WO2013020429A1 - 网络处理器镜像实现方法及网络处理器 - Google Patents
网络处理器镜像实现方法及网络处理器 Download PDFInfo
- Publication number
- WO2013020429A1 WO2013020429A1 PCT/CN2012/078200 CN2012078200W WO2013020429A1 WO 2013020429 A1 WO2013020429 A1 WO 2013020429A1 CN 2012078200 W CN2012078200 W CN 2012078200W WO 2013020429 A1 WO2013020429 A1 WO 2013020429A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- packet
- port
- mirrored
- index number
- header
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/90—Buffering arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
Definitions
- the present invention relates to the field of communications technologies, and in particular, to a network processor image implementing method and a network processor.
- BACKGROUND With the rapid development of network technologies, the growth of network traffic and the emergence of new services, higher requirements are imposed on the wire speed and flexible processing capabilities of network devices. With its high-speed forwarding performance, reliability and flexible programmability, network processors have become an effective solution for network data processing.
- Data mirroring is a common function of network devices. The principle is to copy the data stream of one physical port or the specific stream conforming to a certain rule to another designated monitoring port, where the data stream of the physical port is copied to another The specified monitoring port is called port mirroring; copying a specific stream that conforms to a certain rule to another designated monitoring port is called flow mirroring.
- the forwarding process of the mirrored message in the related art needs to be implemented by relatively complicated hardware, thereby increasing system resources and costs.
- the present invention provides a network processor image implementation method and a network processor, so as to at least solve the problem that the forwarding process of the mirrored message in the related art needs to be implemented through relatively complicated hardware, aiming at reducing system resources and costs. .
- the present invention provides a method for implementing a network processor image, comprising: a network processor acquiring a packet header of an original packet entering a buffer unit from a source port, where the original packet is assigned an index number; The index number is carried in the packet header and sent to the micro engine unit; the packet header is microcode processed, and the mirrored export information is obtained from the preset mirror table according to the index number; The original packet in the unit is re-linked with the microcode-processed packet header to form a mirrored packet, which is sent out from the mirrored port indicated by the export information of the mirror.
- the method further includes: the network processor receiving the original packet from the source port and storing the original packet in the cache unit, and Assigning the index number to the original message; copying a packet header of the original packet, and carrying the index number in the copied packet header to be sent to the micro engine unit; by querying the port table or The access control list obtains the export information of the image; and the export information of the image is saved in the preset mirror table by using the index number as a storage index number.
- the method further includes: performing microcode processing on the copied packet header; and processing the microcode-processed packet header
- the packet is sent to the buffer unit; the original packet in the buffer unit is re-linked with the microcode-processed packet header to form a destination packet, and is sent out from the destination port.
- the mirrored exit information includes a mirrored port number corresponding to the mirrored packet.
- the port table or the access control list includes a correspondence between the source port and the mirror port.
- the mirror table, the port table and the access control list are stored in an internal or external memory.
- the present invention further provides a network processor for implementing a mirroring, comprising: a buffer unit, configured to acquire a packet header of an original packet that enters the buffer unit from a source port, where the original packet is assigned an index number; And configured to receive a packet header from the cache unit and carrying the index number, perform microcode processing on the packet header, and obtain mirrored export information from the preset mirror table according to the index number. And a sending unit, configured to re-link the original packet in the buffer unit with the microcode-processed header to form a mirrored packet, and send the image from the mirrored port indicated by the export information of the mirror.
- a network processor for implementing a mirroring, comprising: a buffer unit, configured to acquire a packet header of an original packet that enters the buffer unit from a source port, where the original packet is assigned an index number; And configured to receive a packet header from the cache unit and carrying the index number, perform microcode processing on the packet header, and obtain mirrored export information from the preset mirror table according to the
- the buffer unit is further configured to receive the original packet from the source port and save, assign the index number to the original packet, copy a header of the original packet, and The index number is carried in the copied packet header and sent to the micro engine unit.
- the micro engine unit is further configured to obtain the export information of the mirror by querying the port table or the access control list; The storage index number saves the export information of the mirror in the preset mirror table.
- the micro engine unit is further configured to perform microcode processing on the copied packet header; send the microcode processed packet header to the cache unit; and the sending unit is further configured to The original packet in the buffer unit is re-linked with the microcode-processed packet header to form a destination packet, which is sent out from the destination port.
- the mirrored egress information includes a mirrored port number corresponding to the mirrored packet; the port table or the access control list includes a correspondence between the source port and the mirrored port.
- the method for implementing the network processor image and the network processor of the present invention utilizes the packet forwarding process in the related art to implement the forwarding of the mirrored message, and in the process of forwarding the original packet from the source port to the destination port,
- the engine unit performs microcode processing on the packet header, and queries the port table or the access control list to obtain the mirrored export information, and corresponding to the index number assigned by the cache unit carried in the packet header, and saves the obtained mirrored export information in the pre-prepared
- the header of the original packet is copied to the micro engine unit for microcode processing, but the content of the packet header is not changed, and then the index number is used.
- FIG. 1 is a schematic diagram of a structure of a network processor of the related art and a packet forwarding manner;
- FIG. 2 is a schematic flowchart of a method for implementing a mirroring method of a network processor according to the present invention;
- the solution of the embodiment of the present invention is mainly: forwarding the mirrored packet by using the packet forwarding process of the related technology, and transmitting the packet header through the micro engine unit in the process of forwarding the original packet from the source port to the destination port. Performing the microcode processing, querying the port table or the ACL to obtain the mirrored export information, and corresponding to the index number assigned by the cache unit carried in the packet header, and storing the obtained mirrored export information in the preset mirror table.
- the header of the original packet is sent to the micro engine unit for microcode processing, but the content of the packet is not changed, and then the default mirror table is used according to the index number.
- the corresponding mirrored egress information is obtained, and the original packet and the packet header carrying the egress information are re-linked, and then sent out from the corresponding mirror port to save system resources and costs.
- the network processor of the related art performs the forwarding process of the original packet, and introduces an index number allocated by the buffer unit for the original packet and an exit information for storing the mirror image. Mirrored table. As shown in FIG. 1, FIG.
- Step 1 The forwarding process of the original packet of the related art in the network processor is as follows: Step 1: The original packet enters the network processor from the source physical port, first enters the message buffering unit, and allocates a buffer area in the packet buffering unit; 2. Copy the packet header from the original packet into the micro-engine of the network processor. Step 3: The packet header is processed by the micro-engine microcode, and the modified packet header is sent out from the micro-engine and re-entered into the packet buffer. In step 4, the original packet is taken out from the buffer unit, and reassembled with the new packet header to form a new packet, which is sent to the destination port. As shown in FIG.
- an embodiment of the present invention provides a method for implementing a network processor image, including: Step S101: A network processor acquires a packet header of an original packet that enters a buffer unit from a source port, where the original packet is allocated. The index number is carried in the packet header and sent to the micro-engine unit. After the original packet enters the network processor from the source port, it first enters the cache unit in the network processor, and the cache unit is assigned an index number. To perform the mirroring of the original packet, you need to obtain the export information of the mirror, such as the mirror port number. The export information of the mirror is pre-stored in a preset mirror table. The mapping between the index number of the original packet in the cache unit and the mirrored port number of the original packet is stored.
- the mirror table can be stored in the internal memory of the network processor or in an external memory outside the network processor.
- the micro-engine processing process of the original packet can be queried by the micro-engine unit to query the mirrored export information in the preset mirror table.
- the index number is carried in the packet header and sent to the micro-engine unit; so that the mirror table is queried through the micro-engine unit and the index number to obtain the corresponding mirrored export information.
- Step S102 Perform microcode processing on the packet header, and obtain the mirrored export information from the preset mirror table according to the index number.
- the micro engine unit performs microcode processing on the packet header from the buffer unit, and carries the packet according to the packet header.
- the index number gets the mirrored exit information from the preset mirror table.
- the packet header carrying the mirrored egress information is returned to the cache unit. Since the original packet is mirrored and forwarded, the packet header does not change the content when the microcode processing is performed in the micro engine unit, just to obtain the image. Export information.
- the original packet in the buffer unit is re-linked with the microcode-processed packet header to form a mirrored packet, and is sent out from the mirrored port indicated by the mirrored export information.
- the network processor After the packet header carrying the mirrored egress information enters the buffer unit, the network processor re-links the original packet in the buffer unit with the microcode-processed packet header to form a mirrored packet, and the mirror image is indicated by the egress information.
- the port is sent out to implement mirroring of the original packet.
- Step S201 The network processor receives the original message from the source port and stores the original message in the buffer unit, and allocates an index number to the original message. After the original message enters the network processor from the source port, the network device first enters the cache unit. The cache unit allocates an index number to the cache unit as a unique identifier for querying the mirror port number corresponding to the original packet from the mirror table.
- Step S202 copying a packet header of the original packet, and carrying the index number in the copied packet header to be sent to the micro engine unit;
- the normal forwarding of the original packet is the forwarding process from the source port to the destination port.
- the forwarding process of the mirrored message proceeds to the following step S203.
- Step S203: Obtain the mirrored export information by querying the port table or the access control list.
- the mirrored export information includes the mirrored port number forwarded by the original packet mirror.
- the port table corresponds to the port mirroring scenario, and the access control list corresponds to the traffic mirroring scenario.
- the port table or ACL includes the mapping between the source port and the mirror port.
- the micro engine obtains the mirrored egress information by querying the port table when performing microcode processing on the copied packet header. If flow mirroring is required, the microengine performs microcode processing on the copied packet header. When the query access control list is queried, the mirrored exit information is obtained.
- the query port table and the access control list may be stored in the internal memory of the network processor or in an external memory outside the network processor.
- the exported mirroring information is saved in the preset mirroring table, and the index number is the original packet in the cache. The index number stored in the unit.
- the mirroring table reflects the correspondence between the index number of the original packet in the cache unit and the mirrored port number of the original packet.
- the mirror table can be stored in the internal memory of the network processor or in an external memory outside the network processor.
- Step S205 The network processor re-copyes a packet header of the original packet that enters the buffer unit from the source port, and carries the index number of the original packet in the packet header to be sent to the micro-engine unit; when port mirroring or flow mirroring is required
- the network processor selects the original packet to be mirrored from the cache unit, re-copyes the header of the original packet, and carries the index number assigned by the buffer unit to the original packet in the header of the packet.
- Engine unit The network processor re-copyes a packet header of the original packet that enters the buffer unit from the source port, and carries the index number of the original packet in the packet header to be sent to the micro-engine unit.
- Step S206 Perform microcode processing on the packet header, and obtain the mirrored export information from the preset mirror table according to the index number.
- the micro engine unit performs microcode processing on the packet header from the buffer unit, because it is a mirrored packet.
- the microcode processing in the forwarding process does not change the content of the packet header, but obtains the mirrored export information from the preset mirror table by using the index number carried in the packet header.
- step S207 the original packet in the buffer unit is re-linked with the microcode-processed packet header to form a mirrored packet, which is sent out from the mirrored port indicated by the mirrored export information.
- the network processor After obtaining the exit information of the mirrored image of the original packet, the network processor re-links the original packet to be mirrored in the buffer unit with the microcode-processed packet header to form a mirrored packet, and sends the mirrored packet from the mirrored export information. Go out.
- the embodiment further includes: Step S208: performing microcode processing on the copied packet header; Step S209, processing the microcode after processing The packet header is sent to the buffer unit.
- step S310 the original packet in the buffer unit is re-linked with the microcode-processed packet header to form a destination packet, which is sent out from the destination port.
- the above steps S208, S209, and S310 are the same as the normal forwarding process of the original packet of the related art, and are not described in detail herein.
- the mirroring of the original packet is implemented, and the original packet is forwarded from the source port to the destination port.
- the packet forwarding process of the related technology is used to forward the mirrored packet, and the mirrored packet is mirrored.
- the forwarding process is flexible and versatile, with strong application, which greatly saves system resources and costs.
- an embodiment of the present invention provides a network processor that implements mirroring, including: a buffer unit 301, a micro engine unit 302, and a sending unit 303, where: a buffer unit 301 is configured to acquire the source port to enter the The packet header of the original packet of the buffer unit 301, the original packet is assigned an index number; the micro engine unit 302 is configured to receive the packet header from the buffer unit 301 and carrying the index number, and perform microcode processing on the packet header.
- the sending unit 303 is configured to re-link the original packet in the buffer unit 301 and the microcode processed header to form a mirrored message, The mirrored port indicated by the mirrored exit information is sent out.
- the buffer unit 301 is further configured to receive and save the original packet from the source port, and allocate an index number for the original packet; The header, and the index number is carried in the copied packet header and sent to the micro engine unit 302.
- the micro engine unit 302 is further configured to obtain the mirrored export information by querying the port table or the access control list; using the index number as the storage index number Save the exported export information in the preset mirror table.
- the micro engine unit 302 is further configured to perform microcode processing on the copied message header; the microcode processed message header is sent to the buffer unit 301; and the sending unit 303 is further configured to set the original message in the buffer unit 301. Re-linking with the microcode-processed packet header to form a destination packet, which is sent out from the destination port.
- the packet after the original packet enters the network processor from the source port of the network processor, the packet first enters the buffer unit 301 in the network processor, and the cache unit 301 Assign an index number to the original packet as the unique identifier of the egress information of the subsequent lookup mirror. Then, the original packet obtains the mirrored export information for the forwarding of the mirrored packet through its normal forwarding process.
- the buffer unit 301 copies a header of the original packet, and carries the index of the original packet in the buffer unit 301 in the header to be sent to the micro-engine unit 302, and the micro-engine unit 302 reports the incoming packet.
- the header performs microcode processing.
- the micro engine unit 302 changes the content of the packet header, and sends the microcode processed header to the buffer unit 301, and the sending unit 303 caches the buffer.
- the original packet in 301 is re-linked with the microcode-processed packet header to form a final packet, which is sent out from the destination port.
- the obtaining of the destination port information is performed by the micro engine unit 302 in performing microcode processing on the packet header, by querying the MAC table (corresponding to the Layer 2 forwarding of the original packet) or the routing table (corresponding to the original packet) Layer forwarding) to achieve. This process belongs to the related art and will not be described in detail herein.
- the micro-engine unit 302 performs the micro-code processing on the packet header, and obtains the mirrored export information of the original packet by querying the port table or the access control list, and the mirrored export information includes the mirror image corresponding to the mirrored packet.
- the port table or the access control list includes the mapping between the source port and the mirror port.
- the port table corresponds to the port mirroring scenario, and the access control list corresponds to the traffic mirroring scenario.
- the micro engine unit 302 saves the exported information of the mirrored image in the preset mirror table, and uses the index number stored in the cache unit 301 of the original message as the index number of the mirrored export information stored in the mirror table.
- the buffer unit 301 re-copyes the header of the original packet, and carries the index number of the original packet in the buffer unit 301 in the header to be sent to the micro-engine unit 302, through the micro-engine unit.
- 302 Perform microcode processing on the packet header to obtain the exit information of the corresponding mirror in the mirror table. Because it is the forwarding process of the mirrored message, the micro-engine processing of the packet header by the micro-engine unit 302 does not change the content of the packet header, but is processed by microcode, and the index number is used as the query identifier. The mirrored export information is obtained, and the mirrored export information is carried in the packet header and returned to the cache unit 301. Finally, the sending unit 303 re-links the original message in the buffer unit 301 with the microcode-processed message header to form a mirrored message, which is sent out from the mirrored port indicated by the mirrored export information.
- the network processor mirroring implementation method and the network processor in the embodiment of the present invention use the packet forwarding process of the related technology to forward the mirrored packet.
- the micro engine unit pairs The packet header is subjected to microcode processing, and the port table or the access control list is used to obtain the mirrored export information, and the index of the mirrored image is stored in the preset mirror image.
- the header of the original packet is copied to the micro engine unit for microcode processing, but the content of the packet header is not changed, and then the preset is based on the index number.
- the mirroring table obtains the corresponding mirrored egress information, and re-links the original packet and the packet header carrying the egress information, and then sends the mirrored packet to the mirror port.
- the forwarding process is flexible and versatile, has strong application, and can save system resources and costs.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Information Transfer Between Computers (AREA)
- Computer And Data Communications (AREA)
Abstract
本发明涉及一种网络处理器镜像实现方法及网络处理器,其方法包括:网络处理器获取从源端口进入缓存单元的原始报文的报文头,原始报文分配有一索引号;将索引号携带于报文头中送入微引擎单元;对报文头进行微码处理,并根据索引号从预设的镜像表中获取镜像的出口信息;将缓存单元中的原始报文与微码处理后的报文头重新链接形成镜像报文,从镜像的出口信息指示的镜像端口发送出去。本发明利用相关技术中的报文转发流程实现镜像报文的转发,其镜像报文的转发过程灵活、通用,具有较强的应用性,并可节省系统资源及成本。
Description
网络处理器镜像实现方法及网络处理器 技术领域 本发明涉及通信技术领域,尤其涉及一种网络处理器镜像实现方法及网络处理器。 背景技术 随着网络技术的飞速发展, 网络流量的增长以及新业务的出现, 对网络设备的线 速、 灵活的处理能力提出了更高的要求。 网络处理器凭借其高速转发性能、 可靠性以 及灵活的可编程性, 已成为目前网络数据处理的有效解决方案。 数据镜像是网络设备的一个常用功能, 其原理是将一个物理端口的数据流或者符 合某种规则的特定流复制到另一个指定的监控端口上, 其中, 将物理端口的数据流复 制到另一指定的监控端口上称为端口镜像; 将符合某种规则的特定流复制到另一个指 定的监控端口上称为流镜像。 通过镜像可以在监控端口上获取被镜像端口的数据, 以 便进行网络流量分析、 错误诊断等。 相关技术中的镜像报文的转发过程需要通过较为复杂的硬件来实现, 由此增加了 系统资源和成本。 发明内容 本发明提供了一种网络处理器镜像实现方法及网络处理器, 以至少解决相关技术 中的镜像报文的转发过程需要通过较为复杂的硬件来实现的问题, 旨在降低系统资源 和成本。 为了达到上述目的, 本发明提出一种网络处理器镜像实现方法, 包括: 网络处理器获取从源端口进入缓存单元的原始报文的报文头, 所述原始报文分配 有一索引号; 将所述索引号携带于所述报文头中送入微引擎单元; 对所述报文头进行微码处理, 并根据所述索引号从预设的镜像表中获取镜像的出 口信息; 将所述缓存单元中的原始报文与微码处理后的报文头重新链接形成镜像报文, 从 所述镜像的出口信息指示的镜像端口发送出去。
优选地, 所述网络处理器获取从源端口进入缓存单元的原始报文的报文头的步骤 之前还包括: 网络处理器从源端口接收所述原始报文存入所述缓存单元, 并为所述原始报文分 配所述索引号; 复制一份所述原始报文的报文头, 并将所述索引号携带于所述复制的报文头中送 入微引擎单元; 通过查询端口表或访问控制列表获取所述镜像的出口信息; 以所述索引号为存储索引号将所述镜像的出口信息保存于所述预设的镜像表中。 优选地, 所述将索引号携带于所述复制的报文头中送入微引擎单元的步骤之后还 包括: 对所述复制的报文头进行微码处理; 将微码处理后的报文头送入所述缓存单元; 将所述缓存单元中的原始报文与微码处理后的报文头重新链接形成目的报文, 从 目的端口发送出去。 优选地, 所述镜像的出口信息包括所述镜像报文对应的镜像端口号。 优选地, 所述端口表或访问控制列表包括所述源端口与镜像端口的对应关系。 优选地, 所述镜像表、 端口表及访问控制列表存储于内部或外部存储器中。 本发明还提出一种实现镜像的网络处理器, 包括: 缓存单元, 设置为获取从源端口进入该缓存单元的原始报文的报文头, 所述原始 报文分配有一索引号; 微引擎单元, 设置为接收来自所述缓存单元并携带有所述索引号的报文头, 对所 述报文头进行微码处理; 并根据所述索引号从预设的镜像表中获取镜像的出口信息; 发送单元, 设置为将所述缓存单元中的原始报文与微码处理后的报文头重新链接 形成镜像报文, 从所述镜像的出口信息指示的镜像端口发送出去。
优选地, 所述缓存单元, 还设置为从源端口接收所述原始报文并保存, 为所述原 始报文分配所述索引号; 复制一份所述原始报文的报文头, 并将所述索引号携带于所 述复制的报文头中送入微引擎单元; 所述微引擎单元, 还设置为通过查询端口表或访问控制列表获取所述镜像的出口 信息;以所述索引号为存储索引号将所述镜像的出口信息保存于所述预设的镜像表中。 优选地, 所述微引擎单元, 还设置为对所述复制的报文头进行微码处理; 将微码 处理后的报文头送入所述缓存单元; 所述发送单元, 还设置为将所述缓存单元中的原始报文与微码处理后的报文头重 新链接形成目的报文, 从目的端口发送出去。 优选地, 所述镜像的出口信息包括所述镜像报文对应的镜像端口号; 所述端口表 或访问控制列表包括所述源端口与镜像端口的对应关系。
本发明提出的一种网络处理器镜像实现方法及网络处理器, 利用相关技术中的报 文转发流程实现镜像报文的转发, 在原始报文从源端口至目的端口的转发过程中, 通 过微引擎单元对报文头进行微码处理, 查询端口表或访问控制列表获取镜像的出口信 息, 并对应报文头携带的缓存单元为其分配的索引号, 将获取的镜像的出口信息保存 于预设的镜像表中, 当需要对原始报文进行镜像转发时, 重新复制一份原始报文的报 文头送入微引擎单元进行微码处理, 但不改变报文头的内容, 然后根据索引号从预设 的镜像表中获取相应的镜像的出口信息, 将原始报文和携带有出口信息的报文头重新 链接后, 从相应的镜像端口发送出去, 从而实现镜像报文的转发, 本发明镜像报文的 转发过程灵活、 通用, 具有较强的应用性, 并可节省系统资源及成本。 附图说明 图 1是相关技术的网络处理器的结构及报文转发示意图; 图 2是本发明网络处理器镜像实现方法一实施例流程示意图; 图 3是本发明网络处理器镜像实现方法另一实施例流程示意图; 以及 图 4是本发明实现镜像的网络处理器一实施例结构示意图。 为了使本发明的技术方案更加清楚、 明了, 下面将结合附图作进一步详述。
具体实施方式 本发明实施例解决方案主要是: 利用相关技术的报文转发流程实现镜像报文的转 发, 在原始报文从源端口至目的端口的转发过程中, 通过微引擎单元对报文头进行微 码处理, 查询端口表或访问控制列表获取镜像的出口信息, 并对应报文头携带的缓存 单元为其分配的索引号, 将获取的镜像的出口信息保存于预设的镜像表中, 当需要对 原始报文进行镜像转发时, 重新复制一份原始报文的报文头送入微引擎单元进行微码 处理, 但不改变报文头的内容, 然后根据索引号从预设的镜像表中获取相应的镜像的 出口信息, 将原始报文和携带有出口信息的报文头重新链接后, 从相应的镜像端口发 送出去, 以节省系统资源及成本。 具体地, 为了实现镜像报文的转发, 本发明在相关技术的网络处理器进行原始报 文的转发流程的基础上, 引入缓存单元为原始报文分配的索引号及用于存储镜像的出 口信息的镜像表。 如图 1所示, 图 1为相关技术的网络处理器的结构及报文转发示意图。 相关技术 的原始报文在网络处理器中的转发过程为: 步骤①, 原始报文从源物理端口进入网络处理器, 首先进入报文缓存单元, 在报 文缓存单元中分配一块缓存区域; 步骤②, 从原始报文中复制报文头部进入网络处理器的微引擎; 步骤③, 报文头经过微引擎的微码处理, 修改后的报文头从微引擎出来, 重新进 入报文缓存单元; 步骤④, 从缓存单元中取出原始报文, 与新的报文头重组后形成新的报文, 发送 到目的端口。 如图 2所示, 本发明一实施例提出一种网络处理器镜像实现方法, 包括: 步骤 S101 , 网络处理器获取从源端口进入缓存单元的原始报文的报文头, 原始报 文分配有一索引号; 将索引号携带于报文头中送入微引擎单元; 其中, 原始报文从源端口进入网络处理器后, 首先进入网络处理器中的缓存单元, 缓存单元为其分配有一索引号。 为了实现原始报文的镜像转发,需要获取该原始报文需要转发的镜像的出口信息, 比如镜像端口号, 上述镜像的出口信息预先存储于一张预设的镜像表中, 该镜像表中
存储有原始报文在缓存单元中的索引号与该原始报文的镜像端口号的对应关系。 镜像 表可以存储于网络处理器的内部存储器中, 也可存储于网络处理器之外的外部存储器 中。 通过微引擎单元对原始报文的微码处理过程可以查询到该预设的镜像表中的镜像 的出口信息。 本实施例将索引号携带于报文头中, 送入微引擎单元; 以便后续通过微引擎单元 及索引号查询镜像表, 获取相应的镜像的出口信息。 步骤 S102, 对报文头进行微码处理, 并根据索引号从预设的镜像表中获取镜像的 出口信息; 微引擎单元对来自缓存单元的报文头进行微码处理, 根据报文头携带的索引号从 预设的镜像表中获取镜像的出口信息。 之后, 将携带有镜像的出口信息的报文头返回 至缓存单元, 由于是对原始报文的镜像转发, 报文头在微引擎单元中进行微码处理时 没有改变内容, 仅仅是为了获取镜像的出口信息。 步骤 S103 ,将缓存单元中的原始报文与微码处理后的报文头重新链接形成镜像报 文, 从镜像的出口信息指示的镜像端口发送出去。 携带有镜像的出口信息的报文头进入缓存单元后, 网络处理器将缓存单元中的原 始报文与微码处理后的报文头重新链接形成镜像报文, 从镜像的出口信息指示的镜像 端口发送出去, 从而实现了原始报文的镜像转发。
如图 3所示, 本发明另一实施例提出一种网络处理器镜像实现方法, 与上述实施 例的区别在于, 本实施例在实现原始报文的镜像转发的同时, 还可实现原始报文从源 端口至目的端口的正常转发。 该方法具体包括: 步骤 S201 , 网络处理器从源端口接收原始报文存入缓存单元, 并为原始报文分配 一索引号; 原始报文从源端口进入网络处理器后, 首先进入缓存单元进行缓存, 缓存单元为 其分配一索引号, 作为后续从镜像表中查询原始报文对应的镜像端口号的唯一标识。 步骤 S202, 复制一份原始报文的报文头, 并将索引号携带于复制的报文头中送入 微引擎单元;
原始报文的正常转发即从源端口至目的端口的转发流程, 详见下述步骤 S208、 步 骤 S209和步骤 S310。 镜像报文的转发流程则进入下述步骤 S203。 步骤 S203 , 通过查询端口表或访问控制列表获取镜像的出口信息; 其中, 镜像的出口信息包括原始报文镜像转发的镜像端口号。 端口表对应端口镜 像的场景, 访问控制列表对应流镜像的场景。 端口表或访问控制列表包括源端口与镜 像端口的对应关系。 如果需要进行端口镜像, 微引擎在对复制的报文头进行微码处理时, 通过查询端 口表获取镜像的出口信息; 如果需要进行流镜像, 微引擎在对复制的报文头进行微码 处理时, 通过查询访问控制列表获取镜像的出口信息。 查询端口表及访问控制列表可以存储于网络处理器的内部存储器中, 也可存储于 网络处理器之外的外部存储器中。 步骤 S204, 以索引号为存储索引号将镜像的出口信息保存于预设的镜像表中; 将获取的镜像的出口信息保存于预设的镜像表中, 其存放索引号为原始报文在缓 存单元中存放的索引号。 上述镜像表反映出原始报文在缓存单元中的索引号与该原始报文的镜像端口号的 对应关系。 镜像表可以存储于网络处理器的内部存储器中, 也可存储于网络处理器之 外的外部存储器中。 步骤 S205 , 网络处理器重新复制一份从源端口进入缓存单元的原始报文的报文 头, 将原始报文的索引号携带于报文头中送入微引擎单元; 当需要端口镜像或流镜像时,网络处理器从缓存单元中选择需要镜像的原始报文, 重新复制一份该原始报文的报文头, 并将缓存单元为原始报文分配的索引号携带于报 文头中送入微引擎单元。 步骤 S206, 对报文头进行微码处理, 并根据索引号从预设的镜像表中获取镜像的 出口信息; 微引擎单元对来自缓存单元的报文头进行微码处理, 由于是镜像报文转发流程中 的微码处理, 此微码处理过程不改变报文头的内容, 而是通过报文头携带的索引号从 预设的镜像表中获取镜像的出口信息。
步骤 S207,将缓存单元中的原始报文与微码处理后的报文头重新链接形成镜像报 文, 从镜像的出口信息指示的镜像端口发送出去。 获得原始报文的镜像的出口信息之后, 网络处理器将缓存单元中待镜像的原始报 文与微码处理后的报文头重新链接形成镜像报文, 从镜像的出口信息指示的镜像端口 发送出去。 此外, 作为原始报文从源端口至目的端口的正常转发流程, 本实施例在步骤 S202 之后还包括: 步骤 S208, 对复制的报文头进行微码处理; 步骤 S209, 将微码处理后的报文头送入缓存单元; 步骤 S310,将缓存单元中的原始报文与微码处理后的报文头重新链接形成目的报 文, 从目的端口发送出去。 上述步骤 S208、步骤 S209及步骤 S310与相关技术的原始报文的正常转发流程相 同, 在此不作详述。 本实施例实现了原始报文的镜像转发, 同时还实现了原始报文从源端口至目的端 口的正常转发, 充分利用相关技术的报文转发流程实现镜像报文的转发, 且镜像报文 的转发过程灵活、 通用, 具有较强的应用性, 大大节省系统资源及成本。
如图 4所示, 本发明一实施例提出一种实现镜像的网络处理器, 包括: 缓存单元 301、 微引擎单元 302及发送单元 303, 其中: 缓存单元 301, 设置为获取从源端口进入该缓存单元 301 的原始报文的报文头, 原始报文分配有一索引号; 微引擎单元 302, 设置为接收来自缓存单元 301并携带有索引号的报文头, 对报 文头进行微码处理; 并根据索引号从预设的镜像表中获取镜像的出口信息; 发送单元 303, 设置为将缓存单元 301 中的原始报文与微码处理后的报文头重新 链接形成镜像报文, 从镜像的出口信息指示的镜像端口发送出去。
进一步, 在原始报文从源端口至目的端口的正常转发过程中, 缓存单元 301还设 置为从源端口接收原始报文并保存, 为原始报文分配索引号; 复制一份原始报文的报 文头, 并将索引号携带于复制的报文头中送入微引擎单元 302; 微引擎单元 302, 还设置为通过查询端口表或访问控制列表获取镜像的出口信息; 以索引号为存储索引号将镜像的出口信息保存于预设的镜像表中。 同时, 微引擎单元 302还设置为对复制的报文头进行微码处理; 将微码处理后的 报文头送入缓存单元 301 ; 发送单元 303还设置为将缓存单元 301中的原始报文与微码处理后的报文头重新 链接形成目的报文, 从目的端口发送出去。 以下详细说明本实施例中网络处理器进行镜像报文转发的功能原理: 原始报文从网络处理器的源端口进入网络处理器的后, 首先进入网络处理器内的 缓存单元 301, 缓存单元 301为原始报文分配一索引号, 作为后续查找镜像的出口信 息的唯一标识。 之后, 原始报文通过其正常的转发流程为镜像报文的转发获取镜像的出口信息。 具体地,缓存单元 301复制一份原始报文的报文头,并将原始报文在缓存单元 301 的索引号携带在上述报文头中送入微引擎单元 302, 微引擎单元 302对进入的报文头 进行微码处理, 作为原始报文的正常转发流程,微引擎单元 302将改变报文头的内容, 并将微码处理后的报文头送回缓存单元 301, 发送单元 303将缓存单元 301中的原始 报文与经过微码处理后的报文头重新链接后形成最终报文, 从目的端口发送出去。 其中, 对目的端口信息的获取, 是在微引擎单元 302对报文头进行微码处理过程 中, 通过查询 MAC表 (对应原始报文的二层转发) 或者路由表 (对应原始报文的三 层转发) 来实现的。 此过程属于相关技术, 在此不作详述。 本实施例在微引擎单元 302对报文头进行微码处理的过程中, 通过查询端口表或 访问控制列表, 获取原始报文的镜像的出口信息, 镜像的出口信息包括镜像报文对应 的镜像端口号。上述端口表或访问控制列表包括源端口与镜像端口的对应关系。其中, 端口表对应端口镜像的场景, 访问控制列表对应流镜像的场景。 微引擎单元 302将查询的镜像的出口信息保存于预设的镜像表中, 并以原始报文 在缓存单元 301中存储的索引号作为镜像的出口信息在上述镜像表中存储的索引号。
当需要镜像时, 在缓存单元 301重新复制一份原始报文的报文头, 并将原始报文 在缓存单元 301中的索引号携带于报文头中送入微引擎单元 302,通过微引擎单元 302 对报文头的微码处理, 获取镜像表中的对应的镜像的出口信息。 由于是镜像报文的转 发过程, 此时微引擎单元 302对报文头的微码处理并不会改变报文头的内容, 而是通 过微码处理, 以索引号为查询标识, 从镜像表中获取镜像的出口信息, 并将镜像的出 口信息携带于报文头中返回缓存单元 301。 最后, 通过发送单元 303将缓存单元 301中的原始报文与微码处理后的报文头重 新链接形成镜像报文, 从镜像的出口信息指示的镜像端口发送出去。
本发明实施例网络处理器镜像实现方法及网络处理器, 利用相关技术的报文转发 流程实现镜像报文的转发, 在原始报文从源端口至目的端口的转发过程中, 通过微引 擎单元对报文头进行微码处理, 查询端口表或访问控制列表获取镜像的出口信息, 并 对应报文头携带的缓存单元为其分配的索引号, 将获取的镜像的出口信息保存于预设 的镜像表中, 当需要对原始报文进行镜像转发时, 重新复制一份原始报文的报文头送 入微引擎单元进行微码处理, 但不改变报文头的内容, 然后根据索引号从预设的镜像 表中获取相应的镜像的出口信息,将原始报文和携带有出口信息的报文头重新链接后, 从相应的镜像端口发送出去, 从而实现镜像报文的转发, 本发明镜像报文的转发过程 灵活、 通用, 具有较强的应用性, 并可节省系统资源及成本。 以上所述仅为本发明的优选实施例, 并非因此限制本发明的专利范围, 凡是利用 本发明说明书及附图内容所作的等效结构或流程变换, 或直接或间接运用在其它相关 的技术领域, 均同理包括在本发明的专利保护范围内。
Claims
权 利 要 求 书 、 一种网络处理器镜像实现方法, 包括:
网络处理器获取从源端口进入缓存单元的原始报文的报文头, 所述原始报 文分配有一索引号; 将所述索引号携带于所述报文头中送入微引擎单元; 对所述报文头进行微码处理, 并根据所述索引号从预设的镜像表中获取镜 像的出口信息;
将所述缓存单元中的原始报文与微码处理后的报文头重新链接形成镜像报 文, 从所述镜像的出口信息指示的镜像端口发送出去。 、 根据权利要求 1所述的方法, 其中, 所述网络处理器获取从源端口进入缓存单 元的原始报文的报文头的步骤之前还包括:
网络处理器从源端口接收所述原始报文存入所述缓存单元, 并为所述原始 报文分配所述索引号;
复制一份所述原始报文的报文头, 并将所述索引号携带于所述复制的报文 头中送入微引擎单元;
通过查询端口表或访问控制列表获取所述镜像的出口信息;
以所述索引号为存储索引号将所述镜像的出口信息保存于所述预设的镜像 表中。 、 根据权利要求 2所述的方法, 其中, 所述将索引号携带于所述复制的报文头中 送入微引擎单元的步骤之后还包括:
对所述复制的报文头进行微码处理;
将微码处理后的报文头送入所述缓存单元;
将所述缓存单元中的原始报文与微码处理后的报文头重新链接形成目的报 文, 从目的端口发送出去。 、 根据权利要求 1至 3中任一项所述的方法, 其中, 所述镜像的出口信息包括所 述镜像报文对应的镜像端口号。 、 根据权利要求 2或 3所述的方法, 其中, 所述端口表或访问控制列表包括所述 源端口与镜像端口的对应关系。
、 根据权利要求 5所述的方法, 其中, 所述镜像表、 端口表及访问控制列表存储 于内部或外部存储器中。 、 一种实现镜像的网络处理器, 包括:
缓存单元, 设置为获取从源端口进入该缓存单元的原始报文的报文头, 所 述原始报文分配有一索引号;
微引擎单元,设置为接收来自所述缓存单元并携带有所述索引号的报文头, 对所述报文头进行微码处理; 并根据所述索引号从预设的镜像表中获取镜像的 出口信息;
发送单元, 设置为将所述缓存单元中的原始报文与微码处理后的报文头重 新链接形成镜像报文, 从所述镜像的出口信息指示的镜像端口发送出去。 、 根据权利要求 7所述的网络处理器, 其中, 所述缓存单元, 还设置为从源端口接收所述原始报文并保存, 为所述原始 报文分配所述索引号; 复制一份所述原始报文的报文头, 并将所述索引号携带 于所述复制的报文头中送入微引擎单元;
所述微引擎单元, 还设置为通过查询端口表或访问控制列表获取所述镜像 的出口信息; 以所述索引号为存储索引号将所述镜像的出口信息保存于所述预 设的镜像表中。 、 根据权利要求 8所述的网络处理器, 其中, 所述微引擎单元, 还设置为对所述复制的报文头进行微码处理; 将微码处 理后的报文头送入所述缓存单元;
所述发送单元, 还设置为将所述缓存单元中的原始报文与微码处理后的报 文头重新链接形成目的报文, 从目的端口发送出去。 0、 根据权利要求 8或 9所述的网络处理器, 其中, 所述镜像的出口信息包括所述 镜像报文对应的镜像端口号; 所述端口表或访问控制列表包括所述源端口与镜 像端口的对应关系。
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201110229672.6 | 2011-08-11 | ||
CN201110229672.6A CN102932262B (zh) | 2011-08-11 | 2011-08-11 | 网络处理器镜像实现方法及网络处理器 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2013020429A1 true WO2013020429A1 (zh) | 2013-02-14 |
Family
ID=47646969
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2012/078200 WO2013020429A1 (zh) | 2011-08-11 | 2012-07-04 | 网络处理器镜像实现方法及网络处理器 |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN102932262B (zh) |
WO (1) | WO2013020429A1 (zh) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113507415A (zh) * | 2021-05-31 | 2021-10-15 | 新华三信息安全技术有限公司 | 一种表项处理方法及装置 |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105700859A (zh) * | 2014-11-25 | 2016-06-22 | 中兴通讯股份有限公司 | 一种基于网络处理器实现硬件表遍历的方法及装置 |
CN105141546A (zh) * | 2015-07-06 | 2015-12-09 | 浪潮集团有限公司 | 一种降低数据转发过程中fifo开销的方法 |
CN107438035B (zh) * | 2016-05-25 | 2021-11-12 | 中兴通讯股份有限公司 | 一种网络处理器、网络处理方法和系统、单板 |
CN109120533A (zh) * | 2018-11-19 | 2019-01-01 | 迈普通信技术股份有限公司 | 一种报文发送方法及路由设备 |
CN111901255A (zh) * | 2020-06-10 | 2020-11-06 | 中国电信股份有限公司重庆分公司 | 一种用于网络设备快速包镜像转发的方法和装置 |
CN112953949B (zh) * | 2021-03-01 | 2023-01-06 | 恒安嘉新(北京)科技股份公司 | 一种网络报文的报文头处理方法、装置、设备及存储介质 |
CN114095513B (zh) * | 2021-11-26 | 2024-03-29 | 苏州盛科科技有限公司 | 有限带宽场景下转发流量和镜像流量调度的方法及应用 |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1556626A (zh) * | 2003-12-30 | 2004-12-22 | 实现多播转发的方法 | |
CN1595910A (zh) * | 2004-06-25 | 2005-03-16 | 中国科学院计算技术研究所 | 一种网络处理器的数据包接收接口部件及其存储管理方法 |
CN101257457A (zh) * | 2008-03-31 | 2008-09-03 | 华为技术有限公司 | 网络处理器复制报文的方法和网络处理器 |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7486674B2 (en) * | 2003-04-28 | 2009-02-03 | Alcatel-Lucent Usa Inc. | Data mirroring in a service |
CN100493004C (zh) * | 2007-04-04 | 2009-05-27 | 杭州华三通信技术有限公司 | 支持远程报文镜像的报文镜像方法和网络设备 |
CN101707550B (zh) * | 2009-11-30 | 2012-01-25 | 中兴通讯股份有限公司 | 一种确定镜像数据流的方法和设备 |
-
2011
- 2011-08-11 CN CN201110229672.6A patent/CN102932262B/zh active Active
-
2012
- 2012-07-04 WO PCT/CN2012/078200 patent/WO2013020429A1/zh active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1556626A (zh) * | 2003-12-30 | 2004-12-22 | 实现多播转发的方法 | |
CN1595910A (zh) * | 2004-06-25 | 2005-03-16 | 中国科学院计算技术研究所 | 一种网络处理器的数据包接收接口部件及其存储管理方法 |
CN101257457A (zh) * | 2008-03-31 | 2008-09-03 | 华为技术有限公司 | 网络处理器复制报文的方法和网络处理器 |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113507415A (zh) * | 2021-05-31 | 2021-10-15 | 新华三信息安全技术有限公司 | 一种表项处理方法及装置 |
CN113507415B (zh) * | 2021-05-31 | 2022-11-18 | 新华三信息安全技术有限公司 | 一种表项处理方法及装置 |
Also Published As
Publication number | Publication date |
---|---|
CN102932262A (zh) | 2013-02-13 |
CN102932262B (zh) | 2018-02-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2013020429A1 (zh) | 网络处理器镜像实现方法及网络处理器 | |
US7894451B2 (en) | Method of providing virtual router functionality | |
US8630294B1 (en) | Dynamic bypass mechanism to alleviate bloom filter bank contention | |
US10778612B2 (en) | Variable TCAM actions | |
EP1791060B1 (en) | Apparatus performing network processing functions | |
WO2014206364A1 (zh) | 一种多级流表查找方法和装置 | |
WO2016107379A1 (zh) | 一种发送报文的方法和装置 | |
WO2015014187A1 (zh) | 一种支持多租户的数据转发方法和装置 | |
US20150172156A1 (en) | Detecting end hosts in a distributed network environment | |
WO2018177409A1 (zh) | 一种报文传输方法及装置 | |
WO2011147371A1 (zh) | 一种实现虚拟机间数据传输的方法和系统 | |
WO2014023003A1 (zh) | 控制数据传输的方法、装置和系统 | |
WO2019101118A1 (zh) | 指定转发者选举 | |
WO2015109478A1 (zh) | 实现arp的方法、交换设备及控制设备 | |
KR20150082282A (ko) | 데이터 플로우 처리를 위한 방법 및 디바이스 | |
US12107695B2 (en) | Multicast routing | |
WO2015070755A1 (zh) | 网络安全方法和设备 | |
US20180167313A1 (en) | Sdn-based arp implementation method and apparatus | |
US7362772B1 (en) | Network processing pipeline chipset for routing and host packet processing | |
US20150281376A1 (en) | System and method for device registration and discovery in content-centric networks | |
WO2016138845A1 (zh) | 一种实现协议报文上送cpu的方法和装置 | |
WO2014169812A1 (zh) | 报文的转发处理方法及装置 | |
WO2024159962A1 (zh) | 虚拟实例的流量镜像方法、装置、虚拟机平台及存储介质 | |
WO2014201600A1 (zh) | 一种会话管理方法、地址管理方法及相关装置 | |
US8605732B2 (en) | Method of providing virtual router functionality |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 12822859 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 12822859 Country of ref document: EP Kind code of ref document: A1 |