[go: up one dir, main page]

CN113297430B - High-performance arbitrary partial key measurement method and system based on Sketch - Google Patents

High-performance arbitrary partial key measurement method and system based on Sketch Download PDF

Info

Publication number
CN113297430B
CN113297430B CN202110588731.2A CN202110588731A CN113297430B CN 113297430 B CN113297430 B CN 113297430B CN 202110588731 A CN202110588731 A CN 202110588731A CN 113297430 B CN113297430 B CN 113297430B
Authority
CN
China
Prior art keywords
key
bucket
full
full key
array
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110588731.2A
Other languages
Chinese (zh)
Other versions
CN113297430A (en
Inventor
杨仝
张寅达
王睿鑫
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Peking University
Original Assignee
Peking University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Peking University filed Critical Peking University
Priority to CN202110588731.2A priority Critical patent/CN113297430B/en
Publication of CN113297430A publication Critical patent/CN113297430A/en
Application granted granted Critical
Publication of CN113297430B publication Critical patent/CN113297430B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/901Indexing; Data structures therefor; Storage structures
    • G06F16/9014Indexing; Data structures therefor; Storage structures hash tables
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/903Querying
    • G06F16/90335Query processing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0876Network utilisation, e.g. volume of load or congestion level

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Computational Linguistics (AREA)
  • Environmental & Geological Engineering (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本发明涉及一种基于Sketch的高性能任意部分键测量方法和系统。该方法包括:从每个数据包中提取全键及其大小,并将其哈希映射到sketch中每个数组的一个存储桶中;使用全键更新每个映射到的存储桶,并基于随机方差最小化技术确定全键的估计大小;基于数据平面中的sketch构建一个包含所有全键及其估计大小的查询表;在查询部分键时,在控制平面中聚合每个部分键对应的全键集合,得到部分键的估计大小。本发明在任意部分键测量任务上实现了很高的准确度,可以在较小的内存空间实现高速的运行,同时所测的部分键数量对系统性能无明显影响;通过增加硬件并行性和消除循环依赖,本发明得以在软件平台和硬件平台都能够实现且性能优异。

Figure 202110588731

The invention relates to a Sketch-based high-performance arbitrary part key measurement method and system. The method consists of: extracting the full key and its size from each packet and hash mapping it into one bucket of each array in the sketch; updating each mapped bucket with the full key, and based on random The variance minimization technique determines the estimated size of the full key; builds a lookup table containing all full keys and their estimated size based on the sketch in the data plane; when querying partial keys, aggregates the full keys corresponding to each partial key in the control plane collection to get the estimated size of the partial keys. The invention achieves high accuracy on any part of the key measurement task, can achieve high-speed operation in a small memory space, and at the same time the measured part of the key number has no obvious impact on the system performance; by increasing the hardware parallelism and eliminating With circular dependency, the present invention can be implemented on both software platform and hardware platform with excellent performance.

Figure 202110588731

Description

基于Sketch的高性能任意部分键测量方法和系统High performance arbitrary partial key measurement method and system based on Sketch

技术领域technical field

本发明涉及网络测量中的任意部分键测量领域,具体为一种利用名为CocoSketch(Cornucopia Sketch,如意简表)的概率数据结构实现在软硬件平台上对任意部分键进行高精度测量的方法和系统。The invention relates to the field of arbitrary partial key measurement in network measurement, in particular to a method for implementing high-precision measurement of arbitrary partial keys on a software and hardware platform by utilizing a probabilistic data structure named CocoSketch (Cornucopia Sketch, wishful sketch). system.

背景技术Background technique

目前,网络监控和测量已成为各种网络管理任务的基础,例如流量工程、负载均衡、流量调度和异常检测等。这些任务通常需要及时、准确地估计网络流量指标。在这方面,基于sketch的算法能够在使用少量资源的大型网络中,以高准确率估算这些指标。通常,在同一个网络中,不同的网络测量任务需要基于不同的流键来获取不同的统计信息。例如,主机级的流量工程需要使用SrcIP作为跟踪大流的流键,而流量调度需要五元组作为流键。此外,在安全检测和诊断任务中,我们需要详尽地跟踪所有可能的流键,包括五元组、SrcIP、DstIP以及它们的任意前缀,才能定位异常流。但现有的基于sketch的设计通常着重于估计在单个流键上定义的统计信息,而为每个流键维护一个sketch,由于资源的限制,通常是不可行的。因此,急需一种能够支持多键测量的sketch算法来解决任意部分键的查询问题。Currently, network monitoring and measurement have become the basis for various network management tasks, such as traffic engineering, load balancing, traffic scheduling, and anomaly detection. These tasks often require timely and accurate estimation of network traffic metrics. In this regard, sketch-based algorithms are able to estimate these metrics with high accuracy in large networks using few resources. Usually, in the same network, different network measurement tasks need to obtain different statistics based on different flow keys. For example, host-level traffic engineering requires the use of SrcIP as the flow key for tracking large flows, while traffic scheduling requires quintuple as the flow key. Furthermore, in security detection and diagnosis tasks, we need to exhaustively track all possible flow keys, including quintuple, SrcIP, DstIP, and their arbitrary prefixes, to locate abnormal flows. But existing sketch-based designs usually focus on estimating statistics defined on a single stream key, and maintaining a sketch for each stream key is usually not feasible due to resource constraints. Therefore, a sketch algorithm that can support multi-key measurement is urgently needed to solve the query problem of arbitrary partial keys.

为了解决这个问题,目前已有工作做出了一些尝试。R-HHH(RandomizedHierarchical Heavy Hitters,参见“Ran Ben-Basat,Gil Einziger,Roy Friedman,Marcelo Caggiani Luizelli,and Erez Waisbard.Constant time updates inhierarchical heavy hitters.In SIGCOMM 2017.ACM,2017.”)主要用于查找共享某些IP前缀的大流的集合,这是任意部分键查询的一种特殊情况。它为每个流键(IP前缀)维护一个sketch,插入时基于采样技术随机选择一个sketch进行更新,从而减少了每个数据包的sketch更新操作。但这种方法仅支持IP前缀作为部分键,且由于占用的内存过多而不适用于硬件平台。USS(Unbiased SpaceSaving,参见“Daniel Ting.Data sketches fordisaggregated subset sum and frequent item estimation.In SIGMOD 2018.ACM,2018.”)则基于子集总和估计理论去解决任意部分键查询的问题,该理论认为任何特定的部分键都可以由特定全键的集合来表示。USS将方差最小化技术应用于SpaceSaving以解决子集总和估计问题,从而实现任意部分键的查询。但由于USS的每次更新都需要基于所有已记录的流信息,使得它无法实现较高的资源效率,并且只能在软件平台运行。In order to solve this problem, some attempts have been made so far. R-HHH (Randomized Hierarchical Heavy Hitters, see "Ran Ben-Basat, Gil Einziger, Roy Friedman, Marcelo Caggiani Luizelli, and Erez Waisbard. Constant time updates inhierarchical heavy hitters. In SIGCOMM 2017. ACM, 2017.") is mainly used for finding A collection of large streams that share some IP prefix, which is a special case of arbitrary partial key queries. It maintains a sketch for each flow key (IP prefix), and randomly selects a sketch to update based on the sampling technique when inserting, thereby reducing the sketch update operation of each packet. However, this method only supports IP prefixes as partial keys, and is not suitable for hardware platforms due to excessive memory usage. USS (Unbiased SpaceSaving, see "Daniel Ting.Data sketches fordisaggregated subset sum and frequent item estimation.In SIGMOD 2018.ACM,2018.") is based on the subset sum estimation theory to solve the problem of arbitrary partial key query, which holds that any A specific partial key can be represented by a specific set of full keys. USS applies variance minimization techniques to SpaceSaving to solve the subset sum estimation problem, enabling querying of arbitrary partial keys. However, since each update of USS needs to be based on all recorded flow information, it cannot achieve high resource efficiency and can only run on a software platform.

发明内容SUMMARY OF THE INVENTION

为了克服现有的任意部分键查询算法精度较低、处理速度较慢、资源占用过多和平台兼容性差的不足,本发明提出了一种基于CocoSketch的高性能任意部分键测量系统,该系统可以在资源有限的软硬件平台上以较快的处理速度实现高准确度的任意部分键测量任务。In order to overcome the shortcomings of the existing arbitrary part key query algorithm with low precision, slow processing speed, excessive resource occupation and poor platform compatibility, the present invention proposes a high-performance arbitrary part key measurement system based on CocoSketch, which can High-accuracy arbitrary-part key measurement tasks can be realized with fast processing speed on resource-limited hardware and software platforms.

本发明解决其技术问题所采用的技术方案是:The technical scheme adopted by the present invention to solve its technical problems is:

一种基于Sketch的高性能任意部分键测量方法,包括以下步骤:A high-performance arbitrary partial key measurement method based on Sketch, including the following steps:

从每个数据包中提取全键及其大小,并将其哈希映射到数据平面的sketch中每个数组的一个存储桶中;Extract the full key and its size from each packet and hash it into one bucket per array in the data plane's sketch;

使用全键更新每个映射到的存储桶,并基于随机方差最小化技术确定全键的估计大小;Update each mapped bucket with the full key and determine the estimated size of the full key based on random variance minimization techniques;

基于数据平面的sketch构建一个包含所有全键及其估计大小的查询表;Build a lookup table with all the full keys and their estimated sizes based on the data plane sketch;

在查询部分键时,在控制平面中聚合每个部分键对应的全键集合,得到部分键的估计大小。When querying partial keys, aggregate the set of full keys corresponding to each partial key in the control plane to get the estimated size of the partial keys.

进一步地,所述sketch由d个数组组成,每个数组包含l个<key,value>数对,每个数对称为存储桶,记录一个全键kF和它的估计值;令Bi[j].K和Bi[j].V为第i个数组中的第j个桶的键值和它的估计值,1≤i≤d,1≤j≤l;d个数组分别与d个独立的哈希函数(h1(.),…,hd(.))相联系。Further, the sketch consists of d arrays, each array contains l <key, value> pairs, each pair is called a bucket, and records a full key k F and its estimated value; let B i [ j].K and B i [j].V are the key value of the j-th bucket in the i-th array and its estimated value, 1≤i≤d, 1≤j≤l; the d arrays are respectively associated with d are associated with two independent hash functions (h 1 (.),...,h d (.)).

进一步地,在软件版本算法中,所述使用全键更新每个映射到的存储桶,并基于随机方差最小化技术确定全键的估计大小,包括:Further, in the software version algorithm, the full key is used to update each mapped bucket, and the estimated size of the full key is determined based on the random variance minimization technique, including:

插入数据包时,将每个传入的数据包表示为一个数对(e,w),其中e是全键,w是其大小;对于数据包(e,w),基于哈希索引h1(e),…,hd(e),在d个数组中有d个可能的存储桶将被更新,根据随机方差最小化来选择要更新的存储桶,有两种情况:When inserting packets, represent each incoming packet as a pair (e, w), where e is the full key and w is its size; for packet (e, w), based on the hash index h 1 (e),...,h d (e), there are d possible buckets in d arrays that will be updated, and the bucket to be updated is selected according to random variance minimization, there are two cases:

(1)如果在d个存储桶的任意一个中记录了全键e,则将该存储桶的大小增加w;(1) If the full key e is recorded in any one of the d buckets, increase the size of the bucket by w;

(2)否则,以随机方式更新存储值最小的桶。(2) Otherwise, update the bucket with the smallest storage value in a random manner.

进一步地,所述以随机方式更新值最小的存储桶,包括:Further, updating the bucket with the smallest value in a random manner includes:

假设值最小的存储桶在kth数组中,要更新该存储桶,首先将Bk[hk(e)].V增加w,然后,以概率

Figure BDA0003088581470000021
用e替换Bk[hk(e)].K;Assuming the bucket with the smallest value is in the k th array, to update that bucket, first increase B k [h k (e)].V by w, then, with probability
Figure BDA0003088581470000021
Replace B k [h k (e)].K with e;

如果多个存储桶存有相同的最小值,则随机选择一个存储桶进行更新。If multiple buckets hold the same minimum value, a bucket is randomly selected to update.

进一步地,采用以下方式查询全键的估计值:Further, the estimated value of the full key is queried in the following way:

对于要查询的全键e,基于哈希索引h1(e),…,hd(e),在d个数组中找到d个对应的存储桶;For the full key e to be queried, based on the hash indexes h 1 (e),...,h d (e), find d corresponding buckets in d arrays;

若kth数组对应存储桶中存储的全键Bk[hk(e)].K=e,则返回Bk[hk(e)].V作为全键e的估计值;反之,则返回0。If the k th array corresponds to the full key B k [h k (e)].K=e stored in the bucket, then return B k [h k (e)].V as the estimated value of the full key e; otherwise, then Returns 0.

进一步地,对于硬件版本算法,所述使用全键更新每个映射到的存储桶,并基于随机方差最小化技术确定全键的估计大小,包括:Further, for the hardware version algorithm, the full key is used to update each mapped bucket, and the estimated size of the full key is determined based on the random variance minimization technique, including:

将每个存储桶数组拆分为独立的估计值数组和全键数组,每个数组的更新以并行或以流水线方式运行,以增加硬件并行性和提高吞吐量;Split each bucket array into independent estimates and full key arrays, with updates to each array run in parallel or in a pipelined fashion to increase hardware parallelism and improve throughput;

对于每个数据包(e,w),将通过以下两个步骤独立地更新每个数组:For each packet (e,w), each array will be updated independently through the following two steps:

(1)将映射到的桶的Bi[hi(e)].V增加w;(1) Increase the B i [ hi (e)].V of the mapped bucket by w;

(2)以概率

Figure BDA0003088581470000031
用e替换Bi[hi(e)].K。(2) with probability
Figure BDA0003088581470000031
Replace B i [h i (e)].K with e.

进一步地,如果相同的全键出现在多个数组中,则将不同数组中的平均估计大小作为其最终估计大小。Further, if the same full key appears in multiple arrays, the average estimated size in the different arrays is taken as its final estimated size.

一种采用上述方法的基于Sketch的高性能任意部分键测量系统,其包括:A Sketch-based high-performance arbitrary partial key measurement system using the above method, comprising:

数据平面组件,用于从每个数据包中提取全键及其大小,并将其哈希映射到sketch中每个数组的一个存储桶中;使用全键更新每个映射到的存储桶,并基于随机方差最小化技术确定全键的估计大小;Data plane component that extracts the full key and its size from each packet and hash-maps it into one bucket per array in sketch; updates each mapped bucket with the full key, and Determine the estimated size of the full key based on random variance minimization techniques;

控制平面组件,用于基于数据平面的sketch构建一个包含所有全键及其估计大小的查询表;在查询部分键时,聚合每个部分键对应的全键集合,得到部分键的估计大小。The control plane component is used to build a query table containing all full keys and their estimated sizes based on the sketch of the data plane; when querying partial keys, aggregate the set of full keys corresponding to each partial key to obtain the estimated size of the partial keys.

本发明的有益效果:通过使用随机方差最小化技术,本发明在任意部分键测量任务上实现了很高的准确度,可以在较小的内存空间实现高速的运行,同时所测的部分键数量对系统性能无明显影响;而使用增加硬件并行性和消除循环依赖的技术,本发明得以在软件平台(例如:Open vSwitch和CPU)和硬件平台(例如:FPGA和可编程ASIC)都能够实现且性能优异。Beneficial effects of the present invention: by using the random variance minimization technology, the present invention achieves high accuracy on any partial key measurement task, and can achieve high-speed operation in a small memory space, while the measured number of partial keys There is no significant impact on system performance; instead, the present invention can be implemented on both software platforms (eg: Open vSwitch and CPU) and hardware platforms (eg: FPGA and programmable ASIC) using techniques that increase hardware parallelism and eliminate circular dependencies. Excellent performance.

附图说明Description of drawings

图1是本发明的总体系统架构。FIG. 1 is the overall system architecture of the present invention.

图2是随机方差最小化技术图示。Figure 2 is an illustration of a random variance minimization technique.

图3是增加硬件并行性技术图示。Figure 3 is an illustration of a technique for increasing hardware parallelism.

图4是消除循环依赖技术图示。Figure 4 is an illustration of a circular dependency elimination technique.

图5是数据平面软件版本算法插入示例。Figure 5 is an example of data plane software version algorithm insertion.

图6是数据平面硬件版本算法插入示例。Figure 6 is an example of data plane hardware version algorithm insertion.

图7是控制平面任意部分键查询示例。Figure 7 is an example of a control plane arbitrary part key query.

具体实施方式Detailed ways

为了使得本发明的目的、技术方案以及优点更加清楚明白,以下结合附图当中的实例对本发明进行更进一步详细说明。应当理解,此处所描述的具体实例仅仅用以解释本发明,并不用于限定本发明。In order to make the objectives, technical solutions and advantages of the present invention clearer, the present invention will be described in further detail below with reference to the examples in the accompanying drawings. It should be understood that the specific examples described herein are only used to explain the present invention, but not to limit the present invention.

本发明的主要内容包括:随机方差最小化、增加硬件并行性、消除循环依赖。The main contents of the present invention include: minimizing random variance, increasing hardware parallelism, and eliminating cyclic dependencies.

技术一:随机方差最小化Technique 1: Random Variance Minimization

先前的理论结果表明,基于全键估计值的方差最小化有助于实现高精度的任意部分键查询。对于每个数据包的插入,USS利用方差最小化技术来进行更新,从而在任意部分键查询问题上实现了很高的准确性。但是,其实现方差最小化的方法需要用到所有已记录流的信息,更新操作的计算量过大。因此,本发明设计了随机方差最小化技术。对于每个数据包的插入,本发明的方法仅基于映射流(由哈希映射选择)的信息来最小化方差。图2是随机方差最小化技术图示。Previous theoretical results suggest that variance minimization based on full-key estimates helps achieve arbitrary partial-key queries with high accuracy. For each packet insertion, USS utilizes variance minimization techniques for updates, resulting in high accuracy on arbitrary partial-key query problems. However, its method of minimizing variance needs to use the information of all recorded streams, and the calculation amount of the update operation is too large. Therefore, the present invention designs a random variance minimization technique. For the insertion of each data packet, the method of the present invention minimizes the variance based only on the information of the map stream (selected by the hash map). Figure 2 is an illustration of a random variance minimization technique.

技术二:增加硬件并行性Technique 2: Increase hardware parallelism

仅使用技术一,需要在更新之前访问所有数组中映射到的存储桶,然后基于随机方差最小化技术更新其中某一个存储桶,这就意味着算法的插入过程需要两次访问同一内存。但硬件平台通常不允许在流水线的不同阶段访问同一内存,因为这可能会在流水线运行时导致读写危险。结果是,必须在同一阶段中以串行方式完成所有操作,但这将显着降低吞吐量。因此,本发明通过增加硬件并行度来提高吞吐量。本发明将每个数组中的更新操作进行解耦。具体来说,本发明基于随机方差最小化技术独立地更新每个数组的一个存储桶。然后,每个数组的更新可以并行或以流水线方式运行,从而提高了吞吐量。图3是增加硬件并行性技术图示。Using only technique 1, it is necessary to access all the buckets mapped in the array before updating, and then update one of the buckets based on the random variance minimization technique, which means that the insertion process of the algorithm needs to access the same memory twice. But hardware platforms generally do not allow access to the same memory in different stages of the pipeline, as this could lead to read and write hazards while the pipeline is running. As a result, everything must be done serially in the same stage, which will significantly reduce throughput. Therefore, the present invention improves throughput by increasing hardware parallelism. The present invention decouples the update operations in each array. Specifically, the present invention independently updates one bucket of each array based on a random variance minimization technique. Updates to each array can then be run in parallel or in a pipelined fashion, increasing throughput. Figure 3 is an illustration of a technique for increasing hardware parallelism.

技术三:消除循环依赖Technique 3: Eliminate circular dependencies

在随机方差最小化操作中,可以发现流键及其估计值的更新之间存在循环依赖关系。如上所述,不能在流水线的不同阶段访问相同的内存。因此,必须进行两次连续的条件判断,并在一个阶段中两次访问相同的内存空间。但是,Tofino交换机为保证高线速不允许进行此类操作。本发明发现可以进一步消除技术二中的循环依赖关系。在技术二中,随机方差最小化只需要处理一个映射的存储桶,因此可以将估计值和流键的更新过程独立操作,放入不同的阶段并以流水线方式运行处理。通过结合技术二和三,本系统可以在硬件平台上实现更高的吞吐量,并在基于P4的硬件平台中变得可行。图4是消除循环依赖技术图示。In the stochastic variance minimization operation, it can be found that there is a circular dependency between the update of the stream key and its estimated value. As mentioned above, the same memory cannot be accessed in different stages of the pipeline. Therefore, two consecutive conditional judgments must be made, and the same memory space is accessed twice in one stage. However, Tofino switches do not allow such operations to ensure high wire speed. The present invention finds that the circular dependency in the second technique can be further eliminated. In technique 2, stochastic variance minimization only needs to process one mapped bucket, so the update process of the estimated value and stream key can be operated independently, put into different stages and run the processing in a pipelined fashion. By combining techniques two and three, the present system can achieve higher throughput on hardware platforms and become feasible on P4-based hardware platforms. Figure 4 is an illustration of a circular dependency elimination technique.

基于以上三种技术方案,本发明的系统概述和具体算法设计方案如下:Based on the above three technical solutions, the system overview and specific algorithm design solutions of the present invention are as follows:

图1是本发明的总体系统架构,如图1所示,本系统由数据平面和控制平面两部分组件(或称模块)构成:Fig. 1 is the overall system architecture of the present invention. As shown in Fig. 1, the system consists of two components (or modules) of the data plane and the control plane:

数据平面按以下方式处理每个数据包:(1)首先,从每个数据包中提取全键kF及其大小,并将其哈希映射到sketch中每个数组的一个存储桶中;(2)其次,使用对应的全键kF更新每个映射到的存储桶,其估计大小基于随机方差最小化技术而决定。The data plane processes each packet as follows: (1) First, extract the full key kF and its size from each packet and hash it into one bucket per array in sketch; ( 2) Second, each mapped bucket is updated with the corresponding full key kF , whose estimated size is determined based on random variance minimization techniques.

控制平面为任意部分键提供了一个查询前端:(1)首先,基于数据平面上的sketch,构建一个包含所有全键及其估计大小的查询表。(2)其次,聚合每个特定部分键对应的全键集合,得到部分键的估计大小。The control plane provides a query front-end for arbitrary partial keys: (1) First, based on the sketch on the data plane, build a lookup table containing all full keys and their estimated sizes. (2) Second, aggregate the full key set corresponding to each specific partial key to obtain the estimated size of the partial key.

其中,“全键”是指完整的流键,例如五元组、SrcIP或DstIP等;“部分键”是指全键的子集,例如SrcIP和DstIP都是五元组的部分键、IP地址的任意前缀都是该IP地址的部分键。Among them, "full key" refers to the complete flow key, such as quintuple, SrcIP or DstIP, etc.; "partial key" refers to a subset of the full key, for example, SrcIP and DstIP are both partial keys of quintuple, IP address, etc. Any prefix of is a partial key for that IP address.

对于数据平面的CocoSketch算法,本发明设计了软件版本和硬件版本。本发明的“技术二:增加硬件并行性”和“技术三:消除循环依赖”都是应用于硬件版本之上的。软件版本和硬件版本是相互独立的,软件版本应用于软件平台上,硬件版本应用于硬件平台上。For the CocoSketch algorithm of the data plane, the present invention designs a software version and a hardware version. "Technology 2: Increase hardware parallelism" and "Technology 3: Eliminate circular dependencies" of the present invention are both applied to the hardware version. The software version and the hardware version are independent of each other, the software version is applied to the software platform, and the hardware version is applied to the hardware platform.

软件版本的数据结构即sketch由d个数组组成,每个数组包含l个<key,value>数对。每个数对(也被称为桶,即前文提到的“存储桶”)记录一个全键kF和它的估计值。令Bi[j].K和Bi[j].V为第i个数组中的第j个桶(1≤i≤d,1≤j≤l)的键值和它的估计值。d个数组分别与d个独立的哈希函数(h1(.),…,hd(.))相联系。插入时,将每个传入的数据包表示为一个数对(e,w),其中e是全键,而w是其大小。对于数据包(e,w),基于哈希索引h1(e),…,hd(e),在d个数组中有d个可能的存储桶将被更新,根据随机方差最小化来选择要更新的存储桶。直观地讲,有两种情况:(1)如果在d个存储桶的任意一个中记录了全键e,则将该存储桶的大小增加w;(2)否则,以“随机”方式更新存储值最小的桶。假设值最小的存储桶在kth数组中。要更新该存储桶,首先将Bk[hk(e)].V增加w。然后,以概率

Figure BDA0003088581470000051
用e替换Bk[hk(e)].K。如果多个存储桶存有相同的最小值,则随机选择一个存储桶进行更新。查询时,对于要查询的全键e,基于哈希索引h1(e),…,hd(e),在d个数组中找到d个对应的存储桶。若kth数组对应存储桶中存储的全键Bk[hk(e)].K=e,则返回Bk[hk(e)].V作为全键e的估计值;反之,则返回0。The data structure of the software version, namely, sketch, consists of d arrays, each of which contains l <key, value> pairs. Each pair (also called a bucket, ie the "bucket" mentioned earlier) records a full key k F and its estimated value. Let B i [j].K and B i [j].V be the key and its estimated value of the jth bucket (1≤i≤d, 1≤j≤l) in the ith array. The d arrays are each associated with d independent hash functions (h 1 (.), ..., h d (.)). When inserting, each incoming packet is represented as a pair (e, w), where e is the full key and w is its size. For packet (e,w), based on the hash indices h1 (e),...,hd(e), there are d possible buckets in d arrays to be updated, selected according to random variance minimization The bucket to update. Intuitively, there are two cases: (1) if the full key e is recorded in any of the d buckets, increase the size of that bucket by w; (2) otherwise, update the storage in a "random" fashion The bucket with the smallest value. Suppose the bucket with the smallest value is in the k th array. To update the bucket, first increase B k [h k (e)].V by w. Then, with probability
Figure BDA0003088581470000051
Replace B k [h k (e)].K with e. If multiple buckets hold the same minimum value, a bucket is randomly selected to update. When querying, for the full key e to be queried, based on the hash indexes h 1 (e), ..., h d (e), find d corresponding buckets in d arrays. If the k th array corresponds to the full key B k [h k (e)].K=e stored in the bucket, then return B k [h k (e)].V as the estimated value of the full key e; otherwise, then Returns 0.

硬件版本和软件版本之间的主要区别在于,希望每个数组的插入步骤在硬件上彼此独立。原因是网络硬件(例如:FPGA)的体系结构通常是由逻辑器件大规模并行设计的,并且算法设计应考虑增加并行性以更好地利用资源。具体来看,本发明将软件版本中的每个存储桶数组拆分为独立的估计值数组和全键数组。此处,本发明主要考虑d=1的情况。当d=1时,无论记录的键是否为e,都会将映射存储区的值增加w。对于每个数据包(e,w),将通过以下两个步骤独立地更新每个数组::(1)将映射到的桶的Bi[hi(e)].V增加w;(2)以概率

Figure BDA0003088581470000052
用e替换Bi[hi(e)].K。这样,每个数组的插入逻辑都可以独立分布在整个硬件上,以提高并行性。The main difference between the hardware version and the software version is that the insertion steps for each array are expected to be hardware independent of each other. The reason is that the architecture of network hardware (eg: FPGA) is usually designed in massive parallelism by logic devices, and algorithm design should consider increasing parallelism for better utilization of resources. Specifically, the present invention splits each bucket array in the software version into an independent estimated value array and a full key array. Here, the present invention mainly considers the case of d=1. When d=1, the value of the map storage area is incremented by w regardless of whether the key of the record is e. For each packet (e,w), each array will be updated independently by the following two steps: (1) B i [h i (e)].V of the bucket mapped to is incremented by w; (2) ) with probability
Figure BDA0003088581470000052
Replace B i [h i (e)].K with e. This way, the insertion logic for each array can be independently distributed across the hardware to improve parallelism.

在控制平面中,本发明提供一个前端来查询任意部分键的大小。首先,基于数据平面中的sketch构建一个全键查询表,表中记录了每个全键及其估计值。当需要查询一个部分键的大小时,对该部分键对应的全键集合进行聚合,从而得到所需的部分键估计大小。在硬件版本中,相同的全键可能会出现在多个数组中,将不同数组中的平均估计大小作为其最终估计大小。In the control plane, the present invention provides a front end to query the size of any partial key. First, build a full key lookup table based on sketch in the data plane, which records each full key and its estimated value. When the size of a partial key needs to be queried, the full key set corresponding to the partial key is aggregated to obtain the required estimated size of the partial key. In hardware versions, the same full key may appear in multiple arrays, taking the average estimated size in the different arrays as its final estimated size.

图5给出了数据平面软件版本算法的具体插入示例。如图5所示,令d=2。要插入全键为e3并且大小为4的数据包,软件版本首先将其映射到每个数组中的一个存储桶。由于e3未记录在任何映射的存储桶中,因此尝试找到估计值最小的存储桶,并发现第二个映射的存储桶中的估计值最小。因此,先将估计值更新为16,然后以4/16的概率用e3替换掉存储区的e2。对于全键为e5并且大小为1的数据包,软件版本将其映射到每个数组中的一个存储桶。在这两个存储桶中,发现第一个存储桶中记录了e5。因此,将相应的值增加1(从15到16)。Figure 5 shows a specific insertion example of the data plane software version algorithm. As shown in Figure 5, let d=2. To insert a packet with full key e 3 and size 4, the software version first maps it to one bucket in each array. Since e 3 is not recorded in any of the mapped buckets, try to find the bucket with the smallest estimate and find the smallest estimate in the second mapped bucket. So, first update the estimate to 16, then replace e 2 of the storage area with e 3 with probability 4/16. For packets with full key e 5 and size 1, the software version maps it to one bucket in each array. Of these two buckets, e 5 was found to be recorded in the first bucket. Therefore, increment the corresponding value by 1 (from 15 to 16).

图6给出了数据平面硬件版本算法的具体插入示例。如图6所示,令d=1。要插入全键为e4并且大小为4的数据包,硬件版本首先直接将估计值数组中哈希映射到的桶的计数值加4,然后对于全键数组中的对应位置,以(13-4)/13的概率不进行全键的替换;对于全键为e1并且大小为2的数据包,硬件版本首先直接将估计值数组中哈希映射到的桶的计数值加2,然后以2/15的概率用e1替换掉全键数组中对应位置的全键,只不过由于该位置原先存储的全键就是e1,因此替换与不替换的效果相同。Figure 6 shows a specific insertion example of the data plane hardware version algorithm. As shown in Figure 6, let d=1. To insert a packet with full key e 4 and size 4, the hardware version first directly adds 4 to the count value of the bucket to which the hash maps in the estimate value array, and then for the corresponding position in the full key array, starts with (13- 4) The probability of /13 does not perform full key replacement; for a data packet with a full key of e 1 and a size of 2, the hardware version first directly adds 2 to the count value of the bucket to which the hash is mapped in the estimated value array, and then uses The probability of 2/15 replaces the full key at the corresponding position in the full key array with e 1 , but since the original full key stored in this position is e 1 , the effect of replacement and non-replacement is the same.

图7给出了控制平面进行部分键查询的示例。如图7所示,假设全键是SrcIP,要查询的部分键是SrcIP的前8位前缀。首先获得全键的测量结果。然后,根据全键的第一个字节汇总结果。有两个特定的全键,其前缀为19.*,因此将其大小加起来,即19.*前缀的估计大小为1041(520+521)。只有一个特定全键的前缀为56.*,因此56.*前缀的估计大小等于该全键的大小(856)。Figure 7 shows an example of a partial key query performed by the control plane. As shown in Figure 7, assuming that the full key is SrcIP, the partial key to be queried is the first 8-bit prefix of SrcIP. First obtain the measurement results of the full key. Then, aggregate the results based on the first byte of the full key. There are two specific full keys that are prefixed with 19.*, so add up their sizes, i.e. the estimated size of the 19.* prefix is 1041 (520+521). Only one particular full key is prefixed with 56.*, so the estimated size of the 56.* prefix is equal to the size of that full key (856).

本发明的基于CocoSketch的高性能任意部分键测量方法,可以用于对网络中的任意部分键进行测量。操作员只需要在测量前事先设定一个可能的全键范围(例如五元组),而无需指定具体的测量流键。测量时,根据不同测量任务的需求,在控制平面指定具体的测量流键(例如:SrcIP或DstIP)作为部分键,即可聚合得到相应的测量结果。具体来看,例如在安全检测与诊断的任务当中,由于安全原因我们通常无法事先确定哪些流键是需要测量的,如果使用传统的测量方法,我们需要详尽地跟踪所有可能的流键,包括五元组、SrcIP、DstIP以及它们的任意前缀,才能定位异常流,这将导致很大的资源占用,且在多数情况下是不可行的。而使用本发明提出的测量方法,只需要事先设定全键为五元组,在控制平面中即可得到五元组范围内的所有部分键的大小,从而高效地完成网络测量任务。The high-performance arbitrary partial key measurement method based on CocoSketch of the present invention can be used to measure any partial key in the network. The operator only needs to pre-set a possible full key range (eg quintuple) before measurement, without specifying a specific measurement flow key. During measurement, according to the requirements of different measurement tasks, a specific measurement flow key (for example: SrcIP or DstIP) is specified on the control plane as a partial key, and the corresponding measurement results can be aggregated. Specifically, for example, in the task of security detection and diagnosis, due to security reasons, we usually cannot determine which flow keys need to be measured in advance. If traditional measurement methods are used, we need to track all possible flow keys in detail, including five Only tuples, SrcIP, DstIP and their arbitrary prefixes can locate the abnormal flow, which will cause a lot of resource consumption and is not feasible in most cases. However, using the measurement method proposed by the present invention only needs to set the whole key as a quintuple in advance, and the size of all partial keys within the quintuple range can be obtained in the control plane, thereby efficiently completing the network measurement task.

实验数据:Experimental data:

1.Heavy Hitters检测1. Heavy Hitters Detection

召回率:无论所跟踪的部分键的数量如何,CocoSketch的召回率通常都高于95%。在测量6个流键时,本发明的CocoSketch的精度比现有的Elastic Sketch和SpaceSaving的精度分别高28.4%和51.6%。Recall: CocoSketch typically has a recall above 95% regardless of the number of partial keys tracked. When measuring 6 flow keys, the accuracy of the CocoSketch of the present invention is 28.4% and 51.6% higher than that of the existing Elastic Sketch and SpaceSaving, respectively.

精确率:CocoSketch的精确率通常高于90%,比USS高57%。Accuracy: CocoSketch is typically above 90% accurate, 57% higher than USS.

平均相对误差:CocoSketch的平均相对误差通常小于0.1,是USS的3.1倍。当测量6个部分键时,CocoSketch的平均相对误差约为其他算法的9.3倍。Average relative error: The average relative error of CocoSketch is usually less than 0.1, which is 3.1 times that of USS. When measuring 6 partial keys, the average relative error of CocoSketch is about 9.3 times that of other algorithms.

2.Heavy Changes检测2. Heavy Changes detection

召回率:无论流键的数量如何,CocoSketch的召回率通常都高于95%。当测量6个流键时,本发明的CocoSketch的召回率分别比现有的C-Heap、CM-Heap、Elastic Sketch和Univmon高78%、69%、27%和87%。Recall: CocoSketch typically has a recall higher than 95% regardless of the number of flow keys. When measuring 6 flow keys, the recall of CocoSketch of the present invention is 78%, 69%, 27% and 87% higher than the existing C-Heap, CM-Heap, Elastic Sketch and Univmon, respectively.

精确率:CocoSketch的精确率通常高于90%。当测量6个流键时,CocoSketch的精确率分别比现有的C-Heap、CM-Heap、Elastic Sketch和Univmon高69%、51%、5%和81%。Accuracy: CocoSketch is usually more than 90% accurate. When measuring 6 flow keys, CocoSketch is 69%, 51%, 5% and 81% more accurate than the existing C-Heap, CM-Heap, Elastic Sketch and Univmon, respectively.

3.Hierarchical Heavy Hitters(简称HHH)检测3.Hierarchical Heavy Hitters (referred to as HHH) detection

一维HHH:在1MB内存下,CocoSketch的F1 Score高于99.5%。CocoSketch的平均相对误差比R-HHH小约1282倍。One-dimensional HHH: Under 1MB memory, CocoSketch's F1 Score is higher than 99.5%. The average relative error of CocoSketch is about 1282 times smaller than that of R-HHH.

二维HHH:内存为5MB时,CocoSketch的F1 Score高于99.5%。CocoSketch的平均相对误差大约是R-HHH的平均相对误差的32539倍。2D HHH: CocoSketch's F1 Score is higher than 99.5% when the memory is 5MB. The average relative error of CocoSketch is about 32539 times that of R-HHH.

基于同一发明构思,本发明的另一实施例提供一种电子装置(计算机、服务器、智能手机等),其包括存储器和处理器,所述存储器存储计算机程序,所述计算机程序被配置为由所述处理器执行,所述计算机程序包括用于执行本发明方法中各步骤的指令。Based on the same inventive concept, another embodiment of the present invention provides an electronic device (computer, server, smart phone, etc.), which includes a memory and a processor, the memory stores a computer program, and the computer program is configured to be The processor is executed, and the computer program includes instructions for performing the steps in the method of the present invention.

基于同一发明构思,本发明的另一实施例提供一种计算机可读存储介质(如ROM/RAM、磁盘、光盘),所述计算机可读存储介质存储计算机程序,所述计算机程序被计算机执行时,实现本发明方法的各个步骤。Based on the same inventive concept, another embodiment of the present invention provides a computer-readable storage medium (eg, ROM/RAM, magnetic disk, optical disk), where the computer-readable storage medium stores a computer program, and when the computer program is executed by a computer , realize each step of the method of the present invention.

以上公开的本发明的具体实施例,其目的在于帮助理解本发明的内容并据以实施,本领域的普通技术人员可以理解,在不脱离本发明的精神和范围内,各种替换、变化和修改都是可能的。本发明不应局限于本说明书的实施例所公开的内容,本发明的保护范围以权利要求书界定的范围为准。The specific embodiments of the present invention disclosed above are intended to help understand the content of the present invention and implement them accordingly. Those skilled in the art can understand that various substitutions, changes and modifications can be made without departing from the spirit and scope of the present invention. Modifications are possible. The present invention should not be limited to the contents disclosed in the embodiments of this specification, and the protection scope of the present invention shall be subject to the scope defined by the claims.

Claims (7)

1. A high-performance arbitrary partial key measurement method based on Sketch is characterized by comprising the following steps:
extracting a full key and the size thereof from each data packet, and mapping the hash thereof to a bucket of each array in the sketch of the data plane;
updating each mapped bucket using a full key and determining an estimated size of the full key based on a random variance minimization technique;
constructing a lookup table containing all full keys and the estimated sizes thereof based on the sketch of the data plane;
when a partial key is inquired, aggregating a full key set corresponding to each partial key in a control plane to obtain the estimated size of the partial key;
the sketch consists of d arrays, and each array comprises l arrays<key,value>Pairs of numbers, each pair being called a bucket, recording a full key k F And its estimated value; let B i [j]K and B i [j]V is the key value of the jth bucket in the ith array and its estimated value, i is greater than or equal to 1 and less than or equal to d, j is greater than or equal to 1 and less than or equal to l; d arrays and d independent hash functions (h) respectively 1 (.),…,h d (.)) to be connected;
in the software version algorithm, the updating each mapped bucket using a full key and determining an estimated size of the full key based on a random variance minimization technique includes:
when inserting a packet, representing each incoming packet as a pair of numbers (e, w), where e is the full key and w is its size; for packet (e, w), index h is based on hash 1 (e),…,h d (e) There are d possible buckets to be updated in the d arrays, and the bucket to be updated is selected based on the random variance minimization, in two cases:
(1) if a full key e is recorded in any of the d buckets, increasing the size of the bucket by w;
(2) otherwise, updating the bucket with the minimum storage value in a random mode;
for a hardware version algorithm, the updating each mapped bucket using a full key and determining an estimated size of the full key based on a random variance minimization technique, comprising:
splitting each storage bucket array into an independent estimation value array and a full key array, wherein updating of each array is operated in parallel or in a pipeline mode so as to increase hardware parallelism and improve throughput;
for each packet (e, w), each array will be updated independently by the following two steps:
(1) b of bucket to be mapped to i [h i (e)]B increasing w;
(2) by probability
Figure FDA0003645280270000011
Replacement of B by e i [h i (e)].K。
2. The method of claim 1, wherein randomly updating the buckets with the smallest values comprises:
assume the bucket with the smallest value is at k th In the array, to update the bucket, first B k [h k (e)]V increases w, then with probability
Figure FDA0003645280270000012
Replacement of B by e k [h k (e)].K;
If a plurality of buckets have the same minimum value, one bucket is randomly selected for updating.
3. The method of claim 2, wherein the estimate of the full key is queried in the following manner:
indexing h based on hash for a full key e to be queried 1 (e),…,h d (e) D corresponding buckets are found in the d arrays;
if k is th Full key B stored in array corresponding storage bucket k [h k (e)]If K is e, then return to B k [h k (e)]V as an estimate of the full key e; otherwise, 0 is returned.
4. The method of claim 1, wherein if the same full key appears in multiple arrays, the average estimated size in the different arrays is taken as its final estimated size.
5. Sketch-based high-performance arbitrary partial key measurement system using the method of any one of claims 1 to 4, comprising:
the data plane component is used for extracting a full key and the size of the full key from each data packet and mapping the hash of the full key to a bucket of each array in the sketch; updating each mapped bucket using a full key and determining an estimated size of the full key based on a random variance minimization technique;
the control plane component is used for constructing a lookup table containing all full keys and the estimated sizes of the full keys based on the sketch of the data plane; and when the partial keys are inquired, aggregating the full key set corresponding to each partial key to obtain the estimated sizes of the partial keys.
6. An electronic apparatus, comprising a memory and a processor, the memory storing a computer program configured to be executed by the processor, the computer program comprising instructions for performing the method of any of claims 1 to 4.
7.A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program which, when executed by a computer, implements the method of any one of claims 1 to 4.
CN202110588731.2A 2021-05-28 2021-05-28 High-performance arbitrary partial key measurement method and system based on Sketch Active CN113297430B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110588731.2A CN113297430B (en) 2021-05-28 2021-05-28 High-performance arbitrary partial key measurement method and system based on Sketch

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110588731.2A CN113297430B (en) 2021-05-28 2021-05-28 High-performance arbitrary partial key measurement method and system based on Sketch

Publications (2)

Publication Number Publication Date
CN113297430A CN113297430A (en) 2021-08-24
CN113297430B true CN113297430B (en) 2022-08-05

Family

ID=77325774

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110588731.2A Active CN113297430B (en) 2021-05-28 2021-05-28 High-performance arbitrary partial key measurement method and system based on Sketch

Country Status (1)

Country Link
CN (1) CN113297430B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115484157B (en) * 2022-09-14 2023-06-02 浙江大学 A general configuration method for sketch based on programmable switch
CN119788624A (en) * 2024-12-13 2025-04-08 浙江大学 A Sketch measurement accuracy improvement method based on programmable switch virtualization register, electronic device, and medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103647670A (en) * 2013-12-20 2014-03-19 北京理工大学 Sketch based data center network flow analysis method
CN107798042A (en) * 2016-08-29 2018-03-13 北京大学 A kind of data processing method and Frequency estimation method based on two-layer configuration outside piece inner sheet
CN108304404A (en) * 2017-01-12 2018-07-20 北京大学 A kind of data frequency method of estimation based on improved Sketch structures
CN110868332A (en) * 2019-10-25 2020-03-06 电子科技大学 A network-level traffic measurement method based on SDN

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10515064B2 (en) * 2016-07-11 2019-12-24 Microsoft Technology Licensing, Llc Key-value storage system including a resource-efficient index
CN110071934B (en) * 2019-04-30 2021-03-26 中国人民解放军国防科技大学 Local sensitivity counting abstract method and system for network anomaly detection

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103647670A (en) * 2013-12-20 2014-03-19 北京理工大学 Sketch based data center network flow analysis method
CN107798042A (en) * 2016-08-29 2018-03-13 北京大学 A kind of data processing method and Frequency estimation method based on two-layer configuration outside piece inner sheet
CN108304404A (en) * 2017-01-12 2018-07-20 北京大学 A kind of data frequency method of estimation based on improved Sketch structures
CN110868332A (en) * 2019-10-25 2020-03-06 电子科技大学 A network-level traffic measurement method based on SDN

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
《Data Sketches for Disaggregated Subset Sum and Frequent Item Estimation》;Ting, D 等;《SIGMOD"18: PROCEEDINGS OF THE 2018 INTERNATIONAL CONFERENCE ON MANAGEMENT OF DATA》;20181231;全文 *
《基于概要数据结构的全网络持续流检测方法》;周爱平 等;《计算机应用》;20190810;全文 *

Also Published As

Publication number Publication date
CN113297430A (en) 2021-08-24

Similar Documents

Publication Publication Date Title
Zheng et al. Reference-based framework for spatio-temporal trajectory compression and query processing
US10552287B2 (en) Performance metrics for diagnosing causes of poor performing virtual machines
EP3767483B1 (en) Method, device, system, and server for image retrieval, and storage medium
CN103714134B (en) Network flow data index method and system
US6751627B2 (en) Method and apparatus to facilitate accessing data in network management protocol tables
CN112347377B (en) IP address field searching method, service scheduling method, device and electronic equipment
JP6148732B2 (en) Data indexing method and apparatus
CN111475105B (en) Monitoring data storage method, monitoring data storage device, monitoring data server and storage medium
CN112486914B (en) Data packet storage and quick-checking method and system
CN106776967A (en) Mass small documents real-time storage method and device based on sequential aggregating algorithm
CN113297430B (en) High-performance arbitrary partial key measurement method and system based on Sketch
CN111262756A (en) An accurate measurement method and architecture of high-speed network elephant flow
EP3149621A1 (en) Distance queries on massive networks
US10009239B2 (en) Method and apparatus of estimating conversation in a distributed netflow environment
CN113839835A (en) A Top-k Stream Accurate Monitoring Architecture Based on Small Stream Filtering
WO2022241813A1 (en) Graph database construction method and apparatus based on graph compression, and related component
CN113419792A (en) Event processing method and device, terminal equipment and storage medium
US20110179013A1 (en) Search Log Online Analytic Processing
CN112269726A (en) Data processing method and device
CN113157609B (en) Storage system, data processing method, data processing device, electronic equipment and storage medium
CN109189759A (en) Method for reading data, data query method, device and equipment in KV storage system
CN116303585A (en) A kind of data flow counting method, equipment and storage medium based on Flag flag position
CN108460030A (en) A kind of set element judgment method based on improved Bloom filter
CN118708830A (en) A method, device, equipment and medium for aggregating and counting business request performance indicators
WO2024235197A1 (en) Operation method for file, and electronic device and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant