Patent Application
20210336876
The present disclosure relates to the field of Internet technologies and, more particularly, relates to a single packet recognition method and a traffic redirection method.
In general, different applications have different requirements for the quality of network links. For example, a video application often requires a lower link quality than a gaming application. In practical situations, each network link carries a limited amount of traffic. Thus, when the video application and the gaming application shares a same high-quality network link, it is likely that the overloaded link degrades user's experience of accessing Internet. Similarly, when an application requiring a high-quality link is assigned to a poor-quality link for purpose of load balancing, the user's experience of accessing Internet may also be degraded. Thus, it is important to properly assign and redirect traffic of different applications.
The inventors of the present invention discovered that the existing technology redirects traffic based on server IP addresses. Such traffic assignments are pertaining to different servers, rather than different applications. Thus, it is unable to assign links to satisfy different requirements of different applications.
The objective of the embodiments of the present disclosure is to provide a single packet recognition method and a traffic redirection method, to recognize an application sent a traffic data packet and assigns a routing path based on a pre-configured routing policy corresponding to the recognized application. Thus, network traffic redirection is optimized, and service quality of back-end link and user's experience of accessing Internet are improved.
To solve the aforementioned technical problems, embodiments of the present disclosure provide a single packet recognition method, comprising: after a connection between a client terminal and a destination server is established, obtaining a data packet sent by the client terminal, wherein the data packet is a first data packet to carry application layer data; determining whether a format feature of the data packet matches a data packet format feature of any known application; and when it is determined that the format feature of the data packet matches a data packet format feature of a known application, recognizing the matched application as the application sent the data packet.
Embodiments of the present disclosure also provide a traffic redirection method, comprising: based on the aforementioned single packet recognition method, determining an application sent a traffic data packet; obtaining a pre-configured routing policy corresponding to the application; and based on the routing policy, forwarding the traffic data packet.
With respect to the existing technology, embodiments of the present disclosure first match the format feature of the first data packet to carry application layer data with a data packet format feature of any known application, after the connection between the client terminal and the destination server is established, to recognize the application sent the first data packet to carry the application layer data. After the application is recognized, the data packet is forwarded based on the pre-configured routing policy corresponding to the application. By recognizing the application sent the data packet before forwarding the data packet based on the pre-configured routing policy to which the associated application corresponds, network traffic redirection is optimized, and service quality of back-end link and user's experience of accessing Internet are improved.
Further, the determining whether a format feature of the data packet matches a data packet format feature of any known application includes: determining whether information parsed from specific bytes in the application layer data of the data packet is the same as corresponding features in application data of any known application. A specific matching method is provided.
Further, the data packet carries an IP address of the destination server. Before recognizing the matched application as the application sent the data packet, the single packet recognition method further includes: determining whether the IP address of the destination server is present in a pre-configured database; and when it is determined that the IP address of the destination server is present in the pre-configured database and applications corresponding to the IP address of the destination server include the matched application, recognizing the matched application as the application sent the data packet. Thus, the efficiency of recognizing the network traffic is increased, and the false recognition rate is reduced.
Further, the data packet also carries a port number of the destination server. Before determining whether the format feature of the data packet matches a data packet format feature of any known application, the single packet recognition method further includes: based on the IP address and the port number of the destination server carried in the data packet, determining whether index information matching the data packet is present in a database, where the index information includes the IP address and the port number of the server and the database stores mapping relationship between index information and applications; when it is determined that the index information matching the data packet is present in the database, recognizing the application corresponding to the index information as the application sent the data packet; and when it is determined that the index information matching the data packet is absent in the database, determining whether the format feature of the data packet matches a data packet format feature of any known application. Storing the mapping relationship between the index information and the applications in the database is beneficial in improving the efficiency of recognizing the data packets.
Further, before determining whether any index information matching the data packet is present in the database, the single packet recognition method further includes: determining whether the port number of the destination server is one of pre-configured common port numbers; when it is determined that the port number of the destination server is not any pre-configured common port number, determining whether any index information matching the data packet is present in the database; and when it is determined that the port number of the destination server is one of the pre-configured common port numbers, determining whether a format feature of the data packet matches a data packet format feature of any known application. Recognizing whether the port number of the destination server is one of the common port numbers is beneficial in avoiding false recognition caused by the common port numbers of the server.
Further, the data packet further carries a protocol type for the connection between the client terminal and the destination server. The index information further includes the protocol type for the connection between the client terminal and the destination server. Determining whether any index information matching the data packet is present in the database further includes: based on the IP address and the port number of the destination server and the protocol type that are carried in the data packet, determining whether any index information matching the data packet is present in the database. It is beneficial in improving the matching accuracy.
One or more embodiments are provided for exemplary descriptions with reference to the accompanying drawings. The exemplary descriptions are not intended to limit the scope of the embodiments. Elements having same reference numerals in the drawings refer to same or similar elements. Unless specifically stated otherwise, the drawings do not constitute limitation on proportions.
To make the objectives, technical solutions, and advantages of the present disclosure clearer, the following further describes the embodiments of the present disclosure in details with reference to the accompanying drawings. It should be understood that the specific embodiments described herein are only used to explain the present disclosure and are not used to limit the present disclosure. Without departing from the spirit and principles of the present disclosure, any modifications, equivalent substitutions, and improvements, etc. shall fall within the scope of the present disclosure.
The present disclosure provides a single packet recognition method, and detailed processes are illustrated in
Step 101: after a connection between a client terminal and a destination server is established, obtaining a data packet sent by the client terminal, where the data packet is a first data packet to carry application layer data.
In one embodiment, the connection established between the client terminal and the destination server may be a transmission control protocol (TCP) connection, a user datagram protocol (UDP) connection, or a connection based on other transmission protocol, which is not limited by the present disclosure. After the connection between the client terminal and the destination server is established, the client terminal may exchange data with the destination server through the connection.
In one embodiment, the method may be implemented based on a proxy program. The proxy program may run on ingress devices or on a central server. The proxy program obtains, from the ingress devices, data packets sent by the client terminal and the destination server through the connection.
Step 102: determining whether a format feature of the data packet matches a data packet format feature of any known application.
In this step, information parsed from specific bytes in application layer data of the data packet may be compared with corresponding features in application data of any known application to determine whether a format feature of the data packet matches a data packet format feature of any known application.
In one embodiment, the connection between the client terminal and the destination server is a TCP connection. The format feature of the application layer data in the data packet sent by an application A includes that the first and second bytes represent a length for a data parsing unit. Because the communication is interactive, when no response is received from the destination server, the client terminal may not send other request again, multiple data parsing units may not be concatenated. Thus, the recorded length is equal to the actual length of the application layer data. The third and fourth bytes represent a fixed value for a version number (e.g., 0xaa, 0xff). The fifth to eighth bytes represent an IP address of the destination server, which is the same as the destination address of packets sent by the client terminal to the destination server or the source address of packets sent by the destination server to the client terminal. The ninth and tenth bytes represent a command field. For the first data packet to carry the application layer data, the value of the command field is “0x00a1”, corresponding to “login verification response”.
Based on the aforementioned format features of the specific bytes, when the first and second bytes in the application layer data of the received data packet (i.e., the first data packet to carry the application layer data) is a length of a data parsing unit, which is the same as the length recorded in the first and second bytes in the application data of the application A, and when the third and fourth bytes is a fixed value for a version number, which is the same as the fixed value for the version number recorded in the third and fourth bytes in the application data of the application A, and when the fifth through eighth bytes is a server IP address, which is the same as the server IP address recorded in the fifth through eighth bytes in the application data of the application A, and when the ninth and tenth bytes is a command field, which the command field is “0x00a1”, it is determined that the information parsed from the specific bytes in the application layer data of the data packet is the same as the corresponding features in the application data of the application A. Thus, the format feature of the data packet matches the data packet format feature of the application A.
It should be noted that different applications may have different format features of the specific bytes. The format features of the specific bytes for the known applications are locally stored in advance for subsequent matching.
When it is determined that a format feature of the data packet matches a data packet format feature of a known application, step 103 is executed. When it is determined that a format feature of the data packet does not match any data packet format feature of any known application, the process is terminated. That is, the process of recognizing data packets is terminated.
Step 103: recognizing the matched application as the application sent the data packet.
For example, when it is determined in step 102 that a format feature of the data packet matches the data packet format feature corresponding to the application A, the application sent the data packet is determined to be the application A in step 103.
Thus, based on the single packet recognition method provided by the embodiment, the application sent the data packet is recognized and determined. Data packets sent by different applications may be assigned to the corresponding routing policies or traffic redirection methods.
Another embodiment of the present disclosure provides another single packet recognition method, which is an improvement further to the previously described embodiment. The main improvements include that after the matched application is determined based on the format feature of the data packet, it is further determined whether an IP address of the destination server is present in a pre-configured database and whether applications corresponding to the IP address of the destination server include the matched application. The flow chart of an exemplary embodiment is illustrated in
Step 201: after a connection between a client terminal and a destination server is established, obtaining a data packet sent by the client terminal, where the data packet is a first data packet to carry application layer data.
Step 202: based on an IP address of and a port number of the destination server carried in the data packet, determining whether index information matching the data packet is present in a pre-configured database.
In one embodiment, a database is pre-configured. The database stores mapping relationships between index information and applications. The mapping relationship is collected based on history data. The index information includes an IP address and a port number of a server.
In this step, the IP address and the port number of the destination server carried in the data packet is extracted first. It is determined whether the index information corresponding to the IP address and the port number of the destination server is present in the database. When it is determined that the index information is present, the corresponding index information is the index information sent the data packet, and step 203 is executed. When it is determined that the index information is absent, the index information sent the data packet is absent in the database, and step 204 is executed.
Step 203: recognizing the application corresponding to the matched index information as the application sent the data packet.
As described above, because the database stores the mapping relationships between the index information and the applications, when it is determined that the index information matching the data packet is present in the database, it is determined that the application corresponding to the matched index information is the application sent the data packet.
Step 204: determining whether a format feature of the data packet matches a data packet format feature of any known application. When it is determined that a format feature of the data packet matches a data packet format feature of a known application, step 205 is executed. When it is determined that no format feature of the data packet matches any data packet format feature of any known application, the process is terminated.
Step 205: determining whether an IP address of the destination server is present in a database. When the IP address of the destination server is present, step 206 is executed. When the IP address of the destination server is absent, the process is terminated. That is, the process of recognizing data packets is terminated.
Step 206: determining whether applications corresponding to the IP address of the destination server include the matched application.
After it is determined that the IP address of the destination server is present in the database, applications corresponding to the IP address of the destination server are searched in the database to determine whether the corresponding applications include the matched application determined in step 204. When the corresponding applications include the matched application, step 207 is executed. Otherwise, the process is terminated. That is, the process of recognizing data packets is terminated.
Step 207: recognizing the matched application as the application sent the data packet.
Step 208: generating index information corresponding to the data packet, and storing the mapping relationship between the generated index information and the matched application in the database.
In this step, the IP address and the port number of the destination server may be used to generate the index information corresponding to the data packet, and the mapping relationship between the generated index information and the matched application is stored in the database. Thus, when the connection between the client terminal and the destination server is established next time, the IP address and the port number of the server may be used directly to search the corresponding application in the database, thereby improving the recognition efficiency.
It should be noted that, in this embodiment, a timeout timer is configured for each record in the database (a record is a mapping relationship between a set of index information and an application). When the timeout timer expires, the record is deleted from the database (i.e., the mapping relationship between the set of the index information and the application is deleted). This is because an application corresponding to a port number of a server is subject to change. For example, the application A may be replaced by the application B. In the embodiment, after the mapping relationship between the index information and the application is stored in the database, the mapping relationship between the port number of the current server and the application is fixed. However, in practical applications, the application corresponding to the port number of the current server is subject to change. For example, the application A may be replaced by the application B. Thus, each record in the database is configured with a timeout timer. When the timeout timer expires, the corresponding record is deleted. False recognition of the application B as the application A may be avoided.
In addition, it is worth mentioning that the present embodiment is illustrated by the index information including the IP address and the port number of the server. However, in practical applications, the index information may further include a protocol type (e.g., TCP or UDP) for a connection between the client terminal and the server, which is likely to improve the accuracy of recognizing the application. At this point, in step 202, the IP address of the destination server, the port number of the destination server, and the protocol type between the client terminal and the destination server carried in the data packet may be simultaneously extracted. Based on the IP address of the destination server, the port number of the destination server, and the protocol type, whether any index information matching the data packet is present in the database is determined. In step 208, the IP address of the destination server, the port number of the destination server, and the protocol type are required to generate the index information corresponding to the data packet.
Further, in this embodiment, after the matched application is determined based on the format feature of the data packet, it is further determined whether the IP address of the destination server is present in the pre-configured database and whether the applications corresponding to the IP address of the destination server include the matched application. Thus, the efficiency of recognizing the network traffic is improved, and the rate of false recognition is reduced. At the same time, storing the mapping relationship between the index information and the application allows to directly search for the application sent the data packet in the database when the connection between the client terminal and the destination server is established next time, thereby improving the efficiency of recognizing the data packet.
Another embodiment of the present disclosure provides another single packet recognition method, which is an improvement further to the previously described embodiment. The main improvements include that before whether the index information matching the data packet is present in the database is determined, it is determined whether a port number of the destination server is one of pre-configured common port numbers. The flow chart of an exemplary embodiment is illustrated in
Step 301: after a connection between a client terminal and a destination server is established, obtaining a data packet sent by the client terminal, where the data packet is a first data packet to carry application layer data.
Step 302: determining whether a port number of a destination server is one of pre-configured common port numbers.
In this step, the port number of the destination server carried in the data packet is extracted first to determine whether the port number of the destination server is one of the pre-configured common port numbers (e.g., in a TCP connection, server port numbers 443, 80, 8080). When it is determined that the port number is not any pre-configured common port number, step 303 is executed. When it is determined that the port number is one of the pre-configured common port numbers, step 305 is executed.
Step 303: based on an IP address and a port number of the destination server carried in the data packet, determining whether index information matching the data packet is present in a pre-configured database. When it is determined that the index information is present in the pre-configured database, step 304 is executed. When it is determined that the index information is absent in the pre-configured database, step 305 is executed.
Step 304: recognizing the application corresponding to the matched index information as the application sent the data packet.
Step 305: determining whether a format feature of the data packet matches a data packet format feature of any known application. When it is determined that the format feature of the data packet matches a data packet format feature of a known application, step 306 is executed. When it is determined that the format feature of the data packet does not match a data packet format feature of any known application, the process is terminated.
Step 306: determining whether the IP address of the destination server is present in the database. When it is determined that the IP address is present, step 307 is executed. When it is determined that the IP address is absent, the process is terminated. That is, the process of recognizing data packets is terminated.
Step 307: determining whether the applications corresponding to the IP address of the destination server include the matched application. When the corresponding applications include the matched application, step 308 is executed. Otherwise, the process is terminated. That is, the process of recognizing data packets is terminated.
Step 308: recognizing the matched application as the application sent the data packet.
Step 309: generating index information corresponding to the data packet, and storing the mapping relationship between the generated index information and the matched application in the database.
With respect to the existing technology, embodiments of the present disclosure first determine whether the port number is one of the common port numbers and based on the result of the port number determination, different steps are executed. Thus, false recognition caused by the common port numbers of servers may be avoided.
The present disclosure also provides a traffic redirection method. The traffic redirection method is based on any of the aforementioned single packet recognition methods. The flow chart of an exemplary traffic redirection method is illustrated in
Step 401: using the single packet recognition method to determine an application sent a traffic data packet.
After a connection between a client terminal and a destination server is established, a first data packet to carry the application layer data is obtained first, and based on any of the single packet recognition methods provided by various embodiments of the present disclosure, an application sent the data packet is determined.
Step 402: obtaining a pre-configured routing policy corresponding to the application.
Because different applications require different routing path qualities, the embodiment may pre-configure a routing requirement for each type of applications and assign a routing policy corresponding to the application. After the application sent the data packet is determined, the routing policy corresponding to the application is obtained.
Step 403: based on the routing policy, forwarding the traffic data packet.
After the routing policy is obtained, a routing path is assigned for the traffic data packet based on the routing policy, and the data packet is transmitted through the routing path. Other data packets transmitted through the connection may be transmitted through the same routing path. That is, the routing path is assigned only once in the embodiment.
With respect to the existing technology, the embodiments of the present disclosure first recognize the application sent the traffic data packet. Based on the pre-configured routing policy corresponding to the associated application, the data packet is forwarded. Thus, network traffic redirection is optimized, and service quality of back-end link and user's experience of accessing Internet are improved.
The steps in various methods are divided for the clarity of illustration. In practical applications, multiple steps may be combined into one step, or one step may be separated into multiple steps. As long as the same logical relationship is preserved, modifications and changes are within the scope of the present disclosure. Insignificant modifications may be added or insignificant designs may be introduced in the algorithm or process. When the core design of the algorithm or process remains the same, such modifications and changes shall fall within the scope of the present disclosure.
It should be understood by those skilled in the art that the foregoing are merely certain preferred embodiments of the present disclosure, and are not intended to limit the present disclosure. Without departing from the spirit and principles of the present disclosure, any modifications, equivalent substitutions, and improvements, etc. shall fall within the scope of the present disclosure.
| Number | Date | Country | Kind |
|---|---|---|---|
| 201810010981.6 | Jan 2018 | CN | national |
| Filing Document | Filing Date | Country | Kind |
|---|---|---|---|
| PCT/CN2018/077428 | 2/27/2018 | WO | 00 |
