WO2019127895A1 - 一种数据流的引导方法、服务器和系统 - Google Patents

一种数据流的引导方法、服务器和系统 Download PDF

Info

Publication number
WO2019127895A1
WO2019127895A1 PCT/CN2018/077429 CN2018077429W WO2019127895A1 WO 2019127895 A1 WO2019127895 A1 WO 2019127895A1 CN 2018077429 W CN2018077429 W CN 2018077429W WO 2019127895 A1 WO2019127895 A1 WO 2019127895A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
data stream
destination address
global
guiding
Prior art date
Application number
PCT/CN2018/077429
Other languages
English (en)
French (fr)
Inventor
陈凯林
柳小鹏
Original Assignee
网宿科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 网宿科技股份有限公司 filed Critical 网宿科技股份有限公司
Priority to EP18865331.5A priority Critical patent/EP3531640B1/en
Priority to US16/327,957 priority patent/US20210344589A1/en
Publication of WO2019127895A1 publication Critical patent/WO2019127895A1/zh

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/24Traffic characterised by specific attributes, e.g. priority or QoS
    • H04L47/2483Traffic characterised by specific attributes, e.g. priority or QoS involving identification of individual flows
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/02Topology update or discovery
    • H04L45/036Updating the topology between route computation elements, e.g. between OpenFlow controllers
    • H04L45/037Routes obligatorily traversing service-related nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/302Route determination based on requested QoS
    • H04L45/306Route determination based on the nature of the carried application
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/302Route determination based on requested QoS
    • H04L45/308Route determination based on user's profile, e.g. premium users
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/38Flow based routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • H04L45/745Address table lookup; Address filtering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/24Traffic characterised by specific attributes, e.g. priority or QoS
    • H04L47/2475Traffic characterised by specific attributes, e.g. priority or QoS for supporting traffic characterised by the type of applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/02Capturing of monitoring data
    • H04L43/028Capturing of monitoring data by filtering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/02Topology update or discovery

Definitions

  • Embodiments of the present invention relate to network traffic guidance technologies, and in particular, to a data flow guidance method, server, and system.
  • traffic identification is a technology for detecting the flow of data packets by using deep packet inspection technology to determine which application the traffic belongs to.
  • DPI Deep Packet Inspection
  • HTTP Hypertext Transfer Protocol
  • DNS Domain Name System
  • a data stream refers to a collection of data packets transmitted between the same pair of destination address information and a source address.
  • traffic identification is real-time online dynamic identification of traffic.
  • This traffic identification method usually identifies the first packet of the data stream and guides the data stream after identification; and once the data stream is determined to be guided After the path cannot be changed, if the first packet is not recognized, or the data flow has been directed to a certain path, then even if the latter packets can identify the application identifier to which the data stream belongs, it cannot be The path of the data stream is changed, which not only reduces the accuracy of data stream identification, but also affects the accuracy of data stream guidance.
  • Another way of identifying the data stream is to realize the identification of the data stream by identifying the destination address information of the data stream.
  • the guiding process of the data stream is: the new data stream flows through The server directly matches the destination address information of the new data stream with the saved correspondence. If the matching is successful, the data flow is guided according to the preset routing policy of the application identifier in the matching correspondence, where the corresponding relationship The correspondence between the destination address information of the data stream and the application identifier.
  • the inventor has found that at least the following problems exist in the prior art: although the problem that the first packet cannot be identified is solved by identifying the destination address information of the data stream, the server performs the data flow guidance by relying on the corresponding relationship of the statistics, so that the statistics are made. The process is long and the statistics are not comprehensive. The identifier of the application corresponding to the destination address information of the current data stream cannot be quickly and accurately determined, and the efficiency of data stream guidance is not high.
  • An object of the present invention is to provide a method, a server, and a system for guiding a data stream, so that the data stream can be quickly and accurately identified, and the efficiency of the traffic identification is improved, thereby improving the speed and accuracy of the traffic guidance.
  • an embodiment of the present invention provides a method for guiding a data stream, which is applied to a service node, including: guiding a data stream based on a first global information base, wherein the first global information database includes at least a destination address information and a corresponding application identifier; determining, according to the destination address information of the data stream flowing through the first preset duration and the corresponding application identifier, the change information of the first global information database; uploading the change information To the central node, the central node updates the first global information base according to the change information uploaded by the at least one service node, generates a second global information base; acquires the second global information base from the central node, and uses the second global information base to pair the data flow Guide.
  • the embodiment of the present invention further provides a method for guiding a data stream, which is applied to a central node, and includes: receiving change information of a first global information database uploaded by each of the at least one service node, where the first global information database includes The destination address information and the corresponding application identifier; processing the change information uploaded by each service node to obtain total change information; updating the first global information base according to the total change information to obtain the second global information Library.
  • Embodiments of the present invention also provide a server comprising: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor, the instructions being at least one The processor executes to enable the at least one processor to perform a boot method applied to the data stream of the service node.
  • Embodiments of the present invention also provide a server comprising: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor, the instructions being at least one The processor executes to enable the at least one processor to perform a boot method applied to the data stream of the central node.
  • An embodiment of the present invention further provides a data flow guiding system, including a central node and at least one service node, the service node is configured to execute a data flow guiding method applied to the service node, and the central node is configured to execute an application.
  • a data flow boot method for the central node is configured to execute a data flow boot method for the central node.
  • the service node may guide the data flow based on the first global information base, and the corresponding destination address information and its corresponding application identifier are expired due to the uncertainty of the data flow. And updating, etc., in the first preset duration, each service node counts the change confidence and uploads the change information to the central node, and the central node updates the first global information base according to the change information uploaded by each service node.
  • the central node receives the change information uploaded from the multiple service nodes, enriching the change information of the first global information base, so that the change information of the first global information base is more comprehensive and detailed, so that the update information is updated based on the change information.
  • the second global repository is more accurate and comprehensive.
  • the service node obtains the second global information base from the central node, and guides the data flow based on the second global information base, which can improve the matching success degree and speed up the guiding of the data flow by the single service node. , improve the efficiency of data flow guidance.
  • determining the change information of the first global information base according to the destination address information of the data stream flowing through the first preset duration and the corresponding application identifier specifically: determining whether the data flow exists in the first global information base The destination address information, if yes, records the matching record of the destination address information and its corresponding application identifier; if not, the service node performs feature identification on the data stream and records the result of the feature identification. If the destination address information exists in the first global information base, the matching record of the destination address information and the corresponding application identifier is recorded, so that the service node can obtain the application identifier corresponding to the destination address information without performing feature identification on the data stream. . If the destination address information does not exist in the first global information base, the data stream is characterized, and the result of the feature identification is recorded, so that the service node can perform subsequent processing according to the feature recognition result.
  • the change information of the first global information base includes: update information and incremental information; wherein the matching record statistics of the destination address information and the corresponding application identifier are updated information; and the result of the feature recognition is increment information.
  • the result of the feature recognition the destination address information of the data stream that does not exist in the first global information base, so that the result of the feature recognition can be counted as the incremental information of the first global information base, thereby achieving accurate acquisition of the first Global repository increment information.
  • the result of the feature recognition specifically includes: a destination address information of the data stream, and an application identifier corresponding to the destination address information obtained by the service node through the feature recognition; and a destination address information of the data stream that cannot obtain the application identifier by the feature recognition.
  • the comprehensive recording of the destination address information of the data stream not stored in the first global information base enhances the accuracy of the first global information base.
  • the step of guiding the data stream based on the first global information base comprises: parsing the destination address information from the data stream; determining whether the destination address information exists in the first global information base; and if yes, obtaining the application identifier corresponding to the destination address information. And directing the data flow according to a preset routing policy corresponding to the application identifier. Otherwise, the data stream is characterized, and the data stream is guided based on the recognition result.
  • the data stream is booted based on the first global information base, it is determined whether the destination address information exists in the first global information base, and if yes, the application corresponding to the data flow can be quickly obtained from the first global information base.
  • Identification thereby directly guiding the data flow according to the preset routing policy of the corresponding application, without performing feature recognition, and improving the guiding speed of the data stream; if the destination address information of the data stream does not exist in the first global database, The data stream is characterized, and the traffic is guided according to the feature recognition result, thereby avoiding the situation that the data stream cannot be guided because the first packet of the data stream cannot be identified.
  • the destination address information includes one or more of a destination IP address, a destination port address, and a transport layer protocol.
  • FIG. 1 is a schematic flowchart of a method for guiding a data stream according to a first embodiment of the present invention
  • FIG. 2 is a schematic flowchart of a method for guiding a data stream based on a first global information base in a method for guiding a data stream according to a second embodiment of the present invention
  • FIG. 3 is a schematic flowchart of a method for guiding a data stream according to a third embodiment of the present invention.
  • FIG. 4 is a schematic diagram of a specific process in a method for guiding a data stream according to a fourth embodiment of the present invention.
  • FIG. 5 is a schematic structural diagram of a server according to a fifth embodiment of the present invention.
  • FIG. 6 is a schematic structural diagram of a server according to a sixth embodiment of the present invention.
  • FIG. 7 is a schematic diagram showing the specific structure of a data flow guidance system according to a seventh embodiment of the present invention.
  • a first embodiment of the present invention relates to a method of guiding a data stream.
  • the method is applied to a service node, and the service node may be a system server or a client.
  • the type of the service node is not limited.
  • the service node is in communication with the central node, and data transmission between each other can be implemented based on the communication connection, wherein the number of service nodes corresponding to one central node is at least one.
  • the specific process is shown in Figure 1.
  • Step 101 Boot a data stream based on the first global information base, where the first global information database includes at least one destination address information and a corresponding application identifier.
  • the service node obtains the first global information base from the central node, and the first global information database records the application identifier corresponding to the destination address information and the destination address information, and includes at least one destination address information and a corresponding application thereof.
  • the identifier where the destination address information includes one or more of a destination IP address, a destination port address, and a transport layer protocol, where the application identifier is information for identifying an application, and may include an application name or other identifiers that may be used for identification.
  • the information for the app is described in this specification.
  • the step of guiding the data stream based on the first global information base comprises: acquiring the data flow flowing through the service node, parsing the destination address information of the data flow, and matching the first global information base based on the destination address information, and obtaining the sending station. An application identifier of the data stream, thereby guiding the data stream according to a routing rule corresponding to the application identifier.
  • the method of guiding the data stream based on the first global information base is not limited to the one in the embodiment, and may be another method of guiding the data stream.
  • Step 102 Determine, according to the destination address information of the data stream flowing through the first preset duration and the corresponding application identifier, the change information of the first global information base.
  • the first preset duration may be determined according to the total number of data streams flowing through the service node and the flow rate. The faster the flow rate, the shorter the first preset duration, and vice versa, the longer the first preset duration For example, if the number of data streams flowing through the service node in one minute is 100, the first preset duration may be set to 5 minutes. In other embodiments of the present invention, the preset duration may also be a fixed duration, which is applied to each service node.
  • the process of determining, by the service node, the change information of the first global information database within the first preset time period includes: determining whether the destination address information of the data flow exists in the first global information base, and if yes, recording the matched destination address information And a matching record of the corresponding application identifier, wherein the matching record includes time information of the current matching operation; if not, the service node performs feature recognition on the data stream, and records the result of the feature recognition.
  • the service node may identify the application identifier corresponding to the destination address information of the data stream by identifying the feature information of the data stream flowing through.
  • the general process of the feature identification of the data stream by the service node may be: extracting the quintuple information of the data stream to obtain the destination address information of the data stream, that is, the destination IP address, and of course, the destination port may also be acquired according to requirements.
  • the transport layer protocol is used as the information combination of the destination address information; based on the DPI deep packet inspection (DPI) or other packet detection technology, the feature information of the data stream is characterized and the recognition result is obtained.
  • the recognition result contains the identified application identifier for sending the data stream, or the conclusion that the application identifier is not recognized.
  • the change information of the first global information base includes: update information and incremental information; wherein the update information includes a matching record of the destination address information and its corresponding application identifier; the incremental information includes a result of the feature recognition.
  • the result of the feature recognition includes: the destination address information of the data stream, and the application identifier corresponding to the destination address information obtained by the service node through the feature recognition; and the destination address information of the data stream that cannot obtain the application identifier by the feature recognition.
  • the service node confirms the change information periodically.
  • the first preset duration is an update period
  • the first global information database used by the current update period is the central node according to the previous one.
  • the change information uploaded by all service nodes in the update cycle is obtained after updating the global information database used in the previous update cycle.
  • the global information database used by the service node in the next update cycle is the central node and is uploaded according to each service node in the current update cycle.
  • the change information is obtained by updating the first global information base after the first global information base.
  • the duration of the update period may be selected by another preset duration, but the other preset durations are greater than the first preset duration.
  • Step 103 Upload the change information to the central node, and the central node updates the first global information base according to the change information uploaded by the service node to generate a second global information base.
  • the service node uploads the change information to the central node, and the uploading period may correspond to the foregoing update period, or may be performed according to another preset upload period.
  • the central node updates the first global information base according to the change information uploaded by the at least one service node, wherein at least one service node includes all service nodes connected to the central node, in other words, all services connected thereto from the perspective of the central node
  • the node will upload the change information collected by each node for subsequent analysis and statistics.
  • the central node receives the change information of the first global information database uploaded by each service node, performs aggregation, and summarizes the change information conflict processing, and obtains the total Change information.
  • There are several ways to handle conflicts for example, by setting a priority for each application identifier, retaining the application ID with the highest priority according to the priority level, or receiving the change information of the first global information base according to the central node. The order of precedence eliminates conflicting change information.
  • the central node updates the first global information base according to the total change information, and generates a second global information base. The specific processing method of the change information by the central node will be described in detail later.
  • Step 104 Acquire a second global information base from the central node, and guide the data flow based on the second global information base.
  • the service node downloads the second global information base from the central node, and guides the data flow based on the second global information base.
  • the method of guiding is substantially the same as the method in step 101, because the record in the second global information base
  • the destination address information and the corresponding application identifier are updated according to the change information of the first global information database uploaded by the at least one service node, so that the records in the second global information database obtained by the service node are more comprehensive and rich.
  • the service node may guide the data flow based on the first global information base, and the corresponding destination address information and its corresponding application identifier are expired due to the uncertainty of the data flow.
  • each service node performs statistics on the change information, and uploads the change information to the central node, and the central node updates the first global information base according to the change information uploaded by each service node.
  • the central node receives the change information uploaded from the multiple service nodes, enriching the change information of the first global information base, so that the change information of the first global information base is more comprehensive and detailed, so that the update information is updated based on the change information.
  • the second global repository is more accurate and comprehensive.
  • the service node obtains the second global information base from the central node, and guides the data flow based on the second global information base, thereby improving the matching success degree, speeding up the guiding speed of the data flow by the single service node, and improving the speed.
  • the efficiency of data flow guidance is the efficiency of data flow guidance.
  • a second embodiment of the present invention relates to a method of guiding a data stream.
  • This embodiment is a further improvement of the first embodiment.
  • the embodiment improves the method for the service node to guide the data flow based on the global information base.
  • the global information base is used to distinguish the global information base used in different periods, and the first or second global information base is the same as the data flow guiding method performed by the service node.
  • the first A global information base is taken as an example, and a specific process is shown in FIG. 2, and the method includes the following steps:
  • Step 2011 Parse the destination address information from the data stream.
  • the service node may perform packet capture on the data stream that flows through, and parse the data of the captured packet (such as parsing the first packet length, source address, destination address, version number, etc. of the data stream), and acquiring the data stream.
  • Destination address information includes one or more of a destination IP address, a destination port address, and a transport layer protocol.
  • the destination address information is a combination of the destination IP address, the destination port address, and the transport layer protocol, and the combination of the three destination destination address information can more accurately locate the data.
  • the present embodiment does not limit the specific content included in the destination address information.
  • the destination address information is used as the destination IP address, the destination port address, and the transport layer protocol.
  • the method of parsing the destination address information from the data stream may also adopt other parsing methods, which are not enumerated here.
  • Step 2012 Determine whether the destination address information exists in the first global information base. If yes, execute step 2013. Otherwise, perform step 2014.
  • the first global information database stores the destination address information and the corresponding application identifier, and determines whether the destination address information exists in the first global information database.
  • each of the first global information bases may be The destination address information is traversed to query whether there is a resolved destination address information.
  • other methods of judging can also be used, and the traversal method herein is merely an example.
  • Step 2013 Obtain an application identifier corresponding to the destination address information, and guide the data flow according to a preset routing policy corresponding to the application identifier.
  • the destination address information of the data flow in the first global information base is determined based on the step 2012, and the application identifier corresponding to the destination address information is directly obtained, based on the matched destination address information, in the first global information base.
  • the preset routing policy corresponding to each application identifier is preset on the service node.
  • the service node obtains the application identifier of the sending data stream
  • the data stream may be based on the preset routing policy corresponding to the application.
  • the booting is performed, so that a different routing policy can be set for different applications, and a corresponding traffic guiding service is provided.
  • the setting of the specific routing policy can be set according to actual requirements, and the present invention is not limited.
  • Step 2014 feature recognition of the data stream, and guiding the data stream based on the recognition result.
  • step 2012 it is determined that the destination address information of the data stream does not exist in the first global information base, and the service node may perform feature recognition on the data stream based on DPI or other data packet detection technology to obtain a recognition result. If the feature identification of the data stream is successful, the application identifier corresponding to the data flow may be obtained, and then the data flow is guided according to the preset routing policy corresponding to the application identifier; if the feature identification of the data flow fails If the data stream is not recognized, the data stream can be guided according to the default preset routing policy.
  • the method for guiding the data stream first determines whether the destination address information exists in the first global information base, and if so, can quickly get from the first The global information base obtains the application identifier corresponding to the data flow, so that the data flow is guided according to the preset routing policy of the corresponding application, so that the data flow can be guided by the data flow without performing feature recognition.
  • the guiding speed of the data stream is improved; if the destination address information of the data stream does not exist in the first global information base, the data stream is characterized, and the traffic is guided according to the feature recognition result, thereby avoiding the first global
  • the content in the information base is incomplete, which makes it impossible to guide the data stream, which enhances the accuracy of guiding the data stream; and because the data stream is divided into two cases, different guiding methods are adopted to improve the speed of data stream guiding. And accuracy.
  • a third embodiment of the present invention relates to a method for guiding a data stream, where the method is applied to a central node.
  • a central node corresponds to multiple service nodes, and a specific process is shown in FIG. :
  • Step 301 Receive change information of the first global information database uploaded by each of the at least one service node, where the first global information database includes the destination address information and the corresponding application identifier.
  • the central node is connected to multiple service nodes, and the central node receives the change information of the first global information database uploaded by each service node, where the first global information database includes the destination address information and its corresponding
  • the application identifier that is, in the first global information base, the application identifier corresponding to the application can be found through the destination address information.
  • Step 302 Process the change information uploaded by each service node to obtain total change information.
  • the change information uploaded by the service node includes incremental information, where the incremental information includes a service node that cannot match the data stream of the corresponding record from the first global information repository.
  • the destination address information, the destination address information obtained after the feature recognition, and the application identifier obtained by the identification, and the feature identification, the destination address information of the application identifier cannot be determined. Since the central node receives the incremental information uploaded from different service nodes, there may be duplicated and conflicting parts.
  • processing the change information includes performing conflict processing on the incremental information uploaded by each service node.
  • the conflict handling mainly includes deduplication, contradiction processing, and addition, wherein the deduplication includes the identification and cleaning of the destination address information and the corresponding application identifiers in the incremental information uploaded by each service node.
  • the unique record has been saved to prevent duplicate records;
  • the contradiction process includes the same incremental information in the incremental information uploaded by each service node, but the corresponding application identifiers are processed differently to record uniformly;
  • the destination address information of the corresponding application identifier cannot be obtained through feature recognition for parsing and analysis, so as to obtain the corresponding application identifier.
  • the first method for contradiction processing setting the priority of the application identifier corresponding to the destination address information, and using the application identifier with high priority as the application identifier corresponding to the destination address information in the contradiction information. For example, suppose there is an application identifier A, an application identifier B, and an application identifier C, the priority of the application identifier A is set to 3, the priority of the application identifier B is 1, and the priority of the application identifier C is 2.
  • the priority ordering is: the priority of 3 is higher than the priority of 2, and the priority of 2 is higher than the priority of 1.
  • the record of the high priority application ID is retained according to the set priority. By prioritizing in the application ID, conflicting destination address information and its corresponding application records can be quickly eliminated. It should be noted that the priority corresponding to the application identifier can be set according to actual needs.
  • the application identifier a corresponds to a priority of 3
  • the application identifier b corresponds to a priority of 2
  • the application identifier c corresponds to a priority of 1, wherein the priority is from high to low: 3, 2. 1; If the incremental information uploaded by each service node at this time, the destination address information 1 corresponds to the application identifier a, the destination address information 1 corresponds to the application identifier b, and the destination address information 1 corresponds to the application identifier c.
  • the central node will perform conflict processing to obtain the priority of the application identifier in the three corresponding relationships respectively, and retain the record of the high priority application identifier, and then determine the destination address information 1 and its corresponding application identifier a, that is, The record of the destination address information 1 and its corresponding application a is retained, and the record of the destination address information 1 and its corresponding application identifier b and the record of the corresponding application identifier c and its corresponding application identifier c are deleted.
  • the priority of the application identifier setting corresponding to the destination address information may also be set according to the feature dimension of the application. That is, the application represented by the application identifier corresponding to each destination address information has a corresponding feature dimension (for example, sensitivity), and the feature dimension value can be manually set. A feature dimension value is selected as a criterion for eliminating conflicts. The feature dimension values in each application identifier are obtained. According to the obtained feature dimension values, the priority corresponding to each application identifier is determined, and the application identifier of the highest priority level is retained.
  • the feature dimension of the application for example, sensitivity
  • the sensitivity value of the application identifier A is 3, the sensitivity value of the application identifier B is 2, and the sensitivity value of the application identifier C is 1, the higher the sensitivity value, the higher the priority, that is, the priority order is The priority of :3 is higher than the priority of 2, and the priority of 2 is higher than the priority of 1. If the same destination address information corresponds to different application identifiers, the feature dimension values of the different application identifiers corresponding to the destination address information are obtained, and the application corresponding to the destination address information is determined according to the priority of the feature dimension value. logo.
  • the second contradiction processing method is: determining according to the destination address information and the corresponding application identification record time. For example, assume that the recording time of the destination address information 1 and its corresponding application identifier a is T1, the recording time of the destination address information 1 and its corresponding application identifier b is T2, and the destination address information 1 and its corresponding application.
  • the record time of the identifier c is T3, where T3 is the latest time, and the central node finally retains the destination address information 1 and its corresponding application identifier c.
  • the adding specifically includes: the central node querying and obtaining the application identifier corresponding to the destination address information, and recording.
  • the destination address information of the data stream received by the service node in the first preset duration is not included in the first global information base, and the application identifier corresponding to the destination address information cannot be obtained through feature identification, and the record is recorded.
  • the central node obtains the destination address information from the incremental information, and obtains the application identifier corresponding to the destination address information by means of active query, and the active query manner may be enumerated below.
  • the manner, of course, the manner of active inquiry is not limited to the manner enumerated in the present embodiment.
  • the central node sends a DNS request to the DNS server to obtain the address information (such as an IP address) corresponding to the preset domain name, and compares the obtained address information with the destination address information. If yes, the destination address information can be determined.
  • the domain name is a preset domain name, and the application identifier corresponding to the domain name is found according to the preset domain name, thereby determining the destination address information and the corresponding application identifier.
  • the destination address information in the incremental information is "119.75.213.61”
  • the default domain name is "www.aa.com”
  • the application identifier corresponding to the preset domain name is "AA”
  • the default is queried to the DNS server.
  • the IP address corresponding to the domain name is "119.75.213.61”. If the IP address corresponding to the destination domain name is the same as the destination address information, the application identifier corresponding to the destination address information is determined to be the application identifier "AA" corresponding to the default domain name.
  • the second query mode is that the central node sends an HTTP request according to a specific Uniform Resource Locator (URL) address, parses the obtained return result, and obtains the application identifier corresponding to the destination address information.
  • URL Uniform Resource Locator
  • the third query mode is: sending a query request to the preset server, and according to the query result returned by the preset server, the application identifier corresponding to the destination address information may be determined, for example, the information is captured in the returned result, and the application identifier is obtained.
  • the central node can complete the conflict processing of the incremental information uploaded by each service node, and obtain the total change information.
  • Step 303 Update the first global information base according to the total change information to obtain a second global information base.
  • the total change information is directly updated in the first global information base.
  • the central node receives the change information of the first global information database uploaded by each of the at least one service node, and updates the first global information base according to the change information to obtain a second global information base.
  • the central node obtains the change information of the corresponding multiple global information bases by using the multiple service nodes, so that the change information of the first global information base acquired by the central node is richer, and thus the change information according to the first global information base is obtained.
  • the data of the second global repository is more accurate.
  • the first global information base includes incremental information, and the incremental information includes a correspondence that is not included in the first global information database that is counted by the service node within the first preset time period, because at least one service node uploads the increase.
  • the quantity information causes the conflict information corresponding to the incremental information obtained by the central node to exist. Therefore, through the contradiction processing, the conflicting correspondence in the uploaded incremental information is eliminated, and the incremental increment of the central node is further increased.
  • the information, the obtained destination address information and the records of the corresponding applications are more accurate.
  • the central node obtains the application identifier corresponding to the destination address information that cannot be identified in the incremental information by using the active query mode, further enriching the record of the destination address information and the corresponding application identifier in the second global information database, thereby further improving The boot speed of the data stream.
  • a fourth embodiment of the present invention relates to a method for guiding a data stream.
  • the change information of the first global information database includes update information, where the update information includes the first global information of the service node within the first preset duration.
  • the destination address information obtained by the library matching and the latest matching time of the corresponding application identifier, wherein each destination address information in the first global information base has a timeout value, and the update process is as shown in FIG. 4:
  • Step 401 Receive change information of a first global information database uploaded by each of the at least one service node, where the first global information database includes destination address information and a corresponding application identifier.
  • Step 402 The change information of the first global information database includes update information, and the central node sorts the update information uploaded by each service node, obtains the latest matching time of each destination address information, and obtains total change information.
  • the central node receives the update information uploaded by the service node, queries the matching time corresponding to the destination address information from the update information, and uses the matching time obtained by the query as the latest matching time of the destination address information.
  • Step 403 Update the first global information base according to the timeout value of the destination address information in the first global information database and the process to obtain the update information.
  • the timeout value of the destination address information is used to indicate a valid time value of the correspondence between the destination address information and the corresponding application identifier, and the timeout value may be a specified date, and the minimum unit is hour. For example, assume that the timeout value of the destination address information 1 is set to 10:00 on October 30, 2017.
  • the central node obtains the latest matching time corresponding to each destination address information, and according to the timeout value of the destination address information in the first global information base and the latest matching time of each destination address information obtained by the processing. Updating the timeout value of the destination address information in the first global information base to update the latest matching time.
  • the update information includes the destination address information 2 and the corresponding matching time "October 20, 2017 10 o'clock"; the first global information base contains two destination address information 2, wherein the timeout value of the destination address information 2 is 5 o'clock on October 17, 2017, then the central node receives at 5 o'clock on the 17th. Updating the information, obtaining the latest matching time of the destination address information 2, updating the timeout value of the destination address information 2 in the first global information database to the latest matching time in the update information, that is, the destination address in the first global information base The timeout value of Message 2 is updated to "10:00 on October 20, 2017".
  • this step is to update the timeout value of the destination address information in the first global information base.
  • Step 404 Delete the timeout destination address information and the corresponding application identifier record to obtain the second global information base, if the preset condition of the timeout processing is met.
  • the preset condition of the timeout processing may be a fixed period. For example, if the period of the timeout processing is 20 hours, the first global information base is traversed to obtain each destination in the first global information base. The timeout value of the address information determines whether the obtained timeout value is less than the current time value. If yes, the timeout destination address information and its corresponding application identifier record are deleted. Otherwise, the obtained destination address information is not processed.
  • the period of the timeout processing is 20 hours.
  • the timeout value of the address information determines whether the obtained timeout value is less than the current time value. If yes, the timeout destination address information and its corresponding application identifier record are deleted. Otherwise, the obtained destination address information is not processed.
  • the central node starts to time out the first global information base at 5 o'clock every day. deal with. If the destination address information 1 and its corresponding application D, the destination address information 2 and its corresponding application F are recorded in the first global information base, wherein the timeout value of the destination address information 1 is October 17, 2017. At 10:00, the timeout value of the destination address information 2 is 10:00 on October 20, 2017. At 5:00 on October 18, 2017, the central node begins to traverse the first global information base for judgment purposes.
  • the purpose of deleting The record of the address information 1 and its corresponding application F retains the record of the destination address information 2 and its corresponding application F.
  • timeout value is not limited to the ones listed in the embodiment, and there may be other modes, which are not enumerated here.
  • the change information of the first global information database may also include incremental information and update information.
  • the central node may perform conflict processing first, and after the conflict processing is completed. And then performing timeout processing, updating the first global information base according to the conflict processing result and the timeout result, and obtaining the second global information base; or after receiving the incremental information and the update information, the central node may perform timeout processing first, and then perform The conflict processing, according to the conflict processing result and the timeout processing, updates the first global information base to obtain a second global information base. That is to say, in this embodiment, the order of the conflict processing and the timeout processing is not limited.
  • the change information of the first global information database includes update information
  • the update information includes the destination address information and the corresponding matching time
  • the central node obtains the latest matching of each destination address information.
  • the central node updates the timeout value of the destination address information in the first global information base according to the latest matching time of the destination address information in the update information and the timeout value of the destination address information in the first global information base, and satisfies
  • the timeout destination address information and the corresponding application identifier record are deleted. Because the timeout record is periodically deleted, the correspondence of the central node summary is ensured. In turn, the accuracy of the global information database acquired by the service node is ensured, and the accuracy of guiding the data stream is improved.
  • a fifth embodiment of the present invention is directed to a server 50 comprising: at least one processor 501; and a memory 502 communicably coupled to at least one processor 501; wherein the memory 502 stores instructions executable by the at least one processor 501 The instructions are executed by at least one processor 501 to enable the at least one processor 501 to perform a method of booting the data stream of the service node.
  • the memory 502 and the processor 501 are connected in a bus manner, and the bus may include any number of interconnected buses and bridges that link together one or more processors 501 and various circuits of the memory 502.
  • the bus can also link various other circuits, such as peripherals, voltage regulators, and power management circuits, as is well known in the art and, therefore, will not be further described herein.
  • the bus interface provides an interface between the bus and the transceiver.
  • the transceiver can be an element or a plurality of elements, such as multiple receivers and transmitters, providing means for communicating with various other devices on a transmission medium.
  • the data processed by the processor is transmitted over the wireless medium via an antenna. Further, the antenna also receives the data and transmits the data to the processor.
  • the processor 501 is responsible for managing the bus and normal processing, and can also provide various functions including timing, peripheral interfaces, voltage regulation, power management, and other control functions.
  • the memory 502 can be used to store data used by the processor 502 in performing the operations.
  • a sixth embodiment of the present invention is directed to a server 60 comprising: at least one processor 601; and a memory 602 communicatively coupled to at least one processor 601; wherein the memory 602 stores instructions executable by the at least one processor 601 The instructions are executed by at least one processor 601 to enable the at least one processor 601 to perform a method of booting the data stream of the central node.
  • the memory 602 and the processor 601 are connected in a bus manner, and the bus may include any number of interconnected buses and bridges that link together one or more processors 601 and various circuits of the memory 602.
  • the bus can also link various other circuits, such as peripherals, voltage regulators, and power management circuits, as is well known in the art and, therefore, will not be further described herein.
  • the bus interface provides an interface between the bus and the transceiver.
  • the transceiver can be an element or a plurality of elements, such as multiple receivers and transmitters, providing means for communicating with various other devices on a transmission medium.
  • the data processed by the processor is transmitted over the wireless medium via an antenna. Further, the antenna also receives the data and transmits the data to the processor.
  • the processor 601 is responsible for managing the bus and normal processing, and can also provide various functions including timing, peripheral interfaces, voltage regulation, power management, and other control functions.
  • the memory 602 can be used to store data used by the processor 602 when performing operations.
  • a seventh embodiment of the present invention relates to a system for guiding a data stream, comprising a central node 10 and at least one service node 20; and a service node 20 for performing the data flow guiding method in the first embodiment or the second embodiment
  • the central node 10 is for performing a booting method of the data stream in the third embodiment or the fourth embodiment.
  • the service node may be two, three, etc.
  • three service nodes are taken as an example, as shown in FIG. 7.
  • An eighth embodiment of the present invention relates to a computer readable storage medium storing a computer program capable of implementing guidance of a data stream mentioned in any one of the first to fourth embodiments when executed by a processor method.
  • a program instructing related hardware may be completed by a program instructing related hardware, and the program is stored in a storage medium, and includes a plurality of instructions for making a device (which may be a single chip microcomputer). , a chip, etc. or a processor performs all or part of the steps of the methods described in various embodiments of the present application.
  • the foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, and the like. .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本发明实施例涉及网络流量引导技术,公开了一种数据流的引导方法、服务器和系统。本发明中的数据流的引导方法,应用于服务节点,包括:基于第一全局信息库对数据流进行引导,第一全局信息库中包含至少一个目的地址信息及其对应的应用程序标识;根据第一预设时长内流经的数据流的目的地址信息及其对应的应用程序标识,确定第一全局信息库的变化信息;将变化信息上传给中心节点,由中心节点根据至少一个服务节点上传的变化信息更新第一全局信息库,生成第二全局信息库;从中心节点获取第二全局信息库,并基于第二全局信息库对数据流进行引导。本实施方式,使得可以快速准确地识别数据流,提高流量识别的效率,从而提高了流量引导的速度和准确性。

Description

一种数据流的引导方法、服务器和系统 技术领域
本发明实施例涉及网络流量引导技术,特别涉及一种数据流的引导方法、服务器和系统。
背景技术
随着因特网(Internet)重要性的日益提高和网络结构的日益复杂,网络用户迅猛增加,各种新的网络应用、服务、标准和协议层出不迭。网络管理者只有随时了解当前网络的运行状态,掌握网络中各种流量的情况,才能对网络进行适度的控制,因此,流量识别十分必要。目前国内外使用的流量识别方法主要是基于深度包检测进行的识别,即流量识别是通过深度包检测技术对流量的数据报文进行检测,来确定流量属于哪一种应用的技术。深度包检测(Deep Packet Inspection,简称“DPI”)是一种基于数据包的深度检测技术,针对不同的网络应用层载荷,例如:超文本传输协议(HTTP)、域名系统(DNS)等,进行深度检测,通过对报文的有效载荷检测决定其合法性。
数据流(或者流量)指的是在同一对目的地址信息和源地址之间传输的一系列的数据报文集合。目前流量识别是对流量进行实时的在线动态识别,这种流量识别方式,通常是对数据流的首包进行特征识别,并在识别后对数据流进行引导;而一条数据流一旦确定了引导的路径后是无法更改的,若出现首包无法识别,或者该数据流已经导向某条路径了的情况,那么即使后面几个包可以识别出该条数据流属于的应用程序标识,也无法再对该条数据流的路径进行更改,这不仅降低了对数据流识别的准确性,也影响了对数据流引导的准确性。
为了克服上述的问题,现在又出现另一种数据流识别方式,即通过对数据流的目的地址信息识别的方式实现对数据流的识别,则数据流的引导过程为:新的数据流流经该服务器时,直接将新数据流的目的地址信息同保存的对应关系进行匹配,若匹配成功,则该数据流按照匹配的对应关系中的应用程序标识的预设路由策略引导,其中,对应关系为数据流的目的地址信息和应用程序标识的对应关系。
发明人发现现有技术中至少存在如下问题:虽然通过对数据流的目的地址信息进行识别的方式解决了首包无法识别的问题,但是由于服务器依靠自身统计的对应关系进行数据流引导,使得统计过程漫长且统计不全面,不能快速且准确的确定出当前数据流的目的地址信息 对应的应用程序的标识,数据流引导的效率不高。
发明内容
本发明实施方式的目的在于提供一种数据流的引导方法、服务器和系统,使得可以快速准确地识别数据流,提高流量识别的效率,从而提高了流量引导的速度和准确性。
为解决上述技术问题,本发明的实施方式提供了一种数据流的引导方法,应用于服务节点,包括:基于第一全局信息库对数据流进行引导,其中,第一全局信息库中包含至少一个目的地址信息及其对应的应用程序标识;根据第一预设时长内流经的数据流的目的地址信息及其对应的应用程序标识,确定第一全局信息库的变化信息;将变化信息上传给中心节点,由中心节点根据至少一个服务节点上传的变化信息更新第一全局信息库,生成第二全局信息库;从中心节点获取第二全局信息库,并基于第二全局信息库对数据流进行引导。
本发明的实施方式还提供了一种数据流的引导方法,应用于中心节点,包括:接收至少一个服务节点各自上传的第一全局信息库的变化信息,其中,该第一全局信息库中包含目的地址信息及其对应的应用程序标识;对各个所述服务节点上传的所述变化信息进行处理,得到总变化信息;根据总变化信息对该第一全局信息库进行更新,得到第二全局信息库。
本发明的实施方式还提供了一种服务器,包括:至少一个处理器;以及,与至少一个处理器通信连接的存储器;其中,存储器存储有可被至少一个处理器执行的指令,指令被至少一个处理器执行,以使至少一个处理器能够执行应用于服务节点的数据流的引导方法。
本发明的实施方式还提供了一种服务器,包括:至少一个处理器;以及,与至少一个处理器通信连接的存储器;其中,存储器存储有可被至少一个处理器执行的指令,指令被至少一个处理器执行,以使至少一个处理器能够执行应用于中心节点的数据流的引导方法。
本发明的实施方式还提供了一种数据流的引导系统,包含中心节点和至少一个服务节点,该服务节点,用于执行应用于该服务节点的数据流引导方法,中心节点,用于执行应用于该中心节点的数据流引导方法。
本发明实施方式相对于现有技术而言,服务节点可基于第一全局信息库对数据流进行引导,由于数据流的不确定性,以及相应的目的地址信息及其对应的应用程序标识存在过期、更新等可能,在第一预设时长内,各个服务节点通过对变化信心进行统计,并将该变化信息上传至中心节点,该中心节点根据各个服务节点上传的变化信息更新第一全局信息库,由于中心节点接收到来自多个服务节点上传的变化信息,丰富了第一全局信息库的变化信息,从而使该第一全局信息库的变化信息更加全面、详细,使得基于变化信息更新得到的第二全局 信息库更加准确和全面。在新的周期里,服务节点从中心节点获取第二全局信息库,并基于该第二全局信息库对数据流进行引导,可以提高匹配成功度,加快了单个服务节点对数据流的引导的速度,提高了数据流引导的效率。
另外,根据第一预设时长内流经的数据流的目的地址信息及其对应的应用程序标识,确定第一全局信息库的变化信息,具体包括:判断第一全局信息库中是否存在数据流的目的地址信息,若是,则记录目的地址信息及其对应的应用程序标识的匹配记录;若否,服务节点对数据流进行特征识别,并记录特征识别的结果。若第一全局信息库中存在目的地址信息,记录该目的地址信息及其对应的应用程序标识的匹配记录,使得服务节点可以无需对该数据流进行特征识别,获取目的地址信息对应的应用程序标识。若第一全局信息库中未存在的目的地址信息,则对该数据流进行特征识别,并记录该特征识别的结果,使得服务节点可以根据特征识别结果进行后续的处理。
另外,第一全局信息库的变化信息包括:更新信息和增量信息;其中目的地址信息及其对应的应用程序标识的匹配记录统计为更新信息;特征识别的结果统计为增量信息。经过特征识别得到的结果,第一全局信息库中不存在的数据流的目的地址信息,因而可以将特征识别的结果统计为该第一全局信息库的增量信息,从而实现了准确获取第一全局信息库增量信息。
另外,特征识别的结果具体包括:数据流的目的地址信息,及服务节点通过特征识别后得到的目的地址信息对应的应用程序标识;以及无法通过特征识别得到应用程序标识的数据流的目的地址信息。对未保存在第一全局信息库中的数据流的目的地址信息的全面记录,增强了第一全局信息库的准确性。
另外,基于第一全局信息库对数据流进行引导具体包括:从数据流中解析出目的地址信息;判断第一全局信息库中是否存在目的地址信息,若是,获取目的地址信息对应的应用程序标识,并将该数据流按照应用程序标识对应的预设路由策略进行引导,否则,对数据流进行特征识别,并基于识别结果对数据流进行引导。基于第一全局信息库对数据流进行引导时,通过判断在第一全局信息库中是否存在目的地址信息,若存在,则可以快速地从第一全局信息库中获取该数据流对应的应用程序标识,从而直接按照对应的应用程序的预设路由策略进行数据流引导,无需进行特征识别,提高对该数据流的引导速度;若第一全局数据库中不存在该数据流的目的地址信息,则对该数据流进行特征识别,根据特征识别结果进行流量引导,从而避免了因数据流的首包无法识别而造成无法对数据流引导的情况。
另外,目的地址信息包含目的IP地址、目的端口地址、传输层协议中的一种或多种。
附图说明
一个或多个实施例通过与之对应的附图中的图片进行示例性说明,这些示例性说明并不构成对实施例的限定,附图中具有相同参考数字标号的元件表示为类似的元件,除非有特别申明,附图中的图不构成比例限制。
图1是根据本发明第一实施方式的一种数据流的引导方法的具体流程示意图;
图2是根据本发明第二实施方式的一种数据流的引导方法中基于第一全局信息库对数据流进行引导的具体流程示意图;
图3是根据本发明第三实施方式的一种数据流的引导方法的具体流程示意图;
图4是根据本发明第四实施方式的一种数据流的引导方法中具体流程示意图;
图5是根据本发明第五实施方式的一种服务器的具体的结构示意图;
图6是根据本发明第六实施方式的一种服务器的具体的结构示意图;
图7是根据本发明第七实施方式的一种数据流的引导系统的具体的结构示意图。
具体实施方式
为使本发明实施例的目的、技术方案和优点更加清楚,下面将结合附图对本发明的各实施方式进行详细的阐述。然而,本领域的普通技术人员可以理解,在本发明各实施方式中,为了使读者更好地理解本申请而提出了许多技术细节。但是,即使没有这些技术细节和基于以下各实施方式的种种变化和修改,也可以实现本申请所要求保护的技术方案。
本发明的第一实施方式涉及一种数据流的引导方法。该方法应用于服务节点,服务节点可以为系统服务端,也可以为客户端,本实施方式中不限制服务节点的类型。服务节点与中心节点通信连接,基于该通信连接可实现相互之间的数据传输,其中,一个中心节点对应的服务节点的数目至少为1个。具体的流程如图1中所示。
步骤101:基于第一全局信息库对数据流进行引导,其中,第一全局信息库中包含至少一个目的地址信息及其对应的应用程序标识。
具体的说,服务节点从中心节点处获取第一全局信息库,第一全局信息库中记录了目的地址信息及目的地址信息对应的应用程序标识,包含至少一个目的地址信息及其对应的应用程序标识,其中,目的地址信息包含目的IP地址、目的端口地址、传输层协议中的一种或多种,应用程序标识是用于识别应用程序的信息,可包含应用程序名称或者其他可以用于识别该应用程序的信息。
基于第一全局信息库对数据流进行引导,具体包含获取流经服务节点的数据流,并解析出数据流的目的地址信息,再基于所述目的地址信息匹配第一全局信息库,获知发送所述数据流的应用程序标识,从而根据应用程序标识对应的路由规则对所述数据流进行引导。当然,基于第一全局信息库对数据流进行引导的方法并不限于本实施方式中列举,还可以是其他的数据流的引导方法。
步骤102:根据第一预设时长内流经的数据流的目的地址信息及其对应的应用程序标识,确定第一全局信息库的变化信息。
具体的说,第一预设时长可以根据流经服务节点的数据流的总条数及流速决定,流速越快,第一预设时长就越短,反之,则第一预设时长就越长,例如,若在1分钟内流经服务节点的数据流条数为100条,则可以将第一预设时长设置为5分钟。在本发明的其他实施例中,预设时长也可以是一个固定的时长,分别应用在各个服务节点上。
服务节点在第一预设时长内确定第一全局信息库的变化信息的过程包含:判断第一全局信息库中是否存在数据流的目的地址信息,若是,则记录该条匹配到的目的地址信息及其对应的应用程序标识的匹配记录,其中匹配记录包含当前匹配操作的时间信息;若否,服务节点对数据流进行特征识别,并记录特征识别的结果。
具体而言,服务节点可以通过对流经的数据流的特征信息进行识别得到数据流的目的地址信息对应的应用程序标识。服务节点对数据流进行特征识别的大致过程可以是:提取该数据流的五元组信息,以获取到该数据流的目的地址信息,即目的IP地址,当然,也可以根据需求同时获取目的端口号、传输层协议作为目的地址信息的信息组合;基于DPI深度包检测(Deep Packet Inspection,简称“DPI”)或其他数据包检测技术,对数据流的特征信息进行特征识别,获取识别结果,其中识别结果包含识别得到的发送该数据流的应用程序标识,或无法识别得到应用程序标识的结论。
第一全局信息库的变化信息包括:更新信息和增量信息;其中,更新信息包含目的地址信息及其对应的应用程序标识的匹配记录;增量信息包含特征识别的结果。特征识别的结果包括:数据流的目的地址信息,及服务节点通过特征识别后得到的目的地址信息对应的应用程序标识;以及无法通过特征识别得到应用程序标识的数据流的目的地址信息。
值得注意的是,服务节点对变化信息确认是周期性执行的,在本实施例中,以第一预设时长为一个更新周期,当前更新周期使用的第一全局信息库为中心节点根据上一个更新周期中所有服务节点上传的变化信息对上一个更新周期中使用的全局信息库更新后得到的,下一个更新周期中服务节点使用的全局信息库为中心节点根据当前更新周期内各服务节点上传的 变化信息对第一全局信息库更新后得到的第二全局信息库。值得注意的是,本发明的其他实施例中,更新周期的时长可以选取一个其他预设时长,但该其他预设时长需大于第一预设时长。
步骤103:将变化信息上传给中心节点,由该中心节点根据服务节点上传的变化信息更新第一全局信息库,生成第二全局信息库。
具体的说,服务节点将变化信息上传给中心节点,上传的周期可对应为上述的更新周期,也可以是根据预设的另一个上传周期进行上传。中心节点根据至少一个服务节点上传的变化信息更新第一全局信息库,其中,至少一个服务节点包含与该中心节点连接的所有服务节点,换言之,从中心节点的角度来看,与其连接的所有服务节点将上传各自收集的变化信息,以进行后续的分析统计。
由于各服务节点上传的变化信息可能会出现重复、冲突等状况,中心节点接收到各个服务节点上传的第一全局信息库的变化信息,进行汇总,并汇总后的变化信息冲突处理,得到总的变化信息。冲突处理的方式有多种,例如,通过对每个应用程序标识设置优先级,根据优先级的级别,保留优先级最高的应用程序标识,或者,根据中心节点接收第一全局信息库的变化信息的先后顺序消除有冲突的变化信息。中心节点根据总的变化信息,更新第一全局信息库,生成第二全局信息库。其中,中心节点对变化信息的具体处理方式将在后文进行详细说明。
步骤104:从中心节点获取第二全局信息库,并基于第二全局信息库对数据流进行引导。
具体的说,服务节点从中心节点下载第二全局信息库,并基于第二全局信息库对数据流进行引导,引导的方法与步骤101中的方法大致相同,由于第二全局信息库中的记录的目的地址信息及其对应的应用程序标识,是根据至少一个服务节点上传的第一全局信息库的变化信息更新所得,使得服务节点得到的第二全局信息库中的记录更加全面、丰富。
本发明实施方式相对于现有技术而言,服务节点可基于第一全局信息库对数据流进行引导,由于数据流的不确定性,以及相应的目的地址信息及其对应的应用程序标识存在过期、更新等可能,在第一预设时长内,各个服务节点通过对变化信息进行统计,并将该变化信息上传至中心节点,该中心节点根据各个服务节点上传的变化信息更新第一全局信息库,由于中心节点接收到来自多个服务节点上传的变化信息,丰富了第一全局信息库的变化信息,从而使得该第一全局信息库的变化信息更加全面、详细,使得基于变化信息更新得到的第二全局信息库更加准确和全面。在新的周期里,服务节点从中心节点获取第二全局信息库,基于该第二全局信息库对数据流进行引导,可以提高匹配成功度,加快单个服务节点对数据流的 引导速度,提高了数据流引导的效率。
本发明的第二实施方式涉及一种数据流的引导方法。本实施方式是对第一实施方式的进一步改进,本实施方式改进了服务节点基于全局信息库对数据流进行引导的方法,值得说明的是,上文提及的第一全局信息库和第二全局信息库是为了区分说明不同周期中使用的全局信息库,而无论是第一还是第二全局信息库,服务节点基于其所进行的数据流引导方法都相同,本实施例中,将以第一全局信息库为例,进行说明具体的流程如图2中所示,所述方法包含步骤:
步骤2011:从数据流中解析出目的地址信息。
具体的说,服务节点可以对流经的数据流进行抓包,并对抓包的数据进行解析(如解析数据流的首包长度、源地址、目的地址、版本号等),获取该数据流的目的地址信息。其中,目的地址信息包含目的IP地址、目的端口地址、传输层协议中的一种或多种。在一较佳实施例中,目的地址信息为目的IP地址、目的端口地址和传输层协议三者的组合,以该三者组成目的地址信息组合,可以更准确的对数据进行定位。本实施方式不限制目的地址信息所包含的具体内容,本实施方式中以目的地址信息为目的IP地址、目的端口地址和传输层协议为例进行说明。当然,从数据流中解析出目的地址信息的方法还可以采用其他的解析方式,此处不再一一列举。
步骤2012:判断第一全局信息库中是否存在目的地址信息,若是,则执行步骤2013,否则,执行步骤2014。
具体的说,第一全局信息库中保存有目的地址信息及其对应的应用程序标识,判断第一全局信息库中是否存在该目的地址信息,例如,可以对第一全局信息库中的每一个目的地址信息进行遍历,查询是否存在解析出的目的地址信息。当然,也可以采用其他的判断方式,此处的遍历方法仅作为举例。
步骤2013:获取目的地址信息对应的应用程序标识,并将该数据流按照应用程序标识对应的预设路由策略进行引导。
具体的说,基于步骤2012判断出第一全局信息库中存在数据流的目的地址信息,基于匹配到的目的地址信息,可直接获取该目的地址信息对应的应用程序标识,第一全局信息库中的每一个应用程序标识对应的预设路由策略都会预先设置在服务节点上,当服务节点获取到发送数据流的应用程序标识时,就可以基于该应用程序对应的预设路由策略对该数据流进行引导,从而可实现针对不同的应用程序设置不同的路由策略,已提供对应的流量引导服务,具体的路由策略的设置可根据实际需求来进行设定,本发明并不限制。
步骤2014:对数据流进行特征识别,并基于识别结果对数据流进行引导。
具体的说,经过步骤2012后判断第一全局信息库中不存在数据流的目的地址信息,那么服务节点可基于DPI或其他数据包检测技术,对数据流进行特征识别,获取识别结果。若对该数据流的特征识别成功,则可以获取该数据流对应的应用程序标识,进而按照该应用程序标识对应的预设路由策略对该数据流进行引导;若是对该数据流的特征识别失败,表明无法识别该数据流,则可以按照默认的预设路由策略对数据流进行引导。
本实施方式提供的数据流的引导方法,基于第一全局信息库对数据流进行引导时,先通过判断在第一全局信息库中是否存在目的地址信息,若存在,则可以快速地从第一全局信息库中获取该数据流对应的应用程序标识,从而实现该数据流按照对应的应用程序的预设路由策略进行数据流引导,使得该数据流可以无需进行特征识别即可进行数据流引导,提高对该数据流的引导速度;若第一全局信息库中不存在该数据流的目的地址信息,则对该数据流进行特征识,根据特征识别结果进行流量引导,从而避免了因第一全局信息库中内容不全而造成无法对数据流引导的情况,增强了对数据流的引导的准确性;且由于将数据流分成了两种情况,采用不同的引导方式,提高了数据流引导的速度和准确性。
本发明的第三实施方式涉及一种数据流的引导方法,该方法应用于中心节点,本实施方式中,以一个中心节点对应多个服务节点为例,具体的流程如图3所示,包含:
步骤301:接收至少一个服务节点各自上传的第一全局信息库的变化信息,其中,第一全局信息库中包含目的地址信息及其对应的应用程序标识。
具体的说,本实施例中,中心节点连接多个服务节点,中心节点接收各个服务节点上传的第一全局信息库的变化信息,其中,第一全局信息库中包含目的地址信息及其对应的应用程序标识,也就是说,在第一全局信息库中,通过目的地址信息即可查找到与其对应的应用程序标识。各服务节点获取变化信息的具体方法可参见图1所示实施例,在此不再赘述。
步骤302:对各个服务节点上传的变化信息进行处理,得到总变化信息。
如图1所示实施例中所述,服务节点上传的变化信息中包含增量信息,其中,增量信息中包含服务节点对无法从第一全局信息库库中匹配到相应记录的数据流的目的地址信息,且经过特征识别后得到的该目的地址信息及其识别获得的应用程序标识,以及经过特征识别后,无法确定应用程序标识的目的地址信息。由于中心节点接收来自不同服务节点上传的增量信息,其中可能会有重复、冲突的部分,故在本实施例中,对变化信息进行处理包含对各个服务节点上传的增量信息进行冲突处理。
具体的说,冲突处理主要包括去重、矛盾处理及新增,其中去重包含对各个服务节点上 传的增量信息中,目的地址信息及其对应的应用程序标识相同的记录进行确认和清理,已保存唯一记录,从而防止重复记录;矛盾处理包含对各个服务节点上传的增量信息中,目的地址信息相同,但对应的应用程序标识不同的记录的处理,以统一记录;新增包含对各服务节点上传的增量信息中,无法通过特征识别获得对应应用程序标识的目的地址信息进行解析分析,以获取其所对应的应用程序标识。
本实施方式将列举两种矛盾处理的方式以说明,当然,冲突处理的方法不限制于本实施方式中提出的方法,还可以是其他的冲突处理方法。
第一种矛盾处理的方法:对目的地址信息对应的应用程序标识设置优先级,以优先级高的应用程序标识作为矛盾信息中的目的地址信息对应的应用程序标识。例如,假设有应用程序标识A、应用程序标识B和应用程序标识C,设置应用程序标识A的优先级为3,应用程序标识B的优先级为1,应用程序标识C的优先级为2,优先级排序为:3的优先级高于2的优先级,2的优先级高于1的优先级。在进行矛盾处理时,根据设置的优先级,保留高优先级的应用程序标识的记录。通过应用程序标识中的优先级,可以快速的消除发生冲突的目的地址信息及其对应的应用程序的记录。需要说明的是,对应用程序标识对应的优先级可以根据实际需求设置。
例如,假设应用程序标识a对应的优先级为3,应用程序标识b对应的优先级为2,应用程序标识c对应的优先级为1,其中,优先级由高到低为:3、2、1;若此时各服务节点上传的增量信息中,出现了目的地址信息1与应用程序标识a对应,目的地址信息1与应用程序标识b对应,以及目的地址信息1与应用程序标识c对应,中心节点将进行冲突处理,分别获取3个对应关系中的应用程序标识的优先级,保留高优先级的应用程序标识的记录,则确定目的地址信息1及其对应的应用程序标识a,即保留目的地址信息1及其对应的应用程序a的记录,删除目的地址信息1及其对应的应用程序标识b的记录和目的地址信息1及其对应的应用程序标识c的记录。
此外,目的地址信息对应的应用程序标识设置的优先级还可以是根据应用程序的特征维度进行设置。即每一个目的地址信息对应的应用程序标识表示的应用程序有对应的特征维度(例如,灵敏度),特征维度值可以人为设置。选取一个特征维度值作为消除冲突的标准,获取各个应用程序标识中的特征维度值,根据获取到的特征维度值,确定各个应用程序标识对应的优先级,保留最高优先级级别的应用程序标识。例如,应用程序标识A的灵敏度值为3,应用程序标识B的灵敏度值为2,应用程序标识C的灵敏度值为1,则灵敏度值越高则对应的优先级越高,即优先级排序为:3的优先级高于2的优先级,2的优先级高于1的优先级。 若出现同一个目的地址信息对应不同的应用程序标识时,则获取目的地址信息对应的不同应用程序标识的特征维度值,根据该特征维度值对应优先级,确定出该目的地址信息对应的应用程序标识。
第二种矛盾处理的方法:根据接目的地址信息及其对应的应用程序标识记录时间的先后确定。例如,假设目的地址信息1及其对应的应用程序标识a的记录时间为T1,目的地址信息1及其对应的应用程序标识b的记录时间为T2,以及目的地址信息1及其对应的应用程序标识c的记录时间为T3,其中T3为最近时刻,中心节点最终保留目的地址信息1及其对应的应用程序标识c。
所述新增具体包括:中心节点查询获得目的地址信息对应的应用程序标识,并记录。
具体的说,服务节点在第一预设时长内接收到的数据流的目的地址信息既不包含于第一全局信息库中,又无法通过特征识别获取该目的地址信息对应的应用程序标识,记录在增量信息中,并上传至中心节点,中心节点从该增量信息中获取该目的地址信息,通过主动查询的方式获取该目的地址信息对应的应用程序标识,主动查询的方式可以采用以下列举的方式,当然,主动查询的方式并不限于本实施方式中所列举的方式。
第一种查询方式:中心节点向DNS服务器发送DNS请求,获取预设域名对应的地址信息(如IP地址),比较获取的地址信息是否与目的地址信息相同,若是,则可以确定该目的地址信息的域名为预设域名,并根据预设域名找到该域名对应的应用程序标识,从而确定出目的地址信息及其对应的应用程序标识。
例如,假设增量信息中目的地址信息为“119.75.213.61”,预设域名为“www.aa.com”,且该预设域名对应的应用程序标识为“AA”,向DNS服务器查询预设域名对应的IP地址为“119.75.213.61”,判断预设域名对应的IP地址与目的地址信息相同,则确定目的地址信息对应的应用程序标识为预设域名对应的应用程序标识“AA”。
第二种查询方式:中心节点按照特定的统一资源定位符(Uniform Resource Locator,简称“URL”)地址发送HTTP请求,解析获取到的返回结果,获取目的地址信息对应的应用程序标识。
第三种查询方式:向预设的服务器发送查询请求,根据预设服务器返回的查询结果,可以确定目的地址信息对应的应用程序标识,例如,在返回结果中抓取信息,获取应用程序标识。
通过上述去重、矛盾处理及新增,中心节点可完成对各服务节点上传的增量信息的冲突处理,并获得总变化信息。
步骤303:根据该总变化信息对该第一全局信息库进行更新,得到第二全局信息库。
一个可能的实施方式中,总变化信息直接新增进第一全局信息库中。
本实施方式中,中心节点通过接收至少一个服务节点各自上传的第一全局信息库的变化信息,并根据变化信息对第一全局信息库进行更新,得到第二全局信息库。中心节点通过多个服务节点获取对应的多个第一全局信息库的变化信息,使得中心节点获取到的第一全局信息库的变化信息更加丰富,进而使得根据第一全局信息库的变化信息得到的第二全局信息库的数据更加准确。另外,第一全局信息库中包含了增量信息,增量信息包含服务节点在第一预设时长内统计到的未包含在第一全局信息库中的对应关系,由于至少一个服务节点上传增量信息,使得中心节点获得的增量信息中存在有冲突的对应关系,因此,通过矛盾处理,消除了上传的增量信息中的有冲突的对应关系,进一步使得中心节点在汇总上传的增量信息,得到的目的地址信息及其对应的应用程序的记录更加准确。且中心节点通过主动查询方式获取增量信息中无法识别的目的地址信息对应的应用程序标识,进一步丰富了第二全局信息库中的目的地址信息及其对应的应用程序标识的记录,从而进一步提升了数据流的引导速度。
本发明的第四实施方式涉及一种数据流的引导方法,本实施方式中,第一全局信息库的变化信息包括更新信息,更新信息包括服务节点在第一预设时长内基于第一全局信息库匹配得到的目的地址信息及其对应应用程序标识的最新匹配时间,其中,第一全局信息库中的每一个目的地址信息设有一个超时时间值,更新的流程如图4中所示:
步骤401:接收至少一个服务节点各自上传的第一全局信息库的变化信息,其中,第一全局信息库中包含目的地址信息及其对应的应用程序标识。
步骤402:第一全局信息库的变化信息包括更新信息,中心节点整理各个服务节点上传的更新信息,获得各个目的地址信息最新的匹配时间,得到总变化信息。
具体的说,中心节点接收服务节点上传的更新信息,从更新信息中查询目的地址信息对应的匹配时间,并将查询得到的匹配时间作为该目的地址信息最新的匹配时间。
步骤403:根据第一全局信息库中目的地址信息的超时时间值及处理得到更新信息,更新第一全局信息库。
具体的说,目的地址信息的超时时间值,用于指示目的地址信息及其对应的应用程序标识之间的对应关系的有效时间值,超时时间值可以是一个指定的日期,最小单位为小时,例如,假设目的地址信息1的超时时间值设置为2017年10月30日10时。中心节点收到更新信息后,经过整理后获得各个目的地址信息对应的最新的匹配时间,根据第一全局信息库中的目的地址信息的超时时间值和处理得到的各个目的地址信息的最新匹配时间,对第一全局 信息库中的目的地址信息的超时时间值进行更新,更新为最新的匹配时间,例如,假设更新信息中包含了目的地址信息2及对应的匹配时间“2017年10月20日10时”;第一全局信息库中包含了2个目的地址信息2,其中,目的地址信息2的超时时间值为2017年10月17日5时”,那么中心节点在17日5时接收到更新信息,获得目的地址信息2的最新匹配时间,则将第一全局信息库中的目的地址信息2的超时时间值更新为更新信息中的最新匹配时间,即第一全局信息库中的目的地址信息2的超时时间值更新为“2017年10月20日10时”。
需要说明的是,此步骤是对第一全局信息库中目的地址信息的超时时间值进行更新。
步骤404:在满足超时处理的预设条件的情况下,删除超时的目的地址信息及其对应的应用程序标识记录,得到第二全局信息库。
具体的说,超时处理的预设条件可以是为一个固定的周期,例如:超时处理的一个周期为20个小时,就对第一全局信息库进行遍历,获取第一全局信息库中每一个目的地址信息的超时时间值,判断获取到的超时时间值是否小于当前的时间值,若是,删除超时的目的地址信息及其对应的应用程序标识记录,否则,不对获取的目的地址信息做处理。下面将以一个具体的例子进行说明:
例如,假设超时处理的预设条件设置为“超过24个小时”,且每天在5时满足超过24小时的超时处理的预设条件,即中心节点每天5时开始对第一全局信息库进行超时处理。若第一全局信息库中的记录了目的地址信息1及其对应的应用程序D,目的地址信息2及其对应的应用程序F,其中,目的地址信息1的超时时间值为2017年10月17日10时,目的地址信息2的超时时间值为2017年10月20日10时,那么在2017年10月18日5时的时刻,中心节点开始对该第一全局信息库进行遍历,判断目的地址信息1的超时时间值是否小于当前的时间值,以及判断目的地址信息2的超时时间值是否小于当前的时间值,由于目的地址信息1的超时时间值小于当前的时间值,因此,删除目的地址信息1及其对应的应用程序F的记录,保留目的地址信息2及其对应的应用程序F的记录。
需要说明的是,超时时间值的形式并不限制于本实施方式中列举的,还可以有其他的方式,此处不再一一列举。
此外,值得一提的是,第一全局信息库的变化信息还可以同时包括增量信息和更新信息,中心节点在接收到增量信息和更新信息后,可以先进行冲突处理,冲突处理完成之后,再进行超时处理,根据冲突处理结果和超时结果,更新第一全局信息库,得到第二全局信息库;或者中心节点在接收到增量信息和更新信息后,可以先进行超时处理,再进行冲突处理,根据冲突处理结果和超时处理,更新第一全局信息库,得到第二全局信息库。也就是说,本实 施方式中,不限制进行冲突处理和超时处理的先后顺序。
本实施方式提供的数据流的引导方法中,第一全局信息库的变化信息中包含更新信息,且在更新信息中包含目的地址信息及对应的匹配时间,中心节点获得各个目的地址信息最新的匹配时间,中心节点根据更新信息中的目的地址信息的最新的匹配时间和第一全局信息库中目的地址信息的超时时间值,更新第一全局信息库中目的地址信息的超时时间值,并在满足超时处理的预设条件下,根据更新的超时时间值,删除超时的目的地址信息及其对应的应用程序标识的记录,由于周期性删除超时的记录,确保了中心节点汇总的对应关系的准确,进而确保了服务节点获取到的全局信息库的准确性,提高了对数据流的引导的准确性。
上面各种方法的步骤划分,只是为了描述清楚,实现时可以合并为一个步骤或者对某些步骤进行拆分,分解为多个步骤,只要包括相同的逻辑关系,都在本专利的保护范围内;对算法中或者流程中添加无关紧要的修改或者引入无关紧要的设计,但不改变其算法和流程的核心设计都在该专利的保护范围内。
本发明第五实施方式涉及一种服务器50,包括:至少一个处理器501;以及,与至少一个处理器501通信连接的存储器502;其中,存储器502存储有可被至少一个处理器501执行的指令,指令被至少一个处理器501执行,以使至少一个处理器501能够执行服务节点的数据流的引导方法。
其中,存储器502和处理器501采用总线方式连接,总线可以包括任意数量的互联的总线和桥,总线将一个或多个处理器501和存储器502的各种电路链接在一起。总线还可以将诸如外围设备、稳压器和功率管理电路等之类的各种其他电路链接在一起,这些都是本领域所公知的,因此,本文不再对其进行进一步描述。总线接口在总线和收发机之间提供接口。收发机可以是一个元件,也可以是多个元件,比如多个接收器和发送器,提供用于在传输介质上与各种其他装置通信的单元。经处理器处理的数据通过天线在无线介质上进行传输,进一步,天线还接收数据并将数据传送给处理器。
处理器501负责管理总线和通常的处理,还可以提供各种功能,包括定时,外围接口,电压调节、电源管理以及其他控制功能。而存储器502可以被用于存储处理器502在执行操作时所使用的数据。
本发明第六实施方式涉及一种服务器60,包括:至少一个处理器601;以及,与至少一个处理器601通信连接的存储器602;其中,存储器602存储有可被至少一个处理器601执行的指令,指令被至少一个处理器601执行,以使至少一个处理器601能够执行中心节点的数据流的引导方法。
其中,存储器602和处理器601采用总线方式连接,总线可以包括任意数量的互联的总线和桥,总线将一个或多个处理器601和存储器602的各种电路链接在一起。总线还可以将诸如外围设备、稳压器和功率管理电路等之类的各种其他电路链接在一起,这些都是本领域所公知的,因此,本文不再对其进行进一步描述。总线接口在总线和收发机之间提供接口。收发机可以是一个元件,也可以是多个元件,比如多个接收器和发送器,提供用于在传输介质上与各种其他装置通信的单元。经处理器处理的数据通过天线在无线介质上进行传输,进一步,天线还接收数据并将数据传送给处理器。
处理器601负责管理总线和通常的处理,还可以提供各种功能,包括定时,外围接口,电压调节、电源管理以及其他控制功能。而存储器602可以被用于存储处理器602在执行操作时所使用的数据。
本发明的第七实施方式涉及一种数据流的引导的系统,包含中心节点10和至少一个服务节点20;服务节点20,用于执行第一实施方式或第二实施方式中的数据流引导方法;中心节点10,用于执行第三实施方式或第四实施方式中的数据流的引导方法。例如,服务节点可以是2个、3个等,本实施方式中,以3个服务节点为例进行说明,如图7中所示。
本发明的第八实施方式涉及一种计算机可读存储介质,存储有计算机程序,该计算机程序被处理器执行时能够实现第一至第四实施方式中任意一个实施方式提到的数据流的引导方法。
本领域技术人员可以理解实现上述实施例方法中的全部或部分步骤是可以通过程序来指令相关的硬件来完成,该程序存储在一个存储介质中,包括若干指令用以使得一个设备(可以是单片机,芯片等)或处理器(processor)执行本申请各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。
本领域的普通技术人员可以理解,上述各实施方式是实现本发明的具体实施例,而在实际应用中,可以在形式上和细节上对其作各种改变,而不偏离本发明的精神和范围。

Claims (15)

  1. 一种数据流的引导方法,其特征在于,应用于服务节点,包括:
    基于第一全局信息库对数据流进行引导,其中所述第一全局信息库中包含至少一个目的地址信息及其对应的应用程序标识;
    根据第一预设时长内流经的所述数据流的目的地址信息及其对应的应用程序标识,确定所述第一全局信息库的变化信息;
    将所述变化信息上传给中心节点,由所述中心节点根据至少一个所述服务节点上传的变化信息更新所述第一全局信息库,生成第二全局信息库;
    从所述中心节点获取所述第二全局信息库,并基于所述第二全局信息库对数据流进行引导。
  2. 根据权利要求1所述的数据流的引导方法,其特征在于,根据第一预设时长内流经的所述数据流的目的地址信息及其对应的应用程序标识,确定所述第一全局信息库的变化信息,具体包括:
    判断所述第一全局信息库中是否存在所述数据流的目的地址信息,若是,则记录所述目的地址信息及其对应的应用程序标识的匹配记录;若否,所述服务节点对所述数据流进行特征识别,并记录特征识别的结果。
  3. 根据权利要求2所述的数据流的引导方法,其特征在于,所述第一全局信息库的变化信息包括:更新信息和增量信息;其中所述目的地址信息及其对应的应用程序标识的匹配记录统计为所述更新信息;所述特征识别的结果统计为所述增量信息。
  4. 根据权利要求2所述的数据流的引导方法,其特征在于,所述特征识别的结果具体包括:
    所述数据流的目的地址信息,及所述服务节点通过特征识别后得到的所述目的地址信息对应的应用程序标识;
    以及无法通过特征识别得到应用程序标识的所述数据流的目的地址信息。
  5. 根据权利要求1所述的数据流的引导方法,其特征在于,所述基于第一全局信息库对数据流进行引导,具体包括:
    从所述数据流中解析出目的地址信息;
    判断所述第一全局信息库中是否存在所述目的地址信息,若是,获取所述目的地址信息对应的应用程序标识,并将所述数据流按照所述应用程序标识对应的预设路由策略进行引导, 否则,对所述数据流进行特征识别,并基于识别结果对所述数据流进行引导。
  6. 根据权利要求1所述的数据流的引导方法,其特征在于,所述目的地址信息包含目的IP地址、目的端口地址、传输层协议中的一种或多种。
  7. 一种数据流的引导方法,其特征在于,应用于中心节点,包括:
    接收至少一个服务节点各自上传的第一全局信息库的变化信息,其中,所述第一全局信息库中包含目的地址信息及其对应的应用程序标识;
    对各个所述服务节点上传的所述变化信息进行处理,得到总变化信息;
    根据所述总变化信息对所述第一全局信息库进行更新,得到第二全局信息库。
  8. 根据权利要求7所述的数据流的引导方法,其特征在于,所述第一全局信息库的变化信息包括增量信息,其中,所述增量信息中包含所述服务节点在第一预设时长内经过特征识别得到的未包含在所述第一全局信息库中的目的地址信息及其对应的应用程序标识;
    所述对各个所述服务节点上传的所述变化信息进行处理,具体包括:
    对各个所述服务节点上传的所述增量信息进行冲突处理。
  9. 根据权利要求8所述的数据流的引导方法,其特征在于,所述增量信息更包含所述服务节点在第一预设时长内接收到的数据流的目的地址信息未包含在所述第一全局信息库中,且无法通过特征识别获得对应的应用程序标识的目的地址信息;
    所述对各个所述服务节点上传的所述变化信息进行处理,具体包括:
    所述中心节点查询获得所述目的地址信息对应的应用程序标识,并记录。
  10. 根据权利要求8或9所述的数据流的引导方法,其特征在于,所述根据所述总变化信息对所述第一全局信息库进行更新,得到第二全局信息库,具体包括:
    将所述冲突处理结果和/或所述查询得到的记录结果,添加进所述第一全局信息库中。
  11. 根据权利要求7所述的数据流的引导方法,其特征在于,所述第一全局信息库的变化信息包括更新信息,所述更新信息包括所述服务节点在第一预设时长内匹配到的包含在所述第一全局信息库中的目的地址信息,其中,所述更新信息中包含所述目的地址信息及对应的匹配时间,所述第一全局信息库中的每一个所述目的地址信息设有一个超时时间值;
    所述对各个所述服务节点上传的所述变化信息进行处理,具体包括:
    整理各个所述服务节点上传的所述更新信息,获得各个所述目的地址信息最新的匹配时间。
  12. 根据权利要求11所述的数据流的引导方法,其特征在于,所述根据所述总变化信息对所述第一全局信息库进行更新,得到第二全局信息库,具体包括:
    根据所述第一全局信息库中目的地址信息的超时时间值及处理得到更新信息,更新所述第一全局信息库;
    在满足超时处理的预设条件的情况下,删除超时的目的地址信息及其对应的应用程序标识记录,得到第二全局信息库。
  13. 一种服务器,其特征在于,包括:
    至少一个处理器;以及,
    与所述至少一个处理器通信连接的存储器;其中,
    所述存储器存储有可被所述至少一个处理器执行的指令,所述指令被所述至少一个处理器执行,以使所述至少一个处理器能够执行如权利要求1至6中任意一项所述的数据流的引导方法。
  14. 一种服务器,其特征在于,包括:
    至少一个处理器;以及,
    与所述至少一个处理器通信连接的存储器;其中,
    所述存储器存储有可被所述至少一个处理器执行的指令,所述指令被所述至少一个处理器执行,以使所述至少一个处理器能够执行如权利要求7至12中任意一项所述的数据流的引导方法。
  15. 一种数据流的引导系统,其特征在于,包含中心节点和至少一服务节点;
    所述服务节点,用于执行如权利要求1至6中任意一项所述的数据流的引导方法;
    所述中心节点,用于执行如权利要求7至12中任意一项所述的数据流的引导方法。
PCT/CN2018/077429 2017-12-29 2018-02-27 一种数据流的引导方法、服务器和系统 WO2019127895A1 (zh)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP18865331.5A EP3531640B1 (en) 2017-12-29 2018-02-27 Data stream guiding method, server, and system
US16/327,957 US20210344589A1 (en) 2017-12-29 2018-02-27 Method, server, and system for data stream redirecting

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201711475317.0A CN108282414B (zh) 2017-12-29 2017-12-29 一种数据流的引导方法、服务器和系统
CN201711475317.0 2017-12-29

Publications (1)

Publication Number Publication Date
WO2019127895A1 true WO2019127895A1 (zh) 2019-07-04

Family

ID=62802577

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/077429 WO2019127895A1 (zh) 2017-12-29 2018-02-27 一种数据流的引导方法、服务器和系统

Country Status (4)

Country Link
US (1) US20210344589A1 (zh)
EP (1) EP3531640B1 (zh)
CN (1) CN108282414B (zh)
WO (1) WO2019127895A1 (zh)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109039898B (zh) * 2018-08-08 2021-12-07 网宿科技股份有限公司 一种引流信息的管理方法及装置
CN109905325B (zh) * 2019-03-13 2022-09-30 厦门网宿有限公司 一种流量引导方法及流量识别设备
CN112532670B (zh) * 2019-09-19 2022-07-05 阿里巴巴集团控股有限公司 一种数据处理方法及其装置
CN115102778B (zh) * 2022-07-11 2024-05-24 深信服科技股份有限公司 一种状态确定方法、装置、设备及介质
CN117221242B (zh) * 2023-09-01 2024-09-03 安徽慢音科技有限公司 一种网络流向识别方法、设备及介质

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101184000A (zh) * 2007-12-14 2008-05-21 北京交通大学 基于报文采样和应用签名的互联网应用流量识别方法
CN101814977A (zh) * 2010-04-22 2010-08-25 北京邮电大学 利用数据流头部特征的tcp流量在线识别方法及装置
CN103297270A (zh) * 2013-05-24 2013-09-11 华为技术有限公司 应用类型识别方法及网络设备
CN106921637A (zh) * 2015-12-28 2017-07-04 华为技术有限公司 网络流量中的应用信息的识别方法和装置
CN107147588A (zh) * 2017-05-16 2017-09-08 网宿科技股份有限公司 流量引导方法和装置

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011083682A1 (ja) * 2010-01-05 2011-07-14 日本電気株式会社 スイッチネットワークシステム、コントローラ、及び制御方法
CN102301663B (zh) * 2011-07-06 2013-11-06 华为技术有限公司 一种报文处理方法及相关设备
JP2016131298A (ja) * 2015-01-13 2016-07-21 富士通株式会社 パス計算装置およびパス計算方法

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101184000A (zh) * 2007-12-14 2008-05-21 北京交通大学 基于报文采样和应用签名的互联网应用流量识别方法
CN101814977A (zh) * 2010-04-22 2010-08-25 北京邮电大学 利用数据流头部特征的tcp流量在线识别方法及装置
CN103297270A (zh) * 2013-05-24 2013-09-11 华为技术有限公司 应用类型识别方法及网络设备
CN106921637A (zh) * 2015-12-28 2017-07-04 华为技术有限公司 网络流量中的应用信息的识别方法和装置
CN107147588A (zh) * 2017-05-16 2017-09-08 网宿科技股份有限公司 流量引导方法和装置

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP3531640A4 *

Also Published As

Publication number Publication date
EP3531640A4 (en) 2019-12-11
US20210344589A1 (en) 2021-11-04
CN108282414B (zh) 2020-05-29
EP3531640B1 (en) 2020-12-30
CN108282414A (zh) 2018-07-13
EP3531640A1 (en) 2019-08-28

Similar Documents

Publication Publication Date Title
WO2019127895A1 (zh) 一种数据流的引导方法、服务器和系统
WO2021017884A1 (zh) 数据处理方法、装置及网关服务器
US10733245B2 (en) Methods and apparatus to track changes to a network topology
US7849227B2 (en) Stream data processing method and computer systems
US10362083B2 (en) Policy-based payload delivery for transport protocols
US9806974B2 (en) Efficient acquisition of sensor data in an automated manner
JP2001043158A (ja) 管理データ処理装置及び管理データ処理プログラムを記録したコンピュータ読取可能な記録媒体
US20030187868A1 (en) Data acquisition system
JP2004005085A (ja) ストレージネットワーク性能測定システム
US8489631B2 (en) Distributing a query
CN106326280B (zh) 数据处理方法、装置及系统
CN114500645A (zh) 数据采集系统及数据采集方法
CN111182072A (zh) 会话请求的应用识别方法、装置和计算机设备
US11870703B2 (en) Method for configuring and managing TSN network and system applying the method
WO2022028170A1 (zh) 一种数据传输方法、相关网络节点和存储介质
CN111064729B (zh) 报文的处理方法及装置、存储介质和电子装置
CN110543509B (zh) 用户访问数据的监控系统、方法、装置及电子设备
WO2020024402A1 (zh) 一种流量特征的管理方法、装置及中心节点服务器
CN113612771B (zh) 一种基于物联认证的保护方法和装置
CN108763291B (zh) 一种数据管理方法、装置及电子设备
CN114845248B (zh) 用户位置获取方法、前置机、设备及系统
WO2019120629A1 (en) On-demand snapshots from distributed data storage systems
CN106656586A (zh) 网络资源管理系统以及历史性能数据的处理方法
CN109194520B (zh) 一种Trap信息处理方法及装置
CN118677936A (zh) Cpe设备用户数据分析统计方法、装置、计算机设备及存储介质

Legal Events

Date Code Title Description
ENP Entry into the national phase

Ref document number: 2018865331

Country of ref document: EP

Effective date: 20190409

NENP Non-entry into the national phase

Ref country code: DE