CN109194665B - Message lookup key value generation method and device - Google Patents
Message lookup key value generation method and device Download PDFInfo
- Publication number
- CN109194665B CN109194665B CN201811081606.7A CN201811081606A CN109194665B CN 109194665 B CN109194665 B CN 109194665B CN 201811081606 A CN201811081606 A CN 201811081606A CN 109194665 B CN109194665 B CN 109194665B
- Authority
- CN
- China
- Prior art keywords
- key value
- fields
- selector
- bits
- field
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method and a device for generating message search key values, wherein the method comprises the steps of dividing fields obtained by message analysis into five groups; searching a TCAM according to the forwarding information of the message to obtain a selector corresponding to the field group; the selector selects fields with corresponding quantity and splices the fields to form first to fifth key values; splicing the second key value and the first key value into a sixth key value, and splicing the fifth key value, the fourth key value and the third key value into a seventh key value; splitting the sixth key value into a plurality of 16 bits, and selecting a plurality of the key values to be spliced into an eighth key value through a preset selector; splitting the eighth key value into a ninth key value and a tenth key value, splicing the seventh key value and the ninth key value into an eleventh key value, selecting a plurality of 1-bit, 2-bit and 4-bit values by using a preset selector, and splicing the selected values into a twelfth key value; and splicing the twelfth key value and the tenth key value into a message searching key value. The invention can efficiently utilize TCAM resources when the TCAM is applied to the ACL.
Description
Technical Field
The present invention relates to the field of computer network technologies, and in particular, to a method and an apparatus for searching for a key value in a packet.
Background
The expansion of network size and the increase of traffic volume, the control of network security and the allocation of bandwidth become important contents of network management. By filtering the message, the access of an illegal user to the network can be effectively prevented, and meanwhile, the flow can be controlled, and the network resource is saved. An Access Control List (ACL) is often used to filter messages, and is an ordered set of rules through which messages are filtered. When a port of the equipment receives a message, the current port analyzes the message according to an applied ACL rule, the message is allowed or forbidden to pass according to a preset rule, and the ACL can filter the message through a source address, a destination address, a port number and the like of the message.
TCAMs (Ternary Content Addressable memories) are commonly used to quickly find entries such as ACLs, routes, etc. In actual deployment and use, because the configuration combination of an end user cannot be known, usually, only the lookup Key values (keys) of the ACL can be divided into three categories, namely 160 bits, 320 bits and 640 bits, while in actual deployment and use, matching field information is really needed, and the only lookup Key values are few, for example, most applications only need IPv4 source addresses, since the IPv4 source address is only 32 bits, TCAMs with a width of 80 bits are sufficient, and the use of 160 bits of keys causes waste of TCAM resources.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provides a method and a device for generating a message search key value by efficiently utilizing TCAM resources when TCAM is applied to ACL.
In order to achieve the purpose, the invention provides the following technical scheme: a generation method of message search key values comprises the following steps:
s100, analyzing a received message to obtain a plurality of fields, and dividing the fields into at least a first field group, a second field group, a third field group, a fourth field group and a fifth field group;
s200, searching a TCAM according to the forwarding information carried by the message, and obtaining a first selector for selecting a plurality of fields in a first field group, a second selector for selecting a plurality of fields in a second field group, a third selector for selecting a plurality of fields in a third field group, a fourth selector for selecting a plurality of fields in a fourth field group and a fifth selector for selecting a plurality of fields in a fifth field group;
s300, selecting fields in corresponding field groups by using the selectors obtained in the step S200, splicing the fields selected by the first selector to form a first key value, splicing the fields selected by the second selector to form a second key value, splicing the fields selected by the third selector to form a third key value, splicing the fields selected by the fourth selector to form a fourth key value, and splicing the fields selected by the fifth selector to form a fifth key value;
s400, splicing the second key value and the first key value in sequence to form a sixth key value, and splicing the fifth key value, the fourth key value and the third key value in sequence to form a seventh key value;
s500, splitting the sixth key value into M16 bits, and selecting N of the M16 bits to form an eighth key value by using a preset sixth selector, where N is less than or equal to M, and N, M is an integer;
s600, splitting the eighth key value into a ninth key value and a tenth key value;
s700, splicing the seventh key value and the ninth key value to form an eleventh key value, and respectively selecting a plurality of 1 bits, 2 bits and 4 bits from the eleventh key value to splice in sequence by using a preset seventh selector, an eighth selector and a ninth selector to form a twelfth key value;
and S800, splicing the twelfth key value and the tenth key value in sequence to form a message search key value.
Preferably, in step S100, the fields are grouped according to the bit occupied by each field.
Preferably, each field in the first field group occupies 32 bits, each field in the second field group occupies 16 bits, each field in the third field group occupies 8 bits, each field in the fourth field group occupies 4 bits, and each field in the fifth field group occupies 2 bits.
Preferably, in step S200, the information carried by the packet is selected from one or more forwarding information such as a packet ingress port number, a packet egress port number, a logical source port number, a logical destination port number, and a packet type.
Preferably, in step S600, the high P bit of the eighth key value is a ninth key value, the low Q bit of the eighth key value is a tenth key value, and P, Q is an integer.
The invention also discloses a device for generating the message searching key value, which comprises
The message analysis grouping module is used for analyzing the received message to obtain a plurality of fields and dividing the fields into at least a first field group, a second field group, a third field group, a fourth field group and a fifth field group;
a selector obtaining module, configured to search a TCAM according to forwarding information carried by the packet, and obtain a first selector for selecting a plurality of fields in a first field group, a second selector for selecting a plurality of fields in a second field group, a third selector for selecting a plurality of fields in a third field group, a fourth selector for selecting a plurality of fields in a fourth field group, and a fifth selector for selecting a plurality of fields in a fifth field group;
the first splicing module is used for selecting fields in corresponding field groups by using the obtained selectors, splicing the fields selected by the first selectors to form first key values, splicing the fields selected by the second selectors to form second key values, splicing the fields selected by the third selectors to form third key values, splicing the fields selected by the fourth selectors to form fourth key values, and splicing the fields selected by the fifth selectors to form fifth key values;
the second splicing module is used for splicing the second key value and the first key value in sequence to form a sixth key value, and splicing the fifth key value, the fourth key value and the third key value in sequence to form a seventh key value
A first splitting module, configured to split the sixth key value into M16 bits, and select N splices among the M16 bits by using a preset sixth selector to form an eighth key value, where N is less than or equal to M, and N, M is an integer;
the second splitting module is used for splitting the eighth key value into a ninth key value and a tenth key value;
a third splicing module, configured to splice the seventh key value and the ninth key value to form an eleventh key value, and use a preset seventh selector, an eighth selector, and a ninth selector to respectively select a plurality of 1 bits, 2 bits, and 4 bits in the eleventh key value to splice in sequence to form a twelfth key value;
and the fourth splicing module is used for splicing the twelfth key value and the tenth key value in sequence to form a message search key value.
Preferably, the packet parsing module includes a parsing module and a grouping module, the parsing module is configured to parse a received packet to obtain a plurality of fields, and the grouping module is configured to divide the plurality of fields into at least a first field group, a second field group, a third field group, a fourth field group, and a fifth field group.
Preferably, the grouping module groups according to the number of bits occupied by each field.
Preferably, each field in the first set of fields occupies 32 bits, each field in the second set of fields occupies 16 bits, each field in the third set of fields occupies 8 bits, each field in the fourth set of fields occupies 4 bits, and each field in the fifth set of fields occupies 2 bits.
Preferably, the second splitting module splits the eighth key value into a high P bit and a low Q bit, where the high P bit is a ninth key value and P, Q is an integer.
The invention has the beneficial effects that:
the method and the device for generating the message search key value enable TCAM resources to be efficiently utilized when the TCAM is applied to the ACL, and simultaneously can avoid the situation that the back-end design cannot be converged in ASIC design.
Drawings
FIG. 1 is a schematic flow chart of the method of the present invention;
FIG. 2 is a schematic illustration of an embodiment of the present invention;
fig. 3 is a block diagram illustrating the structure of the present invention.
Detailed Description
The technical solution of the embodiment of the present invention will be clearly and completely described below with reference to the accompanying drawings of the present invention.
The method for generating the message lookup key value disclosed by the invention can be used for efficiently utilizing TCAM (ternary content addressable Memory) resources when the TCAM is applied to ACL (access control List), and simultaneously can avoid the situation that the back-end design can not be converged in ASIC design.
As shown in fig. 1, a method for generating a message lookup key value includes the following steps:
s100, analyzing a received message to obtain a plurality of fields, and dividing the fields into at least a first field group, a second field group, a third field group, a fourth field group and a fifth field group;
specifically, the packet is a data unit exchanged and transmitted in the network, and the packet is continuously encapsulated into a packet, and a frame for transmission during the transmission process, so that the packet finally contains information of two layers, three layers, and the like, the information of the two layers includes an MAC source address, an MAC destination address, an ethernet type, a VLAN, and the like, and the information of the three layers includes an IP source address, an IP destination address, and the like. Taking an IP message as an example, the IP message is composed of a header and a data portion, where the header of the IP message includes a source address field, a destination address field, a header checksum field, a protocol field, and so on, each field occupies a certain bit, for example, the source address field and the destination address field occupy 32 bits, the header checksum field occupies 16 bits, and the protocol field occupies 8 bits.
In implementation, a plurality of fields contained in information of a second layer, a third layer and the like can be obtained by analyzing the received message, and the message can be further divided into a plurality of groups according to the bit occupied by each field. In this embodiment, the packet is divided into five groups according to the bit occupied by each field, that is, a first field group, a second field group, a third field group, a fourth field group and a fifth field group, where each field in the first field group occupies 32 bits, each field in the second field group occupies 16 bits, each field in the third field group occupies 8 bits, each field in the fourth field group occupies 4 bits, and each field in the fifth field group occupies 2 bits. Of course, in practice, the fields occupying 1bit may also be grouped together.
Step 200, searching a TCAM according to forwarding information carried by the packet, and obtaining a first selector for selecting a plurality of fields in a first field group, a second selector for selecting a plurality of fields in a second field group, a third selector for selecting a plurality of fields in a third field group, a fourth selector for selecting a plurality of fields in a fourth field group, and a fifth selector for selecting a plurality of fields in a fifth field group;
specifically, the TCAM stores selector entries for selecting the number of fields in each field group, and in implementation, the selectors corresponding to the corresponding field groups can be obtained by searching in the TCAM according to the message forwarding information, and the selectors can be configured according to user requirements. Further, after the forwarding information carried by the message is searched in the TCAM, a first selector for selecting a plurality of fields in the first field group, a second selector for selecting a plurality of fields in the second field group, a third selector for selecting a plurality of fields in the third field group, a fourth selector for selecting a plurality of fields in the fourth field group, and a fifth selector for selecting a plurality of fields in the fifth field group can be obtained. In specific implementation, it is best to select 4 fields in the first field group by the first selector, 10 fields in the second field group by the second selector, 8 fields in the third field group by the third selector, 10 fields in the fourth field group by the fourth selector, and 8 fields in the fifth field group by the fifth selector.
In this embodiment, the message forwarding information includes, but is not limited to, a message entry port number (srcPort), a message exit port number (dstPort), a logical source port number (logcstport), a logical destination port number (logdcstprot), and a message type (packetType).
Step S300, selecting fields in corresponding field groups by using the selectors obtained in the step S200, splicing the fields selected by the first selector to form a first key value, splicing the fields selected by the second selector to form a second key value, splicing the fields selected by the third selector to form a third key value, splicing the fields selected by the fourth selector to form a fourth key value, and splicing the fields selected by the fifth selector to form a fifth key value;
specifically, step S200 obtains selectors corresponding to each field group by searching for the TCAM, where each selector indicates the number of the selected fields in the corresponding field group, and as described above, 4 fields are selected in the first field group, 10 fields are selected in the second field group, 8 fields are selected in the third field group, 10 fields are selected in the fourth field group, and 8 fields are selected in the fifth field group.
After a selector is used for selecting fields with required number from corresponding field groups, the selected fields are spliced to form corresponding key values, for example, 4 fields selected from a first field group are spliced to form a 128-bit first key value, 10 fields selected from a second field group are spliced to form a 160-bit second key value, 8 fields selected from a third field group are spliced to form a 64-bit third key value, 10 fields selected from a fourth field group are spliced to form a 40-bit fourth key value, and 8 fields selected from a fifth field group are spliced to form a 16-bit fifth key value.
Step S400, splicing the second key value and the first key value in sequence to form a sixth key value, and splicing the fifth key value, the fourth key value and the third key value in sequence to form a seventh key value;
step S500, splitting the sixth key value into M16 bits, and selecting N pieces of the M16 bits to be spliced by using a preset sixth selector to form an eighth key value, wherein N is less than or equal to M, and N, M are integers;
step S600, splitting the eighth key value into a ninth key value and a tenth key value, where the ninth key value is a high P bit of the eighth key value, the tenth key value is a low Q bit of the eighth key value, and P, Q is an integer;
step S700, splicing the seventh key value and the ninth key value to form an eleventh key value, and respectively selecting a plurality of 1 bits, 2 bits and 4 bits from the eleventh key value by using a preset seventh selector, an eighth selector and a ninth selector to splice in sequence to form a twelfth key value;
and step S800, splicing the twelfth key value and the tenth key value in sequence to form a message search key value.
Specifically, in implementation, the second key value and the first key value are spliced in sequence to form a sixth key value, the fifth key value, the fourth key value and the third key value are spliced in sequence to form a seventh key value, for example, the second key value of 160 bits and the first key value of 128 bits are spliced in sequence to form a sixth key value of 288 bits, and the fifth key value of 16 bits, the fourth key value of 40 bits and the third key value of 64 bits are spliced in sequence to form a seventh key value of 120 bits;
secondly, splitting the sixth key value into M16 bits, and selecting N from the M16 bits by using a preset sixth selector to form an eighth key value by splicing, for example, splitting the 288bit sixth key value into 18 16 bits, and selecting 10 16 bits by the sixth selector to splice into a 160bit eighth key value;
and secondly, splitting the eighth key value into a ninth key value and a tenth key value, splicing the seventh key value and the ninth key value in sequence to form an eleventh key value, selecting a plurality of 1 bits, a plurality of 2 bits and a plurality of 4 bits in the eleventh key value by using a preset seventh selector, an eighth selector and a ninth selector, and splicing in sequence to form a twelfth key value. In this embodiment, the ninth key value is the high P bit of the eighth key value, the tenth key value is the low Q bit of the eighth key value, and P, Q is an integer. If the eighth key value of 160 bits is split into a ninth key value of high 96 bits and a tenth key value of low 64 bits, and the seventh key value of 120 bits and the ninth key value of 96 bits are spliced to form an eleventh key value of 216 bits, 21 bits are selected from the eleventh key value through a preset seventh selector, 5 2 bits are selected from the eighth selector, 21 bits are selected from the ninth selector, and 2 bits, 5 bits of 2 bits and 21 bits of 4 bits are spliced to form a twelfth key value of 96 bits; and finally, splicing the twelfth Key value and the tenth Key value in sequence to form a final message search Key value, for example, splicing the 96-bit twelfth Key value and the 64-bit tenth Key value to form a 160-bit message search Key value (Key).
As shown in fig. 2, in this embodiment, a 160-bit key for an ACL is taken as an example to describe the message lookup key generation method in detail.
Firstly, fields obtained by message analysis are grouped according to the bit occupied by each field, and the fields are divided into 5 groups, namely a first field group (32bit), a second field group (16bit), a third field group (8bit), a fourth field group (4bit) and a fifth field group (2 bit).
Secondly, looking up a TCAM according to the forwarding information of the message to obtain a first selector, a second selector, a third selector, a fourth selector and a fifth selector, wherein the first selector selects 4 fields in a first field group, the second selector selects 10 fields in a second field group, the third selector selects 8 fields in a third field group, the fourth selector selects 10 fields in a fourth field group, and the fifth selector selects 8 fields in a fifth field group.
Secondly, 4 fields selected in the first field group are spliced to form a 128-bit first key value, 10 fields selected in the second field group are spliced to form a 160-bit second key value, 8 fields selected in the third field group are spliced to form a 64-bit third key value, 10 fields selected in the fourth field group are spliced to form a 40-bit fourth key value, and 8 fields selected in the fifth field group are spliced to form a 16-bit fifth key value.
Secondly, splicing the 160-bit second key value and the 128-bit first key value in sequence to form a 288-bit sixth key value, and splicing the 16-bit fifth key value, the 40-bit fourth key value and the 64-bit third key value to form a 120-bit seventh key value;
secondly, splitting the sixth key value into 18 16 bits, selecting 10 16 bits by using a preset sixth selector, and finally splicing to form a 160-bit eighth key value;
secondly, splitting the eighth key value into two parts, wherein the higher 96 bits are used as a ninth key value, the lower 64 bits are used as a tenth key value, and sequentially splicing the seventh key value and the ninth key value to form an eleventh key value of 216 bits;
secondly, selecting 21 bits in an eleventh key value by using a preset seventh selector, selecting 5 2 bits in the eleventh key value by using an eighth selector, selecting 21 4 bits in the eleventh key value by using a ninth selector, and splicing the 21 bits, the 5 bits and the 21 4 bits to form a 96-bit twelfth key value;
and finally, splicing the twelfth key value of 96 bits and the tenth key value of 64 bits to form a message search key value of 160 bits.
As shown in fig. 3, the present invention also discloses a message lookup key value generation apparatus, which includes
The message analysis grouping module is used for analyzing the received message to obtain a plurality of fields and dividing the fields into at least a first field group, a second field group, a third field group, a fourth field group and a fifth field group;
a selector obtaining module, configured to search a TCAM according to forwarding information carried by the packet, and obtain a first selector for selecting a plurality of fields in a first field group, a second selector for selecting a plurality of fields in a second field group, a third selector for selecting a plurality of fields in a third field group, a fourth selector for selecting a plurality of fields in a fourth field group, and a fifth selector for selecting a plurality of fields in a fifth field group;
the first splicing module is used for selecting fields in corresponding field groups by using the obtained selectors, splicing the fields selected by the first selectors to form first key values, splicing the fields selected by the second selectors to form second key values, splicing the fields selected by the third selectors to form third key values, splicing the fields selected by the fourth selectors to form fourth key values, and splicing the fields selected by the fifth selectors to form fifth key values;
the second splicing module is used for splicing the second key value and the first key value in sequence to form a sixth key value, and splicing the fifth key value, the fourth key value and the third key value in sequence to form a seventh key value;
a first splitting module, configured to split the sixth key value into M16 bits, and select N of the M16 bits to form an eighth key value by using a preset sixth selector;
the second splitting module is used for splitting the eighth key value into a ninth key value and a tenth key value;
a third splicing module, configured to splice the seventh key value and the ninth key value to form an eleventh key value, and use a preset seventh selector, an eighth selector, and a ninth selector to respectively select a plurality of 1 bits, 2 bits, and 4 bits in the eleventh key value to splice in sequence to form a twelfth key value;
and the fourth splicing module is used for splicing the twelfth key value and the tenth key value in sequence to form a message search key value.
Specifically, the message receiving module comprises an analysis module and a grouping module, wherein the analysis module is used for analyzing the received message to obtain a plurality of fields; the grouping module is used for dividing the fields into at least a first field group, a second field group, a third field group, a fourth field group and a fifth field group. In practice, the grouping module groups the fields according to the number of bits occupied by each field, such as grouping fields that are 32 bits each, and so on.
In this embodiment, each field in the first field group occupies 32 bits, each field in the second field group occupies 16 bits, each field in the third field group occupies 8 bits, each field in the fourth field group occupies 4 bits, and each field in the fifth field group occupies 2 bits.
Further, when the selector acquisition module searches for the TCAM according to the forwarding information of the packet, the forwarding information of the packet includes, but is not limited to, a packet entry port number (srcPort), a packet exit port number (dstPort), a logical source port number (logcstport), a logical destination port number (logdcstprot), and a packet type (packetType).
Further, the eighth key value is split into a high P bit and a low Q bit by a second splitting module, where the high P bit is a ninth key value, the low Q bit is a tenth key value, and P, Q is an integer.
Therefore, the scope of the present invention should not be limited to the disclosure of the embodiments, but includes various alternatives and modifications without departing from the scope of the present invention, which is defined by the claims of the present patent application.
Claims (5)
1. A method for generating message search key values is characterized by comprising the following steps:
s100, analyzing a received message to obtain a plurality of fields, grouping the fields according to bit positions occupied by each field, and dividing the fields into at least a first field group, a second field group, a third field group, a fourth field group and a fifth field group, wherein each field in the first field group occupies 32bit positions, each field in the second field group occupies 16bit positions, each field in the third field group occupies 8bit positions, each field in the fourth field group occupies 4bit positions, and each field in the fifth field group occupies 2bit positions;
s200, searching a TCAM according to the forwarding information carried by the message, and obtaining a first selector for selecting a plurality of fields in a first field group, a second selector for selecting a plurality of fields in a second field group, a third selector for selecting a plurality of fields in a third field group, a fourth selector for selecting a plurality of fields in a fourth field group and a fifth selector for selecting a plurality of fields in a fifth field group;
s300, selecting fields in corresponding field groups by using the selectors obtained in the step S200, splicing the fields selected by the first selector to form a first key value, splicing the fields selected by the second selector to form a second key value, splicing the fields selected by the third selector to form a third key value, splicing the fields selected by the fourth selector to form a fourth key value, and splicing the fields selected by the fifth selector to form a fifth key value;
s400, splicing the second key value and the first key value in sequence to form a sixth key value, and splicing the fifth key value, the fourth key value and the third key value in sequence to form a seventh key value;
s500, splitting the sixth key value into M16 bits, and selecting N of the M16 bits to form an eighth key value by using a preset sixth selector, where N is less than or equal to M, and N, M is an integer;
s600, splitting the eighth key value into a ninth key value and a tenth key value;
s700, splicing the seventh key value and the ninth key value to form an eleventh key value, and respectively selecting a plurality of 1 bits, 2 bits and 4 bits from the eleventh key value to splice in sequence by using a preset seventh selector, an eighth selector and a ninth selector to form a twelfth key value;
and S800, splicing the twelfth key value and the tenth key value in sequence to form a message search key value.
2. The method according to claim 1, wherein in step S200, the message carries information selected from one or more of a message ingress port number, a message egress port number, a logical source port number, a logical destination port number, and a message type.
3. The method of claim 1, wherein in step S600, the high P bits of the eighth key value are a ninth key value, the low Q bits of the eighth key value are a tenth key value, and P, Q are integers.
4. A generation device for message search key values is characterized by comprising
The packet analysis and grouping module comprises an analysis module and a grouping module, wherein the analysis module is used for analyzing a received packet to obtain a plurality of fields, the grouping module is used for grouping according to the number of bits occupied by each field, and the fields are at least divided into a first field group, a second field group, a third field group, a fourth field group and a fifth field group, each field in the first field group occupies 32 bits, each field in the second field group occupies 16 bits, each field in the third field group occupies 8 bits, each field in the fourth field group occupies 4 bits, and each field in the fifth field group occupies 2 bits;
a selector obtaining module, configured to search a TCAM according to forwarding information carried by the packet, and obtain a first selector for selecting a plurality of fields in a first field group, a second selector for selecting a plurality of fields in a second field group, a third selector for selecting a plurality of fields in a third field group, a fourth selector for selecting a plurality of fields in a fourth field group, and a fifth selector for selecting a plurality of fields in a fifth field group;
the first splicing module is used for selecting fields in corresponding field groups by using the obtained selectors, splicing the fields selected by the first selectors to form first key values, splicing the fields selected by the second selectors to form second key values, splicing the fields selected by the third selectors to form third key values, splicing the fields selected by the fourth selectors to form fourth key values, and splicing the fields selected by the fifth selectors to form fifth key values;
the second splicing module is used for splicing the second key value and the first key value in sequence to form a sixth key value, and splicing the fifth key value, the fourth key value and the third key value in sequence to form a seventh key value;
a first splitting module, configured to split the sixth key value into M16 bits, and select N splices among the M16 bits by using a preset sixth selector to form an eighth key value, where N is less than or equal to M, and N, M is an integer;
the second splitting module is used for splitting the eighth key value into a ninth key value and a tenth key value;
a third splicing module, configured to splice the seventh key value and the ninth key value to form an eleventh key value, and use a preset seventh selector, an eighth selector, and a ninth selector to respectively select a plurality of 1 bits, 2 bits, and 4 bits in the eleventh key value to splice in sequence to form a twelfth key value;
and the fourth splicing module is used for splicing the twelfth key value and the tenth key value in sequence to form a message search key value.
5. The apparatus of claim 4, wherein the second splitting module splits the eighth key value into upper P bits and lower Q bits, the upper P bits being a ninth key value, the lower Q bits being a tenth key value, and P, Q being integers.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811081606.7A CN109194665B (en) | 2018-09-17 | 2018-09-17 | Message lookup key value generation method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811081606.7A CN109194665B (en) | 2018-09-17 | 2018-09-17 | Message lookup key value generation method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109194665A CN109194665A (en) | 2019-01-11 |
| CN109194665B true CN109194665B (en) | 2020-10-20 |
Family
ID=64911568
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811081606.7A Active CN109194665B (en) | 2018-09-17 | 2018-09-17 | Message lookup key value generation method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109194665B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109905322B (en) * | 2019-04-01 | 2021-05-07 | 盛科网络(苏州)有限公司 | Message matching information preprocessing method and device |
| CN110390525B (en) * | 2019-07-31 | 2022-05-20 | 中国工商银行股份有限公司 | Direct access method for block chain world state and block chain node |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1863142A (en) * | 2005-08-19 | 2006-11-15 | 华为技术有限公司 | Method for providing different service quality tactics to data stream |
| US7193997B2 (en) * | 2001-03-19 | 2007-03-20 | International Business Machines Corporation | Packet classification |
| CN101242362A (en) * | 2008-03-07 | 2008-08-13 | 华为技术有限公司 | Find key value generation device and method |
| CN101478447A (en) * | 2009-01-08 | 2009-07-08 | 中国人民解放军信息工程大学 | Method and apparatus for deep packet detection |
| CN102622434A (en) * | 2011-12-31 | 2012-08-01 | 成都市华为赛门铁克科技有限公司 | Data storage method, data searching method and device |
| CN103475584A (en) * | 2012-06-07 | 2013-12-25 | 中兴通讯股份有限公司 | Query method and query device for ternary content addressable memory (TCAM) |
| CN103501268A (en) * | 2013-09-29 | 2014-01-08 | 杭州华三通信技术有限公司 | Method and device for scheduling TCAM (Ternary Content Addressable Memory) resource |
| CN104009921A (en) * | 2014-04-28 | 2014-08-27 | 开网科技(北京)有限公司 | Data message forwarding method based on any field matching |
| CN105429882A (en) * | 2015-10-21 | 2016-03-23 | 盛科网络(苏州)有限公司 | Message editing realization method and apparatus based on conventional switching chip search mode |
| CN106506468A (en) * | 2016-10-31 | 2017-03-15 | 盛科网络(苏州)有限公司 | A kind of method that minimizing ACE entries are consumed |
-
2018
- 2018-09-17 CN CN201811081606.7A patent/CN109194665B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7193997B2 (en) * | 2001-03-19 | 2007-03-20 | International Business Machines Corporation | Packet classification |
| CN1863142A (en) * | 2005-08-19 | 2006-11-15 | 华为技术有限公司 | Method for providing different service quality tactics to data stream |
| CN101242362A (en) * | 2008-03-07 | 2008-08-13 | 华为技术有限公司 | Find key value generation device and method |
| CN101478447A (en) * | 2009-01-08 | 2009-07-08 | 中国人民解放军信息工程大学 | Method and apparatus for deep packet detection |
| CN102622434A (en) * | 2011-12-31 | 2012-08-01 | 成都市华为赛门铁克科技有限公司 | Data storage method, data searching method and device |
| CN103475584A (en) * | 2012-06-07 | 2013-12-25 | 中兴通讯股份有限公司 | Query method and query device for ternary content addressable memory (TCAM) |
| CN103501268A (en) * | 2013-09-29 | 2014-01-08 | 杭州华三通信技术有限公司 | Method and device for scheduling TCAM (Ternary Content Addressable Memory) resource |
| CN104009921A (en) * | 2014-04-28 | 2014-08-27 | 开网科技(北京)有限公司 | Data message forwarding method based on any field matching |
| CN105429882A (en) * | 2015-10-21 | 2016-03-23 | 盛科网络(苏州)有限公司 | Message editing realization method and apparatus based on conventional switching chip search mode |
| CN106506468A (en) * | 2016-10-31 | 2017-03-15 | 盛科网络(苏州)有限公司 | A kind of method that minimizing ACE entries are consumed |
Non-Patent Citations (2)
| Title |
|---|
| Hui Yu;Jing Chen;Jianping Wang;S.Q. Zheng.High-performance TCAM-based IP lookup engines.《IEEE INFOCOM Workshops 2008》.2008,第1-6页. * |
| TCAM在万兆网络设备中的应用;邱小勇,杨路,张克环,卞云峰;《全国网络与信息安全技术研讨会’2005》;20050831;第260-264页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109194665A (en) | 2019-01-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US6775737B1 (en) | Method and apparatus for allocating and using range identifiers as input values to content-addressable memories | |
| US9098601B2 (en) | Ternary content-addressable memory assisted packet classification | |
| CA2521470C (en) | Internet protocol security matching values in an associative memory | |
| EP2541854B1 (en) | Hybrid port range encoding | |
| US8488466B2 (en) | Systems, methods, and apparatus for detecting a pattern within a data packet and detecting data packets related to a data packet including a detected pattern | |
| US7315547B2 (en) | Packet forwarding device | |
| US7602787B2 (en) | Using ternary and binary content addressable memory stages to classify information such as packets | |
| US7519070B2 (en) | Method and apparatus for deep packet processing | |
| US7535906B2 (en) | Packet classification | |
| US7289498B2 (en) | Classifying and distributing traffic at a network node | |
| US7941606B1 (en) | Identifying a flow identification value mask based on a flow identification value of a packet | |
| CN113519144B (en) | Exact match and Ternary Content Addressable Memory (TCAM) hybrid lookup for network devices | |
| US20060221967A1 (en) | Methods for performing packet classification | |
| US6922410B1 (en) | Organization of databases in network switches for packet-based data communications networks | |
| CN102136989B (en) | Message transmission method, system and equipment | |
| CA2422439A1 (en) | Selective routing of data flows using a tcam | |
| US8923298B2 (en) | Optimized trie-based address lookup | |
| JP2007097188A (en) | Mac bridge filter and method | |
| CN109194665B (en) | Message lookup key value generation method and device | |
| US20210258251A1 (en) | Method for Multi-Segment Flow Specifications | |
| CN109921995A (en) | A kind of network equipment of the method for configuration address table, the FPGA and application FPGA | |
| CN110830376B (en) | INT message processing method and device | |
| US10205658B1 (en) | Reducing size of policy databases using bidirectional rules | |
| KR20120049572A (en) | Device and the method for classifying packet | |
| CN115297056A (en) | Mask matching method and system based on FPGA |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address |
Address after: 215101 unit 13 / 16, 4th floor, building B, No. 5, Xinghan street, Suzhou Industrial Park, Jiangsu Province Patentee after: Suzhou Shengke Communication Co.,Ltd. Address before: Unit 13 / 16, 4th floor, building B, No.5 Xinghan street, Suzhou Industrial Park, 215000 Jiangsu Province Patentee before: CENTEC NETWORKS (SU ZHOU) Co.,Ltd. |
|
| CP03 | Change of name, title or address |