WO2018166355A1 - 处理分组的方法和网络设备 - Google Patents

处理分组的方法和网络设备 Download PDF

Info

Publication number
WO2018166355A1
WO2018166355A1 PCT/CN2018/077778 CN2018077778W WO2018166355A1 WO 2018166355 A1 WO2018166355 A1 WO 2018166355A1 CN 2018077778 W CN2018077778 W CN 2018077778W WO 2018166355 A1 WO2018166355 A1 WO 2018166355A1
Authority
WO
WIPO (PCT)
Prior art keywords
matching
fields
classification rule
classification
value
Prior art date
Application number
PCT/CN2018/077778
Other languages
English (en)
French (fr)
Inventor
胡晶
刘淑英
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2018166355A1 publication Critical patent/WO2018166355A1/zh
Priority to US16/567,619 priority Critical patent/US11310153B2/en
Priority to US17/712,819 priority patent/US11799766B2/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/302Route determination based on requested QoS
    • H04L45/306Route determination based on the nature of the carried application
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/38Flow based routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/24Traffic characterised by specific attributes, e.g. priority or QoS
    • H04L47/2441Traffic characterised by specific attributes, e.g. priority or QoS relying on flow classification, e.g. using integrated services [IntServ]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers

Definitions

  • the present application relates to the field of information technology and, more particularly, to a method and network device for processing packets.
  • the network device may classify the packets having the same feature into one class according to a preset classification rule, so as to perform different processing for different types of packets.
  • the packet may be subjected to rate limiting, filtering, packet statistics, redirection, etc. according to the type of the packet.
  • the network device can classify the packet using some information carried by the packet. For example, the source Internet Protocol (IP) address, the destination IP address, the source port number, the destination port number, the protocol type, the source media access control (MAC) address, and the destination MAC address carried in the packet may be utilized. One or more of the categories are grouped. For convenience of description, the information for classification carried in the packet is hereinafter referred to as classification information.
  • IP Internet Protocol
  • MAC media access control
  • the network device When the network device classifies the packet, it determines the type to which the packet belongs according to a preset classification rule.
  • the number of digits included in each classification rule is equal to the number of bits included in the classification information.
  • the plurality of numbers included in each of the classification rules are in one-to-one correspondence with a plurality of bits included in the classification information.
  • the network device compares the classification information of the packet with the numbers included in the plurality of classification rules, thereby determining a classification rule that matches the classification information.
  • the network device processes the packet according to a classification rule that matches the classification information. In the above scheme, the efficiency of processing packets is low.
  • the embodiments of the present application provide a method and a network device for processing a packet, which can improve the efficiency of processing a packet.
  • an embodiment of the present application provides a method for processing a packet, where the method includes: a network device receiving a packet, where the packet includes classification information, where the classification information includes M fields, where the M fields include X fields and K Fields, the number of bits in the M fields is N, the number of bits in the X fields is P, the number of bits in the K fields is Q, and N is a positive integer greater than or equal to 2, N It is equal to the sum of Q and P, M is equal to the sum of K and X, Q, P, K and X are both positive integers, and M is a positive integer greater than or equal to 2; the network device determines according to the indication information saved by the network device.
  • the K fields of the M fields, the indication information includes M indicator numbers, and the M fields are in one-to-one correspondence with the M indicator numbers, and the value of the indicator number corresponding to each field in the K fields is equal to the first a value, the value of the indication number corresponding to each of the X fields is equal to the second value, the first value is not equal to the second value; the network device according to the first classification rule set saved by the network device and the K Fields to determine the target classification rules, the target points
  • the rule is a first classification rule in the first classification rule set, the first classification rule set includes T first classification rules, and each of the T first classification rules includes K matching domains.
  • the number of digits in the K matching domains included in each of the T first classification rules is Q, and the K matchings included in each of the first first classification rules
  • the domain is in one-to-one correspondence with the K fields, and the K matching fields included in the target classification rule are matched with the K fields, and the K matching fields included in the target classification rule are in one-to-one correspondence with the K fields, and T is greater than or equal to A positive integer of 1;
  • the network device processes the packet according to the target classification rule.
  • the network device determines that the type of the packet does not require the use of each bit in the classification information.
  • the network device only needs to compare some bits of the classification information with the classification rule to determine the type of the packet. In this way, the number of comparisons when determining the packet type can be reduced, so that the efficiency of processing the packet can be improved.
  • M′, N, and Q′ satisfy the following relationship: M′+Q′ is less than 2N, where M′ represents a bit included in the M indicator digits The number, Q', represents the number of bits included in the K matching fields included in each of the T first classification rules. The length of each classification rule is reduced. In this way, in the case that the storage space used by the network device to store the classification rule is unchanged, the network device can store more classification rules.
  • the network device determines M matches included in the tth second classification rule.
  • a type of each matching domain in the domain the type of the matching domain in the M matching domains included in the t-th second classification rule is a first type or a second type, and the t-th second classification rule includes The types of K matching fields in the M matching domains are the first type.
  • the type of the X matching fields in the M matching domains included in the t-th second classification rule is the second type, and the t-th second classification rule includes K matching domains in the M matching domains.
  • the number of digits included in the kth matching field is equal to the number of bits included in the kth field in the K fields, and the K matching fields in the M matching domains included in the tth second classification rule
  • the network device includes, according to the type of each matching domain in the M matching domains included in the t-th second classification rule, and the t-th second classification rule K matching fields in the M matching domains, determining the M indicator numbers and the tth first classification rule in the T first classification rules, wherein the tth first classification rule includes K matches Domain, the K matching fields included in the first classification rule are K matching domains in the M matching domains.
  • the network device may determine a corresponding first classification rule according to the second classification rule, and the length of the first classification rule is smaller than the length of the corresponding second classification rule.
  • the network device determines each of the M matching domains included in the tth second classification rule
  • the type of the domain includes: determining, by the network device, that the at least one specific value is included in the value of the number included in the mth matching field in the M matching domains included in the tth second classification rule
  • the type of the m matching fields is the first type; the network device determines that the value of the number included in the mth matching field in the M matching fields included in the tth second classification rule is a common value.
  • the network device may determine a corresponding first classification rule according to the second classification rule, and the length of the first classification rule is smaller than the length of the corresponding second classification rule.
  • the network device determines the t-th number in the case that P is a positive integer greater than or equal to 2
  • the type of each matching domain in the M matching domains included in the second classification rule includes: determining, by the network device, a value of a number included in the mth matching domain in the M matching domains included in the t-th second classification rule Whether the value of the mth matching field included in the M matching fields included in the second classification rule other than the t second second classification rule is the same as the value included in the T second classification rule; if not, then Determining, by the t-th second classification rule, that the type of the m-th matching field in the M matching domains is the first type; if yes, determining the M matching domains included in the t-th second classification rule The type of the mth matching field is the second type.
  • the network device may determine a corresponding first classification rule according to the second
  • an embodiment of the present invention provides a network device, where the network device includes: a unit for performing the method provided by the first aspect.
  • an embodiment of the present invention provides a computer readable storage medium, the program stored in the computer readable storage medium comprising instructions for executing the method provided by the first aspect.
  • an embodiment of the present invention provides a network device, where the network device includes the computer readable storage medium, the processor, and the transceiver of the third aspect.
  • the processor is configured to, in conjunction with the transceiver, execute instructions of the program stored in the computer readable storage medium to perform processing of the packet.
  • FIG. 1 is a schematic flowchart of a method for processing a packet according to an embodiment of the present application.
  • FIG. 2 is a structural block diagram of a network device according to an embodiment of the present application.
  • FIG. 3 is a structural block diagram of a network device according to an embodiment of the present application.
  • the classification rule needs to include Y numbers, the Y bits are in one-to-one correspondence with the Y numbers, and Y is a positive integer greater than or equal to 1.
  • the type of this value can include specific values and generic values.
  • the specific value includes the first specific value and the second specific value.
  • a bit having a bit value of 1 matches the first specific value, and a bit having a bit value of 0 matches the second specific value.
  • a bit having a bit value of 1 is referred to as a first bit
  • a bit having a bit value of 0 is referred to as a second bit. Both the first bit and the second bit match the common value.
  • the first specific value can be represented by 1, the second specific value can be represented by 0, and the universal value can be represented by *. It can be understood that 1 bit can represent up to two values. Therefore, if it is necessary to represent three different values, at least 2 bits are required. That is, a number is represented by at least two bits. For example, a bit value of 00 indicates the first specific value, a bit value of 01 indicates the second specific value, and a bit value of 10 indicates the common value. Therefore, the classification rule has a length of at least 2Y bits.
  • the classification information is the source port number and the destination port number. It is assumed that the network device needs to schedule packets with a source port number of 8080 and a destination port number of 0 to 65535.
  • the binary values of the source port number and the destination port number are both 16 bits. Therefore, the source port number and the destination port number of the packet need to be 32 bits in total.
  • the classification rule for determining that the received packet is a packet that needs to be scheduled needs to include 32 numbers.
  • the value of the 32 digits is: 0001111110010000****************.
  • the first 16 digits in the classification rule correspond one-to-one with the binary value of the source port number, and the last 16 digits correspond one-to-one with the binary value of the destination port number.
  • the value of the number corresponding to the source port number in the classification rule is the same as the binary value of the source port number. Since it is not necessary to care about the value of the destination port number, the value of the number corresponding to the destination port number can be set to a common value.
  • the network device determines whether the value of the 32 bits of the received packet indicating the source port number and the destination port number matches the 32 numbers included in the classification rule. If so, the packet is determined to be a packet that needs to be scheduled; if not, the packet is determined to be a packet that does not need to be scheduled.
  • the network device referred to in this application may be a router or a network switch.
  • FIG. 1 is a schematic flowchart of a method for processing a packet according to an embodiment of the present application.
  • the method includes 101, 102, 103, and 104.
  • the network device receives the packet.
  • the network device can include an Ethernet interface.
  • the packet may be an Ethernet frame.
  • the network device can receive the Ethernet frame via the Ethernet interface.
  • the packet may be sent by the user equipment, the Internet server, or other device, which is not limited by the embodiment of the present application.
  • This grouping includes classification information.
  • the classified information used in the classification is used to classify the information used by the classification rules. For example, if the information used to classify a packet in the classification rule is a source IP address and a destination IP address, the classification information is a source IP address and a destination IP address. For example, if the information used in classifying the packet in the classification rule is the source port number and the destination port number, the classification information is the source port number and the destination port number.
  • the number of bits included in the classification information is related to the content included in the classification information. For example, if the classification information includes a source port number, the classification information has a length of 16 bits.
  • the classification information has a length of 32 bits.
  • the classification information includes M fields, where the M fields include X fields and K fields, the number of bits in the M fields is N, and the number of bits in the X fields is P, in the K fields
  • the number of bits is Q, N is a positive integer greater than or equal to 2, N is equal to the sum of Q and P, M is equal to the sum of K and X, Q, P, K, and X are positive integers, and M is greater than or equal to A positive integer of 2.
  • different ones of the M fields correspond to different information in the classification information.
  • the classification information includes a source IP address and a destination IP address
  • the value of M may be 2.
  • One of the two fields may be the source IP address and the other field may be the destination IP address.
  • the M fields may be halved or unequal to the classification information.
  • the classification information can be equally divided into M fields, each of which includes 32/M bits.
  • the length of the classification information can be divisible by M.
  • the length of the two fields in the M fields may also be different.
  • the four fields may include the number of bits of 4, 4, 8, and 16, respectively.
  • the values of the bits of the two fields in the M fields may be identical or partially identical, but the repeated bits are not included in the M fields.
  • the repeated bits mean that the bits belonging to one field belong to the other field at the same time.
  • the classification information has a length of 32 bits and M is equal to 2
  • the first field of the two fields may be the first bit to the 16th bit of the 32 bits
  • the second field may be 32 The 17th bit to the 32nd bit in the bit.
  • the network device determines K fields in the M fields according to the indication information saved by the network device.
  • the indication information may be saved in a memory of a forwarding plane of the network device.
  • the network device can include a plurality of ports for receiving traffic. Each port corresponds to a piece of indication information.
  • the plurality of pieces of indication information corresponding to the plurality of ports may be saved in the memory.
  • the network processor in the network device may determine indication information corresponding to the packet according to the indication information corresponding to the port for receiving the packet.
  • the indication information includes M indication numbers.
  • the M indicator numbers are in one-to-one correspondence with the M fields.
  • the value of the indicator number corresponding to each of the K fields is equal to the first value
  • the value of the indicator number corresponding to each of the X fields is equal to the second value
  • the first value is not equal to the second value.
  • the indication number is used to indicate whether the field corresponding to the indication number needs to match the matching domain in the first classification rule. If the value of the indicator number is equal to the first value, the field corresponding to the indicator number needs to match the matching field in the first classification rule; if the value of the indicator number is equal to the second value, the indicator number corresponds to The field does not need to match the matching field in the first classification rule.
  • each of the indicator numbers is 1 bit.
  • the first value can be equal to one and the second value can be equal to zero.
  • the number is 2 bits.
  • the first value can be 10 or 11, and the second value can be 00.
  • the network device determines a target classification rule according to the first classification rule set saved by the network device and the Q bits included in the K fields.
  • the target classification rule is a classification rule that matches the packet.
  • a lookup engine in the network device can perform the step of determining the classification rule.
  • the first classification rule set includes T first classification rules, and each of the T first classification rules includes K matching domains, and each of the T first classification rules The number of digits in the K matching fields included in a classification rule is Q, where T is a positive integer greater than or equal to 1.
  • Each of the first first classification rules of the T first classification rules includes K matching domains that are in one-to-one correspondence with the K fields.
  • the K matching fields included in the target classification rule match the K fields.
  • the K matching fields included in the target classification rule and the K fields match the qth number of the Q numbers in the K matching fields included in the target classification rule and the K fields
  • the qth bit of the Q bits match.
  • the value of the number is * (ie, the common value) and the number of bits with the values of 1 and 0 matches.
  • the number of the value of 1 matches the bit with the value of 1 and the value of the number is 0.
  • the number matches the bit with a value of 0.
  • the network device processes the packet according to the target classification rule.
  • the network device can be a router.
  • the network device can include a forwarding table.
  • the forwarding table may be a routing table.
  • the forwarding table includes a plurality of entries.
  • the forwarding table includes the first classification rule set. Among them, each entry contains a classification rule. Specifically, each entry may include a matching domain and an action domain. The classification rule corresponding to the entry may be included in the match of the entry.
  • the network processor of the network device may process the packet according to the action domain in the target entry.
  • the target entry is an entry that matches the packet.
  • the matching field in the target entry contains the target classification rule.
  • the action field of the target entry may contain instructions to process the packet.
  • the action field of the target entry may include a parameter.
  • the parameter may be a variable assignment in a computer program for processing the packet.
  • the variable of the computer program used to process the packet may be an outgoing interface.
  • the parameter is an identifier of the outbound interface.
  • a computer program for processing the packet may be a computer program for performing a forwarding process on the packet.
  • the network device may perform rate limiting, filtering, grouping statistics, redirection, and the like on the packet according to the type of the packet.
  • the network device determines that the type of the packet does not require comparing each bit in the classification information with the classification rule in the classification rule set.
  • the network device only needs to compare the partial bits of the classification information with the classification rules in the classification rule set to determine the target classification rule.
  • the network device may process the packet according to a target classification rule.
  • the technical solution provided by the embodiment can reduce the number of comparisons when determining the target classification rule, thereby Improve the efficiency of processing packets.
  • M', N, and Q' satisfy the following relationship: M' + Q' is less than 2N, where M' represents the number of bits each indication information includes, and Q' represents each of the first classification rules The number of bits included in the matching field. The length of each classification rule is reduced. In this way, in the case that the storage space used by the network device to store the classification rule is unchanged, the network device can store more classification rules.
  • Table 1 is an illustration of M indication information and a first classification rule saved by the network device.
  • the first classification rule saved by the network device includes R1, R2, and R3.
  • Each first classification rule includes indication information and a matching domain.
  • the indication information includes a total of four indicator numbers.
  • Each of the four indicator numbers indicates a value of 0 or 1.
  • each of the four indicator numbers may have a length of 1 bit.
  • the indication information has a length of 4 bits.
  • the matching domain consists of a total of 16 numbers.
  • the value of each of the 16 numbers can be 1, 0, and *. In this case, each number has a minimum length of 2 bits. Therefore, the matching field has a length of at least 32 bits.
  • each of the three first classification rules saved by the network device has a length of 36 bits.
  • the four indication numbers of the indication information in each of the first classification rules respectively correspond to the source IP address, the destination IP address, the source port number, and the destination port number of the packet.
  • the network device may determine that the classification information of the packet includes a source IP address, a destination IP address, a source port number, and a destination port number.
  • the network device may divide the classification information into four fields, which are a source IP address, a destination IP address, a source port number, and a destination port number of the packet, respectively.
  • the network device determines a source port number of the packet according to the indication information.
  • the network device may determine a matching domain in the first classification rule set that matches the source port number of the packet, and the first classification rule to which the matching domain belongs is the target classification rule of the packet.
  • the network device After determining the type of the packet, the network device can perform subsequent processing on the packet according to the type of the packet.
  • the network device may determine the first classification rule set according to the second classification rule set.
  • the second classification rule set includes T second classification rules.
  • the kth field in the field includes the same number of bits
  • K Determining, by the network device, the M indicator digits and the first of the T first classification rules according to the type of each matching domain in the M matching domains included in the tth second classification rule and the K matching domains a first classification rule, where the tth first classification rule includes K matching domains, and the K matching fields included in the first rule are K matching domains in the M matching domains.
  • the M indicator numbers are in one-to-one correspondence with the M matching fields.
  • the type of the matching domain is the first type
  • the value of the indication number corresponding to the matching domain is the first value.
  • the value of the indication number corresponding to the matching domain is the second value.
  • the network device determines a type of each matching domain in the M matching domains that is included in the t-th second classification rule, where the network device determines the t-th second If the value of the number included in the mth matching field included in the M matching domain includes at least one specific value, determining that the type of the mth matching domain is the first type; the network device is determining And determining, by the t-th second classification rule, that the value of the m-th matching field included in the M-matching domain is a common value, determining that the type of the m-th matching domain is the second type, where
  • the specific value includes a first specific value and a second specific value, the first bit is matched with the first specific value, the second bit is matched with the second specific value, and the first bit and the second bit are both the common value Matching, the first bit is a bit having a value of 1, and the second bit is a bit having a value of zero.
  • the mth matching field may include only one digit (a digit).
  • the inclusion of at least one specific value in the value of the number included in the mth matching field means that the value of the unique one of the numbers included in the mth matching field is a specific value.
  • the value of the number included in the m-th matching field is a common value, which means that the value of the unique one of the m-th matching fields is a common value.
  • the mth matching field may comprise a sequence of digits.
  • the sequence of numbers consists of two or more numbers.
  • the inclusion of at least one specific value in the value of the number included in the mth matching field means that the value of the mth matching field including at least one of the numbers in the sequence of numbers is a specific value.
  • the value of the number included in the mth matching field is a common value, which means that the values of all the numbers in the digital sequence included in the mth matching field are common values.
  • Table 2 is an illustration of a second classification rule.
  • the second classification rule set as shown in Table 2 includes R1', R2', and R3'.
  • the matching domain 1, the matching domain 2, the matching domain 3, and the matching domain 4 of each of the three second classification rules respectively correspond to the source IP address, the destination IP address, the source port number, and the destination port of the packet. number.
  • the values of the numbers of the matching domain 1, the matching domain 2, and the matching domain 4 of each of the three second classification rules are common values. Therefore, the types of the matching domain 1, the matching domain 2, and the matching domain 4 are the second type.
  • the value of only one digit in match field 3 is a common value. Therefore the type of matching field 3 is the first type.
  • the network device can determine that the indication information of the three second classification rules is 0010.
  • the network device may determine that the matching domain 3 of each second classification rule is a matching domain of the corresponding first classification rule. In this way, the network device can determine that R1 in Table 1 is a classification rule corresponding to R1' in Table 2, and R2 in Table 1 is a classification rule corresponding to R2' in Table 2, and R3 in Table 1 is The classification rule corresponding to R3' in Table 2.
  • the network device determines a type of each matching domain in the M matching domains, including: the network device determines the Whether the value of the number of the mth matching field in the M matching fields included in the t second second classification rule and the second classification rule other than the tth second classification rule in the T second classification rules are included The values of the mth matching field in the M matching fields are the same; if not, determining that the type of the mth matching field in the M matching fields included in the tth second classification rule is the first a type; if yes, determining that the type of the mth matching field in the M matching fields included in the t-th second classification rule is the second type.
  • Table 3 is an illustration of a second classification rule.
  • the second classification rule set as shown in Table 3 includes R1', R2', and R3'.
  • the matching domain 1, the matching domain 2, the matching domain 3, and the matching domain 4 of each of the three second classification rules respectively correspond to the source IP address, the destination IP address, the source port number, and the destination port of the packet. number.
  • the values of the numbers of the matching field 2 and the matching field 4 of each of the three second classification rules are common values. Therefore, the types of the matching domain 2 and the matching domain 4 are the second type.
  • the number of the matching field 1 of each of the three second classification rules includes the common value and the specific value, but the matching fields 1 of the three second classification rules are the same. In this case, the network device can also determine the type of the matching domain 1 as the second type.
  • the value of only one digit in the matching field 3 is a common value, and the matching fields 3 of the three second classification rules are different. Therefore the type of matching field 3 is the first type.
  • the value of the indication number corresponding to the matching domain 1, the matching domain 2, and the matching domain 4 is 0, and the value of the indication number corresponding to the matching domain 3 is 1.
  • the network device can determine that the indication information of the three second classification rules is 0010.
  • the network device may determine that the matching domain 3 of each second classification rule is a matching domain of the corresponding first classification rule.
  • the network device can determine that R1 in Table 1 is a classification rule corresponding to R1' in Table 2, and R2 in Table 1 is a classification rule corresponding to R2' in Table 2, and R3 in Table 1 is The classification rule corresponding to R3' in Table 2.
  • the network device needs at least 192 bits when storing the second classification rule as shown in Table 2, and only 36 bits when saving the first classification rule as shown in Table 1. Therefore, according to the technical solution provided by the embodiment of the present application, the storage space required for the network device to save a classification rule is reduced. In this way, the network device can save more classification rules without changing the total storage space.
  • the network device may save only one piece of indication information. This can further reduce the storage space required by the network device to save the first classification rule.
  • the indication information of the three first classification rules as shown in Table 1 are the same.
  • the indication information of different first classification rules saved by the network device may also be different.
  • the network device can also save the first classification rule as shown in Table 4.
  • the specific process by which the network device determines the type of the received packet using the first classification rule as shown in Table 4 is similar to the specific process of determining the type of the packet according to Table 1, and need not be described here. How the network device determines the specific process of the first classification rule as shown in Table 4 is similar to the specific process of how the network device determines the first classification rule as shown in Table 1, and need not be described here.
  • each indicator number in the examples shown in Tables 1 to 4 has a length of 1 bit.
  • each indicator number can be 2 bits in length.
  • the number in one or more matching fields in the comparison rule may be only 0 or 1, and the numbers in other matching fields include 0, 1, and *.
  • the two matching fields and the fields that do not need to be matched can be distinguished by different indicator numbers. Since the three different fields need to be distinguished, the indication number requires at least 2 bits.
  • the indication number 00 indicates that the field corresponding to the indication number does not need to be matched
  • the indication number 10 indicates that the field corresponding to the indication number needs to be matched and the numbers in the matching field include 0, 1, and *
  • the indication number 11 indicates The fields corresponding to the indicated numbers need to be matched and the numbers in the matching field include only 0 or 1.
  • each number in the matching field corresponding to 11 may be only 1 bit.
  • Table 5 is an illustration of another first set of classification rules.
  • Matching field 1 Matching field 2
  • Matching field 2 R1 00-00-10-11 0000000011111*01 0000000011111001
  • R2 00-00-10-11 0000000011100*10 0000000011100110
  • R3 00-00-10-11 0000000011001*01 0000000011001101
  • the first classification rule saved by the network device includes R1, R2, and R3.
  • Each first classification rule includes indication information and two matching domains.
  • the indication information includes a total of four indicator numbers. Each of the four indicator numbers indicates that the number is 2 bits in length.
  • the indication information has a length of 8 bits.
  • the four indicator numbers are 00, 00, 10 and 11. It can be understood that the symbol "-" in the indication information in Table 5 is only for better distinguishing different indication numbers when understanding the embodiment of the present application. In practical applications, the symbol "-" is not included in the indication information saved by the network device.
  • the matching field 1 includes a total of 16 numbers. The value of each of the 16 numbers included in the matching field 1 may be 1, 0, and *.
  • each of the 16 numbers included in the matching field 1 has a length of at least 2 bits. Therefore, the matching field has a length of at least 32 bits.
  • the matching field 2 also includes 16 numbers.
  • the matching field 2 includes a value of 0 or 1 for the 16 digits. In this case, each of the 16 numbers included in the matching field 2 may be 1 bit in length. Therefore, the length of the matching field can be at least 16 bits.
  • each of the three first classification rules saved by the network device has a length of 56 bits. When the first classification rule shown in Table 5 is saved, if the network device still adopts the method shown in Table 1, the length of the indication information can be shortened to 4 bits, and the length of the matching field 2 is at least 32 bits. Therefore, when the first classification rule shown in Table 5 is saved, if the method shown in Fig. 1 is employed, the length of one first classification rule is 68 bits. Therefore, the above embodiment can further reduce the number of bits required to save the first classification rule.
  • the network device may determine, based on the value of the indicated number in the first classification rule, whether each field in the packet is a field to be compared when receiving the packet.
  • the indication number whose bit values are 10 and 11 may be the first value, and the indication number whose bit value is 00 is the second value. If the value of the indicator number is the first value, the field corresponding to the indicator number needs to be compared; if the value of the indicator number is the second value, the field corresponding to the indicator number does not need to be compared.
  • the specific implementation manner in which the network device determines the type of the packet is similar to the specific implementation manner in which the network device determines the type of the packet in the above example, and need not be described herein.
  • the specific implementation manner of the first classification rule set determined by the network device as shown in Table 5 is similar to the specific implementation manner of the first classification rule shown in Table 1 by the network device in the foregoing example, and details are not described herein.
  • any one of the packets received by the network device matches at least one first classification rule saved by the network device.
  • the target classification rule is a first classification rule saved by the network device, and the network device can directly determine the type of the packet.
  • the type of packet determined by the network device may match two or more first classification rules.
  • the type of the packet is the type of the first classification rule with the highest priority.
  • the target classification rule is a first classification rule saved by the network device.
  • the packet received by the network device may not match any of the first classification rules saved by the network device.
  • the network device can determine that the type of the packet is a special type. A packet of the type of this particular type will also have a corresponding processing. After determining that the type of the packet is the special type, the network device may perform corresponding processing on the packet. Or, in other words, it can be considered that there is a special classification rule, and the network device does not save the special classification rule. However, if the packet received by the network device does not match any of the first classification rules saved by the network device, the packet may be considered to match the special classification rule. Further, the special classification rule may be considered to include the indication information and the matching domain, and the one or more fields of the packet determined according to the indication information are matched with the matching domain. The type corresponding to the special classification rule is the special type.
  • FIG. 2 is a structural block diagram of a network device according to an embodiment of the present application.
  • the network device 200 includes a receiving unit 201, a storage unit 202, and a processing unit 203.
  • the receiving unit 201 is configured to receive a packet, where the packet includes classification information, where the classification information includes M fields, where the M fields include X fields and K fields, and the number of bits in the M fields is N,
  • the number of bits in the X fields is P
  • the number of bits in the K fields is Q
  • N is a positive integer greater than or equal to 2
  • N is equal to the sum of Q and P
  • M is equal to the sum of K and X
  • Q , P, K, and X are all positive integers
  • M is a positive integer greater than or equal to 2.
  • the storage unit 202 is configured to store the indication information and the first classification rule set.
  • the processing unit 203 is configured to determine, according to the indication information saved by the storage unit 202, the K fields in the M fields, where the indication information includes M indicator numbers, and the M fields are in one-to-one correspondence with the M indicator numbers.
  • the value of the indicator number corresponding to each of the K fields is equal to the first value
  • the value of the indicator number corresponding to each field in the X fields is equal to the second value
  • the first value is not equal to the second value
  • the processing unit 203 is further configured to determine, according to the first classification rule set and the K fields saved by the storage unit 202, a target classification rule, where the target classification rule is a first classification rule in the first classification rule set, where the A classification rule set includes T first classification rules, each of the T first classification rules includes K matching domains, and each of the T first classification rules includes The number of the numbers in the K matching fields is Q, and the K matching fields included in each of the T first classification rules are in one-to-one correspondence with the K fields, and the K items included in the target classification rule are included.
  • the matching field is matched with the K fields, and the K matching fields included in the target classification rule are in one-to-one correspondence with the K fields, and T is a positive integer greater than or equal to 1.
  • the processing unit 203 is further configured to process the packet according to the target classification rule.
  • M′, N, and Q′ satisfy the following relationship: M′+Q′ is less than 2N, where M′ represents the number of bits included in the M indicator numbers, and Q′ represents the T numbers. The number of bits included in the K matching fields included in each of the first classification rules in the first classification rule.
  • the receiving unit 201 can be implemented by a transceiver or a receiver
  • the storage unit 202 can be implemented by a memory
  • the processing unit 203 can be implemented by a processor.
  • FIG. 3 is a structural block diagram of a network device according to an embodiment of the present application.
  • the network device 300 shown in FIG. 3 includes a processor 301, a memory 302, and a transceiver 303.
  • bus system 304 which in addition to the data bus includes a power bus, a control bus, and a status signal bus.
  • bus system 304 various buses are labeled as bus system 304 in FIG.
  • Processor 301 may be an integrated circuit chip with signal processing capabilities. In the implementation process, each step of the foregoing method may be completed by an integrated logic circuit of hardware in the processor 301 or an instruction in a form of software.
  • the processor 301 may be a general-purpose processor, a digital signal processor (DSP), an application specific integrated circuit (ASIC), a field programmable gate array (FPGA), or the like. Programmable logic devices, discrete gates or transistor logic devices, discrete hardware components.
  • DSP digital signal processor
  • ASIC application specific integrated circuit
  • FPGA field programmable gate array
  • the general purpose processor may be a microprocessor or the processor or any conventional processor or the like.
  • the steps of the method disclosed in the embodiments of the present invention may be directly implemented by the hardware decoding processor, or may be performed by a combination of hardware and software modules in the decoding processor.
  • the software module can be located in a random access memory (RAM), a flash memory, a read-only memory (ROM), a programmable read only memory or an electrically erasable programmable memory, a register, etc.
  • RAM random access memory
  • ROM read-only memory
  • programmable read only memory or an electrically erasable programmable memory
  • register etc.
  • the storage medium is located in the memory 302, and the processor 301 reads the instructions in the memory 302 and combines the hardware to perform the steps of the above method.
  • the transceiver 303 is configured to receive a packet, where the packet includes classification information, where the classification information includes M fields, where the M fields include X fields and K fields, and the number of bits in the M fields is N,
  • the number of bits in the X fields is P
  • the number of bits in the K fields is Q
  • N is a positive integer greater than or equal to 2
  • N is equal to the sum of Q and P
  • M is equal to the sum of K and X
  • Q , P, K, and X are all positive integers
  • M is a positive integer greater than or equal to 2.
  • the memory 302 is configured to store the indication information and the first classification rule set.
  • the processor 303 is configured to determine, according to the indication information saved by the memory 302, the K fields in the M fields, where the indication information includes M indicator numbers, and the M fields are in one-to-one correspondence with the M indicator numbers.
  • the value of the indicator number corresponding to each field in the K fields is equal to the first value
  • the value of the indicator number corresponding to each field in the X fields is equal to the second value
  • the first value is not equal to the second value
  • the processor 303 is further configured to determine, according to the first classification rule set and the K fields saved by the memory 302, a target classification rule, where the target classification rule is a first classification rule in the first classification rule set, the first The classification rule set includes T first classification rules, each of the T first classification rules includes K matching domains, and each of the T first classification rules includes K The number of digits in the matching domain is Q, and the K matching domains included in each of the T first classification rules are in one-to-one correspondence with the K fields, and the K classifications included in the target classification rule The field matches the K fields, and the K matching fields included in the target classification rule are in one-to-one correspondence with the K fields, and T is a positive integer greater than or equal to 1.
  • the processor 303 is further configured to process the packet according to the target classification rule.
  • the disclosed systems, devices, and methods may be implemented in other manners.
  • the device embodiments described above are merely illustrative.
  • the division of the unit is only a logical function division.
  • there may be another division manner for example, multiple units or components may be combined or Can be integrated into another system, or some features can be ignored or not executed.
  • the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be in an electrical, mechanical or other form.
  • the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
  • each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.
  • the functions may be stored in a computer readable storage medium if implemented in the form of a software functional unit and sold or used as a standalone product.
  • the technical solution of the present invention which is essential or contributes to the prior art, or a part of the technical solution, may be embodied in the form of a software product, which is stored in a storage medium, including
  • the instructions are used to cause a computer device (which may be a personal computer, server, or network device, etc.) to perform all or part of the steps of the methods described in various embodiments of the present invention.
  • the foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, and the like, which can store program codes. .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本申请实施例提供处理分组的方法和网络设备。该方法包括:网络设备接收分组,其中该分组包括分类信息,该分类信息包括M个字段;该网络设备根据该网络设备保存的指示信息,确定该M个字段中的该K个字段;该网络设备根据该网络设备保存的第一分类规则集合以及该K个字段,确定目标分类规则并根据该目标分类规则对该分组进行处理。根据上述技术方案,该网络设备在确定分组的类型是无需使用分类信息中的每个比特。该网络设备只需要将该分类信息的部分比特与分类规则进行比较即可确定该分组的类型。这样,可以减少确定分组类型时比较的次数,从而可以提高处理分组的效率。

Description

处理分组的方法和网络设备 技术领域
本申请涉及信息技术领域,并且更具体地,涉及处理分组的方法和网络设备。
背景技术
网络设备在接收到分组(packet)后,可以根据预设分类规则,将具有相同特征的分组划分为一类,以便于对于不同类型的分组进行不同的处理。例如,可以按照分组的类型对分组进行限速、过滤、分组统计、重定向等处理。
网络设备可以利用分组携带的一些信息对该分组进行分类。例如,可以利用分组中携带的源互联网协议(Internet Protocol,IP)地址、目的IP地址、源端口号、目的端口号、协议类型、源媒体访问控制(Media Access Control,MAC)地址以及目的MAC地址中的一个或多个对分组进行分类。为方便描述,以下将分组中携带的用于分类的信息称为分类信息。
该网络设备在对分组进行分类时会根据预设的分类规则确定分组所属的类型。每个分类规则包括的数字(digit)的数量与分类信息包括的比特的数量相等。该每个分类规则包括的多个数字与分类信息包括的多个比特一一对应。网络设备将该分组的分类信息与多个分类规则包括的数字进行比较,从而确定与所述分类信息匹配的分类规则。网络设备根据与所述分类信息匹配的分类规则对分组进行处理。上述方案中,处理分组的效率较低。
发明内容
本申请实施例提供处理分组的方法和网络设备,能够提高处理分组的效率。
第一方面,本申请实施例提供一种处理分组的方法,该方法包括:网络设备接收分组,其中该分组包括分类信息,该分类信息包括M个字段,该M个字段包括X个字段和K个字段,该M个字段中的比特的数量为N,该X个字段中的比特的数量为P,该K个字段中的比特的数量为Q,N为大于或等于2的正整数,N等于Q与P的和,M等于K与X的和,Q、P、K和X均为正整数,M为大于或等于2的正整数;该网络设备根据该网络设备保存的指示信息,确定该M个字段中的该K个字段,该指示信息包括M个指示数字,该M个字段与该M个指示数字一一对应,该K个字段中每个字段对应的指示数字的值等于第一值,该X个字段中每个字段对应的指示数字的值等于第二值,该第一值不等于该第二值;该网络设备根据该网络设备保存的第一分类规则集合以及该K个字段,确定目标分类规则,该目标分类规则是该第一分类规则集合中的一个第一分类规则,该第一分类规则集合包括T个第一分类规则,该T个第一分类规则中的每个第一分类规则包括K个匹配域,该T个第一分类规则中的每个第一分类规则包括的K个匹配域中的数字的数量为Q,该T个第一分类规则中的每个第一分类规则包括的K个匹配域与该K个字段一一对应,该目标分类规则包括的K个匹配域与该K个字段匹配,该目标分类规则包括的K个匹配域与该K个字段一一对应,T为大于等于1的正整数;该网络设备根据该目标分类规则对该分组进行处理。根据上述实施例,该网络设备在确定分组的类型是无需使用分 类信息中的每个比特。该网络设备只需要将该分类信息的部分比特与分类规则进行比较即可确定该分组的类型。这样,可以减少确定分组类型时比较的次数,从而可以提高处理分组的效率。
结合第一方面,在第一方面的第一种可能的实现方式中,M’、N和Q’满足以下关系:M’+Q’小于2N,其中M’表示该M个指示数字包括的比特的数量,Q’表示该T个第一分类规则中的每个第一分类规则包括的K个匹配域包括的比特的数量。每个分类规则的长度减少。这样,在该网络设备用于存储分类规则的存储空间不变的情况下,该网络设备可以存储更多的分类规则。
结合第一方面或第一方面的第一种可能的实现方式,在第一方面的第二种可能的实现方式中,在该网络设备根据该网络设备保存的指示信息,确定M个字段中的K个字段之前,该方法还包括:该网络设备获取第二分类规则集合,该第二分类规则集合包括T个第二分类规则,其中,该T个第二分类规则中的第t个第二分类规则的数字的数量为N,该第t个第二分类规则包括M个匹配域,该第t个第二分类规则包括的M个匹配域中的第m个匹配域包括的数字的数量与该M个字段中的第m个字段包含的比特的数量相等,t=1,…,T,m=1,…,M;该网络设备确定该第t个第二分类规则包括的M个匹配域中的每个匹配域的类型,该第t个第二分类规则包括的M个匹配域中的一个匹配域的类型为第一类型或第二类型,该第t个第二分类规则包括的M个匹配域中的K个匹配域的类型为该第一类型,该第t个第二分类规则包括的M个匹配域中的X个匹配域的类型为该第二类型,该第t个第二分类规则包括的M个匹配域中的K个匹配域中的第k个匹配域包括的数字的数量与该K个字段中的第k个字段包括的比特的数量相等,该第t个第二分类规则包括的M个匹配域中的K个匹配域中的数字的数量为Q,k=1,…,K;该网络设备根据该第t个第二分类规则包括的M个匹配域中的每个匹配域的类型以及该第t个第二分类规则包括的M个匹配域中的K个匹配域,确定该M个指示数字和该T个第一分类规则中的第t个第一分类规则,其中,该第t个第一分类规则包括K个匹配域,该第一分类规则包括的K个匹配域为该M个匹配域中的K个匹配域。根据上述实施例,该网络设备可以根据第二分类规则确定出一个对应的第一分类规则,且该第一分类规则的长度小于对应的第二分类规则的长度。
结合第一方面的第二种可能的实现方式,在第一方面的第三种可能的实现方式中,该网络设备确定该第t个第二分类规则包括的M个匹配域中的每个匹配域的类型,包括:该网络设备在确定该第t个第二分类规则包括的M个匹配域中的第m个匹配域包括的数字的值中包括至少一个特定值的情况下,确定该第m个匹配域的类型为该第一类型;该网络设备在确定该第t个第二分类规则包括的M个匹配域中的第m个匹配域包括的数字的值均为通用值情况下,确定该第m个匹配域的类型为该第二类型,其中,该特定值包括第一特定值和第二特定值,第一比特与该第一特定值匹配,第二比特与该第二特定值匹配,该第一比特与该第二比特均与该通用值匹配,该第一比特的值为1,该第二比特的值为0。根据上述实施例,该网络设备可以根据第二分类规则确定出一个对应的第一分类规则,且该第一分类规则的长度小于对应的第二分类规则的长度。
结合第一方面的第二种可能的实现方式,在第一方面的第四种可能的实现方式中,在P为大于或等于2的正整数的情况下,该网络设备确定该第t个第二分类规则包括的M个匹配域中的每个匹配域的类型,包括:该网络设备确定该第t个第二分类规则包括的M个匹配域中 的第m个匹配域包括的数字的值是否与该T个第二分类规则中除该第t个第二分类规则以外的第二分类规则包括的M个匹配域中的第m个匹配域包括的数字的值均相同;若否,则确定该第t个第二分类规则包括的M个匹配域中的第m个匹配域的类型为该第一类型;若是,则确定该第t个第二分类规则包括的M个匹配域中的第m个匹配域的类型为该第二类型。根据上述实施例,该网络设备可以根据第二分类规则确定出一个对应的第一分类规则,且该第一分类规则的长度小于对应的第二分类规则的长度。
第二方面,本发明实施例提供一种网络设备,该网络设备包括:用于执行该第一方面提供的方法的单元。
第三方面,本发明实施例提供一种计算机可读存储介质,该计算机可读存储介质存储的程序包括用于执行该第一方面提供的方法的指令。
第四方面,本发明实施例提供一种网络设备,该网络设备包括第三方面的计算机可读存储介质、处理器和收发器。处理器用于结合收发器执行该计算机可读存储介质中存储的程序的指令,以完成对分组的处理。
附图说明
图1是根据本申请实施例提供的处理分组的方法的示意性流程图。
图2是根据本申请实施例提供的一种网络设备的结构框图。
图3是根据本申请实施例提供的网络设备的结构框图。
具体实施方式
下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行描述。
目前,若分类信息的长度为Y比特(bit),则分类规则需要包括Y个数字,该Y个比特与该Y个数字一一对应,Y为大于或等于1的正整数。该值的类型可以包括特定值和通用值。特定值包括第一特定值和第二特定值。比特值为1的比特与该第一特定值匹配,比特值为0的比特与该第二特定值匹配。为方便描述,以下将比特值为1的比特称为第一比特,将比特值为0的比特称为第二比特。第一比特与第二比特均与该通用值匹配。该第一特定值可以用1表示,该第二特定值可以用0表示,该通用值可以用*表示。可以理解的是,1比特最多可以表示两个值。因此,若需要表示三个不同的值,则至少需要2比特。也就是说,一个数字最少由两比特表示。例如,比特值00表示该第一特定值,比特值01表示该第二特定值,比特值10表示该通用值。因此,该分类规则的长度至少为2Y个比特。
例如,分类信息为源端口号和目的端口号。假设网络设备需要对源端口号为8080,目的端口号为0~65535的分组进行调度。源端口号和目的端口号的二进制值均为16位。因此分组的源端口号和目的端口号共需32比特。用于确定接收到的分组为需要进行调度的分组的分类规则需要包括32个数字。该32个数字的值为:0001111110010000****************。该分类规则中的前16个数字与源端口号的二进制值一一对应,后16个数字与目的端口号的二进制值一一对应。可以理解,由于仅需要确定源端口号是否为8080,因此该分类规则中对应于源端口号的数字的取值与源端口号的二进制值是相同的。由于不需要关心目的端口号的值为多少,因此可以将与目的端口号对应的数字的值设置为通用值。该网络设备在 接收到分组后,会确定接收到的分组的用于表示源端口号和目的端口号的32个比特的值是否与该分类规则包括的32个数字均匹配。若是,则确定该分组为需要进行调度的分组;若否,则确定该分组为不需要进行调度的分组。
本申请中所称的网络设备可以是路由器或者网络交换机。
图1是根据本申请实施例提供的处理分组的方法的示意性流程图。所述方法包括101、102、103以及104。
101,网络设备接收分组。
举例来说,所述网络设备可以包含以太网接口。所述分组可以是以太网帧。所述网络设备可以经由所述以太网接口接收所述以太网帧。
该分组可以是由用户设备、互联网服务器或者其他设备发送的,本申请实施例对此并不限定。该分组包括分类信息。分组的分类信息时分类规则所使用的用于对分组进行分类的信息。例如,若分类规则中对分组进行分类时使用的信息为源IP地址和目的IP地址,则该分类信息为源IP地址和目的IP地址。再如,若分类规则中对分组进行分类时使用的信息为源端口号和目的端口号,则该分类信息为源端口号和目的端口号。该分类信息包括的比特数目与该分类信息包括的内容相关。例如,若该分类信息包括源端口号,则该分类信息的长度为16比特。若该分类信息包括源IP地址,则该分类信息的长度为32比特。该分类信息包括M个字段,该M个字段包括X个字段和K个字段,该M个字段中的比特的数量为N,该X个字段中的比特的数量为P,该K个字段中的比特的数量为Q,N为大于或等于2的正整数,N等于Q与P的和,M等于K与X的和,Q、P、K和X均为正整数,M为大于或等于2的正整数。
可选的,在一些实施例中,该M个字段中的不同字段对应于该分类信息中的不同信息。例如,假设该分类信息包括源IP地址和目的IP地址,则M的取值可以为2。两个字段中的一个字段可以为源IP地址,另一个字段可以为目的IP地址。
可选的,在另一些实施例中,该M个字段可以是对分类信息进行等分或不等分得到的。例如,假设该分类信息的长度为32比特,则可以将该分类信息等分为M个字段,每个字段包括32/M个比特。显然,在这种情况下,该分类信息的长度可以被M整除。当然,在另一些实施例中,该M个字段中的两个字段的长度也可以不同。例如,假设该分类信息的长度为32比特且M等于4,则该四个字段包括的比特数可以分别为4、4、8和16。
此外,该M个字段中的两个字段的比特的值可以完全相同或部分相同,但是该M个字段中不包括重复的比特。该重复的比特是指属于一个字段的比特同时属于另一个字段。换句话说,该N个比特中的第n个比特只能属于M个字段中的一个字段,n=1,…,N。例如,该分类信息的长度为32比特且M等于2,则两个字段中的第一个字段可以是32个比特中的第1个比特至第16个比特,第二个字段可以是32个比特中的第17个比特至第32个比特。
102,该网络设备根据该网络设备保存的指示信息,确定M个字段中的K个字段。
举例来说,所述网络设备的转发平面的存储器中可以保存所述指示信息。所述网络设备可以包含多个用于接收流量的端口。每个端口对应一片指示信息。所述存储器中可以保存所述多个端口对应的多片指示信息。当所述网络设备经由一个端口接收到所述分组时,所述网络设备中的网络处理器可以根据用于接收所述分组的端口对应的指示信息,确定与所述分组对应的指示信息。
具体地,该指示信息包括M个指示数字。该M个指示数字与该M个字段一一对应。该K个字段中每个字段对应的指示数字的值等于第一值,该X个字段中的每个字段对应的指示数字的值等于第二值,该第一值不等于该第二值。换句话说,指示数字用于指示该指示数字对应的字段是否需要与第一分类规则中的匹配域进行匹配。若该指示数字的值等于该第一值,则该指示数字对应的字段需要与该第一分类规则中的匹配域进行匹配;若该指示数字的值等于第二值,则该指示数字对应的字段不需要与该第一分类规则中的匹配域进行匹配。
可选的,在一个实施例中,该每个指示数字为1比特。该第一值可以等于1,该第二值可以等于0。
可选的,在另一些实施例中,该每个数字为2比特。该第一值可以为10或11,该第二值可以为00。
103,该网络设备根据该网络设备保存的第一分类规则集合以及该K个字段包括的Q个比特,确定目标分类规则。
目标分类规则为与所述分组匹配的分类规则。所述网络设备中的查找引擎可以执行确定所述分类规则的步骤。
具体地,该第一分类规则集合包括T个第一分类规则,该T个第一分类规则中的每个第一分类规则包括K个匹配域,该T个第一分类规则中的每个第一分类规则包括的K个匹配域中的数字数量为Q,其中T为大于或等于1的正整数。该T个第一分类规则中的每个第一分类规则包括的K个匹配域与该K个字段一一对应。该目标分类规则包括的K个匹配域与该K个字段匹配。
更具体地,该该目标分类规则包括的K个匹配域与该K个字段匹配指示该目标分类规则包括的K个匹配域中的Q个数字中的第q个数字与该K个字段中的Q个比特中的第q个比特匹配。更进一步,数字的值为*(即通用值)数字与比特的值为1和0的比特均匹配,数字的值为1的数字与比特的值为1的比特匹配,数字的值为0的数字与比特的值为0的比特匹配。
104,该网络设备根据该目标分类规则对该分组进行处理。
举例来说,所述网络设备可以是路由器。所述网络设备可以包含转发表。所述转发表可以是路由表。所述转发表包含多个表项。所述转发表包含所述第一分类规则集合。其中,每个表项包含一个分类规则。具体地,每个表项可以包含匹配域以及动作域。与表项对应的分类规则可以被包含在该表项的匹配中。
所述网络设备的查找引擎在所述转发表中确定目标表项后,所述网络设备的网络处理器可以根据所述目标表项中的动作域对所述分组进行处理。所述目标表项为与所述分组匹配的表项。所述目标表项中的匹配域包含所述目标分类规则。例如,所述目标表项的动作域可以包含对所述分组进行处理的指令。或者,所述目标表项的动作域可以包含参数。所述参数可以为用于对所述分组进行处理的计算机程序中的变量赋值。例如用于对所述分组进行处理的计算机程序的变量可以是出接口。所述参数为出接口的标识。用于对所述分组进行处理的计算机程序可以是用于对所述分组执行转发处理的计算机程序。
例如,该网络设备可以按照分组的类型对分组进行限速、过滤、分组统计、重定向等处理。
根据上述实施例,该网络设备在确定分组的类型是无需将分类信息中的每个比特与分类规则集合中的分类规则进行比较。该网络设备只需要将该分类信息的部分比特与分类规则集合中的分类规则进行比较即可确定该目标分类规则。进一步地,所述网络设备可以根据目标分类规则对所述分组进行处理。相对于需要将分类信息中的每个比特与分类规则集合中的分类规则进行比较才能确定出目标分类规则的技术方案,实施例提供的技术方案可以减少确定目标分类规则时比较的次数,从而可以提高处理分组的效率。
进一步,在一些实施例中,M’、N和Q’满足以下关系:M’+Q’小于2N,其中M’表示每个指示信息包括的比特数目,Q’表示每个第一分类规则中的匹配域包括的比特数目。每个分类规则的长度减少。这样,在该网络设备用于存储分类规则的存储空间不变的情况下,该网络设备可以存储更多的分类规则。
表1是一个该网络设备保存的M个指示信息和第一分类规则的示意。
规则 指示信息 匹配域
R1 0010 0000000011111*01
R2 0010 0000000011100*10
R3 0010 0000000011001*01
表1
如表1所示,该网络设备保存的第一分类规则包括R1、R2和R3。每个第一分类规则均包括指示信息以及一个匹配域。该指示信息共包括四个指示数字。该四个指示数字中的每个指示数字的值为0或1。因此,该四个指示数字的中的每个指示数字的长度可以为1比特。该指示信息的长度为4比特。该匹配域共包括16个数字。该16个数字中的每个数字的值可以为1、0和*。在此情况下,每个数字的长度最少为2比特。因此,该匹配域的长度至少为32比特。综上所述,该网络设备保存的三个第一分类规则中的每个第一分类规则的长度为36比特。该每个第一分类规则中的指示信息的四个指示数字分别对应于分组的源IP地址、目的IP地址、源端口号和目的端口号。该网络设备在接收到分组后,可以确定该分组的分类信息包括源IP地址、目的IP地址、源端口号和目的端口号。该网络设备可以将该分类信息划分为四个字段,这四个字段分别为该分组的源IP地址、目的IP地址、源端口号和目的端口号。该网络设备根据该指示信息,确定该分组的源端口号。然后,该网络设备可以确定该第一分类规则集合中与该分组的源端口号匹配的匹配域,该匹配域所属的第一分类规则即为该分组的目标分类规则。
例如,假设该网络设备接收到的分组的源IP地址、目的IP地址、源端口号和目的端口号分别为:192.101.1.1,192.101.1.2,253,800。由于该网络设备保存的第一分类规则中的指示信息均为0010,因此该网络设备只需要从该第一分类规则集合中确定与该分组的源端口号匹配的第一分类规则即可。该源端口号的二进制值为0000000011111101。可以看出,该第一分类规则集合中的第一分类规则R1的匹配域与该分组的源端口号匹配。因此,对应于该分组的目标分类规则为该第一分类规则R1。在确定了该分组的类型后,该网络设备可以根据该分组的类型对该分组进行后续处理。
进一步,该网络设备可以根据第二分类规则集合确定该第一分类规则集合。该第二分类规则集合包括T个第二分类规则。该T个第二分类规则中的第t个第二分类规则包括N个数字,t=1,…,T。该网络设备确定该第t个第二分类规则包括的M个匹配域中的每个 匹配域的类型,该第t个第二分类规则包括的M个匹配域中的一个匹配域的类型为第一类型或第二类型,其中该第t个第二分类规则包括的M个匹配域中的K个匹配域的类型为该第一类型,该第t个第二分类规则包括的M个匹配域中的X个匹配域的类型为该第二类型,该第t个第二分类规则包括的M个匹配域中的K个匹配域中的第k个匹配域包括的数字数目与该K个字段中的第k个字段包括的比特的数目相等,该第t个第二分类规则包括的M个匹配域中的K个匹配域共包括Q个数字,k=1,…,K。该网络设备根据该第t个第二分类规则包括的M个匹配域中的每个匹配域的类型以及该K个匹配域,确定该M个指示数字和该T个第一分类规则中的第t个第一分类规则,其中,该第t个第一分类规则包括K个匹配域,该第一规则包括的K个匹配域为该M个匹配域中的K个匹配域。
更具体地,该M个指示数字与该M个匹配域一一对应。在匹配域的类型为该第一类型的情况下,与该匹配域对应的指示数字的值为第一值。在匹配域的类型为该第二类型的情况下,与该匹配域对应的指示数字的值为第二值。
可选的,在一些实施例中,该网络设备确定该第t个第二分类规则包括的M个匹配域中的每个匹配域的类型,包括:该网络设备在确定该第t个第二分类规则包括的M个匹配域中的第m个匹配域包括的数字的值中包括至少一个特定值的情况下,确定该第m个匹配域的类型为该第一类型;该网络设备在确定该第t个第二分类规则包括的M个匹配域中的第m个匹配域包括的数字的值均为通用值情况下,确定该第m个匹配域的类型为该第二类型,其中,该特定值包括第一特定值和第二特定值,第一比特与该第一特定值匹配,第二比特与该第二特定值匹配,该第一比特与该第二比特均与该通用值匹配,该第一比特为值为1的比特,该第二比特为值为0的比特。
可选的,在一些实施例中,该第m个匹配域可以只包括一个数字(a digit)。在此情况下,该第m个匹配域包括的数字的值中包括至少一个特定值是指该第m个匹配域包括的唯一的一个数字的值为特定值。类似的,该第m个匹配域包括的数字的值均为通用值是指该第m个匹配域包括的唯一的一个数字的值为通用值。
在另一些实施例中,该第m个匹配域可以包括一个数字序列(a sequence of digits)。该数字序列由两个或两个以上的数字组成。在此情况下,该第m个匹配域包括的数字的值中包括至少一个特定值是指该第m个匹配域包括数字序列中的至少一个数字的值为特定值。类似的,该第m个匹配域包括的数字的值均为通用值是指该第m个匹配域包括的数字序列中所有数字的值均为通用值。
例如,表2是一个第二分类规则的示意。
Figure PCTCN2018077778-appb-000001
表2
如表2所示的第二分类规则集合包括R1’、R2’和R3’。这三个第二分类规则中的每个第二分类规则的匹配域1、匹配域2、匹配域3和匹配域4分别对应于分组的源IP地址、目的IP地址、源端口号和目的端口号。如表2所示,这三个第二分类规则中的每个第二分类规则的匹配域1、匹配域2和匹配域4的数字的值均为通用值。因此,匹配域1、匹配域2和匹配域4的类型为第二类型。匹配域3中仅有一个数字的值为通用值。因此匹配域3的类型为第一类型。这样,与匹配域1、匹配域2和匹配域4对应的指示数字的值均为0,与匹配域3对应的指示数字的值为1。换句话说,该网络设备可以确定这三个第二分类规则的指示信息均为0010。此外,该网络设备可以确定出每个第二分类规则的匹配域3为对应的第一分类规则的匹配域。这样,该网络设备可以确定出表1中的R1为与表2中的R1’对应的分类规则,表1中的R2为与表2中的R2’对应的分类规则,表1中的R3为与表2中的R3’对应的分类规则。
可选的,在另一些实施例中,在P为大于或等于2的正整数的情况下,该网络设备确定该M个匹配域中的每个匹配域的类型,包括:该网络设备确定该第t个第二分类规则包括的M个匹配域中的第m个匹配域的数字的值是否与该T个第二分类规则中除该第t个第二分类规则以外的第二分类规则包括的M个匹配域中的第m个匹配域的数字的值相同;若否,则确定该第t个第二分类规则包括的M个匹配域中的第m个匹配域的类型为该第一类型;若是,则确定该第t个第二分类规则包括的M个匹配域中的第m个匹配域的类型为该第二类型。
例如,表3是一个第二分类规则的示意。
Figure PCTCN2018077778-appb-000002
表3
如表3所示的第二分类规则集合包括R1’、R2’和R3’。这三个第二分类规则中的每个第二分类规则的匹配域1、匹配域2、匹配域3和匹配域4分别对应于分组的源IP地址、目的IP地址、源端口号和目的端口号。如表2所示,这三个第二分类规则中的每个第二分类规则的匹配域2和匹配域4的数字的值均为通用值。因此,匹配域2和匹配域4的类型为第二类型。这三个第二分类规则中的每个第二分类规则的匹配域1的数字虽然包括通用值和特定值,但是这三个第二分类规则的匹配域1均相同。在此情况下,该网络设备也可以将匹配域1的类型确定为第二类型。匹配域3中仅有一个数字的值为通用值,且这三个第二分类规则的匹配域3均不相同。因此匹配域3的类型为第一类型。这样,与匹配域1、匹配域2和匹配域4对应的指示数字的值均为0,与匹配域3对应的指示数字的值为1。换句话说,该网络设备可以确定这三个第二分类规则的指示信息均为0010。此外,该网络设备可以确定出每个第二分类规则的匹配域3为对应的第一分类规则的匹配域。这样,该网络设备可以确定出表1中的R1为与表2中的R1’对应的分类规则,表1中的R2为与表2中的R2’对应的分类规则,表1中的R3为与表2中的R3’对应的分类规则。
该网络设备保存如表2所示的第二分类规则时至少需要192比特,而在保存如表1的第一分类规则时仅需36比特。因此,根据本申请实施例提供的技术方案,该网络设备保存一条分类规则所需的存储空间减小。这样,该网络设备在总存储空间不变的情况下可以保存更多的分类规则。
在该网络设备保存第一分类规则的指示信息部分均相同的情况下,该网络设备可以仅保存一条指示信息。这样可以进一步减少该网络设备保存该第一分类规则时需要的存储空间。
如表1所示的三个第一分类规则的指示信息均相同。在另一些实施例中,该网络设备保存的不同第一分类规则的指示信息也可以不相同。例如,该网络设备还可以保存如表4所示的第一分类规则。
规则 指示信息 匹配域1 匹配域2
R4 0001 0000000011111*01 /
R5 0011 0000000011100*10 0000000011100***
R6 1010 110000000110110000000001******** 0000000011001*01
表4
该网络设备利用如表4所示的第一分类规则确定接收到的分组的类型的具体过程与根据表1确定分组的类型的具体过程相似,在此就不必赘述。该网络设备如何确定如表4所示的第一分类规则的具体过程与该网络设备如何确定如表1所示的第一分类规则的具体过程也相似,在此就不必赘述。
表1至表4所示的例子中每个指示数字的长度为1比特。在另一些实施例中,每个指示数字的长度可以为2比特。具体地,在一些情况下,比较规则中一个或多个匹配域中的数字可能仅为0或1,另一些匹配域中的数字包括0、1和*。在此情况下,可以通过不同的指示数字区分这两种匹配域以及无需匹配的字段。由于需要区分三种不同的字段,因此指示数字需要至少2比特。例如,指示数字00表示与该指示数字对应的字段无需进行匹配,指示数字10表示与该指示数字对应的字段需要进行匹配且匹配域中的数字包括0、1和*,指示数字11表示与该指示数字对应的字段需要进行匹配且匹配域中的数字仅包括0或1。这样,在存储匹配域时,11对应的匹配域中的每个数字可以仅为1比特。
例如,表5是另一个第一分类规则集合的示意。
规则 指示信息 匹配域1 匹配域2
R1 00-00-10-11 0000000011111*01 0000000011111001
R2 00-00-10-11 0000000011100*10 0000000011100110
R3 00-00-10-11 0000000011001*01 0000000011001101
表5
如表5所示,该网络设备保存的第一分类规则包括R1、R2和R3。每个第一分类规则均包括指示信息以及两个匹配域。该指示信息共包括四个指示数字。该四个指示数字的中的每个指示数字的长度为2比特。该指示信息的长度为8比特。该四个指示数字分别为00,00,10和11。可以理解的是,表5中指示信息中符号“-”仅是为了在理解本申请实施例时更好地区分不同的指示数字。在实际应用中,该网络设备保存的指示信息中并不会包括符号“-”。该匹配域1共包括16个数字。该匹配域1包括的16个数字中的每个数字的值可以为1、0和*。在此情况下,该匹配域1包括的16个数字中的每个数字的长度最少为2比特。因此,该匹配域的长度至少为32比特。该匹配域2也包括16个数字。该匹配域2包括的16个数字的值为0或1。在此情况下,该匹配域2包括的16个数字中的每个数字的长度可以为1比特。因此,该匹配域的长度最少可以为16比特。综上所述,该网络设备保存的三个第一分类规则中的每个第一分类规则的长度为56比特。在保存如表5所示的第一分类规则时如果该网络设备依然采用如表1所示的方法,指示信息的长度可以缩短为4比特,匹配域2的长度至少为32比特。因此,在保存如表5所示的第一分类规则时如果采用图1所示的方法时一条第一分类规则的长度为68比特。因此,上述实施例能够进一步减少保存第一分类规则所需的比特数。
该网络设备在接收到分组时可以根据第一分类规则中指示数字的值确定该分组中的每 个字段是否是需要进行比较的字段。为方便描述,可以称比特值为10和11的指示数字为第一值,比特值为00的指示数字为第二值。若指示数字的值为第一值,则该指示数字对应的字段需要进行比较;若指示数字的值为第二值,则该指示数字对应的字段无需进行比较。该网络设备确定分组的类型的具体实施方式与上述例子中网络设备确定分组的类型的具体实施方式类似,在此就不必赘述。该网络设备确定如表5所示的第一分类规则集合的具体实施方式与上述例子中网络设备确定如表1所示的第一分类规则的具体实施方式类似,在此就不必赘述。
可选的,在一些实施例中,该网络设备接收到的任一个分组都与该网络设备保存的至少一个第一分类规则匹配。在此情况下,该目标分类规则为该网络设备保存的一个第一分类规则,该网络设备可以直接确定该分组的类型。
进一步,在一些实施例中,该网络设备确定的分组的类型可能会与两个或两个以上的第一分类规则均匹配。在此情况下,该分组的类型为优先级最高的第一分类规则的类型。该目标分类规则为该网络设备保存的一个第一分类规则。
可选的,在另一些实施例中,该网络设备接收到的分组可能与该网络设备所保存的任一个第一分类规则均不匹配。在此情况下,该网络设备可以确定这个分组的类型为一个特殊类型。类型为该特殊类型的分组也会有一个对应的处理。该网络设备在确定该分组的类型为该特殊类型后,可以对该分组进行相应的处理。或者,换句话说,可以认为存在一个特殊的分类规则,该网络设备并没有保存该特殊的分类规则。但是,在该网络设备接收到的分组与该网络设备保存的任一个第一分类规则均不匹配的情况下,可以认为该分组与该特殊的分类规则匹配。进一步,可以认为该特殊的分类规则也包括指示信息和匹配域,根据该指示信息确定的该分组的一个或多个字段与该匹配域的匹配。该特殊的分类规则对应的类型即为该特殊类型。
图2是根据本申请实施例提供的一种网络设备的结构框图。如图2所示,网络设备200包括:接收单元201,存储单元202和处理单元203。
接收单元201,用于接收分组,其中该分组包括分类信息,该分类信息包括M个字段,该M个字段包括X个字段和K个字段,该M个字段中的比特的数量为N,该X个字段中的比特的数量为P,该K个字段中的比特的数量为Q,N为大于或等于2的正整数,N等于Q与P的和,M等于K与X的和,Q、P、K和X均为正整数,M为大于或等于2的正整数。
存储单元202,用于存储指示信息和第一分类规则集合。
处理单元203,用于根据存储单元202保存的指示信息,确定该M个字段中的该K个字段,该指示信息包括M个指示数字,该M个字段与该M个指示数字一一对应,该K个字段中每个字段对应的指示数字的值等于第一值,该X个字段中每个字段对应的指示数字的值等于第二值,该第一值不等于该第二值;
处理单元203,还用于根据存储单元202保存的第一分类规则集合以及该K个字段,确定目标分类规则,该目标分类规则是该第一分类规则集合中的一个第一分类规则,该第一分类规则集合包括T个第一分类规则,该T个第一分类规则中的每个第一分类规则包括K个匹配域,该T个第一分类规则中的每个第一分类规则包括的K个匹配域中的数字的数量为Q,该T个第一分类规则中的每个第一分类规则包括的K个匹配域与该K个字段一一对应,该目标分类规则包括的K个匹配域与该K个字段匹配,该目标分类规则包括的K个匹配域 与该K个字段一一对应,T为大于等于1的正整数。
处理单元203,还用于根据该目标分类规则对该分组进行处理。
可选的,在一些实施例中,M’、N和Q’满足以下关系:M’+Q’小于2N,其中M’表示该M个指示数字包括的比特的数量,Q’表示该T个第一分类规则中的每个第一分类规则包括的K个匹配域包括的比特的数量。
接收单元201可以由收发器或接收器实现,存储单元202可以由存储器实现,处理单元203可以由处理器实现。
接收单元201、存储单元202和处理单元203的具体操作和功能可以参考图1的方法,为了避免重复,在此就不必赘述。
图3是根据本申请实施例提供的网络设备的结构框图。如图3所示的网络设备300包括:处理器301、存储器302和收发器303。
网络设备300中的各个组件通过总线系统304耦合在一起,其中总线系统304除包括数据总线之外,还包括电源总线、控制总线和状态信号总线。但是为了清楚说明起见,在图3中将各种总线都标为总线系统304。
上述本发明实施例揭示的方法可以应用于处理器301中,或者由处理器301实现。处理器301可能是一种集成电路芯片,具有信号的处理能力。在实现过程中,上述方法的各步骤可以通过处理器301中的硬件的集成逻辑电路或者软件形式的指令完成。上述的处理器301可以是通用处理器、数字信号处理器(Digital Signal Processor,DSP)、专用集成电路(Application Specific Integrated Circuit,ASIC)、现成可编程门阵列(Field Programmable Gate Array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件。可以实现或者执行本发明实施例中的公开的各方法、步骤及逻辑框图。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。结合本发明实施例所公开的方法的步骤可以直接体现为硬件译码处理器执行完成,或者用译码处理器中的硬件及软件模块组合执行完成。软件模块可以位于随机存取存储器(Random Access Memory,RAM)、闪存、只读存储器(Read-Only Memory,ROM)、可编程只读存储器或者电可擦写可编程存储器、寄存器等本领域成熟的存储介质中。该存储介质位于存储器302,处理器301读取存储器302中的指令,结合其硬件完成上述方法的步骤。
收发器303,用于接收分组,其中该分组包括分类信息,该分类信息包括M个字段,该M个字段包括X个字段和K个字段,该M个字段中的比特的数量为N,该X个字段中的比特的数量为P,该K个字段中的比特的数量为Q,N为大于或等于2的正整数,N等于Q与P的和,M等于K与X的和,Q、P、K和X均为正整数,M为大于或等于2的正整数。
存储器302,用于存储指示信息和第一分类规则集合。
处理器303,用于根据存储器302保存的指示信息,确定该M个字段中的该K个字段,该指示信息包括M个指示数字,该M个字段与该M个指示数字一一对应,该K个字段中每个字段对应的指示数字的值等于第一值,该X个字段中每个字段对应的指示数字的值等于第二值,该第一值不等于该第二值;
处理器303,还用于根据存储器302保存的第一分类规则集合以及该K个字段,确定目标分类规则,该目标分类规则是该第一分类规则集合中的一个第一分类规则,该第一分类规则集合包括T个第一分类规则,该T个第一分类规则中的每个第一分类规则包括K个匹 配域,该T个第一分类规则中的每个第一分类规则包括的K个匹配域中的数字的数量为Q,该T个第一分类规则中的每个第一分类规则包括的K个匹配域与该K个字段一一对应,该目标分类规则包括的K个匹配域与该K个字段匹配,该目标分类规则包括的K个匹配域与该K个字段一一对应,T为大于等于1的正整数。
处理器303,还用于根据该目标分类规则对该分组进行处理。
处理器301、存储器302和收发器303的具体操作和功能可以参考图1的方法,为了避免重复,在此就不必赘述。
本领域普通技术人员可以意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、或者计算机软件和电子硬件的结合来实现。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能。
所属领域的技术人员可以清楚地了解到,为描述的方便和简洁,上述描述的系统、装置和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。
在本申请所提供的几个实施例中,应该理解到,所揭露的系统、装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。
另外,在本发明各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。
所述功能如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本发明各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(Read-Only Memory,ROM)、随机存取存储器(Random Access Memory,RAM)、磁碟或者光盘等各种可以存储程序代码的介质。

Claims (10)

  1. 一种处理分组的方法,其特征在于,所述方法包括:
    网络设备接收分组,其中所述分组包括分类信息,所述分类信息包括M个字段,所述M个字段包括X个字段和K个字段,所述M个字段中的比特的数量为N,所述X个字段中的比特的数量为P,所述K个字段中的比特的数量为Q,N为大于或等于2的正整数,N等于Q与P的和,M等于K与X的和,Q、P、K和X均为正整数,M为大于或等于2的正整数;
    所述网络设备根据所述网络设备保存的指示信息,确定所述M个字段中的所述K个字段,所述指示信息包括M个指示数字,所述M个字段与所述M个指示数字一一对应,所述K个字段中每个字段对应的指示数字的值等于第一值,所述X个字段中每个字段对应的指示数字的值等于第二值,所述第一值不等于所述第二值;
    所述网络设备根据所述网络设备保存的第一分类规则集合以及所述K个字段,确定目标分类规则,所述目标分类规则是所述第一分类规则集合中的一个第一分类规则,所述第一分类规则集合包括T个第一分类规则,所述T个第一分类规则中的每个第一分类规则包括K个匹配域,所述T个第一分类规则中的每个第一分类规则包括的K个匹配域中的数字的数量为Q,所述T个第一分类规则中的每个第一分类规则包括的K个匹配域与所述K个字段一一对应,所述目标分类规则包括的K个匹配域与所述K个字段匹配,所述目标分类规则包括的K个匹配域与所述K个字段一一对应,T为大于等于1的正整数;
    所述网络设备根据所述目标分类规则对所述分组进行处理。
  2. 如权利要求1所述的方法,其特征在于,M’、N和Q’满足以下关系:M’+Q’小于2N,其中M’表示所述M个指示数字包括的比特的数量,Q’表示所述T个第一分类规则中的每个第一分类规则包括的K个匹配域包括的比特的数量。
  3. 如权利要求1或2所述的方法,其特征在于,在所述网络设备根据所述网络设备保存的指示信息,确定M个字段中的K个字段之前,所述方法还包括:
    所述网络设备获取第二分类规则集合,所述第二分类规则集合包括T个第二分类规则,其中,所述T个第二分类规则中的第t个第二分类规则的数字的数量为N,所述第t个第二分类规则包括M个匹配域,所述第t个第二分类规则包括的M个匹配域中的第m个匹配域包括的数字的数量与所述M个字段中的第m个字段包含的比特的数量相等,t=1,…,T,m=1,…,M;
    所述网络设备确定所述第t个第二分类规则包括的M个匹配域中的每个匹配域的类型,所述第t个第二分类规则包括的M个匹配域中的一个匹配域的类型为第一类型或第二类型,所述第t个第二分类规则包括的M个匹配域中的K个匹配域的类型为所述第一类型,所述第t个第二分类规则包括的M个匹配域中的X个匹配域的类型为所述第二类型,所述第t个第二分类规则包括的M个匹配域中的K个匹配域中的第k个匹配域包括的数字的数量与所述K个字段中的第k个字段包括的比特的数量相等,所述第t个第二分类规则包括的M个匹配域中的K个匹配域中的数字的数量为Q,k=1,…,K;
    所述网络设备根据所述第t个第二分类规则包括的M个匹配域中的每个匹配域的类型以及所述第t个第二分类规则包括的M个匹配域中的K个匹配域,确定所述M个指示数字和所述T个第一分类规则中的第t个第一分类规则,其中,所述第t个第一分类规则包括K个匹配域,所述第一分类规则包括的K个匹配域为所述M个匹配域中的K个匹配域。
  4. 如权利要求3所述的方法,其特征在于,所述网络设备确定所述第t个第二分类规则包括的M个匹配域中的每个匹配域的类型,包括:
    所述网络设备在确定所述第t个第二分类规则包括的M个匹配域中的第m个匹配域包括的数字的值中包括至少一个特定值的情况下,确定所述第m个匹配域的类型为所述第一类型;
    所述网络设备在确定所述第t个第二分类规则包括的M个匹配域中的第m个匹配域包括的数字的值均为通用值情况下,确定所述第m个匹配域的类型为所述第二类型,其中,所述特定值包括第一特定值和第二特定值,第一比特与所述第一特定值匹配,第二比特与所述第二特定值匹配,所述第一比特与所述第二比特均与所述通用值匹配,所述第一比特的值为1,所述第二比特的值为0。
  5. 如权利要求3所述的方法,其特征在于,在P为大于或等于2的正整数的情况下,所述网络设备确定所述第t个第二分类规则包括的M个匹配域中的每个匹配域的类型,包括:
    所述网络设备确定所述第t个第二分类规则包括的M个匹配域中的第m个匹配域包括的数字的值是否与所述T个第二分类规则中除所述第t个第二分类规则以外的第二分类规则包括的M个匹配域中的第m个匹配域包括的数字的值均相同;
    若否,则确定所述第t个第二分类规则包括的M个匹配域中的第m个匹配域的类型为所述第一类型;
    若是,则确定所述第t个第二分类规则包括的M个匹配域中的第m个匹配域的类型为所述第二类型。
  6. 一种网络设备,其特征在于,所述网络设备包括:
    接收单元,用于接收分组,其中所述分组包括分类信息,所述分类信息包括M个字段,所述M个字段包括X个字段和K个字段,所述M个字段中的比特的数量为N,所述X个字段中的比特的数量为P,所述K个字段中的比特的数量为Q,N为大于或等于2的正整数,N等于Q与P的和,M等于K与X的和,Q、P、K和X均为正整数,M为大于或等于2的正整数;
    存储单元,用于存储指示信息和第一分类规则集合;
    处理单元,用于根据所述存储单元保存的指示信息,确定所述M个字段中的所述K个字段,所述指示信息包括M个指示数字,所述M个字段与所述M个指示数字一一对应,所述K个字段中每个字段对应的指示数字的值等于第一值,所述X个字段中每个字段对应的指示数字的值等于第二值,所述第一值不等于所述第二值;
    所述处理单元,还用于根据所述存储单元保存的第一分类规则集合以及所述K个字段,确定目标分类规则,所述目标分类规则是所述第一分类规则集合中的一个第一分类规则,所述第一分类规则集合包括T个第一分类规则,所述T个第一分类规则中的每个第一分类规则包括K个匹配域,所述T个第一分类规则中的每个第一分类规则包括的K个匹配域中的数字的数量为Q,所述T个第一分类规则中的每个第一分类规则包括的K个匹配域与所述K个字段一一对应,所述目标分类规则包括的K个匹配域与所述K个字段匹配,所述目标分类规则包括的K个匹配域与所述K个字段一一对应,T为大于等于1的正整数;
    所述处理单元,还用于根据所述目标分类规则对所述分组进行处理。
  7. 如权利要求6所述的网络设备,其特征在于,M’、N和Q’满足以下关系:M’+Q’小于2N,其中M’表示所述M个指示数字包括的比特的数量,Q’表示所述T个第一分类规则中的每个第一分类规则包括的K个匹配域包括的比特的数量。
  8. 如权利要求6或7所述的网络设备,其特征在于,
    所述处理单元,还用于获取第二分类规则集合,所述第二分类规则集合包括T个第二分类规则,其中,所述T个第二分类规则中的第t个第二分类规则的数字的数量为N,所述第t个第二分类规则包括M个匹配域,所述第t个第二分类规则包括的M个匹配域中的第m个匹配域包括的数字的数量与所述M个字段中的第m个字段包含的比特的数量相等,t=1,…,T,m=1,…,M;
    所述处理单元,还用于确定所述第t个第二分类规则包括的M个匹配域中的每个匹配域的类型,所述第t个第二分类规则包括的M个匹配域中的一个匹配域的类型为第一类型或第二类型,所述第t个第二分类规则包括的M个匹配域中的K个匹配域的类型为所述第一类型,所述第t个第二分类规则包括的M个匹配域中的X个匹配域的类型为所述第二类型,所述第t个第二分类规则包括的M个匹配域中的K个匹配域中的第k个匹配域包括的数字的数量与所述K个字段中的第k个字段包括的比特的数量相等,所述第t个第二分类规则包括的M个匹配域中的K个匹配域中的数字的数量为Q,k=1,…,K;
    所述处理单元,还用于根据所述第t个第二分类规则包括的M个匹配域中的每个匹配域的类型以及所述第t个第二分类规则包括的M个匹配域中的K个匹配域,确定所述M个指示数字和所述T个第一分类规则中的第t个第一分类规则,其中,所述第t个第一分类规则包括K个匹配域,所述第一分类规则包括的K个匹配域为所述M个匹配域中的K个匹配域;
    所述存储单元,还用于保存所述处理单元确定的所述M个指示数字和所述T个第一分类规则中的第t个第一分类规则。
  9. 如权利要求8所述的网络设备,其特征在于,所述处理单元,具体用于在确定所述第t个第二分类规则包括的M个匹配域中的第m个匹配域包括的数字的值中包括至少一个特定值的情况下,确定所述第m个匹配域的类型为所述第一类型;
    所述处理单元,具体用于在确定所述第t个第二分类规则包括的M个匹配域中的第m个匹配域包括的数字的值均为通用值情况下,确定所述第m个匹配域的类型为所述第二类型,其中,所述特定值包括第一特定值和第二特定值,第一比特与所述第一特定值匹配,第二比特与所述第二特定值匹配,所述第一比特与所述第二比特均与所述通用值匹配,所述第一比特的值为1,所述第二比特的值为0。
  10. 如权利要求8所述的网络设备,其特征在于,所述处理单元,具体用于在P为大于或等于2的正整数的情况下,确定所述第t个第二分类规则包括的M个匹配域中的第m个匹配域包括的数字的值是否与所述T个第二分类规则中除所述第t个第二分类规则以外的第二分类规则包括的M个匹配域中的第m个匹配域包括的数字的值均相同;
    若否,则确定所述第t个第二分类规则包括的M个匹配域中的第m个匹配域的类型为所述第一类型;
    若是,则确定所述第t个第二分类规则包括的M个匹配域中的第m个匹配域的类型为所述第二类型。
PCT/CN2018/077778 2017-03-13 2018-03-01 处理分组的方法和网络设备 WO2018166355A1 (zh)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US16/567,619 US11310153B2 (en) 2017-03-13 2019-09-11 Packet processing method and network device
US17/712,819 US11799766B2 (en) 2017-03-13 2022-04-04 Packet processing method and network device

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710145776.6 2017-03-13
CN201710145776.6A CN108574679B (zh) 2017-03-13 2017-03-13 处理分组的方法和网络设备

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US16/567,619 Continuation US11310153B2 (en) 2017-03-13 2019-09-11 Packet processing method and network device

Publications (1)

Publication Number Publication Date
WO2018166355A1 true WO2018166355A1 (zh) 2018-09-20

Family

ID=63522793

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/077778 WO2018166355A1 (zh) 2017-03-13 2018-03-01 处理分组的方法和网络设备

Country Status (3)

Country Link
US (2) US11310153B2 (zh)
CN (3) CN113206801B (zh)
WO (1) WO2018166355A1 (zh)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060268876A1 (en) * 2005-05-26 2006-11-30 Alcatel Packet classification acceleration using spectral analysis
CN101861722A (zh) * 2007-11-16 2010-10-13 法国电信公司 用于对分组进行归类的方法和装置
CN102204180A (zh) * 2008-10-30 2011-09-28 阿尔卡特朗讯公司 用于对数据分组进行分类的方法和系统
CN102387082A (zh) * 2011-11-25 2012-03-21 西安电子科技大学 基于流分类的分组流量控制系统及控制方法
CN103339904A (zh) * 2011-01-28 2013-10-02 日本电气株式会社 通信系统、控制设备、转发节点、通信控制方法和程序

Family Cites Families (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7180895B2 (en) * 2001-12-31 2007-02-20 3Com Corporation System and method for classifying network packets with packet content
US7408932B2 (en) * 2003-10-20 2008-08-05 Intel Corporation Method and apparatus for two-stage packet classification using most specific filter matching and transport level sharing
US7760719B2 (en) * 2004-06-30 2010-07-20 Conexant Systems, Inc. Combined pipelined classification and address search method and apparatus for switching environments
FR2907994A1 (fr) * 2006-10-26 2008-05-02 France Telecom Procede et systeme de classification de donnees appartenant a un flux.
SE532426C2 (sv) * 2008-05-26 2010-01-19 Oricane Ab Metod för datapaketklassificering i ett datakommunikationsnät
WO2011108168A1 (ja) * 2010-03-05 2011-09-09 日本電気株式会社 パケット分類器、パケット分類方法、パケット分類プログラム
JP5530864B2 (ja) * 2010-08-31 2014-06-25 株式会社日立製作所 ネットワークシステム、管理サーバ、及び、管理方法
CN102437950B (zh) * 2011-11-08 2014-11-12 西安电子科技大学 一种高效且可扩展的ip数据包分类方法
CN102427428A (zh) * 2011-12-07 2012-04-25 西安电子科技大学 基于多域最长匹配的流识别方法及设备
US9237128B2 (en) * 2013-03-15 2016-01-12 International Business Machines Corporation Firewall packet filtering
US9119129B2 (en) * 2012-05-05 2015-08-25 Broadcom Corporation MAC header based traffic classification and methods for use therewith
CN102685008A (zh) * 2012-05-07 2012-09-19 西安电子科技大学 基于流水线的快速流识别方法及设备
US9098601B2 (en) * 2012-06-27 2015-08-04 Futurewei Technologies, Inc. Ternary content-addressable memory assisted packet classification
US9674087B2 (en) * 2013-09-15 2017-06-06 Nicira, Inc. Performing a multi-stage lookup to classify packets
US9270592B1 (en) * 2014-01-24 2016-02-23 Google Inc. Hash collision avoidance in network routing
US20160294625A1 (en) * 2015-03-31 2016-10-06 Telefonaktiebolaget L M Ericsson (Publ) Method for network monitoring using efficient group membership test based rule consolidation
US11418632B2 (en) * 2015-12-15 2022-08-16 Intel Corporation High speed flexible packet classification using network processors
CN106453131B (zh) * 2016-11-03 2019-06-28 瑞斯康达科技发展股份有限公司 一种匹配器生成的方法和设备

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060268876A1 (en) * 2005-05-26 2006-11-30 Alcatel Packet classification acceleration using spectral analysis
CN101861722A (zh) * 2007-11-16 2010-10-13 法国电信公司 用于对分组进行归类的方法和装置
CN102204180A (zh) * 2008-10-30 2011-09-28 阿尔卡特朗讯公司 用于对数据分组进行分类的方法和系统
CN103339904A (zh) * 2011-01-28 2013-10-02 日本电气株式会社 通信系统、控制设备、转发节点、通信控制方法和程序
CN102387082A (zh) * 2011-11-25 2012-03-21 西安电子科技大学 基于流分类的分组流量控制系统及控制方法

Also Published As

Publication number Publication date
US20220231940A1 (en) 2022-07-21
CN113206801A (zh) 2021-08-03
US20200007439A1 (en) 2020-01-02
US11310153B2 (en) 2022-04-19
CN108574679A (zh) 2018-09-25
CN113206801B (zh) 2024-06-07
CN108574679B (zh) 2021-03-30
US11799766B2 (en) 2023-10-24
CN113206802A (zh) 2021-08-03

Similar Documents

Publication Publication Date Title
US9794263B2 (en) Technologies for access control
CN108370352B (zh) 使用网络处理器的高速灵活分组分类
US10496680B2 (en) High-performance bloom filter array
US10313240B2 (en) Technologies for efficient network flow classification with vector bloom filters
US10397116B1 (en) Access control based on range-matching
CN105429879B (zh) 流表项查询方法、设备及系统
US10547547B1 (en) Uniform route distribution for a forwarding table
US20180107759A1 (en) Flow classification method and device and storage medium
EP3917099A1 (en) Stream classification method and device
US20180270152A1 (en) Packet processing
Yang et al. Fast OpenFlow table lookup with fast update
US20150195387A1 (en) Methods and systems for flexible packet classification
US10616116B1 (en) Network traffic load balancing using rotating hash
WO2018166355A1 (zh) 处理分组的方法和网络设备
CN109039911B (zh) 一种基于hash查找方式共享ram的方法及系统
US20130163595A1 (en) Packet classification apparatus and method for classifying packet thereof
US11689464B2 (en) Optimizing entries in a content addressable memory of a network device
CN104901947B (zh) 一种基于tcam连续数值匹配方法和装置
Matoušek et al. Memory efficient IP lookup in 100 GBPS networks
CN110852391A (zh) 一种基于多种分类器的以太网报文分类方法和装置
US11968285B2 (en) Efficient memory utilization for cartesian products of rules
CN116366292B (zh) 报文处理方法、系统、存储介质及电子设备
WO2022097725A1 (ja) 情報処理装置、情報処理方法及びコンピュータプログラム
Sun et al. Bidirectional range extension for TCAM-based packet classification
JP6073761B2 (ja) 検索装置および検索方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18768621

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18768621

Country of ref document: EP

Kind code of ref document: A1