Unlock instant, AI-driven research and patent intelligence for your innovation.

System and method for accelerating multiple-field classification rule linear search

A linear search and rule technology, applied in transmission systems, electrical components, user identity/authority verification, etc., can solve the problems of complex usage, inapplicability of pre-matching technology, aggravating the burden of pre-matching search, etc., to achieve the effect of search acceleration

Inactive Publication Date: 2007-02-07
NEW H3C TECH CO LTD
View PDF0 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

At the same time, the number of matching fields in the pre-matching records is large, no matter which search method is used to organize these pre-matching records, the pre-matching process will require a lot of extra work
[0012] 2) Not all modules can consider using this method to speed up the lookup of the access control list
For example, in network quality of service (QoS for short) classification, the same ACL may be referenced multiple times in a single direction of a port, and a linear search must be performed in strict order. This type of pre-matching technology cannot be applied
[0013] 3) The access control list supports multi-domain classification, but only a small number of access control list rules use all the classification domains, and the pre-matching method has a waste of performance for the usually used access control list rules with only one or two classification domains
The access control list is referenced by multiple modules as a common module, and the usage is complicated
If similar pre-matching records are also cached in the above way, the amount of matching operation context information that needs to be cached will be large, which will additionally increase the burden of pre-matching lookups

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • System and method for accelerating multiple-field classification rule linear search
  • System and method for accelerating multiple-field classification rule linear search
  • System and method for accelerating multiple-field classification rule linear search

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0052] see image 3 , image 3 It is a schematic structural diagram of a device for accelerating linear search of multi-domain classification rules according to an embodiment of the present invention; as shown in the figure, the device includes: a module for defining flow matching comparison domains, which is used to pre-define flow matching comparison domains as required, wherein the The flow is a message with the same tuple group in the network, and the flow matching comparison field is composed of elements of the flow, and is a subset of the packet matching comparison field of the access control list; the first message module is judged, which is used for According to the elements in the flow matching comparison field extracted from the message, look up the flow matching information record table of the flow where the message is located, and determine whether the flow is the first packet for the access control list according to the flow matching information record; generate a...

Embodiment 2

[0063] see Figure 5 , Figure 5 It is a schematic structural diagram of a multi-field classification rule linear search acceleration device according to an embodiment of the present invention. As shown in the figure, the device includes: a module for defining a flow matching comparison field, which is used to predefine a flow matching comparison field according to needs, wherein the flow is a message with the same tuple in the network, and the flow matching comparison field It is composed of flow elements, and is a subset of the packet matching comparison domain of the access control list; the first packet judgment module is used to find the flow where the packet is located according to the elements in the flow matching comparison domain extracted from the packet A flow matching information record table, and determine whether the flow is the first packet for the access control list according to the flow matching information record; generate a flow matching information record...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a system for accelerating multi-domain classifies standard linear search, and a relative method, wherein said method comprises: based on the stream extracted from the report, matching and comparing the element of domain, searching the stream match information record list of said stream; if there is no matched, from the first rule of multi-domain classify standard linear list, linearly searching said rules, until finding one or reaching the end, to generate the report match result, and recording the multi-domain classify standard linear list number and the stream match rule mark relative to the stream match result in the stream match information record list; or else, searching the linear list from the rule relative to the stream match rule number, until reaching the matched rule or the end of list, to generate the report match result, and output report match result. Therefore, the invention can shorten the search region and accelerate the search speed.

Description

technical field [0001] The invention relates to the technical field of network access control, in particular to a system and method for accelerating linear search of multi-domain classification rules. Background technique [0002] In the network security system, the most important security element is the access control control point at the entrance and exit of the network communication channel. In order to classify or filter packets, network devices need to configure a series of matching rules to identify objects to be filtered. After a specific object is identified, the corresponding message can be allowed or prohibited to pass according to the preset policy. A linear list of multi-domain classification rules is used to implement these functions, and an access control list (Access Control List, ACL for short) is one of the linear lists of multi-domain classification rules. [0003] Access control lists are matching lists applied to router interfaces. These matching lists ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/32H04L29/06
Inventor 常慧锋
Owner NEW H3C TECH CO LTD