CN-121984928-A - ARM Linux system Ethernet storm restraining method, device, equipment and medium based on XDP and BPF cooperation

Abstract

The application discloses an ARM Linux system Ethernet storm restraining method, device, equipment and medium based on the cooperation of XDP and BPF, relating to the field of network flow control, comprising the steps of deploying an XDP BPF program in the kernel mode of ARM Linux equipment, and determining message information by utilizing the XDP BPF program; registering a BPF program to a corresponding network XDP hook when the equipment is powered on, wherein the BPF program is used for analyzing an Ethernet message, screening a broadcast message and a multicast message, writing message information determined based on the broadcast message and the multicast message into a shared data storage area, determining network flow in unit time according to the message information acquired from the shared data storage area, generating a first control instruction to execute discarding operation on a subsequently received broadcast message and multicast message if the network flow exceeds a preset threshold value, and generating a second control instruction to stop discarding operation if the network flow is restored to be not more than the preset threshold value.

Inventors

• XIE YONGBIN
• LIANG LULU
• TAO CHENG
• DONG GUOWEI

Assignees

• 浙江禾川科技股份有限公司

Dates

Publication Date

20260505

Application Date

20260403

Claims (10)

1. 1. An ARM Linux system Ethernet storm suppression method based on XDP and BPF cooperation is characterized by comprising the following steps: the method comprises the steps of deploying a pre-written XDP BPF program in an ARM Linux equipment kernel mode, utilizing the XDP BPF program to determine message information based on Ethernet messages acquired in a preset period, registering the BPF program to a corresponding network XDP hook when the equipment is powered on, analyzing the Ethernet messages received through a target network card by the BPF program, screening out broadcast messages and multicast messages, and writing the message information determined based on the broadcast messages and the multicast messages into a shared data storage area in the kernel; acquiring the message information from the shared data storage area through a preset statistical control application program, determining the network flow in unit time according to the message information, and comparing the network flow with a preset network storm threshold; if the network traffic exceeds the preset network storm threshold, generating and sending a first control instruction based on the statistical control application program so as to execute discarding operation on the subsequently received broadcast message and multicast message according to the first control instruction; If the network flow is recovered to be not more than the preset network storm threshold, generating and sending a second control instruction by using the statistical control application program, stopping the discarding operation according to the second control instruction, and recovering the normal processing flow of the broadcast message and the multicast message.
2. 2. The method for suppressing an ethernet storm in an ARM Linux system based on XDP and BPF cooperation according to claim 1, wherein determining the message information based on the ethernet message acquired in the preset period comprises: Carrying out message type identification on the Ethernet message received through the target network card in a preset period to obtain an identification result; counting the total amount of the broadcast messages and the multicast messages received by the target network card in the preset period based on the identification result; and counting the total amount of broadcast messages and multicast messages which are sent out from any source Ethernet address in the preset period and received by the target network card according to any source Ethernet address based on the identification result.
3. 3. The method for suppressing an ethernet storm of an ARM Linux system based on XDP and BPF coordination according to claim 2, wherein when counting the total amount of broadcast messages and multicast messages respectively corresponding to each source ethernet address, further comprising: If the number of the current counted source Ethernet addresses exceeds a preset number threshold, determining a target source address from the current counted source Ethernet addresses, wherein the target source address is the address farthest from the last updated time of the total amount of the messages corresponding to the target source address; And replacing the target source address by a new source Ethernet address which does not appear in the current counted source Ethernet addresses.
4. 4. The method for suppressing an ethernet storm in an ARM Linux system based on XDP and BPF cooperation according to claim 1, wherein said determining a network traffic per unit time according to said message information and comparing said network traffic with a preset network storm threshold comprises: Determining a first total amount of broadcast messages and multicast messages received through the target network card in unit time according to the message information; Determining a second total amount of broadcast messages and multicast messages which are sent from any source Ethernet address in unit time and received by the target network card aiming at any source Ethernet address; comparing the first total amount and the second total amount with corresponding preset network storm thresholds respectively; Wherein if the first total amount exceeds the corresponding preset network storm threshold, discarding the broadcast message and the multicast message which are subsequently received, and if the second total amount exceeds the corresponding preset network storm threshold, performing discarding operation on the broadcast message and the multicast message corresponding to the corresponding source Ethernet address.
5. 5. The method for suppressing an ethernet storm of an ARM Linux system based on XDP and BPF cooperation as set forth in claim 1, wherein said generating and issuing a first control command based on said statistical control application program to execute a discard operation on a subsequently received broadcast message and multicast message according to said first control command includes: Generating a first control instruction based on the statistical control application program, and writing the first control instruction into the shared data storage area; And reading the first control instruction from the shared data storage area by utilizing the XDP BPF program, and returning a message discarding signal to the kernel according to the first control instruction so that the kernel can execute discarding operation on a subsequently received broadcast message or multicast message in the kernel mode.
6. 6. The method for suppressing an ethernet storm of an ARM Linux system based on XDP and BPF cooperation as set forth in claim 1, wherein said generating and issuing a first control command based on said statistical control application program to execute a discard operation on a subsequently received broadcast message and multicast message according to said first control command includes: Generating a first control instruction containing a message filtering rule based on the statistical control application program, and sending the first control instruction to a hardware control module of the target network card through a hardware trigger action interface corresponding to the target network card; and analyzing the first control instruction by using the hardware control module and loading the message filtering rule to a physical layer hardware processing unit of the target network card so that the physical layer hardware processing unit can execute discarding operation on the subsequently received broadcast message and multicast message according to the message filtering rule.
7. 7. The method for suppressing an ethernet storm in an ARM Linux system based on XDP and BPF cooperation according to any one of claims 1 to 6, wherein after triggering a packet discard operation according to a first control instruction, further comprising: and starting a recovery timer, and generating and sending a second control instruction by using the statistical control application program when the value corresponding to the recovery timer reaches a preset recovery time threshold value, so as to stop the message discarding operation according to the second control instruction and recover the normal processing flow of the broadcast message and the multicast message.
8. 8. An ARM Linux system Ethernet storm restraining device based on XDP and BPF cooperation is characterized by comprising: The information determining module is used for deploying a pre-written XDP BPF program in the kernel mode of ARM Linux equipment, determining message information based on Ethernet messages acquired in a preset period by utilizing the XDP BPF program, wherein the BPF program is registered to a corresponding network XDP hook when the equipment is powered on, and is used for analyzing the Ethernet messages received by a target network card, screening out broadcast messages and multicast messages, and writing the message information determined based on the broadcast messages and the multicast messages into a shared data storage area in the kernel; the data comparison module is used for acquiring the message information from the shared data storage area through a preset statistical control application program, determining the network flow in unit time according to the message information, and comparing the network flow with a preset network storm threshold value; The message discarding execution module is used for generating and sending a first control instruction based on the statistical control application program if the network traffic exceeds the preset network storm threshold value so as to execute discarding operation on the subsequently received broadcast message and multicast message according to the first control instruction; And the message discarding stopping module is used for generating and sending a second control instruction by using the statistical control application program if the network flow is restored to be not more than the preset network storm threshold value, so as to stop the discarding operation according to the second control instruction and restore the normal processing flow of the broadcast message and the multicast message.
9. 9. An electronic device, comprising: A memory for storing a computer program; A processor, configured to execute the computer program to implement the ARM Linux system ethernet storm suppression method based on XDP and BPF cooperation as claimed in any one of claims 1 to 7.
10. 10. A computer readable storage medium for storing a computer program which when executed by a processor implements an ARM Linux system ethernet storm suppression method based on XDP in conjunction with BPF as claimed in any of claims 1 to 7.

Description

ARM Linux system Ethernet storm restraining method, device, equipment and medium based on XDP and BPF cooperation Technical Field The application relates to the field of network flow control, in particular to an ARM Linux system Ethernet storm restraining method, device, equipment and medium based on XDP and BPF cooperation. Background In the context of the internet of things and edge computing scenarios, embedded Linux devices based on ARM (Advanced RISC Machine) architecture are widely deployed, where the devices typically communicate through ethernet access to a local area network. In this environment, network storms, i.e., broadcast or multicast messages, generated by network loop or equipment anomalies are infinitely duplicated and forwarded by switches within the lan, a typical problem that severely affects system availability. The network storm can cause the target device to receive massive invalid messages in a very short time, so that the CPU (Central Processing Unit ) and memory resources of the target device are rapidly exhausted, and system blocking, slow response and even critical application breakdown are caused. In order to cope with network storm, the prior art scheme is mainly divided into two layers of hardware and software. In the hardware level, a storm suppression mechanism is built in part of a high-end Network switching chip or a Network card (NIC) INTERFACE CARD with advanced functions, and the broadcast/multicast message rate can be automatically limited in a physical port or MAC (MEDIA ACCESS Control) layer. However, such hardware solutions are costly, and not all network cards equipped with embedded devices support this functionality, with limited versatility. At the software level, the conventional protection method generally needs to modify network driver or protocol stack code of the Linux kernel to realize early filtering or speed limiting of the message. The method is complex to implement and easy to introduce system instability factors, and modification of kernel codes can lead to deviation of device firmware and standard kernel branches, so that great difficulty is brought to subsequent system upgrading and maintenance. In recent years, the Linux kernel introduces a technical framework of XDP (eXpress Data Path, fast data path) combined with BPF (Berkeley PACKET FILTER ), and provides a safe and efficient programmable interface for the kernel network data plane. XDP allows the BPF program written by a user to be dynamically loaded and run at the earliest stage of message processing on the premise of not modifying kernel source codes, so that the rapid filtering and forwarding of the messages are realized. At present, XDP BPF technology is mostly used for realizing network functions such as firewall and load balancing, but is still blank in the specific field of real-time detection and dynamic suppression of network storms, especially in the systematic application in the embedded environment with limited resources. The existing XDP application does not design a complete monitoring, threshold judgment and software-hardware cooperative elastic suppression mechanism aiming at the characteristics of the network storm. Disclosure of Invention In view of the above, the present application aims to provide an method, an apparatus, a device, and a medium for suppressing an ethernet storm of an ARM Linux system based on the cooperation of XDP and BPF, which efficiently implement real-time detection and dynamic suppression of a network storm by deploying an XDP BPF program in a kernel mode of the ARM Linux device. The specific scheme is as follows: In a first aspect, the present application provides an ARM Linux system ethernet storm suppression method based on XDP and BPF cooperation, including: the method comprises the steps of deploying a pre-written XDP BPF program in an ARM Linux equipment kernel mode, utilizing the XDP BPF program to determine message information based on Ethernet messages acquired in a preset period, registering the BPF program to a corresponding network XDP hook when the equipment is powered on, analyzing the Ethernet messages received through a target network card by the BPF program, screening out broadcast messages and multicast messages, and writing the message information determined based on the broadcast messages and the multicast messages into a shared data storage area in the kernel; acquiring the message information from the shared data storage area through a preset statistical control application program, determining the network flow in unit time according to the message information, and comparing the network flow with a preset network storm threshold; if the network traffic exceeds the preset network storm threshold, generating and sending a first control instruction based on the statistical control application program so as to execute discarding operation on the subsequently received broadcast message and multicast message according to the first cont