WO2015176212A1 - Tcam and fpga-based packet processing method and device - Google Patents

Tcam and fpga-based packet processing method and device Download PDF

Info

Publication number
WO2015176212A1
WO2015176212A1 PCT/CN2014/077799 CN2014077799W WO2015176212A1 WO 2015176212 A1 WO2015176212 A1 WO 2015176212A1 CN 2014077799 W CN2014077799 W CN 2014077799W WO 2015176212 A1 WO2015176212 A1 WO 2015176212A1
Authority
WO
WIPO (PCT)
Prior art keywords
flow table
information
group
packet
idle
Prior art date
Application number
PCT/CN2014/077799
Other languages
French (fr)
Chinese (zh)
Inventor
丁玉奇
张洪雁
Original Assignee
北京东土科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 北京东土科技股份有限公司 filed Critical 北京东土科技股份有限公司
Priority to PCT/CN2014/077799 priority Critical patent/WO2015176212A1/en
Publication of WO2015176212A1 publication Critical patent/WO2015176212A1/en

Links

Definitions

  • the present invention relates to the field of industrial Ethernet communication technologies, and in particular, to a packet processing method and apparatus based on TCAM and FPGA. Background technique
  • Industrial Ethernet is currently developing very rapidly and has a wide range of applications in various industries, making Ethernet communication a rapidly growing position in the field of industrial automation.
  • Industrial Ethernet communication has the following problems:
  • the packet processing includes: After receiving the packet, the switch extracts the information from the packet, and the extracted information includes: (Virtual Local Area Network, VLAN) information, MAC address information, port number, etc., and searches for corresponding information according to the extracted information.
  • the table and according to the specific lookup for the corresponding processing. Specifically, the VLAN table is searched according to the extracted VLAN information and the port number.
  • the Layer 2 address forwarding table is queried according to the extracted MAC address, and the packet is forwarded according to the result of the query.
  • the processing process of the above-mentioned entire message is serial hierarchical processing, the processes are sequentially processed in order, and each process is processed separately, and the query work required in each process is also performed serially, so the entire packet processing flow is performed.
  • the flexibility is not high and the delay is high, which affects the forwarding performance of packets.
  • the current processing method is that the packet is processed by the switch and sent to the next layer for further processing, and the subsequent processing. It is also serial, so the above process cannot perform targeted network forwarding policy configuration for a specific industrial communication protocol, thereby causing an increase in data forwarding delay.
  • ACL uses serial query and matching. After matching a flow table, it matches the next one.
  • the flow table is generally implemented by TCAM.
  • TCAM In an FPGA, it is impossible to use a large number of independent TCAMs, generally dividing one TCAM into multiple Work in the form of a logical table. At this time, there will be a problem, because the received flow table needs to be searched for different flow tables. If the serial processing method is used, the efficiency of processing the message will be seriously hindered, thereby affecting the data throughput rate of the product and causing the report. The text forwarding delay increases. Summary of the invention
  • the present invention has been made in order to provide a TCAM and FPGA based message processing method and apparatus that overcomes the above problems or at least partially solves the above problems.
  • the embodiment of the invention provides a packet processing method based on TCAM and FPGA, and the method includes:
  • the switch identifies the packet type of the received packet, and extracts packet header information of the packet according to the packet header extraction rule corresponding to the identified packet type, where the packet header information includes at least one unary information, and at least a multi-group information;
  • each flow table corresponding to each information is searched in parallel, and the search results are integrated and output, wherein
  • the information is the multi-group information
  • the method further includes:
  • each information is obtained, and the secondary flow table corresponding to each information is searched for, and the secondary flow table corresponding to each information is searched in parallel, and the search result is integrated with the search result of the unary information and the multi-group information, and then output.
  • the post output includes:
  • each search result is integrated and output.
  • the multi-group flow table includes a plurality of highest-level tuple flow tables, and determining the search result includes:
  • each of the multi-group flow tables of the second priority is idle; when the second priority has an idle multi-group flow table, according to the multiple The group information finds the idle multi-group flow table and determines a search result, and when the multi-group flow table of the second priority is not idle, sending the multi-group information to the second priority multi-group The processing table of the flow table.
  • the multi-group flow table includes a highest tuple flow table and a plurality of common tuple flow tables, wherein the receiving according to the set time length is received.
  • the packet type of the received packet when the packet type meets the common tuple flow table, it is determined whether there is an idle common tuple flow table. When there is an idle common tuple flow table, the idle common tuple flow table is searched according to the multi-group information and the search result is determined. Otherwise, Transmitting the multi-group information to a processing queue of the common tuple flow table;
  • the packet type does not meet the packet type corresponding to the common tuple flow table, it is determined whether the highest tuple flow table is idle.
  • the highest tuple flow table is searched according to the multi-group information. The flow table determines the lookup result, otherwise, the tuple information is sent to the processing queue of the highest tuple flow table.
  • the embodiment of the invention provides a message processing device based on TCAM and FPGA, and the device comprises:
  • the parsing and extracting module is configured to identify a packet type of the received packet, and extract a packet header information of the packet according to the packet header extraction rule corresponding to the identified packet type, where the packet header information includes at least one unary Information, and at least one tuple information;
  • a storage search module configured to search each flow table corresponding to each information in parallel according to the correspondence between each information in the saved data packet header and the flow table, where, when the information is unary information, according to the unary information Corresponding one-way flow table, determining a search result; when the information is multi-group information, determining whether the multi-group flow table corresponding to the multi-group information is currently idle, and when the multi-group flow table is not idle, The group information is sent to the processing queue of the multi-group flow table, otherwise, the multi-group flow table is searched according to the multi-group information and the search result is determined;
  • Arbitration module used to integrate the search results and output.
  • the device further includes:
  • a secondary parsing module configured to perform secondary parsing on the multi-group information
  • the storage search module is further configured to: obtain each information according to the parsing, and a secondary flow table corresponding to each information, and search for a secondary flow table corresponding to each information in parallel;
  • the arbitration module is further configured to integrate the search result with the search result of the unary information and the multi-group information and output the result.
  • the arbitration module is specifically configured to add a packet descriptor to each information of the extracted data packet header, and obtain each search result including the packet descriptor; Determining, according to the packet type of the packet, whether the number of the currently obtained search results satisfies the number of search results corresponding to the packet type; when the number of currently obtained search results satisfies the number of search results corresponding to the packet type, The results of the search are integrated and output.
  • the storage search module is specifically configured to: when the flow table is a multi-group flow table, the multi-group flow table includes a plurality of highest tuple flow tables, when When the priority of the message satisfies the preset priority condition, it is determined whether each of the multi-group flow tables of the first priority is idle; when the first priority has an idle multi-group flow table, the search is performed according to the multi-group information Determining a result of the first priority idle multi-group flow table and determining a search result.
  • each of the multi-group flow tables of the first priority is not idle, determining whether each multi-group flow table of the second priority is idle, when When the second priority has an idle multi-group flow table, searching for the idle second priority multi-group flow table according to the multi-group information and determining a search result, otherwise, sending the multi-group information to the first Determining, in the processing queue of a priority multi-group flow table, when the priority of the packet does not satisfy the preset priority condition, determining whether each multi-group flow table of the second priority is idle; When the priority multi-group flow table exists, the idle multi-group flow table is searched according to the multi-group information, and the search result is determined. When each multi-group flow table of the second priority is not idle, the The tuple information is sent to the processing queue of the second priority flow table of the second priority.
  • the storage search module is specifically configured to: when the flow table is a multi-group flow table, the multi-group flow table includes a highest tuple flow table and a plurality of common tuple flow tables. And setting a common tuple flow table according to the multi-group information included in each packet header in the received packet type within the set time length; according to the packet type of the received packet, when the packet type When the packet type corresponding to the common tuple flow table is met, it is determined whether there is an idle common tuple flow table. When there is an idle common tuple flow table, the idle common tuple flow is searched according to the multi-group information.
  • the embodiment of the present invention provides a packet processing method and device based on TCAM and FPGA.
  • the switch extracts packet header information of the packet according to the packet type of the received packet, where the packet header information includes At least one unary information and at least one multi-group information, searching for a flow table corresponding to each information in each data packet header in parallel and integrating the output result, and determining that the multi-group information corresponds to when the data packet header information is a multi-group information Whether the multi-group flow table is idle, and sending the multi-group flow table to the processing queue of the multi-group flow table when not idle.
  • the unary information directly searches for the unary flow table, and when searching the multi-group flow table according to the multi-group information, it is necessary to determine whether the current flow table is idle. That is, it is determined whether the current flow table is occupied by other messages, and the flow table needs to be queued when the flow table is occupied. Therefore, the solution provided by the embodiment of the present invention can effectively implement deep analysis of the message, and the parallel and serial connection are used. The combination method can effectively correlate the results obtained by the previous lookup table, and effectively improve the processing efficiency of the message.
  • FIG. 1 is a flow chart of packet processing based on TCAM and FPGA according to an embodiment of the present invention
  • FIG. 2 is a flow chart of packet processing based on TCAM and FPGA according to Embodiment 1 of the present invention
  • FIG. 3 is a schematic diagram of a processing process based on TCAM and FPGA according to Embodiment 2 of the present invention
  • FIG. 4 is a schematic diagram of a process based on TCAM and FPGA according to Embodiment 3 of the present invention.
  • FIG. 5 is a schematic diagram of packet processing based on TCAM and FPGA according to Embodiment 4 of the present invention.
  • FIG. 6 is a schematic structural diagram of a message processing apparatus based on TCAM and FPGA according to an embodiment of the present invention. detailed description
  • a message processing method and device based on TCAM and FPGA are provided.
  • FIG. 1 is a flowchart of packet processing based on TCAM and FPGA according to an embodiment of the present invention, where the process includes the following steps:
  • the switch identifies the packet type of the received packet, and extracts data packet header information of the packet according to the packet header extraction rule corresponding to the identified packet type, where the data packet header information includes at least one unary information. And at least one tuple information.
  • the packet type includes an IP packet, a TCP packet, and the like, and the packet type of the packet can be identified according to the information carried in the packet.
  • the data packet header information extracted in the data packet header of the packet in the embodiment of the present invention includes: at least one unary information and at least one multi-group information, wherein the unary information may be, for example, VLAN information, MAC address information, port number information, etc.
  • the group information is information composed of a plurality of unary information, and may be, for example, 4-tuple information, 7-tuple information, 9-tuple information, 12-tuple information, 14-tuple information, 15-tuple information, etc., through the multi-group
  • the information can determine the type of the text, and can determine the source and whereabouts of the message for subsequent lookup of the multi-group flow table.
  • the EtherCAT industrial protocol message commonly used in industrial communication can parse the 4-tuple information from the packet header of the message, and the 4-tuple information includes: the ingress port number, the source MAC address, the destination MAC address, and the Ethernet protocol.
  • the switch can accurately determine which packet is an EtherCAT packet from the data stream, and at the same time obtain the source and location of the packet for subsequent matching of the multi-group flow table.
  • the 12-tuple information can be parsed from the packet header of the packet.
  • the 12-tuple information includes: the ingress port number, the source MAC address, the destination MAC address, the VLAN ID, the priority, and the Ethernet.
  • the switch can accurately determine which packet is a ModBus TCP packet from the data stream. And at the same time get the source and where to go for this message, for subsequent matching to use the multi-group flow table.
  • a corresponding packet header extraction rule is set for each type of packet, that is, for each packet type, in order to implement deep analysis of the packet, the packet of the type may be preset.
  • the extracted packet header information forms a corresponding packet header extraction rule according to the packet header information, so as to extract the packet header information of the subsequent corresponding type of packet.
  • the flow table in order to effectively improve the processing efficiency of the packet, and reduce the delay of the packet processing, when the packet header information of the packet is extracted, when the flow table is searched according to each packet header information, the flow table is used.
  • the lookup process can be performed in parallel, that is, each flow table is called in parallel for searching.
  • the information is the multi-group information
  • the multi-group flow table generally includes: an ingress port number, a source MAC address, a destination MAC address, and a VLAN. ID, priority, Ethernet type, source IP address, destination IP address, IP protocol type, TCP source port, TCP destination port, ToS, etc., generally corresponding to the extracted multi-group information configuration flow table content. For example, if it is 4-tuple information, the 4-tuple information includes: an inbound port number, a source MAC address, and a destination MAC address, and the corresponding multi-group flow table includes an inbound port number, a source MAC address, and a destination MAC address information.
  • the 12-tuple information includes: Incoming port number, source MAC address, destination MAC address, VLAN ID, priority, MAC protocol type, source IP address, destination IP address, IP protocol type, TCP source
  • the port, the TCP destination port, and the ToS the corresponding multi-group flow table includes: the inbound port number, the source MAC address, the destination MAC address, the VLAN ID, the priority, the Ethernet type, the source IP address, the destination IP address, and the IP address. Protocol type, TCP source port, TCP destination port, ToS information.
  • the switch searches for each corresponding flow table in parallel for each information in the data packet header information, but because the meta-information and the multi-group information exist in the data packet header information, the flow table is searched according to the unary information.
  • the comparison is fast, and the flow table is relatively slow to search according to the multi-group information. Therefore, the flow table required for the message may be used by other messages, that is, the flow table is currently not idle, and the information is guaranteed. For a valid lookup, this information needs to be sent to the processing queue of the flow table.
  • the extracted packet header information includes the multi-group information, and when the multi-group information is searched for the flow table, the multi-group information has mutual dependence, and needs to be based on a certain element or The result of finding a certain meta-information is combined with other meta-information to perform the next search, and then the search is completed according to the need, so the multi-group information is performed in a serial manner when searching for the flow table, thereby realizing A deep analysis of the message.
  • the unary information directly searches for the unary flow table, and when searching the multi-group flow table according to the multi-group information, it is necessary to determine whether the current flow table is idle. That is, it is determined whether the current flow table is occupied by other messages, and the flow table needs to be queued when the flow table is occupied. Therefore, the solution provided by the embodiment of the present invention can effectively implement deep analysis of the message, and the parallel and serial connection are used. The combination method can effectively correlate the results obtained by the previous lookup table, and effectively improve the processing efficiency of the message.
  • the method further includes:
  • each information is obtained, and the secondary flow table corresponding to each information is searched for, and the secondary flow table corresponding to each information is searched in parallel, and the search result is integrated with the search result of the unary information and the multi-group information, and then output.
  • the multi-group information is parsed twice to obtain each information, and each information is A secondary flow table is set in the switch, and each information is searched according to each secondary flow table corresponding to the corresponding search result.
  • the received message is a Modbus TCP packet
  • the 12-tuple information of the packet is first parsed
  • the 12-tuple information includes: an inbound port number, a source MAC address, a destination MAC address, a VLAN ID, a priority, and a MAC address).
  • Protocol type source IP address, destination IP address, IP protocol type, TCP source port, TCP destination port, ToS).
  • the message can be determined according to the four types of information: MAC protocol type, IP protocol type, TCP destination port, and TCP source port.
  • the text is a Modbus TCP packet, which contains the MBAP header. Therefore, the packet needs to be parsed twice, and then the MBAP header of the packet is parsed for analysis.
  • the 4-tuple information of the packet is first parsed (the 4-tuple information includes: an ingress port, a source MAC address, a destination MAC address, and a MAC protocol type), according to the 4 yuan.
  • the MAC protocol type in the group information can be determined that the packet is an Ethernet PowerLink packet, but the packet information needs to be parsed twice, and then the Powerlink packet type, the destination NODE ID, and the source NODE of the packet are parsed. ID information for analysis.
  • FIG. 2 is a schematic diagram of a packet processing process based on TCAM and FPGA according to Embodiment 1 of the present invention, where the process includes the following steps:
  • the switch identifies the packet type of the received packet, and extracts data packet header information of the packet according to the packet header extraction rule corresponding to the identified packet type, where the data packet header information
  • the information includes at least one unary information and at least one tuple information.
  • step S202 Search each flow table corresponding to each information in parallel according to the correspondence between each information in the saved data packet header and the flow table. It is determined whether the current information is unary information. When the current information is unary information, step S203 is performed; otherwise, step S204 is performed.
  • S204 Determine whether the multi-group flow table corresponding to the multi-group information is currently idle. When the multi-group flow table is not idle, send the multi-group information to a processing queue of the multi-group flow table. Otherwise, Finding the multi-group flow table according to the multi-group information and determining a search result. At the same time, the search result is sent to S207.
  • S205 Perform secondary analysis on each multi-group information.
  • S206 Obtain each information according to the parsing, and a secondary flow table corresponding to each information, and search for a secondary flow table corresponding to each information in parallel.
  • the search result is integrated with the search result of the unary information and the multi-group information, and then output.
  • the secondary flow table may be used, so there are multiple search results, in order to ensure the final output.
  • the integrating the search result after the outputting in the embodiment of the present invention comprises: adding a packet descriptor to each information of the extracted data packet header, and obtaining each search result including the packet descriptor;
  • each search result is integrated and output.
  • each packet whose result belongs is identified.
  • each type of packet has its corresponding packet extraction rule, how many search results are obtained is also known. Therefore, when receiving the search result including the same packet descriptor, determining whether the number of currently obtained search results satisfies the packet type according to the packet type of the corresponding packet The number of corresponding search results. When the number of search results currently obtained satisfies the number of search results corresponding to the message type, each search result is integrated and output, thereby improving packet processing efficiency while ensuring packet processing efficiency. accuracy.
  • FIG. 3 is a schematic diagram of a process of processing a message based on a TCAM and an FPGA according to Embodiment 2 of the present invention.
  • the switch according to the packet type of the packet for example, may specifically report the packet according to the MAC type.
  • the text is parsed according to the packet header extraction rule corresponding to the parsed packet type, and the packet header information of the packet is extracted, and the specific extracted information may be a meta-information VLAN information and a MAC information, and a multi-group information-12 tuple information.
  • the switch searches for the flow table corresponding to each information in parallel according to the correspondence between each information in the saved packet header and the flow table. Specifically, the VLAN table is searched according to the extracted VLAN information, and the MAC table is searched according to the extracted MAC information, and the 12-tuple table is searched according to the extracted 12-tuple information.
  • searching for the unary flow table that is, looking up the VLAN table and the MAC table in FIG. 3, directly searching for the corresponding VLAN table and MAC table according to the VLAN information and the MAC information, and searching for the 12-tuple table according to the 12-tuple group.
  • the 12-tuple table is searched serially according to the 12-tuple until the search result is determined.
  • Each search result is found after each flow table is searched, and is identified as action 1, action 2, and action 3 in FIG. 3, wherein the action 1 to action 3 carry the same packet descriptor (packet 1 descriptor).
  • each of the custom fields is searched for a custom table 1 to a custom table 3, and each table lookup result is obtained after the table lookup, and is identified as action 4, action 5, and action 6 in FIG.
  • the same packet descriptor (packet 1 descriptor) is also carried in actions 4 to 6.
  • the packet type of the packet it is determined whether the number of the currently obtained search results satisfies the number of search results corresponding to the packet type, and when satisfied, each will be The search results are integrated and output.
  • a plurality of multi-group flow tables may be set, and specifically, a plurality of highest tuple flow tables may be set. According to the packet type of the various packets received by the switch, and the multi-group information included in the packet header information in each type of packet extracted, the tuple of the highest tuple in the packet header information may be determined.
  • the packet header information extracted by the switch includes 4-tuple information, 7-tuple information, 12-tuple information, and 15-tuple information, and the highest The tuple flow table is a 15-tuple flow table.
  • determining the lookup results includes:
  • each of the multi-group flow tables of the second priority is idle; when the second priority has an idle multi-group flow table, according to the multiple The group information finds the idle multi-group flow table and determines a search result, and when the multi-group flow table of the second priority is not idle, sending the multi-group information to the second priority multi-group The processing table of the flow table.
  • the plurality of highest tuple flow tables are divided into two groups, one of which is a first priority multi-group flow table, and the other is a second priority multi-group flow table, and
  • the packet type, preset priority conditions, also divides the packets into different priorities.
  • the first priority multi-group flow table is used for searching, if each multi-group flow of the first priority
  • the table is not idle, and when the second priority has an idle multi-group flow table, the second priority can also be used.
  • the multi-group flow table performs a search. If the first priority level and the second priority do not have an idle multi-group flow table, the multi-group information is sent to the processing queue of the first priority multi-group flow table.
  • the second priority flow table is used for searching, when each second of the second priority When the group flow table is not idle, the multi-group information is sent to the processing queue of the second-priority multi-group flow table.
  • FIG. 4 is a schematic diagram of a processing process based on TCAM and FPGA according to Embodiment 3 of the present invention, the process comprising the following steps:
  • the switch identifies the packet type of the received packet, and extracts packet header information of the packet according to the packet header extraction rule corresponding to the identified packet type, where the packet header information includes at least one meta-information. And at least one tuple information.
  • step S402 Search each flow table corresponding to each information in parallel according to the correspondence between each information in the saved data packet header and the flow table. It is determined whether the current information is unary information. When the current information is unary information, step S403 is performed; otherwise, step S404 is performed.
  • step S404 Determine whether the priority of the packet meets a preset priority condition, and if the determination result is yes, proceed to step S405; otherwise, proceed to step S406.
  • S405 determining whether each of the multi-group flow tables of the first priority is idle; when the first priority has an idle multi-group flow table, searching for the first-priority idle multi-group flow table according to the multi-group information and Determining a search result, when each of the multi-group flow tables of the first priority is not idle, determining whether each of the multi-group flow tables of the second priority is idle, and when the second priority has an idle multi-group flow table, Finding the idle second priority multi-group flow table according to the multi-group information and determining a search result, otherwise, sending the multi-group information to a processing queue of the first priority multi-group flow table . And after determining the search result, the search result is sent to step S409.
  • step S406 determining whether each of the multi-group flow tables of the second priority is idle; when the second priority has an idle multi-group flow table, searching for the idle multi-group flow table according to the multi-group information and determining Looking for a result, when each of the multi-group flow tables of the second priority is not idle, the multi-group information is sent to a processing queue of the second-priority multi-group flow table. And after determining the search result, the search result is sent to step S409.
  • S407 Perform secondary analysis on each of the multi-group information.
  • S408 Obtain each information according to the parsing, and a secondary flow table corresponding to each information, and search for a secondary flow table corresponding to each information in parallel.
  • S409 The search result is integrated with the search result of the unary information and the multi-group information, and then output.
  • one or several highest tuple flow tables and a plurality of common tuple flow tables may be set, wherein the received according to the set time length Set the common tuple flow table for the multi-group information contained in each packet header in the message type.
  • determining the search result includes:
  • the packet type of the received packet when the packet type satisfies the packet type corresponding to the common tuple flow table, it is determined whether there is an idle common tuple flow table, and when there is an idle common tuple flow table And searching for the idle common tuple flow table according to the multi-group information and determining a search result, otherwise, sending the multi-group information to a processing queue of the common tuple flow table;
  • the packet type does not meet the packet type corresponding to the common tuple flow table, it is determined whether the highest tuple flow table is idle.
  • the highest tuple flow table is searched according to the multi-group information. The flow table determines the lookup result, otherwise, the tuple information is sent to the processing queue of the highest tuple flow table.
  • the common multi-group flow table is set according to the multi-group information included in each packet header of the packet type received by the switch within the set time length, for example, the switch is in a half year or a year.
  • the common tuple flow table may be a 5-tuple flow table.
  • the common tuple flow table can be set more than one, which is convenient for subsequent search.
  • the packet type of various messages received by the switch and the multi-group information included in the packet header information in each type of packet extracted, it can be determined how many elements of the highest tuple in the packet header information are.
  • Group, according to the highest tuple set a plurality of highest tuple flow table, for subsequent search,
  • the packet header information extracted by the switch includes 4-tuple information, 7-tuple information, 12-tuple information, and 15-tuple information
  • the highest tuple flow table is a 15-tuple flow table.
  • each packet After receiving each packet, it determines whether the packet type satisfies the packet type corresponding to the common tuple flow table according to the identified packet type. This is because each packet type has its corresponding packet extraction rule. It is determined that the multi-group information extracted by each message type is also known. Therefore, according to the message type of the message, it can be determined whether the multi-group information in the packet header information of the message is searched by using a common tuple flow table. .
  • the common meta-group flow table is used for searching. Otherwise, the highest tuple flow table is used for searching.
  • a plurality of common tuple flow tables may be further classified into different priority groups, and the packets are prioritized for the packet type, and the priority is high.
  • the packets can be searched by using the high-priority common tuple flow table and the idle low-priority common tuple flow table.
  • the low-priority packets can only be searched by the low-priority common tuple flow table.
  • FIG. 5 is a schematic diagram of packet processing based on TCAM and FPGA according to Embodiment 4 of the present invention, to further illustrate the technical effects of the embodiment of the present invention.
  • the switch receives message 1
  • the input time of the message 1 that is, the time for receiving the message 1 is 00.
  • the corresponding packet extraction rule is used to extract the packet header information of the packet, and the time for completing the packet parsing may be 01, and the parallel search for each packet header information is performed.
  • Flow table when the switch receives message 1, the input time of the message 1, that is, the time for receiving the message 1 is 00.
  • the corresponding packet extraction rule is used to extract the packet header information of the packet, and the time for completing the packet parsing may be 01, and the parallel search for each packet header information is performed.
  • the matching completion time of the lookup flow table 1 is 02, that is, the time for determining the search result is 02 (actionl arrival time 02 in FIG. 5), and the matching completion time of the search flow table 2 is 03, that is, the time for determining the search result is 03. (action2 arrival time 03 in Fig. 5).
  • flow table 2 is a multi-group flow table, and the multi-group information in the packet header information needs to be searched sequentially for the multi-group flow table in a serial manner, so that time-consuming relative Said longer.
  • the completion time is 04, and four pieces of information are obtained by parsing, and each information corresponding to the corresponding secondary flow table is flow table 3 to flow table 6, respectively, and each search is performed in parallel.
  • the time for finding the matching completion is 05, that is, the time for determining the search result is 05 (action3 ⁇ action6 arrival time 05 in Fig. 5).
  • the packet type of the packet and the packet 1 descriptor information carried in each search result when the number of the search results is the same as the number of packets corresponding to the packet type, the result is integrated and output, and the final action is output.
  • the time is 06. According to the above description, when the message 1 is processed, the final final action output time is 06, and a total of 7 time slices are occupied.
  • the switch When the switch receives the packet 2, it reports the input time of the packet 2, that is, the time for receiving the packet 2 is 01. According to the message type of the message, the corresponding packet extraction rule is used to extract the packet header information of the packet, and the time for completing the packet parsing is 02, and the parallel search for each packet header information is performed. Flow table.
  • the packet header information of the extracted packet 2 contains only one information, so it is only necessary to find the flow table 1 , and the flow table 1 finds that the matching completion time is 03, that is, the time for determining the search result is 03 (the actionl arrives in FIG. 5) Time 04).
  • the packet type of the packet and the packet 2 descriptor information carried in each search result when the number of the search result is the same as the number of the data packet corresponding to the packet type, the result is integrated and output, and the final action is output.
  • the time is 05. Because the message 2 only matches the flow table 1, the search result can be output at time 05, and the switch does not need to process the message 1 after processing the message, thereby improving the processing efficiency of the message.
  • the switch When the switch receives the packet 3, it reports the input time of the packet 3, that is, the time for receiving the packet 3 is 02. According to the message type of the message, the corresponding packet extraction rule is used to extract the packet header information of the packet, and the time for completing the packet parsing is 03, and the parallel search for each packet header information is performed. Flow table.
  • the packet header information of the extracted packet 2 contains only one information, so only the flow table 2 needs to be searched.
  • the flow table 2 is idle, and the flow table 2 finds that the matching completion time is 05, that is, the time for determining the search result is 05 (actionl arrival time 05 in Figure 5).
  • the search result can be output at time 06, and the switch does not need to process the packet 1 after processing the packet, thereby improving the processing efficiency of the packet.
  • the packet processing mode in the embodiment of the present invention effectively improves the efficiency of packet processing, and implements deep processing of the packet.
  • FIG. 6 is a schematic structural diagram of a packet processing apparatus based on TCAM and FPGA according to an embodiment of the present disclosure, where the apparatus includes:
  • the parsing and extracting module 61 is configured to identify a packet type of the received packet, and extract a packet header information of the packet according to the packet header extraction rule corresponding to the identified packet type, where the packet header information includes at least one Unary information, and at least one tuple information;
  • the storage search module 62 is configured to search each flow table corresponding to each information in parallel according to the correspondence between each information in the saved data packet header and the flow table, where, when the information is unary information, according to the unary unit a unitary flow table corresponding to the information, determining a search result; when the information is the multi-group information, determining whether the multi-group flow table corresponding to the multi-group information is currently idle, and when the multi-group flow table is not idle, The multi-group information is sent to the processing queue of the multi-group flow table, otherwise, the multi-group flow table is searched according to the multi-group information and the search result is determined;
  • the arbitration module 63 is configured to integrate the search results and output the results.
  • the device also includes:
  • a secondary parsing module 64 configured to perform secondary parsing on the multi-group information
  • the storage lookup module 62 is further configured to: obtain each information according to the parsing, and a secondary flow table corresponding to each information, and search for a secondary flow table corresponding to each information in parallel;
  • the arbitration module 63 is further configured to integrate the search result with the search result of the unary information and the multi-group information, and output the result.
  • the arbitration module 63 is specifically configured to add a packet descriptor to each information of the extracted data packet header, and obtain each search result including the packet descriptor; and determine the current according to the packet type of the packet.
  • the number of the search results is equal to the number of search results corresponding to the message type. When the number of search results currently obtained satisfies the number of search results corresponding to the message type, each search result is integrated and output.
  • the storage search module 62 is specifically configured to: when the flow table is a multi-group flow table, the multiple The group flow table includes a plurality of highest tuple flow tables. When the priority of the packet satisfies a preset priority condition, it is determined whether each multi-group flow table of the first priority is idle; when the first priority is When there is an idle multi-group flow table, searching for the first priority idle multi-group flow table according to the multi-group information and determining a search result, when each multi-group flow table of the first priority is not idle, Determining whether each of the multi-group flow tables of the second priority is idle.
  • the second priority When the second priority has an idle multi-group flow table, searching for the idle second-priority multi-group flow table according to the multi-group information and determining If the priority of the packet does not satisfy the preset priority condition, the second determination is performed. Whether each of the priority group flow tables of the priority is idle; when the second priority has an idle multi-group flow table, searching the idle multi-group flow table according to the multi-group information and determining a search result, when the second priority When each of the multi-group flow tables of the level is not idle, the multi-group information is sent to the processing queue of the multi-group flow table of the second priority.
  • the storage lookup module 62 is configured to: when the flow table is a multi-group flow table, the multi-group flow table includes a highest tuple flow table and a plurality of common tuple flow tables, wherein The packet information included in each packet header of the received packet type is set, and the common tuple flow table is set. According to the packet type of the received packet, the packet type meets the corresponding tuple flow table. When the packet type is used, it is determined whether there is an idle common tuple flow table. When there is an idle common tuple flow table, the idle common tuple flow table is searched according to the multi-group information and the search result is determined.
  • the specific device can be located in the switch.
  • the embodiment of the present invention provides a packet processing method and device based on TCAM and FPGA.
  • the switch extracts packet header information of the packet according to the packet type of the received packet, where the packet header information includes At least one unary information and at least one tuple information, searching for a flow table corresponding to each information in each packet header in parallel and integrating the output result, and in the data
  • the packet header information is the multi-group information
  • the unary information directly searches for the unary flow table, and when searching the multi-group flow table according to the multi-group information, it is necessary to determine whether the current flow table is idle. That is, it is determined whether the current flow table is occupied by other messages, and the flow table needs to be queued when the flow table is occupied. Therefore, the solution provided by the embodiment of the present invention can effectively implement deep analysis of the message, and the parallel and serial connection are used. The combination method can effectively correlate the results obtained by the previous lookup table, and effectively improve the processing efficiency of the message.
  • modules in the devices in the embodiments can be adaptively changed and placed in one or more devices different from the embodiment.
  • the modules or units or components of the embodiments may be combined into one module or unit or component, and To divide them into multiple sub-modules or sub-units or sub-components.
  • any combination of the features disclosed in the specification, including the accompanying claims, the abstract and the drawings, and any methods so disclosed may be employed. Or combine all the processes or units of the device.
  • Each feature disclosed in the specification (including the accompanying claims, the abstract and the drawings) may be replaced by alternative features that provide the same, equivalent, or similar purpose, unless otherwise stated.
  • the various component embodiments of the present invention may be implemented in hardware, or in a software module running on one or more processors, or in a combination thereof.
  • a microprocessor or digital signal processor may be used in practice to implement some or all of the functionality of some or all of the components of the message processing device and switch in accordance with embodiments of the present invention.
  • the invention can also be implemented as a device or device program (e.g., a computer program and a computer program product) for performing some or all of the methods described herein.
  • the program of the present invention may be stored on a computer readable medium or may be in the form of one or more signals. Such signals may be downloaded from an Internet website, provided on a carrier signal, or provided in any other form.

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A TCAM and FPGA-based packet processing method and device. The method comprises: according to a packet type of a received packet, extracting, by a switch, data header information about the packet, wherein the data header information comprises at least one piece of unary information and at least one piece of multiple information; searching for flow tables corresponding to all pieces of information in each data header in parallel and integrating output results; and judging whether a multiple flow table corresponding to the multiple information is idle when the data header information is multiple information, and sending the multiple flow table to a processing queue of the multiple flow table when the multiple flow table is not idle. By means of the solution provided in the embodiments of the present invention, the deep parsing conducted on a packet can be effectively realized, and the results obtained by looking up a table previously can be effectively associated in a manner of combining parallel connection with series connection and the processing efficiency of the packet can be effectively increased.

Description

一种基于 TCAM和 FPGA的报文处理方法及装置 技术领域  Message processing method and device based on TCAM and FPGA
本发明涉及工业以太网通信技术领域, 尤其涉及一种基于 TCAM和 FPGA 的报文处理方法及装置。 背景技术  The present invention relates to the field of industrial Ethernet communication technologies, and in particular, to a packet processing method and apparatus based on TCAM and FPGA. Background technique
目前工业以太网发展非常迅速, 在各个行业都有了广泛的应用, 从而使 以太网通信在工业自动化领域的地位迅速升高。 但工业以太网通信存在以下 问题:  Industrial Ethernet is currently developing very rapidly and has a wide range of applications in various industries, making Ethernet communication a rapidly growing position in the field of industrial automation. However, Industrial Ethernet communication has the following problems:
在进行报文处理时包括: 交换机接收到报文后从报文中提取信息, 提取 的信息包括: ( Virtual Local Area Network, VLAN )信息、 MAC地址信息、 端口号等, 根据提取的信息查找对应的表, 并根据具体的查找进行相应的处 理。 具体的, 根据提取的 VLAN信息和端口号查找 VLAN表, 查询通过后, 再根据提取的 MAC地址查询二层地址转发表, 根据查询的结果转发该报文。  The packet processing includes: After receiving the packet, the switch extracts the information from the packet, and the extracted information includes: (Virtual Local Area Network, VLAN) information, MAC address information, port number, etc., and searches for corresponding information according to the extracted information. The table, and according to the specific lookup for the corresponding processing. Specifically, the VLAN table is searched according to the extracted VLAN information and the port number. After the query is passed, the Layer 2 address forwarding table is queried according to the extracted MAC address, and the packet is forwarded according to the result of the query.
上述整个报文的处理过程为串行分级处理, 流程间按照次序依次处理, 并且每个流程单独处理, 在每个流程中需要进行的查询工作也是串行进行的, 因此整个报文处理流程下来灵活度不高, 延时较高, 影响了报文的转发性能。  The processing process of the above-mentioned entire message is serial hierarchical processing, the processes are sequentially processed in order, and each process is processed separately, and the query work required in each process is also performed serially, so the entire packet processing flow is performed. The flexibility is not high and the delay is high, which affects the forwarding performance of packets.
工业通信中由于安全因素, 越来越迫切需要对报文进行深层次的解析处 理, 而目前的处理方式是报文通过交换机处理后发送到下一层进行更深层次 的处理, 而后续的处理过程也是串行的, 因此上述处理过程不能针对具体的 工业通信协议进行针对性的网络转发策略配置, 从而造成数据转发延时增大。  In the industrial communication, due to the security factor, it is more and more urgent to deeply analyze the packet. The current processing method is that the packet is processed by the switch and sent to the next layer for further processing, and the subsequent processing. It is also serial, so the above process cannot perform targeted network forwarding policy configuration for a specific industrial communication protocol, thereby causing an increase in data forwarding delay.
现有交换机实现安全的方式是通过 ACL , 在使用时, ACL是釆用串行查询 和匹配的方式, 匹配完一个流表后再匹配下一个, 流表一般釆用 TCAM实现。 在一个 FPGA内, 不可能用到大量独立的 TCAM, —般是将一个 TCAM划分成多个 逻辑表的形式来工作。 这时会遇到一个问题, 因为接收到的报文需要查找的 流表不同, 如果釆用串行处理方式, 将会严重阻碍对报文处理的效率, 从而 影响产品的数据吞吐率, 造成报文转发延迟增大。 发明内容 The way to implement security for existing switches is through ACL. In use, ACL uses serial query and matching. After matching a flow table, it matches the next one. The flow table is generally implemented by TCAM. In an FPGA, it is impossible to use a large number of independent TCAMs, generally dividing one TCAM into multiple Work in the form of a logical table. At this time, there will be a problem, because the received flow table needs to be searched for different flow tables. If the serial processing method is used, the efficiency of processing the message will be seriously hindered, thereby affecting the data throughput rate of the product and causing the report. The text forwarding delay increases. Summary of the invention
鉴于上述问题, 提出了本发明以便提供一种克服上述问题或者至少部分 地解决上述问题的一种基于 TCAM和 FPGA的报文处理方法及装置。  In view of the above problems, the present invention has been made in order to provide a TCAM and FPGA based message processing method and apparatus that overcomes the above problems or at least partially solves the above problems.
本发明实施例提供了一种基于 TCAM和 FPGA的报文处理方法, 该方法 包括:  The embodiment of the invention provides a packet processing method based on TCAM and FPGA, and the method includes:
交换机识别接收到的报文的报文类型, 根据识别到的报文类型对应的数 据包头提取规则, 提取该报文的数据包头信息, 其中所述数据包头信息中包 括至少一个一元信息, 及至少一个多元组信息;  The switch identifies the packet type of the received packet, and extracts packet header information of the packet according to the packet header extraction rule corresponding to the identified packet type, where the packet header information includes at least one unary information, and at least a multi-group information;
根据保存的数据包头中的每个信息及流表的对应关系, 并行查找每个信 息对应的每个流表, 并将查找结果整合后输出, 其中,  According to the correspondence between each information in the saved packet header and the flow table, each flow table corresponding to each information is searched in parallel, and the search results are integrated and output, wherein
当该信息为一元信息时, 根据所述一元信息对应的一元流表, 确定查找 结果;  When the information is unary information, determining a search result according to the unary flow table corresponding to the unary information;
当该信息为多元组信息时, 判断所述多元组信息对应的多元组流表当前 是否空闲, 当所述多元组流表非空闲时, 将所述多元组信息发送到所述多元 组流表的处理队列中, 否则, 根据所述多元组信息查找所述多元组流表并确 定查找结果。  When the information is the multi-group information, it is determined whether the multi-group flow table corresponding to the multi-group information is currently idle, and when the multi-group flow table is not idle, sending the multi-group information to the multi-group flow table. In the processing queue, otherwise, the multi-group flow table is searched according to the multi-group information and the search result is determined.
为了进一步实现对报文的深层次处理, 所述根据所述多元组信息查找所 述多元组流表并确定查找结果后, 所述方法还包括:  In order to further implement the deep processing of the packet, after the searching for the multi-group flow table according to the multi-group information and determining the search result, the method further includes:
对所述多元组信息进行二次解析;  Performing secondary analysis on the multi-group information;
根据解析后获得每个信息, 及每个信息对应的二次流表, 并行查找每个 信息对应的二次流表, 并将查找结果与一元信息及多元组信息的查找结果整 合后输出。  According to the parsing, each information is obtained, and the secondary flow table corresponding to each information is searched for, and the secondary flow table corresponding to each information is searched in parallel, and the search result is integrated with the search result of the unary information and the multi-group information, and then output.
为了保证处理结果的准确性, 在本发明实施例中, 所述将查找结果整合 后输出包括: In order to ensure the accuracy of the processing result, in the embodiment of the present invention, the search result is integrated The post output includes:
在提取得到的数据包头的每个信息中添加包描述符, 并获得包含该包描 述符的每个查找结果;  Adding a packet descriptor to each piece of information of the extracted packet header, and obtaining each search result including the packet descriptor;
根据所述报文的报文类型, 判断当前得到查找结果的数量是否满足该报 文类型对应的查找结果数量;  Determining, according to the packet type of the packet, whether the number of the currently obtained search results satisfies the number of search results corresponding to the packet type;
当当前得到的查找结果数量满足该报文类型对应的查找结果数量时, 将 每个查找结果整合后输出。  When the number of currently obtained search results satisfies the number of search results corresponding to the message type, each search result is integrated and output.
为了进一步提高报文的处理效率, 当所述流表为多元组流表时, 所述多 元组流表为包括多个最高元组流表, 确定查找结果包括:  To further improve the processing efficiency of the packet, when the flow table is a multi-group flow table, the multi-group flow table includes a plurality of highest-level tuple flow tables, and determining the search result includes:
判断所述报文的优先级;  Determining the priority of the message;
当所述报文的优先级满足预设的优先级条件时, 判断第一优先级的每个 多元组流表是否空闲; 当第一优先级存在空闲多元组流表时, 根据所述多元 组信息查找所述第一优先级空闲的多元组流表并确定查找结果, 当所述第一 优先级的每个多元组流表非空闲时, 判断第二优先级的每个多元组流表是否 空闲, 当第二优先级存在空闲多元组流表时, 根据所述多元组信息查找所述 空闲的第二优先级的多元组流表并确定查找结果, 否则, 将所述多元组信息 发送到所述第一优先级的多元组流表的处理队列中;  When the priority of the packet satisfies a preset priority condition, determining whether each of the multi-group flow tables of the first priority is idle; when the first priority has an idle multi-group flow table, according to the multi-group The information is searched for the first priority idle multi-group flow table and determines a search result. When each multi-group flow table of the first priority is not idle, determining whether each multi-group flow table of the second priority is Idle, when the second priority has an idle multi-group flow table, searching for the idle second-priority multi-group flow table according to the multi-group information and determining a search result, otherwise, sending the multi-group information to The processing queue of the first priority multi-group flow table;
当所述报文的优先级不满足预设的优先级条件时, 判断第二优先级的每 个多元组流表是否空闲; 当第二优先级存在空闲多元组流表时, 根据所述多 元组信息查找所述空闲多元组流表并确定查找结果, 当所述第二优先级的每 个多元组流表非空闲时, 将所述多元组信息发送到所述第二优先级的多元组 流表的处理队列中。  When the priority of the packet does not meet the preset priority condition, it is determined whether each of the multi-group flow tables of the second priority is idle; when the second priority has an idle multi-group flow table, according to the multiple The group information finds the idle multi-group flow table and determines a search result, and when the multi-group flow table of the second priority is not idle, sending the multi-group information to the second priority multi-group The processing table of the flow table.
为了进一步提高报文的处理效率, 当所述流表为多元组流表时, 所述多 元组流表包括最高元组流表和多个常用元组流表, 其中根据设定时间长度内 接收到的报文类型中每个数据包头中包含的多元组信息, 设置常用元组流表; 其中, 确定查找结果包括:  In order to further improve the processing efficiency of the packet, when the flow table is a multi-group flow table, the multi-group flow table includes a highest tuple flow table and a plurality of common tuple flow tables, wherein the receiving according to the set time length is received. Set the common tuple flow table in the packet type included in each packet header, and set the common tuple flow table; wherein, determining the search result includes:
根据接收到的报文的报文类型, 当所述报文类型满足常用元组流表对应 的报文类型时, 判断是否存在空闲的常用元组流表, 当存在空闲的常用元组 流表时, 根据所述多元组信息查找所述空闲的常用元组流表并确定查找结果, 否则, 将所述多元组信息发送到所述常用元组流表的处理队列中; According to the packet type of the received packet, when the packet type meets the common tuple flow table, When the packet type is available, it is determined whether there is an idle common tuple flow table. When there is an idle common tuple flow table, the idle common tuple flow table is searched according to the multi-group information and the search result is determined. Otherwise, Transmitting the multi-group information to a processing queue of the common tuple flow table;
当所述报文类型不满足常用元组流表对应的报文类型时, 判断最高元组 流表是否空闲, 当最高元组流表空闲时, 根据所述多元组信息查找所述最高 元组流表并确定查找结果, 否则, 将所述多元组信息发送到所述最高元组流 表的处理队列中。  When the packet type does not meet the packet type corresponding to the common tuple flow table, it is determined whether the highest tuple flow table is idle. When the highest tuple flow table is idle, the highest tuple is searched according to the multi-group information. The flow table determines the lookup result, otherwise, the tuple information is sent to the processing queue of the highest tuple flow table.
本发明实施例提供了一种基于 TCAM和 FPGA的报文处理装置, 所述装 置包括:  The embodiment of the invention provides a message processing device based on TCAM and FPGA, and the device comprises:
解析提取模块, 用于识别接收到的报文的报文类型, 根据识别到的报文 类型对应的数据包头提取规则, 提取该报文的数据包头信息, 其中所述数据 包头信息包括至少一个一元信息, 及至少一个多元组信息;  The parsing and extracting module is configured to identify a packet type of the received packet, and extract a packet header information of the packet according to the packet header extraction rule corresponding to the identified packet type, where the packet header information includes at least one unary Information, and at least one tuple information;
存储查找模块, 用于根据保存的数据包头中的每个信息及流表的对应关 系, 并行查找每个信息对应的每个流表, 其中, 当该信息为一元信息时, 根 据所述一元信息对应的一元流表, 确定查找结果; 当该信息为多元组信息时, 判断所述多元组信息对应的多元组流表当前是否空闲, 当所述多元组流表非 空闲时, 将所述多元组信息发送到所述多元组流表的处理队列中, 否则, 根 据所述多元组信息查找所述多元组流表并确定查找结果;  a storage search module, configured to search each flow table corresponding to each information in parallel according to the correspondence between each information in the saved data packet header and the flow table, where, when the information is unary information, according to the unary information Corresponding one-way flow table, determining a search result; when the information is multi-group information, determining whether the multi-group flow table corresponding to the multi-group information is currently idle, and when the multi-group flow table is not idle, The group information is sent to the processing queue of the multi-group flow table, otherwise, the multi-group flow table is searched according to the multi-group information and the search result is determined;
仲裁模块, 用于将查找结果整合后输出。  Arbitration module, used to integrate the search results and output.
为了进一步实现对报文的深层次处理, 所述装置还包括:  In order to further implement deep processing of the message, the device further includes:
二次解析模块, 用于对所述多元组信息进行二次解析;  a secondary parsing module, configured to perform secondary parsing on the multi-group information;
存储查找模块, 还用于根据解析后获得每个信息, 及每个信息对应的二 次流表, 并行查找每个信息对应的二次流表;  The storage search module is further configured to: obtain each information according to the parsing, and a secondary flow table corresponding to each information, and search for a secondary flow table corresponding to each information in parallel;
仲裁模块, 还用于将查找结果与一元信息及多元组信息的查找结果整合 后输出。  The arbitration module is further configured to integrate the search result with the search result of the unary information and the multi-group information and output the result.
为了保证报文处理的准确性, 所述仲裁模块, 具体用于在提取得到的数 据包头的每个信息中添加包描述符, 并获得包含该包描述符的每个查找结果; 根据所述报文的报文类型, 判断当前得到查找结果的数量是否满足该报文类 型对应的查找结果数量; 当当前得到的查找结果数量满足该报文类型对应的 查找结果数量时, 将每个查找结果整合后输出。 In order to ensure the accuracy of the packet processing, the arbitration module is specifically configured to add a packet descriptor to each information of the extracted data packet header, and obtain each search result including the packet descriptor; Determining, according to the packet type of the packet, whether the number of the currently obtained search results satisfies the number of search results corresponding to the packet type; when the number of currently obtained search results satisfies the number of search results corresponding to the packet type, The results of the search are integrated and output.
为了进一步提高报文的处理效率, 所述存储查找模块, 具体用于当所述 流表为多元组流表时, 所述多元组流表为包括多个最高元组流表, 当所述才艮 文的优先级满足预设的优先级条件时, 判断第一优先级的每个多元组流表是 否空闲; 当第一优先级存在空闲多元组流表时, 根据所述多元组信息查找所 述第一优先级空闲的多元组流表并确定查找结果, 当所述第一优先级的每个 多元组流表非空闲时, 判断第二优先级的每个多元组流表是否空闲, 当第二 优先级存在空闲多元组流表时, 根据所述多元组信息查找所述空闲的第二优 先级的多元组流表并确定查找结果, 否则, 将所述多元组信息发送到所述第 一优先级的多元组流表的处理队列中; 当所述报文的优先级不满足预设的优 先级条件时, 判断第二优先级的每个多元组流表是否空闲; 当第二优先级存 在空闲多元组流表时, 根据所述多元组信息查找所述空闲多元组流表并确定 查找结果, 当所述第二优先级的每个多元组流表非空闲时, 将所述多元组信 息发送到所述第二优先级的多元组流表的处理队列中。  In order to further improve the processing efficiency of the packet, the storage search module is specifically configured to: when the flow table is a multi-group flow table, the multi-group flow table includes a plurality of highest tuple flow tables, when When the priority of the message satisfies the preset priority condition, it is determined whether each of the multi-group flow tables of the first priority is idle; when the first priority has an idle multi-group flow table, the search is performed according to the multi-group information Determining a result of the first priority idle multi-group flow table and determining a search result. When each of the multi-group flow tables of the first priority is not idle, determining whether each multi-group flow table of the second priority is idle, when When the second priority has an idle multi-group flow table, searching for the idle second priority multi-group flow table according to the multi-group information and determining a search result, otherwise, sending the multi-group information to the first Determining, in the processing queue of a priority multi-group flow table, when the priority of the packet does not satisfy the preset priority condition, determining whether each multi-group flow table of the second priority is idle; When the priority multi-group flow table exists, the idle multi-group flow table is searched according to the multi-group information, and the search result is determined. When each multi-group flow table of the second priority is not idle, the The tuple information is sent to the processing queue of the second priority flow table of the second priority.
为了进一步提高报文的处理效率, 所述存储查找模块, 具体用于当所述 流表为多元组流表时, 所述多元组流表包括最高元组流表和多个常用元组流 表, 其中根据设定时间长度内接收到的报文类型中每个数据包头中包含的多 元组信息, 设置常用元组流表; 根据接收到的报文的报文类型, 当所述报文 类型满足常用元组流表对应的报文类型时, 判断是否存在空闲的常用元组流 表, 当存在空闲的常用元组流表时, 根据所述多元组信息查找所述空闲的常 用元组流表并确定查找结果, 否则, 将所述多元组信息发送到所述常用元组 流表的处理队列中; 当所述报文类型不满足常用元组流表对应的报文类型时, 判断最高元组流表是否空闲, 当最高元组流表空闲时, 根据所述多元组信息 查找所述最高元组流表并确定查找结果, 否则, 将所述多元组信息发送到所 述最高元组流表的处理队列中。 本发明实施例提供了一种基于 TCAM和 FPGA的报文处理方法及装置, 该方法中交换机根据接收到的报文的报文类型, 提取报文的数据包头信息, 其中该数据包头信息中包括至少一个一元信息及至少一个多元组信息, 并行 的查找每个数据包头中的每个信息对应的流表并整合输出结果, 并在该数据 包头信息为多元组信息时, 判断多元组信息对应的多元组流表是否空闲, 在 非空闲时将该多元组流表发送到所述多元组流表的处理队列中。 由于在本发 明实施例提取的数据包头信息中包含一元信息及多元组信息, 一元信息直接 查找一元流表即可, 而根据多元组信息查找多元组流表时, 需要判断当前流 表是否空闲, 即判断当前流表是否被其他报文占用, 当该流表被占用时需要 排队等候, 因此本发明实施例提供的方案可以有效的实现对报文的深层次解 析, 并且釆用该并联及串联结合的方式可以有效对之前查表得到的结果进行 关联, 并有效的提高报文的处理效率。 To further improve the processing efficiency of the packet, the storage search module is specifically configured to: when the flow table is a multi-group flow table, the multi-group flow table includes a highest tuple flow table and a plurality of common tuple flow tables. And setting a common tuple flow table according to the multi-group information included in each packet header in the received packet type within the set time length; according to the packet type of the received packet, when the packet type When the packet type corresponding to the common tuple flow table is met, it is determined whether there is an idle common tuple flow table. When there is an idle common tuple flow table, the idle common tuple flow is searched according to the multi-group information. And determining the result of the search, otherwise, sending the multi-group information to the processing queue of the common tuple flow table; when the packet type does not meet the packet type corresponding to the common tuple flow table, the judgment is the highest Whether the tuple flow table is idle, and when the highest tuple flow table is idle, searching for the highest tuple flow table according to the multi-group information and determining a search result, otherwise, sending the multi-group information The tuple processing queue up in the flow table. The embodiment of the present invention provides a packet processing method and device based on TCAM and FPGA. In this method, the switch extracts packet header information of the packet according to the packet type of the received packet, where the packet header information includes At least one unary information and at least one multi-group information, searching for a flow table corresponding to each information in each data packet header in parallel and integrating the output result, and determining that the multi-group information corresponds to when the data packet header information is a multi-group information Whether the multi-group flow table is idle, and sending the multi-group flow table to the processing queue of the multi-group flow table when not idle. Since the data packet header information extracted by the embodiment of the present invention includes the unary information and the multi-group information, the unary information directly searches for the unary flow table, and when searching the multi-group flow table according to the multi-group information, it is necessary to determine whether the current flow table is idle. That is, it is determined whether the current flow table is occupied by other messages, and the flow table needs to be queued when the flow table is occupied. Therefore, the solution provided by the embodiment of the present invention can effectively implement deep analysis of the message, and the parallel and serial connection are used. The combination method can effectively correlate the results obtained by the previous lookup table, and effectively improve the processing efficiency of the message.
上述说明仅是本发明技术方案的概述, 为了能够更清楚了解本发明的技 术手段, 而可依照说明书的内容予以实施, 并且为了让本发明的上述和其它 目的、 特征和优点能够更明显易懂, 以下特举本发明的具体实施方式。 附图说明  The above description is only an overview of the technical solutions of the present invention, and the technical means of the present invention can be more clearly understood, and can be implemented in accordance with the contents of the specification, and the above and other objects, features and advantages of the present invention can be more clearly understood. Specific embodiments of the invention are set forth below. DRAWINGS
通过阅读下文优选实施方式的详细描述, 各种其他的优点和益处对于本 领域普通技术人员将变得清楚明了。 附图仅用于示出优选实施方式的目的, 而并不认为是对本发明的限制。 而且在整个附图中, 用相同的参考符号表示 相同的部件。 在附图中:  Various other advantages and benefits will become apparent to those skilled in the art from a The drawings are only for the purpose of illustrating the preferred embodiments and are not to be construed as limiting. Throughout the drawings, the same reference numerals are used to refer to the same parts. In the drawing:
图 1为本发明实施例提供的一种基于 TCAM和 FPGA的报文处理流程图; 图 2为本发明实施例一提供的一种基于 TCAM和 FPGA的报文处理流程 图;  FIG. 1 is a flow chart of packet processing based on TCAM and FPGA according to an embodiment of the present invention; FIG. 2 is a flow chart of packet processing based on TCAM and FPGA according to Embodiment 1 of the present invention;
图 3为本发明实施例二提供的一种基于 TCAM和 FPGA的 4艮文处理过程 图;  FIG. 3 is a schematic diagram of a processing process based on TCAM and FPGA according to Embodiment 2 of the present invention; FIG.
图 4为本发明实施例三提供的一种基于 TCAM和 FPGA的 4艮文处理过程 图; FIG. 4 is a schematic diagram of a process based on TCAM and FPGA according to Embodiment 3 of the present invention. Figure
图 5为本发明实施例四提供的一种基于 TCAM和 FPGA的报文处理示意 图;  FIG. 5 is a schematic diagram of packet processing based on TCAM and FPGA according to Embodiment 4 of the present invention; FIG.
图 6为本发明实施例提供的一种基于 TCAM和 FPGA的报文处理装置结 构示意图。 具体实施方式  FIG. 6 is a schematic structural diagram of a message processing apparatus based on TCAM and FPGA according to an embodiment of the present invention. detailed description
为了有效的实现对报文的深层次解析, 并提高报文的处理效率, 提供了 一种基于 TCAM和 FPGA的报文处理方法及装置。  In order to effectively realize the deep analysis of the message and improve the processing efficiency of the message, a message processing method and device based on TCAM and FPGA are provided.
下面将参照附图更详细地描述本公开的示例性实施例。 虽然附图中显示 了本公开的示例性实施例, 然而应当理解, 可以以各种形式实现本公开而不 应被这里阐述的实施例所限制。 相反, 提供这些实施例是为了能够更透彻地 理解本公开, 并且能够将本公开的范围完整的传达给本领域的技术人员。  Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While the exemplary embodiments of the present invention are shown in the drawings, it is understood that Rather, these embodiments are provided so that this disclosure will be more fully understood, and the scope of the disclosure can be fully conveyed to those skilled in the art.
下面结合说明附图, 对本发明实施例进行说明。  The embodiments of the present invention will be described below with reference to the accompanying drawings.
图 1为本发明实施例提供的一种基于 TCAM和 FPGA的报文处理流程图, 该过程包括以下步骤:  FIG. 1 is a flowchart of packet processing based on TCAM and FPGA according to an embodiment of the present invention, where the process includes the following steps:
S101 : 交换机识别接收到的报文的报文类型, 根据识别到的报文类型对 应的数据包头提取规则, 提取该报文的数据包头信息, 其中所述数据包头信 息中包括至少一个一元信息, 及至少一个多元组信息。  S101: The switch identifies the packet type of the received packet, and extracts data packet header information of the packet according to the packet header extraction rule corresponding to the identified packet type, where the data packet header information includes at least one unary information. And at least one tuple information.
其中报文类型包括 IP报文, TCP报文等等, 根据报文中携带的信息可以 识别出报文的报文类型。  The packet type includes an IP packet, a TCP packet, and the like, and the packet type of the packet can be identified according to the information carried in the packet.
在本发明实施例中在报文的数据包头中提取的数据包头信息包括: 至少 一个一元信息及至少一个多元组信息,其中一元信息例如可以是 VLAN信息、 MAC地址信息, 端口号信息等, 多元组信息是由多个一元信息组成的信息, 例如可以是 4元组信息、 7元组信息、 9元组信息、 12元组信息、 14元组信 息、 15元组信息等, 通过该多元组信息可以确定出>¾文的类型, 并且可以确 定该报文的来源和去处, 以便后续查找多元组流表使用。 例如工业通信中常见的 EtherCAT工业协议报文,可以从该报文的数据包 头中解析出 4元组信息, 该 4元组信息包括: 入端口号、 源 MAC地址、 目的 MAC地址、 以太网协议类型, 通过这 4元组信息, 交换机可以精准的从数据 流里判断出哪个报文为 EtherCAT报文, 并同时得到这个报文的来源和去处, 以供后续匹配多元组流表使用。 The data packet header information extracted in the data packet header of the packet in the embodiment of the present invention includes: at least one unary information and at least one multi-group information, wherein the unary information may be, for example, VLAN information, MAC address information, port number information, etc. The group information is information composed of a plurality of unary information, and may be, for example, 4-tuple information, 7-tuple information, 9-tuple information, 12-tuple information, 14-tuple information, 15-tuple information, etc., through the multi-group The information can determine the type of the text, and can determine the source and whereabouts of the message for subsequent lookup of the multi-group flow table. For example, the EtherCAT industrial protocol message commonly used in industrial communication can parse the 4-tuple information from the packet header of the message, and the 4-tuple information includes: the ingress port number, the source MAC address, the destination MAC address, and the Ethernet protocol. Type, through this 4-tuple information, the switch can accurately determine which packet is an EtherCAT packet from the data stream, and at the same time obtain the source and location of the packet for subsequent matching of the multi-group flow table.
而对于 ModBus TCP报文来说, 可以从该报文的数据包头中解析 12元组 信息,该 12元组信息包括:入端口号、源 MAC地址、 目的 MAC地址、 VLAN ID、 优先级、 以太网类型、 源 IP地址、 目的 IP地址、 IP协议类型、 TCP源 端口、 TCP目的端口、 ToS, 通过这 12元组信息, 交换机可以精准的从数据 流里判断出哪个报文为 ModBus TCP报文, 并同时得到这个报文的来源和去 处, 以供后续匹配多元组流表使用。  For the ModBus TCP packet, the 12-tuple information can be parsed from the packet header of the packet. The 12-tuple information includes: the ingress port number, the source MAC address, the destination MAC address, the VLAN ID, the priority, and the Ethernet. The network type, the source IP address, the destination IP address, the IP protocol type, the TCP source port, the TCP destination port, and the ToS. Through the 12-tuple information, the switch can accurately determine which packet is a ModBus TCP packet from the data stream. And at the same time get the source and where to go for this message, for subsequent matching to use the multi-group flow table.
在进行提取时, 针对每种报文类型设置有相应的数据包头提取规则, 即 针对每种报文类型, 为了实现对该报文的深层次分析, 可以预先设定需要该 类型的报文中提取的数据包头信息, 根据该数据包头信息形成相应的数据包 头提取规则, 以便进行后续相应类型报文的数据包头信息的提取。  In the process of extracting, a corresponding packet header extraction rule is set for each type of packet, that is, for each packet type, in order to implement deep analysis of the packet, the packet of the type may be preset. The extracted packet header information forms a corresponding packet header extraction rule according to the packet header information, so as to extract the packet header information of the subsequent corresponding type of packet.
S102: 根据保存的数据包头中的每个信息及流表的对应关系, 并行查找 每个信息对应的每个流表。  S102: Search each flow table corresponding to each information in parallel according to the correspondence between each information in the saved packet header and the flow table.
在本发明实施例中为了有效的提高报文的处理效率, 减少报文处理的延 时, 当提取了报文的数据包头信息后, 在依据每个数据包头信息查找流表时, 该流表的查找过程可以并行的进行, 即并行的调用每个流表进行查找。  In the embodiment of the present invention, in order to effectively improve the processing efficiency of the packet, and reduce the delay of the packet processing, when the packet header information of the packet is extracted, when the flow table is searched according to each packet header information, the flow table is used. The lookup process can be performed in parallel, that is, each flow table is called in parallel for searching.
具体的在进行查找时, 当该信息为一元信息时, 根据所述一元信息对应 的一元流表, 确定查找结果;  Specifically, when performing the searching, when the information is unary information, determining a search result according to the unary flow table corresponding to the unary information;
当该信息为多元组信息时, 判断所述多元组信息对应的多元组流表当前 是否空闲, 当所述多元组流表非空闲时, 将所述多元组信息发送到所述多元 组流表的处理队列中, 否则, 根据所述多元组信息查找所述多元组流表并确 定查找结果。  When the information is the multi-group information, it is determined whether the multi-group flow table corresponding to the multi-group information is currently idle, and when the multi-group flow table is not idle, sending the multi-group information to the multi-group flow table. In the processing queue, otherwise, the multi-group flow table is searched according to the multi-group information and the search result is determined.
该多元组流表一般包括:入端口号、源 MAC地址、目的 MAC地址、 VLAN ID、 优先级、 以太网类型、 源 IP地址、 目的 IP地址、 IP协议类型、 TCP源 端口、 TCP 目的端口、 ToS这些信息中的多个, 一般 居提取出的多元组信 息配置流表的相应内容。 例如, 如果是 4元组信息, 该 4元组信息包括: 入 端口号、 源 MAC地址、 目的 MAC地址 , 则该对应的多元组流表中包括入端 口号、 源 MAC地址、 目的 MAC地址信息; 如果是 12元信息, 该 12元组信 息包括: 入端口号、 源 MAC地址、 目的 MAC地址、 VLAN ID、 优先级、 MAC协议类型、 源 IP地址、 目的 IP地址、 IP协议类型、 TCP源端口、 TCP 目的端口、 ToS, 则该对应的多元组流表中包括: 入端口号、 源 MAC地址、 目的 MAC地址、 VLAN ID、优先级、 以太网类型、 源 IP地址、 目的 IP地址、 IP协议类型、 TCP源端口、 TCP目的端口、 ToS信息。 The multi-group flow table generally includes: an ingress port number, a source MAC address, a destination MAC address, and a VLAN. ID, priority, Ethernet type, source IP address, destination IP address, IP protocol type, TCP source port, TCP destination port, ToS, etc., generally corresponding to the extracted multi-group information configuration flow table content. For example, if it is 4-tuple information, the 4-tuple information includes: an inbound port number, a source MAC address, and a destination MAC address, and the corresponding multi-group flow table includes an inbound port number, a source MAC address, and a destination MAC address information. If it is 12-yuan information, the 12-tuple information includes: Incoming port number, source MAC address, destination MAC address, VLAN ID, priority, MAC protocol type, source IP address, destination IP address, IP protocol type, TCP source The port, the TCP destination port, and the ToS, the corresponding multi-group flow table includes: the inbound port number, the source MAC address, the destination MAC address, the VLAN ID, the priority, the Ethernet type, the source IP address, the destination IP address, and the IP address. Protocol type, TCP source port, TCP destination port, ToS information.
由于本发明实施例中交换机针对数据包头信息中的每个信息釆用并行的 方式查找每个对应的流表, 但是由于该数据包头信息中存在一元信息和多元 组信息, 根据一元信息查找流表进行的比较快, 而根据多元组信息查找流表 相对来说进行的比较慢, 因此该报文所需的流表可能正被其他报文使用, 即 该流表当前非空闲, 则保证信息的有效查找, 需要将该信息发送到该流表的 处理队列中。 另外, 为了实现对报文的深层次解析, 提取的数据包头信息中 包含多元组信息, 多元组信息在进行流表的查找时, 多元组信息之间有互相 依赖关系, 需要先根据某一元或某几元信息查找获取的结果, 再与其他元信 息结合进行下一查找, 依次根据需要查找完成, 因此多元组信息在进行流表 的查找时, 又是以串行的方式进行的, 从而实现了对报文的深层次解析。  In the embodiment of the present invention, the switch searches for each corresponding flow table in parallel for each information in the data packet header information, but because the meta-information and the multi-group information exist in the data packet header information, the flow table is searched according to the unary information. The comparison is fast, and the flow table is relatively slow to search according to the multi-group information. Therefore, the flow table required for the message may be used by other messages, that is, the flow table is currently not idle, and the information is guaranteed. For a valid lookup, this information needs to be sent to the processing queue of the flow table. In addition, in order to implement deep parsing of the message, the extracted packet header information includes the multi-group information, and when the multi-group information is searched for the flow table, the multi-group information has mutual dependence, and needs to be based on a certain element or The result of finding a certain meta-information is combined with other meta-information to perform the next search, and then the search is completed according to the need, so the multi-group information is performed in a serial manner when searching for the flow table, thereby realizing A deep analysis of the message.
S103: 将查找结果整合后输出。  S103: Integrate the search result and output.
由于在本发明实施例提取的数据包头信息中包含一元信息及多元组信 息, 一元信息直接查找一元流表即可, 而根据多元组信息查找多元组流表时, 需要判断当前流表是否空闲, 即判断当前流表是否被其他报文占用, 当该流 表被占用时需要排队等候, 因此本发明实施例提供的方案可以有效的实现对 报文的深层次解析, 并且釆用该并联及串联结合的方式可以有效对之前查表 得到的结果进行关联, 并有效的提高报文的处理效率。 另外, 在本发明实施例中, 为了进一步实现对报文的深层次解析, 所述 根据所述多元组信息查找所述多元组流表并确定查找结果后, 所述方法还包 括: Since the data packet header information extracted by the embodiment of the present invention includes the unary information and the multi-group information, the unary information directly searches for the unary flow table, and when searching the multi-group flow table according to the multi-group information, it is necessary to determine whether the current flow table is idle. That is, it is determined whether the current flow table is occupied by other messages, and the flow table needs to be queued when the flow table is occupied. Therefore, the solution provided by the embodiment of the present invention can effectively implement deep analysis of the message, and the parallel and serial connection are used. The combination method can effectively correlate the results obtained by the previous lookup table, and effectively improve the processing efficiency of the message. In addition, in the embodiment of the present invention, in order to further implement the deep analysis of the packet, after the searching for the multi-group flow table according to the multi-group information and determining the search result, the method further includes:
对所述多元组信息进行二次解析;  Performing secondary analysis on the multi-group information;
根据解析后获得每个信息, 及每个信息对应的二次流表, 并行查找每个 信息对应的二次流表, 并将查找结果与一元信息及多元组信息的查找结果整 合后输出。  According to the parsing, each information is obtained, and the secondary flow table corresponding to each information is searched for, and the secondary flow table corresponding to each information is searched in parallel, and the search result is integrated with the search result of the unary information and the multi-group information, and then output.
在本发明实施例中为了实现对报文的进一步深层次解析, 当根据多元组 信息获取了相应的查找结果后, 对该多元组信息进行二次解析, 获得每个信 息, 针对每个信息在交换机中设置有二次流表, 依据对应的每个二次流表对 每个信息进行查找, 获取相应的查找结果。  In the embodiment of the present invention, in order to further deepen the parsing of the message, after the corresponding search result is obtained according to the multi-group information, the multi-group information is parsed twice to obtain each information, and each information is A secondary flow table is set in the switch, and each information is searched according to each secondary flow table corresponding to the corresponding search result.
例如, 接收到的报文为 Modbus TCP报文, 首先解析出该报文的 12元组 信息( 12元组信息包括: 入端口号、 源 MAC地址、 目的 MAC地址、 VLAN ID、 优先级、 MAC协议类型、 源 IP地址、 目的 IP地址、 IP协议类型、 TCP 源端口、 TCP目的端口、 ToS ), 根据 MAC协议类型、 IP协议类型、 TCP目 的端口和 TCP源端口这四个信息可以确定该报文是一个 Modbus TCP报文, 该报文中包含 MBAP报文头, 因此需要对该报文进行二次解析, 再解析出该 报文的 MBAP报文头以便进行分析。  For example, the received message is a Modbus TCP packet, and the 12-tuple information of the packet is first parsed (the 12-tuple information includes: an inbound port number, a source MAC address, a destination MAC address, a VLAN ID, a priority, and a MAC address). Protocol type, source IP address, destination IP address, IP protocol type, TCP source port, TCP destination port, ToS). The message can be determined according to the four types of information: MAC protocol type, IP protocol type, TCP destination port, and TCP source port. The text is a Modbus TCP packet, which contains the MBAP header. Therefore, the packet needs to be parsed twice, and then the MBAP header of the packet is parsed for analysis.
如果接收到的报文为 Ethernet PowerLink报文, 首先解析出该报文的 4元 组信息( 4元组信息包括: 入端口、 源 MAC地址、 目的 MAC地址、 MAC协 议类型), 根据该 4 元组信息中的 MAC协议类型, 可以确定该报文是一个 Ethernet PowerLink报文, 但还需要对数据包信息进行二次解析, 再解析出该 报文的 Powerlink报文类型、目的 NODE ID和源 NODE ID信息以便进行分析。  If the received packet is an Ethernet PowerLink packet, the 4-tuple information of the packet is first parsed (the 4-tuple information includes: an ingress port, a source MAC address, a destination MAC address, and a MAC protocol type), according to the 4 yuan. The MAC protocol type in the group information can be determined that the packet is an Ethernet PowerLink packet, but the packet information needs to be parsed twice, and then the Powerlink packet type, the destination NODE ID, and the source NODE of the packet are parsed. ID information for analysis.
图 2为本发明实施例一提供的一种基于 TCAM和 FPGA的报文处理流程 图, 该过程包括以下步骤:  FIG. 2 is a schematic diagram of a packet processing process based on TCAM and FPGA according to Embodiment 1 of the present invention, where the process includes the following steps:
S201 : 交换机识别接收到的报文的报文类型, 根据识别到的报文类型对 应的数据包头提取规则, 提取该报文的数据包头信息, 其中所述数据包头信 息中包括至少一个一元信息, 及至少一个多元组信息。 S201: The switch identifies the packet type of the received packet, and extracts data packet header information of the packet according to the packet header extraction rule corresponding to the identified packet type, where the data packet header information The information includes at least one unary information and at least one tuple information.
S202: 根据保存的数据包头中的每个信息及流表的对应关系, 并行查找 每个信息对应的每个流表。 判断当前信息是否为一元信息, 当当前信息为一 元信息时, 进行步骤 S203 , 否则, 进行步骤 S204。  S202: Search each flow table corresponding to each information in parallel according to the correspondence between each information in the saved data packet header and the flow table. It is determined whether the current information is unary information. When the current information is unary information, step S203 is performed; otherwise, step S204 is performed.
S203 : 根据所述一元信息对应的一元流表, 确定查找结果, 之后进行步 骤 S207。  S203: Determine a search result according to the unary flow table corresponding to the unary information, and then proceed to step S207.
S204: 判断所述多元组信息对应的多元组流表当前是否空闲, 当所述多 元组流表非空闲时, 将所述多元组信息发送到所述多元组流表的处理队列中, 否则, 根据所述多元组信息查找所述多元组流表并确定查找结果。 并同时将 查找结果发送到 S207。  S204: Determine whether the multi-group flow table corresponding to the multi-group information is currently idle. When the multi-group flow table is not idle, send the multi-group information to a processing queue of the multi-group flow table. Otherwise, Finding the multi-group flow table according to the multi-group information and determining a search result. At the same time, the search result is sent to S207.
S205: 对每个多元组信息进行二次解析。  S205: Perform secondary analysis on each multi-group information.
S206: 根据解析后获得每个信息, 及每个信息对应的二次流表, 并行查 找每个信息对应的二次流表。  S206: Obtain each information according to the parsing, and a secondary flow table corresponding to each information, and search for a secondary flow table corresponding to each information in parallel.
S207: 并将查找结果与一元信息及多元组信息的查找结果整合后输出。 本发明实施例在进行流表查找过程中, 由于釆用了并行加串行的方式进 行查找, 另外, 还可能会用到二级流表, 因此查找结果会有多个, 为了保证 最后输出的准确性, 在本发明实施例中所述将查找结果整合后输出包括: 在提取得到的数据包头的每个信息中添加包描述符, 并获得包含该包描 述符的每个查找结果;  S207: The search result is integrated with the search result of the unary information and the multi-group information, and then output. In the process of searching the flow table in the embodiment of the present invention, since the parallel and serial connection is used for searching, in addition, the secondary flow table may be used, so there are multiple search results, in order to ensure the final output. Accuracy, the integrating the search result after the outputting in the embodiment of the present invention comprises: adding a packet descriptor to each information of the extracted data packet header, and obtaining each search result including the packet descriptor;
根据所述报文的报文类型, 判断当前得到查找结果的数量是否满足该报 文类型对应的查找结果数量;  Determining, according to the packet type of the packet, whether the number of the currently obtained search results satisfies the number of search results corresponding to the packet type;
当当前得到的查找结果数量满足该报文类型对应的查找结果数量时, 将 每个查找结果整合后输出。  When the number of currently obtained search results satisfies the number of search results corresponding to the message type, each search result is integrated and output.
通过在数据包头信息中添加包描述符, 识别每个结果归属的报文, 另夕卜, 由于每种类型的报文, 有其对应的数据包提取规则, 因此获得多少个查找结 果也是已知的, 因此当接收到包含有相同包识描述符的查找结果时, 根据其 对应的报文的报文类型, 判断当前得到查找结果的数量是否满足该报文类型 对应的查找结果数量, 当当当前得到的查找结果数量满足该报文类型对应的 查找结果数量时, 将每个查找结果整合后输出, 从而在保证报文处理效率的 同时, 提高了报文处理的准确性。 By adding a packet descriptor to the packet header information, each packet whose result belongs is identified. In addition, since each type of packet has its corresponding packet extraction rule, how many search results are obtained is also known. Therefore, when receiving the search result including the same packet descriptor, determining whether the number of currently obtained search results satisfies the packet type according to the packet type of the corresponding packet The number of corresponding search results. When the number of search results currently obtained satisfies the number of search results corresponding to the message type, each search result is integrated and output, thereby improving packet processing efficiency while ensuring packet processing efficiency. accuracy.
图 3为本发明实施例二提供的一种基于 TCAM和 FPGA的 4艮文处理过程 图, 该过程中交换机接收到报文后, 根据报文的报文类型, 例如具体可以根 据 MAC类型对报文进行解析,根据解析后的报文类型对应的数据包头提取规 则, 提取该报文的数据包头信息, 具体提取的可以为一元信息 VLAN信息和 MAC信息, 以及多元组信息 -12元组信息。 并在提取的每个信息中添加包描 述符(包 1描述符)。  FIG. 3 is a schematic diagram of a process of processing a message based on a TCAM and an FPGA according to Embodiment 2 of the present invention. After receiving a packet, the switch according to the packet type of the packet, for example, may specifically report the packet according to the MAC type. The text is parsed according to the packet header extraction rule corresponding to the parsed packet type, and the packet header information of the packet is extracted, and the specific extracted information may be a meta-information VLAN information and a MAC information, and a multi-group information-12 tuple information. And add a package descriptor (package 1 descriptor) to each of the extracted information.
交换机根据保存数据包头中每个信息及流表的对应关系, 并行的查找每 个信息对应的流表。 具体的, 根据提取的 VLAN信息查找 VLAN表, 根据提 取的 MAC信息查找 MAC表,根据提取的 12元组信息查找 12元组表。其中, 在查找一元流表时, 即查找图 3中的 VLAN表和 MAC表时, 根据 VLAN信 息和 MAC信息直接查找对应的 VLAN表和 MAC表即可, 当根据 12元组查 找 12元组表时, 判断该 12元组表是否空闲, 当该 12元组表非空闲时, 即该 12元组表被其他 文使用时, 将该 12元组信息发送到该 12元组表的处理队 列, 否则, 根据该 12元组一次串行查找该 12元组表, 直到确定查找结果。  The switch searches for the flow table corresponding to each information in parallel according to the correspondence between each information in the saved packet header and the flow table. Specifically, the VLAN table is searched according to the extracted VLAN information, and the MAC table is searched according to the extracted MAC information, and the 12-tuple table is searched according to the extracted 12-tuple information. When searching for the unary flow table, that is, looking up the VLAN table and the MAC table in FIG. 3, directly searching for the corresponding VLAN table and MAC table according to the VLAN information and the MAC information, and searching for the 12-tuple table according to the 12-tuple group. When it is determined whether the 12-tuple table is idle, when the 12-tuple table is not idle, that is, when the 12-tuple table is used by another text, the 12-tuple information is sent to the processing queue of the 12-tuple table, Otherwise, the 12-tuple table is searched serially according to the 12-tuple until the search result is determined.
查找每个流表后得到每个查找结果, 在图 3中标识为动作 1、动作 2和动 作 3 , 其中动作 1〜动作 3中都携带相同的包描述符(包 1描述符)。 Each search result is found after each flow table is searched, and is identified as action 1, action 2, and action 3 in FIG. 3, wherein the action 1 to action 3 carry the same packet descriptor (packet 1 descriptor).
对提取的 12元组进行二次解析, 提取每个自定义字段, 根据保存的每个 自定义字段和二级流表之间的对应关系, 依据每个自定义字段查找每个二级 流表。 如图 3所示, 依据每个自定义字段分别查找自定义表 1〜自定义表 3 , 查表后得到每个查表结果, 在图 3中标识为动作 4、 动作 5和动作 6, 其中, 动作 4〜动作 6中也携带有相同的包描述符(包 1描述符)。  Perform secondary parsing on the extracted 12-tuple, extract each custom field, and find each secondary flow table according to each custom field according to the correspondence between each saved custom field and the secondary flow table. . As shown in FIG. 3, each of the custom fields is searched for a custom table 1 to a custom table 3, and each table lookup result is obtained after the table lookup, and is identified as action 4, action 5, and action 6 in FIG. The same packet descriptor (packet 1 descriptor) is also carried in actions 4 to 6.
根据获取的每个携带相同包描述符的查找结果, 根据该报文的报文类型, 判断当前得到的查找结果的数量是否满足该报文类型对应的查找结果数量, 当满足时, 将每个查找结果整合后输出。 在本发明实施例中, 为了进一步提高报文的处理效率, 可以设置多个多 元组流表, 具体的可以设置多个最高元组流表。 根据交换机接收到的各种报 文的报文类型, 及提取的每种类型的报文中的数据包头信息中包含的多元组 信息, 可以确定数据包头信息中的最高元组是多少元组, 根据该最高元组设 置多个最高元组流表, 便于后续查找, 例如交换机提取的数据包头信息中包 含有 4元组信息、 7元组信息、 12元组信息以及 15元组信息, 则最高元组流 表为 15元组流表。 According to the obtained search result that carries the same packet descriptor, according to the packet type of the packet, it is determined whether the number of the currently obtained search results satisfies the number of search results corresponding to the packet type, and when satisfied, each will be The search results are integrated and output. In the embodiment of the present invention, in order to further improve the processing efficiency of the packet, a plurality of multi-group flow tables may be set, and specifically, a plurality of highest tuple flow tables may be set. According to the packet type of the various packets received by the switch, and the multi-group information included in the packet header information in each type of packet extracted, the tuple of the highest tuple in the packet header information may be determined. Setting a plurality of highest tuple flow tables according to the highest tuple to facilitate subsequent searching. For example, the packet header information extracted by the switch includes 4-tuple information, 7-tuple information, 12-tuple information, and 15-tuple information, and the highest The tuple flow table is a 15-tuple flow table.
当包含多个最高元组流表时, 确定查找结果包括:  When multiple top-level tuple flow tables are included, determining the lookup results includes:
判断所述报文的优先级;  Determining the priority of the message;
当所述报文的优先级满足预设的优先级条件时, 判断第一优先级的每个 多元组流表是否空闲; 当第一优先级存在空闲多元组流表时, 根据所述多元 组信息查找所述第一优先级空闲的多元组流表并确定查找结果, 当所述第一 优先级的每个多元组流表非空闲时, 判断第二优先级的每个多元组流表是否 空闲, 当第二优先级存在空闲多元组流表时, 根据所述多元组信息查找所述 空闲的第二优先级的多元组流表并确定查找结果, 否则, 将所述多元组信息 发送到所述第一优先级的多元组流表的处理队列中;  When the priority of the packet satisfies a preset priority condition, determining whether each of the multi-group flow tables of the first priority is idle; when the first priority has an idle multi-group flow table, according to the multi-group The information is searched for the first priority idle multi-group flow table and determines a search result. When each multi-group flow table of the first priority is not idle, determining whether each multi-group flow table of the second priority is Idle, when the second priority has an idle multi-group flow table, searching for the idle second-priority multi-group flow table according to the multi-group information and determining a search result, otherwise, sending the multi-group information to The processing queue of the first priority multi-group flow table;
当所述报文的优先级不满足预设的优先级条件时, 判断第二优先级的每 个多元组流表是否空闲; 当第二优先级存在空闲多元组流表时, 根据所述多 元组信息查找所述空闲多元组流表并确定查找结果, 当所述第二优先级的每 个多元组流表非空闲时, 将所述多元组信息发送到所述第二优先级的多元组 流表的处理队列中。  When the priority of the packet does not meet the preset priority condition, it is determined whether each of the multi-group flow tables of the second priority is idle; when the second priority has an idle multi-group flow table, according to the multiple The group information finds the idle multi-group flow table and determines a search result, and when the multi-group flow table of the second priority is not idle, sending the multi-group information to the second priority multi-group The processing table of the flow table.
在本发明实施例中将多个最高元组流表划分为两个组, 其中一组为第一 优先级的多元组流表, 另一组为第二优先级的多元组流表, 并且针对报文类 型, 预设优先级条件, 将报文也划分为不同的优先级。  In the embodiment of the present invention, the plurality of highest tuple flow tables are divided into two groups, one of which is a first priority multi-group flow table, and the other is a second priority multi-group flow table, and The packet type, preset priority conditions, also divides the packets into different priorities.
当判断报文满足预设的优先级条件时, 即该报文属于高优先级报文时, 釆用第一优先级的多元组流表进行查找, 如果第一优先级的每个多元组流表 都非空闲, 而第二优先级存在空闲多元组流表时, 也可以釆用第二优先级的 多元组流表进行查找, 如果第一优先级及第二优先级都不存在空闲的多元组 流表, 则将该多元组信息发送到第一优先级的多元组流表的处理队列中。 When it is determined that the packet meets the preset priority condition, that is, when the packet belongs to the high priority packet, the first priority multi-group flow table is used for searching, if each multi-group flow of the first priority The table is not idle, and when the second priority has an idle multi-group flow table, the second priority can also be used. The multi-group flow table performs a search. If the first priority level and the second priority do not have an idle multi-group flow table, the multi-group information is sent to the processing queue of the first priority multi-group flow table.
当判断该报文不满足预设的优先级条件时, 即该报文属于低优先级报文 时, 釆用第二优先级的多元组流表进行查找, 当第二优先级的每个多元组流 表都非空闲时, 将该多元组信息发送到第二优先级的多元组流表的处理队列 中。  When it is determined that the message does not meet the preset priority condition, that is, when the message belongs to the low priority message, the second priority flow table is used for searching, when each second of the second priority When the group flow table is not idle, the multi-group information is sent to the processing queue of the second-priority multi-group flow table.
图 4为本发明实施例三提供的一种基于 TCAM和 FPGA的 4艮文处理过程 图, 该过程包括以下步骤:  FIG. 4 is a schematic diagram of a processing process based on TCAM and FPGA according to Embodiment 3 of the present invention, the process comprising the following steps:
S401 : 交换机识别接收到的报文的报文类型, 根据识别到的报文类型对 应的数据包头提取规则, 提取该报文的数据包头信息, 其中所述数据包头信 息中包括至少一个一元信息, 及至少一个多元组信息。  S401: The switch identifies the packet type of the received packet, and extracts packet header information of the packet according to the packet header extraction rule corresponding to the identified packet type, where the packet header information includes at least one meta-information. And at least one tuple information.
S402: 根据保存的数据包头中的每个信息及流表的对应关系, 并行查找 每个信息对应的每个流表。 判断当前信息是否为一元信息, 当当前信息为一 元信息时, 进行步骤 S403 , 否则, 进行步骤 S404。  S402: Search each flow table corresponding to each information in parallel according to the correspondence between each information in the saved data packet header and the flow table. It is determined whether the current information is unary information. When the current information is unary information, step S403 is performed; otherwise, step S404 is performed.
S403 : 根据所述一元信息对应的一元流表, 确定查找结果, 之后进行步 骤 S407。  S403: Determine a search result according to the unary flow table corresponding to the unary information, and then proceed to step S407.
S404: 判断所述报文的优先级是否满足预设的优先级条件, 当判断结果 为是时进行步骤 S405 , 否则, 进行步骤 S406。  S404: Determine whether the priority of the packet meets a preset priority condition, and if the determination result is yes, proceed to step S405; otherwise, proceed to step S406.
S405: 判断第一优先级的每个多元组流表是否空闲; 当第一优先级存在 空闲多元组流表时, 根据所述多元组信息查找所述第一优先级空闲的多元组 流表并确定查找结果, 当所述第一优先级的每个多元组流表非空闲时, 判断 第二优先级的每个多元组流表是否空闲, 当第二优先级存在空闲多元组流表 时, 根据所述多元组信息查找所述空闲的第二优先级的多元组流表并确定查 找结果, 否则, 将所述多元组信息发送到所述第一优先级的多元组流表的处 理队列中。 并在确定查找结果后, 将查找结果发送到步骤 S409。  S405: determining whether each of the multi-group flow tables of the first priority is idle; when the first priority has an idle multi-group flow table, searching for the first-priority idle multi-group flow table according to the multi-group information and Determining a search result, when each of the multi-group flow tables of the first priority is not idle, determining whether each of the multi-group flow tables of the second priority is idle, and when the second priority has an idle multi-group flow table, Finding the idle second priority multi-group flow table according to the multi-group information and determining a search result, otherwise, sending the multi-group information to a processing queue of the first priority multi-group flow table . And after determining the search result, the search result is sent to step S409.
S406: 判断第二优先级的每个多元组流表是否空闲; 当第二优先级存在 空闲多元组流表时, 根据所述多元组信息查找所述空闲多元组流表并确定查 找结果, 当所述第二优先级的每个多元组流表非空闲时, 将所述多元组信息 发送到所述第二优先级的多元组流表的处理队列中。 并在确定查找结果后, 将查找结果发送到步骤 S409。 S406: determining whether each of the multi-group flow tables of the second priority is idle; when the second priority has an idle multi-group flow table, searching for the idle multi-group flow table according to the multi-group information and determining Looking for a result, when each of the multi-group flow tables of the second priority is not idle, the multi-group information is sent to a processing queue of the second-priority multi-group flow table. And after determining the search result, the search result is sent to step S409.
S407: 对每个多元组信息进行二次解析。  S407: Perform secondary analysis on each of the multi-group information.
S408: 根据解析后获得每个信息, 及每个信息对应的二次流表, 并行查 找每个信息对应的二次流表。  S408: Obtain each information according to the parsing, and a secondary flow table corresponding to each information, and search for a secondary flow table corresponding to each information in parallel.
S409: 并将查找结果与一元信息及多元组信息的查找结果整合后输出。 或者, 在本发明实施例中, 为了进一步提高报文的处理效率, 可以设置 ——个或几个最高元组流表和多个常用元组流表, 其中根据设定时间长度内 接收到的报文类型中每个数据包头中包含的多元组信息, 设置常用元组流表。  S409: The search result is integrated with the search result of the unary information and the multi-group information, and then output. Or, in the embodiment of the present invention, in order to further improve the processing efficiency of the packet, one or several highest tuple flow tables and a plurality of common tuple flow tables may be set, wherein the received according to the set time length Set the common tuple flow table for the multi-group information contained in each packet header in the message type.
其中, 确定查找结果包括:  Wherein, determining the search result includes:
根据接收到的报文的报文类型, 当所述报文类型满足常用元组流表对应 的报文类型时, 判断是否存在空闲的常用元组流表, 当存在空闲的常用元组 流表时, 根据所述多元组信息查找所述空闲的常用元组流表并确定查找结果, 否则, 将所述多元组信息发送到所述常用元组流表的处理队列中;  According to the packet type of the received packet, when the packet type satisfies the packet type corresponding to the common tuple flow table, it is determined whether there is an idle common tuple flow table, and when there is an idle common tuple flow table And searching for the idle common tuple flow table according to the multi-group information and determining a search result, otherwise, sending the multi-group information to a processing queue of the common tuple flow table;
当所述报文类型不满足常用元组流表对应的报文类型时, 判断最高元组 流表是否空闲, 当最高元组流表空闲时, 根据所述多元组信息查找所述最高 元组流表并确定查找结果, 否则, 将所述多元组信息发送到所述最高元组流 表的处理队列中。  When the packet type does not meet the packet type corresponding to the common tuple flow table, it is determined whether the highest tuple flow table is idle. When the highest tuple flow table is idle, the highest tuple is searched according to the multi-group information. The flow table determines the lookup result, otherwise, the tuple information is sent to the processing queue of the highest tuple flow table.
在本发明的上述实施例中, 根据交换机在设定时间长度内接收到的报文 类型中每个数据包头中包含的多元组信息, 设置常用多元组流表, 例如交换 机在半年或一年的时间内,接收到的报文中存在大量的 4元组信息、 5元组信 息、 3元组信息等, 则常用元组流表可以为 5元组流表。 并且常用元组流表可 以设置多个, 便于后续查找。  In the above embodiment of the present invention, the common multi-group flow table is set according to the multi-group information included in each packet header of the packet type received by the switch within the set time length, for example, the switch is in a half year or a year. During the time, a large number of 4-tuple information, 5-tuple information, and 3-tuple information are present in the received message, and the common tuple flow table may be a 5-tuple flow table. And the common tuple flow table can be set more than one, which is convenient for subsequent search.
另外, 根据交换机接收到的各种报文的报文类型, 及提取的每种类型的 报文中的数据包头信息中包含的多元组信息, 可以确定数据包头信息中的最 高元组是多少元组, 根据该最高元组设置多个最高元组流表, 便于后续查找, 例如交换机提取的数据包头信息中包含有 4元组信息、 7元组信息、 12元组 信息以及 15元组信息, 则最高元组流表为 15元组流表。 In addition, according to the packet type of various messages received by the switch, and the multi-group information included in the packet header information in each type of packet extracted, it can be determined how many elements of the highest tuple in the packet header information are. Group, according to the highest tuple set a plurality of highest tuple flow table, for subsequent search, For example, the packet header information extracted by the switch includes 4-tuple information, 7-tuple information, 12-tuple information, and 15-tuple information, and the highest tuple flow table is a 15-tuple flow table.
当接收到每个报文后, 根据识别出的报文类型, 判断该报文类型是否满 足常用元组流表对应的报文类型, 这是因为每种报文类型其对应的数据包提 取规则确定, 并且每种报文类型提取的多元组信息也是可知的, 因此根据报 文的报文类型即可判断该报文的数据包头信息中的多元组信息是否釆用常用 元组流表进行查找。  After receiving each packet, it determines whether the packet type satisfies the packet type corresponding to the common tuple flow table according to the identified packet type. This is because each packet type has its corresponding packet extraction rule. It is determined that the multi-group information extracted by each message type is also known. Therefore, according to the message type of the message, it can be determined whether the multi-group information in the packet header information of the message is searched by using a common tuple flow table. .
当确定该报文类型满足常用元组流表对应的报文类型时, 釆用常用元组 流表进行查找, 否则, 釆用最高元组流表进行查找。 另外, 为了保证报文的 处理效率, 还可以进一步将多个常用元组流表进行分类, 划分到不同的优先 级组, 并且同时针对报文类型对报文进行优先级的划分, 高优先级的报文可 以釆用高优先级的常用元组流表及空闲的低优先级常用元组流表查找, 低优 先级的报文只能釆用低优先级的常用元组流表进行查找。  When it is determined that the packet type satisfies the packet type corresponding to the common tuple flow table, the common meta-group flow table is used for searching. Otherwise, the highest tuple flow table is used for searching. In addition, in order to ensure the efficiency of packet processing, a plurality of common tuple flow tables may be further classified into different priority groups, and the packets are prioritized for the packet type, and the priority is high. The packets can be searched by using the high-priority common tuple flow table and the idle low-priority common tuple flow table. The low-priority packets can only be searched by the low-priority common tuple flow table.
图 5为本发明实施例四提供的一种基于 TCAM和 FPGA的报文处理示意 图,便于进一步说明本发明实施例的技术效果。 图 5中当交换机接收到报文 1 时, 该报文 1的输入时间, 即接收该报文 1的时间为 00。 根据该报文的报文 类型, 釆用相应的数据包提取规则, 提取报文的数据包头信息, 也可以表述 为完成该数据包解析的时间为 01 ,并行的查找每个数据包头信息对应的流表。  FIG. 5 is a schematic diagram of packet processing based on TCAM and FPGA according to Embodiment 4 of the present invention, to further illustrate the technical effects of the embodiment of the present invention. In Figure 5, when the switch receives message 1, the input time of the message 1, that is, the time for receiving the message 1 is 00. According to the message type of the message, the corresponding packet extraction rule is used to extract the packet header information of the packet, and the time for completing the packet parsing may be 01, and the parallel search for each packet header information is performed. Flow table.
其中查找流表 1的匹配完成时间为 02, 即确定查找结果的时间为 02 (图 5中的 actionl到达时间 02 ), 查找流表 2的匹配完成时间为 03 , 即确定查找 结果的时间为 03 (图 5中的 action2到达时间 03 ), 此时, 流表 2为多元组流 表, 数据包头信息中的多元组信息需要按照串行的方式依次查找该多元组流 表, 所以耗时相对来说较长。  The matching completion time of the lookup flow table 1 is 02, that is, the time for determining the search result is 02 (actionl arrival time 02 in FIG. 5), and the matching completion time of the search flow table 2 is 03, that is, the time for determining the search result is 03. (action2 arrival time 03 in Fig. 5). At this time, flow table 2 is a multi-group flow table, and the multi-group information in the packet header information needs to be searched sequentially for the multi-group flow table in a serial manner, so that time-consuming relative Said longer.
对数据包头信息中的多元组信息进行二次解析, 完成的时间为 04 , 解析 得到 4个信息, 每个信息对应相应的二次流表分别为流表 3〜流表 6, 并行的 查找每个流表,查找匹配完成的时间都为 05 ,即确定查找结果的时间为 05 (图 5中的 action3~action6到达时间 05 )。 根据该报文的报文类型及每个查找结果中携带的包 1 描述符信息, 确定 该查找结果的数量与该报文类型对应的数据包数量相同时, 将结果整合输出, final action的输出时间为 06。 根据上述描述可知, 在对报文 1进行处理时, 最终 final action的输出时间为 06, 共占用了 7个时间片。 Perform secondary analysis on the multi-group information in the packet header information, the completion time is 04, and four pieces of information are obtained by parsing, and each information corresponding to the corresponding secondary flow table is flow table 3 to flow table 6, respectively, and each search is performed in parallel. For each flow table, the time for finding the matching completion is 05, that is, the time for determining the search result is 05 (action3~action6 arrival time 05 in Fig. 5). According to the packet type of the packet and the packet 1 descriptor information carried in each search result, when the number of the search results is the same as the number of packets corresponding to the packet type, the result is integrated and output, and the final action is output. The time is 06. According to the above description, when the message 1 is processed, the final final action output time is 06, and a total of 7 time slices are occupied.
当交换机接收到报文 2时, 报该报文 2的输入时间, 即接收该报文 2的 时间为 01。 根据该报文的报文类型, 釆用相应的数据包提取规则, 提取报文 的数据包头信息, 也可以表述为完成该数据包解析的时间为 02, 并行的查找 每个数据包头信息对应的流表。  When the switch receives the packet 2, it reports the input time of the packet 2, that is, the time for receiving the packet 2 is 01. According to the message type of the message, the corresponding packet extraction rule is used to extract the packet header information of the packet, and the time for completing the packet parsing is 02, and the parallel search for each packet header information is performed. Flow table.
提取的报文 2 的数据包头信息中只包含一个信息, 因此只需查找流表 1 即可, 流表 1查找匹配完成时间为 03 , 即确定查找结果的时间为 03 (图 5中 的 actionl到达时间 04 )。 根据该报文的报文类型及每个查找结果中携带的包 2 描述符信息, 确定该查找结果的数量与该报文类型对应的数据包数量相同 时, 将结果整合输出, final action的输出时间为 05。 因为报文 2只要匹配流 表 1 , 因此在时间 05即可输出查找结果, 无需在交换机处理完报文 1后再对 其进行处理, 因此提高了报文的处理效率。  The packet header information of the extracted packet 2 contains only one information, so it is only necessary to find the flow table 1 , and the flow table 1 finds that the matching completion time is 03, that is, the time for determining the search result is 03 (the actionl arrives in FIG. 5) Time 04). According to the packet type of the packet and the packet 2 descriptor information carried in each search result, when the number of the search result is the same as the number of the data packet corresponding to the packet type, the result is integrated and output, and the final action is output. The time is 05. Because the message 2 only matches the flow table 1, the search result can be output at time 05, and the switch does not need to process the message 1 after processing the message, thereby improving the processing efficiency of the message.
当交换机接收到报文 3时, 报该报文 3的输入时间, 即接收该报文 3的 时间为 02。 根据该报文的报文类型, 釆用相应的数据包提取规则, 提取报文 的数据包头信息, 也可以表述为完成该数据包解析的时间为 03 , 并行的查找 每个数据包头信息对应的流表。  When the switch receives the packet 3, it reports the input time of the packet 3, that is, the time for receiving the packet 3 is 02. According to the message type of the message, the corresponding packet extraction rule is used to extract the packet header information of the packet, and the time for completing the packet parsing is 03, and the parallel search for each packet header information is performed. Flow table.
提取的报文 2 的数据包头信息中只包含一个信息, 因此只需查找流表 2 即可, 此时流表 2已空闲, 流表 2查找匹配完成时间为 05 , 即确定查找结果 的时间为 05 (图 5中的 actionl到达时间 05 )。 根据该 文的 文类型及每个 查找结果中携带的包 3描述符信息, 确定该查找结果的数量与该报文类型对 应的数据包数量相同时, 将结果整合输出, final action的输出时间为 06。 因 为报文 3只要匹配流表 2 , 因此在时间 06即可输出查找结果, 无需在交换机 处理完报文 1后再对其进行处理, 因此提高了报文的处理效率。  The packet header information of the extracted packet 2 contains only one information, so only the flow table 2 needs to be searched. At this time, the flow table 2 is idle, and the flow table 2 finds that the matching completion time is 05, that is, the time for determining the search result is 05 (actionl arrival time 05 in Figure 5). According to the text type of the text and the packet 3 descriptor information carried in each search result, when the number of the search results is the same as the number of data packets corresponding to the message type, the result is integrated and output, and the final action output time is 06. As long as the packet 3 matches the flow table 2, the search result can be output at time 06, and the switch does not need to process the packet 1 after processing the packet, thereby improving the processing efficiency of the packet.
根据上图可知, 如果釆用串行查找每个流表的方式, 处理完上述三个报 文需要 14个时间片, 而釆用本发明实施例提供的串行与并行结合的流表查找 方式, 只需 7个时间片即可。 因此本发明实施例的报文处理方式有效的提高 了报文处理的效率, 并实现了对报文的深层次处理。 According to the above figure, if you use serial to find each flow table, you can process the above three reports. The text needs 14 time slices, and the serial and parallel flow table searching method provided by the embodiment of the present invention only needs 7 time slices. Therefore, the packet processing mode in the embodiment of the present invention effectively improves the efficiency of packet processing, and implements deep processing of the packet.
图 6为本发明实施例提供的一种基于 TCAM和 FPGA的报文处理装置结 构示意图, 所述装置包括:  FIG. 6 is a schematic structural diagram of a packet processing apparatus based on TCAM and FPGA according to an embodiment of the present disclosure, where the apparatus includes:
解析提取模块 61 , 用于识别接收到的报文的报文类型, 根据识别到的报 文类型对应的数据包头提取规则, 提取该报文的数据包头信息, 其中所述数 据包头信息包括至少一个一元信息, 及至少一个多元组信息;  The parsing and extracting module 61 is configured to identify a packet type of the received packet, and extract a packet header information of the packet according to the packet header extraction rule corresponding to the identified packet type, where the packet header information includes at least one Unary information, and at least one tuple information;
存储查找模块 62, 用于根据保存的数据包头中的每个信息及流表的对应 关系, 并行查找每个信息对应的每个流表, 其中, 当该信息为一元信息时, 根据所述一元信息对应的一元流表, 确定查找结果; 当该信息为多元组信息 时, 判断所述多元组信息对应的多元组流表当前是否空闲, 当所述多元组流 表非空闲时, 将所述多元组信息发送到所述多元组流表的处理队列中, 否则, 根据所述多元组信息查找所述多元组流表并确定查找结果;  The storage search module 62 is configured to search each flow table corresponding to each information in parallel according to the correspondence between each information in the saved data packet header and the flow table, where, when the information is unary information, according to the unary unit a unitary flow table corresponding to the information, determining a search result; when the information is the multi-group information, determining whether the multi-group flow table corresponding to the multi-group information is currently idle, and when the multi-group flow table is not idle, The multi-group information is sent to the processing queue of the multi-group flow table, otherwise, the multi-group flow table is searched according to the multi-group information and the search result is determined;
仲裁模块 63 , 用于将查找结果整合后输出。  The arbitration module 63 is configured to integrate the search results and output the results.
所述装置还包括:  The device also includes:
二次解析模块 64, 用于对所述多元组信息进行二次解析;  a secondary parsing module 64, configured to perform secondary parsing on the multi-group information;
所述存储查找模块 62, 还用于根据解析后获得每个信息, 及每个信息对 应的二次流表, 并行查找每个信息对应的二次流表;  The storage lookup module 62 is further configured to: obtain each information according to the parsing, and a secondary flow table corresponding to each information, and search for a secondary flow table corresponding to each information in parallel;
所述仲裁模块 63 , 还用于将查找结果与一元信息及多元组信息的查找结 果整合后输出。  The arbitration module 63 is further configured to integrate the search result with the search result of the unary information and the multi-group information, and output the result.
所述仲裁模块 63 , 具体用于在提取得到的数据包头的每个信息中添加包 描述符, 并获得包含该包描述符的每个查找结果; 根据所述报文的报文类型, 判断当前得到查找结果的数量是否满足该报文类型对应的查找结果数量; 当 当前得到的查找结果数量满足该报文类型对应的查找结果数量时, 将每个查 找结果整合后输出。  The arbitration module 63 is specifically configured to add a packet descriptor to each information of the extracted data packet header, and obtain each search result including the packet descriptor; and determine the current according to the packet type of the packet. The number of the search results is equal to the number of search results corresponding to the message type. When the number of search results currently obtained satisfies the number of search results corresponding to the message type, each search result is integrated and output.
所述存储查找模块 62, 具体用于当所述流表为多元组流表时, 所述多元 组流表为包括多个最高元组流表, 当所述报文的优先级满足预设的优先级条 件时, 判断第一优先级的每个多元组流表是否空闲; 当第一优先级存在空闲 多元组流表时, 根据所述多元组信息查找所述第一优先级空闲的多元组流表 并确定查找结果, 当所述第一优先级的每个多元组流表非空闲时, 判断第二 优先级的每个多元组流表是否空闲, 当第二优先级存在空闲多元组流表时, 根据所述多元组信息查找所述空闲的第二优先级的多元组流表并确定查找结 果, 否则, 将所述多元组信息发送到所述第一优先级的多元组流表的处理队 列中; 当所述报文的优先级不满足预设的优先级条件时, 判断第二优先级的 每个多元组流表是否空闲; 当第二优先级存在空闲多元组流表时, 根据所述 多元组信息查找所述空闲多元组流表并确定查找结果, 当所述第二优先级的 每个多元组流表非空闲时, 将所述多元组信息发送到所述第二优先级的多元 组流表的处理队列中。 The storage search module 62 is specifically configured to: when the flow table is a multi-group flow table, the multiple The group flow table includes a plurality of highest tuple flow tables. When the priority of the packet satisfies a preset priority condition, it is determined whether each multi-group flow table of the first priority is idle; when the first priority is When there is an idle multi-group flow table, searching for the first priority idle multi-group flow table according to the multi-group information and determining a search result, when each multi-group flow table of the first priority is not idle, Determining whether each of the multi-group flow tables of the second priority is idle. When the second priority has an idle multi-group flow table, searching for the idle second-priority multi-group flow table according to the multi-group information and determining If the priority of the packet does not satisfy the preset priority condition, the second determination is performed. Whether each of the priority group flow tables of the priority is idle; when the second priority has an idle multi-group flow table, searching the idle multi-group flow table according to the multi-group information and determining a search result, when the second priority When each of the multi-group flow tables of the level is not idle, the multi-group information is sent to the processing queue of the multi-group flow table of the second priority.
所述存储查找模块 62, 具体用于当所述流表为多元组流表时, 所述多元 组流表包括最高元组流表和多个常用元组流表, 其中根据设定时间长度内接 收到的报文类型中每个数据包头中包含的多元组信息, 设置常用元组流表; 根据接收到的报文的报文类型, 当所述报文类型满足常用元组流表对应的报 文类型时, 判断是否存在空闲的常用元组流表, 当存在空闲的常用元组流表 时, 根据所述多元组信息查找所述空闲的常用元组流表并确定查找结果, 否 则, 将所述多元组信息发送到所述常用元组流表的处理队列中; 当所述报文 类型不满足常用元组流表对应的报文类型时, 判断最高元组流表是否空闲, 当最高元组流表空闲时, 根据所述多元组信息查找所述最高元组流表并确定 查找结果, 否则, 将所述多元组信息发送到所述最高元组流表的处理队列中。  The storage lookup module 62 is configured to: when the flow table is a multi-group flow table, the multi-group flow table includes a highest tuple flow table and a plurality of common tuple flow tables, wherein The packet information included in each packet header of the received packet type is set, and the common tuple flow table is set. According to the packet type of the received packet, the packet type meets the corresponding tuple flow table. When the packet type is used, it is determined whether there is an idle common tuple flow table. When there is an idle common tuple flow table, the idle common tuple flow table is searched according to the multi-group information and the search result is determined. Otherwise, And sending the multi-group information to the processing queue of the common tuple flow table; when the packet type does not meet the packet type corresponding to the common tuple flow table, determining whether the highest tuple flow table is idle, when When the highest tuple flow table is idle, searching for the highest tuple flow table according to the multi-group information and determining a search result; otherwise, sending the multi-group information to the processing group of the highest tuple flow table In the column.
具体的该装置可以位于交换机中。  The specific device can be located in the switch.
本发明实施例提供了一种基于 TCAM和 FPGA的报文处理方法及装置, 该方法中交换机根据接收到的报文的报文类型, 提取报文的数据包头信息, 其中该数据包头信息中包括至少一个一元信息及至少一个多元组信息, 并行 的查找每个数据包头中的每个信息对应的流表并整合输出结果, 并在该数据 包头信息为多元组信息时, 判断多元组信息对应的多元组流表是否空闲, 在 非空闲时将该多元组流表发送到所述多元组流表的处理队列中。 由于在本发 明实施例提取的数据包头信息中包含一元信息及多元组信息, 一元信息直接 查找一元流表即可, 而根据多元组信息查找多元组流表时, 需要判断当前流 表是否空闲, 即判断当前流表是否被其他报文占用, 当该流表被占用时需要 排队等候, 因此本发明实施例提供的方案可以有效的实现对报文的深层次解 析, 并且釆用该并联及串联结合的方式可以有效对之前查表得到的结果进行 关联, 并有效的提高报文的处理效率。 The embodiment of the present invention provides a packet processing method and device based on TCAM and FPGA. In this method, the switch extracts packet header information of the packet according to the packet type of the received packet, where the packet header information includes At least one unary information and at least one tuple information, searching for a flow table corresponding to each information in each packet header in parallel and integrating the output result, and in the data When the packet header information is the multi-group information, it is determined whether the multi-group flow table corresponding to the multi-group information is idle, and when the packet header information is not idle, the multi-group flow table is sent to the processing queue of the multi-group flow table. Since the data packet header information extracted by the embodiment of the present invention includes the unary information and the multi-group information, the unary information directly searches for the unary flow table, and when searching the multi-group flow table according to the multi-group information, it is necessary to determine whether the current flow table is idle. That is, it is determined whether the current flow table is occupied by other messages, and the flow table needs to be queued when the flow table is occupied. Therefore, the solution provided by the embodiment of the present invention can effectively implement deep analysis of the message, and the parallel and serial connection are used. The combination method can effectively correlate the results obtained by the previous lookup table, and effectively improve the processing efficiency of the message.
在此提供的算法和显示不与任何特定计算机、 虚拟系统或者其它设备固 有相关。 各种通用系统也可以与基于在此的示教一起使用。 根据上面的描述, 构造这类系统所要求的结构是显而易见的。 此外, 本发明也不针对任何特定 编程语言。 应当明白, 可以利用各种编程语言实现在此描述的本发明的内容, 并且上面对特定语言所做的描述是为了披露本发明的最佳实施方式。  The algorithms and displays provided herein are not germane to any particular computer, virtual system, or other device. Various general purpose systems can also be used with the teaching based on the teachings herein. From the above description, the structure required to construct such a system is obvious. Moreover, the invention is not directed to any particular programming language. It is to be understood that the invention may be embodied in a variety of programming language, and the description of the specific language has been described above in order to disclose the preferred embodiments of the invention.
在此处所提供的说明书中, 说明了大量具体细节。 然而, 能够理解, 本发 明的实施例可以在没有这些具体细节的情况下实践。 在一些实例中, 并未详 细示出公知的方法、 结构和技术, 以便不模糊对本说明书的理解。  Numerous specific details are set forth in the description provided herein. However, it is understood that the embodiments of the invention may be practiced without these specific details. In some instances, well known methods, structures, and techniques have not been shown in detail so as not to obscure the description.
类似地,应当理解, 为了精简本公开并帮助理解各个发明方面中的一个或 多个, 在上面对本发明的示例性实施例的描述中, 本发明的各个特征有时被 一起分组到单个实施例、 图、 或者对其的描述中。 然而, 并不应将该公开的 方法解释成反映如下意图: 即所要求保护的本发明要求比在每个权利要求中 所明确记载的特征更多的特征。 更确切地说, 如下面的权利要求书所反映的 那样, 发明方面在于少于前面公开的单个实施例的所有特征。 因此, 遵循具 体实施方式的权利要求书由此明确地并入该具体实施方式, 其中每个权利要 求本身都作为本发明的单独实施例。  Similarly, the various features of the present invention are sometimes grouped together into a single embodiment, in the above description of exemplary embodiments of the invention, Figure, or a description of it. However, the method disclosed is not to be interpreted as reflecting the intention that the claimed invention requires more features than those recited in the claims. Rather, as the following claims reflect, inventive aspects reside in less than all features of the single embodiments disclosed herein. Therefore, the claims following the specific embodiments are hereby explicitly incorporated into the embodiments, and each of the claims are in their respective embodiments.
本领域那些技术人员可以理解, 可以对实施例中的设备中的模块进行自 适应性地改变并且 ·ί巴它们设置在与该实施例不同的一个或多个设备中。 可以 把实施例中的模块或单元或组件组合成一个模块或单元或组件, 以及此外可 以把它们分成多个子模块或子单元或子组件。 除了这样的特征和 /或过程或者 单元中的至少一些是相互排斥之外, 可以釆用任何组合对本说明书 (包括伴 随的权利要求、 摘要和附图) 中公开的所有特征以及如此公开的任何方法或 者设备的所有过程或单元进行组合。 除非另外明确陈述, 本说明书 (包括伴 随的权利要求、 摘要和附图) 中公开的每个特征可以由提供相同、 等同或相 似目的的替代特征来代替。 Those skilled in the art will appreciate that the modules in the devices in the embodiments can be adaptively changed and placed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and To divide them into multiple sub-modules or sub-units or sub-components. In addition to such features and/or at least some of the processes or units being mutually exclusive, any combination of the features disclosed in the specification, including the accompanying claims, the abstract and the drawings, and any methods so disclosed may be employed. Or combine all the processes or units of the device. Each feature disclosed in the specification (including the accompanying claims, the abstract and the drawings) may be replaced by alternative features that provide the same, equivalent, or similar purpose, unless otherwise stated.
此外, 本领域的技术人员能够理解,尽管在此所述的一些实施例包括其它 实施例中所包括的某些特征而不是其它特征, 但是不同实施例的特征的组合 意味着处于本发明的范围之内并且形成不同的实施例。 例如, 在下面的权利 要求书中, 所要求保护的实施例的任意之一都可以以任意的组合方式来使用。  In addition, those skilled in the art will appreciate that, although some embodiments described herein include certain features that are included in other embodiments and not other features, combinations of features of different embodiments are intended to be within the scope of the present invention. Different embodiments are formed and formed. For example, in the following claims, any one of the claimed embodiments can be used in any combination.
本发明的各个部件实施例可以以硬件实现,或者以在一个或者多个处理器 上运行的软件模块实现, 或者以它们的组合实现。 本领域的技术人员应当理 解, 可以在实践中使用微处理器或者数字信号处理器(DSP )来实现根据本发 明实施例的通过报文处理装置及交换机中的一些或者全部部件的一些或者全 部功能。 本发明还可以实现为用于执行这里所描述的方法的一部分或者全部 的设备或者装置程序 (例如, 计算机程序和计算机程序产品) 。 这样的实现 本发明的程序可以存储在计算机可读介质上, 或者可以具有一个或者多个信 号的形式。 这样的信号可以从因特网网站上下载得到, 或者在载体信号上提 供, 或者以任何其他形式提供。  The various component embodiments of the present invention may be implemented in hardware, or in a software module running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that a microprocessor or digital signal processor (DSP) may be used in practice to implement some or all of the functionality of some or all of the components of the message processing device and switch in accordance with embodiments of the present invention. . The invention can also be implemented as a device or device program (e.g., a computer program and a computer program product) for performing some or all of the methods described herein. Such an implementation The program of the present invention may be stored on a computer readable medium or may be in the form of one or more signals. Such signals may be downloaded from an Internet website, provided on a carrier signal, or provided in any other form.
应该注意的是上述实施例对本发明进行说明而不是对本发明进行限制,并 且本领域技术人员在不脱离所附权利要求的范围的情况下可设计出替换实施 例。 在权利要求中, 不应将位于括号之间的任何参考符号构造成对权利要求 的限制。 单词 "包含" 不排除存在未列在权利要求中的元件或步骤。 位于元 件之前的单词 "一" 或 "一个" 不排除存在多个这样的元件。 本发明可以借 助于包括有若干不同元件的硬件以及借助于适当编程的计算机来实现。 在列 举了若干装置的单元权利要求中, 这些装置中的若干个可以是通过同一个硬 件项来具体体现。 单词第一、 第二、 以及第三等的使用不表示任何顺序。 可 将这些单词解释为名称。 脱离本发明实施例的精神和范围。 这样, 倘若本发明实施例的这些修改和变 型属于本发明权利要求及其等同技术的范围之内, 则本发明也意图包含这些 改动和变型在内。 It is to be noted that the above-described embodiments are illustrative of the invention and are not intended to be limiting, and that the invention may be devised without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as a limitation. The word "comprising" does not exclude the presence of the elements or steps that are not in the claims. The word "a" or "an" preceding a component does not exclude the presence of a plurality of such elements. The invention can be implemented by means of hardware comprising several distinct elements and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means can be embodied by the same hardware item. The use of the words first, second, and third does not indicate any order. Can Interpret these words as names. The spirit and scope of the embodiments of the present invention are departed. Thus, it is intended that the present invention cover the modifications and modifications of the embodiments of the invention.

Claims

权 利 要 求 Rights request
1、 一种基于 TCAM和 FPGA的报文处理方法, 其特征在于, 该方法包 括:  A packet processing method based on TCAM and FPGA, characterized in that the method comprises:
交换机识别接收到的报文的报文类型, 根据识别到的报文类型对应的数 据包头提取规则, 提取该报文的数据包头信息, 其中所述数据包头信息中包 括至少一个一元信息, 及至少一个多元组信息;  The switch identifies the packet type of the received packet, and extracts packet header information of the packet according to the packet header extraction rule corresponding to the identified packet type, where the packet header information includes at least one unary information, and at least a multi-group information;
根据保存的数据包头中的每个信息及流表的对应关系, 并行查找每个信 息对应的每个流表, 并将查找结果整合后输出, 其中,  According to the correspondence between each information in the saved packet header and the flow table, each flow table corresponding to each information is searched in parallel, and the search results are integrated and output, wherein
当该信息为一元信息时, 根据所述一元信息对应的一元流表, 确定查找 结果;  When the information is unary information, determining a search result according to the unary flow table corresponding to the unary information;
当该信息为多元组信息时, 判断所述多元组信息对应的多元组流表当前 是否空闲, 当所述多元组流表非空闲时, 将所述多元组信息发送到所述多元 组流表的处理队列中, 否则, 根据所述多元组信息查找所述多元组流表并确 定查找结果。  When the information is the multi-group information, it is determined whether the multi-group flow table corresponding to the multi-group information is currently idle, and when the multi-group flow table is not idle, sending the multi-group information to the multi-group flow table. In the processing queue, otherwise, the multi-group flow table is searched according to the multi-group information and the search result is determined.
2、 如权利要求 1所述的报文处理方法, 其特征在于, 所述根据所述多元 组信息查找所述多元组流表并确定查找结果后, 所述方法还包括:  The packet processing method according to claim 1, wherein the method further includes: after searching the multi-group flow table according to the multi-group information and determining a search result, the method further includes:
对所述多元组信息进行二次解析;  Performing secondary analysis on the multi-group information;
根据解析后获得每个信息, 及每个信息对应的二次流表, 并行查找每个 信息对应的二次流表, 并将查找结果与一元信息及多元组信息的查找结果整 合后输出。  According to the parsing, each information is obtained, and the secondary flow table corresponding to each information is searched for, and the secondary flow table corresponding to each information is searched in parallel, and the search result is integrated with the search result of the unary information and the multi-group information, and then output.
3、 如权利要求 1或 2所述的报文处理方法, 其特征在于, 所述将查找结 果整合后输出包括:  The packet processing method according to claim 1 or 2, wherein the outputting the integrated search result comprises:
在提取得到的数据包头的每个信息中添加包描述符, 并获得包含该包描 述符的每个查找结果;  Adding a packet descriptor to each piece of information of the extracted packet header, and obtaining each search result including the packet descriptor;
根据所述报文的报文类型, 判断当前得到查找结果的数量是否满足该报 文类型对应的查找结果数量; 当当前得到的查找结果数量满足该报文类型对应的查找结果数量时, 将 每个查找结果整合后输出。 Determining, according to the packet type of the packet, whether the number of the currently obtained search results satisfies the number of search results corresponding to the packet type; When the number of currently obtained search results satisfies the number of search results corresponding to the message type, each search result is integrated and output.
4、 如权利要求 1~3任一项所述的报文处理方法, 其特征在于, 当所述流 表为多元组流表时, 所述多元组流表为包括多个最高元组流表, 确定查找结 果包括:  The packet processing method according to any one of claims 1 to 3, wherein when the flow table is a multi-group flow table, the multi-group flow table includes a plurality of highest-order flow tables. , determine the results of the search include:
判断所述报文的优先级;  Determining the priority of the message;
当所述报文的优先级满足预设的优先级条件时, 判断第一优先级的每个 多元组流表是否空闲; 当第一优先级存在空闲多元组流表时, 根据所述多元 组信息查找所述第一优先级空闲的多元组流表并确定查找结果, 当所述第一 优先级的每个多元组流表非空闲时, 判断第二优先级的每个多元组流表是否 空闲, 当第二优先级存在空闲多元组流表时, 根据所述多元组信息查找所述 空闲的第二优先级的多元组流表并确定查找结果, 否则, 将所述多元组信息 发送到所述第一优先级的多元组流表的处理队列中;  When the priority of the packet satisfies a preset priority condition, determining whether each of the multi-group flow tables of the first priority is idle; when the first priority has an idle multi-group flow table, according to the multi-group The information is searched for the first priority idle multi-group flow table and determines a search result. When each multi-group flow table of the first priority is not idle, determining whether each multi-group flow table of the second priority is Idle, when the second priority has an idle multi-group flow table, searching for the idle second-priority multi-group flow table according to the multi-group information and determining a search result, otherwise, sending the multi-group information to The processing queue of the first priority multi-group flow table;
当所述报文的优先级不满足预设的优先级条件时, 判断第二优先级的每 个多元组流表是否空闲; 当第二优先级存在空闲多元组流表时, 根据所述多 元组信息查找所述空闲多元组流表并确定查找结果, 当所述第二优先级的每 个多元组流表非空闲时, 将所述多元组信息发送到所述第二优先级的多元组 流表的处理队列中。  When the priority of the packet does not meet the preset priority condition, it is determined whether each of the multi-group flow tables of the second priority is idle; when the second priority has an idle multi-group flow table, according to the multiple The group information finds the idle multi-group flow table and determines a search result, and when the multi-group flow table of the second priority is not idle, sending the multi-group information to the second priority multi-group The processing table of the flow table.
5、 如权利要求 1~3任一项所述的报文处理方法, 其特征在于, 当所述流 表为多元组流表时, 所述多元组流表包括最高元组流表和多个常用元组流表, 其中根据设定时间长度内接收到的报文类型中每个数据包头中包含的多元组 信息, 设置常用元组流表;  The packet processing method according to any one of claims 1 to 3, wherein, when the flow table is a multi-group flow table, the multi-group flow table includes a highest tuple flow table and a plurality of a common tuple flow table, wherein a common tuple flow table is set according to the multi-group information included in each data packet header received in the set time length;
其中, 确定查找结果包括:  Wherein, determining the search result includes:
根据接收到的报文的报文类型, 当所述报文类型满足常用元组流表对应 的报文类型时, 判断是否存在空闲的常用元组流表, 当存在空闲的常用元组 流表时, 根据所述多元组信息查找所述空闲的常用元组流表并确定查找结果, 否则, 将所述多元组信息发送到所述常用元组流表的处理队列中; 当所述报文类型不满足常用元组流表对应的报文类型时, 判断最高元组 流表是否空闲, 当最高元组流表空闲时, 根据所述多元组信息查找所述最高 元组流表并确定查找结果, 否则, 将所述多元组信息发送到所述最高元组流 表的处理队列中。 According to the packet type of the received packet, when the packet type satisfies the packet type corresponding to the common tuple flow table, it is determined whether there is an idle common tuple flow table, and when there is an idle common tuple flow table And searching for the idle common tuple flow table according to the multi-group information and determining a search result, otherwise, sending the multi-group information to a processing queue of the common tuple flow table; When the packet type does not meet the packet type corresponding to the common tuple flow table, it is determined whether the highest tuple flow table is idle. When the highest tuple flow table is idle, the highest tuple is searched according to the multi-group information. The flow table determines the lookup result, otherwise, the tuple information is sent to the processing queue of the highest tuple flow table.
6、 一种基于 TCAM和 FPGA的报文处理装置, 其特征在于, 所述装置 包括:  6. A packet processing apparatus based on TCAM and FPGA, wherein the apparatus comprises:
解析提取模块, 用于识别接收到的报文的报文类型, 根据识别到的报文 类型对应的数据包头提取规则, 提取该报文的数据包头信息, 其中所述数据 包头信息包括至少一个一元信息, 及至少一个多元组信息;  The parsing and extracting module is configured to identify a packet type of the received packet, and extract a packet header information of the packet according to the packet header extraction rule corresponding to the identified packet type, where the packet header information includes at least one unary Information, and at least one tuple information;
存储查找模块, 用于根据保存的数据包头中的每个信息及流表的对应关 系, 并行查找每个信息对应的每个流表, 其中, 当该信息为一元信息时, 根 据所述一元信息对应的一元流表, 确定查找结果; 当该信息为多元组信息时, 判断所述多元组信息对应的多元组流表当前是否空闲, 当所述多元组流表非 空闲时, 将所述多元组信息发送到所述多元组流表的处理队列中, 否则, 根 据所述多元组信息查找所述多元组流表并确定查找结果;  a storage search module, configured to search each flow table corresponding to each information in parallel according to the correspondence between each information in the saved data packet header and the flow table, where, when the information is unary information, according to the unary information Corresponding one-way flow table, determining a search result; when the information is multi-group information, determining whether the multi-group flow table corresponding to the multi-group information is currently idle, and when the multi-group flow table is not idle, The group information is sent to the processing queue of the multi-group flow table, otherwise, the multi-group flow table is searched according to the multi-group information and the search result is determined;
仲裁模块, 用于将查找结果整合后输出。  Arbitration module, used to integrate the search results and output.
7、 如权利要求 6所述的报文处理装置, 其特征在于, 所述装置还包括: 二次解析模块, 用于对所述多元组信息进行二次解析;  The message processing device according to claim 6, wherein the device further comprises: a secondary analysis module, configured to perform secondary analysis on the multi-group information;
存储查找模块, 还用于根据解析后获得每个信息, 及每个信息对应的二 次流表, 并行查找每个信息对应的二次流表;  The storage search module is further configured to: obtain each information according to the parsing, and a secondary flow table corresponding to each information, and search for a secondary flow table corresponding to each information in parallel;
仲裁模块, 还用于将查找结果与一元信息及多元组信息的查找结果整合 后输出。  The arbitration module is further configured to integrate the search result with the search result of the unary information and the multi-group information and output the result.
8、如权利要求 6或 7所述的报文处理装置,其特征在于, 所述仲裁模块, 具体用于在提取得到的数据包头的每个信息中添加包描述符, 并获得包含该 包描述符的每个查找结果; 根据所述报文的报文类型, 判断当前得到查找结 果的数量是否满足该报文类型对应的查找结果数量; 当当前得到的查找结果 数量满足该报文类型对应的查找结果数量时, 将每个查找结果整合后输出。 The packet processing apparatus according to claim 6 or 7, wherein the arbitration module is specifically configured to add a packet descriptor to each information of the extracted data packet header, and obtain the package description including According to the packet type of the packet, it is determined whether the number of currently obtained search results satisfies the number of search results corresponding to the packet type; when the number of currently obtained search results satisfies the corresponding packet type When finding the number of results, each search result is integrated and output.
9、 如权利要求 6~8任一项所述的报文处理装置, 其特征在于, 所述存储 查找模块, 具体用于当所述流表为多元组流表时, 所述多元组流表为包括多 个最高元组流表, 当所述报文的优先级满足预设的优先级条件时, 判断第一 优先级的每个多元组流表是否空闲; 当第一优先级存在空闲多元组流表时, 根据所述多元组信息查找所述第一优先级空闲的多元组流表并确定查找结 果, 当所述第一优先级的每个多元组流表非空闲时, 判断第二优先级的每个 多元组流表是否空闲, 当第二优先级存在空闲多元组流表时, 根据所述多元 组信息查找所述空闲的第二优先级的多元组流表并确定查找结果, 否则, 将 所述多元组信息发送到所述第一优先级的多元组流表的处理队列中; 当所述 报文的优先级不满足预设的优先级条件时, 判断第二优先级的每个多元组流 表是否空闲; 当第二优先级存在空闲多元组流表时, 根据所述多元组信息查 找所述空闲多元组流表并确定查找结果, 当所述第二优先级的每个多元组流 表非空闲时, 将所述多元组信息发送到所述第二优先级的多元组流表的处理 队列中。 The packet processing apparatus according to any one of claims 6 to 8, wherein the storage search module is specifically configured to: when the flow table is a multi-group flow table, the multi-group flow table In order to include a plurality of highest tuple flow tables, when the priority of the packet satisfies a preset priority condition, it is determined whether each multi-group flow table of the first priority is idle; when the first priority has an idle multi-priority When the flow table is configured, the first priority idle multi-group flow table is searched according to the multi-group information, and the search result is determined. When each multi-group flow table of the first priority is not idle, the second judgment is performed. Whether each of the priority group flow tables of the priority is idle, and when the second priority has an idle multi-group flow table, searching for the idle second priority multi-group flow table according to the multi-group information and determining the search result, Otherwise, the multi-group information is sent to the processing queue of the first-priority multi-group flow table; when the priority of the packet does not meet the preset priority condition, the second priority is determined. Each plural Whether the flow table is idle; when the second priority has an idle multi-group flow table, searching the idle multi-group flow table according to the multi-group information and determining a search result, when each multi-group flow of the second priority When the table is not idle, the multi-group information is sent to the processing queue of the second-priority multi-group flow table.
10、 如权利要求 6~8任一项所述的报文处理装置, 其特征在于, 所述存 储查找模块, 具体用于当所述流表为多元组流表时, 所述多元组流表包括最 高元组流表和多个常用元组流表, 其中根据设定时间长度内接收到的报文类 型中每个数据包头中包含的多元组信息, 设置常用元组流表; 根据接收到的 报文的报文类型, 当所述报文类型满足常用元组流表对应的报文类型时, 判 断是否存在空闲的常用元组流表, 当存在空闲的常用元组流表时, 根据所述 多元组信息查找所述空闲的常用元组流表并确定查找结果, 否则, 将所述多 元组信息发送到所述常用元组流表的处理队列中; 当所述报文类型不满足常 用元组流表对应的报文类型时, 判断最高元组流表是否空闲, 当最高元组流 表空闲时, 根据所述多元组信息查找所述最高元组流表并确定查找结果, 否 则, 将所述多元组信息发送到所述最高元组流表的处理队列中。  The packet processing apparatus according to any one of claims 6 to 8, wherein the storage search module is specifically configured to: when the flow table is a multi-group flow table, the multi-group flow table The highest tuple flow table and the plurality of common tuple flow tables are included, wherein the common tuple flow table is set according to the multi-group information included in each packet header in the received message type within the set time length; The packet type of the packet, when the packet type satisfies the packet type corresponding to the common tuple flow table, it is determined whether there is an idle common tuple flow table, and when there is an idle common tuple flow table, according to The multi-group information is searched for the idle common tuple flow table and the search result is determined; otherwise, the multi-group information is sent to the processing queue of the common tuple flow table; when the packet type is not satisfied When the packet type corresponding to the common tuple flow table is used, it is determined whether the highest tuple flow table is idle. When the highest tuple flow table is idle, the highest tuple flow table is searched according to the multi-group information and the search result is determined. , Otherwise, transmitting the group information to the processing queue polyhydric the highest tuple stream table.
PCT/CN2014/077799 2014-05-19 2014-05-19 Tcam and fpga-based packet processing method and device WO2015176212A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2014/077799 WO2015176212A1 (en) 2014-05-19 2014-05-19 Tcam and fpga-based packet processing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2014/077799 WO2015176212A1 (en) 2014-05-19 2014-05-19 Tcam and fpga-based packet processing method and device

Publications (1)

Publication Number Publication Date
WO2015176212A1 true WO2015176212A1 (en) 2015-11-26

Family

ID=54553170

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/077799 WO2015176212A1 (en) 2014-05-19 2014-05-19 Tcam and fpga-based packet processing method and device

Country Status (1)

Country Link
WO (1) WO2015176212A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108540350A (en) * 2018-04-20 2018-09-14 济南浪潮高新科技投资发展有限公司 A kind of network flow preprocess method based on FPGA
CN112632079A (en) * 2020-12-30 2021-04-09 联想未来通信科技(重庆)有限公司 Data stream identification query method and device
CN113938400A (en) * 2021-08-27 2022-01-14 曙光网络科技有限公司 Flow table management and maintenance method, device and storage medium
CN114268585A (en) * 2019-11-07 2022-04-01 苏州盛科通信股份有限公司 TCAM-based three-layer route forwarding judgment method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103281246A (en) * 2013-05-20 2013-09-04 华为技术有限公司 Message processing method and network equipment
CN103401777A (en) * 2013-08-21 2013-11-20 中国人民解放军国防科学技术大学 Parallel search method and system of Openflow
CN103560958A (en) * 2013-10-18 2014-02-05 华为技术有限公司 Method and device for rule matching of data packets

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103281246A (en) * 2013-05-20 2013-09-04 华为技术有限公司 Message processing method and network equipment
CN103401777A (en) * 2013-08-21 2013-11-20 中国人民解放军国防科学技术大学 Parallel search method and system of Openflow
CN103560958A (en) * 2013-10-18 2014-02-05 华为技术有限公司 Method and device for rule matching of data packets

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108540350A (en) * 2018-04-20 2018-09-14 济南浪潮高新科技投资发展有限公司 A kind of network flow preprocess method based on FPGA
CN114268585A (en) * 2019-11-07 2022-04-01 苏州盛科通信股份有限公司 TCAM-based three-layer route forwarding judgment method
CN114268585B (en) * 2019-11-07 2024-01-23 苏州盛科通信股份有限公司 Three-layer route forwarding judging method based on TCAM
CN112632079A (en) * 2020-12-30 2021-04-09 联想未来通信科技(重庆)有限公司 Data stream identification query method and device
CN112632079B (en) * 2020-12-30 2023-07-21 联想未来通信科技(重庆)有限公司 Query method and device for data stream identification
CN113938400A (en) * 2021-08-27 2022-01-14 曙光网络科技有限公司 Flow table management and maintenance method, device and storage medium

Similar Documents

Publication Publication Date Title
US11677851B2 (en) Accelerated network packet processing
CN108809830B (en) Method and network equipment for realizing message sequencing in OpenFlow software defined network
US9485183B2 (en) System and method for efectuating packet distribution among servers in a network
US10778721B1 (en) Hash-based ACL lookup offload
US10708272B1 (en) Optimized hash-based ACL lookup offload
WO2016082282A1 (en) Method and system for implementing 802.1p-supporting openvswitch switch
WO2016000362A1 (en) Method, device, and system for configuring flow entries
CN105429879B (en) Flow entry querying method, equipment and system
US10397116B1 (en) Access control based on range-matching
US10511518B2 (en) Mechanism and framework for finding optimal multicast tree roots without the knowledge of traffic sources and receivers for Fabricpath and TRILL
US10122735B1 (en) Switch having dynamic bypass per flow
WO2015176212A1 (en) Tcam and fpga-based packet processing method and device
CN108710629B (en) Top-k query method and system based on named data network
US10263901B2 (en) Service packet processing method, apparatus, and system
WO2016004646A1 (en) Method, system and apparatus for acquiring topological connection relationship between devices
CN107566293B (en) Method and device for limiting message speed
CN104009924B (en) Message processing method and device based on TCAM and FPGA
WO2016150020A1 (en) Scheduling flow identifier-based packet scheduling method and device
WO2015165270A1 (en) Data packet processing method and device
US9590897B1 (en) Methods and systems for network devices and associated network transmissions
US20220141136A1 (en) Optimizing entries in a contentaddressable memory of a network device
US10205658B1 (en) Reducing size of policy databases using bidirectional rules
US7859997B2 (en) Packet handling on a network device
CN113347090B (en) Message processing method, forwarding equipment and message processing system
CN111064671B (en) Data packet forwarding method and device and electronic equipment

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14892871

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14892871

Country of ref document: EP

Kind code of ref document: A1