WO2022100581A1 - Method for processing ipfix message, storage medium, network switching chip and asic chip - Google Patents

Method for processing ipfix message, storage medium, network switching chip and asic chip Download PDF

Info

Publication number
WO2022100581A1
WO2022100581A1 PCT/CN2021/129606 CN2021129606W WO2022100581A1 WO 2022100581 A1 WO2022100581 A1 WO 2022100581A1 CN 2021129606 W CN2021129606 W CN 2021129606W WO 2022100581 A1 WO2022100581 A1 WO 2022100581A1
Authority
WO
WIPO (PCT)
Prior art keywords
ipfix
flow
flow table
processing
ipfix message
Prior art date
Application number
PCT/CN2021/129606
Other languages
French (fr)
Chinese (zh)
Inventor
朱涛
周伟
Original Assignee
苏州盛科通信股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 苏州盛科通信股份有限公司 filed Critical 苏州盛科通信股份有限公司
Publication of WO2022100581A1 publication Critical patent/WO2022100581A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/54Organization of routing tables
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/04Processing captured monitoring data, e.g. for logfile generation
    • H04L43/045Processing captured monitoring data, e.g. for logfile generation for graphical visualisation of monitoring data

Definitions

  • the present invention relates to the field of the Internet, in particular, to an IPFIX message processing method, a storage medium, a network switching chip and an ASIC chip.
  • the IPFIX (IP Flow Information Export, IP data flow information output) network mainly includes three devices: the reporting device Export, the collection device Collector, and the analysis device Analyzer, as shown in Figure 8.
  • Export is used to analyze and process network flows (Flow), extract eligible flow statistics, and output the statistics to the Collector;
  • the Collector is responsible for parsing the Export data packets (IPFIX), and collects the statistical data into the database.
  • IPFIX Export data packets
  • IPFIX is based on the concept of "flow".
  • a flow refers to: from the same sub-interface, with the same source and destination IP (Internet Protocol, Internet Protocol) addresses, protocol types, the same source and destination protocol port numbers, and the same ToS (Terms of Service, terms of service) message, usually a seven-tuple. IPFIX will record the statistics of this flow, including: timestamp, number of packets, total number of bytes, etc.
  • IPFIX processing flow of the Export device when the message passes through the ASIC (Application Specific Integrated Circuit) chip, an IPFIX flow table will be generated in the IPFIX engine, and the information will be reported to the CPU (Central Processing Unit, CPU). After receiving the IPFIX flow table information, the CPU reorganizes the data and sends packets in standard IPFIX format to the Collector device.
  • ASIC Application Specific Integrated Circuit
  • IPFIX processing flow of the ASIC chip when the ASIC chip receives a packet (processing in the inbound direction), it will send the packet information to the IPFIX engine for processing. In the IPFIX engine, an IPFIX flow table will be generated and reported to the CPU. ; When the ASIC chip sends a packet (outbound processing), it will also send the packet information to the IPFIX engine for processing. In the IPFIX engine, an IPFIX flow table will be generated and reported to the CPU.
  • the IPFIX flow table is independently generated in the incoming direction and the outgoing direction of the ASIC and the information is reported separately.
  • the corresponding IPFIX flow table may not be successfully generated using the flow table feature information in the inbound or outbound direction, resulting in the failure of the subsequent IPFIX message reporting function and affecting the reliability of the chip. sex.
  • the purpose of the embodiments of the present invention is to provide an IPFIX message processing method, an application thereof, and an ASIC chip.
  • a method for processing an IPFIX message comprising:
  • the corresponding stream is indexed according to the transmitted stream ID, and the outbound direction IPFIX message processing is performed on it.
  • the present application also provides another embodiment of the method for processing an IPFIX message, including:
  • the corresponding flow ID and flow table change count are transmitted to give a direction, and the flow table change count is set to change the count when the corresponding flow is deleted;
  • the IPFIX message processing is performed on the indexed flow in the outgoing direction.
  • performing IPFIX message processing on the indexed flow in the outbound direction including:
  • the method further includes:
  • the inbound direction flow table record information and the outbound direction flow table record information of the IPFIX flow table are reported at the same time.
  • the method further includes:
  • the application also provides an embodiment of an ASIC chip, where the ASIC chip includes an IPFIX engine and is set to:
  • the corresponding stream is indexed according to the transmitted stream ID, and the outbound direction IPFIX message processing is performed on it.
  • the application also provides an embodiment of an ASIC chip, where the ASIC chip includes an IPFIX engine and is set to:
  • the corresponding flow ID and flow table change count are transmitted to give a direction, and the flow table change count is set to change the count when the corresponding flow is deleted;
  • the corresponding stream is indexed according to the transmitted stream ID, and it is judged whether the flow table change count corresponding to the indexed stream is consistent with the flow table change count transmitted in the inbound direction; if not,
  • the present application also provides an embodiment of a network switch chip, the network switch chip includes: a kernel and a RAM, and the kernel is configured to implement the above-mentioned IPFIX message processing method.
  • the present application also provides an embodiment of a computer-readable storage medium, where computer-executable instructions are stored in the computer-readable storage medium, and the computer-executable instructions are configured to execute the above-mentioned IPFIX message processing method.
  • the corresponding flow ID when processing the inbound IPFIX message, the corresponding flow ID is transmitted to give the direction, and in the outbound direction, the corresponding flow can be indexed directly according to the transmitted flow ID, and the outbound IPFIX message processing is performed on it; In this way, in the outbound direction, it is not necessary to regenerate the flow table according to the characteristic information of the flow table, but multiplex the IPFIX flow table in the inbound direction, so that the IPFIX flow table in the inbound direction and the outbound direction is combined into one flow table, which ensures the subsequent IPFIX flow table. Message reporting function and reliability of chip work.
  • FIG. 1 is a flowchart of an IPFIX message processing method according to an embodiment of the present invention
  • FIG. 2 is a flowchart of a method for processing an IPFIX message according to another embodiment of the present invention.
  • Fig. 3 is the schematic diagram of the reporting device processing IPFIX message of the IPFIX message processing method of an embodiment of the present invention
  • FIG. 4 is a schematic diagram of an ASIC chip processing an IPFIX message according to an embodiment of the present invention.
  • FIG. 5 is a functional schematic diagram of an IPFIX aging timer in an ASIC chip of an IPFIX message processing method according to an embodiment of the present invention
  • FIG. 6 is a block diagram of an ASIC chip of an IPFIX message processing method according to an embodiment of the present invention.
  • FIG. 7 is a schematic diagram of a hardware structure of a network switch chip in an embodiment of the present invention.
  • FIG. 9 is a schematic diagram of a prior art ASIC chip processing an IPFIX message.
  • IPFIX message processing method of the present application Before introducing the IPFIX message processing method of the present application, several typical IPFIX application scenarios are first introduced.
  • Traffic Profiling (traffic overview)
  • Traffic Engineering (traffic engineering)
  • IPFIX Collector can output very rich traffic record information in various chart forms, which is the concept of Traffic Profiling. However, it is only a record of information, and the powerful functions of IPFIX cannot be used.
  • IETF also introduced the concept of Traffic Engineering: in the actual operation network, load balancing and redundant backup are often planned, but various protocols are generally planned according to the network. It can be adjusted according to the predetermined route or the principle of the agreement.
  • IPFIX is used to monitor the traffic in the network, and it is found that some data flows are large in a certain period of time, it can be reported to the network administrator for traffic adjustment, so as to allocate and adjust more network bandwidth for related application services and reduce uneven load. situation occurs.
  • setting rules such as routing adjustment, bandwidth allocation, and security policy can be directly bound to the operations on the IPFIX Collector, and network traffic adjustment can be automatically completed.
  • Attack/Intrusion Detection Attack/Intrusion Detection
  • IPFIX can detect network attacks (such as typical IP scanning, port scanning, DDOS (Distributed Denial Of Service, distributed denial of service) attacks) based on traffic characteristics.
  • network attacks such as typical IP scanning, port scanning, DDOS (Distributed Denial Of Service, distributed denial of service) attacks
  • DDOS Distributed Denial Of Service, distributed denial of service
  • the method includes:
  • the Export device when the Export device receives a data packet, it will go through the IPFIX engine of the ASIC chip.
  • IPFIX engine When a packet passes through the IPFIX engine, it first determines whether the IPFIX feature is enabled. If it is not enabled, the IPFIX engine processing is skipped; if the IPFIX feature is enabled, it enters the IPFIX engine.
  • the flow table feature information of the packet is extracted, and according to the flow table feature information, it is searched whether there is a flow (Flow) with the same flow table feature information.
  • the seven-tuple flow table feature information is generally used:
  • the IPFIX engine When processing the IPFIX message in the above inbound direction, the IPFIX engine will send the corresponding flow ID to the direction, and each Flow has a unique flow ID; preferably, the corresponding flow ID valid flag (FlowIDValid) will also be sent. Given the direction, the flow valid flag is used to indicate whether the corresponding Flow is "valid", such as invalid when the IPFIX feature is not enabled, and invalid when the flow table generation fails.
  • the flow table feature information of the IPFIX flow table, the inbound direction flow table record information and the outbound direction flow table record information are also reported at the same time.
  • common reporting conditions include:
  • the corresponding stream is indexed according to the transmitted stream ID, and the outbound direction IPFIX message processing is performed on it.
  • the stream ID valid flag is valid, it indicates that the IPFIX feature has been enabled and entered the IPFIX engine.
  • the corresponding Flow is indexed according to the transmitted flow ID, and the outbound flow table record information of the IPFIX flow table corresponding to the indexed Flow is updated in the outbound direction to complete the outbound direction IPFIX message processing.
  • the flow table feature information of the IPFIX flow table, the inbound direction flow table record information, and the outbound direction flow table record information are also reported at the same time, reducing the complexity of the CPU chip merging table entries.
  • the present application also provides another optional implementation manner of an IPFIX message processing method.
  • the method includes:
  • the stream table change count is also transmitted.
  • the flow table change count is set to be changed only when the corresponding flow is deleted, and is recorded in the flow table record information.
  • the deletion here may be, for example, that the aging timer determines that the IPFIX flow table corresponding to the Flow satisfies the aging condition when performing the aging scan, so as to execute the aging deletion of the Flow.
  • the flow table change count in the flow table record information will not be cleared, but an accumulation operation will be performed.
  • Flow table change count 2.
  • S22 Index the corresponding flow according to the transmitted flow ID in the outbound direction, and determine whether the flow table change count corresponding to the indexed flow is consistent with the flow table change count transmitted in the inbound direction.
  • the flow table change count that has been sent to the given direction will not be changed because the corresponding Flow is deleted.
  • the flow table change count corresponding to the flow indexed according to the flow ID can be compared with the flow table change count of the transmission. If the two values are inconsistent, it means that the corresponding Flow has been deleted during the transmission process; correspondingly, if the two values are consistent, it means that the corresponding Flow has not been deleted during the transmission process.
  • the Flow is already a newly generated Flow according to the flow ID index, and the corresponding IPFIX flow table outgoing direction record information is not updated at this time.
  • the IPFIX processing can be skipped directly.
  • the record information of the outbound direction flow table corresponding to the Flow indexed according to the flow ID is directly updated.
  • IPFIX message processing method for the IPFIX message processing method in this embodiment, reference may also be made to the previous embodiment in part or in whole, and repeated methods/steps will not be repeated here.
  • the present application also provides an optional implementation manner of an ASIC chip.
  • the ASIC chip includes an IPFIX engine, which is configured to transmit the corresponding stream ID to give a direction when processing the inbound IPFIX message; in the outbound direction, the corresponding stream is indexed according to the transmitted stream ID, And process the outbound IPFIX message. or,
  • the IPFIX engine is configured to transmit the corresponding flow ID and flow table change count to a given direction when processing the inbound IPFIX message; in the outbound direction, index the corresponding flow according to the transmitted flow ID, and determine the index Whether the flow table change count corresponding to the outgoing flow is consistent with the flow table change count transmitted in the incoming direction; if not, the IPFIX message processing for the indexed flow is not performed in the outgoing direction.
  • ASIC chip device embodiment is similar to the description of the above method embodiment, and has similar beneficial effects to the method embodiment.
  • technical details not disclosed in the device embodiments of the present application please refer to the descriptions of the method embodiments of the present application for understanding.
  • the ASIC chip here is integrated with the PHY (Physical Layer, physical layer) chip, the MAC (Media Access Layer, media access layer) chip and the CPU chip, so that many external components can be removed, making A good match is achieved between the chips, and the number of pins and chip area can be reduced at the same time.
  • PHY Physical Layer, physical layer
  • MAC Media Access Layer, media access layer
  • the above data reading and writing method is implemented in the form of a software function module and sold or used as an independent product, it may also be stored in a computer-readable storage medium.
  • the technical solutions of the embodiments of the present application essentially or the parts that make contributions to the prior art not only exist in the chip implementation, but can also be embodied in the form of software products, and the computer software products are stored in a
  • the storage medium includes several instructions for causing a switch chip to execute all or part of the methods described in the various embodiments of the present application.
  • the aforementioned storage medium includes: a U disk, a mobile hard disk, a read only memory (Read Only Memory, ROM), a magnetic disk or an optical disk and other media that can store program codes.
  • ROM Read Only Memory
  • the aforementioned storage medium includes: a U disk, a mobile hard disk, a read only memory (Read Only Memory, ROM), a magnetic disk or an optical disk and other media that can store program codes.
  • the embodiments of the present application are not limited to any specific combination of hardware and software.
  • an embodiment of the present application provides a network switch chip, including a memory, a kernel and a RAM (Random Access Memory, random access memory), the memory stores a computer program that can be run through the kernel, and the kernel is in the When running the computer program, the steps in the IPFIX message processing method provided by the above embodiment are implemented, and the method includes:
  • the corresponding stream ID is transmitted to give the direction; in the outbound direction, the corresponding stream is indexed according to the transmitted stream ID, and the outbound IPFIX message processing is performed on it. or,
  • the corresponding flow ID and flow table change count are transmitted to give the direction; in the outbound direction, the corresponding flow is indexed according to the transmitted flow ID, and the corresponding flow of the indexed flow is determined. Whether the table change count is consistent with the flow table change count transmitted in the inbound direction; if not, the IPFIX message processing for the flow indexed out is not performed in the outbound direction.
  • the core of the network switching chip may also be used to implement the steps in the IPFIX processing method provided in the above embodiment, which will not be repeated here.
  • the embodiments of the present application provide a computer-readable storage medium, where computer-executable instructions are stored in the computer-readable storage medium, and the computer-executable instructions are configured to execute the IPFIX message processing methods provided by the above embodiments. step.
  • Fig. 7 is a schematic diagram of a hardware entity of a network switching chip in the embodiment of the application, and as shown in Fig. 7, the hardware entity of this switching chip includes: a kernel, a communication interface and a memory, wherein:
  • the kernel usually controls the overall operation of the network switch chip.
  • the communication interface enables the network switch chip to communicate with other terminals or servers through the network.
  • the memory is configured to store instructions and applications executable by the kernel, and can also cache data (for example, image data, audio data, voice communication data and video communication data) to be processed or processed by each module in the kernel and the network switch chip, It can be implemented by random access memory (Random Access Memory, RAM).
  • RAM Random Access Memory
  • the corresponding flow ID when processing the inbound IPFIX message, the corresponding flow ID is transmitted to give the direction, and in the outbound direction, the corresponding flow can be indexed directly according to the transmitted flow ID, and the outbound IPFIX message processing is performed on it; In this way, in the outbound direction, it is not necessary to generate the flow table again according to the characteristic information of the flow table, but multiplex the IPFIX flow table in the inbound direction, so that the IPFIX flow table in the inbound direction and the outbound direction are combined into one flow table; Comparing the change count of the transport flow table with the change count of the flow table corresponding to the indexed flow in the outgoing direction can avoid performing wrong operations on the indexed flow in the outgoing direction when the original flow in the inbound direction has been deleted. IPFIX message processing ensures the reliability of subsequent IPFIX message reporting function and chip operation.
  • embodiments of one or more of the embodiments of this specification may be provided as a method, system or computer program product. Accordingly, one or more embodiments of this specification may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, one or more embodiments of the present specification may employ one or more computer-usable storage media (including but not limited to disk storage, CD-ROM (Compact Disk Read Only Memory), compact disc only read memory), optical memory, etc.) in the form of a computer program product.
  • computer-usable storage media including but not limited to disk storage, CD-ROM (Compact Disk Read Only Memory), compact disc only read memory), optical memory, etc.
  • One or more embodiments of this specification may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer.
  • program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types.
  • One or more embodiments of this specification may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network.
  • program modules may be located in both local and remote computer storage media including storage devices.

Abstract

Disclosed in the present invention are a method for processing an IPFIX message, a storage medium, a network switching chip and an ASIC chip. The method comprises: transmitting a corresponding flow ID to an outgoing direction during IPFIX message processing in an incoming direction; and indexing a corresponding flow according to the transmitted flow ID in the outgoing direction, and performing IPFIX message processing in the outgoing direction on the flow. In this case, a flow table does not need to be generated again according to flow table feature information in the outgoing direction, while the IPFIX flow table in the incoming direction is multiplexed, such that the IPFIX flow table in the incoming direction and the IPFIX flow table in the outgoing direction are combined into one flow table, and the subsequent IPFIX message reporting function and the chip working reliability are ensured.

Description

IPFIX消息的处理方法、存储介质、网络交换芯片及ASIC芯片IPFIX message processing method, storage medium, network switching chip and ASIC chip
本申请要求于2020年11月10日提交中国专利局、申请号为202011247536.5、发明名称“IPFIX消息处理方法及其应用、ASIC芯片”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of the Chinese patent application with the application number 202011247536.5 and the invention title "IPFIX message processing method and its application, ASIC chip" filed with the China Patent Office on November 10, 2020, the entire contents of which are incorporated herein by reference Applying.
技术领域technical field
本发明涉及互联网领域,具体而言,具体涉及一种IPFIX消息的处理方法、存储介质、网络交换芯片及ASIC芯片。The present invention relates to the field of the Internet, in particular, to an IPFIX message processing method, a storage medium, a network switching chip and an ASIC chip.
背景技术Background technique
IPFIX(IP Flow Information Export,IP数据流信息输出)组网中主要包括三个设备:上报设备Export、收集设备Collector、分析设备Analyzer,如图8所示。Export用于对网络流(Flow)进行分析处理,提取符合条件的流统计信息,并将统计信息输出给Collector;Collector负责解析Export的数据报文(IPFIX),把统计数据收集到数据库中,可供Analyser进行解析;Analyser从Collector中提取统计数据,进行后续处理,为各种业务提供依据,并以图形界面的形式显示出来。The IPFIX (IP Flow Information Export, IP data flow information output) network mainly includes three devices: the reporting device Export, the collection device Collector, and the analysis device Analyzer, as shown in Figure 8. Export is used to analyze and process network flows (Flow), extract eligible flow statistics, and output the statistics to the Collector; the Collector is responsible for parsing the Export data packets (IPFIX), and collects the statistical data into the database. For Analyser to analyze; Analyser extracts statistical data from Collector, performs subsequent processing, provides basis for various services, and displays it in the form of a graphical interface.
IPFIX是基于“流”的概念,一个流是指:来自相同的子接口,有相同的源和目的IP(Internet Protocol,互联网协议)地址、协议类型,相同的源和目的协议端口号,以及相同ToS(Terms of Service,服务条款)的报文,通常为七元组。IPFIX会记录这个流的统计信息,包括:时间戳,报文数,总的字节数等。IPFIX is based on the concept of "flow". A flow refers to: from the same sub-interface, with the same source and destination IP (Internet Protocol, Internet Protocol) addresses, protocol types, the same source and destination protocol port numbers, and the same ToS (Terms of Service, terms of service) message, usually a seven-tuple. IPFIX will record the statistics of this flow, including: timestamp, number of packets, total number of bytes, etc.
在Export设备IPFIX处理流程中,当报文经过ASIC(Application Specific Integrated Circuit,专用集成电路)芯片时,在IPFIX引擎中会生成IPFIX流表,并通过DMA将该信息上报给CPU(Central Processing Unit,中央处理器)。CPU收到IPFIX流表信息后,重新组织数据,发送标准IPFIX 格式的报文给Collector设备。In the IPFIX processing flow of the Export device, when the message passes through the ASIC (Application Specific Integrated Circuit) chip, an IPFIX flow table will be generated in the IPFIX engine, and the information will be reported to the CPU (Central Processing Unit, CPU). After receiving the IPFIX flow table information, the CPU reorganizes the data and sends packets in standard IPFIX format to the Collector device.
参图9,在ASIC芯片的IPFIX处理流程中,ASIC芯片收到报文时(入方向处理),会将报文信息送入IPFIX引擎处理,在IPFIX引擎中,会生成IPFIX流表并上报CPU;ASIC芯片发送报文时(出方向处理),也会将报文信息送入IPFIX引擎处理,在IPFIX引擎中,会生成IPFIX流表并上报CPU。Referring to Figure 9, in the IPFIX processing flow of the ASIC chip, when the ASIC chip receives a packet (processing in the inbound direction), it will send the packet information to the IPFIX engine for processing. In the IPFIX engine, an IPFIX flow table will be generated and reported to the CPU. ; When the ASIC chip sends a packet (outbound processing), it will also send the packet information to the IPFIX engine for processing. In the IPFIX engine, an IPFIX flow table will be generated and reported to the CPU.
可以看出,在现有的IPFIX处理流程中,在ASIC入方向和出方向各自会独立生成IPFIX流表并各自上报信息。然而在实际应用中,由于受到资源的限制,可能在入方向或出方向时无法利用流表特征信息成功生成对应的IPFIX流表,从而导致后续IPFIX消息上报功能的不能实现,影响芯片工作的可靠性。It can be seen that in the existing IPFIX processing flow, the IPFIX flow table is independently generated in the incoming direction and the outgoing direction of the ASIC and the information is reported separately. However, in practical applications, due to resource constraints, the corresponding IPFIX flow table may not be successfully generated using the flow table feature information in the inbound or outbound direction, resulting in the failure of the subsequent IPFIX message reporting function and affecting the reliability of the chip. sex.
发明内容SUMMARY OF THE INVENTION
有鉴于此,本发明实施例的目的在于提供一种IPFIX消息处理方法及其应用、ASIC芯片。In view of this, the purpose of the embodiments of the present invention is to provide an IPFIX message processing method, an application thereof, and an ASIC chip.
为了实现上述目的,本发明一实施例提供的技术方案如下:In order to achieve the above purpose, the technical solution provided by an embodiment of the present invention is as follows:
一种IPFIX消息的处理方法,所述方法包括:A method for processing an IPFIX message, the method comprising:
在对入方向IPFIX消息处理时,将对应的流ID(Identity Document,身份标识号)传送给出方向;When processing the inbound IPFIX message, transmit the corresponding stream ID (Identity Document, identity number) to the given direction;
在出方向根据所述传送的流ID索引对应的流,并对其进行出方向IPFIX消息处理。In the outbound direction, the corresponding stream is indexed according to the transmitted stream ID, and the outbound direction IPFIX message processing is performed on it.
本申请还提供IPFIX消息的处理方法的又一实施例,包括:The present application also provides another embodiment of the method for processing an IPFIX message, including:
在对入方向IPFIX消息处理时,将对应的流ID和流表变更计数传送给出方向,所述流表变更计数设置为在对应的流被删除时改变计数;When processing the inbound direction IPFIX message, the corresponding flow ID and flow table change count are transmitted to give a direction, and the flow table change count is set to change the count when the corresponding flow is deleted;
在出方向根据所述传送的流ID索引对应的流,并判断所述索引出的 流对应的流表变更计数和入方向传送的流表变更计数是否一致;若否,In the outgoing direction, according to the corresponding flow of the flow ID index of the transmission, and judge whether the flow table change count corresponding to the flow of the index is consistent with the flow table change count transmitted in the inbound direction; if not,
在出方向不执行对所述索引出的流的IPFIX消息处理。No IPFIX message processing for the indexed flow is performed in the outbound direction.
一实施例中,若所述索引出的流对应的流表变更计数和入方向传送的流表变更计数一致,则在出方向对所述索引出的流进行IPFIX消息处理。In one embodiment, if the flow table change count corresponding to the indexed flow is consistent with the flow table change count transmitted in the inbound direction, the IPFIX message processing is performed on the indexed flow in the outgoing direction.
一实施例中,在出方向对所述索引出的流进行IPFIX消息处理,包括:In an embodiment, performing IPFIX message processing on the indexed flow in the outbound direction, including:
在出方向更新所述索引出的流对应的IPFIX流表出方向流表记录信息。In the outgoing direction, update the IPFIX flow table record information of the outgoing direction flow table corresponding to the indexed flow.
一实施例中,所述方法还包括:In one embodiment, the method further includes:
在入方向符合上报条件时,将IPFIX流表的入方向流表记录信息和出方向流表记录信息同时上报;和/或,When the inbound direction meets the reporting conditions, report the inbound flow table record information and outbound flow table record information of the IPFIX flow table at the same time; and/or,
在出方向符合上报条件时,将IPFIX流表的入方向流表记录信息和出方向流表记录信息同时上报。When the outbound direction meets the reporting conditions, the inbound direction flow table record information and the outbound direction flow table record information of the IPFIX flow table are reported at the same time.
一实施例中,所述方法还包括:In one embodiment, the method further includes:
在对入方向IPFIX消息处理时,将对应的流ID有效标志传送给出方向;When processing the incoming direction IPFIX message, transmit the corresponding stream ID valid flag to give the direction;
当所述传送的流ID有效标志无效时,在出方向不进行IPFIX消息处理。When the transmitted stream ID valid flag is invalid, no IPFIX message processing is performed in the outbound direction.
本申请还提供一种ASIC芯片的实施例,所述ASIC芯片包括IPFIX引擎,被设置为:The application also provides an embodiment of an ASIC chip, where the ASIC chip includes an IPFIX engine and is set to:
在对入方向IPFIX消息处理时,将对应的流ID传送给出方向;When processing the inbound IPFIX message, the corresponding flow ID is transmitted to give the direction;
在出方向根据所述传送的流ID索引对应的流,并对其进行出方向IPFIX消息处理。In the outbound direction, the corresponding stream is indexed according to the transmitted stream ID, and the outbound direction IPFIX message processing is performed on it.
本申请还提供一种ASIC芯片的实施例,所述ASIC芯片包括IPFIX引擎,被设置为:The application also provides an embodiment of an ASIC chip, where the ASIC chip includes an IPFIX engine and is set to:
在对入方向IPFIX消息处理时,将对应的流ID和流表变更计数传送给出方向,所述流表变更计数设置为在对应的流被删除时改变计数;When processing the inbound direction IPFIX message, the corresponding flow ID and flow table change count are transmitted to give a direction, and the flow table change count is set to change the count when the corresponding flow is deleted;
在出方向根据所述传送的流ID索引对应的流,并判断所述索引出的流对应的流表变更计数和入方向传送的流表变更计数是否一致;若否,In the outbound direction, the corresponding stream is indexed according to the transmitted stream ID, and it is judged whether the flow table change count corresponding to the indexed stream is consistent with the flow table change count transmitted in the inbound direction; if not,
在出方向不执行对所述索引出的流的IPFIX消息处理。No IPFIX message processing for the indexed flow is performed in the outbound direction.
本申请还提供一种网络交换芯片的实施例,所述网络交换芯片包括:内核和RAM,所述内核被设置为实现上述的IPFIX消息处理方法。The present application also provides an embodiment of a network switch chip, the network switch chip includes: a kernel and a RAM, and the kernel is configured to implement the above-mentioned IPFIX message processing method.
本申请还提供一种计算机可读存储介质的实施例,所述计算机可读存储介质中存储有计算机可执行指令,该计算机可执行指令配置为执行上述的IPFIX消息处理方法。The present application also provides an embodiment of a computer-readable storage medium, where computer-executable instructions are stored in the computer-readable storage medium, and the computer-executable instructions are configured to execute the above-mentioned IPFIX message processing method.
本申请的技术方案通过在对入方向IPFIX消息处理时,将对应的流ID传送给出方向,在出方向可以直接根据传送的流ID索引对应的流,并对其进行出方向IPFIX消息处理;这样在出方向并不需要根据流表特征信息再次生成流表,而是对入方向的IPFIX流表进行复用,使得入方向和出方向的IPFIX流表合并成了一条流表,保证后续IPFIX消息上报功能及芯片工作的可靠性。In the technical solution of the present application, when processing the inbound IPFIX message, the corresponding flow ID is transmitted to give the direction, and in the outbound direction, the corresponding flow can be indexed directly according to the transmitted flow ID, and the outbound IPFIX message processing is performed on it; In this way, in the outbound direction, it is not necessary to regenerate the flow table according to the characteristic information of the flow table, but multiplex the IPFIX flow table in the inbound direction, so that the IPFIX flow table in the inbound direction and the outbound direction is combined into one flow table, which ensures the subsequent IPFIX flow table. Message reporting function and reliability of chip work.
附图说明Description of drawings
为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明中记载的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to explain the embodiments of the present invention or the technical solutions in the prior art more clearly, the following briefly introduces the accompanying drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only These are some embodiments described in the present invention. For those of ordinary skill in the art, other drawings can also be obtained based on these drawings without any creative effort.
图1为本发明一实施例IPFIX消息处理方法的流程图;1 is a flowchart of an IPFIX message processing method according to an embodiment of the present invention;
图2为本发明又一实施例IPFIX消息处理方法的流程图;2 is a flowchart of a method for processing an IPFIX message according to another embodiment of the present invention;
图3为本发明一实施例IPFIX消息处理方法的上报设备处理IPFIX消 息的示意图;Fig. 3 is the schematic diagram of the reporting device processing IPFIX message of the IPFIX message processing method of an embodiment of the present invention;
图4为本发明一实施例ASIC芯片处理IPFIX消息的示意图;4 is a schematic diagram of an ASIC chip processing an IPFIX message according to an embodiment of the present invention;
图5为本发明一实施例IPFIX消息处理方法的ASIC芯片中,IPFIX老化定时器的功能示意图;5 is a functional schematic diagram of an IPFIX aging timer in an ASIC chip of an IPFIX message processing method according to an embodiment of the present invention;
图6为本发明一实施例IPFIX消息处理方法的ASIC芯片的模块图;6 is a block diagram of an ASIC chip of an IPFIX message processing method according to an embodiment of the present invention;
图7为本发明一实施例中网络交换芯片的硬件结构示意图;7 is a schematic diagram of a hardware structure of a network switch chip in an embodiment of the present invention;
图8为现有技术IPFIX的组网构成示意图;8 is a schematic diagram of the networking composition of the prior art IPFIX;
图9为现有技术ASIC芯片处理IPFIX消息的示意图。FIG. 9 is a schematic diagram of a prior art ASIC chip processing an IPFIX message.
具体实施方式Detailed ways
为了使本技术领域的人员更好地理解本发明中的技术方案,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都应当属于本发明保护的范围。In order to make those skilled in the art better understand the technical solutions of the present invention, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described The embodiments are only some of the embodiments of the present invention, but not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.
在介绍本申请IPFIX消息处理方法之前,首先介绍几个典型的IPFIX应用场景。Before introducing the IPFIX message processing method of the present application, several typical IPFIX application scenarios are first introduced.
1、Usage-based Accounting(基于使用流量的计费)1. Usage-based Accounting (billing based on usage traffic)
以往在网络运营商中的流量计费一般只是简单的基于用户的上传、下载流量。由于IPFIX可以精确到目的IP、协议端口等字段,因此流量计费就可以基于应用服务的特点来分段收费。In the past, the traffic billing in network operators was generally simply based on the user's upload and download traffic. Since IPFIX can be accurate to fields such as destination IP, protocol port, etc., traffic charging can be charged in sections based on the characteristics of application services.
2、Traffic Profiling(流量概图)、Traffic Engineering:(流量工程)2. Traffic Profiling (traffic overview), Traffic Engineering: (traffic engineering)
通过IPFIX Exporter的记录输出,IPFIX Collector可以以各种图表形式输出非常丰富的流量记录信息,这就是Traffic Profiling的概念。然而,只是信息的记录,还无法利用IPFIX的强大功能,IETF同时推出了Traffic  Engineering的概念:在实际运营网络中,经常规划了负载均衡和冗余备份,但各种协议一般都是按网络规划时预定的路线、或协议原理进行调整。而如果采用IPFIX监控网络中的流量,发现某段时间某些数据流较大,可以汇报给网络管理员进行流量调整,以分配、调整更多的网络带宽供给相关应用服务使用,减少负载不均的情况发生。甚至于,可以更智能把路由调整、带宽分配、安全策略等设置规则直接绑定到IPFIX Collector上的操作上,自动完成网络流量调整。Through the record output of IPFIX Exporter, IPFIX Collector can output very rich traffic record information in various chart forms, which is the concept of Traffic Profiling. However, it is only a record of information, and the powerful functions of IPFIX cannot be used. IETF also introduced the concept of Traffic Engineering: in the actual operation network, load balancing and redundant backup are often planned, but various protocols are generally planned according to the network. It can be adjusted according to the predetermined route or the principle of the agreement. However, if IPFIX is used to monitor the traffic in the network, and it is found that some data flows are large in a certain period of time, it can be reported to the network administrator for traffic adjustment, so as to allocate and adjust more network bandwidth for related application services and reduce uneven load. situation occurs. Even more intelligently, setting rules such as routing adjustment, bandwidth allocation, and security policy can be directly bound to the operations on the IPFIX Collector, and network traffic adjustment can be automatically completed.
3、Attack/Intrusion Detection:攻击/入侵检测3. Attack/Intrusion Detection: Attack/Intrusion Detection
从上述第二个应用场景的描述,可以得知IPFIX可以根据流量特点,进行网络攻击的检测(比如典型的IP扫描、端口扫描、DDOS(Distributed Denial Of Service,分布式拒绝服务)攻击)。而采用标准的IPFIX协议,还可以像一般主机端病毒防护一样,采用“特征库”升级来阻止最新的网络攻击。From the description of the second application scenario above, it can be known that IPFIX can detect network attacks (such as typical IP scanning, port scanning, DDOS (Distributed Denial Of Service, distributed denial of service) attacks) based on traffic characteristics. Using the standard IPFIX protocol, you can also use the "signature library" upgrade to prevent the latest network attacks like the general host-side virus protection.
参图1,介绍本申请IPFIX消息的处理方法的一可选实施方式。在本实施方式中,该方法包括:Referring to FIG. 1, an optional implementation manner of the method for processing an IPFIX message of the present application is introduced. In this embodiment, the method includes:
S11、在对入方向IPFIX消息处理时,将对应的流ID传送给出方向。S11. When processing the inbound IPFIX message, transmit the corresponding flow ID to give the direction.
配合参图3和图4,当Export设备收到一个数据报文时,会经过ASIC芯片的IPFIX引擎。报文在经过IPFIX引擎时,首先判断是否使能了IPFIX特性,如果没有使能,跳过IPFIX引擎处理;如果已经使能了IPFIX特性,则进入IPFIX引擎。在IPFIX引擎中会提取该报文的流表特征信息,并根据该流表特征信息去查找是否存在相同流表特征信息的流(Flow)。如果Flow已经存在,则更新对应的入方向流表记录信息;如果Flow不存在,则生成新的Flow,用报文的流表特征信息填写Flow的流表特征信息,并更新对应的入方向流表记录信息。当然,这里如果新生成Flow失败,则跳过后续IPFIX引擎的处理。With reference to Figure 3 and Figure 4, when the Export device receives a data packet, it will go through the IPFIX engine of the ASIC chip. When a packet passes through the IPFIX engine, it first determines whether the IPFIX feature is enabled. If it is not enabled, the IPFIX engine processing is skipped; if the IPFIX feature is enabled, it enters the IPFIX engine. In the IPFIX engine, the flow table feature information of the packet is extracted, and according to the flow table feature information, it is searched whether there is a flow (Flow) with the same flow table feature information. If the Flow already exists, update the corresponding inbound flow table record information; if the Flow does not exist, generate a new Flow, fill in the flow table characteristic information of the Flow with the flow table characteristic information of the packet, and update the corresponding inbound flow Table records information. Of course, if the newly generated Flow fails here, the processing of the subsequent IPFIX engine is skipped.
示意性地,对于IPFIX流表而言,一般使用七元组流表特征信息:Illustratively, for the IPFIX flow table, the seven-tuple flow table feature information is generally used:
1、源IP地址1. Source IP address
2、目的IP地址2. Destination IP address
3、TCP/UDP源端口3. TCP/UDP source port
4、TCP/UDP目的端口4. TCP/UDP destination port
5、三层协议类型5. Layer 3 protocol type
6、服务类型(Type-of-service)字节6. Type-of-service bytes
7、输入逻辑接口7. Input logic interface
在进行以上入方向IPFIX消息处理时,IPFIX引擎会将对应的流ID传送给出方向,而每条Flow存在唯一的流ID;较佳地,还会将对应的流ID有效标志(FlowIDValid)传送给出方向,流有效标志用于表示对应的Flow是否“有效”,例如未使能IPFIX特性时无效、以及生成流表失败时无效等。When processing the IPFIX message in the above inbound direction, the IPFIX engine will send the corresponding flow ID to the direction, and each Flow has a unique flow ID; preferably, the corresponding flow ID valid flag (FlowIDValid) will also be sent. Given the direction, the flow valid flag is used to indicate whether the corresponding Flow is "valid", such as invalid when the IPFIX feature is not enabled, and invalid when the flow table generation fails.
本实施例中,在入方向符合上报条件时,还会将IPFIX流表的流表特征信息、入方向流表记录信息和出方向流表记录信息同时上报。示意性地,常见的上报条件包括:In this embodiment, when the inbound direction meets the reporting conditions, the flow table feature information of the IPFIX flow table, the inbound direction flow table record information and the outbound direction flow table record information are also reported at the same time. Illustratively, common reporting conditions include:
1、新流产生1. New flow generation
2、流表删除2. Delete the flow table
3、报文总计数超过设定的阈值3. The total number of packets exceeds the set threshold
4、报文总字节数超过设定的阈值4. The total number of bytes of the message exceeds the set threshold
5、报文时间戳超过设定的阈值5. The packet timestamp exceeds the set threshold
6、TCP连接断开6. The TCP connection is disconnected
7、报文抖动过大7. Packet jitter is too large
8、报文延迟过大8. The message delay is too large
9、报文TTL(Time To Live,生存时间)发生变化9. Packet TTL (Time To Live, time to live) changes
10、报文丢弃原因改变10. The reason for discarding packets is changed
11、丢弃报文计数超过设定的阈值11. The count of discarded packets exceeds the set threshold
12、报文目的地信息发生改变12. The message destination information has changed
这样,即使在针对入方向上报的IPFIX消息进行分析时,也可以获知对应的出方向流表记录信息。In this way, even when analyzing the IPFIX message reported in the inbound direction, the corresponding outbound direction flow table record information can be obtained.
S12、在出方向根据所述传送的流ID索引对应的流,并对其进行出方向IPFIX消息处理。S12. In the outbound direction, the corresponding stream is indexed according to the transmitted stream ID, and the outbound direction IPFIX message processing is performed on it.
首先判断流ID有效标志是否有效,当传送的流ID有效标志无效时,表示在出方向不需要进行IPFIX消息处理,并跳过IPFIX引擎处理。First, determine whether the stream ID valid flag is valid. When the transmitted stream ID valid flag is invalid, it means that no IPFIX message processing is required in the outbound direction, and the IPFIX engine processing is skipped.
如果流ID有效标志有效,则表明已经使能了IPFIX特性,并进入IPFIX引擎。在IPFIX引擎中根据传送的流ID索引对应的Flow,并在出方向更新索引出的Flow对应的IPFIX流表出方向流表记录信息,完成出方向IPFIX消息处理。If the stream ID valid flag is valid, it indicates that the IPFIX feature has been enabled and entered the IPFIX engine. In the IPFIX engine, the corresponding Flow is indexed according to the transmitted flow ID, and the outbound flow table record information of the IPFIX flow table corresponding to the indexed Flow is updated in the outbound direction to complete the outbound direction IPFIX message processing.
可以看出的是,在本申请提供的IPFIX消息处理方法中,在出方向并不需要根据流表特征信息再次生成流表,而是通过流ID索引出流,从而对入方向的IPFIX流表进行复用,使得入方向和出方向的IPFIX流表合并成了一条流表,保证后续IPFIX消息上报功能及芯片工作的可靠性。It can be seen that, in the IPFIX message processing method provided by this application, it is not necessary to regenerate the flow table according to the characteristic information of the flow table in the outgoing direction, but the outgoing flow is indexed by the flow ID, so that the IPFIX flow table in the inbound direction is not required to be generated again. After multiplexing, the inbound and outbound IPFIX flow tables are combined into one flow table, which ensures the reliability of subsequent IPFIX message reporting and chip operation.
类似地,在出方向符合上报条件时,也将IPFIX流表的流表特征信息、入方向流表记录信息和出方向流表记录信息同时上报,减轻CPU芯片合并表项的复杂度。Similarly, when the outbound direction meets the reporting conditions, the flow table feature information of the IPFIX flow table, the inbound direction flow table record information, and the outbound direction flow table record information are also reported at the same time, reducing the complexity of the CPU chip merging table entries.
实际应用中,出方向IPFIX消息处理和入方向IPFIX消息处理之间存在一定的时间差,因此可能存在的情形是:在出方向IPFIX消息处理时,入方向对应的Flow被老化定时器删除,甚至重新学习到了一条新的Flow,这时如果直接在出方向用流ID索引Flow,就可能会修改其他Flow的出 方向流表记录信息,以致另一条Flow的IPFIX消息被错误的DMA上报。In practical applications, there is a certain time difference between the processing of IPFIX messages in the outbound direction and the processing of IPFIX messages in the inbound direction. Therefore, there may be a situation in which the flow corresponding to the inbound direction is deleted by the aging timer during the processing of IPFIX messages in the outbound direction, or even restarted. When a new Flow is learned, if the flow is directly indexed by the flow ID in the outbound direction, the outbound flow table record information of other Flows may be modified, so that the IPFIX message of another Flow is reported by the wrong DMA.
针对以上可能,参图2,本申请还提供另一IPFIX消息处理方法的可选实施方式。在本实施方式中,该方法包括:For the above possibility, referring to FIG. 2 , the present application also provides another optional implementation manner of an IPFIX message processing method. In this embodiment, the method includes:
S21、在对入方向IPFIX消息处理时,将对应的流ID和流表变更计数传送给出方向。S21. When processing the inbound IPFIX message, transmit the corresponding flow ID and flow table change count to the given direction.
配合参图4和图5,与上一实施方式中不同地,本实施方式中在传送流ID给出方向时,会一并传送一流表变更计数。该流表变更计数被设置为只在对应的流被删除时改变计数,并被记录在流表记录信息中。Referring to FIG. 4 and FIG. 5 , different from the previous embodiment, in this embodiment, when the direction is given by the stream ID, the stream table change count is also transmitted. The flow table change count is set to be changed only when the corresponding flow is deleted, and is recorded in the flow table record information.
这里的删除可以例如是老化定时器在进行老化扫描时,判断Flow对应的IPFIX流表满足老化条件,从而执行的对Flow的老化删除。一实施例中,流表变更计数可以例如具有一初始值=1,在IPFIX流表被删除时,流表记录信息中的该流表变更计数不会被清空,而是进行累加操作,此时流表变更计数=2。The deletion here may be, for example, that the aging timer determines that the IPFIX flow table corresponding to the Flow satisfies the aging condition when performing the aging scan, so as to execute the aging deletion of the Flow. In one embodiment, the flow table change count may, for example, have an initial value=1. When the IPFIX flow table is deleted, the flow table change count in the flow table record information will not be cleared, but an accumulation operation will be performed. Flow table change count = 2.
S22、在出方向根据所述传送的流ID索引对应的流,并判断所述索引出的流对应的流表变更计数和入方向传送的流表变更计数是否一致。S22: Index the corresponding flow according to the transmitted flow ID in the outbound direction, and determine whether the flow table change count corresponding to the indexed flow is consistent with the flow table change count transmitted in the inbound direction.
由于在入方向IPFIX消息处理时,已经将对应的流表变更计数发送给出方向,因此该已经传送给出方向的流表变更计数不会因对应的Flow被删除而改变计数。这样,在出方向可以将根据流ID索引出的流对应的流表变更计数与该传送的流表变更计数进行比对。如果两者的值不一致,说明在传送过程中,对应的Flow已经被删除;相应地,如果两者的值保持一致,说明在传送过程中,对应的Flow并未被删除。Since the corresponding flow table change count has been sent to the given direction when the inbound direction IPFIX message is processed, the flow table change count that has been sent to the given direction will not be changed because the corresponding Flow is deleted. In this way, in the outbound direction, the flow table change count corresponding to the flow indexed according to the flow ID can be compared with the flow table change count of the transmission. If the two values are inconsistent, it means that the corresponding Flow has been deleted during the transmission process; correspondingly, if the two values are consistent, it means that the corresponding Flow has not been deleted during the transmission process.
S23、若索引出的流对应的流表变更计数和入方向传送的流表变更计数不一致,在出方向不执行对所述索引出的流的IPFIX消息处理。S23. If the flow table change count corresponding to the indexed flow is inconsistent with the flow table change count transmitted in the inbound direction, the IPFIX message processing for the indexed flow is not performed in the outbound direction.
在出方向对应的Flow已经被删除的情况下,根据流ID索引到Flow已经是一条新生成的Flow,此时不再更新其对应的IPFIX流表出方向记 录信息。示范性地,这种情况下,可以直接跳过IPFIX处理。In the case that the Flow corresponding to the outgoing direction has been deleted, the Flow is already a newly generated Flow according to the flow ID index, and the corresponding IPFIX flow table outgoing direction record information is not updated at this time. Exemplarily, in this case, the IPFIX processing can be skipped directly.
若出方向对应的Flow没有被删除,则直接将根据流ID索引到的Flow对应的出方向流表记录信息进行更新。If the Flow corresponding to the outbound direction is not deleted, the record information of the outbound direction flow table corresponding to the Flow indexed according to the flow ID is directly updated.
本实施方式中的IPFIX消息处理方法还可以部分或全部参考上一实施方式,在此不再对重复的方法/步骤进行赘述。For the IPFIX message processing method in this embodiment, reference may also be made to the previous embodiment in part or in whole, and repeated methods/steps will not be repeated here.
参图6,本申请还提供一种ASIC芯片的可选实施方式。在本实施方式中,该ASIC芯片包括IPFIX引擎,被配置为在对入方向IPFIX消息处理时,将对应的流ID传送给出方向;在出方向根据所述传送的流ID索引对应的流,并对其进行出方向IPFIX消息处理。又或者,Referring to FIG. 6 , the present application also provides an optional implementation manner of an ASIC chip. In this embodiment, the ASIC chip includes an IPFIX engine, which is configured to transmit the corresponding stream ID to give a direction when processing the inbound IPFIX message; in the outbound direction, the corresponding stream is indexed according to the transmitted stream ID, And process the outbound IPFIX message. or,
该IPFIX引擎被配置为在对入方向IPFIX消息处理时,将对应的流ID和流表变更计数传送给出方向;在出方向根据所述传送的流ID索引对应的流,并判断所述索引出的流对应的流表变更计数和入方向传送的流表变更计数是否一致;若否,在出方向不执行对所述索引出的流的IPFIX消息处理。The IPFIX engine is configured to transmit the corresponding flow ID and flow table change count to a given direction when processing the inbound IPFIX message; in the outbound direction, index the corresponding flow according to the transmitted flow ID, and determine the index Whether the flow table change count corresponding to the outgoing flow is consistent with the flow table change count transmitted in the incoming direction; if not, the IPFIX message processing for the indexed flow is not performed in the outgoing direction.
以上ASIC芯片装置实施例的描述,与上述方法实施例的描述是类似的,具有同方法实施例相似的有益效果。对于本申请装置实施例中未披露的技术细节,请参照本申请方法实施例的描述而理解。The above description of the ASIC chip device embodiment is similar to the description of the above method embodiment, and has similar beneficial effects to the method embodiment. For technical details not disclosed in the device embodiments of the present application, please refer to the descriptions of the method embodiments of the present application for understanding.
在一个典型的Export设备中,这里的ASIC芯片与PHY(Physical Layer,物理层)芯片、MAC(Media Access Layer,媒体访问层)芯片以及CPU芯片被共同整合,这样能去掉许多外接元器件,使得各芯片之间实现很好的匹配,同时还可减小引脚数、缩小芯片面积。In a typical Export device, the ASIC chip here is integrated with the PHY (Physical Layer, physical layer) chip, the MAC (Media Access Layer, media access layer) chip and the CPU chip, so that many external components can be removed, making A good match is achieved between the chips, and the number of pins and chip area can be reduced at the same time.
需要说明的是,本申请实施例中,如果以软件功能模块的形式实现上述数据读写方法,并作为独立的产品销售或使用时,也可以存储在一个计算机可读取存储介质中。基于这样的理解,本申请实施例的技术方案本质上或者说对现有技术做出贡献的部分不仅仅存在于芯片实现中,也可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介 质中,包括若干指令用以使得一个交换芯片执行本申请各个实施例所述方法的全部或部分。而前述的存储介质包括:U盘、移动硬盘、只读存储器(Read Only Memory,ROM)、磁碟或者光盘等各种可以存储程序代码的介质。这样,本申请实施例不限制于任何特定的硬件和软件结合。It should be noted that, in the embodiments of the present application, if the above data reading and writing method is implemented in the form of a software function module and sold or used as an independent product, it may also be stored in a computer-readable storage medium. Based on this understanding, the technical solutions of the embodiments of the present application essentially or the parts that make contributions to the prior art not only exist in the chip implementation, but can also be embodied in the form of software products, and the computer software products are stored in a The storage medium includes several instructions for causing a switch chip to execute all or part of the methods described in the various embodiments of the present application. The aforementioned storage medium includes: a U disk, a mobile hard disk, a read only memory (Read Only Memory, ROM), a magnetic disk or an optical disk and other media that can store program codes. As such, the embodiments of the present application are not limited to any specific combination of hardware and software.
对应地,本申请实施例提供一种网络交换芯片,包括存储器、内核和RAM(Random Access Memory,随机存取存储器),所述存储器存储有可以通过所述内核运行的计算机程序,所述内核在运行所述计算机程序时实现上述实施例提供的IPFIX消息处理方法中的步骤,该方法包括:Correspondingly, an embodiment of the present application provides a network switch chip, including a memory, a kernel and a RAM (Random Access Memory, random access memory), the memory stores a computer program that can be run through the kernel, and the kernel is in the When running the computer program, the steps in the IPFIX message processing method provided by the above embodiment are implemented, and the method includes:
在对入方向IPFIX消息处理时,将对应的流ID传送给出方向;在出方向根据所述传送的流ID索引对应的流,并对其进行出方向IPFIX消息处理。又或者,When processing the inbound IPFIX message, the corresponding stream ID is transmitted to give the direction; in the outbound direction, the corresponding stream is indexed according to the transmitted stream ID, and the outbound IPFIX message processing is performed on it. or,
在对入方向IPFIX消息处理时,将对应的流ID和流表变更计数传送给出方向;在出方向根据所述传送的流ID索引对应的流,并判断所述索引出的流对应的流表变更计数和入方向传送的流表变更计数是否一致;若否,在出方向不执行对所述索引出的流的IPFIX消息处理。When processing the inbound IPFIX message, the corresponding flow ID and flow table change count are transmitted to give the direction; in the outbound direction, the corresponding flow is indexed according to the transmitted flow ID, and the corresponding flow of the indexed flow is determined. Whether the table change count is consistent with the flow table change count transmitted in the inbound direction; if not, the IPFIX message processing for the flow indexed out is not performed in the outbound direction.
对应地,所述网络交换芯片的内核还可以用于实现上述实施例提供的IPFIX处理方法中的步骤,此处不再赘述。Correspondingly, the core of the network switching chip may also be used to implement the steps in the IPFIX processing method provided in the above embodiment, which will not be repeated here.
对应地,本申请实施例提供一种计算机可读存储介质,所述计算机可读存储介质中存储有计算机可执行指令,该计算机可执行指令配置为执行上述实施例提供的IPFIX消息处理方法中的步骤。Correspondingly, the embodiments of the present application provide a computer-readable storage medium, where computer-executable instructions are stored in the computer-readable storage medium, and the computer-executable instructions are configured to execute the IPFIX message processing methods provided by the above embodiments. step.
这里需要指出的是:以上存储介质和设备实施例的描述,与上述方法实施例的描述是类似的,具有同方法实施例相似的有益效果。对于本申请存储介质和设备实施例中未披露的技术细节,请参照本申请方法实施例的描述而理解。It should be pointed out here that the descriptions of the above storage medium and device embodiments are similar to the descriptions of the above method embodiments, and have similar beneficial effects to the method embodiments. For technical details not disclosed in the embodiments of the storage medium and device of the present application, please refer to the description of the method embodiments of the present application to understand.
需要说明的是,图7为本申请实施例中网络交换芯片的一种硬件实体示意图,如图7所示,该交换芯片的硬件实体包括:内核、通信接口和存 储器,其中:It should be noted that Fig. 7 is a schematic diagram of a hardware entity of a network switching chip in the embodiment of the application, and as shown in Fig. 7, the hardware entity of this switching chip includes: a kernel, a communication interface and a memory, wherein:
内核通常控制网络交换芯片的总体操作。The kernel usually controls the overall operation of the network switch chip.
通信接口可以使网络交换芯片通过网络与其他终端或服务器通信。The communication interface enables the network switch chip to communicate with other terminals or servers through the network.
存储器配置为存储由内核可执行的指令和应用,还可以缓存待内核以及网络交换芯片中各模块待处理或已经处理的数据(例如,图像数据、音频数据、语音通信数据和视频通信数据),可以通过随机访问存储器(Random Access Memory,RAM)实现。The memory is configured to store instructions and applications executable by the kernel, and can also cache data (for example, image data, audio data, voice communication data and video communication data) to be processed or processed by each module in the kernel and the network switch chip, It can be implemented by random access memory (Random Access Memory, RAM).
本申请的技术方案通过在对入方向IPFIX消息处理时,将对应的流ID传送给出方向,在出方向可以直接根据传送的流ID索引对应的流,并对其进行出方向IPFIX消息处理;这样在出方向并不需要根据流表特征信息再次生成流表,而是对入方向的IPFIX流表进行复用,使得入方向和出方向的IPFIX流表合并成了一条流表;同时,通过在出方向进行传送流表变更计数和索引出的流对应流表变更计数的比对,可以避免在入方向的原始流已经被删除的情况下,再在出方向对索引出的流执行错误的IPFIX消息处理,保证后续IPFIX消息上报功能及芯片工作的可靠性。In the technical solution of the present application, when processing the inbound IPFIX message, the corresponding flow ID is transmitted to give the direction, and in the outbound direction, the corresponding flow can be indexed directly according to the transmitted flow ID, and the outbound IPFIX message processing is performed on it; In this way, in the outbound direction, it is not necessary to generate the flow table again according to the characteristic information of the flow table, but multiplex the IPFIX flow table in the inbound direction, so that the IPFIX flow table in the inbound direction and the outbound direction are combined into one flow table; Comparing the change count of the transport flow table with the change count of the flow table corresponding to the indexed flow in the outgoing direction can avoid performing wrong operations on the indexed flow in the outgoing direction when the original flow in the inbound direction has been deleted. IPFIX message processing ensures the reliability of subsequent IPFIX message reporting function and chip operation.
上述实施例阐明的系统、装置、模块或单元,可以由计算机芯片或实体实现,或者由具有某种功能的产品来实现。The systems, devices, modules or units described in the above embodiments may be implemented by computer chips or entities, or by products with certain functions.
为了描述的方便,描述以上装置时以功能分为各种模块分别描述。当然,在实施本说明书一个或多个实施例时可以把各模块的功能在同一个或多个软件和/或硬件中实现。For the convenience of description, when describing the above device, the functions are divided into various modules and described respectively. Of course, when implementing one or more embodiments of this specification, the functions of each module may be implemented in one or more software and/or hardware.
还需要说明的是,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、商品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、商品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的过程、方法、商品或者设备中还存在另外的相同要素。It should also be noted that the terms "comprising", "comprising" or any other variation thereof are intended to encompass a non-exclusive inclusion such that a process, method, article or device comprising a series of elements includes not only those elements, but also Other elements not expressly listed, or inherent to such a process, method, article of manufacture or apparatus are also included. Without further limitation, an element qualified by the phrase "comprising a..." does not preclude the presence of additional identical elements in the process, method, article of manufacture, or device that includes the element.
本领域技术人员应明白,本说明书一个或多个实施例的实施例可提供为方法、系统或计算机程序产品。因此,本说明书一个或多个实施例可采用完全硬件实施例、完全软件实施例或结合软件和硬件方面的实施例的形式。而且,本说明书一个或多个实施例可采用在一个或多个其中包括有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM(Compact Disk Read Only Memory,致密光盘只读存储器)、光学存储器等)上实施的计算机程序产品的形式。As will be appreciated by one skilled in the art, embodiments of one or more of the embodiments of this specification may be provided as a method, system or computer program product. Accordingly, one or more embodiments of this specification may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, one or more embodiments of the present specification may employ one or more computer-usable storage media (including but not limited to disk storage, CD-ROM (Compact Disk Read Only Memory), compact disc only read memory), optical memory, etc.) in the form of a computer program product.
本说明书一个或多个实施例可以在由计算机执行的计算机可执行指令的一般上下文中描述,例如程序模块。一般地,程序模块包括执行特定任务或实现特定抽象数据类型的例程、程序、对象、组件、数据结构等等。也可以在分布式计算环境中实践本说明书一个或多个实施例,在这些分布式计算环境中,由通过通信网络而被连接的远程处理设备来执行任务。在分布式计算环境中,程序模块可以位于包括存储设备在内的本地和远程计算机存储介质中。One or more embodiments of this specification may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. One or more embodiments of this specification may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including storage devices.
对于本领域技术人员而言,显然本发明不限于上述示范性实施例的细节,而且在不背离本发明的精神或基本特征的情况下,能够以其他的形式实现本发明。因此,无论从哪一点来看,均应将实施例看作是示范性的,而且是非限制性的,本发明的范围由所附权利要求而不是上述说明限定,因此旨在将落在权利要求的等同要件的含义和范围内的所有变化囊括在本发明内。不应将权利要求中的任何附图标记视为限制所涉及的权利要求。It will be apparent to those skilled in the art that the present invention is not limited to the details of the above-described exemplary embodiments, but that the present invention may be embodied in other forms without departing from the spirit or essential characteristics of the invention. Therefore, the embodiments are to be regarded in all respects as illustrative and not restrictive, and the scope of the invention is to be defined by the appended claims rather than the foregoing description, which are therefore intended to fall within the scope of the claims. All changes within the meaning and scope of the equivalents of , are included in the present invention. Any reference signs in the claims shall not be construed as limiting the involved claim.
此外,应当理解,虽然本说明书按照实施方式加以描述,但并非每个实施方式仅包含一个独立的技术方案,说明书的这种叙述方式仅仅是为清楚起见,本领域技术人员应当将说明书作为一个整体,各实施例中的技术方案也可以经适当组合,形成本领域技术人员可以理解的其他实施方式。In addition, it should be understood that although this specification is described in terms of embodiments, not each embodiment only includes an independent technical solution, and this description in the specification is only for the sake of clarity, and those skilled in the art should take the specification as a whole , the technical solutions in each embodiment can also be appropriately combined to form other implementations that can be understood by those skilled in the art.

Claims (10)

  1. 一种IPFIX消息的处理方法,所述方法包括:A method for processing an IPFIX message, the method comprising:
    在对入方向IPFIX消息处理时,将对应的流ID传送给出方向;When processing the inbound IPFIX message, the corresponding flow ID is transmitted to give the direction;
    在出方向根据所述传送的流ID索引对应的流,并对其进行出方向IPFIX消息处理。In the outbound direction, the corresponding stream is indexed according to the transmitted stream ID, and the outbound direction IPFIX message processing is performed on it.
  2. 一种IPFIX消息的处理方法,所述方法包括:A method for processing an IPFIX message, the method comprising:
    在对入方向IPFIX消息处理时,将对应的流ID和流表变更计数传送给出方向,所述流表变更计数设置为在对应的流被删除时改变计数;When processing the inbound IPFIX message, the corresponding flow ID and flow table change count are transmitted to give a direction, and the flow table change count is set to change the count when the corresponding flow is deleted;
    在出方向根据所述传送的流ID索引对应的流,并判断所述索引出的流对应的流表变更计数和入方向传送的流表变更计数是否一致;若否,In the outbound direction, the corresponding stream is indexed according to the transmitted stream ID, and it is judged whether the flow table change count corresponding to the indexed stream is consistent with the flow table change count transmitted in the inbound direction; if not,
    在出方向不执行对所述索引出的流的IPFIX消息处理。No IPFIX message processing for the indexed flow is performed in the outbound direction.
  3. 根据权利要求1所述的IPFIX消息的处理方法,其中,若所述索引出的流对应的流表变更计数和入方向传送的流表变更计数一致,则在出方向对所述索引出的流进行IPFIX消息处理。The method for processing an IPFIX message according to claim 1, wherein, if the flow table change count corresponding to the indexed flow is consistent with the flow table change count transmitted in the inbound direction, the indexed flow is processed in the outbound direction. Perform IPFIX message processing.
  4. 根据权利要求1至3任一项所述的IPFIX消息的处理方法,其中,在出方向对所述索引出的流进行IPFIX消息处理,包括:The method for processing an IPFIX message according to any one of claims 1 to 3, wherein performing IPFIX message processing on the indexed stream in the outbound direction, comprising:
    在出方向更新所述索引出的流对应的IPFIX流表出方向流表记录信息。In the outgoing direction, the IPFIX flow table record information of the outgoing direction flow table corresponding to the indexed flow is updated.
  5. 根据权利要求1至3任一项所述的IPFIX消息的处理方法,其中,所述方法还包括:The method for processing an IPFIX message according to any one of claims 1 to 3, wherein the method further comprises:
    在入方向符合上报条件时,将IPFIX流表的入方向流表记录信息和出方向流表记录信息同时上报;和/或,When the inbound direction meets the reporting conditions, report the inbound flow table record information and outbound flow table record information of the IPFIX flow table at the same time; and/or,
    在出方向符合上报条件时,将IPFIX流表的入方向流表记录信息 和出方向流表记录信息同时上报。When the outbound direction meets the reporting conditions, the inbound direction flow table record information and the outbound direction flow table record information of the IPFIX flow table are reported at the same time.
  6. 根据权利要求1至3任一项所述的IPFIX消息的处理方法,其中,所述方法还包括:The method for processing an IPFIX message according to any one of claims 1 to 3, wherein the method further comprises:
    在对入方向IPFIX消息处理时,将对应的流ID有效标志传送给出方向;When processing the incoming direction IPFIX message, transmit the corresponding stream ID valid flag to give the direction;
    当所述传送的流ID有效标志无效时,在出方向不进行IPFIX消息处理。When the transmitted stream ID valid flag is invalid, no IPFIX message processing is performed in the outbound direction.
  7. 一种ASIC芯片,所述ASIC芯片包括IPFIX引擎,被设置为:An ASIC chip, the ASIC chip comprising an IPFIX engine, configured as:
    在对入方向IPFIX消息处理时,将对应的流ID传送给出方向;When processing the inbound IPFIX message, the corresponding flow ID is transmitted to give the direction;
    在出方向根据所述传送的流ID索引对应的流,并对其进行出方向IPFIX消息处理。In the outbound direction, the corresponding stream is indexed according to the transmitted stream ID, and the outbound direction IPFIX message processing is performed on it.
  8. 一种ASIC芯片,所述ASIC芯片包括IPFIX引擎,被设置为:An ASIC chip, the ASIC chip comprising an IPFIX engine, configured as:
    在对入方向IPFIX消息处理时,将对应的流ID和流表变更计数传送给出方向,所述流表变更计数设置为在对应的流被删除时改变计数;When processing the inbound IPFIX message, the corresponding flow ID and flow table change count are transmitted to give a direction, and the flow table change count is set to change the count when the corresponding flow is deleted;
    在出方向根据所述传送的流ID索引对应的流,并判断所述索引出的流对应的流表变更计数和入方向传送的流表变更计数是否一致;若否,In the outbound direction, the corresponding stream is indexed according to the transmitted stream ID, and it is judged whether the flow table change count corresponding to the indexed stream is consistent with the flow table change count transmitted in the inbound direction; if not,
    在出方向不执行对所述索引出的流的IPFIX消息处理。No IPFIX message processing for the indexed flow is performed in the outbound direction.
  9. 一种网络交换芯片,所述网络交换芯片包括:内核和RAM,所述内核被设置为实现上述权利要求1至6任一项提供的IPFIX消息处理方法。A network switch chip, the network switch chip comprising: a kernel and a RAM, the kernel is configured to implement the IPFIX message processing method provided by any one of the above claims 1 to 6.
  10. 一种计算机可读存储介质,所述计算机可读存储介质中存储有计算机可执行指令,该计算机可执行指令配置为执行上述权利要求1至6任一项提供的IPFIX消息处理方法。A computer-readable storage medium, storing computer-executable instructions in the computer-readable storage medium, the computer-executable instructions being configured to execute the IPFIX message processing method provided by any one of claims 1 to 6 above.
PCT/CN2021/129606 2020-11-10 2021-11-09 Method for processing ipfix message, storage medium, network switching chip and asic chip WO2022100581A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202011247536.5 2020-11-10
CN202011247536.5A CN112422434A (en) 2020-11-10 2020-11-10 IPFIX message processing method, application thereof and ASIC chip

Publications (1)

Publication Number Publication Date
WO2022100581A1 true WO2022100581A1 (en) 2022-05-19

Family

ID=74781661

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/129606 WO2022100581A1 (en) 2020-11-10 2021-11-09 Method for processing ipfix message, storage medium, network switching chip and asic chip

Country Status (2)

Country Link
CN (1) CN112422434A (en)
WO (1) WO2022100581A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112422434A (en) * 2020-11-10 2021-02-26 盛科网络(苏州)有限公司 IPFIX message processing method, application thereof and ASIC chip
CN113726678A (en) * 2021-07-28 2021-11-30 中盈优创资讯科技有限公司 Message distribution method based on NetFlow load balancer

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170264557A1 (en) * 2014-07-28 2017-09-14 Telefonaktiebolaget Lm Ericsson (Publ) Automated flow devolvement in an aggregate flow environment
CN108259378A (en) * 2017-03-30 2018-07-06 新华三技术有限公司 A kind of message processing method and device
CN110865965A (en) * 2019-11-13 2020-03-06 苏州盛科科技有限公司 Method and device for realizing flow table bidirectional data synchronization based on hardware
CN112422434A (en) * 2020-11-10 2021-02-26 盛科网络(苏州)有限公司 IPFIX message processing method, application thereof and ASIC chip

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102238041A (en) * 2010-04-23 2011-11-09 华为技术有限公司 Internet protocol (IP) stream quality monitoring method, device and system
US9843488B2 (en) * 2011-11-07 2017-12-12 Netflow Logic Corporation Method and system for confident anomaly detection in computer network traffic
CN104378263A (en) * 2014-11-27 2015-02-25 盛科网络(苏州)有限公司 Network flow monitoring method and device based on TCP session and message processing chip
CN105515921A (en) * 2016-01-25 2016-04-20 盛科网络(苏州)有限公司 Method and device for achieving real-time monitoring over network fragment message flow

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170264557A1 (en) * 2014-07-28 2017-09-14 Telefonaktiebolaget Lm Ericsson (Publ) Automated flow devolvement in an aggregate flow environment
CN108259378A (en) * 2017-03-30 2018-07-06 新华三技术有限公司 A kind of message processing method and device
CN110865965A (en) * 2019-11-13 2020-03-06 苏州盛科科技有限公司 Method and device for realizing flow table bidirectional data synchronization based on hardware
CN112422434A (en) * 2020-11-10 2021-02-26 盛科网络(苏州)有限公司 IPFIX message processing method, application thereof and ASIC chip

Also Published As

Publication number Publication date
CN112422434A (en) 2021-02-26

Similar Documents

Publication Publication Date Title
US11855895B2 (en) Systems, apparatuses and methods for network packet management
US11350318B2 (en) Multichannel data transmission method and apparatus
US11570098B2 (en) Systems, apparatuses and methods for cooperating routers
CN103314557B (en) Network system, controller, switch, and traffic monitoring method
WO2022105691A1 (en) Method for preventing ipfix message loss, application thereof, and asic chip
WO2022100581A1 (en) Method for processing ipfix message, storage medium, network switching chip and asic chip
US20190312816A1 (en) Flow Control Method and Switching Device
US7970878B1 (en) Method and apparatus for limiting domain name server transaction bandwidth
US10116538B2 (en) Attributing network address translation device processed traffic to individual hosts
US20230412591A1 (en) Traffic processing method and protection system
US20230300051A1 (en) In-band Edge-to-Edge Round-Trip Time Measurement
RU2602333C2 (en) Network system, packet processing method and storage medium
WO2021098425A1 (en) Qos policy method, device, and computing device for service configuration
WO2018087721A1 (en) Systems, apparatuses and methods for cooperating routers
WO2024060408A1 (en) Network attack detection method and apparatus, device and storage medium
WO2018177003A1 (en) Charging method, and related device and system
CN113037859B (en) Session information management method, device, exchange equipment and medium
KR101501698B1 (en) Method for detecting anomaly data flooding in mobile communication network
WO2023191162A1 (en) Data processing device and method capable of analyzing container-based network live stream
CN108737291B (en) Method and device for representing network flow
Bai et al. Design of efficient MDI testing system

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205 DATED 16/10/2023)