT type, and an IP after the NAT The address, the port number after the NAT, the source MAC address, the destination MAC address, and the VLAN value when the packet is sent. The Layer 3 device can have multiple forwarding tables at the same time. The quintuple is used to distinguish the identifiers of the forwarding tables. .
步驟 102: 三层设备利用数据包的五元组选择转发表, 利用转发表中的 信息改写数据包, 然后执行步驟 104;  Step 102: The layer 3 device selects the forwarding table by using the quintuple of the data packet, and rewrites the data packet by using the information in the forwarding table, and then performs step 104;
这里, 所述改写数据包指将数据包内相关字段中的内容根据转发表中 的信息进行替换, 替换的内容包括: 源 MAC地址、 目的 MAC地址、 NAT 后的 IP地址和端口号和 VLAN值。  Here, the rewriting data packet refers to replacing the content in the related field in the data packet according to the information in the forwarding table, and the replaced content includes: a source MAC address, a destination MAC address, an IP address and a port number after the NAT, and a VLAN value. .
步驟 103: 三层设备将数据包交由自身的协议栈进行处理;  Step 103: The layer 3 device hands over the data packet to its own protocol stack for processing;
步驟 103 中, 协议栈的处理过程由三层设备中已有的处理函数决定, 在协议栈的处理过程中, 三层设备会对数据包做 NAT, 修改数据包的源 MAC地址、 目的 MAC地址以及修改 VLAN值等操作 , 最终为数据包选择 发送端口; In step 103, the processing process of the protocol stack is determined by the processing function existing in the three-layer device. During the processing of the protocol stack, the three-layer device performs NAT on the data packet, and modifies the source of the data packet. MAC address, destination MAC address, and modification of the VLAN value, and finally select the sending port for the data packet;
三层设备还会使用连接跟踪技术记录不同阶段的数据包的相关信息, 并利用这些信息建立该数据包所在连接的连接跟踪表, 连接跟踪表中包括: 五元组、 NAT类型、 NAT后的 IP地址、 NAT后的端口号, 数据包发送时 的源 MAC地址、 目的 MAC地址, 定时器、 连接的状态、 转发标识、 帮助 函数的使用记录等信息。  The Layer 3 device also uses connection tracking technology to record information about packets at different stages, and uses this information to establish a connection tracking table for the connection to which the packet resides. The connection tracking table includes: 5-tuple, NAT type, NAT IP address, port number after NAT, source MAC address when the packet is sent, destination MAC address, timer, status of the connection, forwarding identifier, usage record of the help function, etc.
步驟 104: 将数据包加入到发送队列中, 并判断该数据包是否满足建立 转发表条件, 如果满足条件, 则为数据包所在连接建立转发表, 如果不满 足条件, 则不建立转发表;  Step 104: Add a data packet to the sending queue, and determine whether the data packet meets the condition for establishing a forwarding table. If the condition is met, a forwarding table is established for the connection where the data packet is located. If the condition is not met, the forwarding table is not established.
这里,所述发送队列为三层设备设置的先进先出( FIFO, First Input First Output ) 队列。  Here, the sending queue is a FIFO (First Input First Output) queue set by a three-layer device.
所述建立转发表指: 首先利用数据包中的五元组选择对应的连接跟踪 表, 再提取连接跟踪表中的 NAT类型、 NAT后的 IP地址、 NAT后的端口 号等内容; 并从数据包中提取数据包发送时的源 MAC地址、 目的 MAC地 址和 VLAN值以及 PPP头等内容;最后利用上述提取的内容建立转发表并 保存。  The establishing the forwarding table refers to: firstly selecting a corresponding connection tracking table by using a quintuple in the data packet, and then extracting a NAT type in the connection tracking table, an IP address after NAT, a port number after NAT, and the like; The source MAC address, the destination MAC address and the VLAN value, and the PPP header content when the data packet is sent are extracted from the packet. Finally, the forwarding table is created and saved by using the extracted content.
所述是否满足建立转发表的条件包括: 根据数据包中的五元组查到该 数据包所在连接的连接跟踪表, 连接跟踪表中的帮助函数的使用记录是否 为未使用, IP协议是否为 TCP或 UDP, 且连接状态是否为已建立的连接, 转发标识是否为经过转发; 查看数据包中的分片标识是否为未分片; 且在 三层设备中已有的转发表中查看是否有记录该五元组的转发表。  Whether the condition for establishing the forwarding table is satisfied includes: checking, according to the quintuple in the data packet, the connection tracking table of the connection where the data packet is located, whether the usage record of the help function in the connection tracking table is unused, and whether the IP protocol is TCP or UDP, and whether the connection status is an established connection, whether the forwarding identifier is forwarded or not; check whether the fragment identifier in the data packet is unfragmented; and check whether there is an existing forwarding table in the Layer 3 device. Record the forwarding table for the quintuple.
步驟 105: 三层设备从发送队列中提取数据包进行发送。  Step 105: The layer 3 device extracts the data packet from the sending queue for transmission.
经过上述步驟, 可以完成一个连接中经由本地转发的数据包的转发工 作, 三层设备对于是否进行快速转发可以根据实际情况通过软件进行设置。 此外, 步驟 105完成后, 三层设备还会删除转发表, 该删除过程包括: 三层设备在任意一个连接跟踪表完成任何一个操作之后, 会开启连接跟踪 表的定时器, 当定时器超时后, 三层设备会查询有相同五元组的转发表的 使用情况, 如果在本次查询和上次查询之间, 转发表没有被访问过, 则三 层设备删除转发表, 且删除该连接跟踪表; 否则不做操作。 After the above steps, the forwarding of data packets that are forwarded locally through a connection can be completed. The Layer 3 device can be set by software according to the actual situation. In addition, after the step 105 is completed, the layer 3 device also deletes the forwarding table, and the deleting process includes: After the third layer device completes any operation in any one of the connection tracking tables, the timer of the connection tracking table is started, and when the timer expires The Layer 3 device queries the usage of the forwarding table with the same five-tuple. If the forwarding table is not accessed between the current query and the last query, the Layer 3 device deletes the forwarding table and deletes the connection tracking. Table; otherwise no action.
这里, 所述任何一个操作指三层设备中所有关于该连接跟踪表的操作, 比如: 建立转发表时对连接跟踪表的信息查询或者提取操作、 在三层设备 的协议栈处理数据包时, 连接跟踪表对数据包的信息提取以及状态记录的 操作;  Here, any one of the operations refers to all operations in the three-layer device regarding the connection tracking table, such as: querying or extracting information of the connection tracking table when the forwarding table is established, and processing the data packet when the protocol stack of the three-layer device processes the data packet. The operation of the connection tracking table for information extraction of the data packet and status recording;
所述转发表被访问, 指: 上述步驟 101和步驟 102中, 三层设备使用 转发表与数据包做比对, 以及使用转发表对数据包做改写。  The forwarding table is accessed, and refers to: In the foregoing steps 101 and 102, the layer 3 device uses the forwarding table to compare with the data packet, and uses the forwarding table to rewrite the data packet.
为实现上述方法, 如图 2所示, 本发明快速转发数据包的三层设备包 括: 快速转发模块 21、 协议处理模块 22和发送模块 23; 其中,  To implement the foregoing method, as shown in FIG. 2, the three-layer device for rapidly forwarding data packets of the present invention includes: a fast forwarding module 21, a protocol processing module 22, and a sending module 23;
快速转发模块 21 , 用于判断数据包是否可以快速转发, 可以快速转发 时, 将数据包进行改写后发送给发送模块; 不可以快速转发时, 将数据包 发送给协议处理模块。  The fast forwarding module 21 is configured to determine whether the data packet can be quickly forwarded. When the data packet can be quickly forwarded, the data packet is rewritten and sent to the sending module. When the data packet cannot be quickly forwarded, the data packet is sent to the protocol processing module.
这里, 所述数据包, 包括: IP源地址、 IP目的端地址、 源端口、 目的 端口、 IP协议、 VLAN值、分片标识、 IP协议版本号、 PPP封装标识源 MAC 地址、 网关的 MAC地址等; 所述五元组指: IP源地址、 IP 目的端地址、 源端口、 目的端口和十办议号。  Here, the data packet includes: an IP source address, an IP destination address, a source port, a destination port, an IP protocol, a VLAN value, a fragment identifier, an IP protocol version number, a PPP encapsulation identifier source MAC address, and a gateway MAC address. Etc.; The quintuple refers to: IP source address, IP destination address, source port, destination port, and ten office number.
协议处理模块 22, 用于接收快速转发模块发送的数据包, 经三层设备 的协议栈处理后发送给发送模块。  The protocol processing module 22 is configured to receive the data packet sent by the fast forwarding module, and process the data packet to the sending module after being processed by the protocol stack of the layer 3 device.
这里, 所述协议处理模块处理数据包的具体过程由三层设备中已有的 处理函数而决定。  Here, the specific process of the protocol processing module processing the data packet is determined by the processing function existing in the three-layer device.
发送模块 23, 用于接收快速转发模块发送的改写后的数据包、 以及协 议处理模块发送的经过处理的数据包, 并发送数据包。 The sending module 23 is configured to receive the rewritten data packet sent by the fast forwarding module, and The processed data packet sent by the processing module is sent, and the data packet is sent.
这里,所述发送数据包是指将数据包放入 FIFO队列之后从队列中提取 数据包发送。  Here, the sending of the data packet refers to the sending of the data packet from the queue after the data packet is placed in the FIFO queue.
所述快速转发模块 21 , 具体用于提取数据包中的 IP协议版本号、 分片 标识、 IP协议和五元组, 如果数据包中的 IP协议版本号为 IPV4或 IPV6 , 数据包中的分片标识为不分片, 数据包中的 IP协议为 TCP或 UDP, 且数 据包中的五元组跟转发表中记录的五元组相同, 则数据包可以快速转发, 否则数据包不可以快速转发。  The fast forwarding module 21 is specifically configured to extract an IP protocol version number, a fragment identifier, an IP protocol, and a quintuple in the data packet. If the IP protocol version number in the data packet is IPV4 or IPV6, the packet in the data packet The slice identifier is not fragmented. The IP protocol in the data packet is TCP or UDP, and the quintuple in the data packet is the same as the quintuple recorded in the forwarding table. The data packet can be forwarded quickly, otherwise the data packet cannot be fast. Forward.
所述快速转发模块 21 , 还用于利用数据包的五元组选中转发表, 再利 用转发表中的信息将数据包中的源介质访问控制 MAC地址、 目的 MAC地 址、 NAT后的 IP地址、 NAT后的端口号、 虚拟局域网 VLAN值等信息替 换;  The fast forwarding module 21 is further configured to select a forwarding table by using a quintuple of the data packet, and then use the information in the forwarding table to access the source medium in the data packet to control the MAC address, the destination MAC address, the IP address after the NAT, Replace the port number after the NAT, the VLAN value of the virtual LAN, and so on;
所述转发表记录有可以快速转发的数据包的信息, 所述信息包括: 五 元组、 NAT类型、 NAT后的 IP地址、 NAT后的端口号、 源 MAC地址、 网 关的 MAC地址、 VLAN值等内容; 所述五元组指 IP源地址、 IP目的端地 址、 源端口、 目的端口和十办议号。  The forwarding table records information about a data packet that can be quickly forwarded, and the information includes: a quintuple, a NAT type, an IP address after NAT, a port number after NAT, a source MAC address, a MAC address of a gateway, and a VLAN value. The content of the quintuple refers to the IP source address, the IP destination address, the source port, the destination port, and the ten-party negotiation number.
快速转发模块 21 , 还用于保存转发表。  The fast forwarding module 21 is also used to save the forwarding table.
所述发送模块 23, 还用于在发送数据包之前判断数据包是否满足为其 所在的连接建立转发表的条件, 不满足条件时不做操作; 满足条件时, 将 数据包中建立转发表所需信息写成建立转发表的通知发给快速转发模块 21; 相应的, 所述快速转发模块 21 , 还用于接收发送模块 23发送的建立转 发表的通知后提取通知中的信息, 从协议处理模块 22获取连接跟踪表中建 立转发表所需的信息, 最后建立转发表; 所述协议处理模块 22, 还用于向 快速转发模块 21发送连接跟踪表中建立转发表所需的信息。  The sending module 23 is further configured to determine whether the data packet satisfies the condition for establishing a forwarding table for the connection before the data packet is sent, and does not perform the operation when the condition is not met; when the condition is met, the forwarding table is established in the data packet. The notification that the information is written to establish the forwarding table is sent to the fast forwarding module 21; correspondingly, the fast forwarding module 21 is further configured to receive the information in the notification after the notification of the forwarding table sent by the sending module 23, and the protocol processing module 22: Obtain the information required to establish the forwarding table in the connection tracking table, and finally establish a forwarding table. The protocol processing module 22 is further configured to send, to the fast forwarding module 21, information required to establish a forwarding table in the connection tracking table.
所述发送模块 23, 还用于提取数据包中的五元组和分片标识, 利用五 元组写成的获取请求从协议处理模块 22中获取相应的连接跟踪表, 如果连 接跟踪表中的帮助函数的使用记录为未使用, IP协议为 TCP或 UDP, 且连 接状态为已建立的连接, 转发标识为经过转发, 数据包的分片标识为未分 片, 再利用五元组写成比对指令, 将比对指令发送给快速转发模块 21; 之 后接收快速转发模块发送的比对结果, 比对结果为不存在该五元组的转发 表时, 为该数据包所在连接建立转发表; The sending module 23 is further configured to extract a quintuple and a fragment identifier in the data packet, and utilize the five The acquisition request written by the tuple obtains the corresponding connection tracking table from the protocol processing module 22. If the usage record of the help function in the connection tracking table is unused, the IP protocol is TCP or UDP, and the connection status is an established connection. The forwarding identifier is forwarded, and the fragment identifier of the data packet is unfragmented, and then the quintuple is used to write the comparison instruction, and the comparison instruction is sent to the fast forwarding module 21; after receiving the comparison result sent by the fast forwarding module, If the result is that there is no forwarding table of the quintuple, a forwarding table is established for the connection where the data packet is located;
相应的, 所述协议处理模块 22,还用于接收发送模块发送的获取请求, 分析获取请求中的五元组后查找到该五元组对应的连接跟踪表, 之后向发 送模块 23发送连接跟踪表; 所述快速转发模块 21 , 还用于接收发送模块 23的比对指令, 提取比对指令中的五元组后查找是否有记录了该五元组的 转发表,如果有,则向发送模块 23发送存在该五元组的转发表的比较结果, 如果没有, 则向发送模块 23发送不存在该五元组的转发表的比较结果。  Correspondingly, the protocol processing module 22 is further configured to receive the acquisition request sent by the sending module, analyze the quintuple in the obtaining request, find the connection tracking table corresponding to the quintuple, and then send the connection tracking to the sending module 23. The fast forwarding module 21 is further configured to receive the comparison instruction of the sending module 23, and extract the quintuple in the comparison instruction to find out whether the forwarding table of the quintuple is recorded, and if yes, send The module 23 transmits the comparison result of the forwarding table in which the quintu is present, and if not, transmits the comparison result of the forwarding table in which the quintuple does not exist to the transmitting module 23.
所述协议处理模块 22, 具体用于利用已有的处理函数处理数据包, 在 处理过程中, 对数据包做 NAT, 修改数据包的源 MAC地址、 目的 MAC地 址以及修改 VLAN值等操作, 最终为数据包选择发送端口; 还用于使用连 接跟踪技术记录不同阶段的数据包的相关信息, 并利用这些信息建立该数 据包所在连接的连接跟踪表;  The protocol processing module 22 is specifically configured to process a data packet by using an existing processing function, perform NAT on the data packet, modify a source MAC address, a destination MAC address, and a modified VLAN value of the data packet, and finally Selecting a sending port for the data packet; also for using the connection tracking technology to record information about packets at different stages, and using the information to establish a connection tracking table of the connection where the data packet is located;
其中, 所述连接跟踪表包括: 五元组、 NAT类型、 NAT后的 IP地址、 NAT后的端口号,数据包发送时的源 MAC地址、 目的 MAC地址,定时器、 连接的状态、 转发标识、 帮助函数的使用记录等信息。  The connection tracking table includes: a quintuple, a NAT type, an IP address after NAT, a port number after NAT, a source MAC address when the data packet is sent, a destination MAC address, a timer, a connection status, and a forwarding identifier. Information such as the usage record of the help function.
所述协议处理模块 22, 进一步用于在任意一个连接跟踪表完成任何一 个操作之后开启该连接跟踪表中的定时器, 当定时器超时后, 向快速转发 回复为转发表在本次查询和上次查询之间从没有被访问过, 则删除该连接 跟踪表, 同时向快速转发模块 21发送删除有相同五元组的转发表的指令, 否则不做操作; The protocol processing module 22 is further configured to: after any one of the connection tracking tables completes any operation, start a timer in the connection tracking table, and when the timer expires, reply to the fast forwarding to the forwarding table in the query and If the secondary query has never been accessed, the connection tracking table is deleted, and the fast forwarding module 21 is sent an instruction to delete the forwarding table having the same five-tuple. Otherwise do not operate;
相应的, 所述快速转发模块 21 ,还用于接收协议处理模块 22的询问信 息, 根据转发表的使用情况, 发送在本次查询和上次查询之间从没有被访 问过的回复信息或者是在本次查询和上次查询之间被访问过的回复信息, 接收协议处理模块 22发送的删除有相同五元组的转发表的指令后删除该转 发表。  Correspondingly, the fast forwarding module 21 is further configured to receive the query information of the protocol processing module 22, and send the reply information that has never been visited between the current query and the last query according to the usage of the forwarding table or The reply information that has been accessed between the current query and the last query deletes the forwarding table after receiving the instruction sent by the protocol processing module 22 to delete the forwarding table having the same five-tuple.
上述三层设备, 进一步包括: 报文接收模块 24, 用于接收数据包, 判 断快速转发模块 21是否开启, 如果已开启, 则将数据包发送给快速转发模 块 21 , 如果没有开启, 则将数据包发送给协议处理模块 22;  The above-mentioned three-layer device further includes: a packet receiving module 24, configured to receive a data packet, determine whether the fast forwarding module 21 is enabled, and if it is enabled, send the data packet to the fast forwarding module 21, if not, the data is The packet is sent to the protocol processing module 22;
相应的, 快速转发模块 21 , 还用于为报文接收模块 24发送开启通知, 接收报文接收模块 24发送的数据包; 协议处理模块 22,还用于接收报文接 收模块 24发送的数据包。  Correspondingly, the fast forwarding module 21 is further configured to send a start notification to the message receiving module 24, and receive the data packet sent by the message receiving module 24. The protocol processing module 22 is further configured to receive the data packet sent by the message receiving module 24. .
所述, 快速转发模块 21可以根据实际情况决定是否开启。  The fast forwarding module 21 can determine whether to enable according to the actual situation.
可见, 使用上述模块即可完成经由本地转发的连接中的数据包转发工 作, 其中的快速转发模块可以根据实际情况开启。  It can be seen that the packet forwarding operation in the locally forwarded connection can be completed by using the above module, and the fast forwarding module can be started according to the actual situation.
应用上述方案, 可以在处理一个转发连接的所有数据包的过程中, 将符合转发表的条件的数据包进行提前转发, 这样, 能减少三层设备的 协议栈的处理工作, 达到提高三层设备的处理速度的目的。  With the above solution, in the process of processing all the data packets of a forwarding connection, the data packets that meet the conditions of the forwarding table are forwarded in advance, so that the processing of the protocol stack of the three-layer device can be reduced, and the three-layer device can be improved. The purpose of processing speed.
以上所述, 仅为本发明的较佳实施例而已, 并非用于限定本发明的保 护范围。  The above is only the preferred embodiment of the present invention and is not intended to limit the scope of the present invention.

Claims

权利要求书 Claim
1、 一种快速转发数据包的方法, 其特征在于, 该方法包括:  A method for rapidly forwarding a data packet, the method comprising:
三层设备判断数据包是否能快速转发, 如果能, 则将数据包进行改写 后转发; 如果不能, 则将数据包交由自身协议栈处理后转发。  The Layer 3 device determines whether the data packet can be forwarded quickly. If it can, the data packet is rewritten and then forwarded. If not, the data packet is forwarded by the protocol stack and then forwarded.
2、 根据权利要求 1所述的方法, 其特征在于, 所述判断数据包是否能 快速转发包括: 如果数据包中的互联网协议 IP版本号为 IPV4或 IPV6, 数 据包中的分片标识为不分片,数据包中的 IP协议为传输控制协议 TCP或用 户数据包协议 UDP, 数据包中的五元组与三层设备中所保存的任意一个转 发表中记录的五元组相同, 则数据包能快速转发, 反之则不能快速转发。  2. The method according to claim 1, wherein the determining whether the data packet can be quickly forwarded comprises: if the Internet Protocol IP version number in the data packet is IPV4 or IPV6, the fragment identifier in the data packet is not Fragmentation, the IP protocol in the data packet is the Transmission Control Protocol TCP or the User Datagram Protocol UDP, and the quintuple in the data packet is the same as the quintuple recorded in any one of the forwarding tables stored in the Layer 3 device, then the data Packets can be forwarded quickly, and vice versa cannot be forwarded quickly.
3、 根据权利要求 1所述的方法, 其特征在于, 所述将数据包进行改写 包括: 三层设备利用数据包的五元组选择转发表, 再利用转发表中的信息 将数据包中的源介质访问控制 MAC地址、 目的 MAC地址、 网络地址转换 NAT后的 IP地址、 NAT后的端口号和虚拟局域网 VLAN值替换。  The method according to claim 1, wherein the rewriting the data packet comprises: the three-layer device uses the quintuple of the data packet to select a forwarding table, and then uses the information in the forwarding table to The source medium access control MAC address, destination MAC address, IP address after network address translation NAT, port number after NAT, and virtual LAN VLAN value are replaced.
4、 根据权利要求 3所述的方法, 其特征在于, 所述转发表为记录有一 个连接中能快速转发的数据包的相关信息、 以及快速转发数据包时所需改 写的具体内容; 所述相关信息包括:五元组、 NAT类型、 NAT后的 IP地址、 NAT后的端口号、数据包发送时的源 MAC地址、 目的 MAC地址和 VLAN 值; 所述三层设备中同时存在多个转发表, 使用五元组作为区分各个转发 表的标识。  The method according to claim 3, wherein the forwarding table is related information that records a data packet that can be quickly forwarded in a connection, and specific content that needs to be rewritten when the data packet is quickly forwarded; Related information includes: quintuple, NAT type, IP address after NAT, port number after NAT, source MAC address, destination MAC address, and VLAN value when the packet is sent. Published, using a five-tuple as an identifier to distinguish each forwarding table.
5、 根据权利要求 1所述的方法, 其特征在于, 所述转发之前, 该方法 还包括: 三层设备判断即将被转发的数据包是否满足为其所在的连接建立 转发表的条件, 如果不满足, 则不建立转发表, 如果满足条件, 则利用连 接跟踪表中的信息、 以及即将发送的数据包中的相关信息, 建立转发表并 保存。  The method according to claim 1, wherein before the forwarding, the method further comprises: the layer 3 device determining whether the data packet to be forwarded satisfies the condition for establishing a forwarding table for the connection in which it is located, if not If it is satisfied, the forwarding table is not established. If the condition is met, the forwarding table is created and saved by using the information in the connection tracking table and the related information in the data packet to be transmitted.
6、 根据权利要求 5所述的方法, 其特征在于, 所述数据包是否满足为 其所在的连接建立转发表的条件包括: 根据数据包中的五元组查到对应的 连接跟踪表, 连接跟踪表中帮助函数的使用记录是否为未使用, IP协议是 否为 TCP或 UDP, 且连接状态是否为已建立的连接, 转发标识是否为经过 转发; 查看数据包中的分片标识是否为未分片; 且在三层设备中已有的转 发表中查看是否有记录所述五元组的转发表。 6. The method according to claim 5, wherein the data packet is satisfied The conditions for establishing a forwarding table for the connection are as follows: According to the quintuple in the data packet, the corresponding connection tracking table is found, whether the usage record of the help function in the connection tracking table is unused, whether the IP protocol is TCP or UDP, and Whether the connection status is an established connection, whether the forwarding identifier is forwarded or not; whether the fragmentation identifier in the data packet is unfragmented; and whether the five-yuan is recorded in the forwarding table already existing in the three-layer device. Group forwarding table.
7、 根据权利要求 1所述的方法, 其特征在于, 所述转发之后, 该方法 还包括: 三层设备在任意一个连接跟踪表完成任何一个操作后开启连接跟 踪表中的定时器, 当定时器超时后, 三层设备查询有相同五元组的转发表 的使用情况, 如果在本次查询和上次查询之间, 转发表没有被访问过, 则 三层设备删除转发表, 且删除所述连接跟踪表; 否则不做操作。  The method according to claim 1, wherein after the forwarding, the method further comprises: the three-layer device starting the timer in the connection tracking table after any one of the connection tracking tables is completed, when the timing is After the device times out, the Layer 3 device queries the forwarding table of the same quintuple. If the forwarding table is not accessed between the current query and the last query, the Layer 3 device deletes the forwarding table and deletes the table. The connection tracking table; otherwise, no action is taken.
8、 一种快速转发数据包的三层设备, 其特征在于, 该三层设备包括: 快速转发模块、 协议处理模块和发送模块; 其中,  A three-layer device for rapidly forwarding data packets, wherein the three-layer device includes: a fast forwarding module, a protocol processing module, and a sending module;
快速转发模块, 用于判断数据包是否能快速转发, 能快速转发时, 将 数据包进行改写后发送给发送模块; 不能快速转发时, 将数据包发送给协 议处理模块;  The fast forwarding module is configured to determine whether the data packet can be forwarded quickly. When the data packet can be quickly forwarded, the data packet is rewritten and sent to the sending module. When the data packet cannot be quickly forwarded, the data packet is sent to the protocol processing module.
协议处理模块, 用于接收快速转发模块发送的数据包, 经三层设备的 协议栈处理后发送给发送模块;  a protocol processing module, configured to receive a data packet sent by the fast forwarding module, and send the data packet to the sending module after being processed by the protocol stack of the layer 3 device;
发送模块, 用于接收快速转发模块发送的改写后的数据包、 协议处理 模块发送的经过处理的数据包, 并发送数据包。  The sending module is configured to receive the rewritten data packet sent by the fast forwarding module, the processed data packet sent by the protocol processing module, and send the data packet.
9、 根据权利要求 8所述的三层设备, 其特征在于, 所述快速转发模块 判断数据包是否能快速转发为: 提取数据包中的 IP版本号、 分片标识和五 元组, 如果 IP版本号为 IPV4或 IPV6 , 分片标识为不分片, 五元组中的 IP 协议为 TCP或 UDP, 且用五元组跟模块中所保存的所有转发表做比对, 如 果有相同的五元组出现在转发表中, 则数据包能快速转发, 反之则不能快 速转发。 The Layer 3 device according to claim 8, wherein the fast forwarding module determines whether the data packet can be quickly forwarded as: extracting an IP version number, a fragment identifier, and a quintuple in the data packet, if the IP The version number is IPV4 or IPV6. The fragment ID is not fragmented. The IP protocol in the quintuple is TCP or UDP, and the quintuple is compared with all the forwarding tables saved in the module. If there are the same five When a tuple appears in the forwarding table, the data packet can be forwarded quickly, and vice versa.
10、 根据权利要求 8所述的三层设备, 其特征在于, 所述快速转发模 块将数据包进行改写为: 利用数据包的五元组选中转发表, 再利用转发表 中的信息将数据包中的源 MAC地址、 目的 MAC地址、 NAT后的 IP地址、 NAT后的端口号、 VLAN值进行替换。 The Layer 3 device according to claim 8, wherein the fast forwarding module rewrites the data packet to: use a quintuple of the data packet to select a forwarding table, and then use the information in the forwarding table to use the data packet. The source MAC address, destination MAC address, IP address after NAT, port number after NAT, and VLAN value are replaced.
11、 根据权利要求 8所述的三层设备, 其特征在于,  11. The three-layer device according to claim 8, wherein
所述发送模块, 还用于在发送数据包之前判断数据包是否满足为其建 立转发表的条件, 不满足条件时不故操作, 满足条件时, 则将数据包中建 立转发表所需信息写成建立转发表的通知发给快速转发模块;  The sending module is further configured to determine, before sending the data packet, whether the data packet satisfies the condition for establishing a forwarding table for the data packet, and does not operate when the condition is not met. When the condition is met, the information required to establish the forwarding table in the data packet is written as The notification of establishing the forwarding table is sent to the fast forwarding module;
相应的, 所述快速转发模块, 还用于接收发送模块发送的建立转发表 的通知后提取通知中的信息, 从协议处理模块获取连接跟踪表中建立转发 表所需的信息, 建立转发表;  Correspondingly, the fast forwarding module is further configured to: after receiving the notification of the forwarding table sent by the sending module, extract the information in the notification, obtain the information required to establish the forwarding table in the connection tracking table from the protocol processing module, and establish a forwarding table;
所述协议处理模块, 还用于向快速转发模块发送连接跟踪表中建立转 发表所需的信息。  The protocol processing module is further configured to send, to the fast forwarding module, information required to establish a transfer in the connection tracking table.
12、 根据权利要求 11所述的三层设备, 其特征在于, 所述发送模块, 还用于提取数据包中的五元组和分片标识, 利用五元组写成的获取请求从 协议处理模块中获取相应的连接跟踪表, 如果连接跟踪表中的帮助函数的 使用记录为未使用, IP协议为 TCP或 UDP, 且连接状态为已建立的连接, 转发标识为经过转发, 数据包的分片标识为未分片, 再利用五元组写成比 对指令, 将比对指令发送给快速转发模块, 之后接收快速转发模块返回的 比对结果, 比对结果为不存在所述五元组的转发表, 为所述数据包所在连 接建立转发表;  The three-layer device according to claim 11, wherein the sending module is further configured to extract a quintuple and a shard identifier in the data packet, and use the quintuple to obtain an acquisition request from the protocol processing module. Obtain the corresponding connection tracking table, if the usage record of the help function in the connection tracking table is unused, the IP protocol is TCP or UDP, and the connection status is established connection, the forwarding identifier is forwarded, and the packet is fragmented. The identifier is not fragmented, and the quintuple is used to write the comparison instruction, and the comparison instruction is sent to the fast forwarding module, and then the comparison result returned by the fast forwarding module is received, and the comparison result is that the quintuple does not exist. Publish, establish a forwarding table for the connection where the data packet is located;
相应的, 所述协议处理模块, 还用于接收发送模块发送的获取请求, 分析获取请求中的五元组后查找到所述五元组对应的连接跟踪表, 之后向 发送模块发送连接跟踪表;  Correspondingly, the protocol processing module is further configured to receive an acquisition request sent by the sending module, analyze the quintuple in the obtaining request, find the connection tracking table corresponding to the quintuple, and then send a connection tracking table to the sending module. ;
所述快速转发模块, 还用于接收发送模块的比对指令, 提取比对指令 中的五元组后查找是否有记录所述五元组的转发表, 如果有, 则向发送模 块发送存在所述五元组的转发表的比较结果, 如果没有则向发送模块发送 不存在所述五元组的转发表的比较结果。 The fast forwarding module is further configured to receive a comparison instruction of the sending module, and extract the comparison instruction. After the quintuple in the middle, it is searched whether there is a forwarding table for recording the quintuple, and if so, the comparison result of the forwarding table in which the quintu is present is sent to the sending module, and if not, the non-existing node is sent to the sending module. The comparison result of the five-tuple forwarding table.
13 , 根据权利要求 8所述的三层设备, 其特征在于,  13. The three-layer device according to claim 8, wherein
所述协议处理模块, 进一步用于在任意一个连接跟踪表完成任何一个 操作之后开启所述连接跟踪表中的定时器, 当定时器超时后, 向快速转发 复为转发表在本次查询和上次查询之间从没有被访问过, 则删除所述连接 跟踪表, 并向快速转发模块发送删除有相同五元组的转发表的指令, 否则 不做操作;  The protocol processing module is further configured to start a timer in the connection tracking table after any one of the connection tracking tables completes the operation, and after the timer expires, the fast forwarding is forwarded to the forwarding table in the query and If the secondary query has never been accessed, the connection tracking table is deleted, and the instruction for deleting the forwarding table with the same five-tuple is sent to the fast forwarding module, otherwise the operation is not performed;
相应的, 所述快速转发模块, 还用于接收协议处理模块的询问信息, 根据转发表的使用情况, 发送在本次查询和上次查询之间从没有被访问过 的回复信息或者是在本次查询和上次查询之间被访问过的回复信息, 接收 协议处理模块发送的删除有相同五元组的转发表的指令后删除所述转发 表。  Correspondingly, the fast forwarding module is further configured to receive the query information of the protocol processing module, and send the reply information that has never been visited between the current query and the last query according to the usage of the forwarding table or in the present The reply message that has been accessed between the secondary query and the last query deletes the forwarding table after receiving an instruction sent by the protocol processing module to delete the forwarding table having the same five-tuple.
14、 根据权利要求 8所述的三层设备, 其特征在于, 该三层设备包括: 报文接收模块, 用于接收数据包, 判断快速转发模块是否开启, 如果已开 启, 则将数据包发送给快速转发模块, 如果没有开启, 则将数据包发送给 协议处理模块;  The Layer 3 device according to claim 8, wherein the Layer 3 device comprises: a message receiving module, configured to receive a data packet, determine whether the fast forwarding module is enabled, and if enabled, send the data packet. To the fast forwarding module, if not, sending the data packet to the protocol processing module;
相应的, 所述快速转发模块, 还用于为报文接收模块发送开启通知, 接收报文接收模块发送的数据包;  Correspondingly, the fast forwarding module is further configured to send a start notification to the packet receiving module, and receive the data packet sent by the packet receiving module;
所述协议处理模块, 还用于接收报文接收模块发送的数据包。  The protocol processing module is further configured to receive a data packet sent by the packet receiving module.
PCT/CN2011/082301 2011-06-10 2011-11-16 Method and triple layer device for fast forwarding data packets WO2012167559A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201110155422.2 2011-06-10
CN201110155422.2A CN102821032B (en) 2011-06-10 2011-06-10 A kind of method of fast-forwarding packet and three-layer equipment

Publications (1)

Publication Number Publication Date
WO2012167559A1 true WO2012167559A1 (en) 2012-12-13

Family

ID=47295405

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2011/082301 WO2012167559A1 (en) 2011-06-10 2011-11-16 Method and triple layer device for fast forwarding data packets

Country Status (2)

Country Link
CN (1) CN102821032B (en)
WO (1) WO2012167559A1 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113132273A (en) * 2019-12-30 2021-07-16 华为技术有限公司 Data forwarding method and device
CN113300873A (en) * 2021-02-05 2021-08-24 阿里巴巴集团控股有限公司 Five-tuple hash path-based fault bypassing method and device
CN113360740A (en) * 2021-06-04 2021-09-07 上海天旦网络科技发展有限公司 Data packet labeling method and system
CN114024887A (en) * 2021-11-10 2022-02-08 北京天融信网络安全技术有限公司 Method, device and equipment for processing forwarding table item and storage medium
CN115065735A (en) * 2022-03-08 2022-09-16 阿里巴巴(中国)有限公司 Message processing method and electronic equipment
CN115225483A (en) * 2022-06-29 2022-10-21 北京天融信网络安全技术有限公司 Data packet forwarding method, electronic device and storage medium
CN115549976A (en) * 2022-10-25 2022-12-30 腾云创威信息科技(威海)有限公司 Network connection tracking implementation method and device for controlling forwarding separation

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104283923A (en) * 2013-07-08 2015-01-14 中兴通讯股份有限公司 Method and device for network device data forwarding
CN103647716A (en) * 2013-11-22 2014-03-19 上海斐讯数据通信技术有限公司 A data packet rapid forwarding method and an apparatus
CN104168311A (en) * 2014-07-31 2014-11-26 华为技术有限公司 Service processing method, device and system
CN104243631A (en) * 2014-10-13 2014-12-24 北京太一星晨信息技术有限公司 Method and device for stateful conversion between IPv4 address and IPv6 address
CN106656815A (en) * 2015-10-30 2017-05-10 阿里巴巴集团控股有限公司 Virtual network message processing method and device
CN107493242B (en) * 2016-06-12 2022-01-25 中兴通讯股份有限公司 Data message forwarding method, data forwarding device and communication system
CN107872545B (en) * 2017-09-26 2022-12-06 中兴通讯股份有限公司 Message transmission method and device and computer readable storage medium
CN108848202B (en) * 2018-06-21 2021-05-04 Oppo(重庆)智能科技有限公司 Electronic device, data transmission method and related product
CN111510513B (en) * 2020-01-03 2022-08-30 普联国际有限公司 MAP-E link acceleration method, device, storage medium and network equipment
CN112615867B (en) * 2020-12-22 2022-07-12 北京天融信网络安全技术有限公司 Data packet detection method and device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6457061B1 (en) * 1998-11-24 2002-09-24 Pmc-Sierra Method and apparatus for performing internet network address translation
CN1585376A (en) * 2003-08-20 2005-02-23 华为技术有限公司 Addressing converting method and mixed addressing converting router for realizing it
CN101068212A (en) * 2007-06-11 2007-11-07 中兴通讯股份有限公司 Network address switching retransmitting device and method
CN101834805A (en) * 2010-05-31 2010-09-15 西南交通大学 Method for implementing traversing of stream control transmission protocol message to network address translation equipment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6457061B1 (en) * 1998-11-24 2002-09-24 Pmc-Sierra Method and apparatus for performing internet network address translation
CN1585376A (en) * 2003-08-20 2005-02-23 华为技术有限公司 Addressing converting method and mixed addressing converting router for realizing it
CN101068212A (en) * 2007-06-11 2007-11-07 中兴通讯股份有限公司 Network address switching retransmitting device and method
CN101834805A (en) * 2010-05-31 2010-09-15 西南交通大学 Method for implementing traversing of stream control transmission protocol message to network address translation equipment

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113132273A (en) * 2019-12-30 2021-07-16 华为技术有限公司 Data forwarding method and device
CN113132273B (en) * 2019-12-30 2024-04-12 华为技术有限公司 Data forwarding method and device
CN113300873A (en) * 2021-02-05 2021-08-24 阿里巴巴集团控股有限公司 Five-tuple hash path-based fault bypassing method and device
CN113300873B (en) * 2021-02-05 2024-05-24 阿里巴巴集团控股有限公司 Fault detour method and device based on five-tuple hash path
CN113360740A (en) * 2021-06-04 2021-09-07 上海天旦网络科技发展有限公司 Data packet labeling method and system
CN113360740B (en) * 2021-06-04 2022-10-11 上海天旦网络科技发展有限公司 Data packet labeling method and system
CN114024887A (en) * 2021-11-10 2022-02-08 北京天融信网络安全技术有限公司 Method, device and equipment for processing forwarding table item and storage medium
CN115065735A (en) * 2022-03-08 2022-09-16 阿里巴巴(中国)有限公司 Message processing method and electronic equipment
CN115225483A (en) * 2022-06-29 2022-10-21 北京天融信网络安全技术有限公司 Data packet forwarding method, electronic device and storage medium
CN115549976A (en) * 2022-10-25 2022-12-30 腾云创威信息科技(威海)有限公司 Network connection tracking implementation method and device for controlling forwarding separation
CN115549976B (en) * 2022-10-25 2023-10-27 腾云创威信息科技(威海)有限公司 Network connection tracking implementation method for controlling forwarding separation

Also Published As

Publication number Publication date
CN102821032B (en) 2016-12-28
CN102821032A (en) 2012-12-12

Similar Documents

Publication Publication Date Title
WO2012167559A1 (en) Method and triple layer device for fast forwarding data packets
WO2017000878A1 (en) Message processing
WO2014101501A1 (en) Nat implementation system, method, and openflow switch
US20210036953A1 (en) Flow modification including shared context
WO2017156908A1 (en) Method and device for forwarding packet
US20040044778A1 (en) Accessing an entity inside a private network
US20140286342A1 (en) Method for generating entry, method for receiving packet, and corresponding apparatus and system
US20170033992A1 (en) METHOD FOR PROCESSING VxLAN DATA UNITS
WO2009052668A1 (en) A nat-pt device and a load-sharing method for nat-pt device
WO2012151904A1 (en) Data packet forwarding method and device
JP6752141B2 (en) Methods and forwarders for processing packets
WO2014036890A1 (en) Method and device for network bridge of wireless network device forwarding package in client mode
EP3462713B1 (en) Nat entry management method and apparatus, and nat device
WO2016115698A1 (en) Data packet forwarding method, apparatus and device
JP2018527813A (en) Realization of cloud platform security
US8934489B2 (en) Routing device and method for processing network packet thereof
WO2014067486A1 (en) Packet forwarding method and relevant device
JP4111968B2 (en) Tunneling method and tunneling apparatus for multicasting
WO2012088934A1 (en) Method and switching device for filtering messages
US9749262B2 (en) Packet processing method and forwarding element
WO2015027401A1 (en) Packet processing method, device and system
JP5720162B2 (en) Communication system, switching hub, and router
WO2018177353A1 (en) Multicast data forwarding method and apparatus
WO2014205660A1 (en) Method, apparatus and routing device for forwarding data packet
CN103561026A (en) Method and device for updating hardware access control list and switch

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11867408

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11867408

Country of ref document: EP

Kind code of ref document: A1