[0028] In order to solve the disadvantages of the traditional technical solutions, the present invention further illustrates a P2P automatic flow control method and system according to the present invention through the following specific embodiments. The specific implementation manners are described in detail below, but are not intended to limit the present invention.
[0029] In the following, flow control and P2P service identification and processing are two independent processes triggered by different events. The flow control process calls the results in the P2P service identification and processing process when needed.
[0030] In this embodiment, the actual captured network message is used as a sample, the data message is parsed according to the protocol format used in various P2P application processes, and the data message transmitted in the communication process of the P2P application is dependent on message characteristics or behaviors. Identify P2P applications.
[0031] Such as figure 1 As shown, after the network device in the embodiment of the present invention captures a data message, the flow chart for identifying and processing P2P applications includes the following steps:
[0032] Step 100: Perform hierarchical analysis of the data message by using the data packet protocol analysis technology according to the actual captured data message of the current interaction and the characteristics of various P2P applications;
[0033] Step 101: Determine whether the data currently interacted by the network is a P2P application that needs to be restricted, if so, go to step 102; if it is not a P2P application, discard the captured message, and end;
[0034] Step 102, extract P2P application connection information from the received P2P application data message, and determine whether a newly added P2P application is added, if not, proceed according to the existing method and end; if yes, go to step 103;
[0035] Specifically, query all currently stored P2P application connection information based on the extracted and available P2P application connection information. If the query result shows that the P2P application connection information is already included in the library, no change is made, and the query continues to be provided by the network flow controller The next P2P application connection information (if there is next P2P application connection information). If the query result indicates that the P2P application connection information has not been saved, it indicates that it is newly added P2P application connection information.
[0036] Step 103: According to the current flow control mode and execution status, it is judged whether P2P application connection can be added:
[0037] If it can be increased (for example, the current flow control method allows to increase, and the number of connected P2P applications after the latest statistics is less than the maximum number of P2P applications that can be increased determined by the statistics), go to step 104;
[0038] If it cannot be increased (for example, the current flow control method does not allow to increase, or the connected P2P applications have reached the maximum number of P2P applications that can be increased determined by the statistics after the latest statistics), go to step 105;
[0039] Step 104: Connect directly and establish a new storage entry to record the connected P2P application connection information, and at the same time update the number of connected P2P applications in this statistical period, and end;
[0040] Step 105: Do not connect the newly added P2P application, discard the extracted P2P application connection information, and end.
[0041] An example can be used to illustrate step 100. For example, "%13BitTorrent%20Protocol" is used to identify the BT message type in the BT protocol or software communication process that uses the BT protocol. It can be used as a static identification feature of the BT protocol. No matter what type of BT client is used, the BT protocol it uses has this feature when encapsulating data packets. Another example is Edonkey's protocol features can be set as follows:
[0042] E3 96 FF F0 payload length 6
[0043] E3 A2 FF F0 payload length 6
[0044] E3 97 payload length 34
[0045] E3 9A load length 18
[0046] E3 92 Load length 10
[0047] In addition, some protocols that are difficult to perform P2P identification with a single message static feature can be identified based on their behavior characteristics. The same can be set as follows using the Edonkey protocol as an example:
[0048] 1) Edonkey2000 uses many 6-byte long UDP packets to send server status request packets (the feature of the client request server status step indicates that the connection is in this state).
[0049] 2) During the use of Edonkey2000, a 25-byte packet is generally used to realize the search function. Therefore, it can be considered that the Edonkey2000 data packet with a length of 25 is used as the identification of the search state in the actual session.
[0050] 3) During the use of Edonkey2000, the client will send a large number of UDP packets when connecting to other nodes in the network. The client mainly uses two ports, one of which is used to connect to the server, and the other sends connection requests to other equivalent clients . see image 3. Therefore, we can set the status feature to be that the same source IP uses a certain UDP port to send a large number of UDP packets to a large number of different destination IPs within a unit time, and it is determined as a P2P application connection request.
[0051] In this embodiment, the P2P application flow control strategy is set as: when the current bandwidth occupancy is lower than the set first threshold (here it can be set to 90% of the total bandwidth), it is considered that there is enough idle traffic to allow the increase of P2P applications; When the bandwidth occupation exceeds the set second threshold (here, it can be set to 95% of the total bandwidth, which should be greater than or equal to the first threshold), block some or all of the current P2P applications. The present invention is not limited to this, and other control strategies can also be used to determine whether P2P applications should be blocked or added.
[0052] As for the specific plan of the P2P application flow control strategy (adjust the specific number of P2P applications, flow restrictions, etc.), in the actual process, it is determined in real time based on the detection results (for example, how many P2Ps are added, how much each flow limit is, and needs to be customized). Such as figure 2 As shown, the flowchart of P2P automatic flow control of network equipment in the embodiment of the present invention includes the following steps:
[0053] S1: Perform statistics on current network traffic conditions periodically;
[0054] According to the set time interval (periodically), the current network environment traffic conditions are counted to determine the proportion of bandwidth occupied by the current traffic;
[0055] S2. Determine the current flow control method according to the ratio and the set threshold, combined with the P2P application flow control strategy: if the ratio is less than the first threshold, that is, when there is enough idle traffic, it is allowed to add P2P applications, and step S3 is executed; If the ratio is greater than the second threshold, it is necessary to reduce or reduce the current P2P traffic, and proceed to step S4; if the ratio is between the first and second thresholds, do not process and end;
[0056] S3, determine the new P2P applications to be connected and their number, and end;
[0057] S4: Determine and execute the P2P application connection to be blocked according to the number specified by the current flow control mode, and delete the saved connected corresponding P2P application connection information after completion, and end.
[0058] Specifically, the P2P application to be blocked can be determined according to the sequence of storage of the P2P application connection information, such as blocking first, and deleting related entries in the storage device. If the number of saved connected P2P application connection information is less than the number established by the P2P application flow control scheme, all connected P2P application connection information in the library is directly deleted.
[0059] Such as image 3 What is shown is an architecture diagram of a P2P automatic flow control system according to an embodiment of the present invention. It includes a network flow controller 302, a storage device 303, a policy implementation device 304, a P2P application identifier 300, and a P2P application processor 301.
[0060] The P2P application identifier 300 is used to perform hierarchical data packet protocol analysis on the current message according to the actual captured data message and different characteristics of various P2P applications. If it is determined that the currently interacting data is a P2P application, it needs to be determined. P2P application type, and extract the P2P application connection information in the captured data message and send it to the P2P application processor 301;
[0061] The P2P application processor 301 is configured to perform corresponding processing according to the P2P application connection information sent by the P2P application identifier 300. If it is determined that it is a newly-added P2P application connection, it is based on the current flow control method extracted from the storage device 303 and The execution status determines whether the P2P application connection can be added. If permitted, the newly added P2P application connection information is sent to the P2P application connection module in the policy implementation device 304; otherwise, the newly added P2P application connection information is discarded.
[0062] The network traffic controller 302 is used to perform statistics on the current network traffic conditions according to the set time interval, and combine the traffic control strategy extracted by the storage device 303 and the current traffic statistics to determine the current P2P traffic control method, including the possibility of adding connections, The three types of connection should be blocked or not processed (specifically, the number of P2P applications that can be connected or should be blocked and the maximum flow of each P2P application, etc.), the current P2P flow control method is stored in the storage device 303, and the previous The two control methods are respectively sent to the P2P application connection module and the blocking module in the policy implementation device 304.
[0063] The storage device 303 is used to store the connected P2P application connection information, the configured flow control strategy information, and the current flow control mode and execution information;
[0064] The policy implementation device 304 further includes: a P2P application connection module and a P2P application blocking module;
[0065] The P2P application connection module is used to establish the corresponding P2P application connection after receiving the new P2P application connection information sent by the P2P application processor 301, and then save the newly added P2P application connection information to the storage device 303 and mark it as already Connect, correspondingly increase the number of connected P2P applications in this statistical period.
[0066] The P2P blocking module extracts the corresponding number of connected P2P application connection information in the storage device 303 and blocks the corresponding P2P application connection according to the P2P flow control method that should block the connection from the network flow controller 302, and then deletes the corresponding P2P application connection information or set it as not connected.
[0067] For some specific implementations of the above device functions, see the description in the above method, which will not be repeated here.
[0068] The following is an application example of the above embodiment:
[0069] Regardless of whether there is a current P2P data interaction (not triggered by the existence of a P2P data interaction), detailed statistics of the current network traffic conditions are performed according to a preset time interval. It is mainly to reflect the number of bytes transmitted per second of current network traffic and the occupation of total network bandwidth. For example, if the current network traffic is 1.5M/sec and the total network bandwidth is 2M, the current traffic occupies 75% of the bandwidth. Then, according to the traffic conditions at this time, the specific plan of the new P2P application control strategy is formulated and the corresponding information is provided to the strategy implementer and the storage device for related operations. Assuming that the system presets the first threshold to be 90% of the total bandwidth, it indicates that the current P2P available traffic is 15%, that is, 300k/sec. A new P2P application control rule can be formulated to increase P2P connections by 10, and each connection speed is limited to no more than 30k/sec. The network flow controller issues this new control strategy to the strategy implementation device to limit the flow of the newly added P2P application connection. At the same time, the network flow controller writes the newly added P2P application connection information provided by the P2P application identifier into the storage device until the number reaches 10. The provided P2P application connection information includes the source IP, destination IP, source port, destination port, etc. of the corresponding P2P connection; the storage device uses this as a record of currently available P2P application connections.
[0070]Assuming that after a certain interval of time, network traffic statistics find that the current traffic occupies a bandwidth of more than 90% of the first threshold, it means that there are non-P2P services that require more bandwidth support at this time. It is necessary to reduce the P2P application traffic in the current network environment in order to provide more network resources for other normal network services, but at this time the traffic has not exceeded the second threshold 95%, and the current flow control method may not be changed.
[0071] Suppose the current network traffic statistics find that the current traffic occupies 95%-100% of the bandwidth, which exceeds the second threshold, indicating that there is no idle bandwidth available in the current network environment, and the current P2P traffic needs to be reduced to release more resources to other normal ones. For network services, adjust the P2P application control strategy after traffic statistics. For example, the new strategy is specifically to close the current 5 P2P connections in use; then 5 connection information is provided, and the 5 current P2P application connection information is adjusted according to the 5 current P2P connection information. The connection is blocked, and the saved connection information of the 5 P2P applications is deleted at the same time; in this way, the P2P application on the 5 connections is terminated, and the bandwidth usage of 150k/sec is provided for other normal network services. If after a time interval has elapsed, if the traffic is still too large, the adjustment method is cyclically followed until the current network traffic occupies bandwidth below 90% or the current P2P application connection status storage device has no record.
[0072] Of course, the present invention can also have various other embodiments. Without departing from the spirit and essence of the present invention, those skilled in the art can make various corresponding changes and modifications according to the present invention, but these corresponding All changes and deformations shall belong to the protection scope of the appended claims of the present invention.
