Method based on access control list category

An access control list and algorithm technology, applied in digital transmission systems, data exchange networks, electrical components, etc., can solve the problems of reduced search efficiency, impacted efficiency, low search efficiency, etc., to save search time and save storage resources Effect

Inactive Publication Date: 2008-03-19
ZTE CORP
View PDF0 Cites 27 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0038] (2) The update time is long. As long as there is a slight change in ACE, the entire RFC table needs to be rebuilt. This cost is very high, because not only the index table must be filled, but also the EqID and CBM must be calculated.
If n is more, the efficiency will be affected
[0042] (3) In the case of multiple classifications, the search efficiency is low: during the processing of the message, it may not only be classified once, but may be classified differently in different functional modules
If the number of classifications is large, the search efficiency will be further reduced
[0043] (4) When modifying multiple ACLs, the update time is long

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method based on access control list category
  • Method based on access control list category
  • Method based on access control list category

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0070] According to the analysis, after a specific packet enters a network element, the result is always unique after each classification. That is to say, when two identical packets enter a network element, their processing should be exactly the same. Set of class behaviors. If there is a method that can obtain all the behaviors to be done after a classification search, that is, the behavior set, then this method must be the most efficient, and the time complexity is O(n).

[0071] The difference between the present invention and the existing RFC algorithm is that all ACLs form an RFC table, and the final query result of the table is an action set, and the action set can include: whether the message is allowed to pass through, what kind of restriction is adopted Speed ​​policy and what kind of NAT conversion and so on. In this way, when a packet enters a network element, only one search is required to obtain the set of behaviors that the packet should adopt.

[0072] The pre...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a list classifying method based on access control, which includes the following steps: sequentially arranging ACEs in ACL, all of ACEs of the ACL being continuous and having a consistent sequence in the ACL; constructing the index table of Phase 0 according to RFC algorithm to obtain CBM and eqID; constructing the index tables of Phase 1 and subsequent eqID by RFC algorithm and CBM; calculating the first hit regulation number of each ACL group according to each CBM, and constructing GBM using the behavior of the regulation; and sequentially searching bit of a first selected behavior in the GBM according the classification sequence of ACL in each function to obtain corresponding behavior of ACL classification, and storing in a behavior set corresponding to GBM. The invention can search GBM and the behavior set of a message through one searching process, thereby reducing the searching frequency significantly and saving the searching time.

Description

technical field [0001] The invention relates to a technology related to message classification in IP network equipment in communication, and specifically relates to a method based on access control list classification. Background technique [0002] The popularization of network applications and the Internet not only greatly improves the production and operation efficiency of enterprises, but also brings security such as data. How to effectively manage a network and reduce the negative impact of the network as much as possible has become an important topic for network administrators. ACL is one of the commonly used security technologies. ACL uses packet filtering technology to read the information in the third layer and fourth layer packet headers on the router or intelligent switch, such as source address, destination address, source port, destination port, etc., according to Pre-defined rules filter packets to achieve the purpose of access control. [0003] ACL is a gener...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/56H04L29/06
Inventor 纪翀李华光薛红兵曹超
Owner ZTE CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap