CN115134303B - Service flow processing method and device, electronic equipment and storage medium - Google Patents
Service flow processing method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN115134303B CN115134303B CN202210814539.5A CN202210814539A CN115134303B CN 115134303 B CN115134303 B CN 115134303B CN 202210814539 A CN202210814539 A CN 202210814539A CN 115134303 B CN115134303 B CN 115134303B
- Authority
- CN
- China
- Prior art keywords
- traffic
- segment
- flow
- routing header
- header message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 62
- 238000005111 flow chemistry technique Methods 0.000 title claims abstract description 28
- 238000012545 processing Methods 0.000 claims abstract description 41
- 230000015654 memory Effects 0.000 claims description 20
- 230000032683 aging Effects 0.000 claims description 13
- 238000001514 detection method Methods 0.000 claims description 13
- 238000013507 mapping Methods 0.000 claims description 11
- 230000004048 modification Effects 0.000 claims description 7
- 238000012986 modification Methods 0.000 claims description 7
- 230000001172 regenerating effect Effects 0.000 claims description 6
- 238000003672 processing method Methods 0.000 claims description 3
- 238000004590 computer program Methods 0.000 claims description 2
- 238000004891 communication Methods 0.000 abstract description 9
- 239000002699 waste material Substances 0.000 abstract description 4
- 230000008569 process Effects 0.000 description 16
- 238000010586 diagram Methods 0.000 description 13
- 238000005516 engineering process Methods 0.000 description 6
- 230000006870 function Effects 0.000 description 5
- 230000003287 optical effect Effects 0.000 description 5
- 238000005538 encapsulation Methods 0.000 description 4
- 238000009789 rate limiting process Methods 0.000 description 3
- 230000006978 adaptation Effects 0.000 description 2
- 230000002776 aggregation Effects 0.000 description 2
- 238000004220 aggregation Methods 0.000 description 2
- 230000006399 behavior Effects 0.000 description 2
- 125000004122 cyclic group Chemical group 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000010295 mobile communication Methods 0.000 description 2
- 239000013307 optical fiber Substances 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 206010033799 Paralysis Diseases 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000009514 concussion Effects 0.000 description 1
- 230000006378 damage Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000018109 developmental process Effects 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 230000010355 oscillation Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- 230000002123 temporal effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/12—Avoiding congestion; Recovering from congestion
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0876—Network utilisation, e.g. volume of load or congestion level
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/22—Traffic shaping
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Environmental & Geological Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The disclosure provides a service flow processing method and device, electronic equipment and a storage medium, and relates to the technical field of communication. The service flow processing method comprises the following steps: acquiring a segment routing header message corresponding to the service flow, and determining a segment identifier contained in the segment routing header message; determining whether a traffic loop phenomenon exists in the traffic based on the segment identifier and the local segment identifier; and if the traffic loop phenomenon exists in the traffic flow, performing traffic speed limiting processing on the traffic flow. The technical scheme of the embodiment of the disclosure can reduce the complexity and the complexity of manually judging the SRH flow to form a loop, avoid the problem of SRv network flow loops caused by manual planning errors or controller path calculation errors, and reduce the waste of bandwidth resources; and malicious attack on the network through tampering SRv SRH messages is effectively prevented, a safety protection method aiming at SRv TE Policy scene is realized, and the network safety is improved.
Description
Technical Field
The present disclosure relates to the field of communication technologies, and in particular, to a service flow processing method, a service flow processing device, an electronic device, and a computer readable storage medium.
Background
With the rapid development of internet technology, the fifth generation mobile communication technology (5 th Generation Mobile Communication Technology, hereinafter abbreviated as 5G) is increasingly being widely used. SRv6 (Segment Routing IPv, segment routing based on IPv6 forwarding plane) is a new generation IP bearer protocol. The method adopts the existing IPv6 forwarding technology, and realizes the network programming through a flexible IPv6 extension head. SRv6 simplifies the network protocol type, has good expansibility and programmability, can meet the diversified requirements of more new services, provides high reliability, and has good application prospect in cloud services.
In the related art, the network element device designates a forwarding path of the service traffic through the head node encapsulation SRv SRH (Segment Routing Header, segment routing head message), but when a misconfiguration or a malicious attack occurs, the path designated by the head node encapsulation SRv SRH circulates for many times between two or more devices to form a traffic loop, so that the bandwidth resource of the network is consumed, and the routing protocol concussion even endangers the security of the whole network under serious conditions.
It should be noted that the information disclosed in the above background section is only for enhancing understanding of the background of the present disclosure and thus may include information that does not constitute prior art known to those of ordinary skill in the art.
Disclosure of Invention
An object of the embodiments of the present disclosure is to provide a service traffic processing method, a service traffic processing device, an electronic device, and a computer readable storage medium, so as to at least avoid a traffic loop problem occurring in a forwarding process of an SRH message to a certain extent, reduce bandwidth exhaustion caused by SRv SRH unreasonable planning or malicious attack on a network, and improve security of the network.
Other features and advantages of the present disclosure will be apparent from the following detailed description, or may be learned in part by the practice of the disclosure.
According to a first aspect of an embodiment of the present disclosure, there is provided a service traffic processing method, including: acquiring a segment routing header message corresponding to service flow, and determining a segment identifier contained in the segment routing header message; determining whether a traffic loop phenomenon exists in the service traffic based on the segment identifier and the local segment identifier; and if the traffic loop phenomenon exists in the traffic flow, performing traffic speed limiting processing on the traffic flow.
In some example embodiments of the present disclosure, based on the foregoing solution, the determining whether the traffic has a traffic loop phenomenon based on the segment identifier and the local segment identifier includes: comparing the segment identifier with a local segment identifier; if the number of the segment identifiers matched with the local segment identifiers is detected to be greater than or equal to a preset number threshold, determining that a traffic loop phenomenon exists in the traffic; and if the number of the segment identifiers matched with the local segment identifiers is detected to be smaller than the number threshold, determining that the traffic flow does not have a flow loop phenomenon.
In some example embodiments of the disclosure, based on the foregoing scheme, the method further comprises: and if the service flow is determined to have no flow loop phenomenon, forwarding the service flow according to the segment identification.
In some example embodiments of the present disclosure, based on the foregoing solution, if it is determined that the traffic has a traffic loop phenomenon, performing traffic speed limiting processing on the traffic includes: if the traffic loop phenomenon exists in the traffic flow, the target field attribute is encapsulated in the segment routing header message; determining the looping times of the service flow according to the target field attribute and the segment identifier; and carrying out flow rate limiting processing on the service flow based on the looping times.
In some example embodiments of the present disclosure, based on the foregoing solution, the determining the number of looping of the traffic flow according to the target field attribute and the segment identifier includes: generating an access control list according to the target field attribute and the segment identifier; determining that the segment routing header message forms a loop if the segment routing header message is matched with the access control list; modifying the segment identification value in the target field attribute, and regenerating a new access control list for matching through the segment identification in the segment routing header message and the modified target field attribute; and circularly executing the steps until the segment routing header message is not matched with the access control list, and determining the looping times of the service flow according to the modification times of the target field attribute.
In some example embodiments of the disclosure, based on the foregoing scheme, the method further comprises: acquiring a preset aging period; and deleting the access control list if the segment routing header message matched with the access control list is not detected to pass in the aging period.
In some example embodiments of the present disclosure, based on the foregoing solution, the performing traffic speed limiting processing on the traffic based on the looping times includes: acquiring the traffic bandwidth of an ingress interface corresponding to the segment routing header message and a preset speed limit value mapping relation; determining a target speed limit value according to the speed limit value mapping relation, the incoming interface flow bandwidth and the looping times; and carrying out flow rate limiting processing on the service flow through the target rate limiting value.
According to a second aspect of an embodiment of the present disclosure, there is provided a traffic flow processing apparatus, including: the segment identification determining module is used for acquiring a segment routing header message corresponding to the service flow and determining a segment identification contained in the segment routing header message; the traffic loop detection module is used for determining whether traffic loop phenomenon exists in the service traffic based on the segment identifier and the local segment identifier; and the traffic loop speed limiting module is used for carrying out traffic speed limiting processing on the traffic if the traffic loop phenomenon exists in the traffic.
In one example embodiment of the present disclosure, a flow loop detection module may be to: comparing the segment identifier with a local segment identifier; if the number of the segment identifiers matched with the local segment identifiers is detected to be greater than or equal to a preset number threshold, determining that a traffic loop phenomenon exists in the traffic; and if the number of the segment identifiers matched with the local segment identifiers is detected to be smaller than the number threshold, determining that the traffic flow does not have a flow loop phenomenon.
In an example embodiment of the present disclosure, the traffic flow processing apparatus further includes a normal forwarding module, which may be configured to: and if the service flow is determined to have no flow loop phenomenon, forwarding the service flow according to the segment identification.
In one example embodiment of the present disclosure, the flow loop speed limit module may include: a target field attribute encapsulation unit, configured to encapsulate a target field attribute in the segment routing header packet if it is determined that the traffic flow has a flow loop phenomenon; the loop forming times detection unit is used for determining the loop forming times of the service flow according to the target field attribute and the segment identification; and the traffic speed limiting processing unit is used for carrying out traffic speed limiting processing on the service traffic based on the looping times.
In one example embodiment of the present disclosure, the loop forming number detection unit may be configured to: generating an access control list according to the target field attribute and the segment identifier; determining that the segment routing header message forms a loop if the segment routing header message is matched with the access control list; modifying the segment identification value in the target field attribute, and regenerating a new access control list for matching through the segment identification in the segment routing header message and the modified target field attribute; and circularly executing the steps until the segment routing header message is not matched with the access control list, and determining the looping times of the service flow according to the modification times of the target field attribute.
In one example embodiment of the present disclosure, a traffic flow processing apparatus may include an access control list aging module that may be configured to: acquiring a preset aging period; and deleting the access control list if the segment routing header message matched with the access control list is not detected to pass in the aging period.
In one example embodiment of the present disclosure, the traffic-rate-limiting processing unit may be configured to: acquiring the traffic bandwidth of an ingress interface corresponding to the segment routing header message and a preset speed limit value mapping relation; determining a target speed limit value according to the speed limit value mapping relation, the incoming interface flow bandwidth and the looping times; and carrying out flow rate limiting processing on the service flow through the target rate limiting value.
According to a third aspect of embodiments of the present disclosure, there is provided an electronic device, comprising: a processor; and a memory having stored thereon computer readable instructions which when executed by the processor implement the traffic flow processing method of any of the above.
According to a fourth aspect of embodiments of the present disclosure, there is provided a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements a traffic flow processing method according to any one of the above.
The technical scheme provided by the embodiment of the disclosure can comprise the following beneficial effects:
According to the service flow processing method in the example embodiment of the disclosure, a segment routing header message corresponding to the service flow can be obtained, a segment identifier contained in the segment routing header message is determined, then whether the service flow has a flow loop phenomenon or not is determined based on the segment identifier and the local segment identifier, and when the service flow has the flow loop phenomenon, flow speed limiting processing is performed on the service flow. On one hand, the flow loop phenomenon can be detected by comparing the segment identifier contained in the segment routing header message with the local segment identifier, so that the complexity and complexity of manually judging the SRH flow looping can be effectively reduced; on the other hand, by detecting the flow loop phenomenon of the segment routing header message in the forwarding process and carrying out flow speed limiting treatment on the service flow with the flow loop phenomenon, the problem of SRv network flow loops caused by human programming errors or controller routing errors can be avoided, and the waste of bandwidth resources is reduced; on the other hand, by detecting the flow loop phenomenon and timely carrying out flow speed limiting treatment on the service flow with the flow loop phenomenon, malicious attack on the network can be effectively prevented by tampering SRv SRH messages, a safety protection method in a SRv TE Policy scene is realized, and the network safety is improved.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the disclosure and together with the description, serve to explain the principles of the disclosure. It will be apparent to those of ordinary skill in the art that the drawings in the following description are merely examples of the disclosure and that other drawings may be derived from them without undue effort. In the drawings:
fig. 1 schematically illustrates a flow diagram of a traffic flow processing method according to some embodiments of the present disclosure;
FIG. 2 schematically illustrates a flow diagram for detecting flow loop phenomena in accordance with some embodiments of the present disclosure;
FIG. 3 schematically illustrates a flow diagram for determining a number of loops of traffic flow in accordance with some embodiments of the present disclosure;
Fig. 4 schematically illustrates a flow diagram of traffic rate limiting processing of traffic according to some embodiments of the present disclosure;
Fig. 5 schematically illustrates a schematic diagram of segment routing header messages forming loop traffic in accordance with some embodiments of the present disclosure;
FIG. 6 schematically illustrates a flow diagram implementing flow loop detection and flow loop speed limiting in accordance with some embodiments of the present disclosure;
Fig. 7 schematically illustrates a composition schematic of a traffic flow processing apparatus according to some embodiments of the present disclosure;
FIG. 8 schematically illustrates a structural schematic diagram of a computer system of an electronic device, in accordance with some embodiments of the present disclosure;
fig. 9 schematically illustrates a schematic diagram of a computer-readable storage medium according to some embodiments of the present disclosure.
In the drawings, the same or corresponding reference numerals indicate the same or corresponding parts.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. However, the exemplary embodiments may be embodied in many forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of the example embodiments to those skilled in the art.
Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough understanding of embodiments of the disclosure. One skilled in the relevant art will recognize, however, that the disclosed aspects may be practiced without one or more of the specific details, or with other methods, components, devices, steps, etc. In other instances, well-known methods, devices, implementations, or operations are not shown or described in detail to avoid obscuring aspects of the disclosure.
Moreover, the drawings are only schematic illustrations and are not necessarily drawn to scale. The block diagrams depicted in the figures are merely functional entities and do not necessarily correspond to physically separate entities. That is, the functional entities may be implemented in software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor devices and/or microcontroller devices.
In the related art, IP RAN (Radio Access Network ) networks, metropolitan area networks, data center networks are more using SRv to carry user data traffic. SRv6 the modes of operation are divided into two types, one being SRv BE (Segment Routing IPv Best effect) and the other being SRv TE Policy (Segment Routing IPv6 TRAFFIC ENGINEERING Policy).
Since SRv BE has weaker path planning capability, SRv TE Policy is more applied to bearer networks and data center networks. The principle of SRv TE Policy is that the controller sends or manually configures the Policy to the head node of SRv network element, the forwarding plane encapsulates the network element or link through which the SRH message definition service flow needs to pass through by the head node of SRv network element, and the SRH message head is stripped off in the last hop, SRv TE Policy is that whether the controller sends or manually configures the Policy, the network element does not have security detection on SID (SEGMENT IDENTIFIER ) in the SRH, so when the network element receives the SRH message with repeated cyclic SID, the service flow repeatedly passes through the same network element or link to cause a loop, seriously wastes network link bandwidth, consumes network element chip resources, and causes high priority service damage, and protocol oscillation and even network paralysis can be generated in serious cases.
Based on one or more problems in the related art, in the present exemplary embodiment, there is first provided a traffic flow processing method, which may be performed by a network node, for example, a traffic flow processing method may be performed by SRv network element devices. Fig. 1 schematically illustrates a flow diagram of a traffic flow processing method according to some embodiments of the present disclosure. Referring to fig. 1, the traffic flow processing method may include the steps of:
step S110, obtaining a segment routing header message corresponding to the service flow, and determining a segment identifier contained in the segment routing header message;
step S120, determining whether the traffic flow has a flow loop phenomenon or not based on the segment identifier and the local segment identifier;
Step S130, if the traffic flow is determined to have a flow loop phenomenon, the traffic flow is subjected to flow rate limiting processing.
According to the service flow processing method in the present exemplary embodiment, on one hand, by comparing the segment identifier included in the segment routing header packet with the local segment identifier, the flow loop phenomenon can be detected, so that the complexity and complexity of manually judging the SRH flow looping can be effectively reduced; on the other hand, by detecting the flow loop phenomenon of the segment routing header message in the forwarding process and carrying out flow speed limiting treatment on the service flow with the flow loop phenomenon, the problem of SRv network flow loops caused by human programming errors or controller routing errors can be avoided, and the waste of bandwidth resources is reduced; on the other hand, by detecting the flow loop phenomenon and timely carrying out flow speed limiting treatment on the service flow with the flow loop phenomenon, malicious attack on the network can be effectively prevented by tampering SRv SRH messages, a safety protection method in a SRv te policy scene is realized, and network safety is improved.
Next, a service flow processing method in the present exemplary embodiment will be further described.
In step S110, a segment routing header message corresponding to the service flow is obtained, and a segment identifier included in the segment routing header message is determined.
In an example embodiment of the present disclosure, the traffic flow refers to user data network traffic based on an IPv6 protocol, the Segment Routing header message SRH is an SR (Segment Routing) technology implemented based on an IPv6 forwarding plane, and an SRH extension header is newly added to an IPv6 Routing extension header, where the extension header specifies an explicit path of IPv6, and stores information of a Segment list (SEGMENT LIST, SL) of IPv 6. SL is a forwarding path obtained by orderly arranging segments and network nodes, and when forwarding a message, the SL relies on SEGMENTS LEFT and SEGMENT LIST fields to jointly determine IPv6 destination address (IPv 6 DA) information, so as to guide the forwarding path and behavior of the message.
The segment identification SID refers to data that identifies the path segment contained in the segment routing header message. SRv6 the core idea is to cut the message forwarding path into different segments, insert Segment information into the message at the path starting point, and the intermediate node only needs to forward according to the Segment information carried in the message, where such path Segment is called Segment and identified by Segment identification SID.
In step S120, it is determined whether a traffic loop phenomenon exists in the traffic based on the segment identification and the local segment identification.
In an exemplary embodiment of the present disclosure, the traffic loop phenomenon refers to a phenomenon that when a network element receives an SRH message with a repeated cyclic SID, traffic is repeatedly forwarded through the same network element or link.
The local segment identifier refers to a segment identifier corresponding to a routing node in the forwarding process of the service flow, for example, the local segment identifier is 1:1; the route node B, the local section mark is 2:2; the route node C, the local section mark is 3:3; and the segment identifiers contained in the SRH of the traffic flow are 2:2:3:1:1:2:3:2:1:2 respectively from sl=0, then the traffic flow is indicated to be accessed from the routing node B, then forwarded to the routing node C through the interface, and then forwarded to the routing node a through the interface. Of course, the present exemplary embodiment is only schematically illustrated herein and is not limited thereto.
In step S130, if it is determined that the traffic flow has a flow loop phenomenon, a flow rate limiting process is performed on the traffic flow.
In an exemplary embodiment of the present disclosure, the traffic speed limiting process refers to a process of limiting the speed of the traffic with the traffic loop phenomenon, for example, the traffic with the traffic loop phenomenon may be limited by means of a Committed access rate (commanded ACCESS RATE, CAR), and the CAR speed limit has two main effects: the ingress and egress traffic rate to one port or sub-port (Subintece) is at some standard upper limit; traffic is classified and different QoS priorities are classified. CAR can only work for IP packets and cannot be done for non-IP traffic. Of course, the traffic flow with the flow loop phenomenon may be limited by other types of flow speed limiting methods, which is not limited by this example embodiment.
Next, step S110 to step S130 will be described in detail.
In an example embodiment of the present disclosure, after SRv network element equipment receives a service flow, a segment routing header SRH corresponding to the service flow may be obtained, and all segment identifiers SID between sl=0 to sl=n (n is a SL value corresponding to a local segment identifier) of the segment routing header SRH are parsed, so as to obtain all segment identifiers included in the segment routing header SRH.
In an example embodiment of the present disclosure, determining whether a traffic loop phenomenon exists in the traffic based on the segment identifier and the local segment identifier may be implemented through the steps in fig. 2, and referring to fig. 2, may specifically include:
Step S210, comparing the segment identifier with a local segment identifier;
step S220, if the number of the segment identifiers matched with the local segment identifiers is detected to be larger than or equal to a preset number threshold, determining that the traffic flow has a flow loop phenomenon;
step S230, if it is detected that the number of segment identifiers matched with the local segment identifier is smaller than the number threshold, it is determined that the traffic flow does not have a flow loop phenomenon.
The number threshold is preset data for judging whether the traffic is looped, for example, the number threshold may be 2, if there are 2 or more segment identifiers in the segment routing header packet that are matched with the local segment identifiers, the traffic corresponding to the segment routing header packet may be considered to have a traffic loop phenomenon, and if the number of segment identifiers in the segment routing header packet that are matched with the local segment identifiers is less than 2, the traffic corresponding to the segment routing header packet may be considered to have no traffic loop phenomenon; of course, the number threshold may be set to 3, or may be set to 1, or the like, and the specific number threshold may be set in a customized manner according to the actual situation, which is not particularly limited in this exemplary embodiment.
When the number of segment identifiers matched with the local segment identifiers is detected to be greater than or equal to a preset number threshold, the segment route header message or the number of times of the service flow corresponding to the segment route header message passing through the current network element in the forwarding process can be considered to exceed the number of times corresponding to the number threshold, a flow loop is formed, network loan resources are possibly consumed, and flow speed limiting processing is needed; in contrast, when the number of segment identifiers matched with the local segment identifiers is detected to be smaller than the number threshold, the segment routing header message or the service flow corresponding to the segment routing header message can be considered to have fewer times of passing through the current network element in the forwarding process, belong to the normal flow forwarding process, not belong to the flow loop phenomenon, and do not need to carry out speed limiting processing.
Optionally, the number threshold may not be set, and if all segment identifiers in the segment routing header message do not hit the local segment identifier, the next hop-out interface may be directly checked for forwarding without any processing on the segment routing header message; if the segment identifier in the segment routing header message exceeds 1 time of hitting the segment identifier of the local network element, the segment routing header message can be considered to have loop risk, namely, traffic loop phenomenon exists.
In one example embodiment of the present disclosure, if it is determined that traffic does not have a traffic loop phenomenon, the traffic may be forwarded according to the segment identification.
In an example embodiment of the present disclosure, the traffic rate limiting process may be implemented by the following steps, which may specifically include:
If the traffic loop phenomenon exists in the traffic, the target field attribute is encapsulated in the segment routing header message; determining the looping times of the service flow according to the target field attribute and the segment identifier; and carrying out flow rate limiting processing on the service flow based on the looping times.
The target field attribute refers to data for identifying the segment routing header packet, for example, the target field attribute may be opaque container tlv, and of course, the target field attribute may also be other types of parameters that can be encapsulated in the segment routing header packet and implement the function of identifying the segment routing header packet, which is not limited in particular in this exemplary embodiment.
The looping times refer to the times that the segment routing header message passes through the same network element in the forwarding process, for example, if 3 segment identifiers with the value of 2:2 exist in the segment routing header message, the segment routing header message passes through 3 times in network element equipment with the local segment identifier of 2:2, and at this time, the looping times of the service flow can be considered to be 3. Of course, the present exemplary embodiment is only schematically illustrated herein and is not limited thereto.
In an example embodiment of the present disclosure, determining the number of looping times of the traffic flow according to the target field attribute and the segment identifier may be implemented through the steps in fig. 3, and referring to fig. 3, may specifically include:
Step S310, generating an access control list according to the target field attribute and the segment identifier;
step S320, determining that the segment routing header message forms a loop in response to the segment routing header message being matched with the access control list; and
Step S330, modifying the segment identification value in the target field attribute, and regenerating a new access control list for matching through the segment identification in the segment routing header message and the modified target field attribute;
Step S340, the above steps are circularly executed until the segment route header message is not matched with the access control list, and the looping times of the service flow are determined according to the modifying times of the target field attribute.
The access control list (Access Control List, ACL) may define a series of different rules, and the network element device may classify the data packets according to the rules and perform different processes for different types of packets, so as to control network access behavior, limit network traffic, improve network performance, prevent network attack, and so on.
The access control list ACL can be generated according to the target field attribute (such as opaque container tlv) and all segment identifiers in the segment routing header message, when the segment routing header message is matched with the access control list ACL, namely the segment routing header message hits the access control list ACL, the segment routing header message is determined to form a loop, the segment identifier value in the target field attribute can be modified, and a new access control list is regenerated for matching through the segment identifier in the segment routing header message and the modified target field attribute; the process is repeatedly executed until the segment routing header message is not matched with the access control list, the segment routing header message can be considered to form no loop, and the looping times of the service flow can be determined according to the modification times of the target field attribute.
Further, an aging period may be set, for example, the aging period may be 30 minutes or 1 hour, which is not particularly limited in this example embodiment. If the segment routing header message which is matched with the access control list is not detected to pass in the aging period, the access control list can be deleted, the useless ACL resource of the network element occupied by the access control list is reduced, and the processing performance of the network element equipment is improved.
In an example embodiment of the present disclosure, the traffic rate limiting process for the traffic based on the number of looping times may be implemented through the steps in fig. 4, and referring to fig. 4, the method may specifically include:
step S410, obtaining the incoming interface flow bandwidth corresponding to the segment routing header message and a preset speed limit value mapping relation;
step S420, determining a target speed limit value according to the speed limit value mapping relation, the incoming interface flow bandwidth and the looping times;
And step S430, carrying out flow rate limiting processing on the service flow through the target rate limiting value.
The traffic bandwidth of the ingress interface refers to the bandwidth occupation condition corresponding to the interface of the network element device where the segment routing header message first enters.
The speed limit value mapping relation refers to preset speed limit values corresponding to different incoming interface flow bandwidths and different looping times.
For example, when the ratio of the incoming interface traffic bandwidth to the total bandwidth is less than 10%, if the number of looping times is n (n < = 2), the issued speed limit value is the incoming interface traffic bandwidth (may be bandwith) of the segment routing header message, that is, the issued speed limit value is bandwith x (1/2 6+n), and if the number of looping times is 3, the issued speed limit value may be bandwith x (1/1024); when the ratio of the incoming interface traffic bandwidth to the total bandwidth is more than 10% and less than 60%, if the number of looping times is n (n < = 2), the issued speed limit value is the incoming interface traffic bandwidth of the segment routing header message, that is, the issued speed limit value is bandwith (2/5) (1/2 6+n), and if the number of looping times is 3, the issued speed limit value can be bandwith (1/4096); when the ratio of the incoming interface traffic bandwidth to the total bandwidth is greater than 60% and less than 90%, if the number of looping times is n (n < = 2), the issued speed limit value is the incoming interface traffic bandwidth (which can be represented by bandwith) of the segment routing header message, that is, the issued speed limit value is bandwith (1/10) (1/2 6+n), and if the number of looping times is 3, the issued speed limit value can be bandwith (1/16376); and when the proportion of the bandwidth of the incoming interface flow to the total bandwidth exceeds 90% or the service flow corresponding to the segment routing header message repeatedly passes through the same network element for more than or equal to 4 times, the issuing speed limit value is 0, namely the service flow corresponding to the segment routing header message is discarded.
Fig. 5 schematically illustrates a schematic diagram of segment routing header messages forming loop traffic in accordance with some embodiments of the present disclosure.
Referring to FIG. 5, assume that routing node A510, routing node B520, and routing node C530 are present in the network and that the corresponding local segment identifications are 1:1, 2:2, and 3:3, respectively. For the segment routing header message 540 corresponding to the service flow, the corresponding segment identifiers from sl=0 to sl=4 are 2:2, 3:3, 2:2, 1:1, 2:2, and at this time, the number of segment identifiers 2:2 in the segment routing header message 540 matched with the local segment identifier 2:2 of the routing node B520 is 3, which can indicate that the segment routing header message 540 passes through the routing node B520 for 3 times to form a loop, and the traffic loop phenomenon is detected.
Fig. 6 schematically illustrates a flow diagram for implementing flow loop detection and flow loop speed limiting in accordance with some embodiments of the present disclosure.
Referring to fig. 6, in step S610, the SRH loop detection module receives an SRH message;
step S620, the SRH-PA module parses all segment identifiers between sl=0 and sl=n (n is a SL value corresponding to the local segment identifier) of the SRH message;
Step S630, the SRH-CM module receives the segment identifier analyzed by the SRH-PA module, matches the segment identifier with the local segment identifier, judges whether the segment identifier in the SRH message contains the local segment identifier, if the segment identifier is compared, 2 or more segment identifiers in the SRH message are found to be matched with the local segment identifier of the network element, the SRH message can be considered to have loop risk, and step S640 is executed, otherwise, step S670 is executed;
Step S640, the SRH-PE module encapsulates the target field attribute in the SRH message, for example, the target field attribute may be opaque container tlv, which is used to mark the service flow corresponding to the SRH message;
Step S650, the SRH-ACL module generates an ACL rule according to the segment identification and the target field attribute of the SRH message, and matches and counts the number of times that the SRH message passes through the current network element, namely the looping number of the SRH message through the ACL rule;
step S660, the SRH-QoS module carries out flow rate limiting treatment on the service flow according to the ring forming times counted by the SRH-ACL module and the acquired incoming interface flow bandwidth;
Step S670, forwarding the SRH message.
It should be noted that although the steps of the methods of the present disclosure are illustrated in a particular order in the figures, this does not require or imply that the steps must be performed in that particular order or that all of the illustrated steps must be performed in order to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step to perform, and/or one step decomposed into multiple steps to perform, etc.
In addition, in the present exemplary embodiment, a service flow processing apparatus is also provided. Referring to fig. 7, the traffic processing apparatus 700 includes: the segment identifier determining module 710 is configured to obtain a segment routing header packet corresponding to a service flow, and determine a segment identifier included in the segment routing header packet; the traffic loop detection module 720 is configured to determine whether a traffic loop phenomenon exists in the traffic flow based on the segment identifier and the local segment identifier; the traffic loop speed limiting module 730 is configured to perform traffic speed limiting processing on the traffic if it is determined that the traffic has a traffic loop phenomenon.
In one example embodiment of the present disclosure, the flow loop detection module 720 may be configured to:
comparing the segment identifier with a local segment identifier;
If the number of the segment identifiers matched with the local segment identifiers is detected to be greater than or equal to a preset number threshold, determining that a traffic loop phenomenon exists in the traffic;
and if the number of the segment identifiers matched with the local segment identifiers is detected to be smaller than the number threshold, determining that the traffic flow does not have a flow loop phenomenon.
In one example embodiment of the present disclosure, the traffic handling device 700 further includes a normal forwarding module that may be used to:
and if the service flow is determined to have no flow loop phenomenon, forwarding the service flow according to the segment identification.
In one example embodiment of the present disclosure, the flow loop speed limit module 730 may include:
a target field attribute encapsulation unit, configured to encapsulate a target field attribute in the segment routing header packet if it is determined that the traffic flow has a flow loop phenomenon;
the loop forming times detection unit is used for determining the loop forming times of the service flow according to the target field attribute and the segment identification;
and the traffic speed limiting processing unit is used for carrying out traffic speed limiting processing on the service traffic based on the looping times.
In one example embodiment of the present disclosure, the loop forming number detection unit may be configured to:
generating an access control list according to the target field attribute and the segment identifier;
Determining that the segment routing header message forms a loop if the segment routing header message is matched with the access control list; and
Modifying the segment identification value in the target field attribute, and regenerating a new access control list for matching through the segment identification in the segment routing header message and the modified target field attribute;
And circularly executing the steps until the segment routing header message is not matched with the access control list, and determining the looping times of the service flow according to the modification times of the target field attribute.
In one example embodiment of the present disclosure, the traffic handling apparatus 700 may include an access control list aging module that may be configured to:
Acquiring a preset aging period;
And deleting the access control list if the segment routing header message matched with the access control list is not detected to pass in the aging period.
In one example embodiment of the present disclosure, the traffic-rate-limiting processing unit may be configured to:
Acquiring the traffic bandwidth of an ingress interface corresponding to the segment routing header message and a preset speed limit value mapping relation;
determining a target speed limit value according to the speed limit value mapping relation, the incoming interface flow bandwidth and the looping times;
And carrying out flow rate limiting processing on the service flow through the target rate limiting value.
The specific details of each module of the above-mentioned service flow processing device are described in detail in the corresponding service flow processing method, so that the details are not repeated here.
It should be noted that although several modules or units of the traffic handling device are mentioned in the above detailed description, this division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit in accordance with embodiments of the present disclosure. Conversely, the features and functions of one module or unit described above may be further divided into a plurality of modules or units to be embodied.
In addition, in the exemplary embodiment of the present disclosure, an electronic device capable of implementing the above-mentioned traffic flow processing method is also provided.
Those skilled in the art will appreciate that the various aspects of the present disclosure may be implemented as a system, method, or program product. Accordingly, various aspects of the disclosure may be embodied in the following forms, namely: an entirely hardware embodiment, an entirely software embodiment (including firmware, micro-code, etc.) or an embodiment combining hardware and software aspects may be referred to herein as a "circuit," module "or" system.
An electronic device 800 according to such an embodiment of the present disclosure is described below with reference to fig. 8. The electronic device 800 shown in fig. 8 is merely an example and should not be construed as limiting the functionality and scope of use of embodiments of the present disclosure.
As shown in fig. 8, fig. 8 is a block diagram of an electronic device 801 shown within a computing and communication environment, which electronic device 801 may be used to implement the communication network systems and methods disclosed herein. In some embodiments, the electronic device 801 may be an element in a communication network infrastructure, for example, the electronic device 801 may be a base station (e.g., nodeB, enhanced NodeB, eNodeB), next generation base station (sometimes referred to as gNodeB or gNB)), home subscriber server (home subscriber server, HSS), gateway (GW) (e.g., packet gateway (PACKET GATEWAY, PGW) or serving gateway (SERVING GATEWAY, SGW)), or various other nodes or functions within an evolved packet core (evolved packet core, EPC) network.
In other embodiments, the electronic device 801 may be a device connected to a network infrastructure through a wireless interface, for example, the electronic device 801 may be a cell phone, smart phone, or other such device that may be categorized as a User Equipment (UE).
In some embodiments, the electronic device 801 may also be a machine-to-machine (M2M) device (also referred to as a MACHINE TYPE communication) device or other such device that may be categorized as a UE (although no direct service is provided to the user).
In some embodiments, the electronic device 801 may also be a Mobile Device (MD), a term used to refer to a device connected to a mobile network, whether the device itself is designed or capable of movement. A particular device may use all or only a subset of the components shown, and the degree of integration may vary between devices. Further, an apparatus may include multiple instances of components, e.g., multiple processors, multiple memories, multiple transmitters, multiple receivers, and so forth.
The electronic device 801 may generally include a processor 802, such as a central processing unit (Central Processing Unit, CPU), and may also include a special purpose processor (e.g., a graphics processing unit (Graphics Processing Unit, GPU) or other such processor), memory 803, a network interface 804, and a bus 805 for connecting the various components in the electronic device 801. Electronic device 801 may also optionally include components such as mass storage device 806, video adapter 807, and I/O interface 808 (shown in phantom).
The memory 803 may comprise any type of non-transitory system memory readable by the processor 802, such as static random access memory (static random access memory, SRAM), dynamic random access memory (dynamic random access memory, DRAM), synchronous DRAM (SDRAM), read-only memory (ROM), or a combination thereof. In particular embodiments, memory 803 may include more than one type of memory, such as ROM for use at power-up and DRAM for storing programs and data for use in executing programs. Bus 805 may be one or more of any of several types of bus structures including a memory bus or memory controller, a peripheral bus, or a video bus.
The electronic device 801 may also include one or more network interfaces 804, and the one or more network interfaces 804 may include at least one of a wired network interface and a wireless network interface. As shown in fig. 8, the network interface 804 may include a wired network interface to a network 809, or may include a wireless access network interface 810 to other devices via wireless links. When the electronic device 801 is a network infrastructure, the radio access network interface 810 may be omitted for nodes or functions that function as elements of a Core Network (CN) rather than elements located at the wireless edge (e.g., enbs). When the electronic device 801 is an infrastructure located at the wireless edge of a network, both wired network interfaces and wireless network interfaces may be included. When the electronic device 801 is a wireless connected device (e.g., user equipment UE), the wireless access network interface 810 may exist and may be supplemented by other wireless interfaces such as Wi-Fi network interfaces. The network interface 804 enables the electronic device 801 to communicate with remote entities, such as entities connected to a network 809.
The mass memory 806 may include any type of non-transitory storage device for storing and making accessible via the bus 805 data, programs, and other information. For example, mass storage 806 may include one or more of a solid state disk, a hard disk drive, a magnetic disk drive, and an optical disk drive. In some embodiments, mass storage 806 may be remote from electronic device 801 and accessible through a network interface such as interface 804. In the illustrated embodiment, mass storage 806 is different from memory 803, which is included, and may generally perform storage tasks that are insensitive to high latency, but may generally provide little or no volatility. In some embodiments, mass storage 806 may be integrated with memory 803 to form heterogeneous memory.
Optional video adapter 807 and I/O interface 808 (shown in phantom) provide interfaces to couple electronic device 801 to external input and output devices. Examples of input and output devices include a display 811 coupled with a video adapter 807 and one or more I/O devices 812 (e.g., a touch screen) coupled with an I/O interface 808. Other devices may be coupled to the electronic device 801 and may use more or fewer interfaces. For example, a serial interface such as a universal serial bus (universal serial bus, USB) (not shown) may be used to provide an interface for external devices. Those skilled in the art will appreciate that in embodiments where electronic device 801 is part of a data center, I/O interface 808 and video adapter 807 may be virtualized and provided by network interface 804.
In some embodiments, the electronic device 801 may be a standalone device, while in other embodiments, the electronic device 801 may be located within a data center. In the art, a data center may be understood as a collection of computing resources (typically in the form of servers) that may serve as a collective computing and storage resource. Within a data center, multiple servers may be connected together to provide a pool of computing resources on which virtualized entities may instantiate. The data centers may be interconnected to form a network comprising computing and storage resource pools interconnected by connection resources. The connection resources may be physical connections, such as ethernet or optical communication links, and may also include wireless communication channels. If two different data centers are connected by multiple different communication channels, the links may be combined together using any of a number of techniques, including forming a link aggregation group (link aggregation group, LAG). It should be appreciated that any or all of the computing resources, storage resources, and connection resources (as well as other resources within the network) may be partitioned between different subnets, in some cases in the form of resource slices. If resources across multiple connected data centers or other node sets are sliced, different network slices can be created.
From the above description of embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or in combination with the necessary hardware. Thus, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a U-disk, a mobile hard disk, etc.) or on a network, and includes several instructions to cause a computing device (may be a personal computer, a server, a terminal device, or a network device, etc.) to perform the method according to the embodiments of the present disclosure.
In an exemplary embodiment of the present disclosure, a computer-readable storage medium having stored thereon a program product capable of implementing the method described above in the present specification is also provided. In some possible embodiments, the various aspects of the present disclosure may also be implemented in the form of a program product comprising program code for causing a terminal device to carry out the steps according to the various exemplary embodiments of the disclosure as described in the "exemplary methods" section of this specification, when the program product is run on the terminal device.
Referring to fig. 9, a program product 900 for implementing the above-described traffic flow processing method according to an embodiment of the present disclosure is described, which may employ a portable compact disc read only memory (CD-ROM) and include program code, and may be run on a terminal device, such as a personal computer. However, the program product of the present disclosure is not limited thereto, and in this document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. The readable storage medium can be, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium would include the following: an electrical connection having one or more wires, a portable disk, a hard disk, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The computer readable signal medium may include a data signal propagated in baseband or as part of a carrier wave with readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations of the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).
Furthermore, the above-described figures are only schematic illustrations of processes included in the method according to the exemplary embodiments of the present disclosure, and are not intended to be limiting. It will be readily appreciated that the processes shown in the above figures do not indicate or limit the temporal order of these processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, for example, among a plurality of modules.
From the above description of embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or in combination with the necessary hardware. Thus, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a U-disk, a mobile hard disk, etc.) or on a network, and includes several instructions to cause a computing device (may be a personal computer, a server, a touch terminal, or a network device, etc.) to perform the method according to the embodiments of the present disclosure.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any adaptations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
It is to be understood that the present disclosure is not limited to the precise arrangements and instrumentalities shown in the drawings, and that various modifications and changes may be effected without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.
Claims (9)
1. A method for processing traffic, comprising:
acquiring a segment routing header message corresponding to service flow, and determining a segment identifier contained in the segment routing header message;
Determining whether a traffic loop phenomenon exists in the service traffic based on the segment identifier and the local segment identifier;
if the traffic loop phenomenon exists in the traffic flow, performing traffic speed limiting processing on the traffic flow;
the traffic speed limiting processing for the traffic comprises the following steps:
Generating an access control list according to the target field attribute and the segment identifier; the target field attribute is used for indicating the data of the route header message of the identification section;
Determining that the segment routing header message forms a loop if the segment routing header message is matched with the access control list; and
Modifying the segment identification value in the target field attribute, and regenerating a new access control list for matching through the segment identification in the segment routing header message and the modified target field attribute;
circularly executing the steps until the segment routing header message is not matched with the access control list, and determining the looping times of the service flow according to the modification times of the target field attribute;
and carrying out flow rate limiting treatment on the service flow according to the looping times.
2. The traffic flow processing method according to claim 1, wherein said determining whether the traffic flow has a flow loop phenomenon based on the segment identification and a local segment identification comprises:
comparing the segment identifier with a local segment identifier;
If the number of the segment identifiers matched with the local segment identifiers is detected to be greater than or equal to a preset number threshold, determining that a traffic loop phenomenon exists in the traffic;
and if the number of the segment identifiers matched with the local segment identifiers is detected to be smaller than the number threshold, determining that the traffic flow does not have a flow loop phenomenon.
3. The traffic handling method according to claim 1 or 2, characterized in that the method further comprises:
and if the service flow is determined to have no flow loop phenomenon, forwarding the service flow according to the segment identification.
4. The method for processing traffic according to claim 1, wherein if it is determined that the traffic has a traffic loop phenomenon, performing traffic speed limiting processing on the traffic comprises:
if the traffic loop phenomenon exists in the traffic flow, the target field attribute is encapsulated in the segment routing header message;
determining the looping times of the service flow according to the target field attribute and the segment identifier;
and carrying out flow rate limiting processing on the service flow based on the looping times.
5. The traffic handling method according to claim 1, wherein the method further comprises:
Acquiring a preset aging period;
And deleting the access control list if the segment routing header message matched with the access control list is not detected to pass in the aging period.
6. The traffic processing method according to claim 4, wherein the traffic rate limiting processing based on the number of looping times includes:
Acquiring the traffic bandwidth of an ingress interface corresponding to the segment routing header message and a preset speed limit value mapping relation;
determining a target speed limit value according to the speed limit value mapping relation, the incoming interface flow bandwidth and the looping times;
And carrying out flow rate limiting processing on the service flow through the target rate limiting value.
7. A traffic handling device, comprising:
the segment identification determining module is used for acquiring a segment routing header message corresponding to the service flow and determining a segment identification contained in the segment routing header message;
the traffic loop detection module is used for determining whether traffic loop phenomenon exists in the service traffic based on the segment identifier and the local segment identifier;
The traffic loop speed limiting module is used for carrying out traffic speed limiting processing on the traffic flow if the traffic flow is determined to have the traffic loop phenomenon;
the traffic speed limiting processing for the traffic comprises the following steps:
Generating an access control list according to the target field attribute and the segment identifier; the target field attribute is used for indicating the data of the route header message of the identification section;
Determining that the segment routing header message forms a loop if the segment routing header message is matched with the access control list; and
Modifying the segment identification value in the target field attribute, and regenerating a new access control list for matching through the segment identification in the segment routing header message and the modified target field attribute;
circularly executing the steps until the segment routing header message is not matched with the access control list, and determining the looping times of the service flow according to the modification times of the target field attribute;
and carrying out flow rate limiting treatment on the service flow according to the looping times.
8. An electronic device, comprising:
A processor; and
A memory having stored thereon computer readable instructions which, when executed by the processor, implement the traffic flow processing method according to any of claims 1 to 6.
9. A computer readable storage medium having stored thereon a computer program which when executed by a processor implements the traffic flow processing method according to any of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210814539.5A CN115134303B (en) | 2022-07-11 | 2022-07-11 | Service flow processing method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210814539.5A CN115134303B (en) | 2022-07-11 | 2022-07-11 | Service flow processing method and device, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115134303A CN115134303A (en) | 2022-09-30 |
| CN115134303B true CN115134303B (en) | 2024-07-02 |
Family
ID=83383901
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210814539.5A Active CN115134303B (en) | 2022-07-11 | 2022-07-11 | Service flow processing method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115134303B (en) |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111431800A (en) * | 2020-03-20 | 2020-07-17 | 新华三技术有限公司合肥分公司 | Method, device and equipment for establishing path and machine-readable storage medium |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9807001B2 (en) * | 2014-07-17 | 2017-10-31 | Cisco Technology, Inc. | Segment routing using a remote forwarding adjacency identifier |
| US10764175B1 (en) * | 2019-03-19 | 2020-09-01 | Cisco Technology, Inc. | Validating resource isolation between network slices in a mobile network |
| CN112350934A (en) * | 2019-08-07 | 2021-02-09 | 中国电信股份有限公司 | Data transmission method, network node and data transmission system |
| CN111314219B (en) * | 2020-02-24 | 2022-12-09 | 苏州盛科通信股份有限公司 | Efficient forwarding method and device for IPv6 segmented routing |
| CN114531398A (en) * | 2020-10-30 | 2022-05-24 | 华为技术有限公司 | Message forwarding method and related device |
| CN114679405B (en) * | 2022-04-12 | 2023-07-25 | 烽火通信科技股份有限公司 | SRv6 message forwarding method, storage medium, electronic equipment and device |
-
2022
- 2022-07-11 CN CN202210814539.5A patent/CN115134303B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111431800A (en) * | 2020-03-20 | 2020-07-17 | 新华三技术有限公司合肥分公司 | Method, device and equipment for establishing path and machine-readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115134303A (en) | 2022-09-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11838802B2 (en) | Slice information processing method and apparatus | |
| US20210399989A1 (en) | Method and device for data transmission, method and device for quality of service flow management, and storage medium | |
| CN111758279A (en) | Tracking QoS violation events | |
| US20220256390A1 (en) | Quality of service information notification method, device, and system | |
| JP2008104152A (en) | Packet transmission apparatus of communication system | |
| CN113630796A (en) | Service quality monitoring method, equipment and system | |
| CN110634057B (en) | Charging method, device and system | |
| US11165716B2 (en) | Data flow processing method and device | |
| US20240048479A1 (en) | Packet Forwarding Method and Apparatus, Network Device, and Storage Medium | |
| US11212230B2 (en) | Quality of service control method, device, and system | |
| CN111092840A (en) | Processing strategy generation method, system and storage medium | |
| EP3310093B1 (en) | Traffic control method and apparatus | |
| WO2020169039A1 (en) | Policy management method and device | |
| CN113726657A (en) | Message forwarding method, device, system, equipment and storage medium | |
| CN115550271A (en) | Time-sensitive network data processing method, device, equipment and storage medium | |
| CN115134303B (en) | Service flow processing method and device, electronic equipment and storage medium | |
| EP4187865A1 (en) | Network layer reachable information transmission method, system and apparatus, and network device | |
| CN108880971B (en) | Capacity expansion method and device for virtual broadband remote access server vBRAS resource pool | |
| CN112995068A (en) | Data transmission method, device and system | |
| CN116192761A (en) | Message forwarding method, forwarding layer device, system, electronic device and storage medium | |
| US11870707B2 (en) | Bandwidth management and configuration method for cloud service, and related apparatus | |
| CN104770000B (en) | Congestion upload control method and apparatus and system | |
| CN115694998A (en) | Security detection method and device, electronic equipment and storage medium | |
| CN115150308A (en) | Traffic statistical method and device | |
| CN115002808A (en) | Information forwarding method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |