Unlock instant, AI-driven research and patent intelligence for your innovation.

A method and device for mask quintuple rule matching

A matching device and quintuple technology, applied to electrical components, other database retrieval, other database indexes, etc., can solve the problems of TCAM storage space overhead and weak rule expansion, etc., to improve mask quintuple rules capacity, improved utilization, and cost-saving effects

Active Publication Date: 2022-07-22
NAT COMP NETWORK & INFORMATION SECURITY MANAGEMENT CENT +2
View PDF11 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] Aiming at the problems in the existing network data flow processing equipment of the mask quintuple rule TCAM storage space overhead, rule expansion is not strong, etc., a method and device for mask quintuple rule matching are proposed

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and device for mask quintuple rule matching
  • A method and device for mask quintuple rule matching
  • A method and device for mask quintuple rule matching

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0033] Taking a network data traffic processing device as an example, there are 3 IPv4 mask quintuple rules. The SIP and DIP address fields are expressed in the form of suffix masks, and the SP, DP, and P fields are all masked to 0, and they don't care. And the result length is fixed 4 bytes, as shown in Table 1:

[0034] Database User Data

[0035] SIP=1.1.1.0 / 24, DIP=2.2.2.0 / 24, SP=10000, DP=80, P=6 Result A

[0036] SIP=1.1.2.0 / 24, DIP=2.2.2.0 / 24, SP=10000, DP=80, P=6 Result B

[0037] SIP=1.1.3.0 / 24, DIP=2.2.2.0 / 24, SP=10000, DP=80, P=6 Result C

[0038] Table 1

[0039] According to the traditional storage method, the storage space of 3 rules is occupied, and the unconcerned part is represented by X. The TCAM storage space consumed by the matching part of the three mask quintuple rules in Table 1 is 20*3=60 bytes. The result The partially consumed storage space is 4*3=12 bytes, such as figure 1 shown.

[0040] A rule matching method provided by this embodiment inclu...

Embodiment 2

[0048] In the rule matching method provided by this embodiment, a rule valid flag is introduced into the result part corresponding to each rule, occupying 1 bit of storage space, and the flag is set when the mask rule entry is created to indicate whether there is a corresponding The mask quintuple rule for .

[0049] The merged rule uses the value of the 2-bit merge bit as the offset of the result part to index the result corresponding to each rule, and judges whether the rule exists according to whether the rule valid flag in the result is set. The specific rule matching process is as follows Figure 4 As shown, the specific steps include:

[0050] Step 11.1, the program starts;

[0051] Step 11.2, data message input;

[0052] Step 11.3, extract the quintuple information according to the data message, and send it to the TCAM for rule table entry search;

[0053] Step 11.4, the merged rule uses the value of the merged bit as the offset of the result part to index the corres...

Embodiment 3

[0058] A mask quintuple rule matching device applied to a ternary content addressable memory TCAM chip provided by this embodiment specifically includes:

[0059] The rule merging module is used to identify the merging bit feature of the suffix mask in the mask quintuple rule in the Database part, and merge multiple mask quintuple rules including the recognized merging bits into one rule;

[0060] The matching result indexing module is used to jointly store the corresponding matching results of the merged multiple rules in the User Data part corresponding to this merged rule, and assign the above-mentioned merged bits to the corresponding matching results as an index respectively;

[0061] The matching module is used for indexing the final matching result based on the merging bit after the quintuple information of the data packet is matched with the merging rule.

[0062] In the rule matching apparatus provided by this embodiment, the rule merging module further includes: a me...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A method for mask quintuple rule matching, which is applied to a ternary content addressable memory TCAM chip, comprising: performing combined bit feature recognition on a suffix mask in a mask quintuple rule in a Database part, identifying the The multiple mask quintuple rules of the merged bits are merged into one rule; the corresponding matching results of the merged multiple rules are collectively stored in the UserData part corresponding to the merged rule, and the above merged bits are used as The index is respectively assigned to the corresponding matching result; after the quintuple information of the data packet matches the merging rule, the final matching result is indexed based on the merging bit. In addition, the embodiment of the present invention also provides a rule matching apparatus. With the method and device provided by the embodiments of the present invention, the capacity of the mask quintuple rules that can be stored by the TCAM table entry resource can be effectively increased, and the cost can be saved while improving the utilization rate.

Description

technical field [0001] The invention relates to the field of network data processing, in particular to a method for mask quintuple rule matching. Background technique [0002] In the field of communication technology, the access control item of the mask quintuple includes a quintuple field and a mask field. Among them, the quintuple is the necessary attribute tuple of the data packet in the TCP / IP protocol, including source IP address (SIP), source port (SP), destination IP address (DIP), destination port (DP), protocol type ( P) A total of five elements. The mask field has the same length as the quintuple field, and corresponds to each other one-to-one, and supports masking by any bit. [0003] In the existing network data traffic processing equipment, the mask quintuple function is usually implemented by a tri-state content addressable memory TCAM chip. Generally, each bit in the memory can only represent two values: 0 or 1, while each bit in TCAM can represent three va...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L45/745G06F16/901G06F16/903
CPCG06F16/90339G06F16/901H04L45/74591
Inventor 张良党向磊胡燕林李佳陈训逊云晓春黄亮刘伟郭三川杨云龙王鼎华戴光耀吴昊李瑞轩郑展伟房超冀晓凯
Owner NAT COMP NETWORK & INFORMATION SECURITY MANAGEMENT CENT