Multi-domain net packet classifying method based on network flow

Abstract

Present invention relates to network filtering and monitoring technology field. It includes following steps: receiving reached network package, collecting network package head information, statistics and normalization network flow property, computing element obtaining network package classifying structure according to configured rule congregation and network flow statistical property, network package classifying unit obtaining network package head information and classifying network package through sorter data structure obtained by calculating unit, transmitting unit transmitting network package in output queue according to classifying result. Present invention is realized based on microprocessor universal platform or network processing unit special platform, combined network flow dynamic statistics property and rule aggregative static structure property, optimizing network package classification method, raising 80-400 per cent average classifying rate than current both abroad and home same class of method, and reducing memory requirements by 30-600 per cent.

Description

technical field [0001] The invention relates to the technical field of network filtering and monitoring. Background technique [0002] In many policy-based network filtering and monitoring applications such as layer 4 switches, state inspection firewalls, QoS routers, and load balancing, multi-domain network packet classification methods are the key components and core technologies of system performance. Compared with traditional layer-2 switching and layer-3 routing, multi-domain network packet classification not only checks and processes Ethernet and IP headers, but also checks and processes headers of higher-level network protocols such as TCP and UDP. The multi-domain network packet classification problem is an example of the best matching filter rule problem. For the common classification of network packets below the fourth layer, there are 7 domains that can be selected as domains for filtering rules: source / destination network layer address (32 bits each), source / des...

AI Technical Summary

Problems solved by technology

[0004] However, the existing solutions only use the characteristics of the classification rules themselves in the design, and do not take into account the statistical characteristics of network traffic

In the practical application of network packet classification, the following problems usually occur: the vast majority of network packets only match the rules in a certain subset of the rule set, and there are quite a few rules that only match a very small number of network packets

Since the formulation of the rules is often not optimized for a specific network, and it is difficult to get timely updates, a considerable part of the rules in the rule base that usually exists in the network packet classification device can rarely be matched, that is, Some rules rarely participate in the actual network packet classification process when the network is running normally, but the existence of these rules itself greatly increases the complexity of the network packet classification problem

Several existing network packet classification methods fail to take into account the reality related to the statistical characteristics of network traffic, so they cannot solve the problem of network packet classification itself caused by useless rules (rules that rarely match) under specific traffic conditions. The complexity that comes, so that the average transmission rate of the network cannot be further improved

Images