[go: up one dir, main page]

CN113839885A - A switch-based packet flow monitoring system and method - Google Patents

A switch-based packet flow monitoring system and method Download PDF

Info

Publication number
CN113839885A
CN113839885A CN202110969789.1A CN202110969789A CN113839885A CN 113839885 A CN113839885 A CN 113839885A CN 202110969789 A CN202110969789 A CN 202110969789A CN 113839885 A CN113839885 A CN 113839885A
Authority
CN
China
Prior art keywords
message
processing unit
central processing
switch
packet
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110969789.1A
Other languages
Chinese (zh)
Other versions
CN113839885B (en
Inventor
张锡鑫
刘齐
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Suzhou Metabrain Intelligent Technology Co Ltd
Original Assignee
Suzhou Inspur Intelligent Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Suzhou Inspur Intelligent Technology Co Ltd filed Critical Suzhou Inspur Intelligent Technology Co Ltd
Priority to CN202110969789.1A priority Critical patent/CN113839885B/en
Publication of CN113839885A publication Critical patent/CN113839885A/en
Application granted granted Critical
Publication of CN113839885B publication Critical patent/CN113839885B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/10Packet switching elements characterised by the switching fabric construction
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/12Avoiding congestion; Recovering from congestion
    • H04L47/125Avoiding congestion; Recovering from congestion by balancing the load, e.g. traffic engineering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/22Traffic shaping
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/55Prevention, detection or correction of errors
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本发明提出的一种基于交换机的报文流量监控系统和方法,所述系统包括:交换机和辅助处理器,交换机内设有特殊应用集成电路和中央处理器。辅助处理器通过以太网通道分别与特殊应用集成电路和中央处理器数据连接。特殊应用集成电路,用于交换机的报文业务流量的处理、转发和分析。中央处理器,用于交换机的整体管理。辅助处理器,用于接收特殊应用集成电路上送的报文,隔离和监控特殊应用集成电路与中央处理器之间的报文流量,并通过监控中央处理器的工作状态控制上送至中央处理器的报文速度。本发明实现了报文的过滤和流量控制,避免了交换机上送中央处理器的报文中存在安全或者性能问题的风险,保障中央处理器工作的可靠性。

Figure 202110969789

A switch-based packet flow monitoring system and method proposed by the present invention includes a switch and an auxiliary processor, and the switch is provided with a special application integrated circuit and a central processing unit. The auxiliary processor is separately connected with the special application integrated circuit and the central processing unit through the Ethernet channel. Special application integrated circuit, used for the processing, forwarding and analysis of the packet traffic of the switch. The central processing unit is used for the overall management of the switch. The auxiliary processor is used to receive the messages sent by the special application integrated circuit, isolate and monitor the message flow between the special application integrated circuit and the central processing unit, and send it to the central processing unit by monitoring the working status of the central processing unit. the message speed of the device. The invention realizes the filtering and flow control of the message, avoids the risk of security or performance problems in the message sent by the switch to the central processing unit, and guarantees the reliability of the central processing unit.

Figure 202110969789

Description

Message flow monitoring system and method based on switch
Technical Field
The invention relates to the technical field of computers, in particular to a message flow monitoring system and a message flow monitoring method based on a switch.
Background
Currently, in a common switch design, an ASIC (application specific integrated circuit) specially designed for network application is generally used for processing, forwarding, analyzing, and the like of switch service traffic; the CPU (central processing unit) of the switch is mainly responsible for the overall management of the switch, such as the hardware operating state. In order to monitor the functions of the ASICs, the CPU of the switch also needs to process some messages sent on the ASICs, such as control related messages of LLDP (link layer discovery protocol), STP (spanning tree protocol), ARP (address resolution protocol), or related messages of routing protocols.
For an ASIC specially aiming at processing network messages, the ASIC is good at processing various types of network messages, but the CPU is not, for the ASIC, although a large number of network messages can be easily processed, a large number of message processing can occupy a large amount of CPU resources, slow down the response speed of the CPU, and even affect other works of the CPU, such as the hardware management function of the switch, and the like, especially on a low-cost switch platform with weak CPU performance, unpredictable CPU errors can be caused, causing the CPU to be down, and affecting the overall normal work of the switch.
On the other hand, the existing switch also has a certain safety problem when processing messages, once malicious messages are sent to the CPU through the ASIC, the messages will cause more serious influence on the overall normal operation of the switch.
It can be seen that how to monitor and statistically analyze the flow of the message sent to the CPU is an urgent problem to be solved in order to avoid the risk of the security or performance problems in the message sent to the CPU by the switch and ensure the reliability of the operation of the CPU.
Disclosure of Invention
In view of the above problems, an object of the present invention is to provide a message flow monitoring system and method based on a switch, which implement filtering and flow control of messages, avoid the risk of safety or performance problems in messages sent from the switch to a central processing unit, and ensure the reliability of the central processing unit.
In order to achieve the purpose, the invention is realized by the following technical scheme: a message flow monitoring system based on a switch comprises: the system comprises a switch and an auxiliary processor, wherein a special application integrated circuit and a central processing unit are arranged in the switch. The auxiliary processor is respectively in data connection with the special application integrated circuit and the central processing unit through an Ethernet channel.
The special application integrated circuit is used for processing and analyzing the message service flow of the switch and sending the message to the auxiliary processor.
The auxiliary processor is used for receiving the message sent by the special application integrated circuit, isolating and monitoring the message flow between the special application integrated circuit and the central processing unit, determining the message sending speed by monitoring the working state of the central processing unit, and sending the message to the central processing unit at the determined message sending speed.
And the central processing unit is used for carrying out overall management on the switch according to the sent message.
Further, the auxiliary processor includes:
the isolation unit is used for carrying out statistical technology and content filtering analysis on the uploaded message, and redirecting the message to the central processing unit if the content filtering analysis is normal; when the CPU needs to reply to the ASIC with a message, the message is received and redirected to the ASIC. The isolation unit plays a role in isolating and monitoring the flow between the ASIC and the CPU.
And the monitoring unit is used for monitoring the working load of the central processing unit.
And the buffer unit is used for buffering the messages sent by the special application integrated circuit.
And the uploading speed control unit is used for starting a speed reduction strategy to control the rate of the uploading message according to the working load of the central processing unit.
Further, the isolation unit includes:
the filtering module is used for starting a preset filtering rule to filter out potential risk traffic and unnecessary traffic in the message traffic and directly discarding the traffic; and uploading the filtered message flow to a central processing unit, and recording the message flow into a log. Potential negative effects can occur to the central processor in an efficient manner.
And the protection module is used for starting a preset safety mechanism to identify illegal message flow in the message flow, directly discarding the illegal message flow and recording the illegal message flow into a log.
Further, the monitoring unit includes:
and the power consumption detection module is used for determining the working load of the central processing unit by detecting the power consumption of the central processing unit. The state of the central processing unit can be monitored efficiently.
Further, the speed reduction strategy comprises: when the work load of the central processing unit reaches 80% of the total load, the message sending rate is reduced to 80% of the initial rate, if the work load of the central processing unit continues to increase, the message sending rate is reduced according to a preset function curve, and if the work load of the central processing unit reaches 98% of the total load, the message sending is stopped.
Further, the auxiliary processor further comprises:
and the priority setting unit is used for determining the priority of the message according to the preset key value of the message and establishing a corresponding message uploading queue according to the priority of the message.
Correspondingly, the invention also discloses a message flow monitoring method based on the switch, which comprises the following steps:
s1: processing and analyzing the message service flow of the switch by using a special application integrated circuit, and uploading the message service flow to an auxiliary processor;
s2: after receiving the message, the auxiliary processor carries out isolation and monitoring processing of message flow, determines the speed of the message to be sent to the central processing unit by monitoring the working state of the central processing unit, and sends the processed message to the central processing unit at the determined sending speed;
s3: and the central processing unit performs the overall management of the switch according to the processed message.
Further, the step S2 includes:
the auxiliary processor receives the message sent by the special application integrated circuit;
judging whether the message meets the filtering rule, if so, directly discarding; otherwise, determining whether the message is a safe message by carrying out safety check on the message;
if the message is not a safe message, directly discarding the message; if the message is a safe message, determining the working load of the central processing unit by reading the power of the power supply of the central processing unit, and carrying out flow shaping and speed limiting on the message according to the load of the central processing unit and then uploading the message to the central processing unit.
Further, the filtering rules include:
setting unnecessary message types and message types with potential risks;
identifying whether the type of the current message is an unnecessary message type, if so, directly discarding; if not, identifying whether the type of the current message is a message type with potential risk;
if yes, directly discarding, and if not, finishing filtering.
Further, the step of performing traffic shaping and speed limiting on the message according to the load of the central processing unit and then sending the message to the central processing unit specifically comprises:
if the work load of the central processing unit is lower than 80% of the total load, the message is directly sent to the central processing unit; if the workload of the central processing unit reaches 80% of the total load, the rate of the message to be sent is reduced to 80% of the initial rate;
after the uploading rate is reduced, determining the priority of the message which is not uploaded by reading a preset key value of the message which is not uploaded; in the non-uploading guarantee, the message with the highest priority is uploaded to a central processing unit, and the rest messages are temporarily stored in a cache unit to wait for uploading; if the current cache unit has no storage space, directly discarding the rest messages;
if the current flow of the uploaded message is larger than the preset bandwidth of the central processing unit, temporarily storing the message with the preset proportion to a cache unit.
Compared with the prior art, the invention has the beneficial effects that:
1. the invention improves the safety of the message sent to the central processing unit from the special application integrated circuit, can effectively prevent the sending of error messages and malicious messages, and ensures the normal work of the switch.
2. The invention can effectively reduce the burden of the CPU for processing the message sent by the special application integrated circuit, and the auxiliary processor can discard some redundant or secondary messages before the CPU, thereby reducing the processing burden for the CPU.
3. The invention provides the flow shaping and speed limiting functions, can prevent the conditions of downtime, abnormality and the like of the central processing unit caused by abnormal message uploading conditions, and further ensures the working reliability of the central processing unit.
4. The invention has the priority queue function and can ensure the processing of the central processing unit on the important service of the switch under the condition of meeting the advantages.
5. The invention can directly utilize the prior auxiliary processor for monitoring the peripheral equipment of the switch, can further ensure the working reliability of the central processing unit under the condition of not increasing other components and improves the utilization efficiency of the auxiliary processor.
Therefore, compared with the prior art, the invention has prominent substantive features and remarkable progress, and the beneficial effects of the implementation are also obvious.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
FIG. 1 is a system block diagram of the present invention;
FIG. 2 is a flow chart of the method of the present invention;
FIG. 3 is a flow chart of the operation of the auxiliary processor of the present invention.
In the figure, 1 is an auxiliary processor; 2 is an ASIC; 3 is a central processing unit; 4 is an isolation unit; 5 is a monitoring unit; 6 is a buffer unit; 7 is an upper feeding speed control unit; 8 is a priority setting unit; 41 is a filtering module; 42 is a protection module; reference numeral 51 denotes a power consumption detection module.
Detailed Description
The core of the invention is to provide a message flow monitoring system based on a switch, and in the prior art, the message sent to a CPU by the switch has the risk of safety or performance problems, so that the working reliability of the CPU cannot be guaranteed.
The invention provides a message flow monitoring system based on a switch, which adopts an auxiliary processor to be respectively connected with a special application integrated circuit and a central processing unit through an Ethernet channel. And the auxiliary processor is used for receiving the message sent by the special application integrated circuit, isolating and monitoring the message flow between the special application integrated circuit and the central processing unit, and controlling the speed of the message sent to the central processing unit by monitoring the working state of the central processing unit.
Therefore, the invention realizes the filtration and flow control of the message, avoids the risk of safety or performance problems in the message sent to the central processing unit by the switch, and ensures the working reliability of the central processing unit.
In order that those skilled in the art will better understand the disclosure, the invention will be described in further detail with reference to the accompanying drawings and specific embodiments. It is to be understood that the described embodiments are merely exemplary of the invention, and not restrictive of the full scope of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The first embodiment is as follows:
as shown in fig. 1, this embodiment provides a message traffic monitoring system based on a switch, including: the system comprises a switch and an auxiliary processor 1, wherein an application specific integrated circuit 2 and a central processing unit 3 are arranged in the switch. The auxiliary processor 1 is respectively connected with the application specific integrated circuit 2 and the central processor 3 through Ethernet channels. And the special application integrated circuit 2 is used for processing, forwarding and analyzing the message service flow of the switch and sending the message to the auxiliary processor 1. And the central processing unit 3 is used for overall management of the message switch according to the sent message.
The auxiliary processor 1 is used for receiving the messages sent by the special application integrated circuit, isolating and monitoring the message flow between the special application integrated circuit 2 and the central processing unit 3, and controlling the speed of the messages sent to the central processing unit 3 by monitoring the working state of the central processing unit 3.
The auxiliary processor 1 includes: the device comprises an isolation unit 4, a monitoring unit 5, a buffer unit 6, an uploading speed control unit 7 and a priority setting unit 8.
The isolation unit 4 is used for carrying out statistical technology and content filtering analysis on the uploaded message, and redirecting the message to the central processing unit 3 if the content filtering analysis is normal; when the central processing unit 3 needs to reply to the asic 2 with a message, it receives the message sent down and redirects it to the asic 2. The isolation unit 4 is used for isolating and monitoring the flow between the asic 2 and the cpu 3.
The isolation unit 4 specifically includes:
the filtering module 41 is configured to start a preset filtering rule to filter out potential risk traffic and unnecessary traffic in the packet traffic, and directly discard the potential risk traffic and the unnecessary traffic; and uploading the filtered message flow to the central processing unit 3, and recording the message flow in a log. The filtering module 41 can directly discard the traffic with potential risk or unnecessary traffic on the auxiliary processor 1 to improve performance, so that the traffic is not sent to the central processing unit 3, potential negative effects on the central processing unit 3 are prevented, and meanwhile, the received hit traffic is recorded in a log, so that query and inspection in the future are facilitated;
and the protection module 42 is configured to start a preset security mechanism to identify an illegal message traffic in the message traffic, directly discard the illegal message traffic, and record the discarded illegal message traffic in a log. The preset security mechanism can adopt the self-contained security mechanism and anti-attack measures on the auxiliary processor 1, automatically identify a part of dangerous or illegal message flow, automatically discard the messages and record the messages;
and the monitoring unit 5 is used for monitoring the working load of the central processing unit 3. The monitoring unit 5 includes: and a power consumption detection module 51, configured to determine a workload of the central processing unit 3 by detecting power consumption of the central processing unit 3. The state of the central processing unit 3 can be monitored efficiently. Because the auxiliary processor 1 is also generally responsible for the state control of the peripheral equipments of the switches such as the fan, the power supply and the like, the monitoring of the load of the central processor 3 can be directly reflected by the power consumption of the central processor, when the power consumption is increased, the load of the central processor can be considered to be increased, the power when the central processor is fully loaded is taken as the reference of 100% of the load, and the monitoring unit 5 monitors the working load of the central processor by adopting the mode, so that the monitoring is more efficient and accurate.
And the buffer unit 6 is used for buffering the messages sent by the ASIC 2. The cache unit 6 is specifically configured to: 1. when the load of the central processing unit is too high, the message with low real-time requirement is cached, and when the load of the central processing unit is reduced, the message is uploaded. 2. When a large number of messages are uploaded, the uploading speed is firstly maintained unchanged, messages which are not uploaded are stored in the cache unit 6, and the uploading speed is slowly increased when the cache space of the cache unit 6 occupies too much space, so that the situation that a large number of messages are uploaded to the central processing unit 3 suddenly is prevented. Therefore, by using the cache unit 6, the shaping of the message flow is realized, that is, a large number of messages are prevented from being sent to the central processing unit 3 suddenly, which causes the load of the central processing unit 3 to rise rapidly and affects other functions of the central processing unit.
And the uploading speed control unit 7 is used for starting a speed reduction strategy to control the speed of the uploading message according to the working load of the central processing unit. The speed reduction strategy comprises the following steps: when the work load of the central processing unit reaches 80% of the total load, the message sending rate is reduced to 80% of the initial rate, if the work load of the central processing unit continues to increase, the message sending rate is reduced according to a preset function curve, and if the work load of the central processing unit reaches 98% of the total load, the message sending is stopped.
And the priority setting unit 8 is used for determining the priority of the message according to the preset key value of the message and establishing a corresponding message uploading queue according to the priority of the message. Therefore, the uploading sequence of the messages is determined according to the priority of the message uploading queue, and for the messages with important or high real-time requirements, the messages are preferentially uploaded or are not interrupted when the flow is increased or the work load of the central processing unit is overlarge, so that the interruption of important services is prevented.
In addition, a redundant connection channel is designed between the ASIC 2 and the CPU 3, so that the message traffic can still be guaranteed to be sent once the auxiliary processor 1 fails.
The embodiment provides a message flow monitoring system based on a switch, which adopts an auxiliary processor to be respectively in data connection with a special application integrated circuit and a central processing unit through an Ethernet channel. The auxiliary processor receives the message sent by the special application integrated circuit, isolates and monitors the message flow between the special application integrated circuit and the central processing unit, and controls the speed of the message sent to the central processing unit by monitoring the working state of the central processing unit. The method and the device realize the filtering and flow control of the message, avoid the risk of safety or performance problems in the message sent to the central processing unit by the switch, and ensure the working reliability of the central processing unit.
Example two:
based on the first embodiment, as shown in fig. 2, the present invention also discloses a message traffic monitoring method based on the switch, which includes the following steps:
s1: the message service flow of the switch is processed and analyzed through the special application integrated circuit and is uploaded to the auxiliary processor.
S2: after receiving the message, the auxiliary processor carries out isolation and monitoring processing of message flow, determines the speed of the message to be sent to the central processing unit by monitoring the working state of the central processing unit, and sends the processed message to the central processing unit at the determined sending speed.
This step provides a work flow of the auxiliary processor, as shown in fig. 3, specifically:
the auxiliary processor receives the message sent by the special application integrated circuit; judging whether the message meets the filtering rule, if so, directly discarding; otherwise, determining whether the message is a safe message by carrying out safety check on the message; if the message is not a safe message, directly discarding the message; and if the message is a safety message, determining the working load of the central processing unit by reading the power of the power supply of the central processing unit.
At this time, the message is sent to the central processing unit after the flow shaping and the speed limiting are carried out on the message according to the load of the central processing unit. The method specifically comprises the following steps: if the work load of the central processing unit is lower than 80% of the total load, the message is directly sent to the central processing unit; if the workload of the central processing unit reaches 80% of the total load, the rate of the message to be sent is reduced to 80% of the initial rate; after the uploading rate is reduced, determining the priority of the message which is not uploaded by reading a preset key value of the message which is not uploaded; in the non-uploading guarantee, the message with the highest priority is uploaded to a central processing unit, and the rest messages are temporarily stored in a cache unit to wait for uploading; if the current cache unit has no storage space, directly discarding the rest messages; if the current flow of the uploaded message is larger than the preset bandwidth of the central processing unit, temporarily storing the message with the preset proportion to a cache unit.
In the above method, the adopted filtering rule specifically includes: first, unnecessary message types and potentially risky message types are set. Then, identifying whether the type of the current message is an unnecessary message type, and if so, directly discarding the message; if not, continuously identifying whether the type of the current message is a message type with potential risk; if yes, directly discarding, and if not, finishing filtering.
S3: and the central processing unit performs the overall management of the switch according to the processed message.
The embodiment provides a message flow monitoring method based on a switch, which improves the security of a message sent to a central processing unit on a special application integrated circuit, can effectively prevent the sending of an error message and a malicious message, and ensures the normal work of the switch. The embodiment effectively reduces the burden of the central processing unit for processing the messages sent by the special application integrated circuit, and the auxiliary processor can discard some redundant or secondary messages before the central processing unit, thereby reducing the processing burden for the central processing unit. The embodiment also realizes the functions of flow shaping, speed limiting and priority queue, ensures that the central processing unit processes important services of the switch, can prevent the conditions of central processing unit downtime, abnormity and the like caused by abnormal message uploading conditions, and further ensures the working reliability of the central processing unit.
In conclusion, the invention realizes the filtering and flow control of the message, avoids the risk of safety or performance problems in the message sent to the central processing unit by the switch, and ensures the working reliability of the central processing unit.
The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other. The method disclosed by the embodiment corresponds to the system disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the description of the method part.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
In the embodiments provided by the present invention, it should be understood that the disclosed system, system and method can be implemented in other ways. For example, the above-described system embodiments are merely illustrative, and for example, the division of the units is only one logical functional division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, systems or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional modules in the embodiments of the present invention may be integrated into one processing unit, or each module may exist alone physically, or two or more modules are integrated into one unit.
Similarly, each processing unit in the embodiments of the present invention may be integrated into one functional module, or each processing unit may exist physically, or two or more processing units are integrated into one functional module.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The message flow monitoring system and method based on the switch provided by the invention are introduced in detail above. The principles and embodiments of the present invention are explained herein using specific examples, which are presented only to assist in understanding the method and its core concepts. It should be noted that, for those skilled in the art, it is possible to make various improvements and modifications to the present invention without departing from the principle of the present invention, and those improvements and modifications also fall within the scope of the claims of the present invention.

Claims (10)

1.一种基于交换机的报文流量监控系统,其特征在于,包括:交换机和辅助处理器,交换机内设有特殊应用集成电路和中央处理器,所述辅助处理器通过以太网通道分别与特殊应用集成电路和中央处理器数据连接;1. a message flow monitoring system based on switch, is characterized in that, comprises: switch and auxiliary processor, switch is provided with special application integrated circuit and central processing unit, and described auxiliary processor is respectively connected with special processor through Ethernet channel. Application integrated circuit and central processing unit data connection; 所述特殊应用集成电路,用于交换机的报文业务流量的处理和分析,并向辅助处理器上送报文;The special application integrated circuit is used for the processing and analysis of the message service traffic of the switch, and the message is sent to the auxiliary processor; 所述辅助处理器,用于接收特殊应用集成电路上送的报文,隔离和监控特殊应用集成电路与中央处理器之间的报文流量,并通过监控中央处理器的工作状态确定报文上送速度,以确定的报文上送速度将报文上送至中央处理器;The auxiliary processor is used to receive the message sent by the special application integrated circuit, isolate and monitor the flow of the message between the special application integrated circuit and the central processing unit, and determine the data on the message by monitoring the working state of the central processing unit. Sending speed to send the message to the central processing unit at the determined message sending speed; 所述中央处理器,用于根据上送的报文进行交换机的整体管理。The central processing unit is used for overall management of the switch according to the sent message. 2.根据权利要求1所述的基于交换机的报文流量监控系统,其特征在于,所述辅助处理器包括:2. The switch-based packet flow monitoring system according to claim 1, wherein the auxiliary processor comprises: 隔离单元,用于对上送的报文进行统计技术和内容过滤分析,若内容过滤分析正常,将报文重定向到中央处理器;当中央处理器需要使用报文回复特殊应用集成电路时,接收下送的报文,并重定向到特殊应用集成电路;The isolation unit is used to perform statistical technology and content filtering analysis on the uploaded message. If the content filtering analysis is normal, the message will be redirected to the central processing unit; when the central processing unit needs to use the message to reply to the special application integrated circuit, Receive the sent message and redirect it to the special application integrated circuit; 监控单元,用于监控中央处理器的工作负载;A monitoring unit for monitoring the workload of the central processing unit; 缓存单元,用于缓存特殊应用集成电路上送的报文;The cache unit is used to cache the messages sent by the special application integrated circuit; 上送速度控制单元,用于启动降速策略根据中央处理器的工作负载控制上送报文的速率。The sending speed control unit is used to start the speed reduction strategy to control the sending speed of the message according to the workload of the central processing unit. 3.根据权利要求2所述的基于交换机的报文流量监控系统,其特征在于,所述隔离单元包括:3. The switch-based packet flow monitoring system according to claim 2, wherein the isolation unit comprises: 过滤模块,用于启动预设过滤规则在报文流量中过滤出潜在风险流量和非必要流量,并直接丢弃;将过滤后的报文流量上送中央处理器,并记录到日志中;防护模块,用于启动预设安全机制在报文流量中识别出非法的报文流量,直接丢弃非法的报文流量并记录到日志中。The filtering module is used to start the preset filtering rules to filter out potential risk traffic and unnecessary traffic in the packet traffic, and directly discard it; send the filtered packet traffic to the central processor and record it in the log; the protection module , which is used to enable the preset security mechanism to identify illegal packet traffic in the packet traffic, directly discard the illegal packet traffic and record it in the log. 4.根据权利要求2所述的基于交换机的报文流量监控系统,其特征在于,所述监控单元包括:4. The switch-based packet flow monitoring system according to claim 2, wherein the monitoring unit comprises: 功耗检测模块,用于通过检测中央处理器的功耗确定中央处理器的工作负载。The power consumption detection module is used for determining the workload of the central processing unit by detecting the power consumption of the central processing unit. 5.根据权利要求2所述的基于交换机的报文流量监控系统,其特征在于,所述降速策略包括:5. The switch-based packet flow monitoring system according to claim 2, wherein the speed reduction strategy comprises: 当中央处理器的工作负载达到总负载的80%时,将上送报文的速率降至初始速率的80%,若中央处理器的工作负载继续增加,根据预设的函数曲线降低上送报文的速率,若中央处理器的工作负载达到总负载98%,停止报文的上送。When the workload of the CPU reaches 80% of the total load, the rate of sending packets will be reduced to 80% of the initial rate. If the workload of the CPU continues to increase, the rate of sending packets will be reduced according to the preset function curve. If the workload of the CPU reaches 98% of the total load, the sending of the packets will be stopped. 6.根据权利要求2所述的基于交换机的报文流量监控系统,其特征在于,所述辅助处理器还包括:6. The switch-based packet flow monitoring system according to claim 2, wherein the auxiliary processor further comprises: 优先级设置单元,用于根据报文的预设键值确定报文的优先级,根据报文的优先级建立相应的报文上送队列。The priority setting unit is used for determining the priority of the message according to the preset key value of the message, and establishing a corresponding message sending queue according to the priority of the message. 7.一种基于交换机的报文流量监控方法,其特征在于,包括如下步骤:7. A switch-based packet flow monitoring method, comprising the steps of: S1:通过特殊应用集成电路进行交换机的报文业务流量的处理和分析,并上送至辅助处理器;S1: Process and analyze the packet traffic of the switch through the special application integrated circuit, and send it to the auxiliary processor; S2:辅助处理器接收到上送的报文后,进行报文流量的隔离和监控处理,并通过监控中央处理器的工作状态确定上送中央处理器的报文的速度,以确定后的上送速度将处理后的报文上送至中央处理器;S2: After receiving the uploaded message, the auxiliary processor performs isolation and monitoring processing of the message flow, and determines the speed of the message sent to the central processor by monitoring the working state of the central processor, so as to determine the subsequent uploading rate. Sending speed to send the processed message to the central processing unit; S3:中央处理器根据处理后的报文进行交换机的整体管理。S3: The central processor performs overall management of the switch according to the processed packets. 8.根据权利要求7所述的基于交换机的报文流量监控方法,其特征在于,所述步骤S2包括:8. The switch-based packet flow monitoring method according to claim 7, wherein the step S2 comprises: 辅助处理器接收特殊应用集成电路上送的报文;The auxiliary processor receives the message sent by the special application integrated circuit; 判断报文是否符合过滤规则,若是,则直接丢弃;否则通过对报文进行安全安全检查确定报文是否为安全报文;Determine whether the packet conforms to the filtering rules, and if so, discard it directly; otherwise, determine whether the packet is a secure packet by performing a security check on the packet; 若不为安全报文,则直接丢弃;若为安全报文,则通过读取中央处理器电源的功率确定中央处理器的工作负载,根据中央处理器的负载对报文进行流量整形和限速后上送至中央处理器。If it is not a security packet, it will be discarded directly; if it is a security packet, the workload of the central processing unit will be determined by reading the power of the CPU power supply, and traffic shaping and rate limiting will be performed on the packets according to the load of the central processing unit. and then sent to the central processing unit. 9.根据权利要求8所述的基于交换机的报文流量监控方法,其特征在于,所述过滤规则包括:9. The switch-based packet flow monitoring method according to claim 8, wherein the filtering rule comprises: 设置非必要的报文类型和具有潜在风险的报文类型;Set unnecessary message types and potentially risky message types; 识别当前报文的类型是否为非必要的报文类型,若是,则直接丢弃;若否,识别当前报文的类型是否为具有潜在风险的报文类型;Identify whether the type of the current packet is an unnecessary packet type, if so, discard it directly; if not, identify whether the current packet type is a potentially risky packet type; 若是,则直接丢弃,若否,则完成过滤。If it is, it will be discarded directly, if not, the filtering will be completed. 10.根据权利要求8所述的基于交换机的报文流量监控方法,其特征在于,所述根据中央处理器的负载对报文进行流量整形和限速后上送至中央处理器具体为:10. The switch-based packet flow monitoring method according to claim 8, wherein, after the packet is subjected to traffic shaping and rate limiting according to the load of the central processing unit, the packets are sent to the central processing unit specifically as follows: 若中央处理器的工作负载低于总负载的80%,直接将报文上送至中央处理器;If the workload of the CPU is lower than 80% of the total load, the message is directly sent to the CPU; 若中央处理器的工作负载达到总负载的80%,将上送报文的速率降至初始速率的80%;If the workload of the CPU reaches 80% of the total load, reduce the rate of sending packets to 80% of the initial rate; 上送速率下降后,通过读取未上传的报文的预设键值确定未上传的报文的优先级;在未上传的保证中,将优先级最高的报文上送至中央处理器,将剩余的报文暂存至缓存单元,等待上送;若当前缓存单元已没有存储空间,则直接丢弃余的报文;After the upload rate decreases, the priority of the unuploaded message is determined by reading the preset key value of the unuploaded message; in the unuploaded guarantee, the message with the highest priority is sent to the central processing unit, Temporarily store the remaining packets in the cache unit and wait for uploading; if the current cache unit has no storage space, the remaining packets will be discarded directly; 若当前上送的报文流量大于中央处理器的预设带宽,将预设比例的报文暂存至缓存单元。If the currently sent packet traffic is greater than the preset bandwidth of the central processing unit, the preset proportion of packets is temporarily stored in the buffer unit.
CN202110969789.1A 2021-08-23 2021-08-23 Message flow monitoring system and method based on switch Active CN113839885B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110969789.1A CN113839885B (en) 2021-08-23 2021-08-23 Message flow monitoring system and method based on switch

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110969789.1A CN113839885B (en) 2021-08-23 2021-08-23 Message flow monitoring system and method based on switch

Publications (2)

Publication Number Publication Date
CN113839885A true CN113839885A (en) 2021-12-24
CN113839885B CN113839885B (en) 2023-08-18

Family

ID=78961018

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110969789.1A Active CN113839885B (en) 2021-08-23 2021-08-23 Message flow monitoring system and method based on switch

Country Status (1)

Country Link
CN (1) CN113839885B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117041172A (en) * 2023-10-09 2023-11-10 苏州元脑智能科技有限公司 White box switch interface request processing method and device
WO2024212619A1 (en) * 2023-12-12 2024-10-17 天翼云科技有限公司 P4-assisted cloud eip gateway shared bandwidth traffic monitoring method and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6499107B1 (en) * 1998-12-29 2002-12-24 Cisco Technology, Inc. Method and system for adaptive network security using intelligent packet analysis
CN101355567A (en) * 2008-09-03 2009-01-28 中兴通讯股份有限公司 A method for safety protection of central processor of switching and routing equipment
CN111526064A (en) * 2020-04-03 2020-08-11 北京星网锐捷网络技术有限公司 Data stream processing method and device, electronic equipment and storage medium

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6499107B1 (en) * 1998-12-29 2002-12-24 Cisco Technology, Inc. Method and system for adaptive network security using intelligent packet analysis
CN101355567A (en) * 2008-09-03 2009-01-28 中兴通讯股份有限公司 A method for safety protection of central processor of switching and routing equipment
CN111526064A (en) * 2020-04-03 2020-08-11 北京星网锐捷网络技术有限公司 Data stream processing method and device, electronic equipment and storage medium

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117041172A (en) * 2023-10-09 2023-11-10 苏州元脑智能科技有限公司 White box switch interface request processing method and device
CN117041172B (en) * 2023-10-09 2024-02-02 苏州元脑智能科技有限公司 White box switch interface request processing method and device
WO2024212619A1 (en) * 2023-12-12 2024-10-17 天翼云科技有限公司 P4-assisted cloud eip gateway shared bandwidth traffic monitoring method and system

Also Published As

Publication number Publication date
CN113839885B (en) 2023-08-18

Similar Documents

Publication Publication Date Title
US11637845B2 (en) Method and apparatus for malicious attack detection in a software defined network (SDN)
JP5201415B2 (en) Log information issuing device, log information issuing method and program
US9819590B2 (en) Method and apparatus for notifying network abnormality
US8593965B2 (en) Mitigating the effects of congested interfaces on a fabric
CN113259143B (en) Information processing method, device, system and storage medium
CN113839885A (en) A switch-based packet flow monitoring system and method
CN101635652B (en) Method and equipment for recovering fault of multi-core system
CN105429824A (en) Self-adaptive depth detection device of industrial control protocol and method
WO2023103231A1 (en) Low-rate ddos attack detection method and system, and related device
CN101729231B (en) Industrial Ethernet in distributed control system
JP4687590B2 (en) Information distribution system and failure determination method
CN112260899A (en) Network monitoring method and device based on MMU (memory management unit)
WO2024087692A1 (en) Device management method, and devices, system and storage medium
JP2007006054A (en) Packet relay apparatus and packet relay system
CN101883054B (en) Multicast message processing method and device and equipment
JP2008278357A (en) Communication line disconnecting apparatus
CN115150460B (en) Node security registration method, device, equipment and readable storage medium
JP5957318B2 (en) Network system, information relay device, and packet distribution method
US10181997B2 (en) Methods, systems and computer readable media for providing receive port resiliency in a network equipment test device
CN111327577B (en) A switch-based security access method and device
CN111490989A (en) Network system, attack detection method and device and electronic equipment
CN114124666B (en) Network handling method, device, computer equipment and storage medium
CN114124854B (en) Message processing method and device, electronic equipment and readable storage medium
CN105530113A (en) Method and device for realizing protection switching of spanning tree protocol
CN116074844B (en) 5G slice escape attack detection method based on full-flow adaptive detection

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address

Address after: 215100 Building 9, No.1 guanpu Road, Guoxiang street, Wuzhong Economic Development Zone, Suzhou City, Jiangsu Province

Patentee after: Suzhou Yuannao Intelligent Technology Co.,Ltd.

Country or region after: China

Address before: 215100 Building 9, No.1 guanpu Road, Guoxiang street, Wuzhong Economic Development Zone, Suzhou City, Jiangsu Province

Patentee before: SUZHOU LANGCHAO INTELLIGENT TECHNOLOGY Co.,Ltd.

Country or region before: China