CN112422434A - IPFIX message processing method, application thereof and ASIC chip - Google Patents
IPFIX message processing method, application thereof and ASIC chip Download PDFInfo
- Publication number
- CN112422434A CN112422434A CN202011247536.5A CN202011247536A CN112422434A CN 112422434 A CN112422434 A CN 112422434A CN 202011247536 A CN202011247536 A CN 202011247536A CN 112422434 A CN112422434 A CN 112422434A
- Authority
- CN
- China
- Prior art keywords
- flow
- ipfix
- flow table
- outgoing
- message processing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/54—Organization of routing tables
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/04—Processing captured monitoring data, e.g. for logfile generation
- H04L43/045—Processing captured monitoring data, e.g. for logfile generation for graphical visualisation of monitoring data
Landscapes
- Engineering & Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides an IPFIX message processing method, application thereof and an ASIC chip, wherein the method comprises the following steps: when an incoming direction IPFIX message is processed, transmitting a corresponding flow ID to a given direction; and in the outgoing direction, according to the transmitted stream ID, indexing the corresponding stream, and performing outgoing direction IPFIX message processing on the stream. Therefore, the flow table is not required to be generated again according to the characteristic information of the flow table in the outgoing direction, but the IPFIX flow table in the incoming direction is multiplexed, so that the IPFIX flow tables in the incoming direction and the outgoing direction are combined into one flow table, and the reporting function of the subsequent IPFIX message and the working reliability of the chip are ensured.
Description
Technical Field
The invention relates to the technical field of network equipment, in particular to an IPFIX message processing method, application thereof and an ASIC chip.
Background
The IPFIX (IP Flow Information Export) networking mainly includes three devices: reporting device Export, collecting device Collector, and analyzing device Analyzer, as shown in fig. 8. The Export is used for analyzing and processing a network Flow (Flow), extracting Flow statistical information meeting conditions, and outputting the statistical information to the Collector; the Collector is responsible for analyzing the data message (IPFIX) of the Export, and collecting statistical data into a database for analysis by an analyst; the analyst extracts the statistical data from the Collector, carries out subsequent processing, provides basis for various services, and displays the data in a graphical interface mode.
IPFIX is based on the concept of "flows", one flow being: messages from the same subinterface with the same source and destination IP addresses, protocol type, same source and destination protocol port number, and the same ToS, usually seven tuples. IPFIX will record the statistics of this flow, including: timestamp, message number, total byte number, etc.
In the process flow of the IPFIX of the Export equipment, when a message passes through the ASIC chip, an IPFIX flow table is generated in the IPFIX engine, and the message is reported to the CPU through DMA. After receiving the IPFIX flow table information, the CPU reorganizes the data and sends a message in a standard IPFIX format to the Collector device.
Referring to fig. 9, in the IPFIX processing flow of the ASIC chip, when the ASIC chip receives a message (enter direction processing), the message information is sent to the IPFIX engine for processing, and in the IPFIX engine, an IPFIX flow table is generated and reported to the CPU; when the ASIC chip sends a message (outbound direction processing), the message information is also sent to the IPFIX engine for processing, and the IPFIX flow table is generated in the IPFIX engine and reported to the CPU.
It can be seen that, in the existing IPFIX processing flow, an IPFIX flow table is independently generated in the ingress direction and the egress direction of the ASIC, and information is reported separately. However, in practical applications, due to the limitation of resources, it may be impossible to successfully generate the corresponding IPFIX flow table by using the flow table feature information in the ingress direction or the egress direction, so that the subsequent IPFIX message reporting function cannot be implemented, and the reliability of chip operation is affected.
Disclosure of Invention
In view of the above, the present invention provides an IPFIX message processing method, an application thereof, and an ASIC chip.
In order to achieve the above object, an embodiment of the present invention provides the following technical solutions:
a method of processing IPFIX messages, the method comprising:
when an incoming direction IPFIX message is processed, transmitting a corresponding flow ID to a given direction;
and in the outgoing direction, according to the transmitted stream ID, indexing the corresponding stream, and performing outgoing direction IPFIX message processing on the stream.
The present application further provides another embodiment of a method for processing an IPFIX message, including:
transmitting, when an ingress direction IPFIX message is processed, a corresponding flow ID and a flow table change count set to change the count when the corresponding flow is deleted, to the ingress direction;
in the outgoing direction, according to the transmitted flow ID, indexing the corresponding flow, and judging whether the flow table change count corresponding to the indexed flow is consistent with the flow table change count transmitted in the incoming direction; if not, the user can not select the specific application,
no IPFIX message processing is performed on the outgoing flow in the outgoing direction.
In one embodiment, if the flow table change count corresponding to the retrieved flow matches the flow table change count transmitted in the ingress direction, the retrieved flow is processed with an IPFIX message in the egress direction.
In an embodiment, the processing of IPFIX messages for the outgoing stream in the outgoing direction specifically includes:
and updating the IPFIX flow table exit direction flow table record information corresponding to the indexed flow in the exit direction.
In one embodiment, the method further comprises:
when the incoming direction meets the reporting condition, reporting the recording information of the incoming direction flow table and the recording information of the outgoing direction flow table of the IPFIX flow table at the same time; and/or the presence of a gas in the gas,
and when the outgoing direction meets the reporting condition, reporting the recording information of the incoming direction flow table and the outgoing direction flow table of the IPFIX flow table at the same time.
In one embodiment, the method further comprises:
when an incoming direction IPFIX message is processed, transmitting a corresponding flow ID valid mark to a given direction;
when the transmitted flow ID valid flag is invalid, IPFIX message processing is not performed in the outgoing direction.
The present application further provides an embodiment of an ASIC chip, the ASIC chip including an IPFIX engine configured to:
when an incoming direction IPFIX message is processed, transmitting a corresponding flow ID to a given direction;
and in the outgoing direction, according to the transmitted stream ID, indexing the corresponding stream, and performing outgoing direction IPFIX message processing on the stream.
The present application further provides an embodiment of an ASIC chip, the ASIC chip including an IPFIX engine configured to:
transmitting, when an ingress direction IPFIX message is processed, a corresponding flow ID and a flow table change count set to change the count when the corresponding flow is deleted, to the ingress direction;
in the outgoing direction, according to the transmitted flow ID, indexing the corresponding flow, and judging whether the flow table change count corresponding to the indexed flow is consistent with the flow table change count transmitted in the incoming direction; if not, the user can not select the specific application,
no IPFIX message processing is performed on the outgoing flow in the outgoing direction.
The present application further provides an embodiment of a network switch chip, where the network switch chip includes: the IPFIX message processing method comprises a kernel and an RAM, wherein the kernel is used for realizing the IPFIX message processing method.
The present application further provides an embodiment of a computer-readable storage medium having stored therein computer-executable instructions configured to perform the above-described IPFIX message processing method.
According to the technical scheme, when the IPFIX message in the incoming direction is processed, the corresponding stream ID is transmitted to the outgoing direction, the corresponding stream can be directly indexed according to the transmitted stream ID in the outgoing direction, and the IPFIX message in the outgoing direction is processed; therefore, the flow table is not required to be generated again according to the characteristic information of the flow table in the outgoing direction, the IPFIX flow table in the incoming direction is multiplexed, the IPFIX flow tables in the incoming direction and the outgoing direction are combined into one flow table, and the reporting function of the subsequent IPFIX message and the working reliability of the chip are ensured.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a flowchart of an IPFIX message processing method according to an embodiment of the present invention;
FIG. 2 is a flowchart of a method for processing IPFIX messages according to another embodiment of the present invention;
fig. 3 is a schematic diagram illustrating that a reporting device processes an IPFIX message according to an IPFIX message processing method in an embodiment of the present invention;
FIG. 4 is a diagram illustrating an ASIC chip processing IPFIX messages according to an embodiment of the present invention;
fig. 5 is a functional diagram of an IPFIX aging timer in an ASIC chip according to an embodiment of the present invention;
FIG. 6 is a block diagram of an ASIC chip for implementing the IPFIX message processing method according to an embodiment of the present invention;
FIG. 7 is a diagram illustrating a hardware structure of a network switch chip according to an embodiment of the present invention;
FIG. 8 is a schematic diagram of a prior art IPFIX networking architecture;
FIG. 9 is a diagram of a prior art ASIC chip processing IPFIX messages.
Detailed Description
In order to make those skilled in the art better understand the technical solution of the present invention, the technical solution in the embodiment of the present invention will be clearly and completely described below with reference to the drawings in the embodiment of the present invention, and it is obvious that the described embodiment is only a part of the embodiment of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Before introducing the IPFIX message processing method of the present application, several exemplary IPFIX application scenarios are introduced first.
1. Use-based Accounting (traffic based charging)
In the past, the flow charging in a network operator is generally only simple user-based uploading and downloading flow. Since IPFIX can be accurate to destination IP, protocol port, etc. fields, the traffic charging can be segmented based on the characteristics of the application service.
2. Traffic Profiling, Traffic Engineering: (flow rate engineering)
Through the record output of the IPFIX Exporter, the IPFIX Collector can output very rich Traffic record information in various chart forms, which is the concept of Traffic Profiling. However, the recording of information alone cannot utilize the powerful function of IPFIX, and the IETF has simultaneously introduced the concept of Traffic Engineering: in an actual operation network, load balancing and redundant backup are often planned, but various protocols are generally adjusted according to a route or protocol principle predetermined in network planning. If the flow in the network is monitored by using IPFIX, some data flows are found to be larger in a certain period of time, and the flow can be reported to a network administrator for flow adjustment so as to distribute and adjust more network bandwidth for the use of related application services, thereby reducing the occurrence of uneven load. Even more, the setting rules such as routing adjustment, bandwidth allocation, security policy and the like can be more intelligently and directly bound to the operation of the IPFIX Collector, and the network flow adjustment can be automatically completed.
3. Attack/interrupt Detection: attack/intrusion detection
From the description of the second application scenario, it can be known that IPFIX can perform network attack detection (such as typical IP scan, port scan, DDOS attack) according to traffic characteristics. And by adopting the standard IPFIX protocol, the latest network attack can be prevented by adopting 'feature library' upgrading as the common host-side virus protection.
Referring to fig. 1, a specific embodiment of the IPFIX message processing method of the present application is described. In this embodiment, the method comprises:
s11, when the ingress direction IPFIX message is processed, the corresponding flow ID is transmitted to the egress direction.
Referring to fig. 3 and 4, when the Export device receives a data packet, it will pass through the IPFIX engine of the ASIC chip. When a message passes through an IPFIX engine, firstly judging whether the IPFIX characteristic is enabled or not, and if not, skipping the IPFIX engine processing; if the IPFIX feature is already enabled, then the IPFIX engine is entered. The Flow table feature information of the message is extracted in the IPFIX engine, and whether a Flow (Flow) with the same Flow table feature information exists is searched according to the Flow table feature information. If the Flow already exists, updating the corresponding entry direction Flow table recording information; and if the Flow does not exist, generating a new Flow, filling the Flow table characteristic information of the Flow with the Flow table characteristic information of the message, and updating the corresponding entry direction Flow table recording information. Of course, here if the newly generated Flow fails, the processing of the subsequent IPFIX engine is skipped.
Illustratively, for an IPFIX flow table, seven-tuple flow table characterization information is typically used:
1. source IP address
2. Destination IP address
3. TCP/UDP source port
4. TCP/UDP destination port
5. Three layer protocol type
6. Type-of-service byte
7. Input logic interface
When the ingress direction IPFIX message processing is carried out, the IPFIX engine transmits a corresponding Flow ID to the egress direction, and each Flow has a unique Flow ID; preferably, a corresponding Flow ID valid flag (FlowIDValid) is also transmitted to give a direction, and the Flow valid flag is used to indicate whether the corresponding Flow is "valid", for example, invalid when IPFIX characteristics are not enabled, invalid when Flow generation fails, and the like.
In this embodiment, when the ingress direction meets the reporting condition, the flow table feature information of the IPFIX flow table, the ingress direction flow table record information, and the egress direction flow table record information are also reported at the same time. Illustratively, common reporting conditions include:
1. new abortion
2. Flow table deletion
3. The total count of the messages exceeds the set threshold value
4. The total byte number of the message exceeds the set threshold value
5. The timestamp of the message exceeds the set threshold value
6. TCP connection disconnection
7. Message jitter is too large
8. Too large message delay
9. Message TTL changes
10. Message drop cause change
11. The count of the discarded messages exceeds the set threshold value
12. Message destination information changes
Thus, even when the IPFIX message reported by the incoming direction is analyzed, the corresponding outgoing direction flow table recording information can be obtained.
And S12, in the outgoing direction, according to the stream ID index corresponding to the transmitted stream ID, and processing the outgoing direction IPFIX message.
Specifically, it is first determined whether the flow ID valid flag is valid, and when the transmitted flow ID valid flag is invalid, it indicates that IPFIX message processing is not required in the outbound direction, and IPFIX engine processing is skipped.
If the flow ID valid flag is valid, it indicates that the IPFIX feature is enabled and enters the IPFIX engine. And indexing the corresponding Flow according to the transmitted Flow ID in the IPFIX engine, and updating the Flow table output direction Flow table record information of the Flow corresponding to the Flow indexed by the output direction update index, thereby finishing the output direction IPFIX message processing.
It can be seen that, in the IPFIX message processing method provided by the present application, a flow table does not need to be generated again according to the flow table feature information in the outgoing direction, but the flow is indexed by the flow ID to output, so that the IPFIX flow tables in the incoming direction and the outgoing direction are multiplexed, the IPFIX flow tables in the incoming direction and the outgoing direction are merged into one flow table, and the following IPFIX message reporting function and the reliability of chip operation are ensured.
Similarly, when the outgoing direction meets the reporting condition, the flow table characteristic information, the incoming direction flow table recording information and the outgoing direction flow table recording information of the IPFIX flow table are reported simultaneously, and the complexity of merging table entries of the CPU chip is reduced.
In practical applications, there is a certain time difference between the outgoing IPFIX message processing and the incoming IPFIX message processing, so there may be situations: when the IPFIX message in the egress direction is processed, the Flow corresponding to the ingress direction is deleted by the aging timer, and even a new Flow is learned again, at this time, if the Flow is directly indexed by the Flow ID in the egress direction, the Flow table record information in the egress direction of other flows may be modified, so that the IPFIX message in another Flow is reported by an erroneous DMA.
In view of the above possibility, referring to fig. 2, the present application also provides another specific implementation of the IPFIX message processing method. In this embodiment, the method comprises:
s21, when the ingress direction IPFIX message is processed, the corresponding flow ID and flow table change count are transferred to the egress direction.
Referring to fig. 4 and 5 in combination, unlike the previous embodiment, when the direction of the transport stream ID is given, the present embodiment also transmits a stream table change count. The flow table change count is set to change only when the corresponding flow is deleted, and is recorded in the flow table recording information.
The deletion may be, for example, an aging deletion of the Flow, which is executed when the aging timer determines that the IPFIX Flow table corresponding to the Flow satisfies the aging condition when performing the aging scan. In one embodiment, the flow table change count may have an initial value of 1, for example, and when the IPFIX flow table is deleted, the flow table change count in the flow table record information is not cleared, but an accumulation operation is performed, where the flow table change count is 2.
S22, in the outgoing direction, the corresponding flow is indexed according to the transmitted flow ID, and it is determined whether the flow table change count corresponding to the indexed flow matches the flow table change count transmitted in the incoming direction.
Since the corresponding Flow table change count has already been sent to the outgoing direction at the time of incoming IPFIX message processing, the Flow table change count that has been transferred to the outgoing direction does not change the count because the corresponding Flow is deleted. In this way, the flow table change count corresponding to the flow indexed by the flow ID can be compared with the transferred flow table change count in the outgoing direction. If the two values are inconsistent, the corresponding Flow is deleted in the transmission process; accordingly, if the values of the two are consistent, it indicates that the corresponding Flow is not deleted in the transfer process.
S23, if the flow table change count corresponding to the retrieved flow does not match the flow table change count transmitted in the ingress direction, the IPFIX message processing for the retrieved flow is not executed in the egress direction.
And under the condition that the Flow corresponding to the Flow direction is deleted, the Flow is a newly generated Flow according to the Flow ID index, and the Flow outflow direction record information of the corresponding IPFIX Flow is not updated at this time. Exemplarily, in this case, IPFIX processing may be skipped directly.
And if the Flow corresponding to the Flow direction is not deleted, directly updating the Flow table record information of the Flow direction corresponding to the Flow indexed according to the Flow ID.
The IPFIX message processing method in this embodiment may also refer to a part or all of the previous embodiment, and repeated methods/steps are not described herein again.
Referring to fig. 6, the present application further provides an embodiment of an ASIC chip. In this embodiment, the ASIC chip includes an IPFIX engine configured to transmit a corresponding flow ID to a given direction when processing an ingress direction IPFIX message; and in the outgoing direction, according to the transmitted stream ID, indexing the corresponding stream, and performing outgoing direction IPFIX message processing on the stream. In the alternative to this, either,
the IPFIX engine is configured to transmit a corresponding flow ID and flow table change count to a given direction when processing an ingress direction IPFIX message; in the outgoing direction, according to the transmitted flow ID, indexing the corresponding flow, and judging whether the flow table change count corresponding to the indexed flow is consistent with the flow table change count transmitted in the incoming direction; if not, the IPFIX message processing of the stream led out by the index is not executed in the outgoing direction.
The above description of the ASIC chip device embodiment is similar to the description of the method embodiment described above, with similar advantageous effects as the method embodiment. For technical details not disclosed in the embodiments of the apparatus of the present application, reference is made to the description of the embodiments of the method of the present application for understanding.
In a typical Export device, the ASIC chip, the PHY chip, the MAC chip, and the CPU chip are integrated together, so that many external components can be removed, thereby achieving a good matching between the chips, and also reducing the number of pins and the chip area.
It should be noted that, in the embodiment of the present application, if the data reading and writing method is implemented in the form of a software functional module and is sold or used as an independent product, the data reading and writing method may also be stored in a computer readable storage medium. Based on such understanding, the technical solutions of the embodiments of the present application essentially or portions thereof that contribute to the prior art do not only exist in chip implementations, but also can be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for enabling a switch chip to execute all or part of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read Only Memory (ROM), a magnetic disk, or an optical disk. Thus, embodiments of the present application are not limited to any specific combination of hardware and software.
Correspondingly, an embodiment of the present application provides a network switch chip, including a memory, a kernel and a RAM, where the memory stores a computer program that can be run through the kernel, and the kernel implements, when running the computer program, the steps in the IPFIX message processing method provided in the foregoing embodiment, where the method includes:
when an incoming direction IPFIX message is processed, transmitting a corresponding flow ID to a given direction; and in the outgoing direction, according to the transmitted stream ID, indexing the corresponding stream, and performing outgoing direction IPFIX message processing on the stream. In the alternative to this, either,
when an incoming direction IPFIX message is processed, transmitting a corresponding flow ID and a flow table change count to a given direction; in the outgoing direction, according to the transmitted flow ID, indexing the corresponding flow, and judging whether the flow table change count corresponding to the indexed flow is consistent with the flow table change count transmitted in the incoming direction; if not, the IPFIX message processing of the stream led out by the index is not executed in the outgoing direction.
Correspondingly, the core of the network switch chip may also be used to implement the steps in the IPFIX processing method provided in the foregoing embodiment, and details are not described here again.
Correspondingly, an embodiment of the present application provides a computer-readable storage medium, in which computer-executable instructions are stored, and the computer-executable instructions are configured to execute the steps in the IPFIX message processing method provided in the foregoing embodiment.
Here, it should be noted that: the above description of the storage medium and device embodiments is similar to the description of the method embodiments above, with similar advantageous effects as the method embodiments. For technical details not disclosed in the embodiments of the storage medium and apparatus of the present application, reference is made to the description of the embodiments of the method of the present application for understanding.
It should be noted that fig. 7 is a schematic diagram of a hardware entity of a network switch chip in the embodiment of the present application, and as shown in fig. 7, the hardware entity of the switch chip includes: a kernel, a communication interface, and a memory, wherein:
the core typically controls the overall operation of the network switch chip.
The communication interface may enable the network switch chip to communicate with other terminals or servers over a network.
The Memory is configured to store instructions and applications executable by the core, and may also cache data (e.g., image data, audio data, voice communication data, and video communication data) to be processed or already processed by the core and modules in the network switch chip, and may be implemented by a Random Access Memory (RAM).
According to the technical scheme, when the IPFIX message in the incoming direction is processed, the corresponding stream ID is transmitted to the outgoing direction, the corresponding stream can be directly indexed according to the transmitted stream ID in the outgoing direction, and the IPFIX message in the outgoing direction is processed; therefore, the flow table is not required to be generated again according to the characteristic information of the flow table in the outgoing direction, but the IPFIX flow table in the incoming direction is multiplexed, so that the IPFIX flow tables in the incoming direction and the outgoing direction are combined into one flow table; meanwhile, the comparison between the transmission flow table change count and the flow table change count corresponding to the retrieved flow is carried out in the outgoing direction, so that the phenomenon that the retrieved flow is subjected to wrong IPFIX message processing in the outgoing direction under the condition that the original flow in the incoming direction is deleted can be avoided, and the subsequent IPFIX message reporting function and the chip working reliability are ensured.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions.
For convenience of description, the above devices are described as being divided into various modules by functions, and are described separately. Of course, the functionality of the modules may be implemented in the same one or more software and/or hardware implementations in implementing one or more embodiments of the present description.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
As will be appreciated by one skilled in the art, embodiments of one or more embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, one or more embodiments of the present description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, one or more embodiments of the present description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
One or more embodiments of the present description may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. One or more embodiments of the specification may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned.
Furthermore, it should be understood that although the present description refers to embodiments, not every embodiment may contain only a single embodiment, and such description is for clarity only, and those skilled in the art should integrate the description, and the embodiments may be combined as appropriate to form other embodiments understood by those skilled in the art.
Claims (10)
1. A method for processing IPFIX messages, the method comprising:
when an incoming direction IPFIX message is processed, transmitting a corresponding flow ID to a given direction;
and in the outgoing direction, according to the transmitted stream ID, indexing the corresponding stream, and performing outgoing direction IPFIX message processing on the stream.
2. A method for processing IPFIX messages, the method comprising:
transmitting, when an ingress direction IPFIX message is processed, a corresponding flow ID and a flow table change count set to change the count when the corresponding flow is deleted, to the ingress direction;
in the outgoing direction, according to the transmitted flow ID, indexing the corresponding flow, and judging whether the flow table change count corresponding to the indexed flow is consistent with the flow table change count transmitted in the incoming direction; if not, the user can not select the specific application,
no IPFIX message processing is performed on the outgoing flow in the outgoing direction.
3. The IPFIX message processing method according to claim 1, wherein if the flow table change count corresponding to the indexed flow matches the flow table change count transmitted in the ingress direction, the indexed flow is processed with the IPFIX message in the egress direction.
4. The IPFIX message processing method according to any one of claims 1 to 3, wherein the IPFIX message processing on the outgoing flow in the outgoing direction specifically comprises:
and updating the IPFIX flow table exit direction flow table record information corresponding to the indexed flow in the exit direction.
5. The method of processing IPFIX messages according to any of claims 1 to 3, further comprising:
when the incoming direction meets the reporting condition, reporting the recording information of the incoming direction flow table and the recording information of the outgoing direction flow table of the IPFIX flow table at the same time; and/or the presence of a gas in the gas,
and when the outgoing direction meets the reporting condition, reporting the recording information of the incoming direction flow table and the outgoing direction flow table of the IPFIX flow table at the same time.
6. The method of processing IPFIX messages according to any of claims 1 to 3, further comprising:
when an incoming direction IPFIX message is processed, transmitting a corresponding flow ID valid mark to a given direction;
when the transmitted flow ID valid flag is invalid, IPFIX message processing is not performed in the outgoing direction.
7. An ASIC chip, wherein the ASIC chip includes an IPFIX engine to:
when an incoming direction IPFIX message is processed, transmitting a corresponding flow ID to a given direction;
and in the outgoing direction, according to the transmitted stream ID, indexing the corresponding stream, and performing outgoing direction IPFIX message processing on the stream.
8. An ASIC chip, wherein the ASIC chip includes an IPFIX engine to:
transmitting, when an ingress direction IPFIX message is processed, a corresponding flow ID and a flow table change count set to change the count when the corresponding flow is deleted, to the ingress direction;
in the outgoing direction, according to the transmitted flow ID, indexing the corresponding flow, and judging whether the flow table change count corresponding to the indexed flow is consistent with the flow table change count transmitted in the incoming direction; if not, the user can not select the specific application,
no IPFIX message processing is performed on the outgoing flow in the outgoing direction.
9. A network switching chip, the network switching chip comprising: a kernel and a RAM, the kernel being configured to implement the IPFIX message processing method provided in any one of claims 1 to 6.
10. A computer-readable storage medium having stored thereon computer-executable instructions configured to perform the IPFIX message processing method provided in any of the preceding claims 1 to 6.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011247536.5A CN112422434A (en) | 2020-11-10 | 2020-11-10 | IPFIX message processing method, application thereof and ASIC chip |
| PCT/CN2021/129606 WO2022100581A1 (en) | 2020-11-10 | 2021-11-09 | Method for processing ipfix message, storage medium, network switching chip and asic chip |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011247536.5A CN112422434A (en) | 2020-11-10 | 2020-11-10 | IPFIX message processing method, application thereof and ASIC chip |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112422434A true CN112422434A (en) | 2021-02-26 |
Family
ID=74781661
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011247536.5A Pending CN112422434A (en) | 2020-11-10 | 2020-11-10 | IPFIX message processing method, application thereof and ASIC chip |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN112422434A (en) |
| WO (1) | WO2022100581A1 (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113726678A (en) * | 2021-07-28 | 2021-11-30 | 中盈优创资讯科技有限公司 | Message distribution method based on NetFlow load balancer |
| WO2022100581A1 (en) * | 2020-11-10 | 2022-05-19 | 苏州盛科通信股份有限公司 | Method for processing ipfix message, storage medium, network switching chip and asic chip |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102238041A (en) * | 2010-04-23 | 2011-11-09 | 华为技术有限公司 | Internet protocol (IP) stream quality monitoring method, device and system |
| CN104378263A (en) * | 2014-11-27 | 2015-02-25 | 盛科网络(苏州)有限公司 | Network flow monitoring method and device based on TCP session and message processing chip |
| US20150229661A1 (en) * | 2011-11-07 | 2015-08-13 | Netflow Logic Corporation | Method and system for confident anomaly detection in computer network traffic |
| CN105515921A (en) * | 2016-01-25 | 2016-04-20 | 盛科网络(苏州)有限公司 | Method and device for achieving real-time monitoring over network fragment message flow |
| CN110865965A (en) * | 2019-11-13 | 2020-03-06 | 苏州盛科科技有限公司 | Method and device for realizing flow table bidirectional data synchronization based on hardware |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016018181A1 (en) * | 2014-07-28 | 2016-02-04 | Telefonaktiebolaget L M Ericsson (Publ) | Automated flow devolvement in an aggregate flow environment |
| CN108259378B (en) * | 2017-03-30 | 2021-09-21 | 新华三技术有限公司 | Message processing method and device |
| CN112422434A (en) * | 2020-11-10 | 2021-02-26 | 盛科网络(苏州)有限公司 | IPFIX message processing method, application thereof and ASIC chip |
-
2020
- 2020-11-10 CN CN202011247536.5A patent/CN112422434A/en active Pending
-
2021
- 2021-11-09 WO PCT/CN2021/129606 patent/WO2022100581A1/en active Application Filing
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102238041A (en) * | 2010-04-23 | 2011-11-09 | 华为技术有限公司 | Internet protocol (IP) stream quality monitoring method, device and system |
| US20150229661A1 (en) * | 2011-11-07 | 2015-08-13 | Netflow Logic Corporation | Method and system for confident anomaly detection in computer network traffic |
| CN104378263A (en) * | 2014-11-27 | 2015-02-25 | 盛科网络(苏州)有限公司 | Network flow monitoring method and device based on TCP session and message processing chip |
| CN105515921A (en) * | 2016-01-25 | 2016-04-20 | 盛科网络(苏州)有限公司 | Method and device for achieving real-time monitoring over network fragment message flow |
| CN110865965A (en) * | 2019-11-13 | 2020-03-06 | 苏州盛科科技有限公司 | Method and device for realizing flow table bidirectional data synchronization based on hardware |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2022100581A1 (en) * | 2020-11-10 | 2022-05-19 | 苏州盛科通信股份有限公司 | Method for processing ipfix message, storage medium, network switching chip and asic chip |
| CN113726678A (en) * | 2021-07-28 | 2021-11-30 | 中盈优创资讯科技有限公司 | Message distribution method based on NetFlow load balancer |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2022100581A1 (en) | 2022-05-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103314557B (en) | Network system, controller, switch, and traffic monitoring method | |
| US9860154B2 (en) | Streaming method and system for processing network metadata | |
| US7610330B1 (en) | Multi-dimensional computation distribution in a packet processing device having multiple processing architecture | |
| JP4759389B2 (en) | Packet communication device | |
| CN110071853B (en) | Message statistical method and network equipment | |
| US9356844B2 (en) | Efficient application recognition in network traffic | |
| US20090238088A1 (en) | Network traffic analyzing device, network traffic analyzing method and network traffic analyzing system | |
| US20050111460A1 (en) | State-transition based network intrusion detection | |
| US11546266B2 (en) | Correlating discarded network traffic with network policy events through augmented flow | |
| CN104115463A (en) | A streaming method and system for processing network metadata | |
| CN111314179B (en) | Network quality detection method, device, equipment and storage medium | |
| US10284460B1 (en) | Network packet tracing | |
| CN112422434A (en) | IPFIX message processing method, application thereof and ASIC chip | |
| US20230412591A1 (en) | Traffic processing method and protection system | |
| CN112543149B (en) | Method for preventing IPFIX message from being lost, application thereof and ASIC chip | |
| CN101635720A (en) | Filtering method of unknown flow rate and bandwidth management equipment | |
| KR20220029142A (en) | Sdn controller server and method for analysing sdn based network traffic usage thereof | |
| US20160248652A1 (en) | System and method for classifying and managing applications over compressed or encrypted traffic | |
| RU2602333C2 (en) | Network system, packet processing method and storage medium | |
| KR102069142B1 (en) | Apparatus and method for automatic extraction of accurate protocol specifications | |
| JP2010034708A (en) | Relay device | |
| CN115277504B (en) | Network traffic monitoring method, device and system | |
| CN113422699B (en) | Data stream processing method and device, computer readable storage medium and electronic equipment | |
| CN111901138B (en) | Visual auditing method for illegal access of industrial network | |
| CN114157716A (en) | Data processing method and device based on block chain and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 215000 unit 13 / 16, 4th floor, building B, No.5 Xinghan street, Suzhou Industrial Park, Jiangsu Province Applicant after: Suzhou Shengke Communication Co.,Ltd. Address before: Unit 13 / 16, floor 4, building B, No. 5, Xinghan street, Suzhou Industrial Park, Suzhou, Jiangsu Province, 215000 Applicant before: CENTEC NETWORKS (SUZHOU) Co.,Ltd. |
|
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210226 |