Unlock instant, AI-driven research and patent intelligence for your innovation.

System and method for accelerating multiple-field classification rule linear search

A linear search and rule technology, applied in the transmission system, electrical components, user identity/authority verification, etc., can solve the problems of complex usage, waste of access control list rule performance, inapplicability of pre-matching technology, etc., to achieve the speed of search Effect

Inactive Publication Date: 2009-08-12
NEW H3C TECH CO LTD
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

At the same time, the number of matching fields in the pre-matching records is large, no matter which search method is used to organize these pre-matching records, the pre-matching process will require a lot of extra work
[0012] 2) Not all modules can consider using this method to speed up the lookup of the access control list
For example, in network quality of service (QoS for short) classification, the same ACL may be referenced multiple times in a single direction of a port, and a linear search must be performed in strict order. This type of pre-matching technology cannot be applied
[0013] 3) The access control list supports multi-domain classification, but only a small number of access control list rules use all the classification domains, and the pre-matching method has a waste of performance for the usually used access control list rules with only one or two classification domains
The access control list is referenced by multiple modules as a common module, and the usage is complicated
If similar pre-matching records are also cached in the above way, the amount of matching operation context information that needs to be cached will be large, which will additionally increase the burden of pre-matching lookups

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • System and method for accelerating multiple-field classification rule linear search
  • System and method for accelerating multiple-field classification rule linear search
  • System and method for accelerating multiple-field classification rule linear search

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0052] see image 3 , image 3 It is a schematic structural diagram of a device for accelerating linear search of multi-domain classification rules according to an embodiment of the present invention; as shown in the figure, the device includes: a module for defining flow matching comparison domains, which is used to pre-define flow matching comparison domains as required, wherein the The flow is a message with the same tuple group in the network, and the flow matching comparison field is composed of elements of the flow, and is a subset of the packet matching comparison field of the access control list; the first message module is judged, which is used for According to the elements in the flow matching comparison field extracted from the message, look up the flow matching information record table of the flow where the message is located, and determine whether the flow is the first packet for the access control list according to the flow matching information record; generate a...

Embodiment 2

[0064] see Figure 5 , Figure 5It is a schematic structural diagram of a multi-field classification rule linear search acceleration device according to an embodiment of the present invention. As shown in the figure, the device includes: a module for defining a flow matching comparison field, which is used to predefine a flow matching comparison field according to needs, wherein the flow is a message with the same tuple in the network, and the flow matching comparison field It is composed of flow elements, and is a subset of the packet matching comparison domain of the access control list; the first packet judgment module is used to find the flow where the packet is located according to the elements in the flow matching comparison domain extracted from the packet A flow matching information record table, and determine whether the flow is the first packet for the access control list according to the flow matching information record; generate a flow matching information recordi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A system and method for accelerating the linear search of multi-field classification rules, the method includes: searching the flow matching information record table of the flow where the message is located according to the elements in the flow matching comparison field extracted from the message, if there is no matching flow matching Information records, starting from the first rule of the linear list of multi-domain classification rules, perform a linear search for these rules in sequence, and when the first rule matching the message is encountered or the end of the table is found, the search is ended and the message matching result is generated, and in the stream Record the linear list number of the multi-domain classification rule and the flow matching rule label corresponding to the flow matching result in the matching information record table; otherwise, start the linear list of the multi-domain classification rule from the rule corresponding to the flow matching rule label in the flow matching information record Search, when encountering the rule matching the first message or finding the end of the table, end the search and generate a message matching result; output the message matching result. Therefore, the present invention can shorten the search interval and speed up the search speed.

Description

technical field [0001] The invention relates to the technical field of network access control, in particular to a system and method for accelerating linear search of multi-domain classification rules. Background technique [0002] In the network security system, the most important security element is the access control control point at the entrance and exit of the network communication channel. In order to classify or filter packets, network devices need to configure a series of matching rules to identify objects to be filtered. After a specific object is identified, the corresponding message can be allowed or prohibited to pass according to the preset policy. A linear list of multi-domain classification rules is used to implement these functions, and an access control list (Access Control List, ACL for short) is one of the linear lists of multi-domain classification rules. [0003] Access control lists are matching lists applied to router interfaces. These matching lists ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/32H04L29/06
Inventor 常慧锋
Owner NEW H3C TECH CO LTD