CN113392039B - Data storage and searching method and device - Google Patents

Data storage and searching method and device Download PDF

Info

Publication number
CN113392039B
CN113392039B CN202110641530.4A CN202110641530A CN113392039B CN 113392039 B CN113392039 B CN 113392039B CN 202110641530 A CN202110641530 A CN 202110641530A CN 113392039 B CN113392039 B CN 113392039B
Authority
CN
China
Prior art keywords
range
domain
tcam
key
preset range
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110641530.4A
Other languages
Chinese (zh)
Other versions
CN113392039A (en
Inventor
李闻桤
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Security Technologies Co Ltd
Original Assignee
New H3C Security Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by New H3C Security Technologies Co Ltd filed Critical New H3C Security Technologies Co Ltd
Priority to CN202110641530.4A priority Critical patent/CN113392039B/en
Publication of CN113392039A publication Critical patent/CN113392039A/en
Application granted granted Critical
Publication of CN113392039B publication Critical patent/CN113392039B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/06Addressing a physical block of locations, e.g. base addressing, module addressing, memory dedication
    • G06F12/0615Address space extension
    • G06F12/0623Address space extension for memory modules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1408Protection against unauthorised use of memory or access to memory by using cryptography
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1458Protection against unauthorised use of memory or access to memory by checking the subject access rights
    • G06F12/1483Protection against unauthorised use of memory or access to memory by checking the subject access rights using an access-table, e.g. matrix or list
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the application provides a data storage and searching method and device, which are applied to network equipment, wherein the method comprises the following steps: extracting a Range starting value and a Range ending value of a preset Range attribute from an ACL rule; inserting a Range starting value and a Range end value into a Range domain and an extension domain according to a preset Range matching operation to obtain a key; and filling the addresses included by the key and the ACL rule into TCAM physical table entries. By applying the technical scheme provided by the embodiment of the application, the utilization rate of the TCAM is improved, and the requirement of high-load service is met.

Description

Data storage and searching method and device
Technical Field
The present disclosure relates to the field of memory technologies, and in particular, to a method and apparatus for storing and searching data.
Background
The ternary content addressable memory (Ternary Content Addressable Memory, TCAM) can implement fuzzy lookup operations in addition to read and write operations and accurate lookup operations. Based on this, TCAM takes a great performance advantage based on hardware multiplexing parallel lookup operations.
Currently, TCAMs are often used to store access control list (Access Control Lists, ACL) rules. ACL rules support Range (Range) rule matching. Whereas for a single ACL rule based Range rule matching, the ACL rule is parsed into TCAM physical entries with the same key, different masks, and the same address based on a masking algorithm. Wherein the key comprises values of one or more Range fields. Subsequently, the network device may match the key for which the data is to be looked up with the value of the Range field included in the TCAM physical entry to obtain the address for which the data is to be looked up.
In the above process of the lookup operation, a single ACL rule occupies a large number of TCAM physical entries. This results in a waste of TCAM resources to some extent, and TCAM utilization is low. When a large number of ACL rules need to be processed, TCAM resources are insufficient, and the requirement of high-load service cannot be met.
Disclosure of Invention
An object of the embodiments of the present application is to provide a data storage and searching method and apparatus, so as to improve the utilization rate of TCAM and meet the requirement of high-load service. The specific technical scheme is as follows:
in a first aspect, an embodiment of the present application provides a data storage method, applied to a network device, where the method includes:
extracting a Range starting value and a Range ending value of a preset Range attribute from an ACL rule;
inserting the Range starting value and the Range end value into the Range domain and the extension domain according to a preset Range matching operation to obtain a key;
and filling the key and the address included by the ACL rule into a TCAM physical table entry.
Optionally, the number of the preset Range attributes is a plurality of;
the step of inserting the Range start value and the Range end value into the Range domain and the extension domain according to the preset Range matching operation to obtain a key comprises the following steps:
And respectively inserting the Range start value and the Range end value of each preset Range attribute into the Range domain and the extension domain according to the preset Range matching operation to obtain the key of each preset Range attribute.
Optionally, after populating the address included in the key and the ACL rule into the TCAM physical table entry, the method further includes:
acquiring a first search key, wherein the first search key comprises a target value of the preset Range attribute;
inserting the target value into a Range domain and an expansion domain according to the preset Range matching operation to obtain a second search key;
searching the second search key in the key included in the TCAM physical table item;
and if the second search key is found in the TCAM physical table entry, returning the address included in the TCAM physical table entry.
Optionally, the preset Range attribute includes one or more of a source port, a destination port and a lifetime value.
In a second aspect, an embodiment of the present application provides a data searching method, applied to a network device, where the method includes:
acquiring a first search key, wherein the first search key comprises a target value of a preset Range attribute;
inserting the target value into a Range domain and an expansion domain according to a preset Range matching operation to obtain a second search key;
Searching the second search key in the key included in the TCAM physical table item;
and if the second search key is found in the TCAM physical table entry, returning the address included in the TCAM physical table entry.
Optionally, the number of the preset Range attributes is a plurality of;
the step of inserting the target value into the Range domain and the expansion domain according to the preset Range matching operation to obtain a second search key comprises the following steps:
according to the preset Range matching operation, respectively inserting target values of each preset Range attribute into a Range domain and an expansion domain to obtain candidate values corresponding to each target value;
and combining each candidate value according to a preset combination mode to obtain a second search key.
Optionally, the network device includes a plurality of logic registers;
the step of respectively inserting target values of each preset Range attribute into a Range domain and an extension domain according to the preset Range matching operation to obtain candidate values corresponding to each target value comprises the following steps:
writing each target value into a corresponding logic register according to the corresponding relation between each preset Range attribute and the logic register; inserting each target value in each logic register into a Range domain and an extension domain according to a preset Range matching operation to obtain a candidate value corresponding to each target value;
The step of combining each candidate value according to a preset combination mode to obtain a second search key comprises the following steps:
and combining each candidate value in each logic register to obtain a second search key corresponding to the logic register.
Optionally, the preset Range attribute includes one or more of a source port, a destination port and a lifetime value.
In a third aspect, an embodiment of the present application provides a data storage apparatus, applied to a network device, where the apparatus includes:
the extraction module is used for extracting a Range starting value and a Range ending value of the preset Range attribute from the ACL rule;
the first inserting module is used for inserting the Range starting value and the Range end value into the Range domain and the extension domain according to a preset Range matching operation to obtain a key;
and the filling module is used for filling the secret key and the address included by the ACL rule into the TCAM physical table entry.
Optionally, the number of the preset Range attributes is a plurality of;
the first inserting module is specifically configured to insert a Range start value and a Range end value of each preset Range attribute into the Range domain and the extension domain respectively according to a preset Range matching operation, so as to obtain a key of each preset Range attribute.
Optionally, the apparatus further includes:
the first acquisition module is used for acquiring a first search key after filling the key and the address included in the ACL rule into the TCAM physical table entry, wherein the first search key comprises a target value of the preset Range attribute;
the second inserting module is used for inserting the target value into the Range domain and the expansion domain according to the preset Range matching operation to obtain a second search key;
the first searching module is used for searching the second searching key in the keys included in the TCAM physical table entry;
and the first return module is used for returning the address included in the TCAM physical table item if the second search key is found in the TCAM physical table item.
Optionally, the preset Range attribute includes one or more of a source port, a destination port and a lifetime value.
In a fourth aspect, an embodiment of the present application provides a data searching apparatus, applied to a network device, where the apparatus includes:
the second acquisition module is used for acquiring a first search key, wherein the first search key comprises a target value of a preset Range attribute;
the third inserting module is used for inserting the target value into the Range domain and the expansion domain according to the preset Range matching operation to obtain a second search key;
The second searching module is used for searching the second searching key in the keys included in the TCAM physical table entry;
and the second return module is used for returning the address included in the TCAM physical table item if the second search key is found in the TCAM physical table item.
Optionally, the number of the preset Range attributes is a plurality of;
the third inserting module is specifically configured to insert, according to a preset Range matching operation, a target value of each preset Range attribute into a Range domain and an extension domain, so as to obtain a candidate value corresponding to each target value; and combining each candidate value according to a preset combination mode to obtain a second search key.
Optionally, the network device includes a plurality of logic registers;
the third inserting module is specifically configured to write each target value into a corresponding logic register according to a corresponding relationship between each preset Range attribute and the logic register; inserting each target value in each logic register into a Range domain and an extension domain according to a preset Range matching operation to obtain a candidate value corresponding to each target value; and combining each candidate value in each logic register to obtain a second search key corresponding to the logic register.
Optionally, the preset Range attribute includes one or more of a source port, a destination port and a lifetime value.
In a fifth aspect, embodiments of the present application provide a network device comprising a processor and a machine-readable storage medium storing machine-executable instructions executable by the processor, the processor being caused by the machine-executable instructions to: any of the data storage method steps provided in the first aspect described above is implemented, or any of the data search method steps provided in the second aspect described above is implemented.
In a sixth aspect, embodiments of the present application provide a machine-readable storage medium having stored thereon a computer program which, when executed by a processor, implements any of the data storage method steps provided in the first aspect or implements any of the data searching method steps provided in the second aspect.
Embodiments of the present application also provide a computer program which, when run on a computer, causes the computer to perform any of the data storage method steps provided in the first aspect described above, or to implement any of the data search method steps provided in the second aspect described above.
The beneficial effects of the embodiment of the application are that:
in the technical scheme provided by the embodiment of the application, the network equipment is provided with an extension domain besides the Range. The extended field may be used to record more Range information. And the network equipment inserts the Range starting value and the Range end value into the Range domain and the extension domain according to the preset Range matching operation to obtain the key. More Range information can be included in the secret key, so that the number of TCAM physical table entries can be greatly reduced when TCAM physical table entries of ACL rules are generated, the problem of insufficient TCAM resources caused by the need of processing a large number of ACL rules is solved, the utilization rate of TCAM is further improved, and the requirement of high-load service is met. Of course, not all of the above-described advantages need be achieved simultaneously in practicing any one of the products or methods of the present application.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the following description will briefly introduce the drawings that are required to be used in the embodiments or the description of the prior art, and it is obvious that the drawings in the following description are only some embodiments of the present application, and other embodiments may also be obtained according to these drawings to those skilled in the art.
Fig. 1 is a schematic flow chart of a data storage method according to an embodiment of the present application;
fig. 2 is a first flowchart of a data searching method according to an embodiment of the present application;
fig. 3 is a second flowchart of a data searching method according to an embodiment of the present application;
fig. 4 is a third flowchart of a data searching method according to an embodiment of the present application;
fig. 5 is a fourth flowchart of a data searching method according to an embodiment of the present application;
FIG. 6 is a flow chart of a data storage architecture according to an embodiment of the present disclosure;
FIG. 7 is a schematic diagram of a data storage device according to an embodiment of the present disclosure;
fig. 8 is a schematic structural diagram of a data searching device according to an embodiment of the present application;
fig. 9 is a schematic diagram of a first structure of a network device according to an embodiment of the present application;
fig. 10 is a schematic diagram of a second structure of a network device according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all, of the embodiments of the present application. Based on the embodiments herein, a person of ordinary skill in the art would be able to obtain all other embodiments based on the disclosure herein, which are within the scope of the disclosure herein.
The content addressable memory (Content Addressable Memory, CAM) can implement accurate lookup operations in addition to read and write operations. Specifically, the CAM receives a search key of the data to be searched, and returns an address corresponding to the search key stored by the CAM as the address of the data to be searched to the user, thereby realizing accurate searching operation.
TCAM is one type of CAM. The TCAM can implement fuzzy lookup operations in addition to read and write operations and precise lookup operations that CAM can implement. Based on this, TCAM takes a great performance advantage based on hardware multiplexing parallel lookup operations.
Currently, TCAMs are often used to store ACL rules. ACL rules support Range rule matching for identifying and handling network traffic. For a single ACL rule based on Range rule matching, based on a mask algorithm, the Range included in the ACL rule is parsed into TCAM physical entries with the same key, different masks, and the same address.
As can be seen, ACL rules can occupy a large number of TCAM physical entries. In the worst case, n bits (bits) are used as Range for Range rule matching, which requires 2 occupation n -2 TCAM physical entries. If the ACL rule includes a plurality of ranges to be matched by the Range rule, the number of TCAM physical entries to be occupied will be exponentially increased. This results in lower TCAM utilization.
Moreover, when a large number of ACL rules need to be processed, TCAM resources will be insufficient, and the requirement of high-load service cannot be met.
In order to solve the above problems, the embodiments of the present application provide a data storage method, which may be applied to network devices such as routers and switches.
In the method, a Range starting value and a Range ending value of a preset Range attribute are extracted from an ACL rule; inserting a Range starting value and a Range end value into a Range domain and an extension domain according to a preset Range matching operation to obtain a key; and filling the addresses included by the key and the ACL rule into TCAM physical table entries.
In the technical scheme provided by the embodiment of the application, the network equipment is provided with an extension domain besides the Range. The extended field may be used to record more Range information. And the network equipment inserts the Range starting value and the Range end value into the Range domain and the extension domain according to the preset Range matching operation to obtain the key. More Range information can be included in the secret key, so that the number of TCAM physical table entries can be greatly reduced when TCAM physical table entries of ACL rules are generated, the problem of insufficient TCAM resources caused by the need of processing a large number of ACL rules is solved, the utilization rate of TCAM is further improved, and the requirement of high-load service is met.
The data storage method provided by the embodiment of the application is described in detail below through specific embodiments.
Referring to fig. 1, fig. 1 is a schematic flow chart of a data storage method according to an embodiment of the present application. The method is applied to network equipment and comprises the following steps:
step S11, extracting a Range start value and a Range end value of a preset Range attribute from the ACL rule.
The network device includes a TCAM database. The TCAM database is preset with a key field attribute, i.e., a preset Range attribute. The preset Range attribute may include one or more of a source port, a destination port, and a Time To Live (TTL).
The ACL rules may be input to the network device by the user, may be sent to the network device by other devices, or may be obtained from a preset database.
After the network device obtains the ACL rule, if the data of the preset Range attribute in the ACL rule is a Range, the network device can extract the start value and the end value of the Range from the ACL rule as the Range start value and the Range end value of the preset Range attribute;
if the data of the preset Range attribute in the ACL rule is a fixed value, the network device may extract the fixed value from the ACL rule as a Range start value and a Range end value of the preset Range attribute. At this time, the range start value and the range end value are the same.
If a plurality of preset Range attributes are configured in the network device, for each preset Range attribute, the network device extracts a Range start value and a Range end value of the preset Range attribute from the ACL rule.
For example, the preset Range attribute includes a source port and a destination port. ACL rule 1 includes: the source port ranges from port01-04 and the destination port ranges from port11-14. The network equipment extracts a range starting value port01 of a source port from ACL rule 1 and an end value port04 of the source port; the range start value port11 to the destination port and the range end value port14 to the destination port are extracted from ACL rule 1.
Step S12, inserting the Range starting value and the Range end value into the Range domain and the extension domain according to the preset Range matching operation to obtain the key.
The TCAM supports a Range encoding algorithm on hardware, and can implement a Range matching operation, that is, a preset Range matching operation, through an internal register.
In the embodiment of the present application, the key field of the TCAM physical table entry may fill multiple Range fields that are independently matched, for example, 4 Range fields may be supported. The multiple Range field may be placed anywhere in the key field. The capacity of the key field is greater than the total capacity of the plurality of Range domains. For example, a Range field has a capacity of 16 bits and a key field has a capacity of 640 bits.
In this embodiment of the present application, the key field sets a Range field, and uses the unused space of the key field to additionally set an extension field. The extension field is used for padding of extension bytes of Range coding algorithm. To facilitate distinguishing extended domains. The extended field may be inserted at the end of the key field.
The capacity of the extension domain can be set according to actual requirements. The capacity of the extended field may be 0bit, 8bit, 16bit, etc. The larger the capacity of the expansion domain, the more advantageous the TCAM resource compression effect.
In one example, in the case where the Range field is 16 bits, the network device may set a control plane based Range matching software development kit (Software Development Kit, SDK) port, which includes 3 Range encoding algorithms, as follows:
1. the 16 bit-16 bit coding algorithm, i.e. the extension field is 0bit. At this time, the Range field and the extension field total 16 bits. Based on the Range domain and the extension domain, the Range coding algorithm in the embodiment of the application has the same effect as the mask algorithm in the related technology, and can not save TCAM resources.
2. The 16 bit-24 bit coding algorithm, i.e. the extension field is 8 bits. At this time, the Range field and the extension field total 24 bits. This scheme may be used in the event of a key resource shortage in the TCAM physical entry. Compared with the mask algorithm in the related art, based on the Range domain and the extension domain, the Range coding algorithm in the embodiment of the application can achieve the effect of remarkably optimizing TCAM resources, namely one TCAM physical table item in the embodiment of the application comprises more Range information. In the related art, by applying the technical scheme provided by the embodiment of the application, the number of TCAM physical table entries obtained by analyzing one ACL rule is obviously reduced.
3. The 16 bit-32 bit coding algorithm, i.e. the extension field is 16 bits. At this time, the Range field and the extension field total 32 bits. This scheme may be used in cases where the key resources are sufficient in the TCAM physical table entry. In this scheme, the number of TCAM physical entries obtained by parsing an ACL rule may be compressed into one, so as to maximize TCAM resource compression.
And the network equipment inserts the Range starting value and the Range end value into the Range domain and the extension domain by utilizing a preset Range coding algorithm according to the preset Range matching operation of the SDK port to obtain the key.
In this embodiment of the present application, if the number of preset Range attributes is one, the network device may insert, according to a preset Range matching operation supported by the TCAM, a Range start value and a Range end value of the preset Range attribute into a Range domain and an extension domain, to obtain a key. The key represents the Range of the preset Range attribute in the ACL rule. For example, if the Range attribute is preset as the source port and the Range of the source port is port01-port04, the key represents the Range of port01-port 04.
If the number of the preset Range attributes is one, for each preset Range attribute, the network device may insert the Range start value and the Range end value of the preset Range attribute into the Range domain and the extension domain respectively according to the preset Range matching operation supported by the TCAM, so as to obtain the key of the preset Range attribute. At this time, the network device obtains a plurality of keys. Wherein, the key of a preset Range attribute represents the Range of the preset Range attribute.
And S13, filling the address included by the key and the ACL rule into the TCAM physical table item.
After obtaining the key, the network device extracts the address from the ACL rule and populates the key and the extracted address to the TCAM physical entry.
In the technical scheme provided by the embodiment of the application, the network equipment is provided with an extension domain besides the Range. The extended field may be used to record more Range information. And the network equipment inserts the Range starting value and the Range end value into the Range domain and the extension domain according to the preset Range matching operation to obtain the key. More Range information can be included in the secret key, so that the number of TCAM physical table entries can be greatly reduced when TCAM physical table entries of ACL rules are generated, the problem of insufficient TCAM resources caused by processing a large number of ACL rules is solved, the utilization rate of TCAM is further improved, more ACL rules can be supported to be issued, and the requirement of high-load service is met.
After obtaining the TCAM physical table entry, the network device may perform table entry deletion, modification, and lookup operations based on the TCAM physical table entry. In order to implement the above-mentioned table entry adding, deleting, modifying and searching operations, the corresponding processes and interfaces may be configured.
In an alternative embodiment, as shown in fig. 2, fig. 2 is a first flowchart of a data searching method provided in an embodiment of the present application, applied to a network device, where the method includes the following steps:
step S21, a first search key is acquired, wherein the first search key comprises a target value of a preset Range attribute.
When searching for data, the user inputs a first search key to the network device. The embodiment of the present application will be described by taking the first search key as an example, and is not limited thereto.
The preset Range attribute comprises one or more of a source port, a destination port and a time-to-live value. The first search key may include one or more target values, where a target value corresponds to a preset Range attribute. For example, the preset Range attribute includes a source port and a destination port; the first search key includes port01 and port11, where port01 is the source port and port11 is the destination port.
Step S22, inserting the target value into the Range domain and the expansion domain according to the preset Range matching operation to obtain a second search key.
In order to ensure that the search operation is accurately performed, the preset Range matching operation in step S22 is the same as the preset Range matching operation in the above-described data storage method.
In the embodiment of the application, after inputting the first search key into the network device, the network device stores the first search key into a content buffer of the TCAM, and then, the first search key in the content buffer is imported into the SDK port matched with Range based on the control plane; the network device inserts the target value into the Range domain and the expansion domain based on the Range matching operation of the SDK port to obtain a second search key.
Step S23, searching a second search key in the keys included in the TCAM physical table entry.
The TCAM includes a plurality of TCAM physical entries. The network equipment matches the second search key with the Range attribute preset in each TCAM physical table item, and searches the second search key in the keys included in the TCAM physical table items.
Step S24, if the second search key is found in the TCAM physical table entry, returning the address included in the TCAM physical table entry.
If the second search key is found in one TCAM physical table item, the network equipment acquires the address included in the TCAM physical table item and returns the address to the user. At this point, the user may obtain the required data from the address.
In this embodiment of the present application, the key field of the TCAM physical table entry includes a Range field and an extension field, and the key field records more Range information. Therefore, when TCAM physical table items of ACL rules are generated, the number of the TCAM physical table items can be greatly reduced, and the problem of insufficient TCAM resources caused by processing a large number of ACL rules is solved. By using the TCAM physical table entry to execute the searching operation, the utilization rate of the TCAM can be effectively improved, and the requirement of high-load service can be met.
In one embodiment of the present application, the number of preset Range attributes may be plural. In this case, as shown in fig. 3, in the method, step S22 may be refined to steps S221 and S222.
Step S221, according to the preset Range matching operation, the target value of each preset Range attribute is respectively inserted into the Range domain and the extension domain, and the candidate value corresponding to each target value is obtained.
In the embodiment of the present application, for each preset Range attribute, according to a preset Range matching operation, the network device inserts a target value of the preset Range attribute into a Range domain and an extension domain, so as to obtain a candidate value corresponding to the target value.
Step S222, combining each candidate value according to a preset combination mode to obtain a second search key.
The combination mode of the key with the preset Range attribute is preset in the network equipment, namely the preset combination mode. And combining each candidate value by the network equipment according to a preset combination mode to obtain a second search key.
In this embodiment of the present invention, the preset combination manner may be multiple, and according to the preset combination manner, the network device may obtain multiple second search keys. And further, parallel searching operation can be realized, and searching efficiency is improved.
In one embodiment of the present application, to facilitate the lookup operation, the network device may include a plurality of logical registers. Based on this, according to fig. 3, the embodiment of the present application further provides a data searching method, as shown in fig. 4, in which step S221 may be refined to step S2211 and step S2212, and step S222 may be refined to step S2221.
In step S2211, each target value is written into the corresponding logical register according to the corresponding relationship between each preset Range attribute and the logical register.
The network equipment presets and sets the corresponding relation between each preset Range attribute and the logic register. For each target value of the preset Range attribute, the network device may write the target value of the preset Range attribute into a logical register of the preset Range attribute.
In this embodiment of the present application, the preset Range attribute may be dynamically added to each logic register. The logical register may be a register that includes a Range matching operation.
Step S2212, according to the preset Range matching operation, each target value in each logic register is inserted into a Range domain and an extension domain, and a candidate value corresponding to each target value is obtained.
In the embodiment of the application, one logic register writes one or more target values. And for each logic register, the network equipment inserts each target value in the logic register into a Range domain and an extension domain according to a preset Range matching operation to obtain a candidate value corresponding to each target value.
Step S2221, for each logic register, combines each candidate value in the logic register to obtain the second search key corresponding to the logic register.
After obtaining candidate values corresponding to each target value in each logic register, for each logic register, the network device combines each candidate value in the logic register to obtain a second search key corresponding to the logic register.
In the case of multiple logical registers, the network device obtains multiple second search keys, and the network device may perform the lookup operations in parallel.
The data searching method provided in the embodiment of the present application is described in detail below with reference to flowcharts shown in fig. 5 and 6. The preset Range attribute comprises a source port and a destination port. The Range domain is 16 bits, the extension domain is 16 bits, namely the Range coding algorithm is a 16 bit- & gt 32bit coding algorithm. TCAM supports 4-way parallel lookup operations. The preset combination mode comprises the following steps: { source port }, { destination port }, and { source port + destination port }.
The adding flow of the TCAM physical table item comprises the following steps:
in this embodiment, before performing addition of the TCAM physical table entry, the TCAM database needs to be initialized to set the key field attribute of the TCAM physical table entry to Range (once set, the key field attribute cannot be dynamically modified), enable the Range matching function, and set the capacity of the Range field to 16 bits.
In addition, the method relates to a search instruction for performing a search operation in the TCAM database, and a search key of the search instruction is initialized to set a corresponding Range attribute in the search key.
The network device associates data (e.g., action data) in the double rate synchronous dynamic random access memory (Double Data Rate Synchronous Dynamic Random Access Memory, DDR SDRAM) with TCAM physical entries in the TCAM database.
And adding a Range field in the key and verification field of the TCAM physical table entry, wherein the Range field comprises a Range field and an extension field. In addition, the network device associates the key and authentication fields with Address Data (AD). At this point, the addition of the TCAM physical entry is completed.
In the embodiment of the application, the Range field is traversed and issued according to the sequence of initializing the Range field by the TCAM database.
In addition, in the embodiment of the application, the Range matching operation of the TCAM does not support physical entry modification. Thus, when modifying the contents of a physical entry, a new physical entry may be issued first, followed by the deletion of the old physical entry.
In addition, in terms of resource statistics, if an ACL rule is converted into a plurality of TCAM physical entries, for example, according to the 16bit to 16bit or 16bit to 24bit encoding algorithm, when the ACL rule is converted into a TCAM physical entry, one ACL rule may derive a plurality of TCAM physical entries, and at this time, it is necessary to count all the logical entries and all the TCAM physical entries displayed to the user together.
And (3) a data searching process:
the user inputs a search key 1 to the network device, the search key 1 comprising a source port 1 and a destination port 2.
The network device buffers the search key 1 in the content buffer.
The network equipment guides the search key 1 into the SDK port, further, TCAM software utilizes a preset Range matching operation to insert the source port 1 in the search key 1 into a Range domain and an expansion domain to obtain a candidate value 1, and inserts the destination port 2 in the search key 1 into the Range domain and the expansion domain to obtain a candidate value 2. The candidate value 1 is the source port 1 of 32 bits in the process of matching operation according to the preset Range, and the candidate value 2 is the destination port 2 of 32 bits in the process of matching operation according to the preset Range.
According to a preset combination mode, the network equipment combines the candidate values to obtain 3 keys shown in fig. 5, wherein the 3 keys are respectively 0-2.
And then, the network equipment inputs the secret key 0-2 into the TCAM, performs searching operation, obtains corresponding searching results 0-3 and the like, and returns the searching results to the user. The search result includes address data, and based on the address data, data required by a user can be obtained from the DDR.
In this embodiment of the present application, a Key Processing Unit (KPU) may be set in the network device, and the KPU inputs the Key 0-2 into the TCAM to perform a search operation, which is not limited thereto.
Based on the embodiment, TCAM resources can be effectively saved. For example, in the worst case, the Range of the energy port is 2-65534, the Range of the destination port is 2-65534, and the Range of the TTL is 2-254.
If a 16 bit-24 bit coding algorithm is adopted, a single ACL rule is actually issued into 13 TCAM physical table entries, and compared with the prior art of issuing TCAM physical table entry pioneers based on a mask algorithm, the TCAM resource is saved by about 29 times.
If a 16 bit-32 bit coding algorithm is adopted, a single ACL rule is actually issued into 1 TCAM physical table item, and a TCAM physical table item pioneer is issued based on a mask algorithm in the related technology, so that about 377 times of TCAM resources are saved.
Corresponding to the above data storage method, the embodiment of the present application further provides a data storage device, as shown in fig. 7, where the device is applied to a network device, and may include:
an extracting module 71, configured to extract a Range start value and a Range end value of a preset Range attribute from the ACL rule;
a first inserting module 72, configured to insert a Range start value and a Range end value into the Range field and the extension field according to a preset Range matching operation, to obtain a key;
a filling module 73, configured to fill the address included in the key and the ACL rule into the TCAM physical table entry.
In an alternative embodiment, the number of the preset Range attributes is a plurality of;
the first inserting module 72 may specifically be configured to insert, according to a preset Range matching operation, a Range start value and a Range end value of each preset Range attribute into a Range domain and an extension domain, respectively, to obtain a key of each preset Range attribute.
In an alternative embodiment, the data storage device may further include:
the first acquisition module is used for acquiring a first search key after filling addresses included in the key and the ACL rule into TCAM physical table items, wherein the first search key comprises a target value of a preset Range attribute;
the second inserting module is used for inserting the target value into the Range domain and the expansion domain according to the preset Range matching operation to obtain a second search key;
the first searching module is used for searching a second searching key in the keys included in the TCAM physical table entry;
and the first return module is used for returning the address included in the TCAM physical table item if the second search key is found in the TCAM physical table item.
In an alternative embodiment, the preset Range attribute includes one or more of a source port, a destination port, and a time-to-live value.
In the technical scheme provided by the embodiment of the application, the network equipment is provided with an extension domain besides the Range. The extended field may be used to record more Range information. And the network equipment inserts the Range starting value and the Range end value into the Range domain and the extension domain according to the preset Range matching operation to obtain the key. More Range information can be included in the secret key, so that the number of TCAM physical table entries can be greatly reduced when TCAM physical table entries of ACL rules are generated, the problem of insufficient TCAM resources caused by the need of processing a large number of ACL rules is solved, the utilization rate of TCAM is further improved, and the requirement of high-load service is met.
Corresponding to the above data searching method, the embodiment of the present application further provides a data searching device, as shown in fig. 8, where the device is applied to a network device, and may include:
a second obtaining module 81, configured to obtain a first search key, where the first search key includes a target value of a preset Range attribute;
a third inserting module 82, configured to insert the target value into the Range domain and the extension domain according to a preset Range matching operation, to obtain a second search key;
a second searching module 83, configured to search a second search key in the keys included in the TCAM physical table entry;
a second return module 84 is configured to return the address included in the TCAM physical table entry if the second search key is found in the TCAM physical table entry.
In an alternative embodiment, the number of the preset Range attributes is a plurality of;
the third inserting module is specifically configured to insert target values of each preset Range attribute into a Range domain and an extension domain respectively according to a preset Range matching operation, so as to obtain candidate values corresponding to each target value; and combining each candidate value according to a preset combination mode to obtain a second search key.
In an alternative embodiment, the network device includes a plurality of logical registers;
the third inserting module is specifically configured to write each target value into a corresponding logic register according to a corresponding relation between each preset Range attribute and the logic register; inserting each target value in each logic register into a Range domain and an extension domain according to a preset Range matching operation to obtain a candidate value corresponding to each target value; and combining each candidate value in each logic register to obtain a second search key corresponding to the logic register.
In an alternative embodiment, the preset Range attribute includes one or more of a source port, a destination port, and a time-to-live value.
In this embodiment of the present application, the key field of the TCAM physical table entry includes a Range field and an extension field, and the key field records more Range information. Therefore, when TCAM physical table items of ACL rules are generated, the number of the TCAM physical table items can be greatly reduced, and the problem of insufficient TCAM resources caused by processing a large number of ACL rules is solved. By using the TCAM physical table entry to execute the searching operation, the utilization rate of the TCAM can be effectively improved, and the requirement of high-load service can be met.
Corresponding to the above data storage method, the embodiment of the present application further provides a network device, as shown in fig. 9, including a processor 91 and a machine-readable storage medium 92, where the machine-readable storage medium 92 stores machine executable instructions capable of being executed by the processor 91, and the processor 91 is caused by the machine executable instructions to: any of the above data storage method steps is implemented.
Corresponding to the above data searching method, the embodiment of the present application further provides a network device, as shown in fig. 10, including a processor 101 and a machine-readable storage medium 102, where the machine-readable storage medium 102 stores machine executable instructions capable of being executed by the processor 101, and the processor 101 is caused by the machine executable instructions to: any one of the data searching method steps is realized.
Corresponding to the data storage method, the embodiment of the application also provides a machine-readable storage medium, and a computer program is stored in the machine-readable storage medium, and when the computer program is executed by a processor, any one of the data storage method steps is realized.
Corresponding to the above data searching method, the embodiment of the application also provides a machine-readable storage medium, in which a computer program is stored, and when the computer program is executed by a processor, any one of the steps of the above data searching method is implemented.
The machine-readable storage medium may include random access Memory (Random Access Memory, RAM) or may include Non-Volatile Memory (NVM), such as at least one disk Memory. In the alternative, the machine-readable storage medium may also be at least one memory device located remotely from the foregoing processor.
The processor may be a general-purpose processor including a central processing unit (Central Processing Unit, CPU), a network processor (Network Processor, NP), etc.; but also digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), field programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components.
In yet another embodiment provided herein, there is also provided a computer program which, when run on a computer, causes the computer to perform any of the data storage method steps described above.
In yet another embodiment provided herein, there is also provided a computer program which, when run on a computer, causes the computer to perform any of the data lookup method steps described above.
In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, produces a flow or function in accordance with embodiments of the present application, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in or transmitted from one computer-readable storage medium to another, for example, by wired (e.g., coaxial cable, optical fiber, digital Subscriber Line (DSL)), or wireless (e.g., infrared, wireless, microwave, etc.). The computer readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains an integration of one or more available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid State Disk (SSD)), etc.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
In this specification, each embodiment is described in a related manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for the apparatus, network device, machine-readable storage medium, and computer program embodiments, the description is relatively simple, as relevant to the method embodiments, as it is substantially similar to the method embodiments.
The foregoing description is only of the preferred embodiments of the present application and is not intended to limit the scope of the present application. Any modifications, equivalent substitutions, improvements, etc. that are within the spirit and principles of the present application are intended to be included within the scope of the present application.

Claims (12)

1. A data storage method for use with a network device, the method comprising:
extracting a Range starting value and a Range ending value of a preset Range attribute from an Access Control List (ACL) rule;
inserting the Range starting value and the Range end value into a Range domain and an extension domain according to a preset Range matching operation to obtain a key, wherein the preset Range matching operation is used for realizing a Range coding algorithm, the Range domain and the extension domain are placed in a key field, the extension domain is used for filling extension bytes of the Range coding algorithm, and the capacity of the extension domain is determined according to the Range coding algorithm;
and filling the key and the address included by the ACL rule into a TCAM physical table entry.
2. The method of claim 1, wherein the number of the preset Range attributes is a plurality of;
the step of inserting the Range start value and the Range end value into the Range domain and the extension domain according to the preset Range matching operation to obtain the key comprises the following steps:
And respectively inserting the Range start value and the Range end value of each preset Range attribute into the Range domain and the extension domain according to the preset Range matching operation to obtain the key of each preset Range attribute.
3. The method of claim 1 or 2, wherein after populating the TCAM physical table entry with the key and the address included by the ACL rule, the method further comprises:
acquiring a first search key, wherein the first search key comprises a target value of the preset Range attribute;
inserting the target value into a Range domain and an expansion domain according to the preset Range matching operation to obtain a second search key;
searching the second search key in the key included in the TCAM physical table item;
and if the second search key is found in the TCAM physical table entry, returning the address included in the TCAM physical table entry.
4. The method of claim 1 or 2, wherein the preset Range attribute comprises one or more of a source port, a destination port, and a time-to-live value.
5. A data lookup method, for use with a network device, the method comprising:
acquiring a first search key, wherein the first search key comprises a target value of a Range attribute;
Inserting the target value into a Range domain and an extension domain according to a preset Range matching operation to obtain a second search key, wherein the preset Range matching operation is used for realizing a Range coding algorithm, the Range domain and the extension domain are placed in a key field, the extension domain is used for filling extension bytes of the Range coding algorithm, and the capacity of the extension domain is determined according to the Range coding algorithm;
searching the second search key in the key included in the TCAM physical table entry;
and if the second search key is found in the TCAM physical table entry, returning the address included in the TCAM physical table entry.
6. The method of claim 5, wherein the number of the preset Range attributes is a plurality of;
the step of inserting the target value into the Range domain and the expansion domain according to the preset Range matching operation to obtain a second search key comprises the following steps:
according to the preset Range matching operation, respectively inserting target values of each preset Range attribute into a Range domain and an expansion domain to obtain candidate values corresponding to each target value;
and combining each candidate value according to a preset combination mode to obtain a second search key.
7. The method of claim 6, wherein the network device comprises a plurality of logical registers;
the step of respectively inserting target values of each preset Range attribute into a Range domain and an extension domain according to the preset Range matching operation to obtain candidate values corresponding to each target value comprises the following steps:
writing each target value into a corresponding logic register according to the corresponding relation between each preset Range attribute and the logic register; inserting each target value in each logic register into a Range domain and an extension domain according to a preset Range matching operation to obtain a candidate value corresponding to each target value;
the step of combining each candidate value according to a preset combination mode to obtain a second search key comprises the following steps:
and combining each candidate value in each logic register to obtain a second search key corresponding to the logic register.
8. The method of any one of claims 5-7, wherein the preset Range attribute includes one or more of a source port, a destination port, and a time-to-live value.
9. A data storage apparatus for use with a network device, the apparatus comprising:
The extraction module is used for extracting a Range starting value and a Range ending value of a preset Range attribute from an access control list ACL rule;
the first inserting module is used for inserting the Range starting value and the Range end value into a Range domain and an extension domain according to a preset Range matching operation to obtain a key, wherein the preset Range matching operation is used for realizing a Range coding algorithm, the Range domain and the extension domain are placed in a key field, the extension domain is used for filling extension bytes of the Range coding algorithm, and the capacity of the extension domain is determined according to the Range coding algorithm;
and the filling module is used for filling the key and the address included by the ACL rule into a TCAM physical table entry.
10. A data lookup apparatus for use with a network device, the apparatus comprising:
the second acquisition module is used for acquiring a first search key, wherein the first search key comprises a target value of a Range attribute;
the third inserting module is used for inserting the target value into a Range domain and an expansion domain according to a preset Range matching operation to obtain a second search key, the preset Range matching operation is used for realizing a Range coding algorithm, the Range domain and the expansion domain are placed in a key field, the expansion domain is used for filling expansion bytes of the Range coding algorithm, and the capacity of the expansion domain is determined according to the Range coding algorithm;
The second searching module is used for searching the second searching key in the key included in the TCAM physical table entry;
and the second return module is used for returning the address included in the TCAM physical table item if the second search key is found in the TCAM physical table item.
11. A network device comprising a processor and a machine-readable storage medium storing machine-executable instructions executable by the processor, the processor being caused by the machine-executable instructions to: method steps of any of claims 1-4 or 5-8 are carried out.
12. A machine-readable storage medium, characterized in that it has stored therein a computer program which, when executed by a processor, implements the method steps of any of claims 1-4 or 5-8.
CN202110641530.4A 2021-06-09 2021-06-09 Data storage and searching method and device Active CN113392039B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110641530.4A CN113392039B (en) 2021-06-09 2021-06-09 Data storage and searching method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110641530.4A CN113392039B (en) 2021-06-09 2021-06-09 Data storage and searching method and device

Publications (2)

Publication Number Publication Date
CN113392039A CN113392039A (en) 2021-09-14
CN113392039B true CN113392039B (en) 2023-06-20

Family

ID=77618679

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110641530.4A Active CN113392039B (en) 2021-06-09 2021-06-09 Data storage and searching method and device

Country Status (1)

Country Link
CN (1) CN113392039B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118227518B (en) * 2024-05-23 2024-08-16 格创通信(浙江)有限公司 Table entry storage and searching method and device, network equipment and storage medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102377664A (en) * 2010-08-27 2012-03-14 武汉烽火网络有限责任公司 TCAM (ternary content addressable memory)-based range matching device and method
CN112528094A (en) * 2020-12-04 2021-03-19 国网山东省电力公司信息通信公司 Multi-field range TCAM coding method and system based on hierarchical mapping

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7555594B2 (en) * 2004-07-22 2009-06-30 Netlogic Microsystems, Inc. Range representation in a content addressable memory (CAM) using an improved encoding scheme
CN100433009C (en) * 2005-11-24 2008-11-12 华为技术有限公司 Method for managing and maintaining tatic range matching table
CN100479436C (en) * 2005-11-28 2009-04-15 华为技术有限公司 Management and maintenance method for static multi-interface range matching table
CN100555988C (en) * 2006-03-08 2009-10-28 中兴通讯股份有限公司 A kind of method that improves the three-folded content addressable memory message classification seek rate
CN101035061B (en) * 2006-03-09 2010-05-12 中兴通讯股份有限公司 Segmented coded expansion method for realizing the match of the three-folded content addressable memory range
CN102831235A (en) * 2012-09-03 2012-12-19 苏州雄立科技有限公司 Range match and lookup method
CN103546378B (en) * 2013-05-20 2018-06-01 北京百卓网络技术有限公司 Scope based on TCAM matches 2 stage layered lookup methods more
CN104092613A (en) * 2014-07-15 2014-10-08 山东超越数控电子有限公司 Rapid table lookup method based on fuzzy matching
CN108512782A (en) * 2017-02-24 2018-09-07 华为数字技术(苏州)有限公司 Accesses control list is grouped method of adjustment, the network equipment and system
US10834085B2 (en) * 2017-04-14 2020-11-10 Nxp Usa, Inc. Method and apparatus for speeding up ACL rule lookups that include TCP/UDP port ranges in the rules
US10397116B1 (en) * 2017-05-05 2019-08-27 Amazon Technologies, Inc. Access control based on range-matching

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102377664A (en) * 2010-08-27 2012-03-14 武汉烽火网络有限责任公司 TCAM (ternary content addressable memory)-based range matching device and method
CN112528094A (en) * 2020-12-04 2021-03-19 国网山东省电力公司信息通信公司 Multi-field range TCAM coding method and system based on hierarchical mapping

Also Published As

Publication number Publication date
CN113392039A (en) 2021-09-14

Similar Documents

Publication Publication Date Title
Li et al. Packet forwarding in named data networking requirements and survey of solutions
US7069268B1 (en) System and method for identifying data using parallel hashing
US11468027B2 (en) Method and apparatus for providing efficient indexing and computer program included in computer readable medium therefor
US9871727B2 (en) Routing lookup method and device and method for constructing B-tree structure
US11269956B2 (en) Systems and methods of managing an index
US10296497B2 (en) Storing a key value to a deleted row based on key range density
CN111984835B (en) IPv4 mask quintuple rule storage compression method and device
CN104794228A (en) Search result providing method and device
US10783153B2 (en) Efficient internet protocol prefix match support on No-SQL and/or non-relational databases
CN112579595A (en) Data processing method and device, electronic equipment and readable storage medium
CN108427736A (en) A method of for inquiring data
CN113392039B (en) Data storage and searching method and device
CN111914020A (en) Data synchronization method and device and data query method and device
CN114860627B (en) Method for dynamically generating page table based on address information
CN111241090B (en) Method and device for managing data index in storage system
CN100383787C (en) Multi-chart information initializing method of database
CN110515979B (en) Data query method, device, equipment and storage medium
CN112269784B (en) Hash table device based on hardware realization and inserting, inquiring and deleting method
CN101459599B (en) Method and system for implementing concurrent execution of cache data access and loading
US9916086B2 (en) Content-addressable memory device
CN112860712A (en) Transaction database construction method and system based on block chain and electronic equipment
US6931491B2 (en) Hardware-assisted tuple space
US8650209B1 (en) System, method, and computer program for determining most of the non duplicate records in high performance environments in an economical and fault-tolerant manner
Saxena et al. Scalable, memory-efficient pending interest table of named data networking
JP2003234762A (en) Device, method and program for table retrieving, and recording medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant