CN101883016A - System and method for generating deep packet inspection equipment linkage strategy - Google Patents
System and method for generating deep packet inspection equipment linkage strategy Download PDFInfo
- Publication number
- CN101883016A CN101883016A CN2009100831894A CN200910083189A CN101883016A CN 101883016 A CN101883016 A CN 101883016A CN 2009100831894 A CN2009100831894 A CN 2009100831894A CN 200910083189 A CN200910083189 A CN 200910083189A CN 101883016 A CN101883016 A CN 101883016A
- Authority
- CN
- China
- Prior art keywords
- strategy
- dpi
- information
- decision
- submodule
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a deep packet inspection equipment linkage strategy generating system, which comprises a deep packet inspection (DPI) execution mechanism, a DPI linkage information control center and a strategy decision module, wherein the DPI execution mechanism is used for identifying and controlling service traffic and supplying information of DPI equipment to the DPI linkage information control center; the DPI linkage information control center is used for managing registration of the DPI equipment and acquisition and maintenance of the equipment information and supplying the acquired information to the strategy decision module by classification; and the strategy decision module is used for acquiring various information of the DPI equipment from the DPI linkage information control center, generating an executable application strategy according to the acquired information and transmitting the generated application strategy to the DPI execution mechanism. The invention also discloses a DPI equipment linkage strategy generating method at the same time. The system and the method can realize centralized management and analysis on the scattered DPI equipment.
Description
Technical field
The present invention relates to deep packet inspection technology, especially relate to a kind of deep packet inspection equipment linkage strategy generation system and method.
Background technology
Sharp increase along with Internet service, realization is the problem that each link of industrial chain all relatively is concerned about based on the controlled of miscellaneous service, but, realize discerning corresponding various application exactly based on the management and control most important condition of dredging of miscellaneous service, use deep message detection (DPI, Deep Packet Inspection) technology is undoubtedly the optimal selection as the traffic identification function.
So-called DPI technology is a kind of flow detection and control technology based on application layer, DPI is relative with the level of analysis of common message, generally, common message detects the only following content of analyzing IP layer data packet, comprising: source address, destination address, source port, destination interface and protocol type; And DPI has also increased the analysis to application layer except the step analysis to the front, can discern various application even its content.
The equipment of realizing the DPI technology is called DPI equipment, is the equipment that possesses business data flow identification, business datum flow-control capability.When the data flow of IP packet, transmission control protocol (TCP) or User Datagram Protocol (UDP) is passed through DPI equipment, this equipment comes the application layer message in the ICP/IP protocol is analyzed by the content that deeply reads IP packet load, thereby identifies real application type and feature.Therefore, utilize the DPI technology in IP network, to dispose the DPI system, can realize functions such as the traffic identification in the network operation, professional control and business statistics.The DPI technical work connects (OSI in open system, Open SystemInterconnect) transport layer of model is to application layer, have high Data Stream Processing ability, can discern and traffic management, can be deployed in net's backbone, metropolitan area network and enterprise network inside network institute loaded service.
But, because the independence of the dispersed and management of current DPI deployed with devices very likely causes the unbalanced of DPI device processes service traffics; In addition, because certain DPI device fails also can cause local Business Processing failure.At present, not having scheme to propose that through part is deployed in the network each DPI equipment and corresponding information as yet manages concentratedly.
Summary of the invention
In view of this, main purpose of the present invention is to provide a kind of deep packet inspection equipment linkage strategy generation system and method, can realize DPI equipment and information centralized management and analysis to disperseing.
For achieving the above object, technical scheme of the present invention is achieved in that
The invention provides a kind of deep packet inspection equipment linkage strategy generation system, comprising: deep message detects DPI actuator, DPI interlock information control center and policy decision module; Wherein,
DPI actuator is used for service traffics are discerned and controlled, and also is used for providing to DPI interlock information control center the information of each DPI equipment;
The DPI information control center that links, the information that is used to collect each DPI equipment, and the information classification of collecting offered policy decision module;
Policy decision module is used for from the information of DPI interlock information control center collection DPI equipment, and generates executable application strategy according to the information of collecting, and again the application strategy that is generated is handed down to DPI actuator.
In the such scheme, described policy decision module comprises that DPI equipment linkage tactical management submodule, strategy generate submodule; Wherein, described DPI equipment linkage tactical management submodule is used to receive strategy and generates the application strategy that submodule reports, and generates executable application strategy and issues DPI actuator according to the application strategy that reports; Described strategy generates submodule, is used to receive the various DPI facility informations that DPI interlock information control center reports, and generate various strategies according to the DPI facility information of receiving, and the strategy that will generate offers DPI equipment linkage tactical management submodule.
In the such scheme, the information of described DPI equipment includes but not limited to the routing iinformation of DPI equipment, the state information of DPI equipment, the recognition result information of DPI equipment, the flow information of DPI equipment, the related information of DPI equipment;
Described strategy generate submodule comprise in related identification control strategic decision-making submodule, traffic sharing linkage strategy decision-making submodule, the troubleshooting linkage strategy decision-making submodule any one or a plurality of.
In the such scheme, described strategy generates submodule and comprises related identification control strategic decision-making submodule, traffic sharing linkage strategy decision-making submodule and troubleshooting linkage strategy decision-making submodule;
Described related identification control strategic decision-making submodule, be used for obtaining the related information of DPI equipment from DPI interlock information control center, carry out corresponding control decision according to the related information that obtains, and the control strategy that self generates is reported DPI equipment linkage tactical management submodule;
Described traffic sharing linkage strategy decision-making submodule, be used for obtaining the flow information of DPI equipment from DPI interlock information control center, carry out the traffic sharing strategic decision-making according to the flow information that obtains, and the traffic sharing strategy that self produces is reported DPI equipment linkage tactical management submodule;
Described troubleshooting linkage strategy decision-making submodule, be used for obtaining the state information of DPI equipment from DPI interlock information control center, carry out the troubleshooting strategic decision-making according to the state information of obtaining, and the troubleshooting strategy that self produces is reported DPI equipment linkage tactical management submodule.
This system further comprises the centralized policy administration module, is used to coordinate and manage the above linkage strategy generation system, generates and issues the corresponding management strategy and give its compass of competency interior policy decision module; Accordingly, DPI equipment linkage tactical management submodule also is used to receive the strategy that the centralized policy administration module issues; Generate executable application strategy in conjunction with the analysis of strategies of being received afterwards.
This system further comprises external management and decision system, is used to generate the strategy that DPI equipment is managed, and the strategy that is generated is offered policy decision module; Accordingly, DPI equipment linkage tactical management submodule also is used to receive the strategy from external management and decision system editor and importing/derivation; Generate executable application strategy in conjunction with the various policy information analyses of being received afterwards.
The present invention also provides a kind of deep packet inspection equipment linkage strategy-generating method, comprising:
Obtain the information of each DPI equipment, determine different application strategies according to the information of being obtained, a definite above application strategy of basis generates executable application strategy and issues again afterwards.
In the such scheme, the described information of obtaining each DPI equipment is: each the strategic decision-making submodule in the information classification reporting policy decision-making module of each DPI equipment that will obtain;
Accordingly, describedly determine that according to the information of being obtained different application strategies is: each strategic decision-making submodule generates self application strategy according to the information of receiving, and with the DPI equipment linkage tactical management submodule in the application strategy reporting policy decision-making module that generates;
The executable application strategy of described generation also issues to: DPI equipment linkage tactical management submodule generates the application strategy of carrying out according to the application strategy that reports and also issues DPI actuator.
The present invention also provides a kind of deep packet inspection equipment linkage strategy-generating method, comprising:
Obtain the information of each DPI equipment, determine different application strategies according to the information of being obtained, afterwards according to an above application strategy of determining, and generate executable application strategy and issue in conjunction with the policy information that centralized policy administration module and/or external management and decision system provide.
In the such scheme, the described information of obtaining each DPI equipment is: each the strategic decision-making submodule in the information classification reporting policy decision-making module of each DPI equipment that will obtain;
Accordingly, describedly determine that according to the information of being obtained different application strategies is: each strategic decision-making submodule generates self application strategy according to the information of receiving, and with the DPI equipment linkage tactical management submodule in the application strategy reporting policy decision-making module that generates;
The executable application strategy of described generation also issues the strategy that generates according to the application strategy that reports, policy information that the centralized policy administration module issues and/or external management and decision system for: DPI equipment linkage tactical management submodule, analyze and generate executable application strategy, and issue DPI actuator.
Deep packet inspection equipment linkage strategy generation system provided by the present invention and method, obtain the various information of each DPI equipment, tentatively determine different application strategies according to the various information of being obtained, the a plurality of application strategies that to tentatively determine carry out analysis-by-synthesis afterwards, generate final executable application strategy and issue.So, whole system can in time be adjusted application strategy according to the state variation of all DPI equipment, such as: traffic sharing, troubleshooting or the like, information according to each DPI equipment is formulated linkage strategy, reaches through part is deployed on the purpose that each the DPI equipment in the network is managed concentratedly.
The present invention adopts the two stage application strategy to determine mechanism when formulating application strategy, earlier by the application strategy of each self-generating of module self of handling at certain category information specially, by policy decision module all application strategy analysis-by-synthesis, generate final executable application strategy again to receiving.Can effectively realize the DPI equipment that is deployed in the network is carried out transfer of flow optimization and fault situation amount or the like by application of the present invention, and then realize coordination between each DPI equipment, reliable cooperating.
Further, policy decision module of the present invention, be specially the application strategy that the DPI equipment linkage tactical management submodule in the policy decision module can also report each strategic decision-making submodule, application strategy that issues in conjunction with the centralized policy administration module and/or external management and decision system are carried out comprehensive analysis and judgement for its application strategy that provides, generate the more suitable application strategy carried out, so, can be better the traffic management of each DPI equipment in the network be optimized, can coordinates the work between each DPI equipment better.
Description of drawings
Fig. 1 is the composition structural representation of DPI linkage strategy generation system of the present invention;
Fig. 2 is the composition structural representation of DPI linkage strategy generation system one embodiment of the present invention;
Fig. 3 is the realization flow schematic diagram of DPI linkage strategy generation method of the present invention.
Embodiment
Basic thought of the present invention is: obtain the various information of each DPI equipment, tentatively determine different application strategies according to the various information of being obtained, the preliminary a plurality of application strategies determined of basis generate final executable application strategy and issue afterwards.
Further, the present invention can also be with a plurality of application strategies of tentatively determining, application strategy that issues with the centralized policy administration module and/or external management and decision system are carried out analysis and judgement for its application strategy that provides combines, and generate the more suitable application strategy carried out.
As shown in Figure 1, deep packet inspection equipment linkage strategy generation system of the present invention mainly comprises: DPI actuator 11, DPI interlock information control center 12 and policy decision module 13; Wherein,
DPI actuator 11 is DPI interlocking equipment groups, is used for identification and the control of specific implementation to service traffics, also is used for providing to DPI interlock information control center 12 information of each DPI equipment; And the application strategy that can issue according to policy decision module is to the executive control operation of DPI equipment.
Here, described information can comprise the routing iinformation of DPI equipment, the state information of DPI equipment, the recognition result information of DPI equipment, the flow information of DPI equipment, related information of DPI equipment or the like; It is described that executive control operation can be the transfer of data traffic to DPI equipment, such as: the data of faulty equipment transmission are changeed by operate as normal and the little one or more device transmission of load; A part of data on the equipment that load is big are changeed by the little one or more device transmission of load.
The DPI information control center 12 that links is used for managing the registration of DPI equipment group equipment, the collection and the maintenance of facility information, and the strategy that the DPI facility information of collecting is offered in the policy decision module generates submodule.
In the system shown in Figure 1, finishing the decision-making of DPI linkage strategy is policy decision module 13 with the module that issues most critical, policy decision module 13 is used for from the various information of DPI interlock information control center 12 collection DPI equipment, and generate executable application strategy according to the information of collecting, again the application strategy that is generated is handed down to DPI actuator 11.
In actual applications, described policy decision module 13 can be used as functional module and is integrated in the Network Management Equipment, also can be used as the independent network equipment, such as: separately as the strategic decision-making server.Concrete, this policy decision module 13 generates submodule 130 by DPI equipment linkage tactical management submodule 131 and strategy and forms.Wherein,
DPI equipment linkage tactical management submodule 131, it is the center of executable application strategy final decision and issue, this submodule specifically is used to finish following function: receive from strategy and generate the various strategies that submodule 130 generates according to all kinds of DPI facility informations of collecting, the various strategies that receive of analysis-by-synthesis produce executable application strategy again; To DPI actuator 11 issue identification masterplates and the final application strategy that produces.
Here, described analysis-by-synthesis can be that the different application strategy of receiving is judged, relatively, according to the degree of association between each application strategy, whether overlapping, whether conflict or the like condition is arranged, determine that optimum application strategy is final executable application strategy.
This submodule also can be used for carrying out the adjustment of priority to using strategy, selects the high application strategy of priority as final executable application strategy; Accordingly, the application strategy that is final generation and adjusts that DPI actuator 11 is issued through priority.
Strategy generates submodule 130, is used to receive the various DPI facility informations that DPI interlock information control center 12 reports, and generate various strategies according to the DPI facility information of receiving, and the strategy that will generate offers DPI equipment linkage tactical management submodule 131;
Described strategy generate submodule 130 can comprise in related identification control strategic decision-making submodule 132, traffic sharing linkage strategy decision-making submodule 133, the troubleshooting linkage strategy decision-making submodule 134 any one or a plurality of.That is to say that it can be any one submodule or the combination of any two submodules or the combination of three submodules among related identification control strategic decision-making submodule 132, traffic sharing linkage strategy decision-making submodule 133, troubleshooting linkage strategy decision-making submodule 134 threes that strategy generates submodule 130.
Accordingly, DPI interlock information control center 12 offers corresponding strategic decision-making submodule in the policy decision module with the information classification of collecting.Here, described classification is meant that all information that will receive are by different classes of differentiation, such as: be divided into the recognition result information of DPI equipment, the routing iinformation of DPI equipment, the state information of DPI equipment, the flow information of DPI equipment, related information of DPI equipment or the like, so, different classes of information can be reported different strategic decision-making submodules.
In the practical application, a certain category information only can be reported a corresponding strategy decision-making submodule, such as: with state information report troubleshooting strategic decision-making submodule etc.; Also can a few category informations be reported same strategic decision-making submodule according to the correlation of information and strategic decision-making submodule, such as: routing iinformation, state information are all reported troubleshooting strategic decision-making submodule; Can also a certain category information be reported a plurality of strategic decision-making submodules according to the correlation of information and strategic decision-making submodule, such as: routing iinformation is reported traffic sharing linkage strategy decision-making submodule, troubleshooting strategic decision-making submodule.
In this case, DPI equipment linkage tactical management submodule 131 receives the various generation strategies of auto correlation identification control strategic decision-making submodule 132, traffic sharing linkage strategy decision-making submodule 133, troubleshooting linkage strategy decision-making submodule 134.
Concrete, related identification control strategic decision-making submodule 132, be used for obtaining the related information that obtains because of the traffic identification needs at different DPI equipment rooms from DPI interlock information control center 12, carry out corresponding control decision according to the related information that obtains, and the control strategy that self generates reported DPI equipment linkage tactical management submodule 131, do final application strategy decision-making by DPI equipment linkage tactical management submodule 131., can be defined as same business datum by identification, and then formulate corresponding processing policy during such as: same business datum different DPI facility informations by different DPI device transmission.
Traffic sharing linkage strategy decision-making submodule 133, be used for obtaining the flow information of DPI equipment from DPI interlock information control center 12, carry out the traffic sharing strategic decision-making according to the flow information that obtains, and the traffic sharing strategy that self produces reported DPI equipment linkage tactical management submodule 131, do final application strategy decision-making by DPI equipment linkage tactical management submodule 131.Here, the principle of carrying out the traffic sharing strategic decision-making is the flow equilibrium optimization that makes between each DPI equipment in application layer.
Troubleshooting linkage strategy decision-making submodule 134, be used for obtaining the state information of DPI equipment from DPI interlock information control center 12, carry out the troubleshooting strategic decision-making according to the state information of obtaining, and the troubleshooting strategy that self produces reported DPI equipment linkage tactical management submodule 131, do final application strategy decision-making by DPI equipment linkage tactical management submodule 131.
The purpose of this submodule is evaded the equipment risk exactly, service disconnection and relevant issues that timely treatment facility fault is brought.In the practical application, this submodule also can receive DPI facility informations such as routing iinformation, and the various information that combination is received when carrying out strategic decision-making generates the troubleshooting strategy of self.Such as: can determine which DPI device fails according to state information, can know the traffic load situation of each DPI equipment according to routing iinformation, it is proper just can to determine that according to this load condition data flow transmitted on the fault DPI equipment is transferred to which or which DPI equipment so, the data flow normal transmission can be guaranteed, flow equalization optimization can be reached again.
In actual applications, if there are a plurality of linkage strategy generation systems of forming by DPI actuator 11, DPI interlock information control center 12 and policy decision module 13 in the network simultaneously, so, in order to coordinate and manage a plurality of such linkage strategy generation systems, can further comprise centralized policy administration module 15 among Fig. 1, connection strategy decision-making module 13, be used to coordinate and manage the above linkage strategy generation system, generate and issue corresponding management strategy and give its compass of competency interior policy decision module 13.
In actual applications, system shown in Figure 1 can also comprise external management and decision system 14, is outside decision management system, is used to generate the strategy that DPI equipment is managed, and the strategy that is generated is offered policy decision module 13.
For the situation that increases centralized policy administration module 15 and/or external management and decision system 14, accordingly, DPI equipment linkage tactical management submodule 131, also be used to receive the various strategies that issue from centralized policy administration module 15, and/or be used to handle strategy from external management and decision system 14 editors and importing/derivation; Carry out analysis-by-synthesis in conjunction with the various strategies of being received afterwards, generate final executable application strategy.Here, the various policy informations that carry out analysis-by-synthesis comprise strategy from policy decision module 13, from the strategy of centralized policy administration module 15 and/or from the strategy of external management and decision system 14.
Here, the various strategies received of described combination carry out analysis-by-synthesis and specifically can be: policy decision module 13 is formulated corresponding strategy according to the information that DPI interlock information control center 12 is obtained; Policy decision module 13 receives the corresponding strategy that centralized policy administration module 15 is issued simultaneously; Afterwards, policy decision module 13 can compare analysis to strategy of self formulating and the strategy that receives, and determines final executable application strategy.If: the strategy that policy decision module 13 is formulated is: certain application traffic such as VOIP flow to certain DPI equipment should be controlled at 10Mbps; And the strategy that centralized policy administration module 15 is formulated is to limit the VOIP flow of all DPI equipment under it at 5Mbps, and the tactful priority height of centralized policy administration module 15 is because the strategy that the centralized policy administration module is formulated may relate to overall a plurality of linkage strategy generation system; Then after policy decision module 13 analysis-by-synthesis, the 5Mbps that centralized policy administration module 15 is formulated according to the priority of decision-making is applied to corresponding DPI equipment.
Among the present invention, strategic decision-making is primarily aimed at linkage strategy, therefore, and the information and executing that can be provided according to external management and decision system 14 for the identification of business and control strategy; Also can formulate corresponding identification and the strategy of controlling, select the strategy of policy decision module 13 or the strategy of external management and decision system 14 for use according to priority by external management and decision system 14.
Fig. 2 is specific embodiments of the invention, and in the present embodiment, strategy generates submodule 130 and comprises related identification control strategic decision-making submodule 132, traffic sharing linkage strategy decision-making submodule 133,134 3 submodules of troubleshooting linkage strategy decision-making submodule.Representing different classes of information with different filling modes among Fig. 2, is three category informations here, represents with black filling, oblique line filling and blank the filling respectively; Accordingly, DPI interlock information control center 12 represents to transmit the data flow that black is filled to the solid line of related identification control strategic decision-making submodule 132; DPI interlock information control center 12 represents to transmit the data flow that oblique line is filled to the dotted line of traffic sharing linkage strategy decision-making submodule 133; DPI interlock information control center 12 represents to transmit blank data flow of filling to the chain-dotted line of troubleshooting linkage strategy decision-making submodule 134.
As shown in Figure 2, DPI interlock information control center 12 obtains the information of DPI equipment from DPI actuator 11, and corresponding strategy decision-making submodule in the reporting policy decision-making module 13 will be distinguished after the information classification of being obtained: related identification control strategic decision-making submodule 132, traffic sharing linkage strategy decision-making submodule 133, troubleshooting linkage strategy decision-making submodule 134, each strategic decision-making submodule generates the application strategy of self according to the corresponding information of receiving, and the application strategy that self generates reported DPI equipment linkage tactical management submodule 131,131 pairs of strategic decision-making information that receive from each strategic decision-making submodule of DPI equipment linkage policy management module are carried out analysis-by-synthesis, and final decision produces executable application strategy and is issued to DPI actuator 11, after executable application strategy is received by DPI actuator 11, according to the application strategy that issues DPI equipment is carried out control operation, such as the transferring data flow, share data traffic etc.
Here, described analysis-by-synthesis is meant that DPI equipment linkage policy management module 131 will be in conjunction with the policy information from each tactful submodule, and analysis draws executable application strategy.Such as: DPI equipment linkage policy management module 131 is received from traffic sharing linkage strategy decision-making submodule 133, the strategy of troubleshooting linkage strategy decision-making submodule 134, wherein, the strategy of traffic sharing linkage strategy decision-making submodule 133 provides the network topology structure of each node device of current operate as normal, the strategy of troubleshooting linkage strategy decision-making submodule 134 provides the current node device that breaks down and points out to walk circuitous path, so, after DPI equipment linkage policy management module 131 is received these two strategies, earlier determine that according to the strategy of troubleshooting linkage strategy decision-making submodule 134 which node device breaks down, again according to definite each node device of upstream and downstream that is connected with this malfunctioning node equipment of the strategy of traffic sharing linkage strategy decision-making submodule 133, and all node devices that connect between each node device of this upstream and downstream, therefrom select the node device of suitable replacement malfunctioning node equipment afterwards according to routing algorithm.As seen, analysis-by-synthesis is just to draw final application strategy in conjunction with the policy information from each side; Or, from several similar strategies, select priority strategy high or preferable or the most suitable current running environment as final executable application strategy.
Give an example in conjunction with concrete the application, suppose that DPI1, DPI2 are arranged in the network, four DPI equipment of DPI3, DPI4, wherein, four DPI equipment are all supported the P2P agreement, and DPI1 links to each other with DPI2, DPI3 respectively, DPI2, DPI3 all connect DPI4, and the data flow that transfers to DPI4 from DPI1 is transmitted via DPI2.
When DPI2 broke down, at first, DPI interlock information control center 12 obtains the information of DPI equipment from DPI actuator 11: DPI1~DPI4 all supported the P2P agreement; DPI1 links to each other with DPI2, DPI3, and DPI2, DPI3 link to each other with DPI4, and DPI1 transmits data by DPI2 to DPI4; DPI4 breaks down.
Then, after DPI interlock information control center 12 obtained above-mentioned information, these information are divided three classes: DPI1~DPI4 all supported the P2P agreement to belong to recognition result information; The annexation of DPI1, DPI2, DPI3, DPI4, and DPI1 belongs to routing iinformation to the path that DPI4 transmission data are walked; DPI4 breaks down and belongs to state information.
Afterwards, DPI interlock information control center 12 reports related identification control strategic decision-making submodule 132 with recognition result information; Routing iinformation is reported traffic sharing linkage strategy decision-making submodule 133 and troubleshooting linkage strategy decision-making submodule 134; With state information report troubleshooting linkage strategy decision-making submodule 134.
Related identification control strategic decision-making submodule 132, traffic sharing linkage strategy decision-making submodule 133 and troubleshooting linkage strategy decision-making submodule 134 generate the application strategy of self separately according to the information of receiving; Wherein, after troubleshooting linkage strategy decision-making submodule 134 is received routing iinformation and state information, generate the strategic decision-making of self according to state information and routing iinformation: DPI1 via the data of DPI2 to the DPI4 transmission, is transferred to via DPI3 and transmits to DPI4.
At last, troubleshooting linkage strategy decision-making submodule 134 reports DPI equipment linkage policy management module 131 with the strategic decision-making that self generates, DPI equipment linkage policy management module 131 is through analysis-by-synthesis, for troubleshooting, DPI1 is transferred data to DPI4 as final executable application strategy via DPI3, and issue this application strategy to DPI actuator 11, DPI actuator 11 carries out control and treatment according to the application strategy of receiving to DPI1~DPI4, and the data that DPI1 sent DPI4 are transmitted via DPI3.
Based on said apparatus, the present invention also provides a kind of deep packet inspection equipment linkage strategy-generating method, and the concrete processing procedure of this method may further comprise the steps as shown in Figure 3:
Step 301:DPI interlock information control center obtains the information of each DPI equipment from DPI actuator, and the strategy of reporting policy decision-making module generates submodule;
Here, if generating in the submodule, strategy comprises a plurality of strategic decision-making submodules, for example: comprise related identification control strategic decision-making submodule, traffic sharing linkage strategy decision-making submodule, troubleshooting linkage strategy decision-making submodule, then DPI interlock information control center can be with after the classification of DPI facility information, and reporting policy generates each strategic decision-making submodule in the submodule.Wherein, the information of described DPI equipment can be routing iinformation and/or the state information of DPI equipment and/or recognition result information and/or the flow information of DPI equipment and/or the related information of DPI equipment of DPI equipment of DPI equipment.
Step 302: strategy generates submodule and generates various application strategies according to the corresponding information of receiving, and with the DPI equipment linkage tactical management submodule in the application strategy reporting policy decision-making module that generates;
Here, be made up of a plurality of strategic decision-making submodules if strategy generates submodule, then each strategic decision-making submodule generates the application strategy of self separately according to the corresponding information of receiving, reports DPI equipment linkage tactical management submodule.
The various application strategies that step 303:DPI equipment linkage tactical management submodule analysis-by-synthesis is received, and finally form executable application strategy, be issued to DPI actuator;
Here, if DPI equipment linkage tactical management submodule also connects centralized policy administration module and/or external management and decision system; So, the executable application strategy of described final formation is: according to an above application strategy of determining, and the policy information that the policy information that issues in conjunction with the centralized policy administration module and/or external management and decision system provide generates final executable application strategy.
The final executable application strategy that step 304:DPI actuator issues according to policy decision module is carried out corresponding control operation to each DPI equipment.
This step is optional for DPI equipment linkage strategy-generating method.
By above-mentioned processing procedure as can be seen: adopt method provided by the present invention, effectively DPI facility information of disposing in the integrated network and service condition etc., carry out the formulation of corresponding strategy decision-making, and then effectively realize the optimization equilibrium of DPI recognition of devices service traffics, and the functions such as transfer of data traffic under the single DPI equipment fault situation.
The above is preferred embodiment of the present invention only, is not to be used to limit protection scope of the present invention, all any modifications of being done within the spirit and principles in the present invention, is equal to and replaces and improvement etc., all should be included within protection scope of the present invention.
Claims (12)
1. a deep packet inspection equipment linkage strategy generation system is characterized in that this system comprises: deep message detection DPI actuator, DPI interlock information control center and policy decision module; Wherein,
DPI actuator is used for service traffics are discerned and controlled, and also is used for providing to DPI interlock information control center the information of each DPI equipment;
The DPI information control center that links, the information that is used to collect each DPI equipment, and the information classification of collecting offered policy decision module;
Policy decision module is used for from the information of DPI interlock information control center collection DPI equipment, and generates executable application strategy according to the information of collecting, and again the application strategy that is generated is handed down to DPI actuator.
2. deep packet inspection equipment linkage strategy generation system according to claim 1 is characterized in that, described policy decision module comprises that DPI equipment linkage tactical management submodule, strategy generate submodule;
Wherein, described DPI equipment linkage tactical management submodule is used to receive strategy and generates the application strategy that submodule reports, and generates executable application strategy and issues DPI actuator according to the application strategy that reports;
Described strategy generates submodule, is used to receive the various DPI facility informations that DPI interlock information control center reports, and generate various strategies according to the DPI facility information of receiving, and the strategy that will generate offers DPI equipment linkage tactical management submodule.
3. deep packet inspection equipment linkage strategy generation system according to claim 2, it is characterized in that the information of described DPI equipment includes but not limited to the routing iinformation of DPI equipment, the state information of DPI equipment, the recognition result information of DPI equipment, the flow information of DPI equipment, the related information of DPI equipment;
Described strategy generate submodule comprise in related identification control strategic decision-making submodule, traffic sharing linkage strategy decision-making submodule, the troubleshooting linkage strategy decision-making submodule any one or a plurality of.
4. deep packet inspection equipment linkage strategy generation system according to claim 2, it is characterized in that described strategy generates submodule and comprises related identification control strategic decision-making submodule, traffic sharing linkage strategy decision-making submodule and troubleshooting linkage strategy decision-making submodule;
Described related identification control strategic decision-making submodule, be used for obtaining the related information of DPI equipment from DPI interlock information control center, carry out corresponding control decision according to the related information that obtains, and the control strategy that self generates is reported DPI equipment linkage tactical management submodule;
Described traffic sharing linkage strategy decision-making submodule, be used for obtaining the flow information of DPI equipment from DPI interlock information control center, carry out the traffic sharing strategic decision-making according to the flow information that obtains, and the traffic sharing strategy that self produces is reported DPI equipment linkage tactical management submodule;
Described troubleshooting linkage strategy decision-making submodule, be used for obtaining the state information of DPI equipment from DPI interlock information control center, carry out the troubleshooting strategic decision-making according to the state information of obtaining, and the troubleshooting strategy that self produces is reported DPI equipment linkage tactical management submodule.
5. deep packet inspection equipment linkage strategy generation system according to claim 4, it is characterized in that, this system further comprises the centralized policy administration module, be used to coordinate and manage the above linkage strategy generation system, generate and issue the corresponding management strategy and give its compass of competency interior policy decision module;
Accordingly, DPI equipment linkage tactical management submodule also is used to receive the strategy that the centralized policy administration module issues; Generate executable application strategy in conjunction with the analysis of strategies of being received afterwards.
6. according to claim 4 or 5 described deep packet inspection equipment linkage strategy generation systems, it is characterized in that, this system further comprises external management and decision system, is used to generate the strategy that DPI equipment is managed, and the strategy that is generated is offered policy decision module;
Accordingly, DPI equipment linkage tactical management submodule also is used to receive the strategy from external management and decision system editor and importing/derivation; Generate executable application strategy in conjunction with the analysis of strategies of being received afterwards.
7. a deep packet inspection equipment linkage strategy-generating method is characterized in that, this method comprises:
Obtain the information of each DPI equipment, determine different application strategies according to the information of being obtained, a definite above application strategy of basis generates executable application strategy and issues again afterwards.
8. deep packet inspection equipment linkage strategy-generating method according to claim 7 is characterized in that, the described information of obtaining each DPI equipment is: each the strategic decision-making submodule in the information classification reporting policy decision-making module of each DPI equipment that will obtain;
Accordingly, describedly determine that according to the information of being obtained different application strategies is: each strategic decision-making submodule generates self application strategy according to the information of receiving, and with the DPI equipment linkage tactical management submodule in the application strategy reporting policy decision-making module that generates;
The executable application strategy of described generation also issues to: DPI equipment linkage tactical management submodule generates the application strategy of carrying out according to the application strategy that reports and also issues DPI actuator.
9. according to claim 7 or 8 described deep packet inspection equipment linkage strategy-generating methods, it is characterized in that the information of described DPI equipment includes but not limited to the routing iinformation of DPI equipment, the state information of DPI equipment, the recognition result information of DPI equipment, the flow information of DPI equipment, the related information of DPI equipment.
10. a deep packet inspection equipment linkage strategy-generating method is characterized in that, this method comprises:
Obtain the information of each DPI equipment, determine different application strategies according to the information of being obtained, afterwards according to an above application strategy of determining, and generate executable application strategy and issue in conjunction with the policy information that centralized policy administration module and/or external management and decision system provide.
11. deep packet inspection equipment linkage strategy-generating method according to claim 10 is characterized in that, the described information of obtaining each DPI equipment is: each the strategic decision-making submodule in the information classification reporting policy decision-making module of each DPI equipment that will obtain;
Accordingly, describedly determine that according to the information of being obtained different application strategies is: each strategic decision-making submodule generates self application strategy according to the information of receiving, and with the DPI equipment linkage tactical management submodule in the application strategy reporting policy decision-making module that generates;
The executable application strategy of described generation also issues the strategy that generates according to the application strategy that reports, policy information that the centralized policy administration module issues and/or external management and decision system for: DPI equipment linkage tactical management submodule, analyze and generate executable application strategy, and issue DPI actuator.
12. according to claim 10 or 11 described deep packet inspection equipment linkage strategy-generating methods, it is characterized in that the information of described DPI equipment includes but not limited to the routing iinformation of DPI equipment, the state information of DPI equipment, the recognition result information of DPI equipment, the flow information of DPI equipment, the related information of DPI equipment.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910083189.4A CN101883016B (en) | 2009-05-05 | 2009-05-05 | System and method for generating deep packet inspection equipment linkage strategy |
| PCT/CN2009/073660 WO2010127525A1 (en) | 2009-05-05 | 2009-09-01 | System and method for generating the linkage strategy of deep packet inspection devices |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910083189.4A CN101883016B (en) | 2009-05-05 | 2009-05-05 | System and method for generating deep packet inspection equipment linkage strategy |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101883016A true CN101883016A (en) | 2010-11-10 |
| CN101883016B CN101883016B (en) | 2014-11-05 |
Family
ID=43049936
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200910083189.4A Active CN101883016B (en) | 2009-05-05 | 2009-05-05 | System and method for generating deep packet inspection equipment linkage strategy |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN101883016B (en) |
| WO (1) | WO2010127525A1 (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102752384A (en) * | 2012-06-29 | 2012-10-24 | 安科智慧城市技术(中国)有限公司 | Linkage processing method and device of equipment information |
| CN103888307A (en) * | 2012-12-20 | 2014-06-25 | 中国电信股份有限公司 | Method, user side board card and broadband access gateway used for optimizing deep packet detection |
| CN107645502A (en) * | 2017-09-20 | 2018-01-30 | 新华三信息安全技术有限公司 | A kind of message detecting method and device |
| CN111355610A (en) * | 2020-02-25 | 2020-06-30 | 网宿科技股份有限公司 | Exception handling method and device based on edge network |
| CN112187498A (en) * | 2019-07-03 | 2021-01-05 | 中国电信股份有限公司 | Bypass protection method, device and system thereof and Deep Packet Inspection (DPI) system |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101399749B (en) * | 2007-09-27 | 2012-04-04 | 华为技术有限公司 | Method, system and device for packet filtering |
| CN101420367B (en) * | 2007-10-24 | 2011-05-11 | 中国电信股份有限公司 | P2P flow control system and method |
| CN101286937B (en) * | 2008-05-16 | 2011-01-05 | 成都市华为赛门铁克科技有限公司 | Network flow control method, device and system |
| CN101350781A (en) * | 2008-07-31 | 2009-01-21 | 成都市华为赛门铁克科技有限公司 | Method, equipment and system for monitoring flux |
-
2009
- 2009-05-05 CN CN200910083189.4A patent/CN101883016B/en active Active
- 2009-09-01 WO PCT/CN2009/073660 patent/WO2010127525A1/en active Application Filing
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102752384A (en) * | 2012-06-29 | 2012-10-24 | 安科智慧城市技术(中国)有限公司 | Linkage processing method and device of equipment information |
| CN103888307A (en) * | 2012-12-20 | 2014-06-25 | 中国电信股份有限公司 | Method, user side board card and broadband access gateway used for optimizing deep packet detection |
| CN107645502A (en) * | 2017-09-20 | 2018-01-30 | 新华三信息安全技术有限公司 | A kind of message detecting method and device |
| CN112187498A (en) * | 2019-07-03 | 2021-01-05 | 中国电信股份有限公司 | Bypass protection method, device and system thereof and Deep Packet Inspection (DPI) system |
| CN112187498B (en) * | 2019-07-03 | 2022-09-06 | 中国电信股份有限公司 | Bypass protection method, device and system thereof and Deep Packet Inspection (DPI) system |
| CN111355610A (en) * | 2020-02-25 | 2020-06-30 | 网宿科技股份有限公司 | Exception handling method and device based on edge network |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101883016B (en) | 2014-11-05 |
| WO2010127525A1 (en) | 2010-11-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108259367B (en) | Service-aware flow strategy customization method based on software defined network | |
| CN101115013B (en) | Method of providing resource admission control | |
| US8090820B2 (en) | Distributed traffic analysis | |
| CN101883016B (en) | System and method for generating deep packet inspection equipment linkage strategy | |
| CN106105115A (en) | The service chaining originated by service node in network environment | |
| CN104320358A (en) | QoS (Quality of Service) business control method in power telecommunication net | |
| CN104521199A (en) | Adaptive infrastructure for distributed virtual switch | |
| CN104023082B (en) | Method for achieving cluster load balance | |
| CN106161053A (en) | A kind of SDN controller QoS manages system and method | |
| US9571346B2 (en) | Fault tolerant communication system, method, and device that uses tree searching | |
| CN105917701A (en) | Internetworking between radio resource management and spectrum controller | |
| CN108494625A (en) | A kind of analysis system on network performance evaluation | |
| CN100459514C (en) | Method and device for controlling close ring feedback in IP network service quality management system | |
| CN102480503B (en) | P2P (peer-to-peer) traffic identification method and P2P traffic identification device | |
| US10027557B2 (en) | Method for transmitting data streams through a telecommunication network | |
| CN111756642A (en) | Network traffic scheduling system and method based on DPI and machine learning | |
| US8949412B2 (en) | Method for management of data stream exchanges in an autonomic telecommunications network | |
| CN102724193B (en) | Control method aiming at streaming service survivability in IP (Internet protocol) network environment | |
| CN101048983A (en) | Method and device for optimising the capacity of a communication network | |
| KR101709922B1 (en) | Method, system and computer readable medium for analysing application contents | |
| WO2020215504A1 (en) | Method for implementing requirement defined network and network architecture | |
| CN106686034A (en) | CDN scheduling enhancement method, CDN scheduling enhancement device and CDN scheduling enhancement system | |
| CN115987794A (en) | SD-WAN-based intelligent distribution method | |
| CN108418724B (en) | Next-generation key message infrastructure network intelligent management system based on cloud computing | |
| CN117155803B (en) | Multi-level scene-oriented router and adaptive optimization method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20201201 Address after: East side of Xizhi Road, group 18, Shengli village, Shaxi Town, Taicang City, Suzhou City, Jiangsu Province Patentee after: Suzhou Jiaqian Textile Technology Co.,Ltd. Address before: 518000 Baoan District Xin'an street, Shenzhen, Guangdong, No. 625, No. 625, Nuo platinum Plaza, Patentee before: SHENZHEN SHANGGE INTELLECTUAL PROPERTY SERVICE Co.,Ltd. Effective date of registration: 20201201 Address after: 518000 Baoan District Xin'an street, Shenzhen, Guangdong, No. 625, No. 625, Nuo platinum Plaza, Patentee after: SHENZHEN SHANGGE INTELLECTUAL PROPERTY SERVICE Co.,Ltd. Address before: 518057 Nanshan District Guangdong high tech Industrial Park, South Road, science and technology, ZTE building, Ministry of Justice Patentee before: ZTE Corp. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20221212 Address after: Room 01, building 13, No.1, Zhaoyan Road, Shaxi Town, Taicang City, Jiangsu Province Patentee after: Suzhou Xineng Environmental Protection Technology Co.,Ltd. Address before: East side of Xizhi Road, group 18, Shengli village, Shaxi Town, Taicang City, Suzhou City, Jiangsu Province Patentee before: Suzhou Jiaqian Textile Technology Co.,Ltd. |
|
| TR01 | Transfer of patent right |