Unlock instant, AI-driven research and patent intelligence for your innovation.

A method and device for matching five-tuple rules

A quintuple and rule technology, applied in the field of quintuple rule matching, can solve problems affecting the processing performance of the rule matching process, concurrent resource competition, etc., and achieve the effect of improving table lookup efficiency and performance

Active Publication Date: 2022-07-05
NAT COMP NETWORK & INFORMATION SECURITY MANAGEMENT CENT +2
View PDF20 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] Taking a network data traffic processing application as an example, referring to Table 1, it is required to support at least 12 kinds of flexible quintuple rule templates and their priorities. In practical applications, data packets that hit any rule template may exist, and since only one rule hash table is set, it will cause concurrent resource competition, that is, multiple rule matching processes initiate table lookup operations at the same time, which seriously affects Improves the processing performance of the rule matching process

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and device for matching five-tuple rules
  • A method and device for matching five-tuple rules
  • A method and device for matching five-tuple rules

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0047] Referring to Table 1, after the analysis of the prior art, in order to meet the whole process matching, the table is checked at least 1 time, and the table is checked at most 12 times. In practical applications, data packets that hit any rule template may exist, and due to Setting only one rule Hash table will cause concurrent resource competition, that is, multiple rule matching processes initiate table lookup operations at the same time, which seriously affects the processing performance of the rule matching process.

[0048] Because the flexible quintuple contains 12 rule templates, it is impossible to get a hit every time the table is looked up, so a reasonable arrangement of the table lookup sequence can reduce the frequency of table lookup, that is, by extracting the common part, the minimum number of access rules Hash table. First, classify the rule templates. Referring to the 12 types of rule templates in Table 1, it is not difficult to find that if SIP+DIP, SIP,...

Embodiment 2

[0057] Specifically, the rule activation flag ActiveFlag related to the rule template occupies 1 bit of storage space. This flag is set when the rule entry is created, 1 means active, 0 means inactive, to indicate whether the rule is an independent and real rule. , and only SIP and DIP rules are used. for example,

[0058] 1) When creating a rule of the SIP rule template type, if the rule does not exist, create the rule and set the flag to 1;

[0059] 2) When creating a rule of the SIP rule template type, if the rule exists, update the rule to set the flag to 1;

[0060] 3) When creating a rule of the rule template type including SIP+DIP, if there is no rule of the SIP rule template type, then create a rule of the SIP rule template type and set the flag to 0;

[0061] 4) When creating a rule of the SIP+DIP rule template type, if there is a rule corresponding to the SIP rule template type, update the rule corresponding to the SIP rule template type to set this flag to 1.

[...

Embodiment 3

[0067] Refer to the specific rule matching process figure 1 , 2 ,according to figure 1 The shown rule template type matching process specifically includes:

[0068] Step 3.1, the program starts;

[0069] Step 3.2, data message input;

[0070] Step 3.3, SIP rule table entry search;

[0071] Step 3.4, check whether the quintuple information of the packet matches the SIP rule template type, if so, go to Step 3.5, otherwise go to Step 3.8;

[0072] Step 3.5, record the valid flag of the association rule of the SIP rule template entry after the matching is successful;

[0073] Step 3.6, judge whether the SIP rule entry is activated, if activated, go to step 3.7, otherwise go to step 3.8;

[0074] Step 3.7, record the hit result of the SIP rule entry;

[0075] Step 3.8, DIP rule table entry lookup;

[0076] Step 3.9, check whether the quintuple information of the packet matches the DIP rule template type, if so, go to Step 3.10, otherwise go to Step 3.15;

[0077] Step 3.10...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A method for quintuple rule matching, the quintuple rule template is classified in advance, and an association rule valid flag is set for the classified rule template, the method specifically includes: receiving a data message and extracting quintuple information; According to the extracted quintuple information, the type of the classified rule template is judged in turn, and the rule template matched by the quintuple information is further determined, and the association rule valid flag corresponding to the hit rule template is recorded; The association rule valid flag is used to sequentially search for matching rule entries in the rule Hash table corresponding to the determined rule template type, and output the matching result. In addition, the embodiment of the present invention also provides a rule matching apparatus. With the method, device and chip provided by the embodiments of the present invention, the efficiency of quintuple rule table lookup can be significantly improved, and the problem of rule table resource competition is solved.

Description

technical field [0001] The invention relates to the technical field of communications, in particular to a five-tuple rule matching method. Background technique [0002] In the field of communication technology, a quintuple is a necessary attribute tuple of a data packet in the TCP / IP protocol, including source IP address (SIP), source port (SP), destination IP address (DIP), and destination port (DP) , Protocol type (P) has five elements, and the flexible quintuple rule is source IP address (SIP), source port (SP), destination IP address (DIP), destination port (DP), protocol type (P). Any combination of five elements, where the element combination pattern of the five-tuple is called a rule template. Actions that need to be performed after data packets are matched according to the rule template are called rule actions, and rule actions include but are not limited to forwarding actions (transparent transmission, discarding, redirection, etc.), hit count, and the like. [00...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L45/7453
CPCH04L45/7453
Inventor 党向磊张良胡燕林李佳陈训逊云晓春黄亮刘伟郭三川杨云龙王鼎华戴光耀吴昊李瑞轩郑展伟房超冀晓凯
Owner NAT COMP NETWORK & INFORMATION SECURITY MANAGEMENT CENT