CN111988231A - Mask five-tuple rule matching method and device - Google Patents
Mask five-tuple rule matching method and device Download PDFInfo
- Publication number
- CN111988231A CN111988231A CN202010845709.7A CN202010845709A CN111988231A CN 111988231 A CN111988231 A CN 111988231A CN 202010845709 A CN202010845709 A CN 202010845709A CN 111988231 A CN111988231 A CN 111988231A
- Authority
- CN
- China
- Prior art keywords
- rule
- mask
- quintuple
- merging
- bit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
- H04L45/745—Address table lookup; Address filtering
- H04L45/74591—Address table lookup; Address filtering using content-addressable memories [CAM]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/901—Indexing; Data structures therefor; Storage structures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/903—Querying
- G06F16/90335—Query processing
- G06F16/90339—Query processing by using parallel associative memories or content-addressable memories
Landscapes
- Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computational Linguistics (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Software Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Telephonic Communication Services (AREA)
Abstract
A mask five-tuple rule matching method is applied to a Ternary Content Addressable Memory (TCAM) chip and comprises the following steps: merging bit feature recognition is carried out on suffix masks in mask quintuple rules in the Database part, and a plurality of mask quintuple rules containing recognized merging bits are merged into one rule; storing the matching results corresponding to the merged rules into the UserData part corresponding to the merged rules together, and distributing the merged bits as indexes to the corresponding matching results respectively; and after the five-tuple information of the data message is matched with the merged rule, indexing a final matching result based on the merging bit. In addition, the embodiment of the invention also provides a rule matching device. By the method and the device provided by the embodiment of the invention, the mask quintuple rule capacity which can be stored by TCAM table item resources can be effectively increased, the utilization rate is increased, and the cost is saved.
Description
Technical Field
The invention relates to the field of network data processing, in particular to a mask five-tuple rule matching method.
Background
In the field of communication technology, an access control entry of a mask quintuple includes a quintuple field and a mask field. The quintuple is a necessary attribute tuple of a data packet in a TCP/IP protocol, and comprises five elements including a source IP address (SIP), a Source Port (SP), a destination IP address (DIP), a Destination Port (DP) and a protocol type (P). And the mask field is the same as the five-tuple field in length, corresponds to the five-tuple field one by one and supports masking according to any bit.
In the existing network data traffic processing device, the mask quintuple function is usually implemented by a ternary content addressable memory TCAM chip. Each bit in general memory can only represent two values: 0 or 1, while TCAM can represent three values per bit: 0. 1 and X, X being indifferent, this X is actually controlled by a corresponding mask bit, in fact the TCAM is physically 2 bits per bit. Just by means of the state bit which is not concerned about, matching based on any mask becomes possible, and the purpose of fuzzy searching matching is achieved.
Mask table entry resources based on TCAM can be divided into two parts, namely Database and User Data, wherein the Database stores table entry matching contents, and the User Data stores results returned after matching. Particularly, Database storage space is a TCAM tri-state storage resource with high price, and User Data storage space is a high-speed memory resource, supports plug-in and has sufficient space capacity.
In the prior art, a mode that 1 mask quintuple rule corresponds to 1 TCAM table entry is adopted, and with the explosive growth of data traffic in the era of big data of the internet, a large number of mask quintuple rules need to be stored to process the received traffic. However, limited by the memory capacity of the TCAM, the number of mask quintuple rules that can be stored in the TCAM entry resource is limited; meanwhile, since TCAMs are very energy consuming and expensive, it is impractical to increase the capacity of TCAMs to accommodate more mask quintuple rules in order to adapt to large-scale traffic scenarios, and at this time, the TCAM storage space has become a bottleneck.
Disclosure of Invention
The invention provides a mask quintuple rule matching method and device, aiming at the problems of high overhead of mask quintuple rule TCAM storage space, low rule capacity expansion and the like in the conventional network data traffic processing equipment.
In one aspect, an embodiment of the present invention provides a mask quintuple rule matching method, which includes the following specific steps:
firstly, merging bit feature recognition is carried out on a suffix mask in a mask quintuple rule in a Database part, and a plurality of mask quintuple rules containing recognized merging bits are merged into one rule;
secondly, storing the matching results corresponding to the merged rules into the User Data part corresponding to the merged rules together, and distributing the merging bits as indexes to the corresponding matching results respectively;
and thirdly, after the quintuple information of the data message is matched with the merging rule, indexing a final matching result based on the merging bit.
On the other hand, the first step in the method for matching a mask five-tuple rule provided by the embodiment of the present invention specifically includes the following steps:
2.1 identifying that the changed bit in the SIP suffix mask field in the mask quintuple rules is set to be in a don't care state;
2.2 the bit with change is used as merging bit, and a plurality of mask quintuple rules containing the merging bit are merged into a rule which occupies a rule storage space.
On the other hand, in the method for matching mask five-tuple rules provided in the embodiment of the present invention, a rule valid flag is set in a matching result portion corresponding to each rule, and the flag is set when a mask rule table entry is created, so as to indicate whether a corresponding mask five-tuple rule exists.
In another aspect, an embodiment of the present invention provides a mask quintuple rule matching apparatus applied in a TCAM chip of a ternary content addressable memory, including:
the rule merging module is used for carrying out merging bit feature identification on a suffix mask in a mask quintuple rule in the Database part and merging a plurality of mask quintuple rules containing identified merging bits into one rule;
a matching result indexing module for storing matching results corresponding to the merged rules in the User Data part corresponding to the merged rules together, and allocating the merged bits as indexes to the corresponding matching results;
and the matching module is used for indexing a final matching result based on the merging bit after the five-tuple information of the data message is matched with the merging rule.
On the premise of meeting the merging characteristics, the number and the size of merging bits, the number of mask rules which can be merged into 1 rule, and the number and the size of result parts can be flexibly adjusted and mastered, so that the method is not only suitable for the IPv4 mask quintuple rule, but also suitable for the IPv6 mask quintuple rule.
By combining the invention, when a large amount of mask quintuple rules need to be stored to process the received flow, on the basis of not increasing the TCAM memory capacity, the invention effectively improves the mask quintuple rule capacity which can be stored by TCAM table item resources, improves the utilization rate and saves the cost, thereby achieving two purposes.
Additional aspects, features and/or advantages of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.
Drawings
These and/or other aspects, features and advantages of the present invention will become apparent and more readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:
FIG. 1 is a schematic diagram of an IPv4 mask quintuple rule in the prior art provided by the present invention
FIG. 2 is a diagram illustrating a data structure of a SIP field in an IPv4 mask quintuple rule in the prior art according to the present invention
FIG. 3 is a schematic diagram of a rule of a merged mask quintuple according to the present invention
FIG. 4 is a flowchart of an IPv4 mask quintuple rule matching method provided by the invention
Detailed Description
Reference will now be made in detail to exemplary embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like reference numerals refer to the like elements throughout. This invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of the invention to those skilled in the art. The exemplary embodiments are described below in order to explain the present invention by referring to the figures.
The embodiment of the invention provides a mask quintuple rule matching method, which combines a plurality of rules to share a Database in an algorithm-assisted mode by using a suffix mask mode and is matched with User Data for auxiliary search, namely physical resources are utilized to the maximum extent by elaborately designing and optimizing TCAM table items, so that the aim of improving rule capacity is fulfilled.
The general TCAM chip has the requirement of minimum bit number alignment for the Database part. Referring to fig. 1, the minimum entry matching length of the TCAM is 80bits (10 bytes), the maximum entry matching length is 640bits (80 bytes), and the configurable entry matching length is 10 bytes, 20 bytes, 40 bytes, 60 bytes, and 80 bytes.
Taking the IPv4 mask quintuple rule as an example, the length of the SIP + DIP + SP + DP + P quintuple is 13 bytes, and according to the requirement of minimum bit number alignment, a single IPv4 mask quintuple rule actually occupies 20 bytes in length, which results in 7-byte space waste.
Taking the IPv6 mask quintuple rule as an example, the length of the SIP + DIP + SP + DP + P quintuple is 37 bytes, and according to the requirement of minimum bit number alignment, a single IPv6 mask quintuple rule actually occupies 40 bytes in length, which results in 3 bytes of space waste.
Example 1
Taking an example of a network data traffic processing device, there are 3 IPv4 mask quintuple rules, whose SIP and DIP address fields are expressed in the form of suffix masks, and SP, DP and P fields are all masked 0 and are not concerned, and the result length is fixed 4 bytes, as shown in table 1:
| Database | User Data |
| SIP=1.1.1.0/24,DIP=2.2.2.0/24,SP=10000,DP=80,P=6 | Result A |
| SIP=1.1.2.0/24,DIP=2.2.2.0/24,SP=10000,DP=80,P=6 | Result B |
| SIP=1.1.3.0/24,DIP=2.2.2.0/24,SP=10000,DP=80,P=6 | Result C |
TABLE 1
According to the conventional storage mode, 3 regular storage spaces are occupied, the don't care part is represented by X, the TCAM storage space consumed by the 3 mask quintuple rule matching part in table 1 is 20 × 3-60 bytes, and as a result, the storage space consumed by the part is 4 × 3-12 bytes, as shown in fig. 1.
The rule matching method provided by the embodiment comprises the following steps:
firstly, merging bit feature recognition is carried out on a suffix mask in a mask quintuple rule in a Database part, and a plurality of mask quintuple rules containing recognized merging bits are merged into one rule;
secondly, storing the matching results corresponding to the merged rules into the User Data part corresponding to the merged rules together, and distributing the merging bits as indexes to the corresponding matching results respectively;
and thirdly, after the quintuple information of the data message is matched with the merging rule, indexing a final matching result based on the merging bit.
The first step specifically comprises: firstly, merging bit feature recognition is carried out on a suffix mask in a mask quintuple rule in a Database part, referring to table 1 and fig. 1, the change rule of the quintuple part of 3 rules is observed, and the change of 2 bits exists only in a SIP field, as shown in fig. 2.
And then, rule merging is carried out, and according to the change rule of 2 bits from '01' to '10' to '11', 3 rules are found to be capable of being merged actually, and the merging position of 2 bits is set to be in a state of no concern. After merging, the value of the 2-bit merging bit is used as the offset of the result part to index the result corresponding to each rule. The merged result takes one rule space, but User Data will contain the results of 3 rules. The change in the rule storage space is shown in fig. 3.
The currently adopted mode that 3 mask quintuple rules correspond to 1 TCAM table entry can improve the capacity of the TCAM rule by 3 times, the use of general storage resources is not increased, and the capacity of the IPv4 mask quintuple rule is effectively improved.
Example 2
In the rule matching method provided by this embodiment, a rule valid flag is introduced into a result portion corresponding to each rule, and occupies a 1-bit storage space, and the flag is set when a mask rule table entry is created, so as to indicate whether a corresponding mask quintuple rule exists.
The merged rule uses the value of the 2-bit merging bit as the offset of the result part to index the result corresponding to each rule, and judges whether the rule exists according to whether the rule valid flag in the result is set, the specific rule matching process is shown in fig. 4, and the specific steps include:
step 4.1, the procedure starts;
step 4.2, inputting a data message;
step 4.3, extracting quintuple information according to the data message, and sending the quintuple information into the TCAM for searching the rule table items;
step 4.4, the merged rule uses the value of the merging bit as the offset of the result part to index the result corresponding to each rule;
step 4.5, judging whether the rule exists according to whether the rule valid flag in the result is set, if so, executing step 11.6, otherwise, executing step 11.7;
step 4.6, outputting a rule table item matching result;
step 4.7, the procedure is ended;
example 3
The mask quintuple rule matching device applied to the ternary content addressable memory TCAM chip provided by the embodiment specifically includes:
the rule merging module is used for carrying out merging bit feature identification on a suffix mask in a mask quintuple rule in the Database part and merging a plurality of mask quintuple rules containing identified merging bits into one rule;
a matching result indexing module for storing matching results corresponding to the merged rules in the User Data part corresponding to the merged rules together, and allocating the merged bits as indexes to the corresponding matching results;
and the matching module is used for indexing a final matching result based on the merging bit after the five-tuple information of the data message is matched with the merging rule.
In a rule matching apparatus provided in this embodiment, the rule merging module further includes: a merging bit identification module for identifying the changed bit in the SIP suffix mask field in the mask quintuple rules to be set as a don't care state; and the merging operation module is used for merging a plurality of mask quintuple rules containing the merging bit into a rule by taking the bit with the change as the merging bit, and the rule storage space is occupied by the merging operation module.
In the rule matching apparatus provided in this embodiment, the mask quintuple rule may be an IPv4 mask quintuple rule, and the merge bit is 2-bit information with a change in an SIP suffix mask field, and the 2-bit information included in the original rule is used as an index and is respectively allocated to a plurality of corresponding matching results after merge storage.
The rule matching apparatus provided in this embodiment further includes a rule validity checking module, configured to set a rule validity flag in a matching result portion corresponding to each rule, where the flag is set when a mask rule table entry is created, and is used to indicate whether a corresponding mask quintuple rule exists.
In the rule matching apparatus provided in this embodiment, the matching result indexing module specifically includes:
the extraction module is used for extracting quintuple information according to the data message and sending the quintuple information into the TCAM for searching the rule table items;
the offset index module is used for matching the quintuple information of the data message with the merged rule, and then the merged rule uses the value of the merging bit as the offset of the result part to index the matching result corresponding to each rule;
and the validity verification module is used for judging whether the rule exists according to the rule validity mark, outputting a matching result if the rule exists, and ending if the rule does not exist.
Although a few exemplary embodiments of the present invention have been shown and described, it would be appreciated by those skilled in the art that changes may be made in these exemplary embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the claims and their equivalents.
Claims (10)
1. A mask five-tuple rule matching method is applied to a Ternary Content Addressable Memory (TCAM) chip and specifically comprises the following steps:
firstly, merging bit feature recognition is carried out on a suffix mask in a mask quintuple rule in a Database part, and a plurality of mask quintuple rules containing recognized merging bits are merged into one rule;
secondly, storing the matching results corresponding to the merged rules into the User Data part corresponding to the merged rules together, and distributing the merging bits as indexes to the corresponding matching results respectively;
and thirdly, after the quintuple information of the data message is matched with the merging rule, indexing a final matching result based on the merging bit.
2. The method of claim 1, wherein the first step specifically comprises the steps of:
2.1 identifying that the changed bit in the SIP suffix mask field in the mask quintuple rules is set to be in a don't care state;
2.2 the bit with change is used as merging bit, and a plurality of mask quintuple rules containing the merging bit are merged into a rule which occupies a rule storage space.
3. The method as claimed in claim 1 or 2, wherein when the mask quintuple rule is IPv4 mask quintuple rule, the merge bit is 2-bit information with change in SIP suffix mask field, and the 2-bit information included in the original rule is used as index to be respectively allocated to a plurality of corresponding match results after merge storage.
4. The method as claimed in claim 3, wherein a rule valid flag is set in the matching result portion corresponding to each rule, and the flag is set when the mask rule table entry is created, so as to indicate whether the corresponding mask quintuple rule exists.
5. The method for matching a mask quintuple rule according to claim 4, wherein the third step specifically comprises the steps of:
3.1 extracting quintuple information according to the data message, and sending the quintuple information into a TCAM (ternary content addressable memory) for searching a rule table item;
3.2 after the five-tuple information of the data message is matched with the merged rule, the merged rule uses the value of the merging bit as the offset of the result part to index the matching result corresponding to each rule;
3.3 judging whether the rule exists according to the rule valid mark, if so, outputting a matching result, and if not, ending.
6. A mask five-tuple rule matching device applied to a Ternary Content Addressable Memory (TCAM) chip is characterized by comprising the following components:
the rule merging module is used for carrying out merging bit feature identification on a suffix mask in a mask quintuple rule in the Database part and merging a plurality of mask quintuple rules containing identified merging bits into one rule;
a matching result indexing module for storing matching results corresponding to the merged rules in the User Data part corresponding to the merged rules together, and allocating the merged bits as indexes to the corresponding matching results;
and the matching module is used for indexing a final matching result based on the merging bit after the five-tuple information of the data message is matched with the merging rule.
7. The mask quintuple rule matching device of claim 6, wherein the rule merge module further comprises:
a merging bit identification module for identifying the changed bit in the SIP suffix mask field in the mask quintuple rules to be set as a don't care state;
and the merging operation module is used for merging a plurality of mask quintuple rules containing the merging bit into one rule by taking the bit with the change as the merging bit, and the rule storage space is occupied by the merging operation module.
8. The mask quintuple rule matching device of claim 6 or 7, wherein when the mask quintuple rule is the IPv4 mask quintuple rule, the merge bit is 2-bit information with a change in an SIP suffix mask field, and the 2-bit information included in the original rule is respectively allocated as an index to a plurality of corresponding matching results after the merge storage.
9. The mask quintuple rule matching device of claim 8, further comprising a rule validity checking module for setting a rule valid flag in a matching result portion corresponding to each rule, wherein the flag is set when the mask rule table entry is created, so as to indicate whether the corresponding mask quintuple rule exists.
10. The mask quintuple rule matching device according to claim 9, wherein the matching result indexing module specifically comprises:
the extraction module is used for extracting quintuple information according to the data message and sending the quintuple information into the TCAM for searching the rule table items;
the offset index module is used for matching the quintuple information of the data message with the merged rule, and then the merged rule uses the value of the merging bit as the offset of the result part to index the matching result corresponding to each rule;
and the validity verification module is used for judging whether the rule exists according to the rule validity mark, outputting a matching result if the rule exists, and ending if the rule does not exist.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010845709.7A CN111988231B (en) | 2020-08-20 | 2020-08-20 | Mask quintuple rule matching method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010845709.7A CN111988231B (en) | 2020-08-20 | 2020-08-20 | Mask quintuple rule matching method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111988231A true CN111988231A (en) | 2020-11-24 |
| CN111988231B CN111988231B (en) | 2022-07-22 |
Family
ID=73444264
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010845709.7A Active CN111988231B (en) | 2020-08-20 | 2020-08-20 | Mask quintuple rule matching method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111988231B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112769813A (en) * | 2020-12-31 | 2021-05-07 | 深圳市东晟数据有限公司 | Matching method of multi-prefix mask quintuple |
| CN113660165A (en) * | 2021-08-09 | 2021-11-16 | 国家计算机网络与信息安全管理中心 | Mask rule matching method based on TCAM, electronic equipment and storage medium |
| CN114430341A (en) * | 2021-12-29 | 2022-05-03 | 武汉绿色网络信息服务有限责任公司 | Method and device for realizing conversion from exact rule to mask rule |
| WO2023116318A1 (en) * | 2021-12-23 | 2023-06-29 | 苏州盛科通信股份有限公司 | Packet processing method and apparatus, electronic device and computer storage medium |
| CN118427408A (en) * | 2024-07-04 | 2024-08-02 | 国家计算机网络与信息安全管理中心 | Five-tuple keyword matching method and device for prefix mask |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101075903A (en) * | 2006-05-17 | 2007-11-21 | 中兴通讯股份有限公司 | Method and apparatus for allocating network resource |
| CN101350771A (en) * | 2008-07-07 | 2009-01-21 | 中国人民解放军国防科学技术大学 | Three-state content addressable memory entry sort-free storage method and system thereof |
| CN101459576A (en) * | 2007-12-14 | 2009-06-17 | 上海博达数据通信有限公司 | IP ACL mergence optimization process implementing method |
| CN102375820A (en) * | 2010-08-12 | 2012-03-14 | 盛科网络(苏州)有限公司 | Method for compressing TCAM (ternary content addressable memory) table items |
| US20120072380A1 (en) * | 2010-07-16 | 2012-03-22 | Board Of Trustees Of Michigan State University | Regular expression matching using tcams for network intrusion detection |
| CN103226551A (en) * | 2012-01-31 | 2013-07-31 | 中国科学技术大学 | Matching method and device based on TCAM (ternary content addressable memory) for NFA (non-deterministic finite automaton) |
| US8719917B1 (en) * | 2009-02-17 | 2014-05-06 | Juniper Networks, Inc. | Merging firewall filters using merge graphs |
| CN103795644A (en) * | 2014-01-27 | 2014-05-14 | 福建星网锐捷网络有限公司 | Strategy table entry collocation method, device and system |
| CN104468381A (en) * | 2014-12-01 | 2015-03-25 | 国家计算机网络与信息安全管理中心 | Implementation method for multi-field rule matching |
| WO2017021861A1 (en) * | 2015-08-05 | 2017-02-09 | International Business Machines Corporation | Ternary content addressable memory |
| US9672239B1 (en) * | 2012-10-16 | 2017-06-06 | Marvell Israel (M.I.S.L.) Ltd. | Efficient content addressable memory (CAM) architecture |
-
2020
- 2020-08-20 CN CN202010845709.7A patent/CN111988231B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101075903A (en) * | 2006-05-17 | 2007-11-21 | 中兴通讯股份有限公司 | Method and apparatus for allocating network resource |
| CN101459576A (en) * | 2007-12-14 | 2009-06-17 | 上海博达数据通信有限公司 | IP ACL mergence optimization process implementing method |
| CN101350771A (en) * | 2008-07-07 | 2009-01-21 | 中国人民解放军国防科学技术大学 | Three-state content addressable memory entry sort-free storage method and system thereof |
| US8719917B1 (en) * | 2009-02-17 | 2014-05-06 | Juniper Networks, Inc. | Merging firewall filters using merge graphs |
| US20120072380A1 (en) * | 2010-07-16 | 2012-03-22 | Board Of Trustees Of Michigan State University | Regular expression matching using tcams for network intrusion detection |
| CN102375820A (en) * | 2010-08-12 | 2012-03-14 | 盛科网络(苏州)有限公司 | Method for compressing TCAM (ternary content addressable memory) table items |
| CN103226551A (en) * | 2012-01-31 | 2013-07-31 | 中国科学技术大学 | Matching method and device based on TCAM (ternary content addressable memory) for NFA (non-deterministic finite automaton) |
| US9672239B1 (en) * | 2012-10-16 | 2017-06-06 | Marvell Israel (M.I.S.L.) Ltd. | Efficient content addressable memory (CAM) architecture |
| CN103795644A (en) * | 2014-01-27 | 2014-05-14 | 福建星网锐捷网络有限公司 | Strategy table entry collocation method, device and system |
| CN104468381A (en) * | 2014-12-01 | 2015-03-25 | 国家计算机网络与信息安全管理中心 | Implementation method for multi-field rule matching |
| WO2017021861A1 (en) * | 2015-08-05 | 2017-02-09 | International Business Machines Corporation | Ternary content addressable memory |
Non-Patent Citations (2)
| Title |
|---|
| 彭坤杨: "基于TCAM的高速可扩展的正则表达式匹配技术", 《中国优秀博硕士学位论文全文数据库(博士)信息科技辑》 * |
| 王孝龙等: "基于独立规则集位提取的包分类压缩方法", 《计算机应用》 * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112769813A (en) * | 2020-12-31 | 2021-05-07 | 深圳市东晟数据有限公司 | Matching method of multi-prefix mask quintuple |
| CN112769813B (en) * | 2020-12-31 | 2022-10-21 | 深圳市东晟数据有限公司 | Matching method of multi-prefix mask quintuple |
| CN113660165A (en) * | 2021-08-09 | 2021-11-16 | 国家计算机网络与信息安全管理中心 | Mask rule matching method based on TCAM, electronic equipment and storage medium |
| WO2023116318A1 (en) * | 2021-12-23 | 2023-06-29 | 苏州盛科通信股份有限公司 | Packet processing method and apparatus, electronic device and computer storage medium |
| CN114430341A (en) * | 2021-12-29 | 2022-05-03 | 武汉绿色网络信息服务有限责任公司 | Method and device for realizing conversion from exact rule to mask rule |
| CN118427408A (en) * | 2024-07-04 | 2024-08-02 | 国家计算机网络与信息安全管理中心 | Five-tuple keyword matching method and device for prefix mask |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111988231B (en) | 2022-07-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111988231B (en) | Mask quintuple rule matching method and device | |
| US10476794B2 (en) | Efficient caching of TCAM rules in RAM | |
| US10496680B2 (en) | High-performance bloom filter array | |
| US9984144B2 (en) | Efficient lookup of TCAM-like rules in RAM | |
| US6434144B1 (en) | Multi-level table lookup | |
| US10491521B2 (en) | Field checking based caching of ACL lookups to ease ACL lookup search | |
| US7408932B2 (en) | Method and apparatus for two-stage packet classification using most specific filter matching and transport level sharing | |
| US20040230583A1 (en) | Comparison tree data structures of particular use in performing lookup operations | |
| US20040254909A1 (en) | Programming routes and access control lists in comparison tree data structures and their use such as in performing lookup operations | |
| EP3258657B1 (en) | Ip route caching with two search stages on prefix length | |
| CN111984835B (en) | IPv4 mask quintuple rule storage compression method and device | |
| US20050018683A1 (en) | IP address storage technique for longest prefix match | |
| US7317723B1 (en) | Action based termination of multidimensional lookup | |
| CN104579941A (en) | Message classification method in OpenFlow switch | |
| US10616113B2 (en) | Longest prefix match using a binary search tree with compressed hash tables | |
| US7403526B1 (en) | Partitioning and filtering a search space of particular use for determining a longest prefix match thereon | |
| CN106713144A (en) | Read-write method of message exit information and forwarding engine | |
| US20200042629A1 (en) | Field Variability based TCAM Splitting | |
| US6970971B1 (en) | Method and apparatus for mapping prefixes and values of a hierarchical space to other representations | |
| CN113806403A (en) | Method for reducing search matching logic resources in intelligent network card/DPU | |
| US6687715B2 (en) | Parallel lookups that keep order | |
| US7558775B1 (en) | Methods and apparatus for maintaining sets of ranges typically using an associative memory and for using these ranges to identify a matching range based on a query point or query range and to maintain sorted elements for use such as in providing priority queue operations | |
| US7299317B1 (en) | Assigning prefixes to associative memory classes based on a value of a last bit of each prefix and their use including but not limited to locating a prefix and for maintaining a Patricia tree data structure | |
| US20050262294A1 (en) | Method for policy matching using a hybrid TCAM and memory-based scheme | |
| US11502957B2 (en) | Avoiding markers for longest prefix match based on binary search tree algorithm |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |