CN107196807A - Network intermediary device and its dispositions method - Google Patents

Network intermediary device and its dispositions method Download PDF

Info

Publication number
CN107196807A
CN107196807A CN201710471925.8A CN201710471925A CN107196807A CN 107196807 A CN107196807 A CN 107196807A CN 201710471925 A CN201710471925 A CN 201710471925A CN 107196807 A CN107196807 A CN 107196807A
Authority
CN
China
Prior art keywords
packet
network
program
intermediate equipment
intermediary device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201710471925.8A
Other languages
Chinese (zh)
Inventor
江勇
何欣
李清
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Graduate School Tsinghua University
Original Assignee
Shenzhen Graduate School Tsinghua University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Graduate School Tsinghua University filed Critical Shenzhen Graduate School Tsinghua University
Priority to CN201710471925.8A priority Critical patent/CN107196807A/en
Publication of CN107196807A publication Critical patent/CN107196807A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0823Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0823Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability
    • H04L41/083Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability for increasing network speed
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/12Discovery or management of network topologies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1001Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/2866Architectures; Arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources

Abstract

The invention discloses network intermediary device and its dispositions method, intermediate equipment includes master control program and packet processing routine, and packet processing routine includes sort program, rewriting program and retransmission process;Following functions are realized when master control program is executed by processor:Obtained from network controller and interpretive order is to carry out intermediate equipment management;Rule is obtained from network controller;Collect the state of intermediate equipment and feed back to network controller;And needed in a different order to be spliced sort program, rewriting program and retransmission process according to the processing of packet, form different processing data packets links;The rule that sort program is issued according to master control program is classified to the packet received;Rewriting program is written over operation to packet;Retransmission process is forwarded to packet according to rule and carries out packet loss operation to suspicious data bag.The intermediate equipment management of the present invention is flexibly, communication overhead is small and can shorten processing data packets time delay, increases resource utilization.

Description

Network intermediary device and its dispositions method
Technical field
The present invention relates to computer network field, and in particular to a kind of network intermediary device (Middlebox) and this in Between the dispositions method of equipment in a network.
Background technology
With the rapid development of Internet, internet scale constantly expands, complexity is improved constantly, network management and control It is faced with bigger challenge.Middlebox is the intermediate equipment between source address to destination address in network, and it is in a network In addition to forwarding and routing function, also with lifting network security (fire wall), improve network load distribution (load ) and reduction bandwidth consumption (WAN optimizers) etc. important effect balancer.Although traditional Middlebox has very High treatment effeciency, but equipment is expensive, while disposing and managing dumb.
As network function virtualizes the proposition of (Network Function Virtualization, NFV) thought, Middlebox function can be converted into software realization by hardware.Meanwhile, software defined network (Software Defined Network, SDN) provide more effective scheme for flexible management Middlebox.These schemes solve hardware Middlebox Equipment is expensive and manages inflexible problem, and avoids the deployment of redundant hardware module.However, software is realized Middlebox also still also has some defects:
1) complementary deployment causes the link of processing data packets to stretch between Middlebox, easily causes configuration to be rushed Prominent and network error;
2) identical bag processing stage and the functional module repeated are might have between different Middlebox (for example Bag sort operation), so as to cause the wasting of resources;
3) presence of service chaining make it that Middlebox is managed and the complexity of deployment is still difficult to reduce.
In order to solve the above problems, industrial quarters and academia attempt to do Uniting and management to intermediate equipment.But It is complicated various due to intermediate equipment, much it can not be applied to service chaining suitable for the unitized of independent intermediate equipment On;And substantial amounts of scheme is all the processing rule for relying on packet, it is impossible to improve flexibility.The collection for example proposed Intermediate equipment is divided into multiple different function moulds by software definition model --- the OpenBox models of middleization management, the model Block, while deploying algorithm in OpenBox controllers to realize a variety of middlebox functions.However, OpenBox is not yet There is a unitized and generalization for accomplishing intermediate equipment, and also ununified language describes all types of intermediate equipments.
On the other hand, the deployment on intermediate equipment, software intermediate equipment is deployed in virtual machine, and virtual machine is run On the server.Currently existing scheme is the flow rate mode between deployment and virtual machine by optimizing virtual machine mostly to improve money Source utilization rate.Such as:
1) according to service chaining deployment and schedules traffic with virtual machine layer reduction communication overhead;
2) Internet resources preferably are used by allowing the programmable functions of suitable particle size to place.
However, in these deployment schemes, the packet with longer service chaining process demand will cross over multiple services Device or virtual machine complete processing, and therefore, the communication overhead between server or virtual machine, which remains unchanged, to be difficult to reduce, which increase The processing delay of the packet of longer service chaining.
The content of the invention
In view of the defect present in above-mentioned prior art, one of embodiment of the invention propose it is a kind of it is unitized, General network intermediary device, to simplify Middlebox management and reduction deployment difficulty, it is to avoid between virtual machine or service Communication overhead between device, shortens the processing delay of packet, increases resource utilization.
The present invention is as follows for the technical scheme proposed up to above-mentioned purpose:
A kind of network intermediary device, runs on a server, wherein the server, which has, performs computer program Processor;The network intermediary device includes master control program and packet processing routine, the packet processing routine bag Include sort program, rewriting program and retransmission process;
Following functions are realized when the master control program is by the computing device:Obtain and translate from network controller and refer to Make carrying out the management of the intermediate equipment;Rule is obtained from network controller;Collect the state and feedback of the intermediate equipment To network controller;And, needed according to the processing of packet by sort program, rewriting program and retransmission process according to different Order is spliced, and forms different processing data packets links;
Following functions are realized when the sort program is by the computing device:The institute issued according to the master control program Rule is stated to classify to the packet received;
Following functions are realized when the rewriting program is by the computing device:Operation is written over to packet;
Following functions are realized when the retransmission process is by the computing device:Packet is turned according to the rule Send out and packet loss operation is carried out to suspicious data bag.
The above-mentioned network intermediary device that the present invention is provided, (i.e. software is realized), phase are realized using computer program code Compared with the existing intermediate equipment realized by software, above-mentioned intermediate equipment of the invention can be carried out according to currently processed demand (establishment refers to for the instant establishment of packet processing routine:By sort program, rewriting program and retransmission process in a different order Spliced), so as to reduce redundancy program, shorten processing data packets time delay, improve network throughput;Simultaneously for longer The packet of service chaining, is realized without being combined again by the difference in functionality of multiple intermediate equipments, but can be in same Between realize all processing functions in equipment, it is to avoid packet is transmitted between multiple virtual machines or multiple servers, is dropped Low network transmission delay.
Another embodiment of the present invention proposes the dispositions method of aforementioned network intermediate equipment, will be set in the middle of aforementioned network It is standby to be deployed in software defined network, and realize the deployment link overhead of minimum and obtain minimum treat time delay, it is to avoid packet Processing delay length, communication overhead be big caused by transmission between multiple virtual machines or multiple servers and resource utilization Low the problem of.
Include following two stages for the dispositions method that is proposed up to above-mentioned purpose:
First stage:It is each intermediate equipment according to network topology, link bandwidth, resource tankage and history stream information An initial deployment position is selected, and obtains by constantly minimizing link overhead optimal deployment position;
Second stage:Packet processing routine is distributed for each intermediate equipment in optimal deployment position and is flowed Amount scheduling, to obtain minimum treat time delay.
The above-mentioned dispositions method that the present invention is provided, the aforementioned network intermediate equipment that the present invention is provided is deployed in software definition In network (SDN), deployment process is constantly looked for more by constantly minimizing maximum transmitted time delay and link overhead in network Good deployed position, then by the way that completion on the data stream scheduling of identical function demand to optimal intermediate equipment is handled, both Already present packet processing routine is made full use of, load balancing is realized again.
Brief description of the drawings
Fig. 1 is a kind of Organization Chart for network intermediary device that the specific embodiment of the invention is provided;
Fig. 2 is that the intermediate equipment of the present invention realizes the illustraton of model of NAT processes;
Fig. 3 is that the intermediate equipment of the present invention realizes Prxoy illustraton of model;
The intermediate equipment that Fig. 4 is the present invention realizes service chaining Firewall->NAT->Proxy illustraton of model;
Fig. 5 is that the model in Fig. 4 enters the Optimized model after the processing of line program duplicate removal optimizes;
Fig. 6 is the false code of dispositions method of the present invention;
Fig. 7 is the false code of the first stage of dispositions method of the present invention;
Fig. 8 is the false code of the second stage of dispositions method of the present invention.
Embodiment
The invention will be further described below in conjunction with the accompanying drawings and preferred embodiment.
The embodiment of the present invention provides a kind of intermediate equipment for software defined network, and (English name is Middlebox), the intermediate equipment is realized by computer program, is deployed in a virtual machine, virtual machine runs on server On, the server has the processor for being used for performing computer program.The intermediate equipment of the present invention is deployed in software defined network In network, it is only necessary to upgrading of being modified to network controller, without making change to the interchanger in network, meanwhile, often Individual intermediate equipment has a corresponding server to provide resource and hardware supported for it.If Fig. 1 is the specific embodiment of the invention A kind of model support composition of the intermediate equipment proposed, the intermediate equipment includes master control program mcontroller and packet Processing routine, the packet processing routine includes sort program C, rewriting program R and retransmission process F.
Specifically, these following functions can be realized when master control program mcontroller is executed by processor:Pass through network Agreement is communicated with network controller, is obtained from network controller and is instructed and translated, so as to be constituted to manage in the middle of this (such as Cr, De, In and Up in Fig. 1 represent what master control program was issued to current intermediate equipment to each program of equipment Difference management instruction);Rule (such as processing data packets rule, communications rule) is obtained from network controller and adjusts rule Then effective time;Collect the state of the intermediate equipment and feed back to network controller;And, according to the processing needs of packet Sort program, rewriting program and retransmission process are spliced in a different order, different processing data packets links are formed. Correspondingly, network controller increases basic network data acquisition functions, intermediate equipment state acquisition function, flow by upgrading Distribution function, flow more New function and flow reallocation function, these functions are realized by corresponding program code 's.Wherein, the basic network data acquisition functions of network controller are specific as follows performs:Communicated with interchanger, interchanger Actively set up and be connected with network controller by Hello message, then all interaction messages of interchanger and network controller are all Completed by this connection, by the communication with interchanger, mainly get network topology state and network port shape State.The intermediate equipment state of network controller obtains function execution specific as follows:Directly it can be provided using OpenNF platforms Southbound interface, is realized by master control program and is interacted with network controller, and master control program is instructed by translating network controller Rule is obtained, and returns to the network state of intermediate equipment to network controller.The assignment of traffic function of network controller is held as follows OK:Network controller is according to packet functional requirement, by same requirements data packet dispatching into same intermediate equipment at completion Reason, carries out flow scheduling, detailed process is subsequently repeated particular by LLFSchedule algorithms are performed.Network controller Flow more New function updates program to perform by a flow:LLFSchedule algorithmic dispatching flows are first depending on same asset Demand, but still need to consider load balancing, therefore, flow updates the resource occupation feelings of each packet processing routine of program monitoring Condition and link consumption, in principle, each data are surrounded by two optional intermediate equipments, but when Internet resources serious unbalance In the case of (occurring a large amount of with demand data bag), flow more new procedures can detect this scene, and under current network conditions Remaining optimal intermediate equipment is selected to complete traffic sharing;If packet is less in current network simultaneously, according to LLFSchedule algorithms, the packet of same treatment demand, which remains unchanged, can be allocated to same intermediate equipment completion processing, but this When, the program is simultaneously non-optimal, because packet classification operation can consume larger processing delay, therefore to the correctly predicted of flow Analysis, and distribution can directly influence the processing delay of network.The flow reallocation function of network controller, is also by phase The program code answered is realized:In the case where there is the extremely unbalanced scene of data demand packet, current state can be selected in network temporarily Under untapped optimal intermediate equipment complete traffic sharing, in data packet recovery, the resource of the intermediate equipment (refers to it Packet processing routine) release in time is also required to, by flow scheduling to other positions, the reallocation of flow is carried out, the function is A supplement of function is updated to flow.
Sort program can realize following functions when being executed by processor:The rule issued according to the master control program The packet received is classified, it is such as IP classification, HTTP classification, load categories, such as preceding in fire wall Sew matching operation and detect that IP address, whether comprising a prefix, is divided into multiple classifications by an IP address according to matched rule.Weight Program writing can realize following functions when being executed by processor:Operation is written over to packet, for example to packet carry out IP, HTTP or the modification of load, specifically such as loadbalancer (load equalizer) rewrite purpose IP address come control route road Footpath, some proxy servers need to rewrite IP and HTTP load creates new response package URL request.Retransmission process is located Reason device can realize following functions when performing:Packet is forwarded according to the rule and packet loss is carried out to suspicious data bag Operation.The intermediate equipment also has memory cell Storage, for storing the data of whole intermediate equipment or being cached, It may also provide in data sharing, a kind of embodiment, memory cell Storage can be a file system, various for storing State and data.In whole intermediate equipment, transmission of the packet between each program module is the tune by power function Realized with parameter transmission.In follow-up preferred embodiment, the intermediate equipment is reduced to only one of which input Mouth and an output port.
By master control program carry out packet processing routine establishment, can according to the currently processed needs of packet come Processing link is built in real time, it is to avoid the repetition of processing data packets module and the waste of slack resources.For example, current data packet needs Detected by intruding detection system, then current intermediate equipment there should be the program module that can realize detection function, and work as Preceding sort program (classifier) and no idling-resource realizes the function, then master control program mcontroller is detected The establishment of new sort program can be performed after, and realize intrusion detection work(for newly-built sort program allocation rule and resource Energy.
In the present invention, by analyzing the network intermediary device of difference in functionality, by sort program C, rewriting program R and turn Hair program F realizes the intermediate equipment and service chaining of difference in functionality.The intermediate equipment of common several difference in functionalitys such as table 1 below institute Show:
Table 1
Middlebox types C R F Layer Storage
Firewall IP X 2 none
NAT IP IP,Port 2 none
Proxy IP,Http IP,Http 7 URL
IPS IPContent X 2 Info
NAT-PT IP IP,Port 2 none
Socks-GW X X 4 none
LoadBal. IP,Port IP,Mac 4 Mac
Difference in functionality intermediate equipment in above-mentioned table 1 can be realized by the intermediate equipment of the invention that provide, that is, be led to Cross in a different order to be spliced sort program, rewriting program and retransmission process and can be achieved.
We are with Firewall (fire wall), exemplified by NAT (network address translation) and proxy (proxy server), first Use Cj k->Rj k+1->Fj k+2To describe each single network intermediary device of the present invention, wherein, Cj kRepresent in the middle of j-th The function for being used to realize the function of the sort program run on k-th of thread of equipment, Rj k+1Represent j-th of intermediate equipment + 1 thread of kth on run be used for realize the rewriting program function function, Fj k+2Represent j-th intermediate equipment The function for being used to realize the function of the retransmission process run on+2 threads of kth.Then Firewall can be described as Cj k (IP)->Fj k+1;Internal address/port is switched to outer net address by NAT, can be described as Cj k(IP)->Rj k+1(IP), for NAT, Program writing that IP is nose heave is used to write source address/port, and NAT processes can be realized using model as shown in Figure 2.
Proxy is more relative complex, and when a certain packet is reached, Proxy differentiates that the packet is by IP graders Client request (Request) bag or server response (Response) bag, packet further complete Http classification.It is right In server response bag, URL is added into memory cell, and content is forwarded to client by then Http forwardings operation.For visitor Family end request bag, Proxy determines whether the URL is buffered in memory cell by Http classification first, if not having, performs figure Path in 3 pointed by Miss, Proxy can use sort program to realize the functions of IP graders, by destination address correlation-like For sharing in state write storage unit, and content is forwarded to by destination server by Http retransmission process;If having cached, perform Path in Fig. 3 pointed by Hit, Proxy writing source address associated status is stored in memory cell for sharing and re-establishing Packet completes client end response, and the Proxy processing procedures use model realization as shown in Figure 3.
Next we carry out merging, the splicing of packet processing routine according to functional requirement, to realize service chaining Firewall->NAT->Proxy function, as shown in figure 4, realize Firewall functions in square frame 10, i.e., according to certain Rule-based filtering packet P;Retransmission process 11, sort program 12, rewriting program 13 and retransmission process 14 and the number between them Nat feature is realized jointly according to packet transmission path (line with arrow), is public network address by the IP and port modifications of packet;It is polygon Part in shape 15 realizes Proxy functions jointly.Represent and can weigh with arrow dotted line and its multiple sort program C connected (chong) sort program, when this few sort program has the idling-resource of abundance, it is follow-up the need for sort program hold Capable function can be completed by this few sort program;Similarly, multiple retransmission process F in figure also have similar spy Property.
In a more preferred embodiment, can also be by optimization program come real by program integration, splicing institute to the present invention Existing service chaining is optimized, and adjust the processing sequence of packet has identical function to merge in a processing data packets link Multiple packet processing routines, for example, for the service chaining that Fig. 4 is realized, can merge many by optimization program Individual sort program so that multiple sort operations of packet are performed parallel, and multiple retransmission process can be also merged.After optimizing Service chaining Firewall->NAT->Proxy is as shown in Figure 5.The method that the optimization program is optimized is as follows:
Before optimization, we define some rules come the correctness for the intermediate equipment for ensureing the present invention.First, each data What packet handler was all to determine, that is, there are correct state and class ID, each program can work correctly;Secondly, before bag processing, Related state must be ready to, i.e., related rule will be inserted in each related program;Finally, class ID should be only One and in correct subset.According to this defined three rule, we merge these by adjusting processing sequence Packet classification is packet loss or continues with bag by the packet processing routine with identical function, such as Firewall, is continued Processing bag will continue to be classified according to NAT and Proxy rule.Optimize be unified in the first step perform these classification behaviour Make, therefore service chaining Firewall->NAT->Proxy can be optimised for as shown in Figure 5.In Figure 5, we insert some skies White program block, the function of these blank procedure blocks can be realized by first sort program.
Next, providing the dispositions method of intermediate equipment of the present invention, the intermediate equipment of the present invention is deployed in into software determines Correct position in adopted network simultaneously obtains smallest link expense and shortens processing data packets/propagation delay time.
The MBSchedule algorithms that the dispositions method is designed using us realize, false code such as Fig. 6 institutes of the algorithm Show, specifically include:First stage uses the MBLDecision algorithms that we design, according to network topology, link bandwidth, resource Tankage and history stream information, are that each intermediate equipment selects an initial deployment position, and minimize deployment link overhead, to obtain Obtain optimal deployment position;And, second stage uses the LLFSchedule algorithms that we design to be each in optimal deployment position The intermediate equipment distribution packet processing routine and progress flow scheduling put, to obtain minimum treat time delay.
Wherein, the false code of MBLDecision algorithms is as shown in fig. 7, can be described as the problem of the algorithm solving flown m× maxlen global minimum;Wherein:The node m that m represents all in the intermediate equipment node of deployment, network is constituted Gather { M };The node n that n represents all in other nodes in addition to intermediate equipment node, network in network constitutes set { N }; flown mRepresent all flows from node n arrival nodes m;Maxlen=maximize d (n, m), maxlen represent any section Minimum values of the point n to nearest node m maximum distance.As shown in fig. 7, we are according to node degree Ndeg vWith frequency Nfre vTo mark Remember node, node degree and history are adjusted by adjusting α by influence degree of the frequency to the node, and result table will be normalized It is shown as correlationv.Correlationlist is used to represent correlationvSequence, it is and related to α values, return One, which changes formula, is:
Based on k-center algorithms, we select not adjacent node and compare flown m× maxlen obtains minimum value, Under the intermediate equipment disposal ability of the present invention and the restrictive condition of link bandwidth, this prioritization scheme reduces calculating space.
Flow scheduling is carried out using LLFSchedule algorithms to specifically include:
Judge whether all intermediate equipments have currently distributed packet processing routine in network;
If all unassigned packet processing routine of all intermediate equipments, according to all centres in the network bandwidth and network The disposal ability of equipment, schedules traffic is carried out with minimum-cost flow algorithm;
If at least part intermediate equipment is allocated packet processing routine in network, can be complete based on each stream The principle that ground is handled in same intermediate equipment, selects two to be allocated packet processing routine for each packet Intermediate equipment;Wherein, if two intermediate equipments of a certain packet selection are for the packet, with identical processing Expense, then select wherein to have the intermediate equipment of larger idling-resource to handle the packet.
It is to be appreciated that " modules " of the Fig. 6 into Fig. 8 is referred to " packet processing routine ".
Above content is to combine specific preferred embodiment further description made for the present invention, it is impossible to assert The specific implementation of the present invention is confined to these explanations.For those skilled in the art, do not taking off On the premise of from present inventive concept, some equivalent substitutes or obvious modification can also be made, and performance or purposes are identical, all should When being considered as belonging to protection scope of the present invention.

Claims (10)

1. a kind of network intermediary device, runs on a server, wherein the server has the place for performing computer program Manage device;The network intermediary device includes master control program and packet processing routine, and the packet processing routine includes Sort program, rewriting program and retransmission process;
Following functions are realized when the master control program is by the computing device:From network controller obtain and interpretive order with Carry out the management of the intermediate equipment;Rule is obtained from network controller;Collect the state of the intermediate equipment and feed back to net Network controller;And, needed according to the processing of packet by sort program, rewriting program and retransmission process in a different order Spliced, form different processing data packets links;
Following functions are realized when the sort program is by the computing device:The rule issued according to the master control program Then the packet received is classified;
Following functions are realized when the rewriting program is by the computing device:Operation is written over to packet;
Following functions are realized when the retransmission process is by the computing device:According to the rule packet is forwarded with And packet loss operation is carried out to suspicious data bag.
2. network intermediary device as claimed in claim 1, it is characterised in that:The master control program is by the computing device When also realize following functions:Adjust the regular effective time.
3. network intermediary device as claimed in claim 1, it is characterised in that:By power function call with parameter transmission come Realize transmission of the packet between different packet processing routines.
4. network intermediary device as claimed in claim 1, it is characterised in that:Also include memory cell, be configured as realize with Lower function:The data storage function of whole network intermediate equipment and offer data sharing.
5. network intermediary device as claimed in claim 1, it is characterised in that:The sort program carries out classification bag to packet Include packet by IP classification, by HTTP classification or by load category.
6. network intermediary device as claimed in claim 1, it is characterised in that:The rewriting program is written over behaviour to packet Make the modification for including carrying out packet IP, HTTP or load.
7. network intermediary device as claimed in claim 1, it is characterised in that:Also include optimization program, held by the processor Following functions are realized during row:The processing sequence of packet is adjusted to merge multiple classification journeys in a processing data packets link Sequence so that multiple sort operations of packet are performed parallel.
8. the dispositions method of the network intermediary device as described in any one of claim 1 to 7, for by the network intermediary device It is deployed in software defined network, the dispositions method includes following two stages:
First stage:It is each intermediate equipment selection according to network topology, link bandwidth, resource tankage and history stream information One initial deployment position, and obtain by constantly minimizing link overhead optimal deployment position;
Second stage:For each intermediate equipment distribution packet processing routine and progress flow tune in optimal deployment position Degree, to obtain minimum treat time delay.
9. dispositions method as claimed in claim 8, it is characterised in that:Deployment link overhead is minimized to specifically include:Solve flown m× maxlen global minimum;Wherein:The node m that m represents all in the intermediate equipment node of deployment, network is constituted Gather { M };The node n that n represents all in other nodes in addition to intermediate equipment node, network in network constitutes set { N }; flown mRepresent all flows from node n arrival nodes m;Maxlen=maximize d (n, m), maxlen represent any section Minimum values of the point n to nearest node m maximum distance.
10. dispositions method as claimed in claim 8, it is characterised in that:The second stage is specifically included:
Judge whether all intermediate equipments have currently distributed packet processing routine in network;
If all unassigned packet processing routine of all intermediate equipments, according to all intermediate equipments in the network bandwidth and network Disposal ability, schedules traffic is come with minimum-cost flow algorithm;
If at least part intermediate equipment is allocated packet processing routine in network, can intactly it be existed based on each stream The principle handled in same intermediate equipment, two centres for being allocated packet processing routine are selected for each packet Equipment;Wherein, if two intermediate equipments of a certain packet selection are for the packet, opened with identical processing Pin, then select wherein to have the intermediate equipment of larger idling-resource to handle the packet.
CN201710471925.8A 2017-06-20 2017-06-20 Network intermediary device and its dispositions method Withdrawn CN107196807A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710471925.8A CN107196807A (en) 2017-06-20 2017-06-20 Network intermediary device and its dispositions method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710471925.8A CN107196807A (en) 2017-06-20 2017-06-20 Network intermediary device and its dispositions method

Publications (1)

Publication Number Publication Date
CN107196807A true CN107196807A (en) 2017-09-22

Family

ID=59879451

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710471925.8A Withdrawn CN107196807A (en) 2017-06-20 2017-06-20 Network intermediary device and its dispositions method

Country Status (1)

Country Link
CN (1) CN107196807A (en)

Cited By (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10116530B2 (en) 2015-06-05 2018-10-30 Cisco Technology, Inc. Technologies for determining sensor deployment characteristics
US10142353B2 (en) 2015-06-05 2018-11-27 Cisco Technology, Inc. System for monitoring and managing datacenters
CN109144944A (en) * 2018-07-31 2019-01-04 佛山科学技术学院 A kind of program groups bandwidth scheduling method that concurrency performance is optimal
US10250446B2 (en) 2017-03-27 2019-04-02 Cisco Technology, Inc. Distributed policy store
US10289438B2 (en) 2016-06-16 2019-05-14 Cisco Technology, Inc. Techniques for coordination of application components deployed on distributed virtual machines
US10374904B2 (en) 2015-05-15 2019-08-06 Cisco Technology, Inc. Diagnostic network visualization
US10523541B2 (en) 2017-10-25 2019-12-31 Cisco Technology, Inc. Federated network and application data analytics platform
US10523512B2 (en) 2017-03-24 2019-12-31 Cisco Technology, Inc. Network agent for generating platform specific network policies
US10554501B2 (en) 2017-10-23 2020-02-04 Cisco Technology, Inc. Network migration assistant
WO2020024961A1 (en) * 2018-08-01 2020-02-06 华为技术有限公司 Data processing method, device, and system
US10574575B2 (en) 2018-01-25 2020-02-25 Cisco Technology, Inc. Network flow stitching using middle box flow stitching
US10594560B2 (en) 2017-03-27 2020-03-17 Cisco Technology, Inc. Intent driven network policy platform
US10594542B2 (en) 2017-10-27 2020-03-17 Cisco Technology, Inc. System and method for network root cause analysis
US10680887B2 (en) 2017-07-21 2020-06-09 Cisco Technology, Inc. Remote device status audit and recovery
US10708152B2 (en) 2017-03-23 2020-07-07 Cisco Technology, Inc. Predicting application and network performance
US10708183B2 (en) 2016-07-21 2020-07-07 Cisco Technology, Inc. System and method of providing segment routing as a service
US10764141B2 (en) 2017-03-27 2020-09-01 Cisco Technology, Inc. Network agent for reporting to a network policy system
US10798015B2 (en) 2018-01-25 2020-10-06 Cisco Technology, Inc. Discovery of middleboxes using traffic flow stitching
US10797970B2 (en) 2015-06-05 2020-10-06 Cisco Technology, Inc. Interactive hierarchical network chord diagram for application dependency mapping
US10826803B2 (en) 2018-01-25 2020-11-03 Cisco Technology, Inc. Mechanism for facilitating efficient policy updates
US10873794B2 (en) 2017-03-28 2020-12-22 Cisco Technology, Inc. Flowlet resolution for application performance monitoring and management
US10972388B2 (en) 2016-11-22 2021-04-06 Cisco Technology, Inc. Federated microburst detection
US10999149B2 (en) 2018-01-25 2021-05-04 Cisco Technology, Inc. Automatic configuration discovery based on traffic flow data
US11128700B2 (en) 2018-01-26 2021-09-21 Cisco Technology, Inc. Load balancing configuration based on traffic flow telemetry
US11233821B2 (en) 2018-01-04 2022-01-25 Cisco Technology, Inc. Network intrusion counter-intelligence

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150163150A1 (en) * 2013-12-06 2015-06-11 Telefonaktiebolaget L M Ericsson (Publ) Method and system of service placement for service chaining
CN104937879A (en) * 2013-01-28 2015-09-23 瑞典爱立信有限公司 Method and apparatus for placing services in a network
CN105099960A (en) * 2014-04-30 2015-11-25 国际商业机器公司 Service chain realization method and device
WO2015194182A1 (en) * 2014-06-19 2015-12-23 日本電気株式会社 Service chain management apparatus, service chain management system, service chain management method, and program recording medium
CN105229968A (en) * 2013-05-29 2016-01-06 瑞典爱立信有限公司 For the method and system that the bandwidth aware service of service chaining is arranged
CN105430051A (en) * 2015-10-30 2016-03-23 浙江工商大学 Service function chaining construction method for SDN
CN105553882A (en) * 2015-12-23 2016-05-04 清华大学 Method for scheduling SDN data plane resources

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104937879A (en) * 2013-01-28 2015-09-23 瑞典爱立信有限公司 Method and apparatus for placing services in a network
CN105229968A (en) * 2013-05-29 2016-01-06 瑞典爱立信有限公司 For the method and system that the bandwidth aware service of service chaining is arranged
US20150163150A1 (en) * 2013-12-06 2015-06-11 Telefonaktiebolaget L M Ericsson (Publ) Method and system of service placement for service chaining
CN105099960A (en) * 2014-04-30 2015-11-25 国际商业机器公司 Service chain realization method and device
WO2015194182A1 (en) * 2014-06-19 2015-12-23 日本電気株式会社 Service chain management apparatus, service chain management system, service chain management method, and program recording medium
CN105430051A (en) * 2015-10-30 2016-03-23 浙江工商大学 Service function chaining construction method for SDN
CN105553882A (en) * 2015-12-23 2016-05-04 清华大学 Method for scheduling SDN data plane resources

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
PENGFEIDUAN等: "Toward Latency-Aware Dynamic Middlebox Scheduling", 《2015 24TH INTERNATIONAL CONFERENCE ON COMPUTER COMMUNICATION AND NETWORKS(ICCCN)》 *
QINGLI等: "Quokka: Latency-Aware Middlebox Scheduling with dynamic resource allocation", 《JOURNAL OF NETWORK AND COMPUTER APPLICATIONS》 *
XINHE等: "MBBrick: Unified Middlebox Design and Deployment in Software Defined Network", 《2017 IEEE CONFERENCE ON COMPUTER COMMUNICATIONS WORKSHOPS (INFOCOM WKSHPS): SWFAN 17: INTERNATIONAL WORKSHOP ON SOFTWARE-DRIVEN FLEXIBLE AND AGILE NETWORKING》 *

Cited By (96)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10374904B2 (en) 2015-05-15 2019-08-06 Cisco Technology, Inc. Diagnostic network visualization
US10659324B2 (en) 2015-06-05 2020-05-19 Cisco Technology, Inc. Application monitoring prioritization
US10326672B2 (en) 2015-06-05 2019-06-18 Cisco Technology, Inc. MDL-based clustering for application dependency mapping
US10142353B2 (en) 2015-06-05 2018-11-27 Cisco Technology, Inc. System for monitoring and managing datacenters
US10171319B2 (en) 2015-06-05 2019-01-01 Cisco Technology, Inc. Technologies for annotating process and user information for network flows
US11968103B2 (en) 2015-06-05 2024-04-23 Cisco Technology, Inc. Policy utilization analysis
US10177998B2 (en) 2015-06-05 2019-01-08 Cisco Technology, Inc. Augmenting flow data for improved network monitoring and management
US10181987B2 (en) 2015-06-05 2019-01-15 Cisco Technology, Inc. High availability of collectors of traffic reported by network sensors
US10230597B2 (en) 2015-06-05 2019-03-12 Cisco Technology, Inc. Optimizations for application dependency mapping
US10243817B2 (en) 2015-06-05 2019-03-26 Cisco Technology, Inc. System and method of assigning reputation scores to hosts
US11968102B2 (en) 2015-06-05 2024-04-23 Cisco Technology, Inc. System and method of detecting packet loss in a distributed sensor-collector architecture
US11252060B2 (en) 2015-06-05 2022-02-15 Cisco Technology, Inc. Data center traffic analytics synchronization
US10305757B2 (en) 2015-06-05 2019-05-28 Cisco Technology, Inc. Determining a reputation of a network entity
US10320630B2 (en) 2015-06-05 2019-06-11 Cisco Technology, Inc. Hierarchichal sharding of flows from sensors to collectors
US11368378B2 (en) 2015-06-05 2022-06-21 Cisco Technology, Inc. Identifying bogon address spaces
US10326673B2 (en) 2015-06-05 2019-06-18 Cisco Technology, Inc. Techniques for determining network topologies
US10116531B2 (en) 2015-06-05 2018-10-30 Cisco Technology, Inc Round trip time (RTT) measurement based upon sequence number
US10439904B2 (en) 2015-06-05 2019-10-08 Cisco Technology, Inc. System and method of determining malicious processes
US10454793B2 (en) 2015-06-05 2019-10-22 Cisco Technology, Inc. System and method of detecting whether a source of a packet flow transmits packets which bypass an operating system stack
US10505828B2 (en) 2015-06-05 2019-12-10 Cisco Technology, Inc. Technologies for managing compromised sensors in virtualized environments
US10516585B2 (en) 2015-06-05 2019-12-24 Cisco Technology, Inc. System and method for network information mapping and displaying
US10516586B2 (en) 2015-06-05 2019-12-24 Cisco Technology, Inc. Identifying bogon address spaces
US11936663B2 (en) 2015-06-05 2024-03-19 Cisco Technology, Inc. System for monitoring and managing datacenters
US10116530B2 (en) 2015-06-05 2018-10-30 Cisco Technology, Inc. Technologies for determining sensor deployment characteristics
US10536357B2 (en) 2015-06-05 2020-01-14 Cisco Technology, Inc. Late data detection in data center
US11894996B2 (en) 2015-06-05 2024-02-06 Cisco Technology, Inc. Technologies for annotating process and user information for network flows
US11924072B2 (en) 2015-06-05 2024-03-05 Cisco Technology, Inc. Technologies for annotating process and user information for network flows
US10567247B2 (en) 2015-06-05 2020-02-18 Cisco Technology, Inc. Intra-datacenter attack detection
US11902120B2 (en) 2015-06-05 2024-02-13 Cisco Technology, Inc. Synthetic data for determining health of a network security system
US11902122B2 (en) 2015-06-05 2024-02-13 Cisco Technology, Inc. Application monitoring prioritization
US11902121B2 (en) 2015-06-05 2024-02-13 Cisco Technology, Inc. System and method of detecting whether a source of a packet flow transmits packets which bypass an operating system stack
US10623282B2 (en) 2015-06-05 2020-04-14 Cisco Technology, Inc. System and method of detecting hidden processes by analyzing packet flows
US10623284B2 (en) 2015-06-05 2020-04-14 Cisco Technology, Inc. Determining a reputation of a network entity
US10735283B2 (en) 2015-06-05 2020-08-04 Cisco Technology, Inc. Unique ID generation for sensors
US10129117B2 (en) 2015-06-05 2018-11-13 Cisco Technology, Inc. Conditional policies
US11924073B2 (en) 2015-06-05 2024-03-05 Cisco Technology, Inc. System and method of assigning reputation scores to hosts
US10686804B2 (en) 2015-06-05 2020-06-16 Cisco Technology, Inc. System for monitoring and managing datacenters
US10693749B2 (en) 2015-06-05 2020-06-23 Cisco Technology, Inc. Synthetic data for determining health of a network security system
US11405291B2 (en) 2015-06-05 2022-08-02 Cisco Technology, Inc. Generate a communication graph using an application dependency mapping (ADM) pipeline
US11252058B2 (en) 2015-06-05 2022-02-15 Cisco Technology, Inc. System and method for user optimized application dependency mapping
US10728119B2 (en) 2015-06-05 2020-07-28 Cisco Technology, Inc. Cluster discovery via multi-domain fusion for application dependency mapping
US10623283B2 (en) 2015-06-05 2020-04-14 Cisco Technology, Inc. Anomaly detection through header field entropy
US10742529B2 (en) 2015-06-05 2020-08-11 Cisco Technology, Inc. Hierarchichal sharding of flows from sensors to collectors
US11700190B2 (en) 2015-06-05 2023-07-11 Cisco Technology, Inc. Technologies for annotating process and user information for network flows
US11695659B2 (en) 2015-06-05 2023-07-04 Cisco Technology, Inc. Unique ID generation for sensors
US10797970B2 (en) 2015-06-05 2020-10-06 Cisco Technology, Inc. Interactive hierarchical network chord diagram for application dependency mapping
US11637762B2 (en) 2015-06-05 2023-04-25 Cisco Technology, Inc. MDL-based clustering for dependency mapping
US10862776B2 (en) 2015-06-05 2020-12-08 Cisco Technology, Inc. System and method of spoof detection
US11601349B2 (en) 2015-06-05 2023-03-07 Cisco Technology, Inc. System and method of detecting hidden processes by analyzing packet flows
US11528283B2 (en) 2015-06-05 2022-12-13 Cisco Technology, Inc. System for monitoring and managing datacenters
US10904116B2 (en) 2015-06-05 2021-01-26 Cisco Technology, Inc. Policy utilization analysis
US10917319B2 (en) 2015-06-05 2021-02-09 Cisco Technology, Inc. MDL-based clustering for dependency mapping
US11431592B2 (en) 2015-06-05 2022-08-30 Cisco Technology, Inc. System and method of detecting whether a source of a packet flow transmits packets which bypass an operating system stack
US10979322B2 (en) 2015-06-05 2021-04-13 Cisco Technology, Inc. Techniques for determining network anomalies in data center networks
US11522775B2 (en) 2015-06-05 2022-12-06 Cisco Technology, Inc. Application monitoring prioritization
US11516098B2 (en) 2015-06-05 2022-11-29 Cisco Technology, Inc. Round trip time (RTT) measurement based upon sequence number
US11477097B2 (en) 2015-06-05 2022-10-18 Cisco Technology, Inc. Hierarchichal sharding of flows from sensors to collectors
US11102093B2 (en) 2015-06-05 2021-08-24 Cisco Technology, Inc. System and method of assigning reputation scores to hosts
US11121948B2 (en) 2015-06-05 2021-09-14 Cisco Technology, Inc. Auto update of sensor configuration
US11128552B2 (en) 2015-06-05 2021-09-21 Cisco Technology, Inc. Round trip time (RTT) measurement based upon sequence number
US11502922B2 (en) 2015-06-05 2022-11-15 Cisco Technology, Inc. Technologies for managing compromised sensors in virtualized environments
US11496377B2 (en) 2015-06-05 2022-11-08 Cisco Technology, Inc. Anomaly detection through header field entropy
US11153184B2 (en) 2015-06-05 2021-10-19 Cisco Technology, Inc. Technologies for annotating process and user information for network flows
US10289438B2 (en) 2016-06-16 2019-05-14 Cisco Technology, Inc. Techniques for coordination of application components deployed on distributed virtual machines
US10708183B2 (en) 2016-07-21 2020-07-07 Cisco Technology, Inc. System and method of providing segment routing as a service
US11283712B2 (en) 2016-07-21 2022-03-22 Cisco Technology, Inc. System and method of providing segment routing as a service
US10972388B2 (en) 2016-11-22 2021-04-06 Cisco Technology, Inc. Federated microburst detection
US11088929B2 (en) 2017-03-23 2021-08-10 Cisco Technology, Inc. Predicting application and network performance
US10708152B2 (en) 2017-03-23 2020-07-07 Cisco Technology, Inc. Predicting application and network performance
US10523512B2 (en) 2017-03-24 2019-12-31 Cisco Technology, Inc. Network agent for generating platform specific network policies
US11252038B2 (en) 2017-03-24 2022-02-15 Cisco Technology, Inc. Network agent for generating platform specific network policies
US11509535B2 (en) 2017-03-27 2022-11-22 Cisco Technology, Inc. Network agent for reporting to a network policy system
US10250446B2 (en) 2017-03-27 2019-04-02 Cisco Technology, Inc. Distributed policy store
US10594560B2 (en) 2017-03-27 2020-03-17 Cisco Technology, Inc. Intent driven network policy platform
US10764141B2 (en) 2017-03-27 2020-09-01 Cisco Technology, Inc. Network agent for reporting to a network policy system
US11146454B2 (en) 2017-03-27 2021-10-12 Cisco Technology, Inc. Intent driven network policy platform
US11683618B2 (en) 2017-03-28 2023-06-20 Cisco Technology, Inc. Application performance monitoring and management platform with anomalous flowlet resolution
US10873794B2 (en) 2017-03-28 2020-12-22 Cisco Technology, Inc. Flowlet resolution for application performance monitoring and management
US11202132B2 (en) 2017-03-28 2021-12-14 Cisco Technology, Inc. Application performance monitoring and management platform with anomalous flowlet resolution
US11863921B2 (en) 2017-03-28 2024-01-02 Cisco Technology, Inc. Application performance monitoring and management platform with anomalous flowlet resolution
US10680887B2 (en) 2017-07-21 2020-06-09 Cisco Technology, Inc. Remote device status audit and recovery
US11044170B2 (en) 2017-10-23 2021-06-22 Cisco Technology, Inc. Network migration assistant
US10554501B2 (en) 2017-10-23 2020-02-04 Cisco Technology, Inc. Network migration assistant
US10523541B2 (en) 2017-10-25 2019-12-31 Cisco Technology, Inc. Federated network and application data analytics platform
US10594542B2 (en) 2017-10-27 2020-03-17 Cisco Technology, Inc. System and method for network root cause analysis
US10904071B2 (en) 2017-10-27 2021-01-26 Cisco Technology, Inc. System and method for network root cause analysis
US11233821B2 (en) 2018-01-04 2022-01-25 Cisco Technology, Inc. Network intrusion counter-intelligence
US11750653B2 (en) 2018-01-04 2023-09-05 Cisco Technology, Inc. Network intrusion counter-intelligence
US10826803B2 (en) 2018-01-25 2020-11-03 Cisco Technology, Inc. Mechanism for facilitating efficient policy updates
US10574575B2 (en) 2018-01-25 2020-02-25 Cisco Technology, Inc. Network flow stitching using middle box flow stitching
US10798015B2 (en) 2018-01-25 2020-10-06 Cisco Technology, Inc. Discovery of middleboxes using traffic flow stitching
US10999149B2 (en) 2018-01-25 2021-05-04 Cisco Technology, Inc. Automatic configuration discovery based on traffic flow data
US11128700B2 (en) 2018-01-26 2021-09-21 Cisco Technology, Inc. Load balancing configuration based on traffic flow telemetry
CN109144944A (en) * 2018-07-31 2019-01-04 佛山科学技术学院 A kind of program groups bandwidth scheduling method that concurrency performance is optimal
US11463346B2 (en) 2018-08-01 2022-10-04 Huawei Technologies Co., Ltd. Data processing method, device, and system
WO2020024961A1 (en) * 2018-08-01 2020-02-06 华为技术有限公司 Data processing method, device, and system

Similar Documents

Publication Publication Date Title
CN107196807A (en) Network intermediary device and its dispositions method
CN110830357B (en) Multi-cloud virtual computing environment provisioning using advanced topology description
US10320683B2 (en) Reliable load-balancer using segment routing and real-time application monitoring
Chen et al. Joint resource allocation for software-defined networking, caching, and computing
CN105306241B (en) A kind of service deployment method and network function accelerate platform
US10986041B2 (en) Method and apparatus for virtual network functions and packet forwarding
KR101476113B1 (en) Lookup cluster complex
US10069764B2 (en) Ruled-based network traffic interception and distribution scheme
CN107819742B (en) System architecture and method for dynamically deploying network security service
US20160091913A1 (en) Smart power management in switches and routers
CN105721535A (en) Parallel processing of service functions in service function chains
US20160320818A1 (en) Dynamic management of power supply units
EP3611622B1 (en) Technologies for classifying network flows using adaptive virtual routing
US20140173092A1 (en) Exchange of server health and client information through headers for request management
US20230084160A1 (en) Controlling parallel data processing for service function chains
CN106656905A (en) Firewall cluster realization method and apparatus
CN105052113A (en) Common agent framework for network devices
Torkzadeh et al. Energy-aware routing considering load balancing for SDN: a minimum graph-based Ant Colony Optimization
Bremler-Barr et al. Openbox: Enabling innovation in middlebox applications
Zhang et al. Network service chains deployment across multiple SDN domains
US20210320870A1 (en) Migration from a legacy network appliance to a network function virtualization (nfv) appliance
CN108737455B (en) Network service identification device and method
US11075835B2 (en) Distributed, packet-mediated, packet routing
Khedkar A Deep Learning method for effective channel allotment for SDN based IOT
Cao et al. A study on application-towards bandwidth guarantee based on SDN

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20170922