Multi-core printed circuit board access control list (ACL) rule matching method
A matching method and core board technology, applied in the field of multi-core board ACL rule matching, can solve problems such as reduced efficiency, and achieve the effects of increasing quantity, improving matching efficiency, and optimizing processing flow
Inactive Publication Date: 2013-07-03
RUN TECH CO LTD BEIJING
View PDF5 Cites 23 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0006] Multi-core boards generally continue the implementation idea of hardware distribution boards, and use the method of traversing the rules for matching processing. When the number of rules is small, it is very fast, and generally supports less than 100,000 rules. However, when the number of rules increases to a certain The efficiency is significantly reduced when the
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0051] image 3 Shown is the data input and output flow chart of the present invention.
[0052] This method is an improvement in the ACL processing module.
[0053] The implementation steps are divided into several steps:
[0054] Add an array of pointers to the module 1, which are used to save the pointers of N hash tables
[0055] 2. Create a Hash table. The organization of the specific HASH table can be arbitrary, whether it is a one-way linked list or a two-way list. There is no specific requirement in this patent.
[0056] 3. Create a node, which stores the content of the rules, and then insert the node into the linked list under a bucket of the hash table according to the category of the rules.
[0057] 4 The matching of data packets is also processed separately according to the category.
[0058] 5 Specific classification and insertion, deletion, and search methods are described in the technical proposal.
[0059] 6. When a rule in a certain node is matched, accordi...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention discloses a multi-core printed circuit board access control list (ACL) rule matching method and belongs to the field of data distribution and filtering of the network security industry. The multi-core printed circuit board ACL rule matching method includes the following steps: 1), dividing ACL rules of the multi-core printed circuit board into N categories according to the quintuple, wherein each category of the rules comprises one or a plurality of elements of the quintuple; 2), extracting quintuple information contained by a data package to be searched and constructing a virtual quintuple of one category of the rules according to the extracted information; 3), searching matched rule nodes from ACL rule nodes corresponding to the category of the rules by means of the constructed virtual quintuple, constructing a virtual quintuple of another category of rules through the extracted information when no matched rule node is found, searching the matched rule nodes from the ACL rule nodes corresponding to the category of the rules, and stopping matching when no matched rule node of the data package is found in each category of the rules. The multi-core printed circuit board ACL rule matching method can greatly increase the number of the rules supported by the multi-core printed circuit board.
Description
technical field [0001] The invention relates to a multi-core board ACL rule matching method, which belongs to the field of data distribution and filtering in the network security industry. Background technique [0002] ACL (Access Control List) technology is a data filtering and control method, which is mainly used in routers, switches, firewalls and other products to filter and control data. [0003] In the field of network security, ACL technology is used to allow the distribution device to filter the original data packets of the Internet by configuring rules. The rules can be port or IP and protocol, or a combination of them. [0004] In a general implementation, the splitter board device matches the rules in a traversal manner. The problem with this method is that when the number of rules exceeds a certain value, performance will be greatly affected, thereby reducing the distribution efficiency of the board for data packets. It is difficult to optimize the performance ...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/743
Inventor 樊景亮
Owner RUN TECH CO LTD BEIJING