Unlock instant, AI-driven research and patent intelligence for your innovation.

A fast flow table lookup method and system in a high-concurrency network environment

A network environment and flow table technology, applied in the field of network security, can solve problems such as system missed detection, and achieve the effects of reducing overhead, improving access efficiency, and high efficiency and flexibility

Active Publication Date: 2019-09-10
INST OF INFORMATION ENG CHINESE ACAD OF SCI
View PDF1 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] In terms of optimizing the search operation with the help of network locality, using FPGA and SRAM to realize the high-speed cache of the flow table can speed up the access speed. Limited by the circuit complexity of the FPGA and the capacity limitation of the SRAM, the size of the flow table is limited by the storage capacity. In a high-concurrency network environment, affected by traffic fluctuations and burst traffic, a large number of active connections will be forced to be replaced, resulting in missed detection by the system

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A fast flow table lookup method and system in a high-concurrency network environment
  • A fast flow table lookup method and system in a high-concurrency network environment
  • A fast flow table lookup method and system in a high-concurrency network environment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0026] The present invention will be further described below through specific embodiments and accompanying drawings.

[0027] The general framework of the present invention is as figure 1 As shown, it consists of six parts: network interface, buffer window management module, data stream grouping module, starvation avoidance module, packet scheduler, and connection management module. The operation steps are as follows:

[0028] 1) When the traffic enters the network interface, the traffic situation is counted, and the traffic statistics are sent to the buffer window management module; the buffer window management module selects one from the preset window sizes according to the current traffic situation;

[0029] 2) According to the set window size, the data stream grouping module performs a grouping operation on the arriving data packets, and when the scheduling opportunity arrives, triggers the grouping scheduler;

[0030] 3) After receiving the trigger instruction, the packe...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a fast flow table search method and system in a high concurrent network environment. The method comprises: 1) counting the traffic entering the network interface, and setting the buffer window of the buffer according to the current traffic condition of the statistics; 2) according to the size of the buffer window set, utilizing quintuple information to process 3) Schedule each cached group according to the preset scheduling strategy, and send each group to the connection management module in turn; 4) The connection management module extracts the quintuple information of each group and performs flow table search process, find the corresponding flow entry, and use the data packets in the group to update the information of the flow entry. The invention is mainly applicable to the high-speed network flow processing system of the backbone link, can optimize the access cost of the connection management module under the high-speed network environment, and improve the access efficiency of the flow table.

Description

technical field [0001] The invention belongs to the technical field of network security, and in particular relates to a fast flow table search method and system for a high-concurrency network environment. Background technique [0002] In a high-speed network environment, efficient connection management has become a key module of existing network traffic processing systems (such as intrusion detection, traffic accounting, etc. systems). Usually, the traffic processing system architecture is mainly divided into three modules: traffic acquisition, Connection management, business processing. Connection management provides flow traceability for business processing, including three operations: search, update, and delete. In order to accurately record each connection, the connection management module must maintain a connection table (or session table), wherein each connection table item traces a connection in the network, and is responsible for recording the identification ID, sta...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L12/865H04L47/6275
CPCH04L47/6275
Inventor 刘庆云王鹏周舟李佳杨威方滨兴郭莉
Owner INST OF INFORMATION ENG CHINESE ACAD OF SCI