WO2014187406A1 - Parallel-mode p2p scrambling method, device and system - Google Patents

Parallel-mode p2p scrambling method, device and system Download PDF

Info

Publication number
WO2014187406A1
WO2014187406A1 PCT/CN2014/079616 CN2014079616W WO2014187406A1 WO 2014187406 A1 WO2014187406 A1 WO 2014187406A1 CN 2014079616 W CN2014079616 W CN 2014079616W WO 2014187406 A1 WO2014187406 A1 WO 2014187406A1
Authority
WO
WIPO (PCT)
Prior art keywords
client
packet
data stream
data
server
Prior art date
Application number
PCT/CN2014/079616
Other languages
French (fr)
Chinese (zh)
Inventor
朱玉石
李冰
吴丽梅
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2014187406A1 publication Critical patent/WO2014187406A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks

Definitions

  • the present invention relates to the field of communications, and in particular to a parallel mode P2P scrambling method, apparatus and system.
  • P2P peer-to-peer
  • HTTP Hypertext Transfer Protocol
  • the main traffic on the Internet is not only the traditional Hypertext Transfer Protocol (HTTP) traffic, but also the P2P traffic. It occupies a large part of the total traffic and occupies a large amount of network bandwidth resources, causing network congestion and affecting the normal operation of other network services.
  • no effective solution has been proposed yet.
  • a parallel mode P2P scrambling method includes: acquiring a data flow of a backbone network, performing protocol identification on a packet corresponding to the data flow of the backbone network, and determining a point to Pointing a P2P data stream of the P2P type protocol; transmitting an interference packet to the P2P link corresponding to the P2P data stream, and scrambling the P2P data stream; wherein the sender of the interference packet is sent and the backbone network Connected in parallel.
  • scrambling the P2P data stream includes at least one of: performing flow control on the P2P data stream by using a TCP window misalignment method, where the TCP window misalignment method is used to control the interference packet by sending the interference packet Transmitting and transmitting packet speed of the P2P link; blocking the P2P data stream.
  • the TCP window misalignment method includes: a client masquerading as the P2P link, sending a plurality of acknowledgement ACK packets to the server of the P2P link in a unit time, so that the client discards the sent by the server a client masquerading as the P2P link, requesting, from the server, a plurality of data packets discarded by the client according to a preset packet sending speed, and pretending that the server sends the server to the client The multiple packets discarded by the client.
  • the number of the multiple ACK packets is greater than a first threshold, so that the server responds to the multiple
  • the ACK packet sends a plurality of data packets to the client, causing the plurality of data packets to exceed the window of the client
  • the plurality of data packets are discarded by the client, and the receiving window of the client and the sending window of the server are misplaced, and the server sends an ACK packet to the client that processes the data packet in the cache.
  • sending the interference packet to the P2P link corresponding to the P2P data stream includes: detecting a bandwidth of a user where the P2P data stream is located; and if the bandwidth exceeds a maximum allowed bandwidth, The P2P link sends the interference packet.
  • a parallel mode P2P scrambling device which is connected in parallel with a backbone network, the device comprising: an identification module configured to acquire a data stream of the backbone network, to the backbone The packet corresponding to the data flow of the network is subjected to protocol identification, and the P2P data stream of the P2P type protocol is determined.
  • the scrambling code module is configured to send an interference packet to the P2P link corresponding to the P2P data flow, and the P2P is sent to the P2P.
  • the data stream is scrambled.
  • the scrambling code module is configured to perform scrambling on the P2P data stream, including at least one of: performing flow control on the P2P data stream by using a TCP window misalignment method, where the TCP window misalignment method is used to pass Transmitting the interference packet to control a packet transmission speed of the P2P link; blocking the P2P data stream.
  • the TCP window misalignment method includes: a client masquerading as the P2P link, sending a plurality of acknowledgement ACK packets to the server of the P2P link in a unit time, so that the client discards the sent by the server a client masquerading as the P2P link, requesting, from the server, a plurality of data packets discarded by the client according to a preset packet sending speed, and pretending that the server sends the server to the client The multiple packets discarded by the client.
  • the number of the plurality of ACK packets is greater than a first threshold, such that the server sends a plurality of data packets to the client in response to the plurality of ACK packets, thereby causing the plurality of data packets to exceed the client a window of the end, the plurality of data packets are discarded by the client, the receiving window of the client is misplaced with the sending window of the server, and the server sends an ACK packet to the client in processing the data packet in the cache.
  • the scrambling code module is further configured to detect a bandwidth of a user where the P2P data stream is located, and send the interference packet to the P2P link if the bandwidth exceeds a maximum allowed bandwidth.
  • a parallel mode P2P scrambling system comprising a backbone network, configured to transmit a data stream; the apparatus according to any one of the sixth to tenth aspects,
  • the backbone networks are connected in parallel, configured to identify P2P data streams in the data stream, and to scramble the P2P data streams by transmitting interference packets to the backbone network.
  • the embodiment of the present invention obtains a data flow of a backbone network, performs protocol identification on a packet corresponding to the data flow of the backbone network, and determines a P2P data flow of a point-to-point P2P type protocol, corresponding to the P2P data flow.
  • FIG. 1 is a flow chart of a parallel mode P2P scrambling method according to an embodiment of the present invention
  • FIG. 2 is a structural diagram of a parallel mode P2P scrambling apparatus according to an embodiment of the present invention
  • Figure 4 is a block diagram of a parallel mode P2P scrambling system of an embodiment
  • Figure 4 is a flow diagram of a method for P2P scrambling in a parallel mode P2P scrambling system in accordance with a preferred embodiment of the present invention
  • Figure 5 is a preferred embodiment in accordance with the present invention.
  • FIG. 1 is a flowchart of a parallel mode P2P scrambling code method according to an embodiment of the present invention. As shown in FIG. 1, the method includes the following steps: Step S102, acquiring a trunk a data flow of the network, performing protocol identification on the packet corresponding to the data flow of the backbone network, and determining a P2P data flow of the P2P-type protocol from the point-to-point; and sending an interference packet to the P2P link corresponding to the P2P data flow, in step S104, The P2P data stream is scrambled. The sender that sends the interference packet is connected in parallel with the backbone network.
  • the network data stream is obtained, the protocol corresponding to the network data stream is protocol-recoordinated, the P2P data stream of the P2P-type protocol is determined, the interference packet is sent to the P2P data stream, and the P2P data stream is interfered.
  • the code solves the problem of network congestion caused by peer-to-peer technology and improves the utilization of network bandwidth resources.
  • scrambling the P2P data stream may include at least one of the following: performing flow control on the P2P data stream by using a TCP window misalignment method, where the TCP window misalignment method is used to transmit interference
  • the packet controls the packet transmission speed of the P2P link to block the P2P data stream.
  • the TCP window misalignment method may include: a client masquerading as a P2P link, sending multiple ACK packets to a P2P link server in a unit time, so that the client discards the server sending a plurality of data packets; a client masquerading as a P2P link requests a plurality of data packets discarded by the client according to a preset packet sending speed, and pretends that the server sends the data discarded by the client to the client. Packet, such a parallel mode P2P scrambling system controls the packet transmission and reception speed of the P2P link without causing fast retransmission.
  • the multiple ACK packets are preset ACK packets, and the multiple data packets are preset number of data packets corresponding to the multiple ACK packets.
  • the TCP window misalignment method may further include: a client masquerading as a P2P link, sending a plurality of ACK packets to a server of the P2P link in a unit time, wherein the multiple ACKs The number of packets is greater than the first threshold, so that the server sends multiple data packets to the client in response to multiple ACK packets, thereby causing the multiple data packets to exceed the client window, multiple data packets are discarded by the client, and the client receiving window and The server's send window is misplaced, and the server does not respond to the ACK packet sent by the client in the processing buffer.
  • the P2P data stream when the P2P data stream does not affect the normal operation of the network service, the P2P data stream may not be controlled by sending an interference packet to the P2P data stream.
  • the interference packet is sent to the P2P data stream to control the P2P data stream, thereby improving bandwidth utilization.
  • a parallel mode P2P scrambling device is also provided, and the device is configured to implement the foregoing method, which has been described in the above embodiments, and details are not described herein again. It should be noted that the name of the module in the following device does not constitute a practical limitation of the module.
  • the identification module can be expressed as "acquiring a network data stream, and performing protocol identification on the packet corresponding to the network data stream.
  • Point-to-point P2P-type protocol P2P data stream the following modules can be implemented in the processor, for example, the identification module can be expressed as "a processor, obtain a network data stream, and correspond to the network data stream” Perform protocol identification to determine the P2P data stream of the point-to-point P2P class protocol, or "a processor, including the identification module”.
  • 2 is a structural diagram of a parallel mode P2P scrambling apparatus according to an embodiment of the present invention. The apparatus is connected in parallel with a backbone network. As shown in FIG.
  • the apparatus 20 includes: an identification module 22 and a scrambling code module 24, The device is described in detail.
  • the identification module 22 is configured to acquire a data flow of the backbone network, perform protocol identification on a packet corresponding to the data flow of the backbone network, and determine a P2P data flow of a point-to-point P2P type protocol;
  • the scrambling code module 24 is set to Transmitting an interference packet to a P2P link corresponding to the P2P data stream, and scrambling the P2P data stream; and the foregoing device solves the problem of network congestion caused by the peer-to-peer technology, and improves network bandwidth resource utilization.
  • the scrambling code module 24 is configured to scramble the P2P data stream, including at least one of the following: performing flow control on the P2P data stream by using a TCP window misalignment method, where the TCP window misalignment method is used.
  • the packet transmission speed of the P2P link is controlled by sending an interference packet; the P2P data stream is blocked.
  • the TCP window misalignment method may include: a client masquerading as the P2P link, sending a plurality of acknowledgement ACK packets to the server of the P2P link in a unit time, so that the client discards the sending by the server a plurality of data packets; a client masquerading as the P2P link, requesting, by the server, a plurality of data packets discarded by the client according to a preset packet sending speed, and pretending that the server sends the data packet to the client Multiple data packets discarded by the client.
  • the number of the multiple ACK packets is greater than a first threshold, so that the server sends multiple data packets to the client in response to the multiple ACK packets, thereby causing the multiple data packets to exceed the client.
  • a window the plurality of data packets are discarded by the client, the receiving window of the client and the sending window of the server are misaligned, and the server sends an ACK packet to the client in a data packet processed by the cache.
  • the scrambling code module 24 is further configured to detect the bandwidth of the user where the P2P data stream is located; and to transmit the interference packet to the P2P data stream if the bandwidth exceeds the maximum allowed bandwidth.
  • FIG. 3 is a block diagram of a parallel mode P2P scrambling system according to a preferred embodiment of the present invention. As shown in FIG. 3, the parallel mode P2P scrambling code is shown.
  • the system includes a parallel mode P2P scrambling device 30 and a backbone network 38.
  • Parallel mode P2P scrambling device 30 includes deep traffic awareness (Deep) Packet Inspection (referred to as DPI) protocol parsing module 32, P2P flow state analysis and flow rate detecting module 34 and P2P interference packet sending module 36, wherein DPI protocol parsing module 32 and P2P flow state analysis and flow rate detecting module 34 are equivalent to FIG.
  • the identification module 22 and the P2P interference packet transmission module 36 are equivalent to the scrambling code module 24 in FIG.
  • the parallel mode P2P scrambling device 30 is connected in parallel with the backbone network 38, and the specific connection manner is as follows:
  • the DPI protocol parsing module 32 is connected in parallel with the backbone network 38 to acquire data streams from the backbone network 38;
  • P2P flow state analysis and flow rate detecting module 34 is connected to the DPI protocol parsing module 32, according to the data stream obtained by the DPI protocol parsing module 32, identifying the P2P data stream, and determining whether an interference packet needs to be sent;
  • the P2P interference packet sending module 36-end and P2P flow state analysis and flow rate detecting module 34 is connected, and the other end is connected in parallel with the backbone network 38, and is arranged to transmit an interference packet to the backbone network 38 according to the notification of the P2P flow state analysis and the flow rate detection module 34.
  • the device is described in detail below:
  • the DPI protocol parsing module 32 is configured to perform protocol identification on all the packets in the backbone network 38, and send the data stream identified as the P2P class protocol to the P2P flow state analysis and flow rate detecting module 34.
  • the P2P flow state analysis and flow rate detecting module 34 is configured to analyze the state of the current P2P data stream, detect the P2P bandwidth of the user where the current P2P data stream is located, and notify the P2P interference packet sending module 36 to perform packet interference if the maximum allowed bandwidth is exceeded.
  • the P2P interference packet transmitting module 36 is configured to send an interference packet to the backbone network 38.
  • the TCP packet misplacement method may be used to send the interference packet: the client masquerading as the P2P link sends a plurality of acknowledgement ACK packets to the server of the P2P link in a unit time, so that the client discards the server.
  • Sending a plurality of data packets; the client masquerading as the P2P link requests the server for a plurality of data packets discarded by the client according to a preset packet sending speed, and pretending to be the server to the client
  • the terminal sends multiple data packets discarded by the client.
  • the number of the multiple ACK packets is greater than a first threshold, so that the server sends multiple data packets to the client in response to the multiple ACK packets, thereby causing the multiple data packets to exceed the client.
  • a window the plurality of data packets are discarded by the client, the receiving window of the client and the sending window of the server are misaligned, and the server sends an ACK packet to the client in a data packet processed by the cache. Respond.
  • Step S402 the DPI protocol parsing module 32 acquires all network data traffic through the optical splitting device.
  • Step S404 the DPI protocol parsing module 32 performs protocol identification on all the packets, and sends the data stream identified as the P2P class protocol to the P2P flow state analysis and flow rate detecting module 34.
  • Step S406 the P2P flow state analysis and flow rate detecting module 34 analyzes the state of the current P2P data stream, detects the P2P bandwidth of the user where the current P2P data stream is located, and notifies the P2P interference packet sending module 36 to perform packet interference if the maximum allowed bandwidth is exceeded.
  • Step S408 the P2P interference packet sending module 36 sends an interference packet to the corresponding P2P link of the P2P data stream through the control channel, so as to achieve the purpose of flow control or blocking the P2P data stream.
  • the parallel mode P2P scrambling device adopts a mode in parallel with the backbone network, and the entire device does not belong to the network element of the backbone network, so there is no risk of failure of the entire backbone network due to possible failure of the parallel mode P2P scrambling device.
  • the parallel mode P2P scrambling device can effectively reduce the proportion of P2P data traffic in the total traffic, control the occupation of network bandwidth resources by P2P applications, and solve the problem of network congestion caused by excessive P2P data traffic.
  • Preferred Embodiment 3 is a block and flow control of a P2P data stream based on a TCP protocol. The following describes the blocking method and the flow control method:
  • the blocking of the P2P data stream may be a combination of the following three methods.
  • the parallel mode P2P scrambling device switches to another method to block again if it finds that one method is invalid.
  • the first method Send the RST packet method in one direction. That is, the parallel mode P2P scrambling device masquerades as a client (Client) to send a RST packet to the server (Server), or pretends that the Client sends a RST packet to the server, so that the link is broken, and the blocking effect on the controlled flow has been achieved.
  • the second method Send the RST packet method in both directions.
  • the parallel mode P2P scrambling device pretends that the client sends a packet RST packet to the server, and the Internet Service Group (ISG) masquerades the server to send a packet to the client. By breaking the link, the blocking effect on the controlled flow has been achieved.
  • the third method Send the SYN packet method. That is, the parallel mode P2P scrambling device is disguised as a client, and the link is broken by sending a SYN packet located in the window to the server to achieve a blocking effect on the controlled flow.
  • the flow control of the P2P data stream can be a combination of the following two methods.
  • the parallel mode P2P scrambling code system switches to another method to perform flow control again when it finds that one method is invalid.
  • the first method Modifying the Transmission Control Protocol (TCP) sliding window method This method uses the data sender to advertise the receiving window size of the data receiver to control the speed of data transmission.
  • the second method TCP window misalignment method
  • FIG. 5 is a schematic diagram of a TCP window misalignment method according to a preferred embodiment of the present invention. As shown in FIG.
  • Parallel mode P2P scrambling system is disguised as The client sends a valid ACK packet to the server (Server), so that the server sends a data packet to the client as soon as possible.
  • the packet exceeds the client window, the packet is discarded by the client.
  • the client's receiving window and the server's sending window are completely misaligned.
  • the ACK packet sent to the server will be regarded as a duplicate ACK packet by the server (the parallel mode P2P scrambling device has spoofed the client to send the ACK packet), so the server will ignore the ACK packet of the client. .
  • the ACK packet sent by the client after processing all the packets in the cache is regarded as a duplicate ACK packet by the server, so the server does not repeatedly send the packet discarded by the client to the client.
  • the ISG masquerades as a server to send the client the packet discarded by the client, and pretends that the client sends an ACK to the server to request a new data packet.
  • Such a parallel mode P2P scrambling device controls the packet transmission speed of the entire link. In the parallel mode P2P scrambling system control link, for each data packet Server will receive two identical ACK packets at different times, so it will not cause fast retransmission.
  • the preferred embodiment is based on the P2P blocking and flow control of the User Datagram Protocol (UDP) protocol, and the content is as follows: Obtain a network data stream, and report the network data stream corresponding to the network data stream. The UDP protocol is identified, the P2P data stream of the UDP protocol is determined, the icmp interference packet is sent to the P2P data stream, and the P2P data stream is scrambled. The port is unreachable by sending an icmp interference packet to achieve the blocking and flow control effect on the controlled flow.
  • UDP User Datagram Protocol
  • the above preferred embodiment is a parallel mode P2P scrambling device attached to a high performance ISG system, which implements flow control and blocking of the P2P data stream by performing packet interference on the P2P data stream, thereby achieving proper control of P2P data traffic. Not only can you save bandwidth resources, solve network congestion problems, but also enable other network services to work normally. Obviously, those skilled in the art should understand that the above modules or steps of the present invention can be implemented by a general-purpose computing device, which can be concentrated on a single computing device or distributed over a network composed of multiple computing devices.
  • the invention is not limited to any specific combination of hardware and software.
  • the above are only the preferred embodiments of the present invention, and are not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and scope of the present invention are intended to be included within the scope of the present invention.
  • a parallel mode P2P scrambling code method, apparatus, and system provided by an embodiment of the present invention have the following beneficial effects: Flow control and blocking of a P2P data stream by performing packet interference on a P2P data stream The proper control of P2P data traffic is achieved, which not only saves bandwidth resources, solves network congestion problems, but also enables other network services to operate normally.

Abstract

Disclosed are a parallel-mode P2P scrambling method, device and system. The method comprises: acquiring a data stream of a backbone network, conducting protocol identification on a message corresponding to a data stream of the backbone network, determining a P2P data stream of a peer-to-peer (P2P) type protocol, and sending an interference package to a P2P link corresponding to the P2P data stream to scramble the P2P data stream, wherein a sender, which sends the interference package, is connected to the backbone network in parallel. The present invention solves the problem of network congestion caused by the peer-to-peer technology, and improves the utilization rate of a network bandwidth resource.

Description

并联模式 P2P扰码方法、 装置及系统 技术领域 本发明涉及通信领域, 具体而言, 涉及一种并联模式 P2P扰码方法、装置及系统。 背景技术 随着点对点 (peer-2-peer,简称为 P2P)技术的不断发展, 目前因特网 (internet)上主 要流量已经不只是传统超文本传输协议 (Hypertext Transfer Protocol, 简称为 HTTP) 流量, P2P流量占据了总流量的很大一部分, 占用了大量的网络带宽资源, 造成网络 拥塞, 影响了其他网络业务的正常进行。 针对相关技术中点对点技术导致的网络拥塞的问题, 目前尚未提出有效的解决方案。 发明内容 本发明实施例提供了一种并联模式 P2P扰码方法、 装置及系统, 以至少解决上述 问题。 根据本发明实施例的一个方面,提供了一种并联模式 P2P扰码方法,该方法包括: 获取主干网络的数据流, 对所述主干网络的数据流对应的报文进行协议识别, 确定点 到点 P2P类协议的 P2P数据流; 向与所述 P2P数据流相应的 P2P链路发送干扰包, 对 所述 P2P数据流进行扰码;其中,发送所述干扰包的发送方与所述主干网络并联连接。 优选地, 对所述 P2P数据流进行扰码包括以下至少之一: 通过 TCP窗口错位方法 对所述 P2P数据流进行流控,其中所述 TCP窗口错位方法用于通过发送所述干扰包控 制所述 P2P链路的收发包速度; 对所述 P2P数据流进行阻断。 优选地, TCP窗口错位方法包括: 伪装成所述 P2P链路的客户端, 在单位时间内 向所述 P2P链路的服务器发送多个确认 ACK包, 使得所述客户端丢弃所述服务器发 送的多个数据包; 伪装成所述 P2P链路的客户端, 按照预设的发包速度向所述服务器 索要所述客户端丢弃的多个数据包, 并伪装成所述服务器向所述客户端发送所述客户 端丢弃的多个数据包。 优选地, 所述多个 ACK包的数量大于第一阈值, 使得所述服务器响应所述多个 TECHNICAL FIELD The present invention relates to the field of communications, and in particular to a parallel mode P2P scrambling method, apparatus and system. BACKGROUND With the continuous development of peer-to-peer (P2P) technology, the main traffic on the Internet is not only the traditional Hypertext Transfer Protocol (HTTP) traffic, but also the P2P traffic. It occupies a large part of the total traffic and occupies a large amount of network bandwidth resources, causing network congestion and affecting the normal operation of other network services. In view of the problem of network congestion caused by peer-to-peer technology in related technologies, no effective solution has been proposed yet. SUMMARY OF THE INVENTION Embodiments of the present invention provide a parallel mode P2P scrambling code method, apparatus, and system to solve at least the above problems. According to an aspect of the present invention, a parallel mode P2P scrambling method is provided. The method includes: acquiring a data flow of a backbone network, performing protocol identification on a packet corresponding to the data flow of the backbone network, and determining a point to Pointing a P2P data stream of the P2P type protocol; transmitting an interference packet to the P2P link corresponding to the P2P data stream, and scrambling the P2P data stream; wherein the sender of the interference packet is sent and the backbone network Connected in parallel. Preferably, scrambling the P2P data stream includes at least one of: performing flow control on the P2P data stream by using a TCP window misalignment method, where the TCP window misalignment method is used to control the interference packet by sending the interference packet Transmitting and transmitting packet speed of the P2P link; blocking the P2P data stream. Preferably, the TCP window misalignment method includes: a client masquerading as the P2P link, sending a plurality of acknowledgement ACK packets to the server of the P2P link in a unit time, so that the client discards the sent by the server a client masquerading as the P2P link, requesting, from the server, a plurality of data packets discarded by the client according to a preset packet sending speed, and pretending that the server sends the server to the client The multiple packets discarded by the client. Preferably, the number of the multiple ACK packets is greater than a first threshold, so that the server responds to the multiple
ACK包向所述客户端发送多个数据包,从而导致所述多个数据包超出所述客户端的窗 口, 所述多个数据包被所述客户端丢弃, 所述客户端的接收窗口和所述服务器的发送 窗口错位, 所述服务器对所述客户端在处理缓存中的数据包发送的 ACK包不予响应。 优选地, 向与所述 P2P数据流相应的所述 P2P链路发送所述干扰包包括: 检测所 述 P2P数据流所在用户的带宽; 在所述带宽超出所允许的最大带宽的情况下, 向所述 P2P链路发送所述干扰包。 根据本发明实施例的另一个方面, 提供了一种并联模式 P2P扰码装置, 该装置与 主干网络并联, 该装置包括: 识别模块, 设置为获取所述主干网络的数据流, 对所述 主干网络的数据流对应的报文进行协议识别, 确定点到点 P2P类协议的 P2P数据流; 扰码模块, 设置为向与所述 P2P数据流相应的 P2P链路发送干扰包, 对所述 P2P数据 流进行扰码。 优选地, 所述扰码模块设置为对所述 P2P数据流进行扰码包括以下至少之一: 通 过 TCP窗口错位方法对所述 P2P数据流进行流控, 其中所述 TCP窗口错位方法用于 通过发送所述干扰包控制 P2P链路的收发包速度; 对所述 P2P数据流进行阻断。 优选地, TCP窗口错位方法包括: 伪装成所述 P2P链路的客户端, 在单位时间内 向所述 P2P链路的服务器发送多个确认 ACK包, 使得所述客户端丢弃所述服务器发 送的多个数据包; 伪装成所述 P2P链路的客户端, 按照预设的发包速度向所述服务器 索要所述客户端丢弃的多个数据包, 并伪装成所述服务器向所述客户端发送所述客户 端丢弃的多个数据包。 优选地, 所述多个 ACK包的数量大于第一阈值, 使得所述服务器响应所述多个 ACK包向所述客户端发送多个数据包,从而导致所述多个数据包超出所述客户端的窗 口, 所述多个数据包被所述客户端丢弃, 所述客户端的接收窗口和所述服务器的发送 窗口错位, 所述服务器对所述客户端在处理缓存中的数据包发送的 ACK包不予响应。 优选地, 所述扰码模块还设置为检测所述 P2P数据流所在用户的带宽, 在所述带 宽超出所允许的最大带宽的情况下, 向所述 P2P链路发送所述干扰包。 根据本发明实施例的又一个方面, 提供了一种并联模式 P2P扰码系统, 包括主干 网络, 设置为传送数据流; 上述第六至十项方案中任一项所述的装置, 与所述主干网 络并联, 设置为识别所述数据流中的 P2P数据流, 并通过向所述主干网路发送干扰包 对所述 P2P数据流进行扰码。 通过本发明实施例, 获取主干网络的数据流, 对所述主干网络的数据流对应的报 文进行协议识别, 确定点到点 P2P类协议的 P2P数据流, 向与所述 P2P数据流相应的 P2P链路发送干扰包, 对所述 P2P数据流进行扰码, 其中, 发送所述干扰包的发送方 与所述主干网络并联连接, 解决了点对点技术导致的网络拥塞的问题, 提高了网络带 宽资源利用率。 附图说明 此处所说明的附图用来提供对本发明的进一步理解, 构成本申请的一部分, 本发 明的示意性实施例及其说明用于解释本发明, 并不构成对本发明的不当限定。 在附图 中: 图 1是根据本发明实施例的并联模式 P2P扰码方法的流程图; 图 2是根据本发明实施例的并联模式 P2P扰码装置的结构图; 图 3是根据本发明优选实施例的并联模式 P2P扰码系统的框架图; 图 4是根据本发明优选实施例的并联模式 P2P扰码系统进行 P2P扰码的方法的流 程图; 以及 图 5是根据本发明优选实施例的 TCP窗口错位方法的示意图。 具体实施方式 需要说明的是, 在不冲突的情况下, 本申请中的实施例及实施例中的特征可以相 互组合。 下面将参考附图并结合实施例来详细说明本发明。 本实施例提供了一种并联模式 P2P扰码方法, 图 1是根据本发明实施例的并联模 式 P2P扰码方法的流程图, 如图 1所示, 该方法包括如下步骤: 步骤 S102, 获取主干网络的数据流, 对该主干网络的数据流对应的报文进行协议 识别, 确定点到点 P2P类协议的 P2P数据流; 步骤 S104, 向与 P2P数据流相应的 P2P链路发送干扰包, 对该 P2P数据流进行 扰码。 其中, 发送所述干扰包的发送方与所述主干网络并联连接。 通过上述步骤, 获取网络数据流, 对该网络数据流对应的报文进行协议识别, 确 定点到点 P2P类协议的 P2P数据流, 向该 P2P数据流发送干扰包, 对该 P2P数据流进 行扰码, 解决了点对点技术导致的网络拥塞的问题, 提高了网络带宽资源利用率。 在本实施例的一个优选实施方式中, 对该 P2P数据流进行扰码可以包括以下至少 之一: 通过 TCP窗口错位方法对 P2P数据流进行流控, 其中该 TCP窗口错位方法用 于通过发送干扰包控制 P2P链路的收发包速度从而对 P2P数据流进行阻断。通过上述 步骤, 达到了对 P2P流的流控和阻断。 在本实施例的一个优选实施方式中, TCP窗口错位方法可以包括: 伪装成 P2P链 路的客户端, 在单位时间内向 P2P链路的服务器发送多个 ACK包, 使得该客户端丢 弃服务器发送的多个数据包; 伪装成 P2P链路的客户端, 按照预设的发包速度向服务 器索要该客户端丢弃的多个数据包, 并伪装成服务器向该客户端发送该客户端丢弃的 多个数据包, 这样并联模式 P2P扰码系统就控制了 P2P链路的收发包速度, 不会导致 快速重传。其中, 多个 ACK包是预设数量的 ACK包, 多个数据包是与所述多个 ACK 包相应的预设数量的数据包。 在本实施例的一个优选实施方式中, TCP窗口错位方法还可以包括: 伪装成 P2P 链路的客户端, 在单位时间内向 P2P链路的服务器发送多个 ACK包, 其中, 所述多 个 ACK包的数量大于第一阈值, 使得服务器响应多个 ACK包向客户端发送多个数据 包, 从而导致该多个数据包超出客户端的窗口, 多个数据包被客户端丢弃, 客户端的 接收窗口和服务器的发送窗口错位, 服务器对客户端在处理缓存中的数据包发送的 ACK包不予响应。 这样便实现了 TCP窗口错位。 在本实施例的一个优选实施方式中, 在 P2P数据流不影响网络业务正常运行的情 况下, 可以不向 P2P数据流发送干扰包对 P2P数据流进行控制。在 P2P数据流占用的 带宽超出所允许的最大带宽的情况下, 向该 P2P数据流发送干扰包, 对 P2P数据流进 行控制, 这样提高了带宽利用率。 在本实施例中还提供了一种并联模式 P2P扰码装置, 该装置设置为实现上述的方 法, 在上述实施例中已经进行过说明的, 在此不再赘述。 需要说明的是, 下述装置中 的模块的名称并不构成对该模块的实际限定, 例如, 识别模块可以表述为 "获取网络数 据流, 对该网络数据流对应的报文进行协议识别, 确定点到点 P2P类协议的 P2P数据 流", 以下的模块均可以在处理器中实现, 例如, 识别模块可以表述为"一种处理器, 获取网络数据流, 对该网络数据流对应的报文进行协议识别, 确定点到点 P2P类协议 的 P2P数据流", 或者, "一种处理器, 包括识别模块 "等。 图 2是根据本发明实施例的并联模式 P2P扰码装置的结构图, 所述装置与主干网 络并联, 如图 2所示, 该装置 20包括: 识别模块 22和扰码模块 24, 下面对该装置进 行详细说明。 识别模块 22, 设置为获取所述主干网络的数据流, 对所述主干网络的数据流对应 的报文进行协议识别, 确定点到点 P2P类协议的 P2P数据流; 扰码模块 24, 设置为向与所述 P2P数据流相应的 P2P链路发送干扰包, 对所述 P2P数据流进行扰码; 通过上述装置, 解决了点对点技术导致的网络拥塞的问题, 提高了网络带宽资源 利用率。 在本实施例的一个优选实施方式中, 扰码模块 24设置为对 P2P数据流进行扰码 包括以下至少之一: 通过 TCP窗口错位方法对 P2P数据流进行流控, 其中 TCP窗口 错位方法用于通过发送干扰包控制 P2P链路的收发包速度; 对 P2P数据流进行阻断。 具体地, TCP窗口错位方法可以包括: 伪装成所述 P2P链路的客户端, 在单位时间内 向所述 P2P链路的服务器发送多个确认 ACK包, 使得所述客户端丢弃所述服务器发 送的多个数据包; 伪装成所述 P2P链路的客户端, 按照预设的发包速度向所述服务器 索要所述客户端丢弃的多个数据包, 并伪装成所述服务器向所述客户端发送所述客户 端丢弃的多个数据包。 其中, 所述多个 ACK包的数量大于第一阈值, 使得所述服务 器响应所述多个 ACK包向所述客户端发送多个数据包, 从而导致所述多个数据包超 出所述客户端的窗口, 所述多个数据包被所述客户端丢弃, 所述客户端的接收窗口和 所述服务器的发送窗口错位, 所述服务器对所述客户端在处理缓存中的数据包发送的 ACK包不予响应。 在本实施例的一个优选实施方式中, 扰码模块 24还设置为检测所述 P2P数据流 所在用户的带宽; 在带宽超出所允许的最大带宽的情况下, 向该 P2P数据流发送干扰 包。 下面结合优选实施例和优选实施方式对本发明进行说明。 优选实施例 1 本优选实施例是在综合业务网关系统中实现的, 图 3是根据本发明优选实施例的 并联模式 P2P扰码系统的框架图, 如图 3所示, 该并联模式 P2P扰码系统包括并联模 式 P2P扰码装置 30和主干网络 38。并联模式 P2P扰码装置 30包括深度业务感知 (Deep Packet Inspection, 简称为 DPI)协议解析模块 32, P2P流状态分析和流速检测模块 34 和 P2P干扰包发送模块 36, 其中, DPI协议解析模块 32和 P2P流状态分析和流速检 测模块 34相当于图 2中的识别模块 22, P2P干扰包发送模块 36相当于图 2中的扰码 模块 24。 并联模式 P2P扰码装置 30和主干网络 38并联, 具体地连接方式如下: DPI 协议解析模块 32与主干网络 38以并联的方式相连, 从主干网络 38获取数据流; P2P 流状态分析和流速检测模块 34与 DPI协议解析模块 32相连, 根据 DPI协议解析模块 32获取的数据流, 识别 P2P数据流, 并确定是否需要发送干扰包; P2P干扰包发送模 块 36—端与 P2P流状态分析和流速检测模块 34相连, 另一端与主干网络 38并联, 设置为根据 P2P流状态分析和流速检测模块 34的通知, 向主干网络 38发送干扰包。 下面对该装置进行详细说明: The ACK packet sends a plurality of data packets to the client, causing the plurality of data packets to exceed the window of the client The plurality of data packets are discarded by the client, and the receiving window of the client and the sending window of the server are misplaced, and the server sends an ACK packet to the client that processes the data packet in the cache. Respond. Preferably, sending the interference packet to the P2P link corresponding to the P2P data stream includes: detecting a bandwidth of a user where the P2P data stream is located; and if the bandwidth exceeds a maximum allowed bandwidth, The P2P link sends the interference packet. According to another aspect of the present invention, a parallel mode P2P scrambling device is provided, which is connected in parallel with a backbone network, the device comprising: an identification module configured to acquire a data stream of the backbone network, to the backbone The packet corresponding to the data flow of the network is subjected to protocol identification, and the P2P data stream of the P2P type protocol is determined. The scrambling code module is configured to send an interference packet to the P2P link corresponding to the P2P data flow, and the P2P is sent to the P2P. The data stream is scrambled. Preferably, the scrambling code module is configured to perform scrambling on the P2P data stream, including at least one of: performing flow control on the P2P data stream by using a TCP window misalignment method, where the TCP window misalignment method is used to pass Transmitting the interference packet to control a packet transmission speed of the P2P link; blocking the P2P data stream. Preferably, the TCP window misalignment method includes: a client masquerading as the P2P link, sending a plurality of acknowledgement ACK packets to the server of the P2P link in a unit time, so that the client discards the sent by the server a client masquerading as the P2P link, requesting, from the server, a plurality of data packets discarded by the client according to a preset packet sending speed, and pretending that the server sends the server to the client The multiple packets discarded by the client. Advantageously, the number of the plurality of ACK packets is greater than a first threshold, such that the server sends a plurality of data packets to the client in response to the plurality of ACK packets, thereby causing the plurality of data packets to exceed the client a window of the end, the plurality of data packets are discarded by the client, the receiving window of the client is misplaced with the sending window of the server, and the server sends an ACK packet to the client in processing the data packet in the cache. Not responding. Preferably, the scrambling code module is further configured to detect a bandwidth of a user where the P2P data stream is located, and send the interference packet to the P2P link if the bandwidth exceeds a maximum allowed bandwidth. According to still another aspect of the present invention, there is provided a parallel mode P2P scrambling system, comprising a backbone network, configured to transmit a data stream; the apparatus according to any one of the sixth to tenth aspects, The backbone networks are connected in parallel, configured to identify P2P data streams in the data stream, and to scramble the P2P data streams by transmitting interference packets to the backbone network. The embodiment of the present invention obtains a data flow of a backbone network, performs protocol identification on a packet corresponding to the data flow of the backbone network, and determines a P2P data flow of a point-to-point P2P type protocol, corresponding to the P2P data flow. The P2P link sends an interference packet, and the P2P data stream is scrambled. The sender that sends the interference packet is connected in parallel with the backbone network, which solves the problem of network congestion caused by the peer-to-peer technology and improves network bandwidth. Resource utilization. BRIEF DESCRIPTION OF THE DRAWINGS The accompanying drawings, which are set to illustrate,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, In the drawings: FIG. 1 is a flow chart of a parallel mode P2P scrambling method according to an embodiment of the present invention; FIG. 2 is a structural diagram of a parallel mode P2P scrambling apparatus according to an embodiment of the present invention; Figure 4 is a block diagram of a parallel mode P2P scrambling system of an embodiment; Figure 4 is a flow diagram of a method for P2P scrambling in a parallel mode P2P scrambling system in accordance with a preferred embodiment of the present invention; and Figure 5 is a preferred embodiment in accordance with the present invention. Schematic diagram of the TCP window misalignment method. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS It should be noted that the embodiments in the present application and the features in the embodiments may be combined with each other without conflict. The invention will be described in detail below with reference to the drawings in conjunction with the embodiments. The present embodiment provides a parallel mode P2P scrambling code method. FIG. 1 is a flowchart of a parallel mode P2P scrambling code method according to an embodiment of the present invention. As shown in FIG. 1, the method includes the following steps: Step S102, acquiring a trunk a data flow of the network, performing protocol identification on the packet corresponding to the data flow of the backbone network, and determining a P2P data flow of the P2P-type protocol from the point-to-point; and sending an interference packet to the P2P link corresponding to the P2P data flow, in step S104, The P2P data stream is scrambled. The sender that sends the interference packet is connected in parallel with the backbone network. Through the foregoing steps, the network data stream is obtained, the protocol corresponding to the network data stream is protocol-recoordinated, the P2P data stream of the P2P-type protocol is determined, the interference packet is sent to the P2P data stream, and the P2P data stream is interfered. The code solves the problem of network congestion caused by peer-to-peer technology and improves the utilization of network bandwidth resources. In a preferred embodiment of the present embodiment, scrambling the P2P data stream may include at least one of the following: performing flow control on the P2P data stream by using a TCP window misalignment method, where the TCP window misalignment method is used to transmit interference The packet controls the packet transmission speed of the P2P link to block the P2P data stream. Through the above steps, the flow control and blocking of the P2P flow are achieved. In a preferred embodiment of the present embodiment, the TCP window misalignment method may include: a client masquerading as a P2P link, sending multiple ACK packets to a P2P link server in a unit time, so that the client discards the server sending a plurality of data packets; a client masquerading as a P2P link requests a plurality of data packets discarded by the client according to a preset packet sending speed, and pretends that the server sends the data discarded by the client to the client. Packet, such a parallel mode P2P scrambling system controls the packet transmission and reception speed of the P2P link without causing fast retransmission. The multiple ACK packets are preset ACK packets, and the multiple data packets are preset number of data packets corresponding to the multiple ACK packets. In a preferred embodiment of the present embodiment, the TCP window misalignment method may further include: a client masquerading as a P2P link, sending a plurality of ACK packets to a server of the P2P link in a unit time, wherein the multiple ACKs The number of packets is greater than the first threshold, so that the server sends multiple data packets to the client in response to multiple ACK packets, thereby causing the multiple data packets to exceed the client window, multiple data packets are discarded by the client, and the client receiving window and The server's send window is misplaced, and the server does not respond to the ACK packet sent by the client in the processing buffer. This achieves a TCP window misalignment. In a preferred embodiment of the present embodiment, when the P2P data stream does not affect the normal operation of the network service, the P2P data stream may not be controlled by sending an interference packet to the P2P data stream. When the bandwidth occupied by the P2P data stream exceeds the maximum allowed bandwidth, the interference packet is sent to the P2P data stream to control the P2P data stream, thereby improving bandwidth utilization. In the embodiment, a parallel mode P2P scrambling device is also provided, and the device is configured to implement the foregoing method, which has been described in the above embodiments, and details are not described herein again. It should be noted that the name of the module in the following device does not constitute a practical limitation of the module. For example, the identification module can be expressed as "acquiring a network data stream, and performing protocol identification on the packet corresponding to the network data stream. Point-to-point P2P-type protocol P2P data stream", the following modules can be implemented in the processor, for example, the identification module can be expressed as "a processor, obtain a network data stream, and correspond to the network data stream" Perform protocol identification to determine the P2P data stream of the point-to-point P2P class protocol, or "a processor, including the identification module". 2 is a structural diagram of a parallel mode P2P scrambling apparatus according to an embodiment of the present invention. The apparatus is connected in parallel with a backbone network. As shown in FIG. 2, the apparatus 20 includes: an identification module 22 and a scrambling code module 24, The device is described in detail. The identification module 22 is configured to acquire a data flow of the backbone network, perform protocol identification on a packet corresponding to the data flow of the backbone network, and determine a P2P data flow of a point-to-point P2P type protocol; the scrambling code module 24 is set to Transmitting an interference packet to a P2P link corresponding to the P2P data stream, and scrambling the P2P data stream; and the foregoing device solves the problem of network congestion caused by the peer-to-peer technology, and improves network bandwidth resource utilization. In a preferred embodiment of the present embodiment, the scrambling code module 24 is configured to scramble the P2P data stream, including at least one of the following: performing flow control on the P2P data stream by using a TCP window misalignment method, where the TCP window misalignment method is used. The packet transmission speed of the P2P link is controlled by sending an interference packet; the P2P data stream is blocked. Specifically, the TCP window misalignment method may include: a client masquerading as the P2P link, sending a plurality of acknowledgement ACK packets to the server of the P2P link in a unit time, so that the client discards the sending by the server a plurality of data packets; a client masquerading as the P2P link, requesting, by the server, a plurality of data packets discarded by the client according to a preset packet sending speed, and pretending that the server sends the data packet to the client Multiple data packets discarded by the client. The number of the multiple ACK packets is greater than a first threshold, so that the server sends multiple data packets to the client in response to the multiple ACK packets, thereby causing the multiple data packets to exceed the client. a window, the plurality of data packets are discarded by the client, the receiving window of the client and the sending window of the server are misaligned, and the server sends an ACK packet to the client in a data packet processed by the cache. Respond. In a preferred embodiment of the present embodiment, the scrambling code module 24 is further configured to detect the bandwidth of the user where the P2P data stream is located; and to transmit the interference packet to the P2P data stream if the bandwidth exceeds the maximum allowed bandwidth. The invention will now be described in connection with preferred embodiments and preferred embodiments. Preferred Embodiment 1 The preferred embodiment is implemented in an integrated service gateway system. FIG. 3 is a block diagram of a parallel mode P2P scrambling system according to a preferred embodiment of the present invention. As shown in FIG. 3, the parallel mode P2P scrambling code is shown. The system includes a parallel mode P2P scrambling device 30 and a backbone network 38. Parallel mode P2P scrambling device 30 includes deep traffic awareness (Deep) Packet Inspection (referred to as DPI) protocol parsing module 32, P2P flow state analysis and flow rate detecting module 34 and P2P interference packet sending module 36, wherein DPI protocol parsing module 32 and P2P flow state analysis and flow rate detecting module 34 are equivalent to FIG. The identification module 22 and the P2P interference packet transmission module 36 are equivalent to the scrambling code module 24 in FIG. The parallel mode P2P scrambling device 30 is connected in parallel with the backbone network 38, and the specific connection manner is as follows: The DPI protocol parsing module 32 is connected in parallel with the backbone network 38 to acquire data streams from the backbone network 38; P2P flow state analysis and flow rate detecting module 34 is connected to the DPI protocol parsing module 32, according to the data stream obtained by the DPI protocol parsing module 32, identifying the P2P data stream, and determining whether an interference packet needs to be sent; the P2P interference packet sending module 36-end and P2P flow state analysis and flow rate detecting module 34 is connected, and the other end is connected in parallel with the backbone network 38, and is arranged to transmit an interference packet to the backbone network 38 according to the notification of the P2P flow state analysis and the flow rate detection module 34. The device is described in detail below:
DPI协议解析模块 32, 设置为对主干网络 38中的所有的报文进行协议识别, 并 将识别为 P2P类协议的数据流发送给 P2P流状态分析和流速检测模块 34。 The DPI protocol parsing module 32 is configured to perform protocol identification on all the packets in the backbone network 38, and send the data stream identified as the P2P class protocol to the P2P flow state analysis and flow rate detecting module 34.
P2P流状态分析和流速检测模块 34, 设置为分析当前 P2P数据流的状态, 检测当 前 P2P数据流所在用户的 P2P带宽,如果超出允许的最大带宽则通知 P2P干扰包发送 模块 36进行发包干扰。 The P2P flow state analysis and flow rate detecting module 34 is configured to analyze the state of the current P2P data stream, detect the P2P bandwidth of the user where the current P2P data stream is located, and notify the P2P interference packet sending module 36 to perform packet interference if the maximum allowed bandwidth is exceeded.
P2P干扰包发送模块 36, 设置为向主干网 38发送干扰包。 具体地可以采用 TCP 窗口错位法发送干扰包: 伪装成所述 P2P链路的客户端, 在单位时间内向所述 P2P链 路的服务器发送多个确认 ACK包, 使得所述客户端丢弃所述服务器发送的多个数据 包; 伪装成所述 P2P链路的客户端, 按照预设的发包速度向所述服务器索要所述客户 端丢弃的多个数据包, 并伪装成所述服务器向所述客户端发送所述客户端丢弃的多个 数据包。 其中, 所述多个 ACK包的数量大于第一阈值, 使得所述服务器响应所述多 个 ACK包向所述客户端发送多个数据包, 从而导致所述多个数据包超出所述客户端 的窗口, 所述多个数据包被所述客户端丢弃, 所述客户端的接收窗口和所述服务器的 发送窗口错位, 所述服务器对所述客户端在处理缓存中的数据包发送的 ACK包不予 响应。 通过上述系统, 可以有效的减少 P2P数据流量在总流量中所占的比例, 控制 P2P 应用对网络带宽资源的占用, 解决由于 P2P数据流量过大导致的网络拥塞的问题。 优选实施例 2 图 4是根据本发明优选实施例的并联模式 P2P扰码系统进行 P2P扰码的方法的流 程图, 如图 4和图 3所示, 该方法包括如下步骤: 步骤 S402, DPI协议解析模块 32通过分光设备获取所有的网络数据流量。 步骤 S404, DPI协议解析模块 32对所有的报文进行协议识别, 并将识别为 P2P 类协议的数据流发送给 P2P流状态分析和流速检测模块 34。 步骤 S406, P2P流状态分析和流速检测模块 34分析当前 P2P数据流的状态, 检 测当前 P2P数据流所在用户的 P2P带宽,如果超出允许的最大带宽则通知 P2P干扰包 发送模块 36进行发包干扰。 步骤 S408, P2P干扰包发送模块 36通过控制通道向 P2P数据流相应的 P2P链路 发送干扰包, 以达到对 P2P数据流进行流控或阻断目的。 通过上述步骤, 并联模式 P2P扰码装置采用与主干网并联部署的模式, 整个装置 不属于主干网的网元, 所以没有因为并联模式 P2P扰码装置的可能故障而导致整个主 干网络发生故障的危险。 并联模式 P2P扰码装置可以有效的减少 P2P数据流量在总流 量中所占的比例, 控制 P2P应用对网络带宽资源的占用, 解决由于 P2P数据流量过大 导致的网络拥塞的问题。 The P2P interference packet transmitting module 36 is configured to send an interference packet to the backbone network 38. Specifically, the TCP packet misplacement method may be used to send the interference packet: the client masquerading as the P2P link sends a plurality of acknowledgement ACK packets to the server of the P2P link in a unit time, so that the client discards the server. Sending a plurality of data packets; the client masquerading as the P2P link requests the server for a plurality of data packets discarded by the client according to a preset packet sending speed, and pretending to be the server to the client The terminal sends multiple data packets discarded by the client. The number of the multiple ACK packets is greater than a first threshold, so that the server sends multiple data packets to the client in response to the multiple ACK packets, thereby causing the multiple data packets to exceed the client. a window, the plurality of data packets are discarded by the client, the receiving window of the client and the sending window of the server are misaligned, and the server sends an ACK packet to the client in a data packet processed by the cache. Respond. Through the above system, the proportion of P2P data traffic in the total traffic can be effectively reduced, the P2P application can be occupied by the network bandwidth resources, and the network congestion caused by the excessive P2P data traffic can be solved. Preferred Embodiment 2 FIG. 4 is a flowchart of a method for performing P2P scrambling in a parallel mode P2P scrambling system according to a preferred embodiment of the present invention. As shown in FIG. 4 and FIG. 3, the method includes the following steps: Step S402, the DPI protocol parsing module 32 acquires all network data traffic through the optical splitting device. Step S404, the DPI protocol parsing module 32 performs protocol identification on all the packets, and sends the data stream identified as the P2P class protocol to the P2P flow state analysis and flow rate detecting module 34. Step S406, the P2P flow state analysis and flow rate detecting module 34 analyzes the state of the current P2P data stream, detects the P2P bandwidth of the user where the current P2P data stream is located, and notifies the P2P interference packet sending module 36 to perform packet interference if the maximum allowed bandwidth is exceeded. Step S408, the P2P interference packet sending module 36 sends an interference packet to the corresponding P2P link of the P2P data stream through the control channel, so as to achieve the purpose of flow control or blocking the P2P data stream. Through the above steps, the parallel mode P2P scrambling device adopts a mode in parallel with the backbone network, and the entire device does not belong to the network element of the backbone network, so there is no risk of failure of the entire backbone network due to possible failure of the parallel mode P2P scrambling device. . The parallel mode P2P scrambling device can effectively reduce the proportion of P2P data traffic in the total traffic, control the occupation of network bandwidth resources by P2P applications, and solve the problem of network congestion caused by excessive P2P data traffic.
优选实施例 3 本优选实施例是对基于 TCP协议的 P2P数据流的阻断和流控,下面对阻断方法和 流控方法分别进行介绍: Preferred Embodiment 3 This preferred embodiment is a block and flow control of a P2P data stream based on a TCP protocol. The following describes the blocking method and the flow control method:
( 1 ) 阻断方法。 对 P2P数据流的阻断可以是以下三种方法的组合, 并联模式 P2P扰码装置在发现 一种方法无效的情况下会切换到其他的方法再次进行阻断。 第一种方法: 单向发送 RST 包方法。 即并联模式 P2P 扰码装置伪装成客户端 (Client) 向服务器(Server) 发送 RST包, 或者伪装成 Client向 Server发送 RST包, 使链接断链, 已达到对被控制流的阻断效果。 第二种方法: 双向发送 RST包方法。 即并联模式 P2P扰码装置伪装成 Client向 Server发送包 RST包, 同时因特网业务组 (Internet Service Group, 简称为 ISG)伪装 Server向 Client发包。 使链接断链, 已达到对被控制流的阻断效果。 第三种方法: 发送 SYN包方法。 即并联模式 P2P扰码装置伪装成 Client, 通过向 Server发送位于窗口内的 SYN包, 使链接断链, 以达到对被控制流的阻断效果。 (1) Blocking method. The blocking of the P2P data stream may be a combination of the following three methods. The parallel mode P2P scrambling device switches to another method to block again if it finds that one method is invalid. The first method: Send the RST packet method in one direction. That is, the parallel mode P2P scrambling device masquerades as a client (Client) to send a RST packet to the server (Server), or pretends that the Client sends a RST packet to the server, so that the link is broken, and the blocking effect on the controlled flow has been achieved. The second method: Send the RST packet method in both directions. That is, the parallel mode P2P scrambling device pretends that the client sends a packet RST packet to the server, and the Internet Service Group (ISG) masquerades the server to send a packet to the client. By breaking the link, the blocking effect on the controlled flow has been achieved. The third method: Send the SYN packet method. That is, the parallel mode P2P scrambling device is disguised as a client, and the link is broken by sending a SYN packet located in the window to the server to achieve a blocking effect on the controlled flow.
(2) 流控方法 对 P2P数据流的流控可以是以下两种方法的组合, 并联模式 P2P扰码系统在发现 一种方法无效的情况下会切换到其他的方法再次进行流控。 第一种方法: 修改传输控制协议(Transmission Control Protocol, 简称为 TCP)滑 动窗口方法 该方法是利用数据发送方通告数据接收方的接收窗口大小来控制数据发送的速 度。 第二种方法: TCP窗口错位方法 图 5是根据本发明优选实施例的 TCP窗口错位方法的示意图, 如图 5所示, 该 TCP窗口错位方法的具体内容如下: 并联模式 P2P扰码系统伪装成客户端 (Client) 向服务器 (Server) 快速的发送合法 ACK包, 使 Server尽快的向 Client发送数据包 (Data), 当数据包超出 Client的窗口时, 数据包会被 Client丢弃。 当被丢弃的报文数 量足够多时, Client的接收窗口和 Server的发送窗口会完全错位。 Client在处理缓存中 的数据包时发给 Server的 ACK包会被 Server认为是重复的 ACK包 (并联模式 P2P 扰码装置已经伪装 Client发完 ACK包了), 所以 Server不会理会 Client的 ACK包。 当窗口错位足够大, Client处理完所有缓存中的包所发送的 ACK包都被 Server认为是 重复的 ACK包, 所以 Server不会重复发送被 Client丢弃的包给 Client。这时 ISG再伪 装成 Server给 Client发送被 Client丢弃的包, 同时伪装成 Client给 Server发送 ACK 索要新的数据包。 这样并联模式 P2P扰码装置就控制了整个链路的收发包速度。 在并 联模式 P2P扰码系统控制链路的过程中, 对于每个数据包 Server会在不同时间收到两 个相同 ACK包, 所以不会导致快速重传。 优选实施例 4 本优选实施例是基于对用户数据报协议 (User Datagram Protocol, 简称为 UDP) 协议的 P2P的阻断和流控, 内容如下: 获取网络数据流, 对该网络数据流对应的报文 进行 UDP协议识别, 确定 UDP协议的 P2P数据流, 向 P2P数据流发送 icmp干扰包, 对该 P2P数据流进行扰码。 通过发送 icmp干扰包使端口不可达, 达到对被控制流的 阻断和流控效果。 上述优选实施例是并联模式 P2P扰码装置附属在高性能 ISG系统中, 通过对 P2P 数据流进行发包干扰以达到对 P2P数据流的流控和阻断, 实现了对对 P2P数据流量的 适当控制, 不但可以使节省带宽资源, 解决网络拥塞问题, 还可以使其他网络业务可 以正常进行。 显然, 本领域的技术人员应该明白, 上述的本发明的各模块或各步骤可以用通用 的计算装置来实现, 它们可以集中在单个的计算装置上, 或者分布在多个计算装置所 组成的网络上, 可选地, 它们可以用计算装置可执行的程序代码来实现, 从而, 可以 将它们存储在存储装置中由计算装置来执行, 或者将它们分别制作成各个集成电路模 块, 或者将它们中的多个模块或步骤制作成单个集成电路模块来实现。 这样, 本发明 不限制于任何特定的硬件和软件结合。 以上仅为本发明的优选实施例而已, 并不用于限制本发明, 对于本领域的技术人 员来说, 本发明可以有各种更改和变化。 凡在本发明的精神和原则之内, 所作的任何 修改、 等同替换、 改进等, 均应包含在本发明的保护范围之内。 工业实用性 如上所述, 本发明实施例提供的一种并联模式 P2P扰码方法、 装置及系统具 有以下有益效果: 通过对 P2P数据流进行发包干扰以达到对 P2P数据流的流控和阻 断, 实现了对对 P2P数据流量的适当控制, 不但可以使节省带宽资源, 解决网络拥 塞问题, 还可以使其他网络业务可以正常进行。 (2) Flow control method The flow control of the P2P data stream can be a combination of the following two methods. The parallel mode P2P scrambling code system switches to another method to perform flow control again when it finds that one method is invalid. The first method: Modifying the Transmission Control Protocol (TCP) sliding window method This method uses the data sender to advertise the receiving window size of the data receiver to control the speed of data transmission. The second method: TCP window misalignment method FIG. 5 is a schematic diagram of a TCP window misalignment method according to a preferred embodiment of the present invention. As shown in FIG. 5, the specific content of the TCP window misalignment method is as follows: Parallel mode P2P scrambling system is disguised as The client sends a valid ACK packet to the server (Server), so that the server sends a data packet to the client as soon as possible. When the packet exceeds the client window, the packet is discarded by the client. When the number of discarded packets is sufficient, the client's receiving window and the server's sending window are completely misaligned. When the client processes the data packet in the cache, the ACK packet sent to the server will be regarded as a duplicate ACK packet by the server (the parallel mode P2P scrambling device has spoofed the client to send the ACK packet), so the server will ignore the ACK packet of the client. . When the window is misplaced enough, the ACK packet sent by the client after processing all the packets in the cache is regarded as a duplicate ACK packet by the server, so the server does not repeatedly send the packet discarded by the client to the client. At this time, the ISG masquerades as a server to send the client the packet discarded by the client, and pretends that the client sends an ACK to the server to request a new data packet. Such a parallel mode P2P scrambling device controls the packet transmission speed of the entire link. In the parallel mode P2P scrambling system control link, for each data packet Server will receive two identical ACK packets at different times, so it will not cause fast retransmission. The preferred embodiment is based on the P2P blocking and flow control of the User Datagram Protocol (UDP) protocol, and the content is as follows: Obtain a network data stream, and report the network data stream corresponding to the network data stream. The UDP protocol is identified, the P2P data stream of the UDP protocol is determined, the icmp interference packet is sent to the P2P data stream, and the P2P data stream is scrambled. The port is unreachable by sending an icmp interference packet to achieve the blocking and flow control effect on the controlled flow. The above preferred embodiment is a parallel mode P2P scrambling device attached to a high performance ISG system, which implements flow control and blocking of the P2P data stream by performing packet interference on the P2P data stream, thereby achieving proper control of P2P data traffic. Not only can you save bandwidth resources, solve network congestion problems, but also enable other network services to work normally. Obviously, those skilled in the art should understand that the above modules or steps of the present invention can be implemented by a general-purpose computing device, which can be concentrated on a single computing device or distributed over a network composed of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device, such that they may be stored in the storage device by the computing device, or they may be separately fabricated into individual integrated circuit modules, or they may be Multiple modules or steps are made into a single integrated circuit module. Thus, the invention is not limited to any specific combination of hardware and software. The above are only the preferred embodiments of the present invention, and are not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and scope of the present invention are intended to be included within the scope of the present invention. INDUSTRIAL APPLICABILITY As described above, a parallel mode P2P scrambling code method, apparatus, and system provided by an embodiment of the present invention have the following beneficial effects: Flow control and blocking of a P2P data stream by performing packet interference on a P2P data stream The proper control of P2P data traffic is achieved, which not only saves bandwidth resources, solves network congestion problems, but also enables other network services to operate normally.

Claims

权 利 要 求 书 Claim
1. 一种并联模式 P2P扰码方法, 包括: 获取主干网络的数据流, 对所述主干网络的数据流对应的报文进行协议识 别, 确定点到点 P2P类协议的 P2P数据流; A parallel mode P2P scrambling method includes: acquiring a data flow of a backbone network, performing protocol identification on a packet corresponding to the data flow of the backbone network, and determining a P2P data flow of a point-to-point P2P type protocol;
向与所述 P2P数据流相应的 P2P链路发送干扰包,对所述 P2P数据流进行 扰码;  Transmitting an interference packet to a P2P link corresponding to the P2P data stream, and scrambling the P2P data stream;
其中, 发送所述干扰包的发送方与所述主干网络并联连接。  The sender that sends the interference packet is connected in parallel with the backbone network.
2. 根据权利要求 1所述的方法, 其中, 对所述 P2P数据流进行扰码包括以下至少 之一: 2. The method according to claim 1, wherein scrambling the P2P data stream comprises at least one of the following:
通过 TCP窗口错位方法对所述 P2P数据流进行流控, 其中所述 TCP窗口 错位方法用于通过发送所述干扰包控制所述 P2P链路的收发包速度;  And controlling, by the TCP window misalignment method, the P2P data stream, where the TCP window misalignment method is used to control a packet transmission speed of the P2P link by sending the interference packet;
对所述 P2P数据流进行阻断。  Blocking the P2P data stream.
3. 根据权利要求 2所述的方法, 其中, TCP窗口错位方法包括: 3. The method according to claim 2, wherein the TCP window misalignment method comprises:
伪装成所述 P2P链路的客户端,在单位时间内向所述 P2P链路的服务器发 送多个确认 ACK包, 使得所述客户端丢弃所述服务器发送的多个数据包; 伪装成所述 P2P链路的客户端, 按照预设的发包速度向所述服务器索要所 述客户端丢弃的多个数据包, 并伪装成所述服务器向所述客户端发送所述客户 端丢弃的多个数据包。  The client masquerading as the P2P link sends a plurality of acknowledgment ACK packets to the server of the P2P link in a unit time, so that the client discards multiple data packets sent by the server; disguising as the P2P The client of the link requests the server for multiple data packets discarded by the client according to a preset sending speed, and pretends that the server sends the multiple data packets discarded by the client to the client. .
4. 根据权利要求 3所述的方法, 其中, 所述多个 ACK包的数量大于第一阈值, 使得所述服务器响应所述多个 ACK包向所述客户端发送多个数据包, 从而导 致所述多个数据包超出所述客户端的窗口,所述多个数据包被所述客户端丢弃, 所述客户端的接收窗口和所述服务器的发送窗口错位, 所述服务器对所述客户 端在处理缓存中的数据包发送的 ACK包不予响应。 4. The method according to claim 3, wherein the number of the plurality of ACK packets is greater than a first threshold, such that the server sends a plurality of data packets to the client in response to the plurality of ACK packets, thereby causing The plurality of data packets are beyond the window of the client, the plurality of data packets are discarded by the client, the receiving window of the client is misplaced with the sending window of the server, and the server is in the client The ACK packet sent by the processing packet in the buffer does not respond.
5. 根据权利要求 1所述的方法, 其中, 向与所述 P2P数据流相应的所述 P2P链路 发送所述干扰包包括: 5. The method of claim 1, wherein transmitting the interference packet to the P2P link corresponding to the P2P data stream comprises:
检测所述 P2P数据流所在用户的带宽; 在所述带宽超出所允许的最大带宽的情况下, 向所述 P2P链路发送所述干 扰包。 Detecting a bandwidth of a user where the P2P data stream is located; The interference packet is sent to the P2P link if the bandwidth exceeds the maximum allowed bandwidth.
6. 一种并联模式 P2P扰码装置, 所述装置与主干网络并联, 所述装置包括: 6. A parallel mode P2P scrambling device, the device being in parallel with a backbone network, the device comprising:
识别模块, 设置为获取所述主干网络的数据流, 对所述主干网络的数据流 对应的报文进行协议识别, 确定点到点 P2P类协议的 P2P数据流;  An identification module, configured to acquire a data flow of the backbone network, perform protocol identification on a packet corresponding to the data flow of the backbone network, and determine a P2P data flow of a point-to-point P2P type protocol;
扰码模块, 设置为向与所述 P2P数据流相应的 P2P链路发送干扰包, 对所 述 P2P数据流进行扰码。  The scrambling module is configured to send an interference packet to a P2P link corresponding to the P2P data stream, and scramble the P2P data stream.
7. 根据权利要求 6所述的装置, 其中, 所述扰码模块设置为对所述 P2P数据流进 行扰码包括以下至少之一: 7. The apparatus according to claim 6, wherein the scrambling code module is configured to scramble the P2P data stream to include at least one of the following:
通过 TCP窗口错位方法对所述 P2P数据流进行流控, 其中所述 TCP窗口 错位方法用于通过发送所述干扰包控制 P2P链路的收发包速度;  The P2P data stream is streamed by using a TCP window misalignment method, where the TCP window misalignment method is used to control a packet transmission speed of the P2P link by sending the interference packet;
对所述 P2P数据流进行阻断。  Blocking the P2P data stream.
8. 根据权利要求 7所述的装置, 其中, TCP窗口错位方法包括: 8. The apparatus according to claim 7, wherein the TCP window misalignment method comprises:
伪装成所述 P2P链路的客户端,在单位时间内向所述 P2P链路的服务器发 送多个确认 ACK包, 使得所述客户端丢弃所述服务器发送的多个数据包; 伪装成所述 P2P链路的客户端, 按照预设的发包速度向所述服务器索要所 述客户端丢弃的多个数据包, 并伪装成所述服务器向所述客户端发送所述客户 端丢弃的多个数据包。  The client masquerading as the P2P link sends a plurality of acknowledgment ACK packets to the server of the P2P link in a unit time, so that the client discards multiple data packets sent by the server; disguising as the P2P The client of the link requests the server for multiple data packets discarded by the client according to a preset sending speed, and pretends that the server sends the multiple data packets discarded by the client to the client. .
9. 根据权利要求 8所述的装置, 其中, 所述多个 ACK包的数量大于第一阈值, 使得所述服务器响应所述多个 ACK包向所述客户端发送多个数据包, 从而导 致所述多个数据包超出所述客户端的窗口,所述多个数据包被所述客户端丢弃, 所述客户端的接收窗口和所述服务器的发送窗口错位, 所述服务器对所述客户 端在处理缓存中的数据包发送的 ACK包不予响应。 9. The apparatus according to claim 8, wherein the number of the plurality of ACK packets is greater than a first threshold, such that the server sends a plurality of data packets to the client in response to the plurality of ACK packets, thereby causing The plurality of data packets are beyond the window of the client, the plurality of data packets are discarded by the client, the receiving window of the client is misplaced with the sending window of the server, and the server is in the client The ACK packet sent by the processing packet in the buffer does not respond.
10. 根据权利要求 6所述的装置, 其中, 所述扰码模块还设置为检测所述 P2P数据 流所在用户的带宽, 在所述带宽超出所允许的最大带宽的情况下, 向所述 P2P 链路发送所述干扰包。 10. The apparatus according to claim 6, wherein the scrambling code module is further configured to detect a bandwidth of a user where the P2P data stream is located, and if the bandwidth exceeds a maximum allowed bandwidth, to the P2P The link transmits the interference packet.
11. 一种并联模式 P2P扰码系统, 包括: 11. A parallel mode P2P scrambling system, comprising:
主干网络, 设置为传送数据流; 权利要求 6至 10中任一项所述的装置,与所述主干网络并联,设置为识别 所述数据流中的 P2P数据流, 并通过向所述主干网路发送干扰包对所述 P2P数 据流进行扰码。 The backbone network, set to transmit data streams; Apparatus according to any one of claims 6 to 10, in parallel with said backbone network, arranged to identify a P2P data stream in said data stream, and to transmit said P2P data by transmitting an interference packet to said backbone network The stream is scrambled.
PCT/CN2014/079616 2013-10-16 2014-06-10 Parallel-mode p2p scrambling method, device and system WO2014187406A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201310486375.9 2013-10-16
CN201310486375 2013-10-16

Publications (1)

Publication Number Publication Date
WO2014187406A1 true WO2014187406A1 (en) 2014-11-27

Family

ID=51932952

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/079616 WO2014187406A1 (en) 2013-10-16 2014-06-10 Parallel-mode p2p scrambling method, device and system

Country Status (2)

Country Link
CN (1) CN104580003B (en)
WO (1) WO2014187406A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101056222A (en) * 2007-05-17 2007-10-17 华为技术有限公司 A deep message detection method, network device and system
CN101159683A (en) * 2007-10-15 2008-04-09 华为技术有限公司 Method and apparatus for controlling data flow
US20100306383A1 (en) * 2009-05-27 2010-12-02 Ray-V Technologies, Ltd. Controlling the provision of resources for streaming of video swarms in a peer-to-peer network
CN101964754A (en) * 2010-11-01 2011-02-02 南京邮电大学 Point to point (P2P) service identification-based quality of service (QoS) routing method
CN102893635A (en) * 2010-03-31 2013-01-23 香港科技大学 Transmitting and/or receiving data in side channel

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101286937B (en) * 2008-05-16 2011-01-05 成都市华为赛门铁克科技有限公司 Network flow control method, device and system
CN102387045B (en) * 2011-09-30 2015-07-08 北京信息科技大学 Embedded point to point (P2P) flow monitoring system and method thereof

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101056222A (en) * 2007-05-17 2007-10-17 华为技术有限公司 A deep message detection method, network device and system
CN101159683A (en) * 2007-10-15 2008-04-09 华为技术有限公司 Method and apparatus for controlling data flow
US20100306383A1 (en) * 2009-05-27 2010-12-02 Ray-V Technologies, Ltd. Controlling the provision of resources for streaming of video swarms in a peer-to-peer network
CN102893635A (en) * 2010-03-31 2013-01-23 香港科技大学 Transmitting and/or receiving data in side channel
CN101964754A (en) * 2010-11-01 2011-02-02 南京邮电大学 Point to point (P2P) service identification-based quality of service (QoS) routing method

Also Published As

Publication number Publication date
CN104580003A (en) 2015-04-29
CN104580003B (en) 2019-05-24

Similar Documents

Publication Publication Date Title
EP3482514B1 (en) Systems, apparatuses and methods for network packet management
US9577791B2 (en) Notification by network element of packet drops
WO2014092779A1 (en) Notification by network element of packet drops
US9516114B2 (en) Data packet transmission method and related device and system
US9407734B2 (en) System and method for efficient frame aggregation based on aggregation limits or parameters
US20120227088A1 (en) Method for authenticating communication traffic, communication system and protective apparatus
JP2010022001A (en) Method for managing transmission of data stream on transport channel of tunnel, corresponding tunnel end-point, and computer-readable storage medium
JP2009525708A (en) Protocol link layer
WO2009152734A1 (en) Process method, system and device for binding/unbinding
WO2011100911A2 (en) Detection processing method, data transmitter, data receiver and communication system
US9787770B2 (en) Communication system utilizing HTTP
CN102769520B (en) Wireless network congestion control method based on stream control transmission protocol (SCTP)
WO2017097201A1 (en) Data transmission method, transmission device and receiving device
WO2014194806A1 (en) Link processing method and mobile terminal in multiplexing control protocol
JP2017118545A5 (en)
EP3539235B1 (en) Systems, apparatuses and methods for cooperating routers
EP3633890A1 (en) Method, device, and system for transmitting data
CN116074401B (en) Method for realizing transmission layer protocol on programmable exchanger
CN107294848B (en) Method and device for sending router request message
WO2014100973A1 (en) Video processing method, device and system
CN113424578B (en) Acceleration method and device for transmission control protocol
WO2014187406A1 (en) Parallel-mode p2p scrambling method, device and system
CN111274195B (en) RDMA network flow control method, device and computer readable storage medium
TWI427995B (en) Customer premises equipment and method for avoiding attacks thereof
CN106789864B (en) Message anti-attack method and device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14801216

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14801216

Country of ref document: EP

Kind code of ref document: A1