CN114338543B - Network access speed limiting method, device, equipment and storage medium - Google Patents
Network access speed limiting method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN114338543B CN114338543B CN202210243864.0A CN202210243864A CN114338543B CN 114338543 B CN114338543 B CN 114338543B CN 202210243864 A CN202210243864 A CN 202210243864A CN 114338543 B CN114338543 B CN 114338543B
- Authority
- CN
- China
- Prior art keywords
- resource
- speed limit
- message
- user
- processed
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 53
- 238000004590 computer program Methods 0.000 claims description 17
- 238000012545 processing Methods 0.000 description 12
- 238000004891 communication Methods 0.000 description 8
- 230000006870 function Effects 0.000 description 8
- 230000008569 process Effects 0.000 description 8
- 238000010586 diagram Methods 0.000 description 6
- 230000003993 interaction Effects 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 238000012986 modification Methods 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 239000011449 brick Substances 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 239000011521 glass Substances 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000001953 sensory effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a method, a device, equipment and a storage medium for limiting the speed of network access. The method comprises the following steps: acquiring a resource address to be accessed in a message to be processed; determining the resource speed limit standard of the resource to be accessed from a resource speed limit table according to the address of the resource to be accessed; the resource speed limit table comprises an access resource uplink speed limit table and an access resource downlink speed limit table; judging whether the message to be processed meets the resource speed limit standard or not; and if the message to be processed does not meet the resource speed limit standard, discarding the message to be processed. The embodiment of the invention can reduce the influence on the speed limit performance and stability and improve the table entry overloading and function expansibility.
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a method, an apparatus, a device, and a storage medium for limiting a speed of a network access.
Background
With the development of internet technology, information interaction between users and various servers is more and more frequent. The data processing and carrying capacity of the server is often limited, and if the speed of information interaction is not limited, the normal operation of the server system may be affected.
For server systems, especially linux systems, Traffic Control (TC) and IP packet filtering (Iptables) are currently used as the means for implementing speed limit. However, in the process of realizing the speed limiting function, the former has complex configuration, poor expansibility and difficult management; the latter message processing will pass too many tables and chains, resulting in the significant reduction of the throughput and response speed of the firewall, and the significant increase of the CPU occupancy rate.
Disclosure of Invention
The invention provides a method, a device, equipment and a storage medium for limiting the speed of network access, which are used for reducing the influence on the speed limiting performance and stability and improving the table entry overloading and function expansibility.
According to an aspect of the present invention, there is provided a method for limiting a network access rate, including:
acquiring a resource address to be accessed in a message to be processed;
determining the resource speed limit standard of the resource to be accessed from a resource speed limit table according to the address of the resource to be accessed; the resource speed limit table comprises an access resource uplink speed limit table and an access resource downlink speed limit table;
judging whether the message to be processed meets the resource speed limit standard or not;
and if the message to be processed does not meet the resource speed limit standard, discarding the message to be processed.
According to another aspect of the present invention, there is provided a network access rate limiting device, including:
the resource address acquisition module is used for acquiring the resource address to be accessed in the message to be processed;
the resource speed limit determining module is used for determining the resource speed limit standard of the resource to be accessed from a resource speed limit table according to the address of the resource to be accessed; the resource speed limit table comprises an access resource uplink speed limit table and an access resource downlink speed limit table;
the resource speed limit judging module is used for judging whether the message to be processed meets the resource speed limit standard or not;
and the resource message discarding module is used for discarding the message to be processed if the message to be processed does not meet the resource speed limit standard.
According to another aspect of the present invention, there is provided an electronic apparatus including:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein,
the memory stores a computer program executable by the at least one processor, and the computer program is executed by the at least one processor to enable the at least one processor to execute the method for limiting network access speed according to any embodiment of the present invention.
According to another aspect of the present invention, there is provided a computer-readable storage medium storing computer instructions for causing a processor to implement the method for limiting network access speed according to any one of the embodiments of the present invention when executed.
The embodiment of the invention manages and controls the access resource speed limit by using the resource speed limit table entry, and reduces the influence on the performance and the stability on the premise of realizing the speed limit function. And the access resource uplink/downlink speed limit tables are respectively set aiming at the access resources, so that the operation on the table entry is independent, and the table entry overloading and the function expansibility are improved
It should be understood that the statements in this section are not intended to identify key or critical features of the embodiments of the present invention, nor are they intended to limit the scope of the invention. Other features of the present invention will become apparent from the following description.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a flowchart of a method for limiting network access speed according to an embodiment of the present invention;
fig. 2A is a flowchart of a method for limiting network access speed according to another embodiment of the present invention;
fig. 2B is a schematic diagram of a network access flow provided in accordance with another embodiment of the present invention;
fig. 3 is a schematic structural diagram of a network access speed limiting device according to yet another embodiment of the present invention;
fig. 4 is a schematic structural diagram of an electronic device implementing an embodiment of the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Fig. 1 is a flowchart of a network access speed limiting method according to an embodiment of the present invention, where the present embodiment is applicable to a case where a message is handled according to a speed limiting policy of a resource address to be accessed, and the method may be executed by a network access speed limiting device, where the device may be implemented in a form of hardware and/or software, and the device may be configured in an electronic device with corresponding data processing capability. As shown in fig. 1, the method includes:
s110, obtaining the address of the resource to be accessed in the message to be processed.
The message to be processed carries the resource address of the resource to be accessed by the message. For the uplink message to be processed, the address of the resource to be accessed is the destination IP + the destination port number; for the downlink message to be processed, the address of the resource to be accessed is the source IP + source port number.
Specifically, after the message is determined to meet the speed limit standard of the user, the message is determined to be a message to be processed, so as to further determine whether the message also meets the speed limit standard of the resource to be accessed. And acquiring the address of the resource which the message wants to access from the message so as to determine whether the message passes through or is discarded according to the speed limit strategy of the resource.
And S120, determining the resource speed limit standard of the resource to be accessed from a resource speed limit table according to the address of the resource to be accessed.
Wherein, for each resource address to be accessed, an uplink speed limit table and a downlink speed limit table of the accessed resource are set to respectively configure the specific uplink and downlink speed limit strategies of the accessed resource.
Specifically, in order to solve the problems that when a TC/Iptables scheme is adopted for Linux network speed limit, configuration complexity is increased due to the fact that a large number of users and access resources are configured, excessive TC/Iptables entries are occupied, overloading and broken links are caused due to the fact that excessive entries are formed, the method introduces the thought of user speed limit and access resource speed limit based on a Linux netfilter framework, obtains speed limit information of the users and the access resources by accurately hitting corresponding entries, and limits the speed of different users and different access resources. The resource speed limit table stores the one-to-one corresponding resource addresses to be accessed and the resource speed limit standard representing the resource speed limit strategy. After the address of the resource to be accessed is determined, the resource speed limit standard corresponding to the resource can be determined according to the address of the resource to be accessed.
Optionally, the determining, according to the address of the resource to be accessed, the resource speed limit standard of the resource to be accessed from the resource speed limit table includes:
taking the resource address to be accessed as a key value to query the resource speed limit table; and if the query result exists, extracting the resource speed limit standard of the resource to be accessed from the key domain content obtained by query.
Specifically, the resource speed limit table may be a hash (hash) table, the resource address to be accessed in the table entry is a key value, and the resource speed limit criterion of the resource address is stored in the corresponding key field. After the resource address to be accessed is determined, according to the unique corresponding relation between the key value and the key domain, the pre-stored resource speed limit standard is obtained by inquiring in the corresponding key domain. The invention determines the corresponding relation between the access resource address and the specific speed limit standard in a key value pair mode by using the hash table as the table entry, can accurately search, reduces the influence of the number of users and the number of access resources on the matching complexity, and greatly reduces the logic complexity of the message in the processing process.
S130, judging whether the message to be processed meets the resource speed limit standard or not.
Specifically, according to attribute information such as the message type, the message size, the message content and the like of the current message to be processed, the comparison is performed with the content of a specific speed-limiting strategy in the resource speed-limiting standard. And determining the specific processing mode of the message according to whether the message attribute information meets the policy content.
Optionally, the determining, according to the address of the resource to be accessed, the resource speed limit standard of the resource to be accessed from the resource speed limit table includes:
the judging whether the message to be processed meets the resource speed limit standard or not comprises the following steps:
determining a timestamp difference value between a current message to be processed and a previous message; determining a target speed limit length according to the resource speed limit standard and the timestamp difference; comparing the target speed limit length with the message length of the message to be processed; and if the message length is smaller than the target speed limit length, determining that the message to be processed meets the resource speed limit standard.
Specifically, the resource speed limit criterion expresses the maximum data volume allowed to be accessed in a period of time of the currently accessed resource in a speed form, for example, 1 megabyte per second, and each message carries respective time stamp information. The method can realize the judgment of the resource speed limit standard by a token bucket method, obtain the timestamp difference between the current message to be processed and the last message to be processed/passed, and obtain the target speed limit length by multiplying the timestamp difference by the resource speed limit standard, wherein the target speed limit length is expressed by the number of bytes, the target speed limit length indicates how many tokens are generated in the token bucket in the time period of processing the adjacent message, and one token corresponds to one byte. If the message length is larger than the target speed limit length, namely the number of bytes contained in the message is larger than the number of tokens generated in the token bucket in the period of time, the message is discarded because the message exceeds the speed limit standard, otherwise, if the message length is smaller than the target speed limit length, the message to be processed is judged to meet the resource speed limit standard. The invention judges whether the message is overspeed or not through the timestamp difference and the target speed limit length, and ensures effective response and processing to the burst access flow to a certain extent while realizing the speed limit management of the message.
S140, if the message to be processed does not meet the resource speed limit standard, discarding the message to be processed.
Specifically, if the message to be processed does not meet the resource speed limit standard, it is indicated that a certain attribute of the current message does not meet the speed limit standard, and the message is discarded. Otherwise, if the message to be processed meets the resource speed limit standard, the message passes through.
The embodiment of the invention manages and controls the access resource speed limit by using the resource speed limit list item, and reduces the influence of the speed limit on the performance and the stability on the premise of realizing the speed limit function. And the uplink/downlink speed limit tables of the access resources are respectively set aiming at the access resources, so that the table entry operation is independent, and the table entry overloading and the function expansibility are improved.
Fig. 2A is a flowchart of a network access speed limiting method according to another embodiment of the present invention, which is improved based on the foregoing embodiment. As shown in fig. 2A, the method includes:
s210, acquiring a user address in an original message;
s220, determining a user speed limit standard of the user from a user speed limit table according to the user address; the user speed limit meter comprises a user uplink speed limit meter/a user downlink speed limit meter;
s230, judging whether the original message meets the user speed limit standard or not;
s240, if the original message meets the user speed limit standard, determining that the original message is a message to be processed.
Specifically, for any original message, before the original message is determined to be a message to be processed, the speed limit standard of the user needs to be met. Besides storing the resource address to be accessed, the message also stores the user address. When the original message is an uplink message, the user address is the source IP of the message, and when the message is a downlink message, the user address is the destination IP. And the speed limit thinking is consistent with the speed limit thinking of accessing resources, and each user also sets the user's own uplink speed limit table/user downlink speed limit table. Meanwhile, the user speed limit table may also use a hash table, and the user speed limit standard corresponding to the user address is obtained from the table entry in a key value pair manner, and the specific implementation manner is the same as that in the above embodiment. And when judging whether the original message meets the user speed limit standard, the speed limit can be obtained based on the comparison of the target speed limit length and the message length of the original message, and the specific process refers to the above embodiment, which is not repeated herein. If the original message meets the user speed limit standard, the original message passes through and is determined as a message to be processed. If the original message does not conform to the user speed limit standard brick, the original message can be directly discarded, and the next process cannot be carried out.
Fig. 2B is a flowchart illustrating a method for limiting a network speed based on a user and an access resource according to another embodiment of the present invention. For the uplink/downlink scene, the speed limit control for the user and the access resource is realized respectively based on an uplink user table (user uplink speed limit table)/an uplink access resource table (access resource uplink speed limit table), and a downlink user table (user downlink speed limit table)/a downlink access resource table (access resource downlink speed limit table). In the requirement explanation, for the uplink/downlink user table, if the user address is not hit (the user address key value does not exist in the table entry), it is indicated that the user is an illegal user, and the message is directly discarded. For the uplink/downlink access resource table, if the access resource address is not hit (the access resource address key value does not exist in the table entry), it indicates that the access resource is not limited in speed and can pass directly.
S250, acquiring a resource address to be accessed in the message to be processed;
s260, determining a resource speed limit standard of the resource to be accessed from a resource speed limit table according to the address of the resource to be accessed; the resource speed limit table comprises an access resource uplink speed limit table and an access resource downlink speed limit table;
s270, judging whether the message to be processed meets the resource speed limit standard or not;
s280, if the message to be processed does not meet the resource speed limit standard, discarding the message to be processed.
S290, determining the content to be modified in the resource speed limit table based on the new access resource speed limit strategy;
and positioning and modifying the target key domain content according to the content to be modified so as to update the resource speed limit table.
Specifically, the access resource uplink speed limit table, the access resource downlink speed limit table, the user uplink speed limit table and the user downlink speed limit table can be modified. By acquiring the new speed limit strategy, whether the object of the speed limit strategy to be modified is to access resources or users and whether the uplink or downlink is limited can be determined. After the object and the up/down stream are determined, the specific entry to be modified is located. If the speed limit strategy of the existing access resource/user is modified, only the content in the corresponding target key domain needs to be replaced or modified. If a speed limit strategy for a certain access resource/user needs to be added or abandoned, the corresponding complete key value pair is added/deleted in the corresponding table entry. The speed limit table is updated based on the modification key value and the key domain, the table entry does not need to be completely rewritten, and the reuse rate and the expandability of the table entry are improved.
The embodiment of the invention limits the speed of the user of the message before limiting the speed of the access resource of the message, and only further processes the message which meets the requirement as the message to be processed, thereby simultaneously carrying out the speed-limiting management on the user and the access resource in sequence and better reducing the influence on the performance and the stability. And the table items are updated in a key value pair modification mode without completely duplicating the table items, so that the reuse rate and the expandability of the table items are improved.
Fig. 3 is a schematic structural diagram of a network access speed limiting device according to another embodiment of the present invention. As shown in fig. 3, the apparatus includes:
a resource address obtaining module 310, configured to obtain a resource address to be accessed in a message to be processed;
a resource speed limit determining module 320, configured to determine, according to the address of the resource to be accessed, a resource speed limit standard of the resource to be accessed from a resource speed limit table; the resource speed limit table comprises an access resource uplink speed limit table and an access resource downlink speed limit table;
a resource speed limit judging module 330, configured to judge whether the to-be-processed packet meets the resource speed limit standard;
a resource message discarding module 340, configured to discard the to-be-processed message if the to-be-processed message does not meet the resource speed limit standard.
The network access speed limiting device provided by the embodiment of the invention can execute the network access speed limiting method provided by any embodiment of the invention, and has corresponding functional modules and beneficial effects of the execution method
Optionally, the apparatus further comprises:
the user address acquisition module is used for acquiring a user address in the original message;
the user speed limit determining module is used for determining the user speed limit standard of the user from a user speed limit table according to the user address; the user speed limit meter comprises a user uplink speed limit meter/a user downlink speed limit meter;
the user speed limit judging module is used for judging whether the original message meets the user speed limit standard or not;
and the user message discarding module is used for determining the original message as the message to be processed if the original message meets the user speed limit standard.
Optionally, the resource speed limit determining module 320 is specifically configured to:
taking the resource address to be accessed as a key value to inquire the resource speed limiting table;
and if the query result exists, extracting the resource speed limit standard of the resource to be accessed from the key domain content obtained by query.
Optionally, the resource speed limit determining module 330 is specifically configured to:
determining a timestamp difference value between a current message to be processed and a previous message;
determining the target speed limit length according to the resource speed limit standard and the timestamp difference value;
comparing the target speed limit length with the message length of the message to be processed;
and if the message length is smaller than the target speed limit length, determining that the message to be processed meets the resource speed limit standard.
Optionally, the apparatus further includes a speed limit policy updating module, configured to:
determining the content to be modified in the resource speed limit table based on the new access resource speed limit strategy;
positioning and modifying the target key content according to the content to be modified so as to update the resource speed limit table
The network access speed limiting device further explained can also execute the network access speed limiting method provided by any embodiment of the invention, and has corresponding functional modules and beneficial effects of the execution method.
FIG. 4 shows a schematic block diagram of an electronic device 40 that may be used to implement an embodiment of the invention. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital assistants, cellular phones, smart phones, wearable devices (e.g., helmets, glasses, watches, etc.), and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the inventions described and/or claimed herein.
As shown in fig. 4, the electronic device 40 includes at least one processor 41, and a memory communicatively connected to the at least one processor 41, such as a Read Only Memory (ROM) 42, a Random Access Memory (RAM) 43, and the like, wherein the memory stores a computer program executable by the at least one processor, and the processor 41 may perform various suitable actions and processes according to the computer program stored in the Read Only Memory (ROM) 42 or the computer program loaded from the storage unit 48 into the Random Access Memory (RAM) 43. In the RAM 43, various programs and data necessary for the operation of the electronic apparatus 40 can also be stored. The processor 41, the ROM 42, and the RAM 43 are connected to each other via a bus 44. An input/output (I/O) interface 45 is also connected to bus 44.
A number of components in the electronic device 40 are connected to the I/O interface 45, including: an input unit 46 such as a keyboard, a mouse, etc.; an output unit 47 such as various types of displays, speakers, and the like; a storage unit 48 such as a magnetic disk, an optical disk, or the like; and a communication unit 49 such as a network card, modem, wireless communication transceiver, etc. The communication unit 49 allows the electronic device 40 to exchange information/data with other devices via a computer network such as the internet and/or various telecommunication networks.
In some embodiments, the network access speed limiting method may be implemented as a computer program tangibly embodied in a computer-readable storage medium, such as storage unit 48. In some embodiments, part or all of the computer program may be loaded and/or installed onto the electronic device 40 via the ROM 42 and/or the communication unit 49. When the computer program is loaded into the RAM 43 and executed by the processor 41, one or more steps of the network access speed limiting method described above may be performed. Alternatively, in other embodiments, processor 41 may be configured to perform the network access rate limiting method by any other suitable means (e.g., by way of firmware).
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuitry, Field Programmable Gate Arrays (FPGAs), Application Specific Integrated Circuits (ASICs), Application Specific Standard Products (ASSPs), system on a chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input device, and at least one output device.
A computer program for implementing the methods of the present invention may be written in any combination of one or more programming languages. These computer programs may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the computer programs, when executed by the processor, cause the functions/acts specified in the flowchart and/or block diagram block or blocks to be performed. A computer program can execute entirely on a machine, partly on a machine, as a stand-alone software package partly on a machine and partly on a remote machine or entirely on a remote machine or server.
In the context of the present invention, a computer-readable storage medium may be a tangible medium that can contain, or store a computer program for use by or in connection with an instruction execution system, apparatus, or device. A computer readable storage medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. Alternatively, the computer readable storage medium may be a machine readable signal medium. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on an electronic device having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user may provide input to the electronic device. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic, speech, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), Wide Area Networks (WANs), blockchain networks, and the internet.
The computing system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server can be a cloud server, also called a cloud computing server or a cloud host, and is a host product in a cloud computing service system, so that the defects of high management difficulty and weak service expansibility in the traditional physical host and VPS service are overcome.
It should be understood that various forms of the flows shown above may be used, with steps reordered, added, or deleted. For example, the steps described in the present invention may be executed in parallel, sequentially, or in different orders, and are not limited herein as long as the desired results of the technical solution of the present invention can be achieved.
The above-described embodiments should not be construed as limiting the scope of the invention. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may be made, depending on design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. A method for limiting network access speed, the method comprising:
acquiring a resource address to be accessed in a message to be processed; the resource to be accessed is a target access resource of the message to be processed;
determining the resource speed limit standard of the resource to be accessed from a resource speed limit table according to the address of the resource to be accessed; the resource speed limit table comprises an access resource uplink speed limit table and an access resource downlink speed limit table;
judging whether the message to be processed meets the resource speed limit standard or not;
and if the message to be processed does not meet the resource speed limit standard, discarding the message to be processed.
2. The method according to claim 1, wherein before obtaining the address of the resource to be accessed in the message to be processed, the method further comprises:
acquiring a user address in an original message;
determining a user speed limit standard of the user from a user speed limit table according to the user address; the user speed limit meter comprises a user uplink speed limit meter/a user downlink speed limit meter;
judging whether the original message meets the user speed limit standard or not;
and if the original message meets the user speed limit standard, determining that the original message is a message to be processed.
3. The method of claim 1, wherein the determining the resource speed limit standard of the resource to be accessed from a resource speed limit table according to the address of the resource to be accessed comprises:
taking the resource address to be accessed as a key value to query the resource speed limit table;
and if the query result exists, extracting the resource speed limit standard of the resource to be accessed from the key domain content obtained by query.
4. The method according to claim 1, wherein the determining whether the message to be processed meets the resource speed limit criterion comprises:
determining a timestamp difference value between a current message to be processed and a previous message;
determining the target speed limit length according to the resource speed limit standard and the timestamp difference value;
comparing the target speed limit length with the message length of the message to be processed;
and if the message length is smaller than the target speed limit length, determining that the message to be processed meets the resource speed limit standard.
5. The method of claim 1, further comprising:
determining the content to be modified in the resource speed limit table based on the new access resource speed limit strategy;
and positioning and modifying the target key domain content according to the content to be modified so as to update the resource speed limit table.
6. A network access rate limiting device, the device comprising:
the resource address acquisition module is used for acquiring the resource address to be accessed in the message to be processed; the resource to be accessed is a target access resource of the message to be processed;
the resource speed limit determining module is used for determining the resource speed limit standard of the resource to be accessed from a resource speed limit table according to the address of the resource to be accessed; the resource speed limit table comprises an access resource uplink speed limit table and an access resource downlink speed limit table;
the resource speed limit judging module is used for judging whether the message to be processed meets the resource speed limit standard or not;
and the resource message discarding module is used for discarding the message to be processed if the message to be processed does not meet the resource speed limit standard.
7. The apparatus of claim 6, further comprising:
the user address acquisition module is used for acquiring a user address in the original message;
the user speed limit determining module is used for determining the user speed limit standard of the user from a user speed limit table according to the user address; the user speed limit meter comprises a user uplink speed limit meter/a user downlink speed limit meter;
the user speed limit judging module is used for judging whether the original message meets the user speed limit standard or not;
and the user message discarding module is used for determining the original message as the message to be processed if the original message meets the user speed limit standard.
8. The apparatus of claim 6, wherein the resource speed limit determination module is specifically configured to:
taking the resource address to be accessed as a key value to query the resource speed limit table;
and if the query result exists, extracting the resource speed limit standard of the resource to be accessed from the key domain content obtained by query.
9. An electronic device, characterized in that the electronic device comprises:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein,
the memory stores a computer program executable by the at least one processor, the computer program being executable by the at least one processor to enable the at least one processor to perform the network access speed limiting method of any one of claims 1-5.
10. A computer-readable storage medium storing computer instructions for causing a processor to implement the method for limiting network access speed according to any one of claims 1 to 5 when executed.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210243864.0A CN114338543B (en) | 2022-03-14 | 2022-03-14 | Network access speed limiting method, device, equipment and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210243864.0A CN114338543B (en) | 2022-03-14 | 2022-03-14 | Network access speed limiting method, device, equipment and storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN114338543A CN114338543A (en) | 2022-04-12 |
CN114338543B true CN114338543B (en) | 2022-06-21 |
Family
ID=81033468
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210243864.0A Active CN114338543B (en) | 2022-03-14 | 2022-03-14 | Network access speed limiting method, device, equipment and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114338543B (en) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101834785A (en) * | 2010-04-07 | 2010-09-15 | 中兴通讯股份有限公司 | Method and device for realizing stream filtration |
CN106656849A (en) * | 2016-11-01 | 2017-05-10 | 杭州迪普科技股份有限公司 | Message speed-limiting method and apparatus |
WO2017162117A1 (en) * | 2016-03-25 | 2017-09-28 | 阿里巴巴集团控股有限公司 | Accurate speed limiting method and apparatus for cluster |
CN107995199A (en) * | 2017-12-06 | 2018-05-04 | 锐捷网络股份有限公司 | The port speed constraint method and device of the network equipment |
CN109862439A (en) * | 2019-01-29 | 2019-06-07 | 视联动力信息技术股份有限公司 | Data processing method and device |
CN112003796A (en) * | 2020-08-07 | 2020-11-27 | 北京浪潮数据技术有限公司 | Broadcast message processing method, system, equipment and computer storage medium |
Family Cites Families (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8730823B2 (en) * | 2011-06-24 | 2014-05-20 | Jasper Wireless, Inc. | Core services platform for wireless voice, data and messaging network services |
CN102611630B (en) * | 2012-04-12 | 2015-10-07 | 迈普通信技术股份有限公司 | A kind of message acceptance control method and system |
CN108235804B (en) * | 2017-12-27 | 2021-12-31 | 达闼机器人有限公司 | Network speed limiting method and device and server |
CN109120541B (en) * | 2018-08-01 | 2022-09-09 | Oppo(重庆)智能科技有限公司 | Method, device, terminal equipment and storage medium for limiting network speed |
CN112751765A (en) * | 2019-10-30 | 2021-05-04 | 华为技术有限公司 | Method and device for adjusting transmission rate |
CN112039796B (en) * | 2020-08-28 | 2023-04-18 | 北京字节跳动网络技术有限公司 | Data packet transmission method and device, storage medium and electronic equipment |
CN112953842B (en) * | 2021-04-28 | 2022-09-27 | 中国工商银行股份有限公司 | Method, device, equipment and medium for processing RDMA network congestion |
-
2022
- 2022-03-14 CN CN202210243864.0A patent/CN114338543B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101834785A (en) * | 2010-04-07 | 2010-09-15 | 中兴通讯股份有限公司 | Method and device for realizing stream filtration |
WO2017162117A1 (en) * | 2016-03-25 | 2017-09-28 | 阿里巴巴集团控股有限公司 | Accurate speed limiting method and apparatus for cluster |
CN106656849A (en) * | 2016-11-01 | 2017-05-10 | 杭州迪普科技股份有限公司 | Message speed-limiting method and apparatus |
CN107995199A (en) * | 2017-12-06 | 2018-05-04 | 锐捷网络股份有限公司 | The port speed constraint method and device of the network equipment |
CN109862439A (en) * | 2019-01-29 | 2019-06-07 | 视联动力信息技术股份有限公司 | Data processing method and device |
CN112003796A (en) * | 2020-08-07 | 2020-11-27 | 北京浪潮数据技术有限公司 | Broadcast message processing method, system, equipment and computer storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN114338543A (en) | 2022-04-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110392098B (en) | Self-adaptive virtual desktop transmission method and device | |
CN116015796A (en) | Flow table updating method and device, firewall equipment and storage medium | |
CN114338543B (en) | Network access speed limiting method, device, equipment and storage medium | |
CN114500105A (en) | Network packet interception method, device, equipment and storage medium | |
CN114827159B (en) | Network request path optimization method, device, equipment and storage medium | |
CN114500398A (en) | Processor cooperative acceleration method, device, equipment and medium | |
CN117082073A (en) | File storage method, file downloading method, device, equipment and storage medium | |
CN117201228A (en) | Data recharging method and device, electronic equipment and storage medium | |
CN114422404A (en) | Flow statistical method, device, equipment and storage medium | |
CN118660085B (en) | Communication parameter transmission method, device, equipment and storage medium | |
CN117979210B (en) | Audio transmission method, device, electronic equipment and storage medium | |
CN115174447B (en) | Network communication method, device, system, equipment and storage medium | |
CN117395211A (en) | Data forwarding method, device, switch and medium | |
CN115604124B (en) | Bandwidth control method, device, equipment and storage medium | |
CN114553894B (en) | Data synchronization method, device, system and storage medium | |
CN118075359A (en) | Data packet method and device based on CAN communication, electronic equipment and medium | |
CN116599838A (en) | Substation equipment information configuration management method, device, equipment and storage medium | |
CN117997886A (en) | Message processing method and device, electronic equipment and storage medium | |
CN115883217A (en) | Data processing method, device, equipment and storage medium | |
CN118175106A (en) | Data flow control method and device | |
CN116506334A (en) | Flow mirroring method and device, electronic equipment and storage medium | |
CN118055068A (en) | Message processing method, device, equipment and medium based on DPDK | |
CN115883226A (en) | Vehicle network attack analysis method, device, equipment and storage medium | |
CN117591440A (en) | Address mapping method and device for protocol data packet, electronic equipment and storage medium | |
CN118631753A (en) | Message processing method and device, electronic equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |