CN114338225A - Strategy distributor, mimic switch and network system - Google Patents

Strategy distributor, mimic switch and network system Download PDF

Info

Publication number
CN114338225A
CN114338225A CN202210059126.0A CN202210059126A CN114338225A CN 114338225 A CN114338225 A CN 114338225A CN 202210059126 A CN202210059126 A CN 202210059126A CN 114338225 A CN114338225 A CN 114338225A
Authority
CN
China
Prior art keywords
circuit
distribution
feature code
policy
data frame
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210059126.0A
Other languages
Chinese (zh)
Other versions
CN114338225B (en
Inventor
朱珂
方旭升
王永胜
林谦
顾艳伍
赵金萍
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jingxin Microelectronics Technology Tianjin Co Ltd
Original Assignee
Jingxin Microelectronics Technology Tianjin Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jingxin Microelectronics Technology Tianjin Co Ltd filed Critical Jingxin Microelectronics Technology Tianjin Co Ltd
Publication of CN114338225A publication Critical patent/CN114338225A/en
Application granted granted Critical
Publication of CN114338225B publication Critical patent/CN114338225B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1491Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present disclosure provides a policy distributor, a mimic switch and a network system. One embodiment of the mimic switch comprises: the method comprises the following steps: the policy distributor comprises a configuration circuit, a data frame buffer, a feature code extraction circuit, a feature code queue management circuit, a distribution policy query circuit, a distribution policy buffer and a distribution execution circuit. The implementation mode realizes that the storage position and/or the extraction quantity of the protocol types can be configured, and the application range is wider.

Description

Strategy distributor, mimic switch and network system
Technical Field
The disclosure relates to the field of network data switching equipment, in particular to a policy distributor, a mimicry switch and a network system.
Background
To improve the network security of switches, mimetic switches have emerged. That is, in the processing architecture of the mimetic switch, there are multiple processors, i.e., processing center mimetics (hereinafter referred to as mimetic processors). Outside the mimicry boundary, the user perceives only one processor; within the mimicry boundary, three or more mimicry processors are processing the user data. User data needs to be distributed to all the mimicry processors at the same time, and internal control management data needs to be distributed in a targeted mode.
The strategy distributor (or called data strategy distribution circuit) is used for copying and distributing the data frames needing to be processed by the mimic processor to the corresponding mimic processor according to the data specified characteristics so as to realize the general processing and the special processing of the data frames.
Disclosure of Invention
The disclosure provides a policy distributor, a mimic switch and a network system.
In a first aspect, the present disclosure provides a policy distributor comprising: the device comprises a configuration circuit, a data frame buffer, a feature code extraction circuit, a feature code queue management circuit, a distribution strategy inquiry circuit, a distribution strategy buffer and a distribution execution circuit, wherein:
the feature code extraction circuit is used for acquiring a protocol type and a feature value from the data frame according to the protocol type position read from the configuration circuit; generating a feature code by using the collected protocol type and the feature value, and outputting the generated feature code to the feature code queue management circuit;
the feature code queue management circuit is used for caching the feature codes generated by the feature code extraction circuit and queuing and scheduling the cached feature codes;
the distribution strategy inquiry circuit is used for sequentially matching the feature codes currently scheduled by the feature code queue management circuit with the at least one item information configured in the configuration circuit, wherein the item information comprises a reference feature code and a distribution strategy; outputting the distribution strategy in the successfully matched table item information to a distribution strategy cache; and in response to the absence of successfully matched table entry information, outputting a preset total distribution strategy to the distribution strategy cache, wherein the preset total distribution strategy is used for instructing the distribution execution circuit to distribute the data frames read from the data frame cache to all the mimicry processors;
the distribution execution circuit is used for acquiring the distribution strategy from the distribution strategy cache, reading the data frame from the data frame cache, and copying and distributing the read data frame according to the read distribution strategy until the read data frame is at the tail.
In some optional embodiments, the entry information further includes a mask and an enable.
In some optional embodiments, the sequentially matching the feature codes currently scheduled by the feature code queue management circuit with the at least one item information configured in the configuration circuit includes:
for each item information in at least one item information in the configuration circuit, determining whether the item information is enabled; if not, determining that the matching is not successful; if the feature code queue management circuit is enabled, the feature code currently scheduled by the feature code queue management circuit and the mask code in the table item information are subjected to preset operation, and if the obtained operation result is the same as the reference feature code in the table item information, the matching is determined to be successful; if not, the matching is determined to be unsuccessful.
In some optional embodiments, the preset operation is any one of the following: a bitwise and operation, a bitwise or operation, a bitwise xor operation.
In some optional embodiments, the distribution policy is cached as a first-in-first-out memory.
In some optional embodiments, the copying and distributing the read data frame according to the read distribution policy includes:
and copying the read data frame according to the read distribution strategy and distributing the data frame to the corresponding mimicry processor.
In some optional embodiments, the copying and distributing the read data frame according to the read distribution policy includes:
generating a data message based on the read distribution strategy and the data frame;
and sending the generated data message to an external circuit of the strategy distributor, so that the external circuit can copy and distribute the data frame in the received data message according to the distribution strategy in the received data message.
In a second aspect, the present disclosure provides a mimetic switch, comprising: a management processor, a policy distributor as described in any implementation of the first aspect, and at least three mimicry processors, wherein the management processor is configured to configure a protocol type location and at least one entry information to a configuration circuit in the policy distributor.
In a third aspect, the present disclosure provides a network system, including a router, a mimic switch, a server, and an optical transmission device, where the mimic switch employs the mimic switch described in the second aspect.
The working process of a data strategy distribution circuit in the existing mimicry switch is as follows: when the data frame is input, on one hand, caching the data frame, on the other hand, extracting the protocol type at the specified position, if the protocol type is the specified type, extracting the mimicry processor identification at the specified position, and distributing the extracted mimicry processor identification to the corresponding mimicry processor; if the protocol type is a non-specified type, the data frame is copied and distributed to all the mimicry processors. Although the realization method has a simple structure, the realization method has the following defects along with the continuous upgrade of the mimicry processing architecture:
(1) the supported data frame types are fixed, and the protocol types can be extracted only at the specified positions;
(2) the extracted protocol type is single (namely, only the specified type is supported), and the identification of the multi-layer protocol cannot be supported;
(3) the supported distribution strategy is fixed and cannot be dynamically adjusted according to the change of the application environment;
(4) the protocol types supporting the establishment and distribution are few, and the expansibility is avoided;
(5) is not configurable.
In order to solve the above-mentioned defects in the prior art, the policy distributor, the mimicry switch and the network system provided by the present disclosure design that the policy distributor includes a configuration circuit, a data frame buffer, a feature code extraction circuit, a feature code queue management circuit, a distribution policy query circuit, a distribution policy buffer and a distribution execution circuit, and the switch includes a management processor, a distribution policy device and at least three mimicry processors, wherein the management processor configures a protocol type position and at least one item information to the configuration circuit in advance, where the item information includes a reference feature code and a distribution policy; after a data frame arrives, the feature code extraction circuit reads a protocol type position from the configuration circuit, acquires a protocol type and a feature value from the data frame according to the protocol type position read from the configuration circuit, generates a feature code by using the acquired protocol type and feature value, and outputs the generated feature code to the feature code queue management circuit; then the characteristic code queue management circuit can buffer the characteristic codes generated by the characteristic code extraction circuit and perform queuing scheduling on the buffered characteristic codes; the distribution strategy inquiry circuit can match the feature codes currently scheduled by the feature code queue management circuit with at least one item of information configured in the configuration circuit in sequence, output the distribution strategies in the item information successfully matched to the distribution strategy cache, and output all preset distribution strategies to the distribution strategy cache in response to the absence of the item information successfully matched, wherein all preset distribution strategies are used for indicating the distribution execution circuit to distribute the data frames read from the data frame cache to all mimicry processors; finally, the distribution execution circuit can acquire the distribution strategy from the distribution strategy cache, read the data frame from the data frame cache, and copy and distribute the read data frame according to the read distribution strategy until the end of the read data frame. The above-described mimicry switch may achieve technical effects including, but not limited to:
first, the protocol type position is configured in the configuration circuit through the management processor, so that the configuration of the protocol type storage position is realized, the constraint of identifiable data frame protocols is eliminated, the circuit is wider in application range, and the supported application scenes are richer.
Second, by designing the protocol type extraction position and the extraction number to be configurable without being limited to specifying the protocol type, i.e., increasing the number of protocol types, the diversification of protocol types is realized, and the support of protocol hierarchies requiring special distribution is richer.
Thirdly, the management processor configures the configuration circuit in advance to realize the 'grey list' management of the data frames through the distribution strategy in the table item information, and then the distribution strategy inquiry circuit performs inquiry and matching operations, so that the successfully matched data frames are distributed by a single mimicry processor, distributed by a plurality of mimicry processors or not distributed according to the specified distribution strategy. And the data frame which fails to be matched is out of the grey list, and all the mimicry processor distribution is executed.
Drawings
Other features, objects and advantages of the disclosure will become more apparent upon reading of the following detailed description of non-limiting embodiments thereof, made with reference to the accompanying drawings in which:
figure 1 is a schematic block diagram of one embodiment of a policy distributor and a switch to which the policy distributor of the present disclosure is applied, according to the present disclosure;
fig. 2 is a flow diagram of a switch data forwarding process according to the present disclosure;
fig. 3 is a schematic diagram of an application scenario of a switch data forwarding process according to the present disclosure.
Detailed Description
The present disclosure is described in further detail below with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the relevant invention and not restrictive of the invention. It should be noted that, for convenience of description, only the portions related to the related invention are shown in the drawings.
It should be noted that, in the present disclosure, the embodiments and features of the embodiments may be combined with each other without conflict. The present disclosure will be described in detail below with reference to the accompanying drawings in conjunction with embodiments.
Fig. 1 shows a schematic structural diagram of one embodiment of a policy distributor according to the present disclosure and a switch to which the policy distributor of the present disclosure is applied.
As shown in fig. 1, the switch 100 may include a management processor 101, a policy distributor 102, and n mimicry processors 1031, 1032, …, 103n, where n is a positive integer greater than or equal to 3. The management processor 101 is communicatively coupled to the policy distributor 102. The policy distributor is communicatively coupled to any one of the n mimicry processors 1031, 1032, …, 103 n.
The policy distributor 102 may include a configuration circuit 1021, a data frame buffer 1022, a feature code extraction circuit 1023, a feature code queue management circuit 1024, a distribution policy query circuit 1025, a distribution policy buffer 1026, and a distribution enforcement circuit 1027. The management processor 101 is communicatively connected to the configuration circuit 1021. Configuration circuit 1021 is communicatively coupled to feature code extraction circuit 1023 and to distribution policy cache 1026, respectively. The frame buffer 1022 is communicatively coupled to the feature extraction circuit 1023. The feature code extraction circuit 1023 is in communication connection with a feature code queue management circuit 1024, the feature code queue management circuit 1024 is in communication connection with a distribution policy query circuit 1025, and the distribution policy query circuit 1025 is in communication connection with a distribution policy cache 1026. Distribution policy cache 1026 is communicatively coupled to distribution enforcement circuit 1027.
The data frame buffer 1022 is communicatively coupled to the dispatch execution circuit 1027.
It should be noted that the switch 100 may further include a switch chip (not shown in the figure), and the switch chip may serve as an entity for forwarding data, and mainly completes forwarding of peer-to-peer data according to rules. The switch chip may provide the policy distributor 102 with the upload message data, and distribute the upload message data to the corresponding mimicry processor through the policy distributor 102 for processing. The switch chip may also receive the management configuration data from the mimic processors 1031, 1032, …, 103n, and implement setting of the parameters of the switch chip according to the management configuration data. The policy distributor 102 serves as a bridge between the respective mimicry processors 1031, 1032, …, 103n and the switch chip, and is responsible for distribution of message upload and issue data, and the like. Each of the mimetic processors 1031, 1032, …, 103n may receive the upload message from the policy distributor 102 and perform data processing.
In this embodiment, the n mimicry processors 1031, 1032, …, and 103n are used as heterogeneous equivalent functions, that is, execution entities with different structures and the same function, and execute functions such as specific protocol data processing, unknown packet processing, table entry management, system control authority management, and system log management.
Various common interface communication connections may be employed between the switch chip and the policy distributor 102. For example, the common interface may be an ethernet interface or a PCIE interface.
In this embodiment, in order to improve the security of the switch, the n mimicry processors 1031, 1032, …, and 103n may implement equivalent functions by using heterogeneous processors and heterogeneous operating systems, and communicate with the policy distributor 102 through a communication interface. That is, heterogeneous processors and heterogeneous operating systems may be employed between any two of the n- mimicry processors 1031, 1032, …, 103 n. For example, the processors disposed in the n mimetic processors 1031, 1032, …, 103n may be one of general-purpose processors, such as PowerPC (Performance Optimization With Enhanced RISC-Performance Computing, sometimes abbreviated as PPC) processors, ARM processors (Advanced RISC Machines, ARM processors are a 32-bit reduced instruction set processor architecture), MIPS (microprocessors With interlocked pipelined microprocessors, microprocessors without internal interlocked pipeline stages), and the like. The operating System of the n mimicry processors 1031, 1032, …, 103n may be one of switch operating systems, for example, the above operating System may be Linux (known as GNU/Linux, a set of UNIX-like operating systems free of charge and free propagation, whose kernel was first released in 1991 by linnas benner tokawaz, which is mainly inspired by Minix and UNIX ideas, and is a multi-user, multi-task, multi-thread and multi-CPU-supporting operating System based on POSIX and UNIX), works (VxWorks is a real-time operating System introduced by windriver systems, usa) and other switch operating systems. In addition, protocol stacks may be run on the n mimicry processors 1031, 1032, …, 103n, and each mimicry processor may select an equivalent protocol stack with the same or different functional equivalent structure or a variously compiled private switch protocol stack. The communication interface between the n mimicry processors 1031, 1032, …, 103n and the policy distributor 102 may be one of general interfaces. For example, the generic interface may be an ethernet interface or a PCIE interface.
In some alternative embodiments, the policy distributor 102 may include a Field Programmable Gate Array (FPGA).
In some optional embodiments, the distribution policy cache may be a First-in First-out (FIFO) memory.
As a main function of the switch, a data forwarding operation is indispensable. To implement data forwarding, referring to fig. 2 and 3, fig. 2 illustrates a flow 200 of a switch data forwarding operation according to the present disclosure. The process 200 may be applied to a switch as shown in fig. 1. Fig. 3 is a specific application scenario diagram of the process 200 in the switch shown in fig. 1. The switch data forwarding operation flow comprises the following steps:
in step 201, the management processor configures a protocol type location and at least one entry information to a configuration circuit.
In this embodiment, the management processor in the switch may configure the protocol type location and the at least one entry information to the configuration circuit according to the user requirement. The protocol type position is used for indicating the position of the data frame in which the protocol type information is stored. And the entry information may include various at least one specific entry, such as may include, but is not limited to, a reference feature code and a distribution policy entry. Here, the distribution policy may be used to instruct the distribution execution circuit to distribute the data frame to which specific mimicry processors, may also be used to instruct which specific processing is performed on the data frame by the specific mimicry processors, and so on. Here, the data frame may be a data frame in the message data to be uploaded. Here, the reference signature is used when the distribution policy query circuit matches the signature currently scheduled by the signature queue management circuit with the reference signature in the table entry information configured in the configuration circuit.
In some optional embodiments, the entry information may include a mask entry and an enable entry in addition to the distribution policy entry.
Step 202, the feature code extraction circuit reads the protocol type position from the configuration circuit, collects the protocol type and the feature value from the data frame according to the protocol type position read from the configuration circuit, generates the feature code by using the collected protocol type and the feature value, and outputs the generated feature code to the feature code queue management circuit.
Here, the feature code queue management circuit may buffer the feature codes generated and output by the feature code extraction circuit, and perform queuing scheduling on the buffered feature codes.
Step 203, the distribution strategy inquiry circuit matches the feature codes currently scheduled by the feature code queue management circuit with at least one item information configured in the configuration circuit in sequence, and outputs the distribution strategy in the successfully matched item information to a distribution strategy cache; and responding to the condition that the successfully matched table item information does not exist, and outputting all preset distribution strategies to a distribution strategy cache.
Here, the distribution policy query circuit may match the feature code currently scheduled by the feature code queue management circuit with each item information in at least one item information configured in the configuration circuit in sequence, and output the distribution policy in the item information that is successfully matched to the distribution policy cache. And if the feature code currently scheduled by the feature code queue management circuit is unsuccessfully matched with all the table entry information in at least one piece of table entry information configured in the configuration circuit, outputting all preset distribution strategies to a distribution strategy cache. Here, the preset total distribution policy is used to instruct the distribution execution circuit to distribute the data frame read from the data frame buffer to all the mimic processors in the switch where the policy distributor is located.
In practice, different distribution strategy query circuits can be designed according to actual needs to realize different matching methods.
In some optional embodiments, the entry information stores a mask in addition to the reference feature code and the distribution policy, based on this embodiment, the distribution policy query circuit may perform a preset operation on the feature code currently scheduled by the feature code queue management circuit and the mask in the entry information, and if the operation result is the same as the reference feature code in the entry information, it is determined that the matching is successful; if not, the match is determined to be unsuccessful.
In some optional embodiments, the entry information further stores a mask and an enable in addition to the reference feature code and the distribution policy, and based on this embodiment, the distribution policy query circuit may first determine whether the entry information is enabled; if not, determining that the matching is unsuccessful; if the feature code is enabled, the feature code currently scheduled by the feature code queue management circuit and the mask code in the table item information can be subjected to preset operation, and if the obtained operation result is the same as the reference feature code in the table item information, the matching is determined to be successful; if not, the matching is determined to be unsuccessful.
In some optional embodiments, the preset operation may be any one of the following operations: a bitwise and operation, a bitwise or operation, a bitwise xor operation.
And step 204, the distribution execution circuit acquires the distribution strategy from the distribution strategy cache, reads the data frame from the data frame cache, and copies and distributes the read data frame according to the read distribution strategy until the read data frame is at the tail.
In some optional embodiments, the distribution policy cache may be a First-in First-out (FIFO) memory. Then, the distribution policy stored in the distribution policy cache may be executed by the distribution execution circuit in time order.
In some optional embodiments, the read data frame is copied and distributed according to the read distribution policy, and the read data frame may be copied according to the read distribution policy and distributed to a corresponding mimicry processor, and then processed by the mimicry processor and uploaded.
In some optional embodiments, copying and distributing the read data frame according to the read distribution policy may also be performed as follows:
first, a data packet is generated based on the read distribution policy and the data frame.
Secondly, the generated data message is sent to an external circuit of a strategy distributor, so that the external circuit can copy and distribute the data frame in the received data message according to the distribution strategy in the received data message. That is, after determining the distribution policy, the corresponding data distribution operation may be implemented by the policy distributor, or may be implemented by an external circuit of the policy distributor.
The switch and the flow of the switch data forwarding operation provided by the above embodiments of the present disclosure may achieve the following technical effects, including but not limited to:
first, the data frame protocol type and the table entry information reading position can be configured, so that the policy distributor can support any protocol frame through configuration, and the application range of the policy distributor is wider.
Secondly, the protocol type of the data frame and the quantity of the table entry information can be configured, and the strategy distribution supporting more layers of protocol data is realized.
Thirdly, the strategy distribution table item carries out 'grey list' management on the data frames of different protocols, supports strategy distribution of more special protocols and saves table item resource overhead.
Fourthly, the distribution strategy is managed through the table entries, the distribution strategy of the data frames is dynamically regulated and formulated through configuration management, and the data frames are matched more flexibly by combining the table entry masks and the enabling.
Fifthly, the method is more flexible, the number of extracted protocol types is parameterized, the number of table entry items is parameterized, and the number of mimicry processors supporting distribution is parameterized, and can be increased or decreased according to the requirements of users.
As another aspect, the present disclosure also provides a network system, which may include a router, a switch, a server, and an optical transmission device, where the switch may be the switch described in the above embodiments and various optional embodiments of the present disclosure.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The foregoing description is only exemplary of the preferred embodiments of the disclosure and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the invention in the present disclosure is not limited to the specific combination of the above-mentioned features, but also encompasses other embodiments in which any combination of the above-mentioned features or their equivalents is possible without departing from the inventive concept as defined above. For example, the above features and (but not limited to) the features disclosed in this disclosure having similar functions are replaced with each other to form the technical solution.

Claims (9)

1. A policy distributor, comprising: the device comprises a configuration circuit, a data frame buffer, a feature code extraction circuit, a feature code queue management circuit, a distribution strategy inquiry circuit, a distribution strategy buffer and a distribution execution circuit, wherein:
the feature code extraction circuit is used for acquiring a protocol type and a feature value from the data frame according to the protocol type position read from the configuration circuit; generating a feature code by using the collected protocol type and the feature value, and outputting the generated feature code to the feature code queue management circuit;
the feature code queue management circuit is used for caching the feature codes generated by the feature code extraction circuit and queuing and scheduling the cached feature codes;
the distribution strategy inquiry circuit is used for sequentially matching the feature codes currently scheduled by the feature code queue management circuit with the at least one item information configured in the configuration circuit, wherein the item information comprises a reference feature code and a distribution strategy; outputting the distribution strategy in the successfully matched table item information to a distribution strategy cache; and in response to the absence of successfully matched table entry information, outputting a preset total distribution strategy to the distribution strategy cache, wherein the preset total distribution strategy is used for instructing the distribution execution circuit to distribute the data frames read from the data frame cache to all the mimicry processors;
the distribution execution circuit is used for acquiring the distribution strategy from the distribution strategy cache, reading the data frame from the data frame cache, and copying and distributing the read data frame according to the read distribution strategy until the read data frame is at the tail.
2. The policy distributor of claim 1 wherein the entry information further comprises a mask and an enable.
3. The policy distributor according to claim 2, wherein said sequentially matching the signature currently scheduled by the signature queue management circuit with the at least one item information configured in the configuration circuit comprises:
for each item information in at least one item information in the configuration circuit, determining whether the item information is enabled; if not, determining that the matching is not successful; if the feature code queue management circuit is enabled, the feature code currently scheduled by the feature code queue management circuit and the mask code in the table item information are subjected to preset operation, and if the obtained operation result is the same as the reference feature code in the table item information, the matching is determined to be successful; if not, the matching is determined to be unsuccessful.
4. The policy distributor according to claim 3, wherein the preset operation is any one of: a bitwise and operation, a bitwise or operation, a bitwise xor operation.
5. The policy distributor according to any of claims 1-4, wherein the distribution policy cache is a first-in-first-out memory.
6. The policy distributor according to any of claims 1-4, wherein said copying and distributing the read data frames according to the read distribution policy comprises:
and copying the read data frame according to the read distribution strategy and distributing the data frame to the corresponding mimicry processor.
7. The policy distributor according to any of claims 1-4, wherein said copying and distributing the read data frames according to the read distribution policy comprises:
generating a data message based on the read distribution strategy and the data frame;
and sending the generated data message to an external circuit of the strategy distributor, so that the external circuit can copy and distribute the data frame in the received data message according to the distribution strategy in the received data message.
8. A mimic switch, comprising: a management processor, a policy distributor according to any of claims 1-7 and at least three mimicry processors, wherein the management processor is configured to configure a protocol type location and at least one entry information to a configuration circuit in the policy distributor.
9. A network system comprising a router, a pseudo switch, a server, and an optical transmission device, wherein the pseudo switch is the pseudo switch of claim 8.
CN202210059126.0A 2021-03-29 2022-01-19 Policy distributor, mimicry switch and network system Active CN114338225B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202110336515.9A CN113132358A (en) 2021-03-29 2021-03-29 Strategy distributor, mimic switch and network system
CN2021103365159 2021-03-29

Publications (2)

Publication Number Publication Date
CN114338225A true CN114338225A (en) 2022-04-12
CN114338225B CN114338225B (en) 2024-04-12

Family

ID=76775427

Family Applications (2)

Application Number Title Priority Date Filing Date
CN202110336515.9A Pending CN113132358A (en) 2021-03-29 2021-03-29 Strategy distributor, mimic switch and network system
CN202210059126.0A Active CN114338225B (en) 2021-03-29 2022-01-19 Policy distributor, mimicry switch and network system

Family Applications Before (1)

Application Number Title Priority Date Filing Date
CN202110336515.9A Pending CN113132358A (en) 2021-03-29 2021-03-29 Strategy distributor, mimic switch and network system

Country Status (1)

Country Link
CN (2) CN113132358A (en)

Citations (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1655534A (en) * 2005-02-25 2005-08-17 清华大学 Double stack compatible router searching device supporting access control listing function on core routers
US20080037515A1 (en) * 2006-06-30 2008-02-14 Ann-Christine Sander Network node, method, and mobile terminal for providing voice calls to a mobile terminal in a packet-switched-only network
CN101127691A (en) * 2006-08-17 2008-02-20 王玉鹏 A method for implementing stream-based policy routing on network processor
US7502366B1 (en) * 2000-05-23 2009-03-10 Advanced Micro Devices, Inc. Arrangement in a network switch for prioritizing data frames based on user-defined frame attributes
WO2014202030A1 (en) * 2013-06-21 2014-12-24 北京邮电大学 Network controller, switch and method for increasing openflow network capability
CN104394150A (en) * 2014-11-26 2015-03-04 大连梯耐德网络技术有限公司 System and method for implementing mimic security network architecture based on hardware reconfiguration
US20150222533A1 (en) * 2014-02-05 2015-08-06 Intel Corporation Transport of ethernet packet data with wire-speed and packet data rate match
CN105874758A (en) * 2014-11-28 2016-08-17 华为技术有限公司 Memory access method, switch and multi-processor system
CN106534046A (en) * 2015-09-10 2017-03-22 中国科学院声学研究所 Mimicry data transmission server and data transmission method
CN109547502A (en) * 2019-01-22 2019-03-29 成都亚信网络安全产业技术研究院有限公司 Firewall ACL management method and device
CN110177080A (en) * 2019-04-18 2019-08-27 中国人民解放军战略支援部队信息工程大学 Mimicry interchanger, the network equipment and system
CN110177046A (en) * 2019-04-18 2019-08-27 中国人民解放军战略支援部队信息工程大学 Secure exchange chip, implementation method and the network switching equipment based on mimicry thought
CN111371740A (en) * 2020-02-17 2020-07-03 华云数据有限公司 Message flow monitoring method and system and electronic equipment
CN111683011A (en) * 2019-03-11 2020-09-18 华为技术有限公司 Message processing method, device, equipment and system
CN111935187A (en) * 2020-10-12 2020-11-13 南京云信达科技有限公司 Data access method and device
CN112187523A (en) * 2020-09-10 2021-01-05 华云数据控股集团有限公司 Network high-availability implementation method and super-convergence system
CN112395233A (en) * 2020-11-30 2021-02-23 华东计算技术研究所(中国电子科技集团公司第三十二研究所) Software definition switching system and method based on CPU and SDI chip
CN112565090A (en) * 2020-11-09 2021-03-26 烽火通信科技股份有限公司 High-speed forwarding method and device

Patent Citations (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7502366B1 (en) * 2000-05-23 2009-03-10 Advanced Micro Devices, Inc. Arrangement in a network switch for prioritizing data frames based on user-defined frame attributes
CN1655534A (en) * 2005-02-25 2005-08-17 清华大学 Double stack compatible router searching device supporting access control listing function on core routers
US20080037515A1 (en) * 2006-06-30 2008-02-14 Ann-Christine Sander Network node, method, and mobile terminal for providing voice calls to a mobile terminal in a packet-switched-only network
CN101127691A (en) * 2006-08-17 2008-02-20 王玉鹏 A method for implementing stream-based policy routing on network processor
WO2014202030A1 (en) * 2013-06-21 2014-12-24 北京邮电大学 Network controller, switch and method for increasing openflow network capability
US20150222533A1 (en) * 2014-02-05 2015-08-06 Intel Corporation Transport of ethernet packet data with wire-speed and packet data rate match
CN104394150A (en) * 2014-11-26 2015-03-04 大连梯耐德网络技术有限公司 System and method for implementing mimic security network architecture based on hardware reconfiguration
CN105874758A (en) * 2014-11-28 2016-08-17 华为技术有限公司 Memory access method, switch and multi-processor system
CN106534046A (en) * 2015-09-10 2017-03-22 中国科学院声学研究所 Mimicry data transmission server and data transmission method
CN109547502A (en) * 2019-01-22 2019-03-29 成都亚信网络安全产业技术研究院有限公司 Firewall ACL management method and device
CN111683011A (en) * 2019-03-11 2020-09-18 华为技术有限公司 Message processing method, device, equipment and system
CN110177080A (en) * 2019-04-18 2019-08-27 中国人民解放军战略支援部队信息工程大学 Mimicry interchanger, the network equipment and system
CN110177046A (en) * 2019-04-18 2019-08-27 中国人民解放军战略支援部队信息工程大学 Secure exchange chip, implementation method and the network switching equipment based on mimicry thought
CN111371740A (en) * 2020-02-17 2020-07-03 华云数据有限公司 Message flow monitoring method and system and electronic equipment
CN112187523A (en) * 2020-09-10 2021-01-05 华云数据控股集团有限公司 Network high-availability implementation method and super-convergence system
CN111935187A (en) * 2020-10-12 2020-11-13 南京云信达科技有限公司 Data access method and device
CN112565090A (en) * 2020-11-09 2021-03-26 烽火通信科技股份有限公司 High-speed forwarding method and device
CN112395233A (en) * 2020-11-30 2021-02-23 华东计算技术研究所(中国电子科技集团公司第三十二研究所) Software definition switching system and method based on CPU and SDI chip

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
S. ABDEL-HAFEEZ: ""A One-Cycle Asynchronous FIFO Queue Buffer Circuit"", 《2020 11TH INTERNATIONAL CONFERENCE ON INFORMATION AND COMMUNICATION SYSTEMS (ICICS)》 *
崔冰萌;倪明;凌幸华;: "基于FPGA的拟态服务器设计", 计算机***应用, no. 04 *
魏帅;于洪;顾泽宇;张兴明;: "面向工控领域的拟态安全处理机架构", 信息安全学报, no. 01 *

Also Published As

Publication number Publication date
CN114338225B (en) 2024-04-12
CN113132358A (en) 2021-07-16

Similar Documents

Publication Publication Date Title
JP6653358B2 (en) Blockchain logging of data from multiple systems
US10218645B2 (en) Low-latency processing in a network node
US7653754B2 (en) Method, system and protocol that enable unrestricted user-level access to a network interface adapter
CN110377570B (en) Node switching method and device, computer equipment and storage medium
US8788565B2 (en) Dynamic and distributed queueing and processing system
JP2015520588A (en) Method and system for low-latency access to key-value based storage systems using FEC techniques
CN102831018B (en) Low latency FIFO messaging system
KR102165864B1 (en) Methods and apparatuses for packet scheduling for software defined networking in edge computing environment
US7293158B2 (en) Systems and methods for implementing counters in a network processor with cost effective memory
JP2009021774A (en) Information processor and information processing system
He et al. Accl: Fpga-accelerated collectives over 100 gbps tcp-ip
CN104683486A (en) Method and device for processing synchronous messages in distributed system and distributed system
CN114338225B (en) Policy distributor, mimicry switch and network system
Iftikhar et al. Towards a redundancy-aware network stack for data centers
JP5728368B2 (en) Network system and communication device
JP5494915B2 (en) Replication system, master server, replica server, replication method, and program
US9736080B2 (en) Determination method, device and storage medium
CN116700595A (en) Data processing method, system and equipment based on cache
Coady et al. Using embedded network processors to implement global memory management in a workstation cluster
US20210011720A1 (en) Vector send operation for message-based communication
Wong et al. Push-Pull Messaging: a high-performance communication mechanism for commodity SMP clusters
JP6787475B2 (en) Communication equipment, systems, rollback methods and programs
CN110249594B (en) Communication apparatus and communication method
JPH10154116A (en) Data transfer method
Yoon et al. Implementation and analysis of TCP/IP offload engine and RDMA transfer mechanisms on an embedded system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant