Method and device for configuring ACL table item

[0025] Exemplary embodiments will be described in detail herein, examples of which are illustrated in the accompanying drawings. Where the following description refers to the drawings, the same numerals in different drawings refer to the same or similar elements unless otherwise indicated. The implementations described in the illustrative examples below are not intended to represent all implementations consistent with this application. Rather, they are merely examples of apparatus and methods consistent with some aspects of the present application as recited in the appended claims.

[0026] The terminology used in this application is for the purpose of describing particular embodiments only and is not intended to limit the application. As used in this application and the appended claims, the singular forms "a," "the," and "the" are intended to include the plural forms as well, unless the context clearly dictates otherwise. It will also be understood that the term "and/or" as used herein refers to and includes any and all possible combinations of one or more of the associated listed items.

[0027] It should be understood that although the terms first, second, third, etc. may be used in this application to describe various information, such information should not be limited by these terms. These terms are only used to distinguish the same type of information from each other. For example, the first information may also be referred to as the second information, and similarly, the second information may also be referred to as the first information without departing from the scope of the present application. Depending on the context, the word "if" as used herein can be interpreted as "at the time of" or "when" or "in response to determining."

[0028] In the prior art, the task of completing the configuration of an ACL entry on a network device is mainly implemented through three modules. The three modules include an ACL entry configuration module, an ACL entry management module, and an ACL entry storage module.

[0029] The ACL entry configuration module is mainly an ACL entry configuration page developed for ACL entry configuration, and is used to input parameters of the ACL entry that need to be configured. The ACL entry configuration page may be a web page or a command line terminal.

[0030] The ACL entry management module is a logic program configured in the CPU, and is used to receive the ACL entry issued by the ACL entry module and the operation type corresponding to the ACL entry, and issue the ACL entry to the ACL entry Store the modules.

[0031] The ACL entry storage module is used to store the ACL entry, wherein the ACL entry is stored in the form of a list, and when the ACL function on the network device is implemented by software, the ACL entry is stored in the in system memory. When the ACL function on the network device is implemented by means of hardware, the ACL entry is stored on the ACL chip. Usually, the ACL chip is selected to store ACL entries to save memory.

[0032] The operations that users can perform on ACL entries on the ACL entry configuration page include: appending ACL entries, inserting ACL entries, deleting ACL entries, moving ACL entries, and modifying ACL entries.

[0033] 1), the addition of ACL entries

[0034] The appending of the ACL entry refers to adding the ACL entry after all the ACL entries in the ACL chip.

[0035] For example, if an entry with ID f is added to the ACL chip shown in Table 1, the ACL chip will become the situation shown in Table 2. Table 1 and Table 2 are schematic diagrams of an ACL chip exemplarily shown in this application.

[0036] ACL entry ID

[0037] Table 1

[0038] ACL entry ID

[0039] Table 2

[0040] When an ACL entry is added to the ACL chip, the ACL entry management module may automatically configure a priority for the ACL entry to be added based on the priority of the ACL entry already existing in the ACL chip. It should be noted that when an ACL entry is added to the ACL chip, the priorities of other ACL entries in the ACL chip will not be changed.

[0041] 2), ACL entry insertion

[0042]The insertion of the ACL entry refers to adding an ACL entry before any ACL entry in the ACL chip. The ACL entry is added based on the priority of the ACL entry to be added. For example, if the priority of the ACL entry to be added is N, when adding the ACL entry, traverse from the starting position of the ACL chip to find the ACL entry with the priority of N-1, and then add the ACL entry in the ACL entry. Then add the to-be-added ACL entry.

[0043] For example, if an ACL entry whose ACL entry ID is f and priority is 3 is inserted into the ACL chip shown in Table 1, the ACL chip will become the situation shown in Table 3. Table 3 is a schematic diagram of an ACL chip exemplarily shown in this application.

[0044] ACL entry ID

[0045] table 3

[0046] When an ACL entry is inserted into the ACL chip, after the to-be-inserted ACL entry is added to the ACL chip, the ACL entry management module can change the priority of all ACL entries after the inserted ACL entry class.

[0047] 3), delete ACL entry

[0048] The deletion of the ACL entry refers to deleting the existing ACL entry in the ACL chip. When deleting an ACL entry, based on the ID of the ACL entry to be deleted, the ACL chip searches for an ACL entry corresponding to the ID, and then deletes the found ACL entry.

[0049] For example, if the ACL entry whose ACL entry ID is d in the ACL chip shown in Table 1 is deleted, the ACL chip will become the situation shown in Table 4. Table 4 is a schematic table of an ACL chip exemplarily shown in this application.

[0050] ACL entry ID

[0051] Table 4

[0052] After the ACL entry to be deleted is deleted from the ACL chip, if other ACL entries exist after the ACL entry to be deleted, the ACL entry management module can change other ACL entries existing after the ACL entry to be deleted The priority of the ACL entry.

[0053] 4), the movement of ACL entries

[0054] The moving of the ACL entry refers to modifying the priority of the ACL entry that needs to be moved in the ACL chip, and then inserting the ACL entry into the ACL chip. When moving an ACL entry, the ACL entry management module may search for a new addition location of the ACL entry based on the priority of the ACL entry being modified, and then add the ACL entry to the new addition location.

[0055] For example, if the ACL entry whose ACL entry ID is d in the ACL chip shown in Table 1 is moved to before the ACL entry ID is b, the ACL chip will become the situation shown in Table 5. Table 5 is a schematic table of an ACL chip exemplarily shown in this embodiment of the present application.

[0056] ACL entry ID

[0057] table 5

[0058] When the ACL entry in the ACL chip is moved, the ACL entry management module can modify the priority of the ACL entry. After the to-be-moved ACL entry is moved, the ACL entry management module may match the original addition position where the to-be-moved ACL entry is located with the location where the to-be-moved ACL entry is located after the to-be-moved ACL entry is moved. The priority of the ACL entry between the newly added locations is modified.

[0059] 5), ACL entry modification

[0060] The modification of the ACL entry refers to modifying other parameters of the ACL entry in the ACL chip without changing the addition position of the ACL entry that needs to be modified. For example, modify the ID of an ACL entry.

[0061] For example, if the ACL entry whose ID is e in the ACL chip shown in Table 1 is modified to the ACL entry whose ID is f, the ACL chip becomes the situation shown in Table 6. Table 6 is a schematic table of an ACL chip exemplarily shown in this embodiment of the present application.

[0062] ACL entry ID

[0063] Table 6

[0064] When the ACL entry in the ACL chip is modified, the ACL entry management module will not change the addition position of the ACL entry that needs to be modified, in other words, the priority of the ACL entry in the ACL chip will not change Variety.

[0065] However, in the prior art, multiple users may configure ACL entries in the same time period. During the period from the time when the target user starts the ACL entry configuration page and starts configuring ACL entries to the time when the target user sends the configured ACL entries to the network device, there may be other users who have already configured ACL entries in the ACL chip. The configuration of ACL entries is complete. In such a case, when the network device delivers the ACL entry configured by the target user to the ACL chip, the distribution of the ACL entries in the ACL chip has changed, and the ACL entry under the ACL entry has changed. After being sent to the ACL chip, the distribution of the ACL entries in the ACL chip is no longer the distribution expected by the target user. Therefore, the ACL entries in the ACL chip have been chaotic, so that when the ACL chip matches the received packet, the packet may match the wrong ACL entry and be erroneously processed.

[0066] In order to solve the problems in the prior art, the present application proposes a method for configuring an ACL entry, which is applied to a network device, and the network device includes an ACL chip. The method includes: receiving an ACL entry and a page magic word delivered by a target user through a user configuration page; wherein the page magic word is the moment when the target user starts configuring the ACL entry when the user configuration page is activated, and the page magic word is the time when the target user starts to configure the ACL entry. The memory magic word requested from the device by the user configuration page; wherein, the memory magic word is a value saved in the device and used to identify whether the ACL entry in the ACL chip has changed; the memory magic word is stored in the device in the ACL When the configuration of the ACL entry is completed in the chip, it is updated based on the pre-configured update policy; compares whether the magic word of the page is the same as the magic word currently stored in the memory of the device; if they are the same, configure the ACL in the ACL chip table entry.

[0067] Because the memory magic word is stored in the network device, the memory magic word is a value used to identify whether the ACL entry in the ACL chip has changed. Whenever the network device completes the configuration of the ACL entry in the ACL chip, the memory magic word is updated. When the target user starts the user configuration page and starts configuring ACL entries, the user configuration page can request the memory magic word stored by the network device from the network device, and save it on the user configuration page as the page magic word.

[0068] When the target user completes the configuration of the ACL entry, the user configuration page can deliver the configured ACL entry and page magic word to the network device, by comparing the page magic word and the memory magic word currently saved by the network device whether the In the same way, to determine whether there is any Other users have already configured ACL entries in the ACL chip.

[0069] Only when the magic word of the page is the same as the magic word currently stored in the memory of the network device, that is, from the moment when the target user starts the ACL entry configuration page and starts configuring ACL entries, to the time when the target user will configure the completed ACL table During the period when the item is delivered to the network device, only when the target user completes the configuration of the ACL entry, the network device will, based on the operation type corresponding to the ACL entry issued by the target user, in the ACL chip Configure the ACL entry. Therefore, it can be ensured that the distribution of the ACL entries in the ACL chip is the same as the distribution expected by the target user, thereby preventing the packet from being erroneously processed because it matches the wrong ACL entry.

[0070] The technical method proposed in the present application will be described below through specific embodiments and schematic diagrams.

[0071] See figure 1 , figure 1 The flow chart of a method for configuring an ACL entry shown in the embodiment of the present application is applied to a network device. Perform the following steps specifically:

[0072] Step 101: Receive the ACL entry and page magic word delivered by the target user through the user configuration page; wherein, the page magic word is the moment when the target user starts to configure the ACL entry on the user configuration page, and the user configuration The memory magic word requested by the page to the device; wherein, the memory magic word is a value saved in the device and used to identify whether the ACL entry in the ACL chip has changed; the memory magic word is stored in the ACL chip of the device When the configuration of the ACL entry is completed, it is updated based on the preconfigured update policy;

[0073] Step 102: Compare whether the page magic word is the same as the memory magic word currently saved by the device;

[0074] Step 103: If the same, configure the ACL entry in the ACL chip.

[0075] In this application, the device receives the ACL entry and the page magic word issued by the target user, and then the device can compare the page magic word with the memory magic word currently saved by the device to determine the page magic word Whether the word is the same as the magic word currently stored in the memory of the device, if they are the same, configure the ACL entry in the ACL chip according to the operation type of the ACL entry.

[0076] If they are not the same, obtain the target time period corresponding to the time when the target user starts the ACL entry configuration page and starts configuring the ACL entry, to the time when the target user sends the configured ACL entry to the network device, The device saves the operation type of the ACL entry issued by other users, and then compares the operation type corresponding to the ACL entry issued by the target user with the obtained operation type. The ACL entry is configured in the ACL chip.

[0077] If there is a conflict, obtain the changed priority interval recorded by the device within the target time period, and predict that the ACL entry delivered by the target user is further configured in the ACL chip, and the change occurs priority range. Then, it is determined whether there is an intersection between the pre-judged priority interval that has changed and the acquired priority interval that has changed within the target time period. If there is no intersection, the device can configure the ACL entry in the ACL chip. If it exists, the device can send a message that the configuration of the ACL entry fails to the user configuration page of the target user.

[0078] During specific implementation, the technical method provided in this application can be implemented by three modules. The three modules include an ACL entry configuration module, an ACL entry management module, and an ACL entry storage module.

[0079] The ACL entry configuration module is mainly an ACL entry configuration page developed for ACL entry configuration, and is used to input parameters of the ACL entry that need to be configured. The ACL entry configuration page may be a web page or a command line terminal.

[0080]The ACL entry management module is a logic program configured in the CPU of the network device, and is used to receive the ACL entry issued by the ACL entry module and the operation type corresponding to the ACL entry, etc., and issue the ACL entry To the ACL entry storage module.

[0081] The ACL entry storage module is used to store the ACL entry, wherein the ACL entry is stored in the form of a list, and when the ACL function on the network device is implemented by software, the ACL entry is stored in the in system memory. When the ACL function on the network device is implemented by means of hardware, the ACL entry is stored on the ACL chip. Usually, the ACL chip is selected to store ACL entries to save memory. In this application, the storage module of the ACL entry is an ACL chip.

[0082] Wherein, the ACL entry management module and the ACL entry storage module are both in the network device.

[0083] In the embodiment shown in this application, a memory magic word is stored in the network device; wherein, the memory magic word is a numerical value used to identify whether an ACL entry in an ACL chip has changed. Whenever the network device completes the configuration of the ACL entry in the ACL chip, the memory magic word will be updated based on a preconfigured update policy, and the time when the memory magic word is updated will be recorded.

[0084] The update policy can be formulated by the user. For example, whenever the network device completes the configuration of the ACL entry in the ACL chip, the ACL entry in the ACL chip will change, and the network device can change the ACL entry in the ACL chip. The memory magic word is incremented by 1. In this application, the update strategy is not limited.

[0085] When the target user starts the user configuration page and starts configuring the ACL entry, the user configuration page can send a request for obtaining the memory magic word to the ACL entry management module in the network device. After receiving the request, the ACL entry management module can obtain the memory magic word from the local memory, and then send the obtained memory magic word to the user configuration page of the target user.

[0086] When the user configuration page of the target user receives the memory magic word, the user configuration page may save the memory magic word. In this application, the memory magic word stored in the user configuration page is defined as a page magic word. When the user configuration page saves the page magic word, the user configuration page may record the moment when the page magic word is received.

[0087] See figure 2 , figure 2 This is a schematic diagram of the user configuration page shown in the embodiment of the present application.

[0088] In the application, after the page magic word is saved on the user configuration page, the target user can configure the ACL entry on the user configuration page. The operations that the target user can perform on the ACL entry on the user configuration page include: appending an ACL entry, inserting an ACL entry, deleting an ACL entry, moving an ACL entry, and modifying an ACL entry. The target user may input the configured ACL entry ID, priority, operation type, etc. in the user configuration page.

[0089] After the target user completes the configuration of the ACL entry on the user configuration page, the target user can perform the operation of completing the configuration of the ACL entry on the user configuration page (for example, click the Finish or Release button, etc.) to trigger The user configuration page delivers data such as the ACL entry, the page magic word, and the operation type corresponding to the ACL entry configured by the target user to the ACL entry management module.

[0090] In the present application, when the ACL entry management module receives data such as the ACL entry, the page magic word, and the operation type corresponding to the ACL entry issued by the user configuration page of the target user, etc. , the ACL entry management module can locally obtain the memory magic word currently saved by the network device, and then compare the received page magic word issued by the user configuration page with the obtained memory magic word currently saved by the network device. Whether the magic word is the same .

[0091] If the page magic word is the same as the magic word currently stored in the memory of the network device, it means that the target user starts to configure the ACL entry from the moment when the ACL entry configuration page is started, to the time when the target user will complete the configuration of the ACL entry. During the target time period corresponding to the time of delivery to the network device, no other user completes the configuration of the ACL entry in the ACL chip. The ACL entry management module may configure the ACL entry in the ACL chip based on the operation type corresponding to the ACL entry.

[0092] In the present application, after the ACL entry management module is in the ACL chip and configures the received ACL entry based on the operation type corresponding to the ACL entry, the ACL entry management module can The operation type corresponding to the ACL entry is saved, and the time when the ACL entry is configured is recorded.

[0093] Therefore, when the ACL entry management module configures the ACL entry issued by the target user in the ACL chip based on the operation type corresponding to the ACL entry issued by the target user, the ACL table The item management module can record the time when the ACL entry is configured, and save the operation type corresponding to the ACL entry.

[0094] For example, an ACL entry whose ACL entry ID is f and priority is 3 is inserted into the ACL chip shown in Table 1. It is assumed that the ACL entry management module has configured the ACL entry f in the ACL chip. When the time is 10:00, the ACL entry will become as shown in Table 3, and the ACL entry management module can record and save (10:00, insert the ACL entry).

[0095] In the present application, since the ACL entry management module is based on the operation type corresponding to the delivered ACL entry, after the delivered ACL entry is configured in the ACL chip, the ACL entry management The module can determine the ACL entry whose priority has changed in the ACL chip, then record the priority interval of the changed ACL entry, and record the time when the ACL entry is configured.

[0096] Therefore, when the ACL entry management module configures the ACL entry issued by the target user in the ACL chip based on the operation type corresponding to the ACL entry issued by the target user, the ACL table The item management module may record the time when the ACL entry is configured, determine the ACL entry whose priority has changed in the ACL chip, and record the priority interval of the changed ACL entry.

[0097] For example, an ACL entry whose ACL entry ID is f and priority is 3 is inserted into the ACL chip shown in Table 1. It is assumed that the ACL entry management module has configured the ACL entry f in the ACL chip. When the time is 10:00, the ACL entry will become as shown in Table 3. It can be seen from Table 1 and Table 3 that the priority changes in the ACL chip are f, c, d, e , the priority interval of the changed ACL entry is [3, 6]. The ACL entry management module can record and save (10:00, [3, 6]).

[0098] In the embodiment of the present application, if the page magic word is different from the memory magic word currently stored in the network device, the ACL entry management module may obtain the ACL stored in the network device within the target time period The operation type corresponding to the entry. Then, based on the conflict rule of the operation type corresponding to the preconfigured ACL entry, the ACL entry management module may compare the operation type corresponding to the ACL entry delivered by the target user with the acquired target The operation type in the time period is matched.

[0099] The conflict rules of the operation types corresponding to the preconfigured ACL entries are shown in Table 7, and Table 7 is a conflict rule table of the operation types corresponding to the ACL entries shown in the embodiment of the present application.

[0100]

[0101] Table 7

[0102] If the operation type of the ACL entry issued by the target user does not conflict with the obtained operation type within the target time period, the ACL entry management module may be in the ACL chip based on the target user The operation type corresponding to the delivered ACL entry is configured, and the ACL entry delivered by the target user is configured.

[0103] For example, it is assumed that the time when the target user starts the user configuration page and starts configuring ACL entries is 09:59:20, and the ACL entry management module receives the ACL entry issued by the target user at 10:00 :00, during the time period of 09:59:20-10:00:00, (09:59:30, modified) and (09:59:50, added) are saved in the network device, and the target user The corresponding operation type described in the sent ACL entry is insert. The ACL entry management module can obtain the operation types stored in the network device during the time period of 09:59:20-10:00:00, that is, modification and addition, and the ACL entry management module will insert and add Modification and addition are matched. Since insertion, modification and addition do not conflict, the ACL entry management module may configure the ACL entry issued by the target user in the ACL chip.

[0104] In this application, if the operation type of the ACL entry issued by the target user conflicts with the obtained operation type within the target time period, the ACL entry management module may obtain the operation type within the target time period, The changed priority interval saved in the network device. Then, the ACL entry management module can predict that after configuring the ACL entry delivered by the target user in the ACL chip, the corresponding ACL entry whose priority has changed in the ACL chip corresponds to priority range.

[0105] After the ACL entry management module prejudges the priority interval corresponding to the ACL entry whose priority has changed, it can determine the prejudged changed priority interval, and the acquired changed priority interval. Whether there is an intersection between priority intervals.

[0106] If there is no intersection, the ACL entry management module may configure the ACL entry in the ACL chip based on the operation type corresponding to the ACL entry delivered by the target user. If there is an intersection, the ACL entry management module may send a message that the ACL entry configuration fails to the user configuration page of the target user.

[0107] For example, it is assumed that the time when the target user starts the user configuration page and starts configuring ACL entries is 09:59:20, and the ACL entry management module receives the ACL entry issued by the target user at 10:00 :00, in the time period of 09:59:20-10:00:00, (09:59:30, mobile, [3, 6]), (09:59:50, mobile, [11, 15]). When the corresponding operation type of the ACL entry delivered by the target user is insert, and the pre-judged priority interval that changes is [12, 100], because [12, 100] and [11, 15] There is an intersection, therefore, the ACL entry management module may send a message that the ACL entry configuration fails to the user configuration page of the target user. When the corresponding operation type of the ACL entry issued by the target user is insert, and the pre-judged priority interval that changes is [21, 100], because [21, 100] and [3, 6] There is no intersection between [11, 15], so the ACL entry management module can insert the ACL entry into the ACL chip.

[0108]It can be seen from the above technical methods shown in the present application that the present application proposes a method for configuring an ACL entry, which is applied to a network device, and the network device includes an ACL chip. The method includes: receiving an ACL entry and a page magic word delivered by a target user through a user configuration page; wherein the page magic word is the moment when the target user starts configuring the ACL entry when the user configuration page is activated, and the page magic word is the time when the target user starts to configure the ACL entry. The memory magic word requested from the device by the user configuration page; wherein, the memory magic word is a value saved in the device and used to identify whether the ACL entry in the ACL chip has changed; the memory magic word is stored in the device in the ACL When the configuration of the ACL entry is completed in the chip, it is updated based on the pre-configured update policy; compares whether the magic word of the page is the same as the magic word currently stored in the memory of the device; if they are the same, configure the ACL in the ACL chip table entry.

[0109] Because the memory magic word is stored in the network device, the memory magic word is a value used to identify whether the ACL entry in the ACL chip has changed. Whenever the network device completes the configuration of the ACL entry in the ACL chip, the memory magic word is updated. When the target user starts the user configuration page and starts configuring ACL entries, the user configuration page can request the memory magic word stored by the network device from the network device, and save it on the user configuration page as the page magic word.

[0110] When the target user completes the configuration of the ACL entry, the user configuration page can deliver the configured ACL entry and page magic word to the network device, by comparing the page magic word and the memory magic word currently saved by the network device whether the In the same way, to determine whether there is any Other users have already configured ACL entries in the ACL chip.

[0111] Only when the magic word of the page is the same as the magic word currently stored in the memory of the network device, that is, from the moment when the target user starts the ACL entry configuration page and starts configuring ACL entries, to the time when the target user will configure the completed ACL table During the period when the item is delivered to the network device, only when the target user completes the configuration of the ACL entry, the network device will, based on the operation type corresponding to the ACL entry issued by the target user, in the ACL chip Configure the ACL entry. Therefore, it can be ensured that the distribution of the ACL entries in the ACL chip is the same as the distribution expected by the target user, thereby preventing the packet from being erroneously processed because it matches the wrong ACL entry.

[0112] Corresponding to the foregoing embodiment of a method for configuring an ACL entry, the present application further provides an embodiment of an apparatus for configuring an ACL entry.

[0113] The embodiment of the apparatus for configuring an ACL entry of the present application can be applied to a network device. The apparatus embodiment may be implemented by software, or may be implemented by hardware or a combination of software and hardware. Taking software implementation as an example, a device in a logical sense is formed by reading the corresponding computer program instructions in the non-volatile memory into the memory through the processor of the network device where it is located. From the hardware level, such as image 3 As shown, it is a hardware structure diagram of a network device where an apparatus for configuring ACL entries of the present application is located, except that image 3 In addition to the processor, memory, network interface, and non-volatile memory shown, the network device where the apparatus in the embodiment is located usually may also include other hardware according to the actual function of the configuration ACL entry, which will not be repeated here. .

[0114] See Figure 4 , Figure 4 An apparatus for configuring an ACL entry shown in an exemplary embodiment of the present application is applied to a network device, and the apparatus includes: a receiving unit 410 , a comparing unit 420 , and a configuring unit 430 .

[0115] The receiving unit 410 is configured to receive the ACL entry and the page magic word delivered by the target user through the user configuration page; wherein, the page magic word is that the target user starts to configure the ACL entry after starting the user configuration page At the moment, the memory magic word requested by the user configuration page to the device; wherein, the memory magic word is a value saved in the device and used to identify whether the ACL entry in the ACL chip has changed; the memory magic word When the device completes the configuration of the ACL entry in the ACL chip, it updates based on the preconfigured update policy;

[0116] The comparison unit 420 is used to compare whether the page magic word is the same as the memory magic word currently saved by the device;

[0117] The configuration unit 430 is configured to configure the ACL entry in the ACL chip if they are the same.

[0118] In this application, the device also includes:

[0119] The storage unit is configured to record the time of configuring the ACL entry after the device completes the configuration of the received ACL entry in the ACL chip, and save the operation type corresponding to the ACL entry.

[0120] The recording unit is configured to determine the ACL entry whose priority has changed in the ACL chip after the device completes the configuration of the received ACL entry in the ACL chip, and record the changed priority interval.

[0121] The obtaining unit is used to obtain the time when the target user starts configuring the ACL entry from the start of the user configuration page to the ACL table that will be configured if the magic word of the page is different from the magic word currently stored in the memory of the device. The operation type corresponding to the ACL entry delivered by other users stored locally through the user configuration page within the target time period corresponding to the time when the item is delivered to the device;

[0122] a judgment unit, configured to judge whether the obtained operation type conflicts with the operation type corresponding to the ACL entry issued by the target user;

[0123] The configuration unit 430 is further configured to configure the ACL entry in the ACL chip if there is no conflict.

[0124] In the present application, when the obtained operation type conflicts with the operation type corresponding to the ACL entry issued by the target user, the device further includes:

[0125] The obtaining unit is further configured to obtain the changed priority interval of the local record within the target time period if there is a conflict;

[0126] a pre-judgment unit, configured to pre-judg a priority interval that changes in the ACL chip after the ACL entry delivered by the target user is further configured in the ACL chip;

[0127] a determining unit, configured to determine whether there is an intersection between the pre-judged changed priority interval and the acquired changed priority interval within the target time period;

[0128] The configuration unit 430 is further configured to configure the ACL entry in the ACL chip if there is no intersection;

[0129] A sending unit, configured to send a message that the configuration of the ACL entry fails to the user configuration page if there is an intersection.

[0130] For details of the implementation process of the functions and functions of each unit in the above device, please refer to the implementation process of the corresponding steps in the above method, which will not be repeated here.

[0131] For the apparatus embodiments, since they basically correspond to the method embodiments, reference may be made to the partial descriptions of the method embodiments for related parts. The device embodiments described above are only illustrative, wherein the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in One place, or it can be distributed over multiple network elements. Some or all of the modules can be selected according to actual needs to achieve the purpose of the solution of the present application. Those of ordinary skill in the art can understand and implement it without creative effort.

[0132] The above descriptions are only preferred embodiments of the present application, and are not intended to limit the present application. Any modifications, equivalent replacements, improvements, etc. made within the spirit and principles of the present application shall be included in the present application. within the scope of protection.