阅读说明：本技术 网络流量控速的方法以及装置 (Method and device for controlling network flow speed ) 是由 汤明 于 2021-10-12 设计创作，主要内容包括：本说明书实施例提供网络流量控速的方法以及装置,其中所述网络流量控速的方法包括：预先设置多个不同统计维度的集合,其中不同统计维度的集合对应不同数据包特征；响应于接收到数据包,通过将所述数据包的报文头部信息与各个集合的数据包特征进行比较,确定所述数据包匹配的一个或多个集合；将所述数据包关联到匹配的一个或多个集合；对所述一个或多个集合关联的数据包分别进行流量统计,得到所述一个或多个集合各自的计量结果；根据所述一个或多个集合各自的计量结果,对所述数据包下发对应的控速指令。(The embodiment of the specification provides a method and a device for controlling the speed of network traffic, wherein the method for controlling the speed of the network traffic comprises the following steps: presetting a plurality of sets of different statistical dimensions, wherein the sets of different statistical dimensions correspond to different data packet characteristics; in response to receiving a data packet, determining one or more sets that the data packet matches by comparing message header information of the data packet to data packet characteristics of the respective sets; associating the data packets to one or more sets of matches; respectively carrying out flow statistics on the data packets associated with the one or more sets to obtain respective metering results of the one or more sets; and issuing corresponding speed control instructions to the data packets according to the respective metering results of the one or more sets.)

1. A method of network traffic speed control, comprising:

presetting a plurality of sets of different statistical dimensions, wherein the sets of different statistical dimensions correspond to different data packet characteristics;

in response to receiving a data packet, determining one or more sets that the data packet matches by comparing message header information of the data packet to data packet characteristics of the respective sets;

associating the data packets to one or more sets of matches;

respectively carrying out flow statistics on the data packets associated with the one or more sets to obtain respective metering results of the one or more sets;

and issuing corresponding speed control instructions to the data packets according to the respective metering results of the one or more sets.

2. The method of claim 1, applied to a programmable chip;

the presetting of a plurality of sets of different statistical dimensions includes:

the control surface of the programmable chip issues a first table item containing data packet characteristics corresponding to a plurality of sets to a data surface, wherein the data surface in the programmable chip is used for establishing the plurality of sets, and the data packet characteristics corresponding to the sets are determined according to the first table item;

the issuing of the corresponding speed control instruction to the data packet according to the respective metering result of the one or more sets includes:

and the control surface of the programmable chip issues a second table entry for executing a corresponding speed control instruction on the data packet to a data surface according to the aggregated metering result, wherein the data surface in the programmable chip is used for executing the corresponding speed control instruction on the data packet according to the second table entry.

3. The method of claim 1, wherein performing traffic statistics on the one or more sets to obtain respective metering results of the one or more sets comprises:

and respectively carrying out flow statistics on the one or more sets based on the hardware counters configured for the one or more sets respectively to obtain the respective metering results of the one or more sets.

4. The method of claim 3, applied to a programmable chip supporting the P4 language, wherein the hardware counter is a meter counter;

the performing flow statistics on the one or more sets respectively based on the hardware counters configured for the one or more sets respectively to obtain the respective metering results of the one or more sets includes:

and carrying out flow statistic dyeing on the sets based on the meter counters respectively configured for the one or more sets, wherein the meter counters return different colors corresponding to the metering results in different ranges.

5. The method of claim 4, wherein issuing a corresponding speed control command to the packet according to the respective metering result of the one or more sets comprises:

and if the meter counter of any set returns to the preset first color, a packet loss instruction is issued to the data packet.

6. The method of claim 4, wherein issuing a corresponding speed control command to the packet according to the respective metering result of the one or more sets comprises:

and if no aggregate meter counter returns to the preset first color, issuing a release instruction to the data packet.

7. The method of claim 4, further comprising:

and if the set of meter counters with the number exceeding the preset alarm number returns to the preset second color, executing preset alarm processing logic.

8. An apparatus for controlling the speed of network traffic, comprising:

the set setting module is configured to preset a plurality of sets of different statistical dimensions, wherein the sets of different statistical dimensions correspond to different data packet characteristics;

a set matching module configured to determine, in response to receiving a data packet, one or more sets that the data packet matches by comparing packet header information of the data packet to packet characteristics of the respective sets;

a set association module configured to associate the data packets to one or more sets of matches;

the metering module is configured to perform flow statistics on the data packets associated with the one or more sets respectively to obtain respective metering results of the one or more sets;

and the speed control module is configured to issue a corresponding speed control instruction to the data packet according to the respective metering result of the one or more sets.

9. A computing device, comprising:

a memory and a processor;

the memory is to store computer-executable instructions, and the processor is to execute the computer-executable instructions to:

presetting a plurality of sets of different statistical dimensions, wherein the sets of different statistical dimensions correspond to different data packet characteristics;

in response to receiving a data packet, determining one or more sets that the data packet matches by comparing message header information of the data packet to data packet characteristics of the respective sets;

associating the data packets to one or more sets of matches;

respectively carrying out flow statistics on the data packets associated with the one or more sets to obtain respective metering results of the one or more sets;

and issuing corresponding speed control instructions to the data packets according to the respective metering results of the one or more sets.

10. A computer readable storage medium storing computer executable instructions which, when executed by a processor, perform the steps of the method of network traffic speed control according to any one of claims 1 to 7.

Technical Field

The embodiment of the specification relates to the technical field of internet, in particular to a method for controlling network traffic speed. One or more embodiments of the present specification also relate to an apparatus for controlling network traffic, a computing device, and a computer-readable storage medium.

Background

In cloud computing, a set of physical network infrastructure carries network traffic of a large number of users. At present, the industry generally concentrates the flow on a server, calculates the flow through a CPU of the server, and controls the flow speed according to the user.

However, in the cloud computing era, traffic is explosively increasing, and the use of traffic is more complicated. For example, a project application may face many customers, and a customer may use many products. Therefore, the current flow rate control mode is difficult to achieve accurate rate control.

Disclosure of Invention

In view of this, the embodiments of the present disclosure provide a method for controlling a network traffic rate. One or more embodiments of the present disclosure also relate to an apparatus for controlling network traffic, a computing device, and a computer-readable storage medium, which are used to solve the technical problems in the prior art.

According to a first aspect of embodiments herein, there is provided a method for controlling speed of network traffic, including: presetting a plurality of sets of different statistical dimensions, wherein the sets of different statistical dimensions correspond to different data packet characteristics; in response to receiving a data packet, determining one or more sets that the data packet matches by comparing message header information of the data packet to data packet characteristics of the respective sets; associating the data packets to one or more sets of matches; respectively carrying out flow statistics on the data packets associated with the one or more sets to obtain respective metering results of the one or more sets; and issuing corresponding speed control instructions to the data packets according to the respective metering results of the one or more sets.

Optionally, the method is applied to a programmable chip, and the presetting of a set of a plurality of different statistical dimensions includes: a control plane of a programmable chip issues a first table item containing data packet characteristics corresponding to a plurality of sets to a data plane, wherein the data plane in the programmable chip is used for establishing the plurality of sets, and the data packet characteristics corresponding to the sets are determined according to the first table item; the issuing of the corresponding speed control instruction to the data packet according to the respective metering result of the one or more sets includes: and the control surface of the programmable chip issues a second table entry for executing a corresponding speed control instruction on the data packet to a data surface according to the aggregated metering result, wherein the data surface in the programmable chip is used for executing the corresponding speed control instruction on the data packet according to the second table entry.

Optionally, the performing flow statistics on the one or more sets respectively to obtain respective metering results of the one or more sets includes: and respectively carrying out flow statistics on the one or more sets based on the hardware counters configured for the one or more sets respectively to obtain the respective metering results of the one or more sets.

Optionally, the method is applied to a programmable chip supporting a P4 language, and the hardware counter is a meter counter; the performing flow statistics on the one or more sets respectively based on hardware counters provided by the programmable chip and configured for the one or more sets respectively to obtain a metering result for each of the one or more sets includes: and carrying out flow statistic dyeing on the sets based on the meter counters respectively configured for the one or more sets, wherein the meter counters return different colors corresponding to the metering results in different ranges.

Optionally, the issuing, according to the respective metering result of the one or more sets, a corresponding speed control instruction to the data packet includes: and if the meter counter of any set returns to the preset first color, a packet loss instruction is issued to the data packet.

Optionally, the issuing, according to the respective metering result of the one or more sets, a corresponding speed control instruction to the data packet includes: and if no aggregate meter counter returns to the preset first color, issuing a release instruction to the data packet.

Optionally, the method further comprises: and if the set of meter counters with the number exceeding the preset alarm number returns to the preset second color, executing preset alarm processing logic.

According to a second aspect of the embodiments of the present specification, there is provided an apparatus for controlling a network traffic speed, including: the set setting module is configured to preset a plurality of sets of different statistical dimensions, wherein the sets of different statistical dimensions correspond to different data packet characteristics. A set matching module configured to determine, in response to receiving a data packet, one or more sets that the data packet matches by comparing packet header information of the data packet to packet characteristics of the respective sets. A set association module configured to associate the data packets to the matched one or more sets. And the metering module is configured to perform flow statistics on the data packets associated with the one or more sets respectively to obtain respective metering results of the one or more sets. And the speed control module is configured to issue a corresponding speed control instruction to the data packet according to the respective metering result of the one or more sets.

According to a third aspect of embodiments herein, there is provided a computing device comprising: a memory and a processor; the memory is to store computer-executable instructions, and the processor is to execute the computer-executable instructions to: presetting a plurality of sets of different statistical dimensions, wherein the sets of different statistical dimensions correspond to different data packet characteristics; in response to receiving a data packet, determining one or more sets that the data packet matches by comparing message header information of the data packet to data packet characteristics of the respective sets; associating the data packets to one or more sets of matches; respectively carrying out flow statistics on the data packets associated with the one or more sets to obtain respective metering results of the one or more sets; and issuing corresponding speed control instructions to the data packets according to the respective metering results of the one or more sets.

According to a fourth aspect of embodiments herein, there is provided a computer-readable storage medium storing computer-executable instructions that, when executed by a processor, perform the steps of a method for network traffic speed control according to any of the embodiments herein.

One embodiment of the present specification provides a method for controlling network traffic, where in the method, data packet features corresponding to sets of different statistical dimensions are preset, in response to receiving a data packet, one or more sets matched with the data packet are determined by comparing packet header information of the data packet with the data packet features of the sets, the data packet is associated with the one or more sets matched with the data packet, traffic statistics is performed on the data packet associated with the one or more sets, respective measurement results of the one or more sets are obtained, and a corresponding speed control instruction is issued to the data packet according to the respective measurement results of the one or more sets, so as to achieve an effect of multidimensional accurate speed control.

Drawings

FIG. 1 is a flow chart of a method for controlling the speed of network traffic according to an embodiment of the present disclosure;

FIG. 2 is a schematic diagram of an association between a packet and a collection provided by an embodiment of the present disclosure;

FIG. 3 is a schematic diagram of a network architecture provided by one embodiment of the present description;

fig. 4 is a schematic structural diagram of a device for controlling network traffic speed according to an embodiment of the present disclosure;

fig. 5 is a block diagram of a computing device according to an embodiment of the present disclosure.

Detailed Description

In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present description. This description may be embodied in many different forms and should not be construed as limited to the embodiments set forth herein, as those skilled in the art will be able to make and use the present disclosure without departing from the spirit and scope of the present disclosure.

The terminology used in the description of the one or more embodiments is for the purpose of describing the particular embodiments only and is not intended to be limiting of the description of the one or more embodiments. As used in one or more embodiments of the present specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used in one or more embodiments of the present specification refers to and encompasses any and all possible combinations of one or more of the associated listed items.

It will be understood that, although the terms first, second, etc. may be used herein in one or more embodiments to describe various information, these information should not be limited by these terms. These terms are only used to distinguish one type of information from another. For example, a first can also be referred to as a second and, similarly, a second can also be referred to as a first without departing from the scope of one or more embodiments of the present description. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.

First, the noun terms to which one or more embodiments of the present specification relate are explained.

P4: programming Protocol-independent Packet Processors, is a language for Programming p4 programmable chip devices.

The programmable chip comprises: a general component in a network device, for example, can be a programmable switching chip, such as a TOFINO programmable switching chip based on the P4 programmable chip language, and a user can realize a logic function required by the user through programming, and the network device has the advantages of high degree of freedom, short period, low cost and the like.

And (3) flow statistics: also called metering, is to count the number of network data messages entering and exiting and the bandwidth entering and exiting (the size of each message may be different).

Class G: refers to the size of the traffic bandwidth per second.

Multi-dimensional: the method comprises different dimensions of a message, such as user dimension, project dimension, in-out dimension and the like.

Flow rate control: the flow rate is controlled, for example, in the pps dimension and the bps dimension.

pps：packet per second。

bps：bytes per second。

A meter: a meter.

In the present specification, a method for controlling network traffic speed is provided, and the present specification also relates to an apparatus for controlling network traffic speed, a computing device, and a computer-readable storage medium, which are described in detail in the following embodiments one by one.

Fig. 1 is a flowchart illustrating a method for controlling the speed of network traffic according to an embodiment of the present disclosure, which includes steps 102 to 110.

Step 102: and presetting a plurality of sets of different statistical dimensions, wherein the sets of different statistical dimensions correspond to different data packet characteristics.

One set corresponds to one statistical dimension, one statistical dimension may correspond to one or more elements, and one or more elements may be determined by the packet characteristics. Thus, the set of different statistical dimensions appears to correspond to different packet characteristics. The at least one item of information is different in the different sets of packet characteristics, e.g., the difference between the different sets of packet characteristics includes at least one different IP address and/or port. For example: one statistical dimension may correspond to one or more elements of a customer, a product, an instance, a direction, etc., assuming that the statistical dimension of set 1 corresponds to one element of a user a, the statistical dimension of set 2 corresponds to one element of a P1 product, and the statistical dimension of set 3 corresponds to multiple elements of P1 product of a user a + all products of a user B. The data packet characteristics of these elements can be determined according to the product purchased by the customer. For example, each product typically corresponds to a different IP address plan, and each customer may purchase multiple products, and thus, the packet characteristics that determine these elements may be IP address, port, etc.

Step 104: in response to receiving a data packet, determining one or more sets that the data packet matches by comparing message header information of the data packet to data packet characteristics of the respective sets.

For example, a TCP/UDP five-tuple may be included in the packet header information, and the IP address and port information in the five-tuple may be compared with the IP address and port information in the packet characteristics.

Step 106: associating the data packets to the matched set or sets.

For example, the comparison and association may be based on the tcp/udp quintuple of the packet by means of techniques of access control lists. The association of packets with sets is schematically illustrated in fig. 2. One packet may be associated with multiple sets and multiple packets may be associated with a set.

Step 108: and respectively carrying out flow statistics on the data packets associated with the one or more sets to obtain respective metering results of the one or more sets.

Step 110: and issuing corresponding speed control instructions to the data packets according to the respective metering results of the one or more sets.

For example, the range of the metering result can be judged, if the metering result exceeds the range of the speed limit, a packet loss instruction can be issued, and if the metering result does not exceed the range of the speed limit, an release instruction can be issued. Of course, a corresponding speed control policy may also be set according to the requirement of the implementation scenario on speed control, and a corresponding speed control instruction is generated, for example, the transmission speeds of different transmission links are different, and a data packet may be sent to a link matched with the measurement result for transmission, and the like.

The method comprises the steps of presetting sets of different statistical dimensions, wherein the sets of the different statistical dimensions correspond to different data packet characteristics, determining one or more sets matched with data packets by comparing message header information of the data packets with the data packet characteristics of the sets in response to receiving the data packets, associating the data packets to the matched one or more sets, carrying out flow statistics on the data packets associated with the one or more sets respectively to obtain respective metering results of the one or more sets, and issuing corresponding speed control instructions to the data packets according to the respective metering results of the one or more sets, so that the effect of multi-dimensional accurate flow speed control is achieved.

For example, in cloud computing, a set of physical network infrastructure carries various network traffic such as multiple users, multiple projects, multiple systems, etc. For example, network traffic may be first divided into the following elements: the product is as follows: such as products P1, P2, P3; tenant elements: a, B and C tenants; direction element: IN flow IN direction, OUT flow OUT direction; wherein any combination of tenants and products is possible.

According to the method provided by the embodiment of the present specification, the following sets of different dimensions can be divided as required, so as to realize the speed limit of the whole traffic (for example, the speed limit can be performed according to the total bandwidth bps of the message per second), for example:

1. the speed limit of the statistical dimension of a single element comprises the following three sets:

total IN/OUT flow of P1 product;

total flow of P2 product IN/OUT:

total flow of A tenant IN/OUT:

2. the rate limit for the statistical dimension of the combined elements includes the following three sets:

IN/OUT traffic of a tenant on P1 products:

b tenant Total IN/OUT traffic on P2 and P3 products:

a and C tenants total IN/OUT traffic on the P3 product.

The statistical dimension of the single element can be set according to the overall flow rate limit requirement of the individual, for example, only the flow rate limit of the bps dimension is needed for the P1 product. The statistical dimension of the combined elements can be set according to some associated overall traffic speed limit requirements, for example, although the B-user buys P1, P2 and P3 products, the P2 and P3 do not want to be too thin and want to share one bandwidth packet.

The cloud carries traffic generated by a plurality of companies, projects, directions and other different angles. The project as a whole can often reach 100G bandwidth per second. For example, a company has many projects, often reaching hundreds of G per second. However, the processing power of one server is limited because the performance of cpu and the like cannot handle hundreds of G traffic. In order to improve throughput of multidimensional accurate traffic speed control, considering the T-level processing capability of the programmable chip hardware, the method can overcome the barrier that a single server can only perform speed limiting below 100Gbps, and therefore, in one or more embodiments of the present specification, the method for network traffic speed control can be applied to the programmable chip, traffic is concentrated to the programmable chip, and the programmable chip to which the method provided by the embodiments of the present specification is applied performs traffic speed control.

It should be noted that, when the method provided in the embodiment of the present specification is implemented based on a programmable chip, the entry may be issued through the cooperation of a control plane and a data plane for control, or the entry may be fixed in a chip code for control, which is not limited by the method provided in the embodiment of the present specification.

Data plane: the forwarding plane and the data forwarding plane are mainly responsible for actually forwarding network data packets according to forwarding table entries, and the table entries required in the forwarding process are generated by the control layer. The data plane runs on network card hardware or interactive chip hardware. The basic logic of the data plane is determined by the code written on the chip.

Control plane: the control plane (control plane) is mainly responsible for generating the table entries, and the control plane issues the table entries to the data plane. After the data packet enters the network device, forwarding is performed according to the table entry. The control plane runs on software, typically at the software level controlled by the CPU.

In view of the need for flexible adjustment, in one or more embodiments of the present disclosure, the table entry is issued through cooperation between the control plane and the data plane for control. Specifically, the presetting of a set of a plurality of different statistical dimensions includes: and a control plane of the programmable chip issues a first table item containing data packet characteristics corresponding to each of a plurality of sets to a data plane, wherein the data plane in the programmable chip is used for establishing the plurality of sets, and the data packet characteristics corresponding to the sets are determined according to the first table item. For example, codes may be written in a programmable chip to establish a plurality of sets, characteristics of data packets corresponding to the sets may be determined according to the first entry, one or more sets that match the data packets may be determined by comparing packet header information of the data packets with characteristics of the data packets of the respective sets in response to receiving the data packets, the data packets may be associated with the matched one or more sets, and traffic statistics may be performed on the data packets associated with the one or more sets, respectively, to obtain respective metering results of the one or more sets. The issuing of the corresponding speed control instruction to the data packet according to the respective metering result of the one or more sets includes: and the control surface of the programmable chip issues a second table entry for executing a corresponding speed control instruction on the data packet to a data surface according to the aggregated metering result, wherein the data surface in the programmable chip is used for executing the corresponding speed control instruction on the data packet according to the second table entry. For example, a code may be written in the programmable chip to cause the data plane to execute the corresponding speed control instruction on the data packet according to the second table entry.

In the method provided in the embodiment of the present specification, a specific statistical manner for the statistical flow is not limited. For example, since the accuracy of the hardware counter is high, and accurate speed control can be achieved, in one or more embodiments of the present specification, the performing flow statistics on one or more sets respectively to obtain respective metering results of the one or more sets includes: and respectively carrying out flow statistics on the one or more sets based on the hardware counters configured for the one or more sets respectively to obtain the respective metering results of the one or more sets. In the embodiment, the hardware counters are respectively configured for a plurality of sets of multiple dimensions, and the effect of accurate speed control is achieved through high-precision measurement of the hardware counters.

For example, the method provided by the embodiments of the present specification may be applied to a programmable chip supporting the P4 language, and the hardware counter may be a meter counter. In the programmable chip supporting the P4 language, the meter is a function provided by the chip, and the bottom layer of the meter counter is implemented by hardware, which is not only convenient for statistics, but also has high accuracy. In the method provided by the embodiment of the present specification, several ranges may be defined by presetting a water level threshold, and each range is represented by a different color. For each set, a function of the meter counter is called and the meter can return a color to represent the metering result. For example, each time a packet is received by the P4 chip, a meter function may be called to obtain a set of metering results associated with the packet. The meter indicates the range of the metering result by returning a color, such as red indicating that the range is exceeded, yellow indicating that the range is about to be exceeded, and green indicating that the range is within. The performing flow statistics on the one or more sets respectively based on the hardware counters configured for the one or more sets respectively to obtain the respective metering results of the one or more sets includes: and carrying out flow statistic dyeing on the sets based on the meter counters respectively configured for the one or more sets, wherein the meter counters return different colors corresponding to the metering results in different ranges. Similar to the method of meter measurement dyeing, the method can also be implemented by other hardware methods such as register simulation, and the method provided in the embodiments of the present specification is not limited thereto.

It should be noted that, the method provided in the embodiment of the present specification is not limited to specific contents of the speed control commands corresponding to different ranges. The setting can be specifically carried out according to the implementation scene requirements. And aiming at the messages with different color sets, corresponding different processing flows can be entered.

For example, in order to make the flow control within the allowable range in consideration of the requirement of speed limit, the issuing a corresponding speed control instruction to the data packet according to the respective metering result of the one or more sets may include: and if the meter counter of any set returns to the preset first color, a packet loss instruction is issued to the data packet. In this embodiment, the first color, for example, red, represents a range exceeding the speed limit threshold, and the data packets within the range can be subjected to packet loss processing, so as to meet the requirement of the speed limit.

Accordingly, if no set returns the first color, indicating that no set exceeds the speed limit, the packet may be released. Therefore, the issuing a corresponding speed control instruction to the data packet according to the respective measurement result of the one or more sets may include: and if no aggregate meter counter returns to the preset first color, issuing a release instruction to the data packet.

In addition, in order to achieve a better speed limiting effect, one or more embodiments of the present specification may further include: and if the set of meter counters with the number exceeding the preset alarm number returns to the preset second color, executing preset alarm processing logic. In this embodiment, a second color, such as yellow, may indicate that the range of speed limit thresholds is about to be exceeded by executing preset alarm handling logic, such as: whether the packet is lost or not can be determined according to other preset factors, and for example, alarm information can be sent to a background management terminal, and for example, the alarm information can be sent to a related user, and the like, so that the purpose that the user exceeds the speed limit for use can be effectively avoided.

The following describes the network traffic speed control method further by taking an example of an application of the network traffic speed control method provided in this specification to perform multidimensional accurate hundred-G-level traffic BPS speed limitation based on a programmable chip technology supporting P4 programming language, with reference to fig. 3. Fig. 3 shows a schematic diagram of a network architecture provided in an embodiment of the present specification. As shown in fig. 3, the programmable chip may be provided in a network device. The network device may receive packets from any one or more switches or any one or more servers through a network or fiber in the message ingress direction. After the data packets are streamed in, the P4 chip first attributes the data packets into different sets, each set having a respective identification such as: set 1 is identified as id1, set 2 is identified as id2, and set n is identified as idn. Each set is individually configured with a hardware counter meter. The meter counter counts the flow and returns different colors according to the metering results in different ranges. Incoming packets are decided according to the color returned by the respective counters, e.g. may be dropped or cleared to arrive. After the flow rate control, the released data packet is sent to any one or more switches or any one or more servers through a network or an optical fiber in the message outflow direction. The following will explain each step in detail:

the P4 chips, upon receiving a packet, first associate the packet into one or more sets. Wherein different sets may be of different dimensions. For example:

set 1: flow IN direction: the source IP is 1.1.1.1 to 2.2.2.2 TCP 80 port.

Set 2: direction of flow OUT: the source IP is 3.3.3.3 to access 4.4.4.4 internet.

Each packet may be parsed into one or more dimensions. For example, IN the IN direction, the target IP is 2.2.2.2, and the target port is 80 ports, representing the dimensions: customer a + P1 load balancing product + instance 1+ direction is the IN direction. As another example, in the OUT direction, the dimension represented by source IP 3.3.3.3 access 4.4.4.4 is: the customer B + P2 side intercommunication product + instance 2+ direction is the OUT direction. Based on the resolved dimensions, the data packets may be associated to a set of matches.

Before receiving the data packet, the following programming codes can be written on the chip in advance by using the MATCH-ACTION rule of the P4 language to establish a plurality of sets:

// user id: user _ id:

// project broad class: gw _ type: such as four-layer load balancing products, security products, network acceleration products, and the like.

// direction: such as direction: ISP _ TO _ GW, GW _ TO _ ISP, NC _ TO _ GW, GW _ TO _ NC

actionset_index(

bit<32>user_id,

bit<8>gw_type,

bit<8> direction,

bit<16>ext_id

){

ig _ md. ens _ property. user _ id = user _ id// as associated to set 1- > this set represents user a

ig _ md. ens _ property. gw _ type = gw _ type// as related to set 2- > this set represents product P

ig _ md. ens _ property. direction = direction// if associated to set 3- > this set represents the direction

// configurable statistics additional 2k detail sessions

ig _ md. ens _ property. f _ ext _ id = ext _ id// this set, if associated to set 4- > may additionally handle some other specifically associated speed limit

tablemark_pkt_set{

key = {

ig_md.ip_dst_addr_index : ternary;

ig_md.ip_src_addr_index : ternary;

lkp.vni : ternary;

lkp.ip_proto : ternary;

lkp.l4_dst_port : ternary;

lkp.l4_src_port : ternary

}

actions = {

set_index;

NoAction;

}

constdefault_action = NoAction;

size = 4096;

}

As can be seen by the code, the code builds a set of dimensions. The P4 chip may issue specific entries corresponding to each set in the control plane. For example, the control plane issues: l4_ src _ port 1.1.1.0/24 for user _ id =1 (client a); and gw _ type is a specific entry of 2 (product P1). For another example, the control plane issues: vni is 10000 for user _ id =1 (client a); and gw _ type =3 (product P2).

Wherein a certain set of data packet associations may be used to handle the associated speed limit, for example: the P1 product of the A user + the P2 product of the A user collectively share one speed limit, and the P1 product of the A user + the P1 product of the B user collectively share one speed limit. However, in actual production, as a scenario corresponding to "set 1": a user has a plurality of product applications such as P1, P2, P3 and the like, but P1 and P2 are only two small initial small products, and do not want to consume too much bandwidth due to some accidents and only want to share 100M speed limit, so that a set of data packet characteristics including P1 and P2 can be set for carrying out associated speed limit. As another example, a scenario corresponding to "set 2": the P1 of the A user and the P1 of the B user are two departments of one company, P1 products are used, the peak valley of the A and the valley of the B users can be just staggered, as long as the A + B does not exceed 10G, in this case, a set containing the data packet characteristics of the A and the B can be set for carrying out association speed limiting, and the two companies are prevented from independently purchasing 10G. Therefore, through the division of various dimensions, the very flexible associated speed limit with special requirements can be realized.

A meter may be created for each set using the P4 chip, one set ID for each meter. For example, a meter is created in the chip, BPS dyeing is performed for each set ID, and codes for setting speed control instructions such as packet loss, release, and the like are as follows:

DirectMeter(MeterType_t.BYTES) user_meter;

DirectMeter(MeterType_t.BYTES) gw_meter;

DirectMeter(MeterType_t.BYTES) ext_meter;

action do_color() {

eg_md.color.f_user_bps_color = (bit<8>)user_meter.execute();

eg_md.color.f_gw_bps_color = (bit<8>)gw_meter.execute();

eg_md.color.f_ext_bps_color = (bit<8>)ext_meter.execute();

}

action drop_pkt(){

eg_intr_md_for_dprsr.drop_ctl = 0x1;

}

table meter_action_table{

key = {

eg_md.color.f_user_bps_color : exact; eg_md.color.f_gw_bps_color : exact;

eg_md.color.f_ext_bps_color : exact;

}

actions = { drop_pkt; NoAction; }

const default_action = drop_pkt; }

the control layer issues specific dyed entries, different bandwidths correspond to different colors, and each meter counter can be dyed into one of three colors, such as red, yellow or green, according to the actual flow condition of the message. And the control layer issues a list item of a packet loss or release instruction according to the color dyed by the set counter. For example, as long as any one of the meter counters is red, packet loss occurs, and the effect of accurate speed limiting can be achieved.

According to the method provided by the embodiment, the P4 chip sets in advance so that the messages belong to the matched sets, each set is allocated with an id, and each id corresponds to a hardware meter counter. Then, the metrology dye was performed for each meter metrology using the metrology capability of the hardware chip itself. The control plane issues a control instruction of packet loss to the hardware in a mode of issuing a specific table entry as long as any one of the meters is red, otherwise, the control plane passes the control instruction. It can be seen that, in the embodiment, the T-level programmable chip is used as a hardware carrier, and the P4 programming language is used to establish a multi-level hardware table and perform code flow control, so that the speed limit of software and hardware cooperation is realized. The switching chip based on P4 has T-level processing capability and capability of measuring packet by packet, thereby realizing multi-dimensional accurate speed limit and speed limit capability of more than hundred Gbps.

Corresponding to the above method embodiment, the present specification further provides an embodiment of a device for controlling a network traffic speed, and fig. 4 shows a schematic structural diagram of the device for controlling a network traffic speed provided by an embodiment of the present specification. As shown in fig. 4, the apparatus includes: a set setup module 402, a set matching module 404, a set association module 406, a metering module 408, and a rate control module 410.

The set setting module 402 may be configured to preset a plurality of sets of different statistical dimensions, where the sets of different statistical dimensions correspond to different packet characteristics.

The set matching module 404 may be configured to determine, in response to receiving a packet, one or more sets that the packet matches by comparing packet header information of the packet to packet characteristics of the respective sets.

The set association module 406 may be configured to associate the data packets to the matched one or more sets.

The metering module 408 may be configured to perform traffic statistics on the data packets associated with the one or more sets, respectively, to obtain a metering result of each of the one or more sets.

The speed control module 410 may be configured to issue a corresponding speed control instruction to the data packet according to the measurement result of each of the one or more sets.

The device presets sets of different statistical dimensions, the sets of different statistical dimensions correspond to different data packet characteristics, one or more sets matched with the data packets are determined by comparing message header information of the data packets with the data packet characteristics of the sets in response to the received data packets, the data packets are associated to the matched set or sets, flow statistics is carried out on the data packets associated with the set or sets respectively to obtain respective metering results of the set or sets, and corresponding speed control instructions are issued to the data packets according to the respective metering results of the set or sets, so that the effect of multi-dimensional accurate flow speed control is achieved.

In one or more embodiments of the present description, the apparatus may be implemented based on a programmable chip, and may be controlled by issuing an entry through cooperation between a control plane and a data plane, or by fixing an entry in a chip code. In one or more embodiments of the present disclosure, in view of the need for flexible adjustment, the set setting module 402 may be configured to issue, to a control plane of a programmable chip, a first entry containing packet characteristics corresponding to a plurality of sets, where the data plane in the programmable chip is used to establish the plurality of sets, and determine the packet characteristics corresponding to the sets according to the first entry. The speed control module 410 may be configured to issue, by a control plane of a programmable chip, a second entry for executing a corresponding speed control instruction on the data packet to a data plane according to the aggregated metering result, where the data plane in the programmable chip is configured to execute the corresponding speed control instruction on the data packet according to the second entry.

In one or more embodiments of the present disclosure, the metering module 408 may be configured to perform flow statistics on the one or more sets respectively based on the hardware counters configured for the one or more sets respectively, so as to obtain the metering results of the one or more sets respectively.

For example, the apparatus provided in this specification may be configured in a programmable chip supporting the P4 language, and the hardware counter is a meter counter. The metering module 408 may be configured to perform flow statistics on the sets based on meter counters configured for the one or more sets, where the meter counters return different colors corresponding to different ranges of metering results.

For example, in order to control the flow rate within the allowable range in consideration of the requirement of speed limit, the speed control module 410 may be configured to issue a packet loss command to the data packet if any set of meter counters returns to the preset first color.

Accordingly, if no set returns the first color, indicating that no set exceeds the speed limit, the packet may be released. Thus, the speed control module 410 may be configured to issue a release command to the packet if no aggregate meter counter returns to the preset first color.

In addition, in order to achieve a better speed limiting effect, in one or more embodiments of the present disclosure, the speed control module 410 may be configured to execute a preset alarm processing logic if the set of meter counters exceeding the preset alarm number returns to the preset second color. In this embodiment, the second color, for example, yellow, may indicate that the range of the speed limit threshold is about to be exceeded, and by executing the preset alarm processing logic, the purpose of avoiding the user from exceeding the speed limit can be effectively achieved.

The foregoing is a schematic solution of the device for controlling network traffic speed according to this embodiment. It should be noted that the technical solution of the network traffic speed control device and the technical solution of the network traffic speed control method belong to the same concept, and details of the technical solution of the network traffic speed control device, which are not described in detail, can be referred to the description of the technical solution of the network traffic speed control method.

FIG. 5 illustrates a block diagram of a computing device 500 provided in accordance with one embodiment of the present description. The components of the computing device 500 include, but are not limited to, a memory 510 and a processor 520. Processor 520 is coupled to memory 510 via bus 530, and database 550 is used to store data.

Computing device 500 also includes access device 540, access device 540 enabling computing device 500 to communicate via one or more networks 560. Examples of such networks include the Public Switched Telephone Network (PSTN), a Local Area Network (LAN), a Wide Area Network (WAN), a Personal Area Network (PAN), or a combination of communication networks such as the internet. The access device 540 may include one or more of any type of network interface, e.g., a Network Interface Card (NIC), wired or wireless, such as an IEEE802.11 Wireless Local Area Network (WLAN) wireless interface, a worldwide interoperability for microwave access (Wi-MAX) interface, an ethernet interface, a Universal Serial Bus (USB) interface, a cellular network interface, a bluetooth interface, a Near Field Communication (NFC) interface, and so forth.

In one embodiment of the present description, the above-described components of computing device 500, as well as other components not shown in FIG. 5, may also be connected to each other, such as by a bus. It should be understood that the block diagram of the computing device architecture shown in FIG. 5 is for purposes of example only and is not limiting as to the scope of the present description. Those skilled in the art may add or replace other components as desired.

Computing device 500 may be any type of stationary or mobile computing device, including a mobile computer or mobile computing device (e.g., tablet, personal digital assistant, laptop, notebook, netbook, etc.), mobile phone (e.g., smartphone), wearable computing device (e.g., smartwatch, smartglasses, etc.), or other type of mobile device, or a stationary computing device such as a desktop computer or PC. Computing device 500 may also be a mobile or stationary server.

Wherein processor 520 is configured to execute the following computer-executable instructions:

presetting a plurality of sets of different statistical dimensions, wherein the sets of different statistical dimensions correspond to different data packet characteristics;

in response to receiving a data packet, determining one or more sets that the data packet matches by comparing message header information of the data packet to data packet characteristics of the respective sets;

associating the data packets to one or more sets of matches;

respectively carrying out flow statistics on the data packets associated with the one or more sets to obtain respective metering results of the one or more sets;

and issuing corresponding speed control instructions to the data packets according to the respective metering results of the one or more sets.

The above is an illustrative scheme of a computing device of the present embodiment. It should be noted that the technical solution of the computing device and the technical solution of the network traffic speed control method belong to the same concept, and details that are not described in detail in the technical solution of the computing device can be referred to the description of the technical solution of the network traffic speed control method.

An embodiment of the present specification also provides a computer readable storage medium storing computer instructions that, when executed by a processor, are operable to:

presetting a plurality of sets of different statistical dimensions, wherein the sets of different statistical dimensions correspond to different data packet characteristics;

in response to receiving a data packet, determining one or more sets that the data packet matches by comparing message header information of the data packet to data packet characteristics of the respective sets;

associating the data packets to one or more sets of matches;

respectively carrying out flow statistics on the data packets associated with the one or more sets to obtain respective metering results of the one or more sets;

and issuing corresponding speed control instructions to the data packets according to the respective metering results of the one or more sets.

The above is an illustrative scheme of a computer-readable storage medium of the present embodiment. It should be noted that the technical solution of the storage medium and the technical solution of the above-mentioned method for controlling the speed of the network traffic belong to the same concept, and details that are not described in detail in the technical solution of the storage medium can be referred to the description of the technical solution of the above-mentioned method for controlling the speed of the network traffic.

The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.

The computer instructions comprise computer program code which may be in the form of source code, object code, an executable file or some intermediate form, or the like. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, usb disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM), Random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, software distribution medium, and the like. It should be noted that the computer readable medium may contain content that is subject to appropriate increase or decrease as required by legislation and patent practice in jurisdictions, for example, in some jurisdictions, computer readable media does not include electrical carrier signals and telecommunications signals as is required by legislation and patent practice.

It should be noted that, for the sake of simplicity, the foregoing method embodiments are described as a series of acts, but those skilled in the art should understand that the present embodiment is not limited by the described acts, because some steps may be performed in other sequences or simultaneously according to the present embodiment. Further, those skilled in the art should also appreciate that the embodiments described in this specification are preferred embodiments and that acts and modules referred to are not necessarily required for an embodiment of the specification.

In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.

The preferred embodiments of the present specification disclosed above are intended only to aid in the description of the specification. Alternative embodiments are not exhaustive and do not limit the invention to the precise embodiments described. Obviously, many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles of the embodiments and the practical application, to thereby enable others skilled in the art to best understand and utilize the embodiments. The specification is limited only by the claims and their full scope and equivalents.