CN105791142B - A kind of labeling method of TAP message - Google Patents

A kind of labeling method of TAP message Download PDF

Info

Publication number
CN105791142B
CN105791142B CN201610134482.9A CN201610134482A CN105791142B CN 105791142 B CN105791142 B CN 105791142B CN 201610134482 A CN201610134482 A CN 201610134482A CN 105791142 B CN105791142 B CN 105791142B
Authority
CN
China
Prior art keywords
message
tap
head
layers
labeling method
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610134482.9A
Other languages
Chinese (zh)
Other versions
CN105791142A (en
Inventor
成伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Suzhou Centec Communications Co Ltd
Original Assignee
Centec Networks Suzhou Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Centec Networks Suzhou Co Ltd filed Critical Centec Networks Suzhou Co Ltd
Priority to CN201610134482.9A priority Critical patent/CN105791142B/en
Publication of CN105791142A publication Critical patent/CN105791142A/en
Application granted granted Critical
Publication of CN105791142B publication Critical patent/CN105791142B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/13Flow control; Congestion control in a LAN segment, e.g. ring or bus
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/24Traffic characterised by specific attributes, e.g. priority or QoS
    • H04L47/2483Traffic characterised by specific attributes, e.g. priority or QoS involving identification of individual flows
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/34Flow control; Congestion control ensuring sequence integrity, e.g. using sequence numbers

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Present invention discloses a kind of labeling methods of TAP message, comprising: calculates the nsec stamp of outgoing packet, while the source port of recorded message in the inbound port for receiving message;Match ACL, after message matching to ACL, the ID that is flowed by the ACL;Exit port in message edits message: one or two layers of head added in header and a section protocol message is added behind two layers of head, the ID of the source port, nsec stamp and stream in the protocol massages including message.The present invention is in a manner of a kind of very flexible packet labeling, the ID of the source port, timestamp and stream that report text can be marked on original message, so that being conducive to the convection current of server analysis software carries out finer accurately analysis and the exploitation conducive to server analysis software.

Description

A kind of labeling method of TAP message
Technical field
The present invention relates to a kind of flow label technologies, and more particularly, to a kind of TAP, (full name in English is test access Point) the method for the ID of packet labeling source port, timestamp and stream.
Background technique
With the high speed development of internet, data center network is more and more huger, for the demand of network monitoring and analysis It is increasingly stronger.Stream can be introduced into Analysis server by diverter device at present to analyze, needed through some labels The details of mode Tell server stream.
Existing diverter device passes through ACL (Access Control List, accesses control list) generally to match stream Amount adds vlan (Virtual Local Area Network, virtual LAN) according to source port, is then introduced into stream point Analyse server.Which port Analysis server distinguishes message according to vlan from, obtains the equipment being monitored from which.But It is that may inherently carry vlan in message, will causes to obscure, and needs to safeguard vlan and source up in Analysis server Relationship between port brings difficulty to the realization of analysis software;And the program can not be marked based on flowing away, granularity It is not thin enough.
There are also existing by being stabbed for adding nsec in additional 4 bytes of message tail.Diverter device and point Notice the time of second grade between analysis server by some slow protocol massages again.But server analysis software can not be predicted Whether timestamp can be carried, and need to cooperate slow agreement, equally increase the complexity of analysis software realization.
Summary of the invention
It is an object of the invention to overcome the deficiencies of existing technologies, a kind of labeling method of TAP message is provided, to support to report Text marks the ID of upper source port, timestamp and stream, to be conducive to the analysis and respective server analysis of Analysis server convection current The exploitation of software.
To achieve the above object, the following technical solutions are proposed: a kind of labeling method of TAP message by the present invention, comprising:
The nsec stamp of outgoing packet, while the source port of recorded message are calculated in the inbound port for receiving message;
After message matching to ACL, the ID that is flowed by the ACL;
Message is edited in the exit port of message: adding one or two layers of head in header and in two layers of head A section protocol message, the ID that the source port, nsec including message are stabbed and flowed in the protocol massages are added below.
Preferably, two layers of head is ether net head, and two layers of head includes target MAC (Media Access Control) address and the source MAC of message Location.
Preferably, the protocol number of two layers of head is customized by the user.
Preferably, the nsec stamp in the protocol massages is TOD format.
Preferably, the method also includes: in the inbound port of message, according to the length of required message, by original message tail The data in portion are abandoned.
Preferably, the method also includes: the TAP message after label is fed in Analysis server and is analyzed.
Preferably, the Analysis server is analyzed after being flowed according to the ID of the stream carried in message subdivision.
Preferably, the message analysis process of the Analysis server are as follows: distinguish message according to the two of message layers of head first Type, then according to message carry the protocol massages analysis message TCP flow amount.
Preferably, the process for the TCP flow amount that Analysis server analyzes message according to protocol massages includes: that analysis source port obtains Obtain the equipment which flow be monitored from;Analysis nsec stamp calculates the time delay of network.
Preferably, the length of the ID of the source port and stream is 4 bytes, and the length of the nsec stamp is 16 A byte.
The beneficial effects of the present invention are:
1, the protocol number for being added to two layers of new head and two layers of head is customized by the user, and has customized two-layer protocol number Afterwards, server analysis software is convenient for exploitation.
2, the timestamp added is TOD timestamp, meets the time format of Analysis server, and can be accurate to nanosecond Not.
3, source port can be flexibly marked, marks source port relatively sharp with vlan than existing.
4, the ID of stream can be marked, subdivision stream can allow Analysis server to be more accurately monitored to message.
Detailed description of the invention
Fig. 1 is the flow diagram of the labeling method of TAP message of the present invention;
Fig. 2 is the functional block diagram schematic diagram of TAP packet labeling of the present invention.
Specific embodiment
Below in conjunction with attached drawing of the invention, clear, complete description is carried out to the technical solution of the embodiment of the present invention.
A kind of labeling method of disclosed TAP message mainly solves the energy that flow label is carried out after flow point picks Power can mark source port, timestamp and the stream for reporting text in a manner of a kind of very flexible packet labeling on original message ID, so that being conducive to the convection current of server analysis software carries out finer accurately analysis and opening conducive to server analysis software Hair.
Referring to figs. 1 and 2, the labeling method of disclosed a kind of TAP message, comprising the following steps:
Firstly, calculating the nsec stamp of outgoing packet, while the source port of recorded message in the inbound port for receiving message.
Specifically, message calculates nanosecond when outgoing packet enters chip by chip after the entrance of the message inbound port of chip Grade timestamp, chip will record the source port information of lower message simultaneously, then put calculated timestamp and source port together Into message.It should be noted that timestamp here is marked before message enters chip, portion stays message in the chip The time is stayed not to be added on the timestamp.
Secondly, after message matching to ACL, the ID that is flowed by ACL.
Specifically, chip carries out ACL matched and searched according to matching field corresponding in message, mutually deserved if finding To the ID of stream.The ID of stream is also accordingly put into message.
Finally, the exit port in message edits message: adding one or two layers of head in header and in two layers of head Behind add a section protocol message, the ID of source port, nsec stamp and stream in protocol massages including message.
Specifically, when editing to message, two layers of new head are added in header first, for identifying report The type of text, the protocol number of the two layers of head added here are carried out customized using privately owned by user, flexibility is higher.This The two layers of head added in embodiment are ether net head, and the format of ether net head includes: that preceding 6 bytes (Bytes) are purpose MAC Location (MAC da), behind 6 Bytes be source MAC (MAC sa).
Then a section protocol message is added again behind two layers of newly-increased head, for message to be marked.This agreement The nsec stamp for the message that said chip obtains, the ID of source port and stream are contained in message.Preferably, the nanosecond of label The format of grade timestamp use standard TOD (full name in English for Time of day) time format, preceding 32 expressions second (phase For 1970-01-01,08:00:00), rear 32 expression nanoseconds, the message of this format meets the when layout of Analysis server Formula, and nanosecond rank can be accurate to.In the present embodiment, source port is marked with 4 bytes, 4 bytes mark the ID of stream, and 16 A byte marks TOD timestamp.
In addition, after chip receives message from inbound port, using core if two layers of head of addition make message length too long The message break-in facility of piece is abandoned the data truncation of original message tail portion according to the length of required message.Such as original The length of beginning message is 512Byte, and needing to be truncated is 128Byte, then the 384Byte of message tail is cut out, final message The 128Byte that stem starts.
After packet labeling, the TAP message after label is sent in corresponding Analysis server and is analyzed.Analysis Service The plug-in unit (such as Wireshark plug-in unit) for needing to increase some network package analysis softwares in device carrys out analytic message.
Specifically, according to being analyzed after the ID of the stream carried in message subdivision stream, i.e., of the invention divides Analysis server Analysing server is analyzed based on stream, and fine size can more accurately be monitored message.Analysis server can lead to The ether net head (ether net header) crossed in identification message distinguishes such message, then (i.e. according to the information of carrying Information in protocol massages) analysis TCP flow amount.
By the source port and timestamp information carried in message, Analysis server is known that message is every in data center The precise time of a level consumption.Specifically, the equipment that flow is monitored from which platform can be distinguished by source port, The time delay (latency) of network can be calculated by timestamp information.
Technology contents and technical characteristic of the invention have revealed that as above, however those skilled in the art still may base Make various replacements and modification without departing substantially from spirit of that invention, therefore, the scope of the present invention in teachings of the present invention and announcement It should be not limited to the revealed content of embodiment, and should include various without departing substantially from replacement and modification of the invention, and be this patent Shen Please claim covered.

Claims (9)

1. a kind of labeling method of TAP message characterized by comprising
The nsec stamp of outgoing packet, while the source port of recorded message are calculated in the inbound port for receiving message;
After message matching to ACL, the ID that is flowed by the ACL;
Exit port in message edits message: adding one or two layers of head in header and behind two layers of head A section protocol message is added, the ID that the source port, nsec including message are stabbed and flowed in the protocol massages is described Nsec stamp in protocol massages is TOD format.
2. the labeling method of TAP message according to claim 1, which is characterized in that two layers of head is ether net head, institute State the target MAC (Media Access Control) address and source MAC that two layers of head include message.
3. the labeling method of TAP message according to claim 1 or 2, which is characterized in that the protocol number of two layers of head by User is customized.
4. the labeling method of TAP message according to claim 1, which is characterized in that the method also includes: in message Inbound port abandons the data of original message tail portion according to the length of required message.
5. the labeling method of TAP message according to claim 1, which is characterized in that the method also includes: after label TAP message be sent in Analysis server and analyzed.
6. the labeling method of TAP message according to claim 5, which is characterized in that the Analysis server is according to message It is analyzed after the ID subdivision stream of the stream of middle carrying.
7. the labeling method of TAP message according to claim 5 or 6, which is characterized in that the message of the Analysis server Analytic process are as follows: distinguish the type of message according to the two of message layers of head first, the agreement report then carried according to message The TCP flow amount of text analysis message.
8. the labeling method of TAP message according to claim 7, which is characterized in that the Analysis server is according to agreement The process of the TCP flow amount of message analysis message includes: to analyze source port to obtain the equipment which flow be monitored from;Analysis is received Second grade timestamp calculates the time delay of network.
9. the labeling method of TAP message according to claim 1, which is characterized in that the length of the ID of the source port and stream Degree is 4 bytes, and the length of the nsec stamp is 16 bytes.
CN201610134482.9A 2016-03-10 2016-03-10 A kind of labeling method of TAP message Active CN105791142B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610134482.9A CN105791142B (en) 2016-03-10 2016-03-10 A kind of labeling method of TAP message

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610134482.9A CN105791142B (en) 2016-03-10 2016-03-10 A kind of labeling method of TAP message

Publications (2)

Publication Number Publication Date
CN105791142A CN105791142A (en) 2016-07-20
CN105791142B true CN105791142B (en) 2019-03-26

Family

ID=56388046

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610134482.9A Active CN105791142B (en) 2016-03-10 2016-03-10 A kind of labeling method of TAP message

Country Status (1)

Country Link
CN (1) CN105791142B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107566201B (en) * 2016-06-30 2020-08-25 华为技术有限公司 Message processing method and device
CN111416714B (en) * 2020-04-08 2023-05-30 北京信安世纪科技股份有限公司 Method and system for realizing label exchange in SM9 algorithm based on SSL protocol

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1794672A (en) * 2006-01-06 2006-06-28 杭州华为三康技术有限公司 Method of implementing data image
CN103117900A (en) * 2013-02-01 2013-05-22 山东大学 Configurable industrial Ethernet data parsing system and parsing method
CN103812707A (en) * 2014-02-28 2014-05-21 上海斐讯数据通信技术有限公司 Forwarding processing method of line identity messages

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9407450B2 (en) * 2012-05-01 2016-08-02 Cisco Technnology, Inc. Method and apparatus for providing tenant information for network flows

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1794672A (en) * 2006-01-06 2006-06-28 杭州华为三康技术有限公司 Method of implementing data image
CN103117900A (en) * 2013-02-01 2013-05-22 山东大学 Configurable industrial Ethernet data parsing system and parsing method
CN103812707A (en) * 2014-02-28 2014-05-21 上海斐讯数据通信技术有限公司 Forwarding processing method of line identity messages

Also Published As

Publication number Publication date
CN105791142A (en) 2016-07-20

Similar Documents

Publication Publication Date Title
Krishnamoorthi et al. BUFFEST: Predicting buffer conditions and real-time requirements of HTTP (S) adaptive streaming clients
KR100523486B1 (en) Traffic measurement system and traffic analysis method thereof
CN105024985B (en) A kind of message processing method and device
CN104102687A (en) Identification and classification of web traffic inside encrypted network tunnels
CN106656801A (en) Method and device for redirection of forwarding path of business flow and business flow forwarding system
CN105099916B (en) Open flows route exchange device and its processing method to data message
WO2003084137A3 (en) Methods for identifying network traffic flows
CN106411642B (en) A kind of method and apparatus of message forwarding path detection
CN105791142B (en) A kind of labeling method of TAP message
CN104657428A (en) Non-perceivable internet advertisement push method and device
CN110430191A (en) Safe early warning method and device in dispatch data net based on protocol identification
CN103458516A (en) Method and device for processing user data traffic in radio access network
CN106953749A (en) A kind of transformer station process layer network method of real-time
EP2668750B1 (en) Methods and apparatuses for facilitating determination of a state of a receiver buffer
CN110191024B (en) Network traffic monitoring method and device
CN102571946B (en) Realization method of protocol identification and control system based on P2P (peer-to-peer network)
CN108023787A (en) Ethernet service test device and method based on FPGA
CN104518919B (en) A kind of measuring method of group service time delay
CN104301743A (en) Method for transmitting video, gateway device and video transmitting system
CN102932285A (en) Message packaging method and message analysis method and device
CN104811959B (en) Mobile network user perception analysis system and method based on big data
CN109275045A (en) Mobile terminal encrypted video ad traffic recognition methods based on DFI
CN102347860A (en) Method and device for evaluating quality of network application
CN108833195B (en) Process-based network data flow analysis method
CN101951330A (en) Bidirectional joint detection device and method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address

Address after: 215101 unit 13 / 16, 4th floor, building B, No. 5, Xinghan street, Suzhou Industrial Park, Jiangsu Province

Patentee after: Suzhou Shengke Communication Co.,Ltd.

Address before: 215021 unit 13 / 16, floor 4, building B, No. 5, Xinghan street, industrial park, Suzhou, Jiangsu Province

Patentee before: CENTEC NETWORKS (SU ZHOU) Co.,Ltd.

CP03 Change of name, title or address