Disclosure of Invention
The invention provides an address group flow statistics method and device, which aims to solve the technical problems that a large amount of searching and matching work is performed under the conditions of more address groups and more network segments in the address groups, and the consumption of equipment performance is serious.
According to a first aspect, there is provided an address group traffic statistics method. The method comprises the following steps:
Obtaining an IP network segment linked list set according to all address groups to be counted, wherein the address groups to be counted are configured by clients, the IP network segment linked list set is a set formed by a plurality of IP network segment linked lists, and each IP network segment linked list is a linked list formed by network segments belonging to the same mask;
in a statistics period, responding to a received flow data packet, acquiring an IP address of the flow data packet, and refreshing a statistics item of an IP network segment in the IP network segment linked list set according to a longest prefix matching rule and the IP address of the flow data packet;
refreshing the statistical items of the IP network segments in the IP network segment linked list set according to the IP network segments in the IP network segment linked list set and the longest father network segment of each IP network segment to obtain flow statistical values of all the address groups to be counted in one statistical period.
In some embodiments, the obtaining the IP network segment linked list set according to all the address groups to be counted specifically includes:
converting group elements in each address group to be counted into a representation form of an IP network segment to obtain a corresponding IP network segment subset, and summarizing all the IP network segment subsets to obtain a first IP network segment set;
removing repeated IP network segments and IP network segments with containing relations from the first IP network segment set to obtain a second IP network segment set;
and classifying the second IP network segment set according to a mask to obtain the IP network segment linked list set.
In some more specific embodiments, the converting the group element in each of the address groups to be counted into a representation form of an IP network segment specifically includes:
converting the group elements in the form of IP addresses in the group of the addresses to be counted into group elements in the form of IP network segments;
And converting the group elements in the form of the IP range in the group of the addresses to be counted into the group elements in the form of IP network segments.
The step of removing the repeated network segments and the network segments containing the relation from the first IP network segment set to obtain a second IP network segment set, specifically comprising:
judging whether an inclusion relationship exists between the IP network segments in each IP network segment subset;
if so, removing the contained IP network segment from the IP network segment subset;
Judging whether repeated IP network segments exist in all the IP network segment subsets;
if so, removing repeated IP network segments from the IP network segment subset to obtain the second IP network segment set;
Numbering each IP network segment in the second IP network segment set, and correlating the number of the IP network segment with the address group to be counted.
In some more specific embodiments, the classifying the second set of IP segments according to a mask to obtain the set of linked lists of IP segments specifically includes:
Placing the IP network segments with the same mask in the second IP network segment set into an IP network segment linked list, thereby obtaining a plurality of IP network segment linked lists with different masks;
And placing each IP network segment linked list into a hash table, wherein the hash table is used for accelerating the searching of the longest father network segment of each IP network segment in the IP network segment linked list set.
In some embodiments, the refreshing the statistical term of the IP network segment in the IP network segment linked list set according to the longest prefix matching rule and the IP address of the traffic data packet specifically includes:
Acquiring an IP network segment to which the IP address of the flow data packet belongs according to a longest prefix matching rule and the IP address of the flow data packet, wherein the IP network segment is an IP network segment to which the IP address of the flow data packet obtained by matching in the IP network segment linked list set by using the longest prefix matching rule;
And refreshing the statistical items of the IP network segments in the IP network segment linked list set.
In some more specific embodiments, the refreshing, according to the IP network segment in the IP network segment linked list set and the longest parent network segment of each IP network segment, the statistics items of the IP network segments in the IP network segment linked list set to obtain flow statistics values of all the address groups to be counted in one statistics period specifically includes:
searching the longest father network segment of each IP network segment in the IP network segment linked list set to obtain the longest father network segment of each IP network segment;
adding the statistical item of each IP network segment to the statistical item of the longest father IP network segment of the IP network segment;
And refreshing the statistical items of the IP network segments in the IP network segment linked list set into the corresponding statistical items of the group elements of the address groups to be counted according to the serial numbers of the IP network segments and the association relation of the address groups to be counted, so as to obtain the statistical items of the address groups to be counted.
In some more specific embodiments, the searching the longest parent network segment of each IP network segment in the linked list set of IP network segments to obtain the longest parent network segment of each IP network segment specifically includes:
according to the sequence from long to short of the masks of the IP network segment linked list, taking the first IP network segment of the IP network segment linked list with the longest masks in the IP network segment linked list set as a sub-IP network segment, and according to the search of the longest father network segment of the sub-IP network segment from the first IP network segment of the next IP network segment linked list of the IP network segment linked list to which the sub-IP network segment belongs, obtaining the longest father network segment of the sub-IP network segment;
and recording the serial number of the longest father network segment of the sub-IP network segment to the sub-IP network segment.
According to a second aspect, there is provided an address group traffic statistics apparatus, the apparatus comprising:
The first processing module is used for obtaining an IP network segment linked list set according to all address groups to be counted, wherein the address groups to be counted are configured by clients, the IP network segment linked list set is a set formed by a plurality of IP network segment linked lists, and each IP network segment linked list is a linked list formed by network segments belonging to the same mask;
The second processing module is used for responding to the received flow data packet in a statistic period, acquiring the IP address of the flow data packet, and refreshing the statistic item of the IP network segment in the IP network segment linked list set according to the longest prefix matching rule and the IP address of the flow data packet;
And the third processing module is used for refreshing the statistical items of the IP network segments in the IP network segment linked list set according to the IP network segments in the IP network segment linked list set and the longest father network segment of each IP network segment to obtain flow statistical values of all the address groups to be counted in one statistical period.
In some embodiments, the first processing module is specifically configured to convert group elements in each address group to be counted into a representation form of an IP network segment, obtain a corresponding subset of IP network segments, and aggregate all the subsets of IP network segments to obtain a first set of IP network segments;
removing repeated IP network segments and IP network segments with containing relations from the first IP network segment set to obtain a second IP network segment set;
and classifying the second IP network segment set according to a mask to obtain the IP network segment linked list set.
In some more specific embodiments, the first processing module is specifically configured to convert a group element in the form of an IP address in the group of addresses to be counted into a group element in the form of an IP network segment;
And converting the group elements in the form of the IP range in the group of the addresses to be counted into the group elements in the form of IP network segments.
In some more specific embodiments, the first processing module is specifically configured to determine whether an inclusion relationship exists between IP segments in each of the IP segment subsets;
if so, removing the contained IP network segment from the IP network segment subset;
Judging whether repeated IP network segments exist in all the IP network segment subsets;
if so, removing repeated IP network segments from the IP network segment subset to obtain the second IP network segment set;
Numbering each IP network segment in the second IP network segment set, and correlating the number of the IP network segment with the address group to be counted.
In some more specific embodiments, the first processing module is specifically configured to put IP segments having the same mask in the second IP segment set into one IP segment linked list, thereby obtaining a plurality of IP segment linked lists with different masks;
And placing each IP network segment linked list into a hash table, wherein the hash table is used for accelerating the searching of the longest father network segment of each IP network segment in the IP network segment linked list set.
In some embodiments, the second processing module is specifically configured to obtain, according to a longest prefix matching rule and an IP address of the flow data packet, an IP network segment to which the IP address of the flow data packet belongs, where the IP network segment is an IP network segment to which the IP address of the flow data packet obtained by matching the longest prefix matching rule in the IP network segment linked list set belongs;
And refreshing the statistical items of the IP network segments in the IP network segment linked list set.
In some embodiments, the third processing module is specifically configured to find a longest parent segment of each IP segment in the IP segment linked list set, to obtain a longest parent segment of each IP segment;
adding the statistical item of each IP network segment to the statistical item of the longest father IP network segment of the IP network segment;
And refreshing the statistical items of the IP network segments in the IP network segment linked list set into the corresponding statistical items of the group elements of the address groups to be counted according to the serial numbers of the IP network segments and the association relation of the address groups to be counted, so as to obtain the statistical items of the address groups to be counted.
In some more specific embodiments, the third processing module is specifically configured to search, in order from long to short, a longest parent segment of the sub-IP segment according to a first IP segment of a next IP segment linked list of an IP segment linked list to which the sub-IP segment belongs, with a first IP segment of the IP segment linked list having the longest mask in the set of IP segment linked lists as a sub-IP segment, to obtain a longest parent segment of the sub-IP segment;
and recording the serial number of the longest father network segment of the sub-IP network segment to the sub-IP network segment.
In a third aspect, the present invention further provides a computer device, including a memory and a processor, where the memory stores a computer program, and the processor implements a method for counting address group traffic according to any one of the above technical solutions when executing the computer program.
In a fourth aspect, the present invention further provides a computer readable storage medium, on which a computer program is stored, the computer program, when executed by a processor, implementing a method for counting address group traffic according to any one of the above technical solutions.
The invention provides an address group flow statistics method and device. The method comprises the steps of obtaining an IP network segment linked list set according to all address groups to be counted, obtaining IP addresses of flow data packets in response to the received flow data packets in a counting period, refreshing the statistical items of the IP network segments in the IP network segment linked list set according to the longest prefix matching rule and the IP addresses of the flow data packets, and obtaining flow statistical values of all the address groups to be counted in the counting period according to the statistical items of the IP network segments in the IP network segment linked list set. The invention solves the problem that one IP address needs to be matched for a plurality of times, greatly reduces the searching and matching work, reduces the consumption of the equipment performance and improves the equipment performance.
Detailed Description
The invention will be described in detail below with reference to the drawings in connection with embodiments. It should be noted that, without conflict, the embodiments of the present invention and features of the embodiments may be combined with each other.
The following detailed description is exemplary and is intended to provide further details of the invention. Unless defined otherwise, all technical terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of example embodiments in accordance with the invention.
In network communication devices, such as switches, firewalls, etc., hardware architecture within the device is to be able to forward network messages quickly, and statistics on network traffic metrics can have an impact on the performance of the device. At the same time, a large number of network addresses are configured by the client, which can have a small impact on the performance of the network communication device.
For example, in order to perform statistics on network traffic indexes such as packet number, bandwidth, and newly-built session number, the traffic is generally counted by adopting an address group mode, and is reported to a database at regular statistical periods.
The address set may contain a single IP address, such as 10.0.0.5, IP segments, such as 10.0.0.0/16, and IP ranges, such as 10.0.0.4-10.0.0.10. The device supports configuration of a large number of address groups, and address network segments related to the large number of address groups can have repetition, intersection and inclusion relations.
It is common practice to traverse segments in all address groups using IP addresses of traffic packets, and multiple matches may be required to count all hitting IP address groups.
If an IP address hits in both address set a and address set B, then the statistics of the IP address will be counted on both address set a and address set B. Under the conditions of more address groups and more network segments in the address groups, a large amount of searching and matching work is performed, so that the consumption of the equipment performance is serious, and the equipment performance is reduced.
An address group flow statistics method according to an embodiment of the present invention will be described with reference to fig. 1 to 3. The method comprises the following steps:
110. and obtaining an IP network segment linked list set according to all the address groups to be counted, wherein the address groups to be counted are configured by clients, the IP network segment linked list set is a set formed by a plurality of IP network segment linked lists, and each IP network segment linked list is a linked list formed by network segments belonging to the same mask.
Specifically, the address group to be counted is configured by a client, and the representation of the address group configured by the client is various, such as single address 10.1.0.1,10.1.0.0/16 and 10.0.0.4-10.0.0.10.
In some embodiments, step 110 specifically includes:
111. Converting group elements in each address group to be counted into a representation form of an IP network segment to obtain a corresponding IP network segment subset, and summarizing all the IP network segment subsets to obtain a first IP network segment set;
112. Removing repeated IP network segments and IP network segments with containing relations from the first IP network segment set to obtain a second IP network segment set;
113. And classifying the second IP network segment set according to the mask to obtain an IP network segment linked list set.
In some more specific embodiments, step 111 specifically includes:
Converting group elements in the form of IP addresses in the group of the addresses to be counted into group elements in the form of IP network segments;
And converting the group elements in the form of the IP range into the group elements in the form of IP network segments in the group representation form of the addresses to be counted.
In some more specific embodiments, step 112 specifically includes:
Judging whether an inclusion relationship exists among the IP network segments in each IP network segment subset;
if so, removing the contained IP network segment from the IP network segment subset;
judging whether repeated IP network segments exist in all the IP network segment subsets;
If yes, removing repeated IP network segments from the IP network segment subset to obtain a second IP network segment set;
Numbering each IP network segment in the second IP network segment set, and correlating the numbers of the IP network segments with the address group to be counted.
In some more specific embodiments, step 113 specifically includes:
placing the IP network segments with the same mask in the second IP network segment set into an IP network segment linked list, thereby obtaining a plurality of IP network segment linked lists with different masks;
And placing the linked lists of the IP network segments into a hash table, wherein the hash table is used for accelerating the searching of the longest father network segment of each IP network segment in the linked list set of the IP network segments.
120. In a statistics period, in response to determining the received traffic data packet, the IP address of the traffic data packet is obtained, and the statistics items of the IP network segments in the IP network segment linked list set are refreshed according to the longest prefix matching rule and the IP address of the traffic data packet.
In some more specific embodiments, step 120 specifically includes:
121. And obtaining an IP network segment to which the IP address of the flow data packet belongs according to the longest prefix matching rule and the IP address of the flow data packet, wherein the IP network segment is the IP network segment to which the IP address of the flow data packet belongs, which is obtained by matching in the IP network segment linked list set by using the longest prefix matching rule.
Specifically, the application uses the longest prefix matching rule to match the IP address of the flow data packet, extracts the IP address of the flow data packet, and the IP address comprises the IP address of the sending end, the IP address of the receiving end or the IP address in the message load.
And comparing the extracted IP address with all the entries in the linked list set of the IP network segments to find the best matching item.
Each entry contains a network address and a subnet mask. The subnet mask defines the length of the network address, i.e., the prefix length. For example, for an IPv4 address 192.0.2.0/24, the prefix length is 24 bits, indicating that the first 24 bits are part of the network.
The entry with the longest matching prefix is found. If there are multiple entries with the same prefix, the one with the longest prefix length is selected.
The longest prefix match may be implemented using different data structures and techniques, such as Trie (dictionary tree), binary search tree, PATRICIA tree (Prefix Tree with Compressed Interior Nodes), etc., and the application is not limited.
122. And refreshing the statistical items of the IP network segments in the IP network segment linked list set.
130. And refreshing the statistical items of the IP network segments in the IP network segment linked list set according to the IP network segments in the IP network segment linked list set and the longest father network segment of each IP network segment to obtain flow statistical values of all address groups to be counted in one statistical period.
In some more specific embodiments, step 130 specifically includes:
131. Searching the longest father network segment of each IP network segment in the IP network segment linked list set to obtain the longest father network segment of each IP network segment;
132. adding the statistical item of each IP network segment to the statistical item of the longest father IP network segment of the IP network segment;
133. And refreshing the statistical items of the IP network segments in the IP network segment linked list set into the statistical items of the group elements of the corresponding address groups to be counted according to the serial numbers of the IP network segments and the association relation of the address groups to be counted, thereby obtaining the statistical items of the address groups to be counted.
In some more specific embodiments, step 131 specifically includes:
According to the sequence from long to short of the masks of the IP network segment linked list, taking the first IP network segment of the IP network segment linked list with the longest masks in the IP network segment linked list as a sub-IP network segment, and according to the longest father network segment of the sub-IP network segment from the first IP network segment of the next IP network segment linked list of the IP network segment linked list to which the sub-IP network segment belongs, obtaining the longest father network segment of the sub-IP network segment;
The number of the longest parent segment of the child IP segment is recorded to the child IP segment.
The above embodiment relates to a method for counting address group traffic. The method comprises the steps of obtaining an IP network segment linked list set according to all address groups to be counted, obtaining IP addresses of flow data packets in response to the received flow data packets in a counting period, refreshing the statistical items of the IP network segments in the IP network segment linked list set according to the longest prefix matching rule and the IP addresses of the flow data packets, and obtaining flow statistical values of all the address groups to be counted in the counting period according to the statistical items of the IP network segments in the IP network segment linked list set.
The invention solves the problem that one IP address needs to be matched for a plurality of times, greatly reduces the searching and matching work, reduces the consumption of the equipment performance and improves the equipment performance.
An address group traffic statistics method according to an embodiment of the present invention will be described with reference to fig. 4. The system comprises an address group processing module, a network segment sorting module, an IP address matching module and a statistic value module for summarizing the address group, and the parts are briefly described below.
The address group preprocessing mainly splits the address group into IP network segments. The segments are sorted, the segments with the same mask are classified, and an LPM table is created. Using the LPM algorithm, the network segment on which the IP address hits are determined. The statistics of the network segments under the address group are summarized to the address group.
1. The address group preprocessing module comprises the following steps:
1.1 converting the IP address, IP network segment and IP range contained in the address group into the form of IP network segment.
As shown in FIG. 2, address set A contains 10.1.0.1,10.1.0.0/16 and 10.0.0.4-10.0.0.10, which translates into 10.1.0.1/32,10.1.0.0/16,10.0.0.4/30,10.0.0.8/31,10.0.0.10/32.
Specifically, address representations of different forms in the address group are converted into network segment forms, and can also be converted into IP address representations or IP range representations.
1.2 Within each address group, if there is a network segment containing a relationship, the contained network segment is removed.
As in FIG. 5, the web segment converted by step 1.1, 10.1.0.1/32 was removed because 10.1.0.0/16 contained 10.1.0.1/32. Several segments are obtained 10.1.0.0/16,10.0.0.4/30,10.0.0.8/31,10.0.0.10/32.
Specifically, whether there is a network segment with a relation of inclusion can be determined according to a mask operation, and the contained network segment is removed.
1.3. All segments of all address groups are summarized and deduplication is performed.
As shown in FIG. 6, address set A contains 10.1.0.0/16,10.0.0.4/30,10.0.0.8/31,10.0.0.10/32;
address group B, after processing in step 1 and step 2, contains 10.2.0.0/16,10.0.0.4/30,10.0.0.9/32;
address set C, after processing in step 1 and step 2, contains 10.0.0.8/30,9.8.0.0/16.
The repeated network segment of the address group A and the address group B is 10.0.0.4/30, and after the repeated network segment in the address group A or the address group B is removed, the network segment after the address groups A, B and C are summarized is 10.1.0.0/16,10.0.0.4/30,10.0.0.8/31,10.0.0.10/32,10.2.0.0/16,10.0.0.9/32,10.0.0.8/30,9.8.0.0/16.
Thus, it can be obtained that, after the processing in steps 1.1 to 1.3, two network segments having an inclusion relationship necessarily belong to different address groups among the generated network segments.
1.4. As shown in fig. 7. Each network segment is assigned an integer ID, a structure is allocated, the ID and the statistics are recorded, and each address group respectively comprises which network segments and corresponding IDs.
2. Finishing network segment module
2.1 For IPv4 addresses, a total of 32 bit masks. The same masked segments in each address group are categorized together. The segments of the same mask are joined together to form a linked List, list1, list2, list 3.
As shown in fig. 8, the same masked segments may also be added to the same HASH table for faster subsequent lookups.
2.2 Adding all IP network segments into the longest prefix matching rule LPM, wherein the next hop of the LPM is the ID of the network segment.
Specifically, the longest prefix matching rule LPM is a network general technology, and will not be described in detail.
3. IP address matching module
In a per-flow statistics, the IP address in each data flow is obtained. And performing LPM inquiry on the IP address to acquire a network segment ID and updating the statistic value of the network segment.
4. Statistics module for summarizing address group
In a segment set, if there is a containment relationship between two segments, for example, segment 1 contains segment 2, then segment 1 is referred to as a parent segment and segment 2 is a child segment. Assuming that segment 3 is the longest parent segment of segment 2 that masks, segment 3 is referred to as the longest parent segment of segment 2.
After a statistical period, the statistical values in the statistical period need to be summarized and reported. Because an IP address, if belonging to a child, must also belong to a parent, and the LPM algorithm will hit the child, it is necessary to aggregate the statistics of the child to the statistics of the parent. And then summarizing the statistical values of all network segments to the corresponding address groups.
The segments in List32 are first processed. A certain network segment in List32 is denoted as net32. The longest parent segment is sequentially looked up from List31, list30. If found, the statistics of net32 are summarized to the longest parent segment.
As shown in FIG. 9, segments 10.0.0.9/32 find 10.0.0.8/31 in List31 as their longest parent segment, and aggregate the statistics of 10.0.0.9/32 segments onto 10.0.0.8/31.
The segments in List31, list30. Searching the longest father network segment, and summarizing the statistical value to the longest father network segment.
As shown in FIG. 10, 10.0.0.8/31 segments in List31 find 10.0.0.8/30 as its longest parent segment in List30, and aggregate the statistics of 10.0.0.8/31 segments to the statistics of 10.0.0.8/30.
After all the segments in List32 to List1 are processed, the statistics of each segment includes the statistics of its sub-segments.
In addition, in order to avoid repeated searching of the parent network segment for each statistics, the integer ID of the longest parent network segment of each sub-network segment can be recorded in the arrangement network segment module, and the sub-network segment statistics value is directly summarized to the longest parent network segment during summarization.
As shown in fig. 11, for each address group, the statistics of all segments included in the address group are summarized finally, so as to obtain the statistics of the address group.
As shown in fig. 12, there is provided an address group flow statistics apparatus including:
The first processing module is used for obtaining an IP network segment linked list set according to all address groups to be counted, wherein the address groups to be counted are configured by clients, the IP network segment linked list set is a set formed by a plurality of IP network segment linked lists, and each IP network segment linked list is a linked list formed by network segments belonging to the same mask;
The second processing module is used for responding to the received flow data packet in a statistic period, acquiring the IP address of the flow data packet, and refreshing the statistic item of the IP network segment in the IP network segment linked list set according to the longest prefix matching rule and the IP address of the flow data packet;
And the third processing module is used for refreshing the statistical items of the IP network segments in the IP network segment linked list set according to the IP network segments in the IP network segment linked list set and the longest father network segment of each IP network segment to obtain flow statistical values of all the address groups to be counted in one statistical period.
In some embodiments, the first processing module is specifically configured to convert group elements in each address group to be counted into a representation form of an IP network segment, obtain a corresponding subset of IP network segments, and aggregate all the subsets of IP network segments to obtain a first set of IP network segments;
removing repeated IP network segments and IP network segments with containing relations from the first IP network segment set to obtain a second IP network segment set;
and classifying the second IP network segment set according to a mask to obtain the IP network segment linked list set.
In some more specific embodiments, the first processing module is specifically configured to convert a group element in the form of an IP address in the group of addresses to be counted into a group element in the form of an IP network segment;
And converting the group elements in the form of the IP range in the group of the addresses to be counted into the group elements in the form of IP network segments.
In some more specific embodiments, the first processing module is specifically configured to determine whether an inclusion relationship exists between IP segments in each of the IP segment subsets;
if so, removing the contained IP network segment from the IP network segment subset;
Judging whether repeated IP network segments exist in all the IP network segment subsets;
if so, removing repeated IP network segments from the IP network segment subset to obtain the second IP network segment set;
Numbering each IP network segment in the second IP network segment set, and correlating the number of the IP network segment with the address group to be counted.
In some more specific embodiments, the first processing module is specifically configured to put IP segments having the same mask in the second IP segment set into one IP segment linked list, thereby obtaining a plurality of IP segment linked lists with different masks;
And placing each IP network segment linked list into a hash table, wherein the hash table is used for accelerating the searching of the longest father network segment of each IP network segment in the IP network segment linked list set.
In some embodiments, the second processing module is specifically configured to obtain, according to a longest prefix matching rule and an IP address of the flow data packet, an IP network segment to which the IP address of the flow data packet belongs, where the IP network segment is an IP network segment to which the IP address of the flow data packet obtained by matching the longest prefix matching rule in the IP network segment linked list set belongs;
And refreshing the statistical items of the IP network segments in the IP network segment linked list set.
In some embodiments, the third processing module is specifically configured to find a longest parent segment of each IP segment in the IP segment linked list set, to obtain a longest parent segment of each IP segment;
adding the statistical item of each IP network segment to the statistical item of the longest father IP network segment of the IP network segment;
And refreshing the statistical items of the IP network segments in the IP network segment linked list set into the corresponding statistical items of the group elements of the address groups to be counted according to the serial numbers of the IP network segments and the association relation of the address groups to be counted, so as to obtain the statistical items of the address groups to be counted.
In some more specific embodiments, the third processing module is specifically configured to search, in order from long to short, a longest parent segment of the sub-IP segment according to a first IP segment of a next IP segment linked list of an IP segment linked list to which the sub-IP segment belongs, with a first IP segment of the IP segment linked list having the longest mask in the set of IP segment linked lists as a sub-IP segment, to obtain a longest parent segment of the sub-IP segment;
and recording the serial number of the longest father network segment of the sub-IP network segment to the sub-IP network segment.
The above embodiment relates to an address group traffic statistics device. The method comprises the steps of obtaining an IP network segment linked list set according to all address groups to be counted, obtaining IP addresses of flow data packets in response to the received flow data packets in a counting period, refreshing the statistical items of the IP network segments in the IP network segment linked list set according to the longest prefix matching rule and the IP addresses of the flow data packets, and obtaining flow statistical values of all the address groups to be counted in the counting period according to the statistical items of the IP network segments in the IP network segment linked list set. The invention solves the problem that one IP address needs to be matched for a plurality of times, greatly reduces the searching and matching work, reduces the consumption of the equipment performance and improves the equipment performance.
The invention also provides a computer device, which comprises a memory and a processor, wherein the memory stores a computer program, and the processor realizes the address group flow statistics method according to any one of the technical schemes when executing the computer program.
The present invention also provides a computer readable storage medium having stored thereon a computer program which when executed by a processor implements an address group traffic statistics method as described in any of the above technical solutions.
The functional blocks shown in the above-described structural block diagrams may be implemented in hardware, software, firmware, or a combination thereof. When implemented in hardware, it may be, for example, an electronic circuit, an Application Specific Integrated Circuit (ASIC), suitable firmware, a plug-in, a function card, or the like. When implemented in software, the elements of the application are the programs or code segments used to perform the required tasks. The program or code segments may be stored in a machine readable medium or transmitted over transmission media or communication links by a data signal carried in a carrier wave. A "machine-readable medium" may include any medium that can store or transfer information. Examples of machine-readable media include electronic circuitry, semiconductor memory devices, ROM, flash memory, erasable ROM (EROM), floppy disks, CD-ROMs, optical disks, hard disks, fiber optic media, radio Frequency (RF) links, and the like. The code segments may be downloaded via computer networks such as the internet, intranets, etc.
It should also be noted that the exemplary embodiments mentioned in this disclosure describe some methods or systems based on a series of steps or devices. The present application is not limited to the order of the above-described steps, that is, the steps may be performed in the order mentioned in the embodiments, or may be performed in a different order from the order in the embodiments, or several steps may be performed simultaneously.
Aspects of the present application are described above with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, enable the implementation of the functions/acts specified in the flowchart and/or block diagram block or blocks. Such a processor may be, but is not limited to being, a general purpose processor, a special purpose processor, an application specific processor, or a field programmable logic circuit. It will also be understood that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware which performs the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In the foregoing, only the specific embodiments of the present application are described, and it will be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the systems, modules and units described above may refer to the corresponding processes in the foregoing method embodiments, which are not repeated herein. It should be understood that the scope of the present application is not limited thereto, and any equivalent modifications or substitutions can be easily made by those skilled in the art within the technical scope of the present application, and they should be included in the scope of the present application.