WO2022105691A1

WO2022105691A1 - Method for preventing ipfix message loss, application thereof, and asic chip

Info

Publication number: WO2022105691A1
Application number: PCT/CN2021/130419
Authority: WO
Inventors: 朱涛; 赵茂聪
Original assignee: 苏州盛科通信股份有限公司
Priority date: 2020-11-23
Filing date: 2021-11-12
Publication date: 2022-05-27
Also published as: CN112543149A; CN112543149B

Abstract

The embodiments of the present invention provide a method for preventing IPFIX message loss, an application thereof, and an ASIC chip. The method comprises: querying whether a direct memory access (DMA) queue is full; if so, reserving a reporting reason in flow table recording information to be reported in an IPFIX flow table; and traversing the IPFIX flow table on the basis of a set reporting and scanning period, and determining, according to the current DMA queue situation, whether to report the flow table recording information corresponding to the reserved reporting reason. When the reporting of a flow table recording information to be reported in the IPFIX flow table fails, the reporting reason in the flow table recording information to be reported in the IPFIX flow table is reserved, and when the IPFIX flow table is traversed according to the reporting and scanning period, DMA information is reported for the flow table recording information of the IPFIX flow table needing to be reported supplementarily, so that the DMA information, the reporting of which failed can be processed when a CPU chip is idle, thereby ensuring that no IPFIX message is lost, and improving the IPFIX function.

Description

Method for preventing IPFIX message loss and its application, ASIC chip

This application claims the priority of the Chinese patent application filed on November 23, 2020 with the application number 202011321734.1 and the invention title "Method for Preventing IPFIX Message Loss and Its Application, ASIC Chip", the entire contents of which are incorporated by reference in this application.

technical field

The invention relates to the technical field of network equipment, in particular to a method for preventing IPFIX message loss, an application thereof, and an ASIC chip.

Background technique

The IPFIX (IP Flow Information Export, IP data flow information output) network mainly includes three devices: the reporting device Export, the collection device Collector, and the analysis device Analyzer, as shown in Figure 7. Export is set to analyze and process the network flow (Flow), extract the flow statistics that meet the conditions, and output the statistical information to the Collector; the Collector is responsible for parsing the data packets (IPFIX) of the Export, and collects the statistical data into the database. It can be analyzed by Analyser (analyzing device); Analyser extracts statistical data from Collector (collecting device), performs subsequent processing, provides basis for various services, and displays it in the form of a graphical interface.

IPFIX is based on the concept of "flow". A flow refers to: from the same sub-interface, with the same source and destination IP (Internet Protocol, Internet Protocol) addresses, protocol types, the same source and destination protocol port numbers, and the same ToS (Type of Service, service type) message, usually a seven-tuple. IPFIX will record the statistics of this flow, including: timestamp, number of packets, total number of bytes, etc.

In the IPFIX processing flow of the Export device, when the message passes through the ASIC (Application Specific Integrated Circuit) chip, the IPFIX flow table will be generated in the IPFIX engine, and the DMA (Direct Memory Access, direct memory access) will The information is reported to the CPU (Central Processing Unit, central processing unit). After receiving the IPFIX flow table information, the CPU reorganizes the data and sends packets in standard IPFIX format to the Collector device.

In the DMA processing flow, there is a DMA queue between the ASIC chip and the CPU chip. The queue adopts the first-in, first-out principle. When the ASIC chip has a DMA message, it writes a message to the DMA queue, and the CPU chip continuously reads from the DMA queue. information. When the read message rate of the CPU chip is lower than the write message rate of the ASIC chip, it will cause the DMA queue messages to accumulate or even overflow. Once overflowed, the ASIC chip cannot continue to write messages temporarily.

The IPFIX flow table consists of two parts: flow table feature information (KEY) and flow table record information (RD (Record, record)). All packets with the same KEY will be automatically identified as the same Flow (flow). In the prior art, when the IPFIX engine in the ASIC chip processes a message, it will first update the RD information, and then judge whether a certain reporting condition is met according to the new RD information, and if so, send the event message to the CPU through DMA. . As the ASIC chip processes packets faster and more and more IPFIX flow table specifications are supported, the DMA messages of IPFIX events sent by the ASIC chip to the CPU are becoming more and more frequent, and the ability of the CPU to process these DMA messages gradually become a bottleneck. When IPFIX events occur intensively within a certain period of time, the DMA queue will accumulate. Once the DMA queue overflows, new DMA messages will be discarded in the ASIC chip, and there is no subsequent reissue mechanism. The loss of these messages will greatly affect the business functions of IPFIX, such as inaccurate traffic billing and failure to detect network attacks in time.

SUMMARY OF THE INVENTION

In view of this, the purpose of the embodiments of the present invention is to provide a method for preventing the loss of an IPFIX message, an application thereof, and an ASIC chip.

In order to achieve the above purpose, the technical solution provided by an embodiment of the present invention is as follows:

A method for preventing IPFIX message loss, the method comprising:

Query whether the direct memory read and write DMA queue is full; if so,

Retain the reason for reporting in the record information of the flow table to be reported in the IPFIX flow table;

The IPFIX flow table is traversed based on the set reporting scan period, and according to the current DMA queue situation, it is determined whether to report the flow table record information corresponding to the reserved reporting reason.

In one embodiment, the method further includes:

Determine whether the current scan corresponds to the IPFIX flow table aging scan cycle; if so,

Then, when the currently scanned IPFIX flow table meets the aging condition, the aging event is written in the report reason of the flow table record information.

In one embodiment, the method further includes:

When traversing the IPFIX flow table, the report reason with the highest priority in the flow table record information is determined as the reserved report reason.

In one embodiment, the method also includes:

When the report reason in the flow table record information of the IPFIX flow table is not empty, the aging deletion operation of the IPFIX flow table is not performed.

In one embodiment, the set reporting scan period is 1/N of the IPFIX flow table aging scan period, where N is a positive integer; and/or,

Traverse the IPFIX flow table based on the set reporting scan cycle, including:

By multiplexing the aging scan timer, it can traverse the IPFIX flow table according to the set reporting scan cycle.

In one embodiment, traverse the IPFIX flow table based on the set reporting scan period, and determine whether to report the flow table record information corresponding to the reserved reporting reason according to the current DMA queue situation, specifically including:

When the DMA queue is not full, generate the DMA information to be reported according to the reserved reporting reason, and put it into the DMA queue;

When the DMA queue is full, the reporting reason continues to be retained.

The application also provides an ASIC chip, the ASIC chip includes:

The IPFIX engine is set to retain the reporting reason in the record information of the flow table to be reported in the IPFIX flow table when the direct memory read-write DMA queue is full;

The IPFIX timer is set to traverse the IPFIX flow table based on the set reporting scan period, and determines whether to report the flow table record information corresponding to the reserved reporting reason according to the current DMA queue situation.

In an embodiment, the reporting scan period of the IPFIX timer is 1/N of the aging scan period, where N is a positive integer; and/or,

The IPFIX timer is a multiplexed aging scan timer.

The present application also provides a network switch chip, the network switch chip includes: a kernel and a RAM (Random Access Memory, random access memory), and the kernel is configured to implement the above-mentioned method for preventing IPFIX message loss.

The present application further provides a computer-readable storage medium, where computer-executable instructions are stored in the computer-readable storage medium, and the computer-executable instructions are configured to execute the above-mentioned method for preventing the loss of an IPFIX message.

The technical solution of the present application is to retain the reporting reason in the record information of the to-be-reported flow table in the IPFIX flow table when the report of the record information of the to-be-reported flow table in the IPFIX flow table fails, and when traversing the IPFIX flow table according to the reporting scan cycle, The DMA information is reported to the flow table record information of the IPFIX flow table that needs to be supplemented and reported. In this way, the DMA information that fails to be reported can be processed when the CPU chip is idle, to ensure that IPFIX messages will not be lost, and to improve the IPFIX function.

Description of drawings

In order to explain the embodiments of the present invention or the technical solutions in the prior art more clearly, the following briefly introduces the accompanying drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only These are some embodiments described in the present invention. For those of ordinary skill in the art, other drawings can also be obtained based on these drawings without any creative effort.

1 is a flowchart of a method for preventing IPFIX message loss according to an embodiment of the present invention;

2 is a schematic diagram of processing IPFIX by a reporting device applying a method for preventing IPFIX message loss according to an embodiment of the present invention;

3 is a schematic diagram of an ASIC chip reporting DMA information using a method for preventing IPFIX message loss according to an embodiment of the present invention;

4 is a functional schematic diagram of an IPFIX timer in an ASIC chip applying a method for preventing IPFIX message loss according to an embodiment of the present invention;

5 is a block diagram of an ASIC chip applying a method for preventing IPFIX message loss according to an embodiment of the present invention;

6 is a schematic diagram of a hardware structure of a network switching chip in an embodiment of the present invention;

FIG. 7 is a schematic diagram of the network structure of the prior art IPFIX.

Detailed ways

In order to make those skilled in the art better understand the technical solutions in the embodiments of the present invention, the following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. The described embodiments are only some, but not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.

Before introducing the method for preventing the loss of IPFIX messages in this application, several typical IPFIX application scenarios are first introduced.

1. Usage-based Accounting (billing based on usage traffic)

In the past, the traffic billing in network operators was generally simply based on the user's upload and download traffic. Since IPFIX can be accurate to fields such as destination IP, protocol port, etc., traffic charging can be charged in sections based on the characteristics of application services.

2. Traffic Profiling (traffic overview), Traffic Engineering: (traffic engineering)

Through the record output of IPFIX Exporter, IPFIX Collector can output very rich traffic record information in various chart forms, which is the concept of Traffic Profiling. However, it is only a record of information, and the powerful functions of IPFIX cannot be utilized. IETF also introduced the concept of Traffic Engineering: in the actual operation network, load balancing and redundant backup are often planned, but various protocols are generally planned according to the network. It can be adjusted according to the predetermined route or the principle of the agreement. However, if IPFIX is used to monitor the traffic in the network, and it is found that some data flows are large in a certain period of time, it can be reported to the network administrator for traffic adjustment, so as to allocate and adjust more network bandwidth for related application services and reduce uneven load. situation occurs. Even more intelligently, setting rules such as routing adjustment, bandwidth allocation, and security policy can be directly bound to the operations on the IPFIX Collector, and network traffic adjustment can be automatically completed.

3. Attack/Intrusion Detection: Attack/Intrusion Detection

From the description of the second application scenario above, it can be known that IPFIX can detect network attacks (such as typical IP scans, port scans, DDOS (Distributed denial of service, distributed denial of service) attacks) based on traffic characteristics. Using the standard IPFIX protocol, you can also use the "signature library" upgrade to prevent the latest network attacks like the general host-side virus protection.

Referring to FIG. 1, a specific implementation manner of the method for preventing the loss of an IPFIX message according to the present application is introduced. In this embodiment, the method includes:

S11. Query whether the direct memory read/write DMA queue is full.

With reference to Figure 2 and Figure 3, when the Export device receives a data packet, it will go through the IPFIX engine of the ASIC chip. When a packet passes through the IPFIX engine, it first determines whether the IPFIX feature is enabled. If it is not enabled, the IPFIX engine processing is skipped; if the IPFIX feature is enabled, it enters the IPFIX engine. The engine will extract the flow table feature information of the packet, and find out whether there is a flow (Flow) with the same flow table feature information according to the flow table feature information. If the Flow already exists, update the corresponding flow table record information; if the Flow does not exist, generate a new Flow, fill in the flow table feature information of the Flow with the flow table feature information of the packet, and update the corresponding flow table record information, For example, packet count, timestamp, etc.

Illustratively, for the IPFIX flow table, the seven-tuple flow table feature information is generally used:

1. Source IP address

2. Destination IP address

3. TCP (Transmission Control Protocol, Transmission Control Protocol)/UDP (UDP, User Datagram Protocol, User Datagram Protocol) source port

4. TCP/UDP destination port

5. Layer 3 protocol type

6. Type-of-service bytes

7. Input logic interface

Next, the IPFIX engine will determine whether the flow table record information of the Flow satisfies the reporting condition, and if so, fill in the reporting reason in the flow table record information of the Flow as the corresponding reporting condition. At this time, it is necessary to report the flow information in time, so that Analyzer can perform network monitoring, traffic accounting, network attack detection and other functions in a timely manner. Illustratively, common reporting conditions include:

1. New flow generation

2. Flow table aging deletion

3. The total number of packets exceeds the set threshold

4. The total number of bytes of the message exceeds the set threshold

5. The packet timestamp exceeds the set threshold

6. The TCP (Transmission Control Protocol) connection is disconnected

7. Packet jitter is too large

8. The message delay is too large

9. Packet TTL (Time To Live, time-to-live value) changes

10. The reason for discarding packets is changed

11. The count of discarded packets exceeds the set threshold

12. The message destination information has changed

Generally, the IPFIX engine will report the flow table record information to be reported in the IPFIX flow table based on the reporting reason. And because the IPFIX engine sends information to the CPU through DMA during the reporting process, the flow table record information successfully reported here is referred to as "DMA information" in this application.

At this time, the IPFIX engine will query whether the DMA queue is full. If it is not full, it will report the DMA information according to the reporting reason in the flow table record information to be reported. That is, the DMA information to be reported is put into the DMA queue, and the reporting reasons in the corresponding flow table record information are cleared to complete the normal reporting.

S12. If the DMA queue is full, keep the reporting reason in the record information of the flow table to be reported in the IPFIX flow table.

The DMA queue is full, indicating that the reading processing speed of the current CPU chip cannot keep up with the writing speed of the IPFIX engine. At this time, retaining the reporting reason in the record information of the flow table to be reported in the IPFIX flow table can prevent the record information of the IPFIX flow table from being discarded after a reporting failure.

S13, traverse the IPFIX flow table based on the set reporting scan period, and determine whether to report the flow table record information corresponding to the reserved reporting reason according to the current DMA queue situation.

With reference to Figure 4, the scanning of the IPFIX flow table can be completed by the IPFIX timer. Specifically, it can scan all the IPFIX flow tables in turn according to the Flow ID (Flow Identity, data flow identity), and determine the IPFIX corresponding to the Flow ID. Whether the flow table is valid, if invalid, skip to scan the next IPFIX flow table.

If the IPFIX flow table corresponding to the Flow ID is valid, it is determined whether the current scan corresponds to the aging scan period of the IPFIX flow table. If yes, when the currently scanned IPFIX flow table meets the aging condition, write the aging event in the report reason in the flow table record information. Illustratively, judging whether an IPFIX flow table satisfies the aging condition may be judging whether a new packet hits the IPFIX flow table within an aging scan period, and if not, then judging that the IPFIX flow table needs to be aged out, and Clear the IPFIX flow table.

Since packets may constantly pass through the IPFIX engine of the ASIC chip, for the IPFIX flow table, new reporting conditions may be continuously written into the reporting reason of the flow table record information. When the IPFIX timer traverses the IPFIX flow table, the report reason with the highest priority in the flow table record information is determined as the above reserved report reason.

For example, the reporting reasons in the flow table record information to be reported to IPFIX are: flow table aging deletion/packet jitter too large/packet TTL change, and the priority of these reporting reasons is configured as packet jitter too much Large > flow table aging and deletion > packet TTL changes, when the packet jitter is too large, the flow table record information of the IPFIX flow table will be reported. If the priority is configured as flow table aging deletion > packet jitter is too large > packet TTL changes, the flow table record information of the IPFIX flow table will be reported with the flow table aging deletion during reporting, and after the report is successful Delete the corresponding IPFIX flow table.

During the reporting process, when the DMA queue is not full, the DMA information to be reported is generated according to the reserved reporting reason and put into the DMA queue; and if the DMA is full, the reporting reason is kept. Moreover, when the reporting cause in the flow table record information of the IPFIX flow table is not empty, the aging deletion operation of the IPFIX flow table is not performed. In this way, even if the reason for the report in the flow table record information is that the flow table is deleted due to aging, the aging deletion operation of the IPFIX flow table will not be performed until the corresponding flow table record information is successfully reported, preventing the loss of IPFIX messages.

In the embodiment of the present application, the set reporting scan period may be 1/N of the aging scan period of the IPFIX flow table, where N is a positive integer. In this way, for the IPFIX timer, when it performs traversal scanning of the IPFIX flow table according to the reporting scan period, it will not affect the progress of the aging scan; and, in such an embodiment, the original aging scan can be reused by multiplexing. The timer traverses the IPFIX flow table according to the set reporting scan cycle, saving timer resources. Of course, in other embodiments, the relationship between the set reporting scan period and the aging scan period may not need to be a multiple of N, and an additionally set timer may be used to specifically perform the reporting scan operation.

Referring to FIG. 5 , the present application further provides a specific implementation manner of an ASIC chip. In this embodiment, the ASIC chip includes an IPFIX engine and an IPFIX timer.

The IPFIX engine is set to retain the reporting reason in the record information of the flow table to be reported in the IPFIX flow table when the direct memory read and write DMA queue is full;

The IPFIX timer is set to traverse the IPFIX flow table based on the set reporting scan period, and determine whether to report the flow table record information corresponding to the reserved reporting reason according to the current DMA queue situation.

In one embodiment, the reporting scan period of the IPFIX timer is 1/N of the aging scan period, where N is a positive integer. Similarly, the IPFIX timer may reuse the original aging scan timer to save timer resources. Moreover, in other embodiments, the relationship between the set reporting scan period and the aging scan period may not need to have a multiple of N relationship, and an additionally set timer is used to specifically perform the reporting scan operation.

The above description of the ASIC chip device embodiment is similar to the description of the above method embodiment, and has similar beneficial effects to the method embodiment. For technical details not disclosed in the device embodiments of the present application, please refer to the descriptions of the method embodiments of the present application for understanding.

In a typical export device, the ASIC chip here is integrated with the PHY chip, the MAC chip and the CPU chip, so that many external components can be removed, so that each chip can achieve a good match, and at the same time, it can also reduce the lead The number of pins, reduce the chip area.

It should be noted that, in the embodiments of the present application, if the above data reading and writing method is implemented in the form of a software function module and sold or used as an independent product, it may also be stored in a computer-readable storage medium. Based on this understanding, the technical solutions of the embodiments of the present application essentially or the parts that make contributions to the prior art not only exist in the chip implementation, but can also be embodied in the form of software products, and the computer software products are stored in a The storage medium includes several instructions for causing a switch chip to execute all or part of the methods described in the various embodiments of the present application. The aforementioned storage medium includes: U disk (USB (Universal Serial Bus, Universal Serial Bus) flash disk), mobile hard disk, read only memory (Read Only Memory, ROM), magnetic disk or optical disk and other programs that can store program codes medium. As such, the embodiments of the present application are not limited to any specific combination of hardware and software.

Correspondingly, an embodiment of the present application provides a network switch chip, including a memory, a kernel, and a RAM, where the memory stores a computer program that can be run through the kernel, and the kernel implements the above embodiments when the computer program is executed Provided steps in a method for preventing IPFIX message loss, the method comprising:

Query whether the direct memory read and write DMA queue is full; if so,

Correspondingly, the core of the network switching chip may also be configured to implement the steps in the method for preventing the loss of an IPFIX message provided by the foregoing embodiment, which will not be repeated here.

Correspondingly, the embodiments of the present application provide a computer-readable storage medium, where computer-executable instructions are stored in the computer-readable storage medium, and the computer-executable instructions are configured to execute the methods for preventing IPFIX message loss provided by the above embodiments. A step of.

It should be pointed out here that the descriptions of the above storage medium and device embodiments are similar to the descriptions of the above method embodiments, and have similar beneficial effects to the method embodiments. For technical details not disclosed in the embodiments of the storage medium and device of the present application, please refer to the description of the method embodiments of the present application to understand.

It should be noted that Fig. 6 is a schematic diagram of a hardware entity of a network switching chip in the embodiment of the application, and as shown in Fig. 6, the hardware entity of this switching chip includes: a kernel, a communication interface and a memory, wherein:

The kernel usually controls the overall operation of the network switch chip.

The communication interface enables the network switch chip to communicate with other terminals or servers through the network.

The memory is configured to store instructions and applications executable by the kernel, and can also cache data (for example, image data, audio data, voice communication data and video communication data) to be processed or processed by each module in the kernel and the network switch chip, It can be implemented by random access memory (Random Access Memory, RAM).

The systems, devices, modules or units described in the above embodiments may be specifically implemented by computer chips or entities, or by products with certain functions.

For the convenience of description, when describing the above device, the functions are divided into various modules and described respectively. Of course, when implementing one or more embodiments of this specification, the functions of each module may be implemented in one or more software and/or hardware.

It should also be noted that the terms "comprising", "comprising" or any other variation thereof are intended to encompass a non-exclusive inclusion such that a process, method, article or device comprising a series of elements includes not only those elements, but also Other elements not expressly listed, or inherent to such a process, method, article of manufacture or apparatus are also included. Without further limitation, an element qualified by the phrase "comprising a..." does not preclude the presence of additional identical elements in the process, method, article of manufacture, or device that includes the element.

As will be appreciated by one skilled in the art, embodiments of one or more of the embodiments of this specification may be provided as a method, system or computer program product. Accordingly, one or more embodiments of this specification may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, one or more embodiments of this specification may employ one or more computer-usable storage media (including, but not limited to, magnetic disk storage, CD-ROM (Compact Disc Read Only Memory, compact disc read only memory) having computer usable program code embodied therein. ), optical storage, etc.) in the form of a computer program product.

One or more embodiments of this specification may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. One or more embodiments of this specification may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including storage devices.

It will be apparent to those skilled in the art that the present invention is not limited to the details of the above-described exemplary embodiments, but that the present invention may be embodied in other specific forms without departing from the spirit or essential characteristics of the invention. Therefore, the embodiments are to be regarded in all respects as illustrative and not restrictive, and the scope of the invention is to be defined by the appended claims rather than the foregoing description, which are therefore intended to fall within the scope of the claims. All changes within the meaning and scope of the equivalents of , are included in the present invention. Any reference signs in the claims shall not be construed as limiting the involved claim.

In addition, it should be understood that although this specification is described in terms of embodiments, not each embodiment only includes an independent technical solution, and this description in the specification is only for the sake of clarity, and those skilled in the art should take the specification as a whole , the technical solutions in each embodiment can also be appropriately combined to form other implementations that can be understood by those skilled in the art.

Claims

A method for preventing IPFIX message loss, the method comprising:

Query whether the direct memory read and write DMA queue is full; if so,

Retain the reason for reporting in the record information of the flow table to be reported in the IPFIX flow table;

The IPFIX flow table is traversed based on the set reporting scan period, and according to the current DMA queue situation, it is determined whether to report the flow table record information corresponding to the reserved reporting reason.
The method for preventing IPFIX message loss according to claim 1, wherein the method further comprises:

Determine whether the current scan corresponds to the IPFIX flow table aging scan cycle; if so,

Then, when the currently scanned IPFIX flow table meets the aging condition, the aging event is written in the report reason of the flow table record information.
The method for preventing IPFIX message loss according to claim 2, wherein the method further comprises:

When traversing the IPFIX flow table, the report reason with the highest priority in the flow table record information is determined as the reserved report reason.
The method for preventing IPFIX message loss according to claim 2, wherein, the method further comprises:

When the report reason in the flow table record information of the IPFIX flow table is not empty, the aging deletion operation of the IPFIX flow table is not performed.
The method for preventing IPFIX message loss according to claim 1, wherein the set reporting scan period is 1/N of the IPFIX flow table aging scan period, wherein N is a positive integer; and/or,

Traverse the IPFIX flow table based on the set reporting scan cycle, including:

By multiplexing the aging scan timer, it can traverse the IPFIX flow table according to the set reporting scan cycle.
The method for preventing IPFIX message loss according to claim 1, wherein the IPFIX flow table is traversed based on a set reporting scan period, and according to the current DMA queue situation, it is determined whether to record information on the flow table corresponding to the reserved reporting reason Reporting, including:

When the DMA queue is not full, generate DMA information to be reported according to the reserved reporting reason, and put it into the DMA queue;

When the DMA queue is full, the reporting reason continues to be retained.
An ASIC chip, the ASIC chip includes:

The IPFIX engine is set to retain the reporting reason in the record information of the flow table to be reported in the IPFIX flow table when the direct memory read-write DMA queue is full;

The IPFIX timer is set to traverse the IPFIX flow table based on the set reporting scan period, and determine whether to report the flow table record information corresponding to the reserved reporting reason according to the current DMA queue situation.
The ASIC chip according to claim 7, wherein the reporting scan period of the IPFIX timer is 1/N of the aging scan period, wherein N is a positive integer; and/or,

The IPFIX timer is a multiplexed aging scan timer.
A network switch chip, the network switch chip comprising: a kernel and a RAM, the kernel is configured to implement the method for preventing the loss of an IPFIX message provided by any one of the above claims 1 to 6. :
A computer-readable storage medium storing computer-executable instructions, the computer-executable instructions being configured to execute the method for preventing the loss of an IPFIX message provided by any one of claims 1 to 6 above.