[go: up one dir, main page]

CN111464455A - Message output method and device - Google Patents

Message output method and device Download PDF

Info

Publication number
CN111464455A
CN111464455A CN202010228747.8A CN202010228747A CN111464455A CN 111464455 A CN111464455 A CN 111464455A CN 202010228747 A CN202010228747 A CN 202010228747A CN 111464455 A CN111464455 A CN 111464455A
Authority
CN
China
Prior art keywords
policy
output
message
sampling
identifier
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010228747.8A
Other languages
Chinese (zh)
Other versions
CN111464455B (en
Inventor
张伟
王利阳
邹昕
王晖
李高超
李政
陈训逊
云晓春
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
National Computer Network and Information Security Management Center
Hangzhou DPtech Information Technology Co Ltd
Original Assignee
National Computer Network and Information Security Management Center
Hangzhou DPtech Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by National Computer Network and Information Security Management Center, Hangzhou DPtech Information Technology Co Ltd filed Critical National Computer Network and Information Security Management Center
Priority to CN202010228747.8A priority Critical patent/CN111464455B/en
Publication of CN111464455A publication Critical patent/CN111464455A/en
Application granted granted Critical
Publication of CN111464455B publication Critical patent/CN111464455B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/12Avoiding congestion; Recovering from congestion
    • H04L47/125Avoiding congestion; Recovering from congestion by balancing the load, e.g. traffic engineering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/24Traffic characterised by specific attributes, e.g. priority or QoS

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本申请提供一种报文输出方法及装置,应用于分流网络设备中,所述方法包括:将接收到的报文匹配预设策略集中的每个策略,所述预设策略集中的每个策略包括规则和动作;获取规则被所述报文匹配中且对应的动作为采样输出的至少一个策略的策略标识;根据所述至少一个策略的策略标识对应的采样位图的当前标志位确定是否输出所述报文;若确定输出所述报文,则通过策略标识与输出端口的对应关系中所述至少一个策略的策略标识对应的输出端口输出所述报文。应用本申请的实施例,使得报文输出效果更好,且灵活性较优。

Figure 202010228747

The present application provides a method and device for outputting a packet, which is applied to a distribution network device. The method includes: matching a received packet to each policy in a preset policy set, and each policy in the preset policy set Including rules and actions; acquiring the policy identifier of at least one policy in which the rule is matched by the message and the corresponding action is the sampling output; determining whether to output according to the current flag bit of the sampling bitmap corresponding to the policy identifier of the at least one policy The message; if it is determined to output the message, output the message through the output port corresponding to the policy identifier of the at least one policy in the correspondence between the policy identifier and the output port. By applying the embodiments of the present application, the message output effect is better, and the flexibility is better.

Figure 202010228747

Description

报文输出方法和装置Message output method and device

技术领域technical field

本申请涉及网络通信技术领域,特别设计一种报文输出方法和装置。The present application relates to the technical field of network communication, and particularly designs a message output method and device.

背景技术Background technique

专用网络中的分流网络设备接收到报文后,会首先匹配预设的各个策略,每个策略都包括规则和动作,若该报文匹配中至少一个策略的规则,则会按照至少一个策略的规则对应的动作处理该报文,若对应的动作是输出,则会将该报文输出至对应的业务系统。其中,输出可以包括全流量输出和采样输出两类,全流量输出是需要监控所有的报文,所以需要输出所有的报文;采样输出只需监控部分报文,所以可以按照采样位图进行输出,处理完一个报文,采样位图移动一位,当前标志位为1则输出报文,当前标志位为0则不输出报文。After the distribution network device in the private network receives the packet, it will first match each preset policy, and each policy includes rules and actions. If the packet matches the rules of at least one policy, it will follow at least one policy. The action corresponding to the rule processes the message, and if the corresponding action is output, the message is output to the corresponding service system. Among them, the output can include two types: full flow output and sampling output. Full flow output needs to monitor all packets, so all packets need to be output; sampling output only needs to monitor part of the packets, so it can be output according to the sampling bitmap , after processing a message, the sampling bitmap is shifted by one bit, the current flag bit is 1, the message is output, and the current flag bit is 0, the message is not output.

由于一个业务系统可以设置多个策略,不同的策略又可以对应不同的采样位图,所以,当一个报文命中某个业务系统的多个策略时,只能按照各个策略的优先级从中选取优先级最高的策略对应的采样位图作为全局的采样位图,然后按照全局的采样位图确定是否输出报文,而无法按照各个策略的采样位图确定是否输出报文。因此,上述报文输出方法中,在同一报文匹配上多个策略时无法实现分别按照各个策略对应的采样位图输出报文,采样效果不好,且灵活性较差。Since a service system can set multiple policies, and different policies can correspond to different sampling bitmaps, when a packet hits multiple policies of a service system, the priority can only be selected according to the priority of each policy. The sampling bitmap corresponding to the policy with the highest level is used as the global sampling bitmap, and then whether to output the packet is determined according to the global sampling bitmap, but it cannot be determined whether to output the packet according to the sampling bitmap of each policy. Therefore, in the above packet output method, when the same packet matches multiple policies, the packet cannot be output according to the sampling bitmap corresponding to each policy, the sampling effect is not good, and the flexibility is poor.

发明内容SUMMARY OF THE INVENTION

有鉴于此,本申请提供一种报文输出方法和装置,以解决相关技术中存在的采样效果不好,且灵活性较差的问题。In view of this, the present application provides a message output method and device to solve the problems of poor sampling effect and poor flexibility in the related art.

具体地,本申请是通过如下技术方案实现的:Specifically, the application is achieved through the following technical solutions:

一种报文输出方法,应用于分流网络设备中,所述方法包括:A packet output method, applied to a distribution network device, the method comprising:

将接收到的报文匹配预设策略集中的每个策略,所述预设策略集中的每个策略包括规则和动作;Matching the received message to each policy in a preset policy set, where each policy in the preset policy set includes a rule and an action;

获取规则被所述报文匹配中且对应的动作为采样输出的至少一个策略的策略标识;Obtaining the policy identifier of at least one policy in which the rule is matched by the message and the corresponding action is the sampling output;

根据所述至少一个策略的策略标识对应的采样位图的当前标志位确定是否输出所述报文;Determine whether to output the message according to the current flag bit of the sampling bitmap corresponding to the policy identifier of the at least one policy;

若确定输出所述报文,则通过策略标识与输出端口的对应关系中所述至少一个策略的策略标识对应的输出端口输出所述报文。If it is determined to output the packet, the packet is output through the output port corresponding to the policy identifier of the at least one policy in the correspondence between the policy identifier and the output port.

一种报文输出装置,应用于分流网络设备中,所述装置包括:A message output device, applied to a distribution network device, the device includes:

匹配模块,用于将接收到的报文匹配预设策略集中的每个策略,所述预设策略集中的每个策略包括规则和动作;a matching module, configured to match the received message with each policy in a preset policy set, where each policy in the preset policy set includes rules and actions;

获取模块,用于获取规则被所述报文匹配中且对应的动作为采样输出的至少一个策略的策略标识;an acquisition module, configured to acquire the policy identifier of at least one policy whose rule is matched by the message and whose corresponding action is sampling output;

确定模块,用于根据所述至少一个策略的策略标识对应的采样位图的当前标志位确定是否输出所述报文;A determination module, configured to determine whether to output the message according to the current flag bit of the sampling bitmap corresponding to the policy identifier of the at least one policy;

输出模块,用于若确定输出所述报文,则通过策略标识与输出端口的对应关系中所述至少一个策略的策略标识对应的输出端口输出所述报文。The output module is configured to output the message through the output port corresponding to the policy identifier of the at least one policy in the correspondence between the policy identifier and the output port if it is determined to output the message.

一种电子设备,所述电子设备包括处理器、通信接口、存储器和通信总线,其中,处理器,通信接口,存储器通过通信总线完成相互间的通信;An electronic device, the electronic device includes a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface, and the memory communicate with each other through the communication bus;

存储器,用于存放计算机程序;memory for storing computer programs;

处理器,用于执行存储器上所存储的程序时,实现上述的方法步骤。The processor is configured to implement the above method steps when executing the program stored in the memory.

一种计算机可读存储介质,所述计算机可读存储介质内存储有计算机程序,所述计算机程序被处理器执行时实现上述的方法步骤。A computer-readable storage medium stores a computer program in the computer-readable storage medium, and the computer program implements the above method steps when executed by a processor.

由以上本申请提供的技术方案可见,在同一报文匹配上多个策略时可以实现分别按照各个策略对应的采样位图确定是否输出报文,相对于相关技术,无需按照从中的选取出全局采样位图输入报文,从而使得报文输出效果更好,且灵活性较优。It can be seen from the above technical solutions provided by the present application that when the same message matches multiple policies, it can be determined whether to output the message according to the sampling bitmap corresponding to each policy. Bitmap input message, so that the message output effect is better, and the flexibility is better.

附图说明Description of drawings

图1为本申请示出的一种报文输出方法的流程图;1 is a flowchart of a message output method shown in the application;

图2为本申请示出的一种报文输出装置的结构示意图;2 is a schematic structural diagram of a message output device shown in this application;

图3为本申请示出的一种电子设备的结构示意图。FIG. 3 is a schematic structural diagram of an electronic device shown in this application.

具体实施方式Detailed ways

这里将详细地对示例性实施例进行说明,其示例表示在附图中。下面的描述涉及附图时,除非另有表示,不同附图中的相同数字表示相同或相似的要素。以下示例性实施例中所描述的实施方式并不代表与本申请相一致的所有实施方式。相反,它们仅是与如所附权利要求书中所详述的、本申请的一些方面相一致的装置和方法的例子。Exemplary embodiments will be described in detail herein, examples of which are illustrated in the accompanying drawings. When the following description refers to the drawings, the same numerals in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the illustrative examples below are not intended to represent all implementations consistent with this application. Rather, they are merely examples of apparatus and methods consistent with some aspects of the present application as recited in the appended claims.

在本申请使用的术语是仅仅出于描述特定实施例的目的,而非旨在限制本申请。在本申请和所附权利要求书中所使用的单数形式的“一种”、“”和“该”也旨在包括多数形式,除非上下文清楚地表示其他含义。还应当理解,本文中使用的术语“和/或”是指并包含一个或多个相关联的列出项目的任何或所有可能组合。The terminology used in this application is for the purpose of describing particular embodiments only and is not intended to limit the application. As used in this application and the appended claims, the singular forms "a," "" and "the" are intended to include the plural forms as well, unless the context clearly dictates otherwise. It will also be understood that the term "and/or" as used herein refers to and includes any and all possible combinations of one or more of the associated listed items.

应当理解,尽管在本申请可能采用术语第一、第二、第三等来描述各种信息,但这些信息不应限于这些术语。这些术语仅用来将同一类型的信息彼此区分开。例如,在不脱离本申请范围的情况下,第一信息也可以被称为第二信息,类似地,第二信息也可以被称为第一信息。取决于语境,如在此所使用的词语“如果”可以被解释成为“在……时”或“当……时”或“响应于确定”。It should be understood that although the terms first, second, third, etc. may be used in this application to describe various information, such information should not be limited by these terms. These terms are only used to distinguish the same type of information from each other. For example, the first information may also be referred to as the second information, and similarly, the second information may also be referred to as the first information without departing from the scope of the present application. Depending on the context, the word "if" as used herein can be interpreted as "at the time of" or "when" or "in response to determining."

为了解决上述问题,本发明实施例提供了一种报文输出方法,以使得报文输出效果更好,且灵活性较优。请参见图1,图1为本申请示出的一种报文输出方法的流程图,应用于分流网络设备中。In order to solve the above problem, the embodiment of the present invention provides a message output method, so that the message output effect is better and the flexibility is better. Please refer to FIG. 1. FIG. 1 is a flowchart of a packet output method shown in the present application, which is applied to a traffic distribution network device.

S11:将接收到的报文匹配预设策略集中的每个策略。S11: Match the received message to each policy in the preset policy set.

分流网络设备接收到报文后,通常首先判断报文的类型,当前常用的报文类型为eth报文、pos报文、lldp报文等等,同时获取报文的五元组信息,然后使用报文的五元组信息去匹配预设策略集中的每个策略。其中,报文的五元组信息包括源互联网协议(InternetProtocol,IP)地址、目的IP地址、源端口、目的端口和协议。After the distribution network device receives a packet, it usually first determines the type of the packet. Currently, the commonly used packet types are eth packet, pos packet, lldp packet, etc. At the same time, it obtains the quintuple information of the packet, and then uses The quintuple information of the packet matches each policy in the preset policy set. The quintuple information of the packet includes a source Internet Protocol (Internet Protocol, IP) address, a destination IP address, a source port, a destination port, and a protocol.

S12:获取规则被报文匹配中且对应的动作为采样输出的至少一个策略的策略标识。S12: Obtain a policy identifier of at least one policy whose rules are matched by the packet and whose corresponding action is sampling output.

其中,预设策略集中的每个策略包括规则和动作,也就是说,报文只有命中规则之后,才会有相应的动作。本申请中关心的是动作为采样输出,因此,可以获取规则被报文匹配中且对应的动作为采样输出的至少一个策略,可以预先为每个策略分配一个策略标识,因此,可以进一步获取至少一个策略的策略标识。Wherein, each policy in the preset policy set includes a rule and an action, that is, only after the packet hits the rule, will a corresponding action be taken. What is concerned in this application is that the action is the sampling output. Therefore, at least one policy whose rules are matched by the packet and the corresponding action is the sampling output can be obtained, and a policy identifier can be assigned to each policy in advance. The policy ID of a policy.

其中,策略标识可以根据实际需要进行设定。The policy identifier can be set according to actual needs.

S13:根据至少一个策略的策略标识对应的采样位图的当前标志位确定是否输出报文。S13: Determine whether to output the message according to the current flag bit of the sampling bitmap corresponding to the policy identifier of at least one policy.

采样位图可以但不限于配置为128bit的采样位图,接收到的所有报文,应按照采样位图中的当前标志位确定是否输出。The sampling bitmap can be configured as, but not limited to, a 128-bit sampling bitmap. All received messages should be output according to the current flag bit in the sampling bitmap.

S14:若确定输出报文,则通过策略标识与输出端口的对应关系中至少一个策略的策略标识对应的输出端口输出报文。S14: If the output message is determined, output the message through the output port corresponding to the policy ID of at least one policy in the correspondence between the policy ID and the output port.

还可以预先设置策略标识与输出端口的对应关系,也就是可以预先绑定每个策略标识对应的输出端口,在确定输出该报文后,可以根据策略标识与输出端口的对应关系中至少一个策略的策略标识对应的输出端口输出报文。The corresponding relationship between the policy identifier and the output port can also be preset, that is, the output port corresponding to each policy identifier can be pre-bound, and after the packet is determined to be output, at least one policy in the corresponding relationship between the policy identifier and the output port can be used. The policy identifies the corresponding output port to output packets.

由以上本申请提供的技术方案可见,在同一报文匹配上多个策略时可以实现分别按照各个策略对应的采样位图确定是否输出报文,相对于相关技术,无需按照从中的选取出全局采样位图输入报文,从而使得报文输出效果更好,且灵活性较优。It can be seen from the above technical solutions provided by the present application that when the same message matches multiple policies, it can be determined whether to output the message according to the sampling bitmap corresponding to each policy. Bitmap input message, so that the message output effect is better, and the flexibility is better.

一种具体的实施方式,上述S13中的根据至少一个策略的策略标识对应的采样位图的当前标志位确定是否输出报文,实现过程具体包括:A specific implementation manner, in the above S13, according to the current flag bit of the sampling bitmap corresponding to the policy identifier of at least one policy, whether to output the message is determined, and the implementation process specifically includes:

分别从预设存储空间读取至少一个策略的策略标识对应的采样位图;Read the sampling bitmap corresponding to the policy identifier of at least one policy from the preset storage space respectively;

获取至少一个策略的策略标识对应的采样位图的当前标志位;Obtain the current flag bit of the sampling bitmap corresponding to the policy identifier of at least one policy;

确定当前标志位是否是设定值;Determine whether the current flag bit is the set value;

若确定当前标志位是设定值,则确定输出报文;若确定当前标志位不是设定值,则确定不输出报文。If it is determined that the current flag bit is the set value, it is determined to output the message; if it is determined that the current flag bit is not the set value, it is determined not to output the message.

可以将采样位图保存在预设存储空间中,预设存储空间可以但不限于为随机存取存储器(Random Access Memory,RAM),可以将每个预设存储空间的每个存储单元的地址作为策略对应的采样位图的策略标识,当前,策略标识最多可设置256个,需要单独存储,单独计数,如果使用256个移位寄存器,将占用大量逻辑资源,所以使用256X128的RAM来实现,节省资源。后续会将报文输出到对应的业务系统,假设,当前一共有8个业务系统,一个报文最多可命中8个业务系统,当8个业务系统都命中时,如果一个业务系统串行读取RAM,则在此期间,不能进行其它操作,只能等待数据返回,这样将严重影响性能;如果同时设置8个RAM,可满足性能要求,但是同样会占用大量资源。所以综合考虑,可以设置4个双口RAM,两个业务系统同时使用一个RAM进行读写,既满足性能要求,也降低资源使用。The sampling bitmap can be saved in a preset storage space, and the preset storage space can be but not limited to a random access memory (Random Access Memory, RAM), and the address of each storage unit of each preset storage space can be used as The strategy ID of the sampling bitmap corresponding to the strategy. Currently, the maximum number of strategy IDs can be set to 256, which need to be stored and counted separately. If 256 shift registers are used, it will take up a lot of logic resources, so use 256X128 RAM to realize, saving resource. The message will be output to the corresponding business system later. Suppose, there are currently 8 business systems, and a message can hit 8 business systems at most. When all 8 business systems are hit, if one business system reads serially RAM, during this period, no other operations can be performed, and you can only wait for the data to return, which will seriously affect the performance; if you set 8 RAMs at the same time, the performance requirements can be met, but it will also take up a lot of resources. Therefore, considering all aspects, four dual-port RAMs can be set up, and two business systems use one RAM for reading and writing at the same time, which not only meets the performance requirements, but also reduces resource usage.

根据至少一个策略的策略标识对应的采样位图的当前标志位确定是否输出报文时,可以获取策略标识作为地址的存储单元保存的采样位图,然后根据采样位图的当前标志位确定是否输出该报文,通常采样位图的标志位可以但不限于设置为0或1,此时,只有标志位为1的位置才会输出报文。When determining whether to output a message according to the current flag bit of the sampling bitmap corresponding to the policy ID of at least one policy, the sampling bitmap stored in the storage unit with the policy ID as the address can be obtained, and then determining whether to output the message according to the current flag bit of the sampling bitmap In this packet, the flag bit of the sampling bitmap can be, but not limited to, be set to 0 or 1. In this case, only the position where the flag bit is 1 will output the packet.

举例说明:采样位图为128bit,若采样位图为0x8000...00,则每接收128个报文,则仅输出第一个报文;若采样位图为0xa00...00,则每接收128个报文,就仅输出第一个和第三个报文。For example: the sampling bitmap is 128bit, if the sampling bitmap is 0x8000...00, every time 128 packets are received, only the first packet is output; if the sampling bitmap is 0xa00...00, every When 128 messages are received, only the first and third messages are output.

一种具体的实施方式,上述S14中的通过策略标识与输出端口的对应关系中至少一个策略的策略标识对应的输出端口输出报文,实现过程具体包括:A specific implementation manner, in the above-mentioned S14, the output port outputting the message through the output port corresponding to the policy identifier of at least one policy in the corresponding relationship between the policy identifier and the output port, the implementation process specifically includes:

获取策略标识与输出端口的对应关系;Obtain the correspondence between the policy identifier and the output port;

从对应关系中查找至少一个策略的策略标识对应的输出端口;Find the output port corresponding to the policy identifier of at least one policy from the corresponding relationship;

通过查找到的输出端口输出报文。The packet is output through the found output port.

可以预先将策略标识与输出端口进行绑定,记录在策略标识与输出端口的对应关系中,后续可以通过策略标识与输出端口的对应关系中至少一个策略的策略标识对应的输出端口输出报文,从而可以更好地实现各个输出端口的负载均衡。The policy identifier and the output port can be bound in advance, and recorded in the corresponding relationship between the policy identifier and the output port, and then the message can be output through the output port corresponding to the policy identifier of at least one policy in the corresponding relationship between the policy identifier and the output port, Thereby, the load balancing of each output port can be better realized.

一种可选的实施方式,将至少一个策略的策略标识对应的采样位图的当前标志位确定是否输出报文之后,上述方法还包括:In an optional implementation manner, after determining whether to output a message from the current flag bit of the sampling bitmap corresponding to the policy identifier of at least one policy, the above method further includes:

将至少一个策略的策略标识对应的采样位图按照设定规则移位。The sampling bitmap corresponding to the policy identifier of at least one policy is shifted according to the set rule.

将至少一个策略的策略标识对应的采样位图的当前标志位确定是否输出报文之后,还需要更新采样位图,为接收的下一个报文做准备。其中,可以根据实际需要设置设定规则,例如,可以但不限于设置为向左移一位或者向右移一位。After the current flag bit of the sampling bitmap corresponding to the policy identifier of at least one policy is determined whether to output the packet, the sampling bitmap needs to be updated to prepare for the next packet received. The setting rules can be set according to actual needs, for example, but not limited to, it can be set to move one position to the left or one position to the right.

请参见图2,图2为本申请示出的一种报文输出装置的结构示意图,应用于分流网络设备中,该装置包括:Please refer to FIG. 2. FIG. 2 is a schematic structural diagram of a packet output device shown in the present application, which is applied to a distribution network device, and the device includes:

匹配模块21,用于将接收到的报文匹配预设策略集中的每个策略,预设策略集中的每个策略包括规则和动作;The matching module 21 is used to match the received message with each policy in the preset policy set, and each policy in the preset policy set includes rules and actions;

获取模块22,用于获取规则被报文匹配中且对应的动作为采样输出的至少一个策略的策略标识;The acquisition module 22 is used to acquire the policy identifier of at least one policy whose rule is matched by the message and the corresponding action is the sampling output;

确定模块23,用于根据至少一个策略的策略标识对应的采样位图的当前标志位确定是否输出报文;Determining module 23, for determining whether to output a message according to the current flag bit of the sampling bitmap corresponding to the policy identification of at least one policy;

输出模块24,用于若确定输出报文,则通过策略标识与输出端口的对应关系中至少一个策略的策略标识对应的输出端口输出报文。The output module 24 is configured to output the packet through the output port corresponding to the policy identifier of at least one policy in the corresponding relationship between the policy identifier and the output port, if the output packet is determined.

由以上本申请提供的技术方案可见,在同一报文匹配上多个策略时可以实现分别按照各个策略对应的采样位图确定是否输出报文,相对于相关技术,无需按照从中的选取出全局采样位图输入报文,从而使得报文输出效果更好,且灵活性较优。It can be seen from the above technical solutions provided by the present application that when the same message matches multiple policies, it can be determined whether to output the message according to the sampling bitmap corresponding to each policy. Bitmap input message, so that the message output effect is better, and the flexibility is better.

一种具体的实施方式,上述确定模块23,用于根据至少一个策略的策略标识对应的采样位图的当前标志位确定是否输出报文,具体用于:A specific implementation manner, the above-mentioned determination module 23 is used to determine whether to output a message according to the current flag bit of the sampling bitmap corresponding to the policy identifier of at least one policy, and is specifically used for:

分别从预设存储空间读取至少一个策略的策略标识对应的采样位图;Read the sampling bitmap corresponding to the policy identifier of at least one policy from the preset storage space respectively;

获取至少一个策略的策略标识对应的采样位图的当前标志位;Obtain the current flag bit of the sampling bitmap corresponding to the policy identifier of at least one policy;

确定当前标志位是否是设定值;Determine whether the current flag bit is the set value;

若确定当前标志位是设定值,则确定输出报文;若确定当前标志位不是设定值,则确定不输出报文。If it is determined that the current flag bit is the set value, it is determined to output the message; if it is determined that the current flag bit is not the set value, it is determined not to output the message.

一种具体的实施方式,上述输出模块24,用于通过策略标识与输出端口的对应关系中至少一个策略的策略标识对应的输出端口输出报文,具体用于:A specific implementation manner, the above-mentioned output module 24 is used to output the message through the output port corresponding to the policy identifier of at least one policy in the corresponding relationship between the policy identifier and the output port, and is specifically used for:

获取策略标识与输出端口的对应关系;Obtain the correspondence between the policy identifier and the output port;

从对应关系中查找至少一个策略的策略标识对应的输出端口;Find the output port corresponding to the policy identifier of at least one policy from the corresponding relationship;

通过查找到的输出端口输出报文。The packet is output through the found output port.

一种可选的实施方式,上述输出模块24,还用于:An optional implementation manner, the above-mentioned output module 24 is also used for:

将至少一个策略的策略标识对应的采样位图的当前标志位确定是否输出报文之后,将至少一个策略的策略标识对应的采样位图按照设定规则移位。After determining whether to output a message from the current flag bit of the sampling bitmap corresponding to the policy identifier of the at least one policy, the sampling bitmap corresponding to the policy identifier of the at least one policy is shifted according to the set rule.

对于装置实施例而言,由于其基本对应于方法实施例,所以相关之处参见方法实施例的部分说明即可。以上所描述的装置实施例仅仅是示意性的,其中所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部模块来实现本申请方案的目的。本领域普通技术人员在不付出创造性劳动的情况下,即可以理解并实施。As for the apparatus embodiments, since they basically correspond to the method embodiments, reference may be made to the partial descriptions of the method embodiments for related parts. The device embodiments described above are only illustrative, wherein the units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in One place, or it can be distributed over multiple network elements. Some or all of the modules can be selected according to actual needs to achieve the purpose of the solution of the present application. Those of ordinary skill in the art can understand and implement it without creative effort.

本申请实施例还提供了一种电子设备,请参见图3所示,包括处理器310、通信接口320、存储器330和通信总线340,其中,处理器310,通信接口320,存储器330通过通信总线340完成相互间的通信。An embodiment of the present application further provides an electronic device, as shown in FIG. 3 , including a processor 310, a communication interface 320, a memory 330, and a communication bus 340, wherein the processor 310, the communication interface 320, and the memory 330 pass through the communication bus 340 completes the mutual communication.

存储器330,用于存放计算机程序;a memory 330 for storing computer programs;

处理器310,用于执行存储器330上所存放的程序时,实现上述实施例中任一所述的报文输出方法。The processor 310 is configured to implement the message output method described in any one of the foregoing embodiments when executing the program stored in the memory 330 .

通信接口320用于上述电子设备与其他设备之间的通信。The communication interface 320 is used for communication between the above electronic device and other devices.

存储器可以包括随机存取存储器(Random Access Memory,RAM),也可以包括非易失性存储器(Non-Volatile Memory,NVM),例如至少一个磁盘存储器。可选的,存储器还可以是至少一个位于远离前述处理器的存储装置。The memory may include random access memory (Random Access Memory, RAM), and may also include non-volatile memory (Non-Volatile Memory, NVM), such as at least one disk memory. Optionally, the memory may also be at least one storage device located away from the aforementioned processor.

上述的处理器可以是通用处理器,包括中央处理器(Central Processing Unit,CPU)、网络处理器(Network Processor,NP)等;还可以是数字信号处理器(Digital SignalProcessing,DSP)、专用集成电路(Application Specific Integrated Circuit,ASIC)、现场可编程门阵列(Field-Programmable Gate Array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件。The above-mentioned processor may be a general-purpose processor, including a central processing unit (Central Processing Unit, CPU), a network processor (Network Processor, NP), etc.; may also be a digital signal processor (Digital Signal Processing, DSP), an application-specific integrated circuit (Application Specific Integrated Circuit, ASIC), Field-Programmable Gate Array (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components.

由以上本申请提供的技术方案可见,在同一报文匹配上多个策略时可以实现分别按照各个策略对应的采样位图确定是否输出报文,相对于相关技术,无需按照从中的选取出全局采样位图输入报文,从而使得报文输出效果更好,且灵活性较优。It can be seen from the above technical solutions provided by the present application that when the same message matches multiple policies, it can be determined whether to output the message according to the sampling bitmap corresponding to each policy. Bitmap input message, so that the message output effect is better, and the flexibility is better.

相应地,本申请实施例还提供一种计算机可读存储介质,该计算机可读存储介质中存储有指令,当其在计算机上运行时,使得计算机执行上述实施例中任一所述的报文输出方法。Correspondingly, the embodiments of the present application further provide a computer-readable storage medium, where instructions are stored in the computer-readable storage medium, and when the computer-readable storage medium runs on a computer, the computer executes the message described in any one of the foregoing embodiments. output method.

由以上本申请提供的技术方案可见,在同一报文匹配上多个策略时可以实现分别按照各个策略对应的采样位图确定是否输出报文,相对于相关技术,无需按照从中的选取出全局采样位图输入报文,从而使得报文输出效果更好,且灵活性较优。It can be seen from the above technical solutions provided by the present application that when the same message matches multiple policies, it can be determined whether to output the message according to the sampling bitmap corresponding to each policy. Bitmap input message, so that the message output effect is better, and the flexibility is better.

以上所述仅为本申请的较佳实施例而已,并不用以限制本申请,凡在本申请的精神和原则之内,所做的任何修改、等同替换、改进等,均应包含在本申请保护的范围之内。The above descriptions are only preferred embodiments of the present application, and are not intended to limit the present application. Any modifications, equivalent replacements, improvements, etc. made within the spirit and principles of the present application shall be included in the present application. within the scope of protection.

Claims (10)

1.一种报文输出方法,应用于分流网络设备中,其特征在于,所述方法包括:1. a message output method, applied in the distribution network equipment, it is characterised in that the method comprises: 将接收到的报文匹配预设策略集中的每个策略,所述预设策略集中的每个策略包括规则和动作;Matching the received message to each policy in a preset policy set, where each policy in the preset policy set includes a rule and an action; 获取规则被所述报文匹配中且对应的动作为采样输出的至少一个策略的策略标识;Obtaining the policy identifier of at least one policy in which the rule is matched by the message and the corresponding action is the sampling output; 根据所述至少一个策略的策略标识对应的采样位图的当前标志位确定是否输出所述报文;Determine whether to output the message according to the current flag bit of the sampling bitmap corresponding to the policy identifier of the at least one policy; 若确定输出所述报文,则通过策略标识与输出端口的对应关系中所述至少一个策略的策略标识对应的输出端口输出所述报文。If it is determined to output the packet, the packet is output through the output port corresponding to the policy identifier of the at least one policy in the correspondence between the policy identifier and the output port. 2.根据权利要求1所述的方法,其特征在于,根据所述至少一个策略的策略标识对应的采样位图的当前标志位确定是否输出所述报文,具体包括:2. The method according to claim 1, wherein determining whether to output the message according to the current flag bit of the sampling bitmap corresponding to the policy identifier of the at least one policy, specifically comprising: 分别从预设存储空间读取所述至少一个策略的策略标识对应的采样位图;respectively reading the sampling bitmap corresponding to the policy identifier of the at least one policy from the preset storage space; 获取所述至少一个策略的策略标识对应的采样位图的当前标志位;Obtain the current flag bit of the sampling bitmap corresponding to the policy identifier of the at least one policy; 确定所述当前标志位是否是设定值;determine whether the current flag bit is a set value; 若确定所述当前标志位是所述设定值,则确定输出所述报文;若确定所述当前标志位不是所述设定值,则确定不输出所述报文。If it is determined that the current flag bit is the set value, it is determined to output the message; if it is determined that the current flag bit is not the set value, it is determined not to output the message. 3.根据权利要求1所述的方法,其特征在于,通过策略标识与输出端口的对应关系中所述至少一个策略的策略标识对应的输出端口输出所述报文,具体包括:3. The method according to claim 1, wherein the message is output through the output port corresponding to the policy identifier of the at least one policy in the correspondence between the policy identifier and the output port, specifically comprising: 获取策略标识与输出端口的对应关系;Obtain the correspondence between the policy identifier and the output port; 从所述对应关系中查找所述至少一个策略的策略标识对应的输出端口;Find the output port corresponding to the policy identifier of the at least one policy from the corresponding relationship; 通过查找到的输出端口输出所述报文。The message is output through the found output port. 4.根据权利要求1-3任一所述的方法,其特征在于,将所述至少一个策略的策略标识对应的采样位图的当前标志位确定是否输出所述报文之后,所述方法还包括:4. The method according to any one of claims 1-3, wherein after determining whether to output the message from the current flag bit of the sampling bitmap corresponding to the policy identifier of the at least one policy, the method further comprises: include: 将所述至少一个策略的策略标识对应的采样位图按照设定规则移位。The sampling bitmap corresponding to the policy identifier of the at least one policy is shifted according to the set rule. 5.一种报文输出装置,应用于分流网络设备中,其特征在于,所述装置包括:5. A device for outputting a message, applied in a distribution network device, wherein the device comprises: 匹配模块,用于将接收到的报文匹配预设策略集中的每个策略,所述预设策略集中的每个策略包括规则和动作;a matching module, configured to match the received message with each policy in a preset policy set, where each policy in the preset policy set includes rules and actions; 获取模块,用于获取规则被所述报文匹配中且对应的动作为采样输出的至少一个策略的策略标识;an acquisition module, configured to acquire the policy identifier of at least one policy whose rule is matched by the message and whose corresponding action is sampling output; 确定模块,用于根据所述至少一个策略的策略标识对应的采样位图的当前标志位确定是否输出所述报文;A determination module, configured to determine whether to output the message according to the current flag bit of the sampling bitmap corresponding to the policy identifier of the at least one policy; 输出模块,用于若确定输出所述报文,则通过策略标识与输出端口的对应关系中所述至少一个策略的策略标识对应的输出端口输出所述报文。The output module is configured to output the message through the output port corresponding to the policy identifier of the at least one policy in the correspondence between the policy identifier and the output port if it is determined to output the message. 6.根据权利要求5所述的装置,其特征在于,所述确定模块,用于根据所述至少一个策略的策略标识对应的采样位图的当前标志位确定是否输出所述报文,具体用于:6. The apparatus according to claim 5, wherein the determining module is configured to determine whether to output the message according to the current flag bit of the sampling bitmap corresponding to the policy identifier of the at least one policy, specifically using At: 分别从预设存储空间读取所述至少一个策略的策略标识对应的采样位图;respectively reading the sampling bitmap corresponding to the policy identifier of the at least one policy from the preset storage space; 获取所述至少一个策略的策略标识对应的采样位图的当前标志位;Obtain the current flag bit of the sampling bitmap corresponding to the policy identifier of the at least one policy; 确定所述当前标志位是否是设定值;determine whether the current flag bit is a set value; 若确定所述当前标志位是所述设定值,则确定输出所述报文;若确定所述当前标志位不是所述设定值,则确定不输出所述报文。If it is determined that the current flag bit is the set value, it is determined to output the message; if it is determined that the current flag bit is not the set value, it is determined not to output the message. 7.根据权利要求5所述的装置,其特征在于,所述输出模块,用于通过策略标识与输出端口的对应关系中所述至少一个策略的策略标识对应的输出端口输出所述报文,具体用于:7. The apparatus according to claim 5, wherein the output module is configured to output the message through the output port corresponding to the policy identifier of the at least one policy in the correspondence between the policy identifier and the output port, Specifically for: 获取策略标识与输出端口的对应关系;Obtain the correspondence between the policy identifier and the output port; 从所述对应关系中查找所述至少一个策略的策略标识对应的输出端口;Find the output port corresponding to the policy identifier of the at least one policy from the corresponding relationship; 通过查找到的输出端口输出所述报文。The message is output through the found output port. 8.根据权利要求5-7任一所述的装置,其特征在于,所述输出模块,还用于:8. The device according to any one of claims 5-7, wherein the output module is further configured to: 将所述至少一个策略的策略标识对应的采样位图的当前标志位确定是否输出所述报文之后,将所述至少一个策略的策略标识对应的采样位图按照设定规则移位。After the current flag bit of the sampling bitmap corresponding to the policy identifier of the at least one policy is determined whether to output the message, the sampling bitmap corresponding to the policy identifier of the at least one policy is shifted according to a set rule. 9.一种电子设备,其特征在于,所述电子设备包括处理器、通信接口、存储器和通信总线,其中,处理器,通信接口,存储器通过通信总线完成相互间的通信;9. An electronic device, characterized in that the electronic device comprises a processor, a communication interface, a memory, and a communication bus, wherein the processor, the communication interface, and the memory communicate with each other through the communication bus; 存储器,用于存放计算机程序;memory for storing computer programs; 处理器,用于执行存储器上所存储的程序时,实现权利要求1-4任一所述的方法步骤。The processor is configured to implement the method steps of any one of claims 1-4 when executing the program stored in the memory. 10.一种计算机可读存储介质,其特征在于,所述计算机可读存储介质内存储有计算机程序,所述计算机程序被处理器执行时实现权利要求1-4任一所述的方法步骤。10. A computer-readable storage medium, wherein a computer program is stored in the computer-readable storage medium, and when the computer program is executed by a processor, the method steps of any one of claims 1-4 are implemented.
CN202010228747.8A 2020-03-27 2020-03-27 Message output method and device Active CN111464455B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010228747.8A CN111464455B (en) 2020-03-27 2020-03-27 Message output method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010228747.8A CN111464455B (en) 2020-03-27 2020-03-27 Message output method and device

Publications (2)

Publication Number Publication Date
CN111464455A true CN111464455A (en) 2020-07-28
CN111464455B CN111464455B (en) 2022-11-25

Family

ID=71680237

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010228747.8A Active CN111464455B (en) 2020-03-27 2020-03-27 Message output method and device

Country Status (1)

Country Link
CN (1) CN111464455B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113761300A (en) * 2021-08-23 2021-12-07 杭州安恒信息技术股份有限公司 Message sampling method, device, equipment and medium based on bitmap calculation

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102571563A (en) * 2011-12-19 2012-07-11 曙光信息产业(北京)有限公司 Port bitmap-based hardware message sampling system and method for same
US20180069789A1 (en) * 2015-05-15 2018-03-08 Huawei Technologies Co., Ltd. Data Packet Forwarding Method and Network Device
CN109039914A (en) * 2018-08-23 2018-12-18 迈普通信技术股份有限公司 Message processing method, device and electronic equipment
CN109981409A (en) * 2019-03-26 2019-07-05 新华三技术有限公司 Message forwarding method, device and forwarding device
CN110650023A (en) * 2018-06-26 2020-01-03 中国移动通信有限公司研究院 Policy rule processing method and device, functional network element and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102571563A (en) * 2011-12-19 2012-07-11 曙光信息产业(北京)有限公司 Port bitmap-based hardware message sampling system and method for same
US20180069789A1 (en) * 2015-05-15 2018-03-08 Huawei Technologies Co., Ltd. Data Packet Forwarding Method and Network Device
CN110650023A (en) * 2018-06-26 2020-01-03 中国移动通信有限公司研究院 Policy rule processing method and device, functional network element and storage medium
CN109039914A (en) * 2018-08-23 2018-12-18 迈普通信技术股份有限公司 Message processing method, device and electronic equipment
CN109981409A (en) * 2019-03-26 2019-07-05 新华三技术有限公司 Message forwarding method, device and forwarding device

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113761300A (en) * 2021-08-23 2021-12-07 杭州安恒信息技术股份有限公司 Message sampling method, device, equipment and medium based on bitmap calculation

Also Published As

Publication number Publication date
CN111464455B (en) 2022-11-25

Similar Documents

Publication Publication Date Title
US9124540B2 (en) Caching of look-up rules based on flow heuristics to enable high speed look-up
US9641428B2 (en) System and method for paging flow entries in a flow-based switching device
US10057162B1 (en) Extending Virtual Routing and Forwarding at edge of VRF-aware network
US10616105B1 (en) Extending virtual routing and forwarding using source identifiers
US10911405B1 (en) Secure environment on a server
WO2021128927A1 (en) Message processing method and apparatus, storage medium, and electronic apparatus
US20210320881A1 (en) Nic priority queue steering and processor unit frequency tuning based on packet flow analytics
US10868728B2 (en) Graph-based network management
CN111404839A (en) Message processing method and device
CN115242711A (en) Message transmission method and device
CN107682446B (en) Message mirroring method and device and electronic equipment
US10009274B2 (en) Device and method for collapsed forwarding
CN111464455A (en) Message output method and device
CN110839007A (en) Cloud network security processing method and device and computer storage medium
US11271985B2 (en) Method and network node for handling SCTP packets
US9378784B1 (en) Security device using high latency memory to implement high update rate statistics for large number of events
WO2020187124A1 (en) Data processing method and device
US10862980B2 (en) System and method for service discovery in a large network
CN113132273B (en) Data forwarding method and device
US8559430B2 (en) Network connection device, switching circuit device, and method for learning address
US11838267B2 (en) Distributed identity-based firewall policy evaluation
US10862801B1 (en) Selective media access control (MAC) learning and purging to reduce flooding and replication in a network
CN111444218A (en) Matching method and device of combination rules
CN108667769B (en) Method and device for tracing the source of a domain name
CN112532610A (en) Intrusion prevention detection method and device based on TCP segmentation

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant