CN105791142B - A kind of labeling method of TAP message - Google Patents
A kind of labeling method of TAP message Download PDFInfo
- Publication number
- CN105791142B CN105791142B CN201610134482.9A CN201610134482A CN105791142B CN 105791142 B CN105791142 B CN 105791142B CN 201610134482 A CN201610134482 A CN 201610134482A CN 105791142 B CN105791142 B CN 105791142B
- Authority
- CN
- China
- Prior art keywords
- message
- tap
- head
- layers
- labeling method
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/13—Flow control; Congestion control in a LAN segment, e.g. ring or bus
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/24—Traffic characterised by specific attributes, e.g. priority or QoS
- H04L47/2483—Traffic characterised by specific attributes, e.g. priority or QoS involving identification of individual flows
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/34—Flow control; Congestion control ensuring sequence integrity, e.g. using sequence numbers
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Present invention discloses a kind of labeling methods of TAP message, comprising: calculates the nsec stamp of outgoing packet, while the source port of recorded message in the inbound port for receiving message;Match ACL, after message matching to ACL, the ID that is flowed by the ACL;Exit port in message edits message: one or two layers of head added in header and a section protocol message is added behind two layers of head, the ID of the source port, nsec stamp and stream in the protocol massages including message.The present invention is in a manner of a kind of very flexible packet labeling, the ID of the source port, timestamp and stream that report text can be marked on original message, so that being conducive to the convection current of server analysis software carries out finer accurately analysis and the exploitation conducive to server analysis software.
Description
Technical field
The present invention relates to a kind of flow label technologies, and more particularly, to a kind of TAP, (full name in English is test access
Point) the method for the ID of packet labeling source port, timestamp and stream.
Background technique
With the high speed development of internet, data center network is more and more huger, for the demand of network monitoring and analysis
It is increasingly stronger.Stream can be introduced into Analysis server by diverter device at present to analyze, needed through some labels
The details of mode Tell server stream.
Existing diverter device passes through ACL (Access Control List, accesses control list) generally to match stream
Amount adds vlan (Virtual Local Area Network, virtual LAN) according to source port, is then introduced into stream point
Analyse server.Which port Analysis server distinguishes message according to vlan from, obtains the equipment being monitored from which.But
It is that may inherently carry vlan in message, will causes to obscure, and needs to safeguard vlan and source up in Analysis server
Relationship between port brings difficulty to the realization of analysis software;And the program can not be marked based on flowing away, granularity
It is not thin enough.
There are also existing by being stabbed for adding nsec in additional 4 bytes of message tail.Diverter device and point
Notice the time of second grade between analysis server by some slow protocol massages again.But server analysis software can not be predicted
Whether timestamp can be carried, and need to cooperate slow agreement, equally increase the complexity of analysis software realization.
Summary of the invention
It is an object of the invention to overcome the deficiencies of existing technologies, a kind of labeling method of TAP message is provided, to support to report
Text marks the ID of upper source port, timestamp and stream, to be conducive to the analysis and respective server analysis of Analysis server convection current
The exploitation of software.
To achieve the above object, the following technical solutions are proposed: a kind of labeling method of TAP message by the present invention, comprising:
The nsec stamp of outgoing packet, while the source port of recorded message are calculated in the inbound port for receiving message;
After message matching to ACL, the ID that is flowed by the ACL;
Message is edited in the exit port of message: adding one or two layers of head in header and in two layers of head
A section protocol message, the ID that the source port, nsec including message are stabbed and flowed in the protocol massages are added below.
Preferably, two layers of head is ether net head, and two layers of head includes target MAC (Media Access Control) address and the source MAC of message
Location.
Preferably, the protocol number of two layers of head is customized by the user.
Preferably, the nsec stamp in the protocol massages is TOD format.
Preferably, the method also includes: in the inbound port of message, according to the length of required message, by original message tail
The data in portion are abandoned.
Preferably, the method also includes: the TAP message after label is fed in Analysis server and is analyzed.
Preferably, the Analysis server is analyzed after being flowed according to the ID of the stream carried in message subdivision.
Preferably, the message analysis process of the Analysis server are as follows: distinguish message according to the two of message layers of head first
Type, then according to message carry the protocol massages analysis message TCP flow amount.
Preferably, the process for the TCP flow amount that Analysis server analyzes message according to protocol massages includes: that analysis source port obtains
Obtain the equipment which flow be monitored from;Analysis nsec stamp calculates the time delay of network.
Preferably, the length of the ID of the source port and stream is 4 bytes, and the length of the nsec stamp is 16
A byte.
The beneficial effects of the present invention are:
1, the protocol number for being added to two layers of new head and two layers of head is customized by the user, and has customized two-layer protocol number
Afterwards, server analysis software is convenient for exploitation.
2, the timestamp added is TOD timestamp, meets the time format of Analysis server, and can be accurate to nanosecond
Not.
3, source port can be flexibly marked, marks source port relatively sharp with vlan than existing.
4, the ID of stream can be marked, subdivision stream can allow Analysis server to be more accurately monitored to message.
Detailed description of the invention
Fig. 1 is the flow diagram of the labeling method of TAP message of the present invention;
Fig. 2 is the functional block diagram schematic diagram of TAP packet labeling of the present invention.
Specific embodiment
Below in conjunction with attached drawing of the invention, clear, complete description is carried out to the technical solution of the embodiment of the present invention.
A kind of labeling method of disclosed TAP message mainly solves the energy that flow label is carried out after flow point picks
Power can mark source port, timestamp and the stream for reporting text in a manner of a kind of very flexible packet labeling on original message
ID, so that being conducive to the convection current of server analysis software carries out finer accurately analysis and opening conducive to server analysis software
Hair.
Referring to figs. 1 and 2, the labeling method of disclosed a kind of TAP message, comprising the following steps:
Firstly, calculating the nsec stamp of outgoing packet, while the source port of recorded message in the inbound port for receiving message.
Specifically, message calculates nanosecond when outgoing packet enters chip by chip after the entrance of the message inbound port of chip
Grade timestamp, chip will record the source port information of lower message simultaneously, then put calculated timestamp and source port together
Into message.It should be noted that timestamp here is marked before message enters chip, portion stays message in the chip
The time is stayed not to be added on the timestamp.
Secondly, after message matching to ACL, the ID that is flowed by ACL.
Specifically, chip carries out ACL matched and searched according to matching field corresponding in message, mutually deserved if finding
To the ID of stream.The ID of stream is also accordingly put into message.
Finally, the exit port in message edits message: adding one or two layers of head in header and in two layers of head
Behind add a section protocol message, the ID of source port, nsec stamp and stream in protocol massages including message.
Specifically, when editing to message, two layers of new head are added in header first, for identifying report
The type of text, the protocol number of the two layers of head added here are carried out customized using privately owned by user, flexibility is higher.This
The two layers of head added in embodiment are ether net head, and the format of ether net head includes: that preceding 6 bytes (Bytes) are purpose MAC
Location (MAC da), behind 6 Bytes be source MAC (MAC sa).
Then a section protocol message is added again behind two layers of newly-increased head, for message to be marked.This agreement
The nsec stamp for the message that said chip obtains, the ID of source port and stream are contained in message.Preferably, the nanosecond of label
The format of grade timestamp use standard TOD (full name in English for Time of day) time format, preceding 32 expressions second (phase
For 1970-01-01,08:00:00), rear 32 expression nanoseconds, the message of this format meets the when layout of Analysis server
Formula, and nanosecond rank can be accurate to.In the present embodiment, source port is marked with 4 bytes, 4 bytes mark the ID of stream, and 16
A byte marks TOD timestamp.
In addition, after chip receives message from inbound port, using core if two layers of head of addition make message length too long
The message break-in facility of piece is abandoned the data truncation of original message tail portion according to the length of required message.Such as original
The length of beginning message is 512Byte, and needing to be truncated is 128Byte, then the 384Byte of message tail is cut out, final message
The 128Byte that stem starts.
After packet labeling, the TAP message after label is sent in corresponding Analysis server and is analyzed.Analysis Service
The plug-in unit (such as Wireshark plug-in unit) for needing to increase some network package analysis softwares in device carrys out analytic message.
Specifically, according to being analyzed after the ID of the stream carried in message subdivision stream, i.e., of the invention divides Analysis server
Analysing server is analyzed based on stream, and fine size can more accurately be monitored message.Analysis server can lead to
The ether net head (ether net header) crossed in identification message distinguishes such message, then (i.e. according to the information of carrying
Information in protocol massages) analysis TCP flow amount.
By the source port and timestamp information carried in message, Analysis server is known that message is every in data center
The precise time of a level consumption.Specifically, the equipment that flow is monitored from which platform can be distinguished by source port,
The time delay (latency) of network can be calculated by timestamp information.
Technology contents and technical characteristic of the invention have revealed that as above, however those skilled in the art still may base
Make various replacements and modification without departing substantially from spirit of that invention, therefore, the scope of the present invention in teachings of the present invention and announcement
It should be not limited to the revealed content of embodiment, and should include various without departing substantially from replacement and modification of the invention, and be this patent Shen
Please claim covered.
Claims (9)
1. a kind of labeling method of TAP message characterized by comprising
The nsec stamp of outgoing packet, while the source port of recorded message are calculated in the inbound port for receiving message;
After message matching to ACL, the ID that is flowed by the ACL;
Exit port in message edits message: adding one or two layers of head in header and behind two layers of head
A section protocol message is added, the ID that the source port, nsec including message are stabbed and flowed in the protocol massages is described
Nsec stamp in protocol massages is TOD format.
2. the labeling method of TAP message according to claim 1, which is characterized in that two layers of head is ether net head, institute
State the target MAC (Media Access Control) address and source MAC that two layers of head include message.
3. the labeling method of TAP message according to claim 1 or 2, which is characterized in that the protocol number of two layers of head by
User is customized.
4. the labeling method of TAP message according to claim 1, which is characterized in that the method also includes: in message
Inbound port abandons the data of original message tail portion according to the length of required message.
5. the labeling method of TAP message according to claim 1, which is characterized in that the method also includes: after label
TAP message be sent in Analysis server and analyzed.
6. the labeling method of TAP message according to claim 5, which is characterized in that the Analysis server is according to message
It is analyzed after the ID subdivision stream of the stream of middle carrying.
7. the labeling method of TAP message according to claim 5 or 6, which is characterized in that the message of the Analysis server
Analytic process are as follows: distinguish the type of message according to the two of message layers of head first, the agreement report then carried according to message
The TCP flow amount of text analysis message.
8. the labeling method of TAP message according to claim 7, which is characterized in that the Analysis server is according to agreement
The process of the TCP flow amount of message analysis message includes: to analyze source port to obtain the equipment which flow be monitored from;Analysis is received
Second grade timestamp calculates the time delay of network.
9. the labeling method of TAP message according to claim 1, which is characterized in that the length of the ID of the source port and stream
Degree is 4 bytes, and the length of the nsec stamp is 16 bytes.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610134482.9A CN105791142B (en) | 2016-03-10 | 2016-03-10 | A kind of labeling method of TAP message |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610134482.9A CN105791142B (en) | 2016-03-10 | 2016-03-10 | A kind of labeling method of TAP message |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105791142A CN105791142A (en) | 2016-07-20 |
CN105791142B true CN105791142B (en) | 2019-03-26 |
Family
ID=56388046
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610134482.9A Active CN105791142B (en) | 2016-03-10 | 2016-03-10 | A kind of labeling method of TAP message |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105791142B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107566201B (en) * | 2016-06-30 | 2020-08-25 | 华为技术有限公司 | Message processing method and device |
CN111416714B (en) * | 2020-04-08 | 2023-05-30 | 北京信安世纪科技股份有限公司 | Method and system for realizing label exchange in SM9 algorithm based on SSL protocol |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1794672A (en) * | 2006-01-06 | 2006-06-28 | 杭州华为三康技术有限公司 | Method of implementing data image |
CN103117900A (en) * | 2013-02-01 | 2013-05-22 | 山东大学 | Configurable industrial Ethernet data parsing system and parsing method |
CN103812707A (en) * | 2014-02-28 | 2014-05-21 | 上海斐讯数据通信技术有限公司 | Forwarding processing method of line identity messages |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9407450B2 (en) * | 2012-05-01 | 2016-08-02 | Cisco Technnology, Inc. | Method and apparatus for providing tenant information for network flows |
-
2016
- 2016-03-10 CN CN201610134482.9A patent/CN105791142B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1794672A (en) * | 2006-01-06 | 2006-06-28 | 杭州华为三康技术有限公司 | Method of implementing data image |
CN103117900A (en) * | 2013-02-01 | 2013-05-22 | 山东大学 | Configurable industrial Ethernet data parsing system and parsing method |
CN103812707A (en) * | 2014-02-28 | 2014-05-21 | 上海斐讯数据通信技术有限公司 | Forwarding processing method of line identity messages |
Also Published As
Publication number | Publication date |
---|---|
CN105791142A (en) | 2016-07-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Krishnamoorthi et al. | BUFFEST: Predicting buffer conditions and real-time requirements of HTTP (S) adaptive streaming clients | |
KR100523486B1 (en) | Traffic measurement system and traffic analysis method thereof | |
CN105024985B (en) | A kind of message processing method and device | |
CN104102687A (en) | Identification and classification of web traffic inside encrypted network tunnels | |
CN106656801A (en) | Method and device for redirection of forwarding path of business flow and business flow forwarding system | |
CN105099916B (en) | Open flows route exchange device and its processing method to data message | |
WO2003084137A3 (en) | Methods for identifying network traffic flows | |
CN106411642B (en) | A kind of method and apparatus of message forwarding path detection | |
CN105791142B (en) | A kind of labeling method of TAP message | |
CN104657428A (en) | Non-perceivable internet advertisement push method and device | |
CN110430191A (en) | Safe early warning method and device in dispatch data net based on protocol identification | |
CN103458516A (en) | Method and device for processing user data traffic in radio access network | |
CN106953749A (en) | A kind of transformer station process layer network method of real-time | |
EP2668750B1 (en) | Methods and apparatuses for facilitating determination of a state of a receiver buffer | |
CN110191024B (en) | Network traffic monitoring method and device | |
CN102571946B (en) | Realization method of protocol identification and control system based on P2P (peer-to-peer network) | |
CN108023787A (en) | Ethernet service test device and method based on FPGA | |
CN104518919B (en) | A kind of measuring method of group service time delay | |
CN104301743A (en) | Method for transmitting video, gateway device and video transmitting system | |
CN102932285A (en) | Message packaging method and message analysis method and device | |
CN104811959B (en) | Mobile network user perception analysis system and method based on big data | |
CN109275045A (en) | Mobile terminal encrypted video ad traffic recognition methods based on DFI | |
CN102347860A (en) | Method and device for evaluating quality of network application | |
CN108833195B (en) | Process-based network data flow analysis method | |
CN101951330A (en) | Bidirectional joint detection device and method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CP03 | Change of name, title or address |
Address after: 215101 unit 13 / 16, 4th floor, building B, No. 5, Xinghan street, Suzhou Industrial Park, Jiangsu Province Patentee after: Suzhou Shengke Communication Co.,Ltd. Address before: 215021 unit 13 / 16, floor 4, building B, No. 5, Xinghan street, industrial park, Suzhou, Jiangsu Province Patentee before: CENTEC NETWORKS (SU ZHOU) Co.,Ltd. |
|
CP03 | Change of name, title or address |