Unlock instant, AI-driven research and patent intelligence for your innovation.

A method and device for implementing an access control list ACL

A technology of access control list and implementation method, which is applied in the direction of secure communication devices, digital transmission systems, electrical components, etc., can solve the problems of non-existence of implementation methods, high cost of TCAM devices, and large power consumption, so as to improve search efficiency and reduce The effect of data processing volume

Active Publication Date: 2020-02-04
SANECHIPS TECH CO LTD
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The advantage of using TCAM to implement ACL is that it is simple to implement, but TCAM also has many shortcomings
First of all, TCAM compares the keyword to be searched with each entry of TCAM in the same clock cycle, resulting in relatively large power consumption; second, the cost of TCAM devices is relatively high and expensive
Therefore, there is no suitable ACL implementation method in the prior art

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and device for implementing an access control list ACL
  • A method and device for implementing an access control list ACL
  • A method and device for implementing an access control list ACL

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0035] The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the drawings in the embodiments of the present invention.

[0036] First of all, it needs to be explained that during packet data transmission, data packets are divided into different streams according to specific key fields of the data packets. After being divided into streams, various processes can be performed on the stream, such as discarding or forwarding, rate limiting, and priority reassignment, etc. This process is called an action. Usually a rule plus corresponding action is called an ACL.

[0037] For example, there are five key fields in general industry standard composition rules, which are usually called 5-tuples. These five keywords are: the source address of the IP message, the destination address of the IP message, and the bearer address of the IP message. Protocol type, TCP or UDP source port number, TCP or UDP destin...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the present invention discloses an implementation method of an access control list ACL, comprising: step A, dividing each keyword to be searched extracted from the same data packet into M key fields; step B, at least M key fields The i-th key field in the key fields is used as the address to access the i-th rule table in the preset M rule tables to obtain the corresponding rule node type of the i-th key field; step C, when the i-th When the rule node type corresponding to the key field is a leaf node, the rule number corresponding to the i-th key field is determined as the rule number of the keyword to be searched corresponding to the M key fields, and the execution step E is executed; step D, When the rule node type corresponding to the i-th key field is an intermediate node or a mixed node, add 1 to the value of i and go to step B; step E, after determining the rule number of the keyword to be searched, The rule number of the character is used to obtain the corresponding action.

Description

technical field [0001] The invention relates to the field of packet transmission, in particular to a method and device for realizing an access control list (ACL). Background technique [0002] With the development of network technology, more and more network devices need to support fast and accurate packet classification, such as security gateways, edge routers, and core routers. The development trend of the future network needs to provide users with better quality of service, and mechanisms to improve service quality such as firewalls, differentiated services, virtual private network VPNs, and policy-based routing are all based on efficient access control lists (ACL, Access Control List ) over technology. In addition, with the development of optical fiber communication technology, link bandwidth and transmission rate are no longer a problem, routing and forwarding equipment is becoming a network bottleneck, and ACL is the key. Therefore, efficient and fast implementation ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/101H04L9/40
Inventor 陈钦树郭继正王平
Owner SANECHIPS TECH CO LTD