Unlock instant, AI-driven research and patent intelligence for your innovation.

Method and device for achieving access control list based on group

An access control list and purpose technology, which is applied in the field of group-based access control lists, can solve the problems of consuming tcam resources and increasing the difficulty of administrator maintenance, and achieve the effect of reducing the difficulty of maintaining ace and improving resource utilization

Inactive Publication Date: 2018-07-06
SUZHOU CENTEC COMM CO LTD
View PDF4 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

There are two problems with this method. On the one hand, it will consume tcam resources quickly, and on the other hand, it will increase the maintenance difficulty of the administrator.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for achieving access control list based on group
  • Method and device for achieving access control list based on group
  • Method and device for achieving access control list based on group

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0025] The technical solutions of the embodiments of the present invention will be clearly and completely described below in conjunction with the accompanying drawings of the present invention.

[0026] The method and device for implementing access control lists based on groups disclosed in the present invention, through multi-level flow table grouping, not only reduces the consumption of ACE entries exponentially, improves the utilization of tcam resources, but also greatly reduces management It is difficult for the staff to maintain ace.

[0027] Combine figure 2 with image 3 As shown, the method for implementing an access control list based on a group disclosed in an embodiment of the present invention includes:

[0028] In the first step, the message is grouped according to the information carried in the header or the information obtained by the chip search, and the ID of the group is used as the matching field in the access control list entry.

[0029] Specifically, there are ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method and a device for achieving an access control list based on a group. The method comprises the following steps of achieving flow grouping by using a flow table existingin a switch chip, grouping to form a source group and a destination group, and taking two group ids as matching fields in an ace in order to achieve acl policy configuration based on grouping. By means of the multi-level flow table grouping, the number of ace entries is reduced exponentially, the resource utilization rate of a tcam is improved, and the difficulty in maintaining the ace by an administrator is greatly reduced.

Description

Technical field [0001] The present invention relates to an access control list technology, in particular to a method and device for implementing an access control list based on a group. Background technique [0002] ACL (Access Control List, access control list) is an access control technology, which defines the access permissions of users (different data). ACL is a collection of allow / deny rules. Parse the information in the second, third, and fourth layer headers, and filter the packets according to the predefined rules (Key), so as to achieve the purpose of access control. Common ACL functions include: providing basic security means for network access; limiting network traffic and improving network performance; ACL statistics, redirection, etc. With the increase of the network scale and the sharp increase of business types, the table items used to realize ACL in the switch are becoming more and more scarce. At the same time, the number of ACE (Access Control Entry, access co...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/101
Inventor 刘庆海李晨龚海东
Owner SUZHOU CENTEC COMM CO LTD