Mask quintuple rule matching method and device thereof

A matching device and quintuple technology, applied in electrical components, digital transmission systems, data exchange networks, etc., can solve the problems of TCAM storage space overhead and weak rule expansion, so as to improve rule capacity and utilization rate , cost-saving effect

Active Publication Date: 2020-11-24
NAT COMP NETWORK & INFORMATION SECURITY MANAGEMENT CENT +2
View PDF11 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] Aiming at the problems in the existing network data flow processing equipment of the mask quintuple rule TCAM storage space overhead, rule expansion is not strong, etc., a method and device for mask quintuple rule matching are proposed

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Mask quintuple rule matching method and device thereof
  • Mask quintuple rule matching method and device thereof
  • Mask quintuple rule matching method and device thereof

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0033] Taking a network data traffic processing device as an example, there are three IPv4 mask quintuple rules, the SIP and DIP address fields are expressed in the form of a suffix mask, and the SP, DP, and P fields are all masked with 0. And the length of the result is a fixed 4 bytes, as shown in Table 1:

[0034] Database User Data SIP=1.1.1.0 / 24, DIP=2.2.2.0 / 24, SP=10000, DP=80, P=6 Result A SIP=1.1.2.0 / 24, DIP=2.2.2.0 / 24, SP=10000, DP=80, P=6 Result B SIP=1.1.3.0 / 24, DIP=2.2.2.0 / 24, SP=10000, DP=80, P=6 Result C

[0035] Table 1

[0036] According to the traditional storage method, 3 rule storage spaces are occupied, and the part that does not care about is represented by X, and the TCAM storage space consumed by the matching part of the 3 mask quintuple rules in Table 1 is 20*3=60 bytes, the result Partially consumed storage space is 4*3=12 bytes, such as figure 1 shown.

[0037] A rule matching method provided in this embodiment ...

Embodiment 2

[0045] In a rule matching method provided by this embodiment, a rule valid flag is introduced into the result part corresponding to each rule, occupying 1 bit storage space, and the flag is set when the mask rule entry is created to indicate whether there is a corresponding The mask quintuple rule.

[0046] The merged rules use the value of the 2-bit merge bit as the offset of the result part to index the result corresponding to each rule, and judge whether the rule exists according to whether the rule valid flag is set in the result. The specific rule matching process is as follows Figure 4 As shown, the specific steps include:

[0047] Step 4.1, the program starts;

[0048] Step 4.2, data message input;

[0049] Step 4.3, extracting the quintuple information according to the data message, and sending it to the TCAM for rule entry search;

[0050] Step 4.4, the merged rule uses the value of the merge bit as the offset of the result part to index the result corresponding t...

Embodiment 3

[0055] A mask quintuple rule matching device applied in a three-state content addressable memory TCAM chip provided by this embodiment specifically includes:

[0056] The rule merging module is used for merging bit feature recognition on the suffix mask in the mask quintuple rule in the Database part, and merging a plurality of mask quintuple rules comprising identified merging bits into one rule;

[0057] The matching result index module is used to jointly store the corresponding matching results of the merged rules in the User Data part corresponding to the merged rules, and assign the above-mentioned merged bits as indexes to the corresponding matching results;

[0058] The matching module is configured to index the final matching result based on the merging bit after the quintuple information of the data packet matches the merging rule.

[0059] In a kind of rule matching device provided by this embodiment, the rule merging module further includes: a merging bit identifica...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a mask quintuple rule matching method, which is applied to a ternary content addressable memory (TCAM) chip, and comprises the following steps: performing merge bit feature recognition on suffix masks in mask quintuple rules in a Database part, and merging a plurality of mask quintuple rules containing recognized merge bits into one rule; jointly storing the matching results corresponding to the plurality of merged rules in the User Data part corresponding to the merged rules, and respectively distributing the merged bits to the corresponding matching results as indexes; and after the quintuple information of the data message is matched with the combined rule, indexing a final matching result based on the combined bit. In addition, the embodiment of the invention further provides a rule matching device. Through the method and the device provided by the embodiment of the invention, the mask quintuple rule capacity which can be stored by TCAM table entry resources can be effectively improved, and the cost is saved while the utilization rate is improved.

Description

technical field [0001] The invention relates to the field of network data processing, in particular to a method for matching mask quintuple rules. Background technique [0002] In the field of communication technology, the access control item of the mask quintuple includes a quintuple field and a mask field. Wherein, five tuples are the necessary attribute tuples of data packets in the TCP / IP protocol, including source IP address (SIP), source port (SP), destination IP address (DIP), destination port (DP), protocol type ( P) There are five elements in total. The mask field is the same length as the quintuple field, and corresponds to each other, and supports arbitrary bit masking. [0003] In the existing network data traffic processing equipment, the mask quintuple function is usually implemented by a three-state content addressable memory TCAM chip. In general memory, each bit can only represent two values: 0 or 1, while each bit of TCAM can represent three values: 0, 1...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/743G06F16/901G06F16/903
CPCG06F16/90339G06F16/901H04L45/74591
Inventor 张良党向磊胡燕林李佳陈训逊云晓春黄亮刘伟郭三川杨云龙王鼎华戴光耀吴昊李瑞轩郑展伟房超冀晓凯
Owner NAT COMP NETWORK & INFORMATION SECURITY MANAGEMENT CENT
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap