CN114301772A - Flow control method and device, electronic equipment and readable medium - Google Patents
Flow control method and device, electronic equipment and readable medium Download PDFInfo
- Publication number
- CN114301772A CN114301772A CN202111625042.0A CN202111625042A CN114301772A CN 114301772 A CN114301772 A CN 114301772A CN 202111625042 A CN202111625042 A CN 202111625042A CN 114301772 A CN114301772 A CN 114301772A
- Authority
- CN
- China
- Prior art keywords
- client
- flow
- flow control
- traffic
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 49
- 238000011217 control strategy Methods 0.000 claims abstract description 33
- 238000004891 communication Methods 0.000 claims description 33
- 230000009849 deactivation Effects 0.000 claims description 10
- 238000004590 computer program Methods 0.000 claims description 9
- 238000005336 cracking Methods 0.000 abstract description 4
- 238000010586 diagram Methods 0.000 description 11
- 230000006870 function Effects 0.000 description 7
- 230000003287 optical effect Effects 0.000 description 7
- 230000008569 process Effects 0.000 description 5
- 230000009471 action Effects 0.000 description 3
- 238000004458 analytical method Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 238000012512 characterization method Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 238000000926 separation method Methods 0.000 description 1
Images
Landscapes
- Telephonic Communication Services (AREA)
Abstract
The application provides a flow control method, a flow control device, electronic equipment and a readable medium. The method comprises the following steps: receiving a policy configuration request sent by a client, wherein the policy configuration request comprises a client identifier of the client and target traffic identification information, and the target traffic identification information is used for identifying traffic data to be controlled; configuring a flow control strategy aiming at the client in the flow control equipment according to the target flow identification information; acquiring flow data sent to a client; and controlling the flow data through the flow control equipment according to the flow control strategy corresponding to the client identification. The method solves the compatibility problem of terminal software, has wider application range, does not need to install software on the terminal, and therefore, the control failure caused by the technical means cracking on the terminal can be avoided, and the safety and the stability of the scheme are improved.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to a flow control method and apparatus, an electronic device, and a readable medium.
Background
With the active advance of speed-up and cost-reduction work of domestic communication operators in recent years, high-speed fixed broadband and mobile networks have already benefited thousands of households, and bring various convenience in daily life and work and study. At the same time, however, the ubiquitous internet access has spawned another customer need that users expect to be able to block certain types of internet applications to a limited extent in certain scenarios. For example, parents desire children to reduce network abuse and enthusiasm, and businesses desire to reduce the online behavior of employees using office computers for unrelated work.
In the related art, management software is usually installed on an operating system of a controlled user terminal to perform background control.
However, such schemes have software compatibility requirements for the terminal, and because the software is installed on the terminal, the situation that the software can be cracked through technical means exists, and the problems of safety and stability exist.
Disclosure of Invention
Based on the technical problems, the application provides a flow control method, a flow control device, an electronic device and a readable medium, so as to solve the compatibility problem of terminal software, have a wider application range, and do not need to install software on a terminal, so that control failure caused by technical means cracking on the terminal is avoided, and the safety and stability of the scheme are improved.
Other features and advantages of the present application will be apparent from the following detailed description, or may be learned by practice of the application.
According to an aspect of an embodiment of the present application, there is provided a traffic control method applied to an operator system, where the operator system includes a traffic control device, the method including:
receiving a policy configuration request sent by a client, wherein the policy configuration request comprises a client identifier of the client and target traffic identification information, and the target traffic identification information is used for identifying traffic data to be controlled;
configuring a flow control strategy aiming at a client in the flow control equipment according to the target flow identification information;
acquiring flow data sent to the client;
and controlling the flow data according to the flow control strategy corresponding to the client identification through the flow control equipment.
In some embodiments of the present application, based on the above technical solution, configuring, in the traffic control device, a traffic control policy for a client according to the target traffic identification information includes:
acquiring a target application identifier and a control operation from the target traffic identification information, wherein the target application identifier is used for identifying identification information of a controlled application, and the control operation is used for indicating a processing operation on traffic data;
and generating a flow control strategy according to the client identification, the target application identification and the control operation, and storing the flow control strategy into the flow control equipment.
In some embodiments of the present application, based on the above technical solution, the operator system further includes an access concentrator and a network server, and before the receiving a policy configuration request sent by a client, the method further includes:
receiving a starting control request sent by the client;
establishing a communication tunnel corresponding to the client between the access concentrator and the network server according to the starting control request, wherein the access concentrator is used for communicating with the client, and the network server is used for communicating with an application service server and the flow control equipment;
and sending a dialing message corresponding to the communication tunnel to the flow control equipment so that the flow control strategy establishes the corresponding relation between the client identification and the network address according to the dialing message.
In some embodiments of the present application, based on the above technical solutions, the acquiring traffic data sent to the client includes:
copying the data transmitted through the communication tunnel to obtain mirror image flow data;
and sending the mirror image flow data to the flow control equipment.
In some embodiments of the application, based on the above technical solution, the performing, by the traffic control device, traffic control on the traffic data according to the traffic control policy corresponding to the client identifier includes:
acquiring a corresponding client identifier according to the network address in the flow data;
carrying out application flow characteristic recognition on the flow data, and determining a target application identifier corresponding to the flow data;
acquiring a corresponding flow control strategy according to the client identifier and the target application identifier;
and processing the flow data according to the control operation in the corresponding flow control strategy.
In some embodiments of the present application, based on the above technical solutions, the method further includes:
receiving a strategy deactivation request sent by a client, wherein the strategy deactivation request comprises a client identifier of the client and target flow identification information, and the target flow identification information is used for identifying flow data to be controlled;
determining a corresponding control strategy to be deactivated according to the client identification and the target flow identification information;
deleting the control strategy to be deactivated in the flow control device.
In some embodiments of the present application, based on the above technical solutions, the method further includes:
receiving a stop control request sent by the client;
and closing a communication tunnel corresponding to the client terminal and established between the access concentrator and the network server according to the stop control request.
According to an aspect of an embodiment of the present application, there is provided a flow control apparatus applied to an operator system, the operator system including a flow control device, the apparatus including:
the system comprises a configuration request module, a configuration request module and a control module, wherein the configuration request module is used for receiving a policy configuration request sent by a client, the policy configuration request comprises a client identifier of the client and target flow identification information, and the target flow identification information is used for identifying flow data to be controlled;
a policy configuration module, configured to configure, in the traffic control device, a traffic control policy for a client according to the target traffic identification information;
the flow acquisition module is used for acquiring flow data sent to the client;
and the flow control module is used for controlling the flow of the flow data through the flow control equipment according to the flow control strategy corresponding to the client identification.
According to an aspect of an embodiment of the present application, there is provided an electronic apparatus including: a processor; and a memory for storing executable instructions for the processor; wherein the processor is configured to execute the flow control method as in the above technical solution via executing the executable instructions.
According to an aspect of the embodiments of the present application, there is provided a computer-readable storage medium having stored thereon a computer program, which when executed by a processor implements a flow control method as in the above technical solutions.
In an embodiment of the present application, a traffic control policy is configured within a traffic control device of an operator network according to a policy configuration request provided by a user, and traffic data of a client is controlled by the traffic control device according to the traffic control policy. Because the flow control equipment is provided and managed by an operator, the compatibility problem of terminal software is solved, the application range is wider, and the software does not need to be installed on the terminal, so that the control failure caused by the technical means cracking on the terminal can be avoided, and the safety and the stability of the scheme are improved.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present application and together with the description, serve to explain the principles of the application. It is obvious that the drawings in the following description are only some embodiments of the application, and that for a person skilled in the art, other drawings can be derived from them without inventive effort.
In the drawings:
FIG. 1 schematically illustrates an exemplary system architecture diagram of aspects of the present application in one application scenario;
FIG. 2 is a schematic flow chart of a flow control method in an embodiment of the present application;
FIG. 3 is a block diagram schematically illustrating the components of a flow control device in an embodiment of the present application;
FIG. 4 illustrates a schematic structural diagram of a computer system suitable for use in implementing the electronic device of an embodiment of the present application.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art.
Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough understanding of embodiments of the application. One skilled in the relevant art will recognize, however, that the subject matter of the present application can be practiced without one or more of the specific details, or with other methods, components, devices, steps, and so forth. In other instances, well-known methods, devices, implementations, or operations have not been shown or described in detail to avoid obscuring aspects of the application.
The block diagrams shown in the figures are functional entities only and do not necessarily correspond to physically separate entities. I.e. these functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor means and/or microcontroller means.
The flow charts shown in the drawings are merely illustrative and do not necessarily include all of the contents and operations/steps, nor do they necessarily have to be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the actual execution sequence may be changed according to the actual situation.
It should be understood that the solution of the present application can be applied in an internet environment, and in particular in a scenario where an operator provides flow control. Specifically, in this scenario, a manager (e.g., a company or a home, etc.) providing a network environment may make a flow control request to an operator, and specifically specify a specific application, an application type, or a limitation (e.g., a time period limitation), etc. that is desired to be controlled. The operator establishes a specific communication tunnel for the managed user when the user logs in the connection network, and identifies and controls traffic data passing through the communication tunnel to control the traffic according to the requirements provided previously. Specifically, for example, in a home environment, a parent may request the operator to restrict the traffic of gaming applications or video applications played by his network account or to restrict the traffic of all gaming class applications. The carrier system establishes a communication tunnel for the user and filters the network traffic of the communication tunnel to screen out the designated game applications or identify all game application traffic and perform corresponding control (e.g., pass or block).
The following describes an application scenario in which the scheme in the embodiment of the present application may be applied. For ease of introduction, referring to fig. 1, fig. 1 schematically illustrates an exemplary system architecture diagram of aspects of the present application in one application scenario. As shown in fig. 1, in this scenario, the terminal devices of the controlled personnel are connected to the backbone network of the metropolitan area network through a fixed broadband or mobile network. The network link includes gateway apparatus 110, optical modem apparatus 120, LNS apparatus 130, switch 140, flow control apparatus 150, core router 160, and traffic system 170 and dispatch server 180 of the management side. LNS device 130, switch 140, flow control device 150, core router 160, and service system 170 and dispatch server 180 of the management side together form an operator system. In this scenario, a manager provisions a flow control service through service system 170 and issues control requirements to dispatch server 180. Dispatch server 180 may then configure a flow control policy to flow control device 150 based on the received control requirements. The controlled user may be connected to the backbone network through a base station and gateway device 110 via a mobile terminal such as a mobile phone, or through a computer or the like via a modem device 120 or the like. Upon controlled user login, the operator network may establish a communication tunnel between the LNS device 120 and the gateway device 110 or the optical modem device 120. In the process of performing flow control, the switch 140 may mirror the flow in the communication tunnel to the flow control device 150, so that the flow control device 150 recognizes the flow data that needs to be controlled, and performs a corresponding flow control operation.
The technical solutions provided in the present application are described in detail below with reference to specific embodiments. For convenience of introduction, please refer to fig. 2, and fig. 2 is a schematic flow chart of a flow control method according to an embodiment of the present application. The method may be applied to the operator system of the above system architecture, and the operator system comprises the flow control device. In the embodiment of the present application, a flow control method is described with a computer device of an operator system as an execution subject, and the flow control method may include the following steps S210 to S240:
step S210, receiving a policy configuration request sent by a client, where the policy configuration request includes a client identifier of the client and target traffic identification information, and the target traffic identification information is used to identify traffic data to be controlled.
The user sets information on the traffic to be controlled on the client, generates a policy configuration request, and transmits the policy configuration request to the provider system. And the supplier system receives a policy configuration request sent by the client, wherein the policy configuration request comprises the client identification and the target flow identification information of the client. The customer identification is typically identification information of an account registered by the user at the operator, such as a mobile phone number or the like. The target traffic identification information is information for identifying target traffic data to be controlled, and in the case of controlling video traffic, for example, the target traffic identification information is traffic data indicating all the content containing video. The target traffic identification information may be identification information such as the name of the application.
In an embodiment of the present application, the operator system further includes an access concentrator and a network server, and before receiving the policy configuration request sent by the client, the method further includes: receiving a starting control request sent by the client; establishing a communication tunnel corresponding to the client between the access concentrator and the network server according to the starting control request, wherein the access concentrator is used for communicating with the client, and the network server is used for communicating with an application service server and the flow control equipment; and sending a dialing message corresponding to the communication tunnel to the flow control equipment so that the flow control strategy establishes the corresponding relation between the client identification and the network address according to the dialing message. Specifically, in this embodiment, the operator system may establish a communication tunnel for the client, so as to separate the traffic data of the client from the traffic data of other clients, so as to facilitate subsequent acquisition of the traffic data and flow control. The start control request may be initiated automatically by the client during the network connection, e.g. automatically by the user when making a network connection. Specifically, the communication tunnel may be based on a VPDN tunnel technology, and for each controlled client, dialing is initiated on a gateway side of an access operator system of the controlled client, an independent two-layer tunnel is established to connect to a dedicated LNS, an independent IP address is allocated to the client after authentication is passed, and user traffic is further forwarded from the LNS to subsequent application traffic identification and control equipment, so that traffic separation is achieved, and information sent through the tunnel during and after tunnel establishment is sent in a dial message form. It will be appreciated that the centralized accessor may be different in different types of networks, for example, in a 4G mobile network, the gateway device acts as a centralized accessor; in a 5G mobile network, a user plane function device is used as a centralized accessor; in the fixed network broadband, the optical modem is used as a centralized accessor. The network server is typically a broadband access server or a multi-service edge device. The centralized accessor initiates an L2TP VPDN connection to the network server (one tunnel is initiated independently for each user). After the tunnel is established, the terminal IP address of the user is assigned by the network server.
Step S220, configuring a flow control policy for the client in the flow control device according to the target flow identification information.
Specifically, in the operator system, after receiving the policy configuration request, the front-end service system forwards the request to the scheduling server. The scheduling server configures a flow control policy for the client in the flow control device according to the target flow identification information in the policy configuration request. The flow control policy typically includes a client identification, a target application to be controlled, and an action that needs to be controlled. One or more flow control policies may be configured for each client.
In an embodiment of the present application, the process of configuring the traffic control policy for the client in the traffic control device according to the target traffic identification information may include the following steps: and the operator system acquires a target application identifier and a control operation from the target traffic identification information, wherein the target application identifier is used for identifying the identification information of the controlled application, and the control operation is used for indicating the processing operation on the traffic data, and then generates a traffic control strategy according to the customer identifier, the target application identifier and the control operation and stores the traffic control strategy into the traffic control equipment. The target application identification may be a name of the application or the like that can directly identify the application. The control operations typically include blocking traffic or releasing traffic, and corresponding condition content. According to the client identifier and the target application identifier, one or more policies can be directly determined, and corresponding control is specifically executed according to the control operation corresponding to the policy.
Step S230, obtaining the traffic data sent to the client.
The client accesses the internet through the operator system, and in the accessing process, the operator system acquires the traffic data sent to the client by the service accessed by the client, namely the downlink data of the client.
In an embodiment of the present application, acquiring traffic data sent to the client includes: copying the data transmitted through the communication tunnel to obtain mirror image flow data; and sending the mirror image flow data to the flow control equipment. Specifically, a mirror switch is arranged in a communication tunnel of the client. All traffic data in the communication tunnel is forwarded through the mirror switch. The mirror image exchanger carries out mirror image copy on the data passing through the communication tunnel to obtain mirror image flow data. Then, the mirror switch sends the copied mirror traffic to the flow control device, so that the flow control device identifies the mirror traffic, thereby controlling the traffic data.
Step S240, performing flow control on the flow data according to the flow control policy corresponding to the client identifier through the flow control device.
And carrying out flow control on the flow data sent to the client through the flow control equipment. It will be appreciated that the traffic data sent to the client will include both the traffic data that needs to be controlled and the traffic data that can be released. The flow control device may parse and analyze the flow data to identify flow data in which flow control is desired. Specifically, the traffic data is analyzed, the source network address of the traffic data is obtained, and whether the traffic data belongs to traffic to be controlled is judged according to the domain name corresponding to the source network address or according to the application type or the specific application corresponding to the source network address stored in advance. For example, a source IP address in the traffic data packet is obtained, and then whether the traffic data is from a video website or a server for providing a game service is determined according to a domain name corresponding to the source IP address.
In an embodiment of the present application, performing, by the traffic control device, traffic control on the traffic data according to the traffic control policy corresponding to the client identifier includes: acquiring a corresponding client identifier according to the network address in the flow data; carrying out application flow characteristic recognition on the flow data, and determining a target application identifier corresponding to the flow data; acquiring a corresponding flow control strategy according to the client identifier and the target application identifier; and processing the flow data according to the control operation in the corresponding flow control strategy. In particular, the network address may be an IP address assigned to the user. The service number (such as a mobile phone number or a broadband account number) registered in the operator can be traced back according to the IP address. Based on the analysis of Accounting-Request message in Radius protocol, the IP address and service number of user are extracted from AVP (key-value pair). The flow control equipment can analyze the copy flow from the mirror image switch and backtrack the corresponding customer identification for subsequent policy control.
Application traffic characterization may be performed by the flow control device or by the mirroring switch. The equipment has the capability of disassembling the IP messages layer by layer. For example, an HTTP packet is disassembled layer by layer, and it can be determined that the HTTP packet is a TCP protocol and a source port and a destination port at layer 4, and information such as a URL, a request header, a request method, and the like can be acquired at layer 5. Through software program configuration, a message feature library of various applications is predefined, and when a message meeting the rules is detected, the message is marked as a certain application. The granularity of message feature library configuration determines the granularity of message sorting. In addition, according to the continuous analysis and recording of a series of messages, deeper information can be analyzed from the messages. For example, based on the tracking of DNS interaction, the correspondence data between the domain name and the IP may be recorded, and based on the data, other TCP packets may be labeled according to domain name classification.
In an embodiment of the present application, a traffic control policy is configured within a traffic control device of an operator network according to a policy configuration request provided by a user, and traffic data of a client is controlled by the traffic control device according to the traffic control policy. Because the flow control equipment is provided and managed by an operator, the compatibility problem of terminal software does not need to be considered, the application range is wider, and the software does not need to be installed on the terminal, so that the control failure caused by the cracking of the terminal by technical means can be avoided, and the safety and the stability of the scheme are improved.
In one embodiment of the present application, the flow control method further includes: receiving a strategy deactivation request sent by a client, wherein the strategy deactivation request comprises a client identifier of the client and target flow identification information, and the target flow identification information is used for identifying flow data to be controlled; determining a corresponding control strategy to be deactivated according to the client identification and the target flow identification information; deleting the control strategy to be deactivated in the flow control device. The client identification and target traffic identification information included in the policy deactivation request may directly determine the flow control policy that is intended to be deactivated. The service system informs the scheduling server to perform policy stopping. The scheduling server configures the flow control device to delete or deactivate the specified flow control policy.
In one embodiment of the present application, the flow control method further includes: receiving a stop control request sent by the client; and closing a communication tunnel corresponding to the client terminal and established between the access concentrator and the network server according to the stop control request. The operator system may inform the scheduling server to stop traffic control to the client through the service system. The operator system will disconnect the previously established communication tunnel and inform the traffic control device to delete the policy content associated with the client.
It should be noted that although the various steps of the methods in this application are depicted in the drawings in a particular order, this does not require or imply that these steps must be performed in this particular order, or that all of the shown steps must be performed, to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step execution, and/or one step broken down into multiple step executions, etc.
The following describes an implementation of the apparatus of the present application, which may be used to implement the flow control method in the above-described embodiments of the present application. Fig. 3 schematically shows a block diagram of a flow control device in an embodiment of the present application. As shown in fig. 3, the flow control apparatus 300 is applied to an operator system including a flow control device, and the apparatus may mainly include:
a configuration request module 310, configured to receive a policy configuration request sent by a client, where the policy configuration request includes a client identifier of the client and target traffic identification information, and the target traffic identification information is used to identify traffic data to be controlled;
a policy configuration module 320, configured to configure, in the traffic control device, a traffic control policy for the client according to the target traffic identification information;
a traffic obtaining module 330, configured to obtain traffic data sent to the client;
a flow control module 340, configured to perform flow control on the flow data according to the flow control policy corresponding to the client identifier through the flow control device.
In some embodiments of the present application, based on the above technical solutions, the policy configuration module 320 includes:
an identification acquisition unit configured to acquire, from the target traffic identification information, a target application identification for identifying identification information of an application under control and a control operation for instructing a processing operation performed on traffic data;
and the policy generation unit is used for generating a flow control policy according to the client identifier, the target application identifier and the control operation and storing the flow control policy into the flow control equipment.
In some embodiments of the present application, based on the above technical solution, the operator system further includes an access concentrator and a web server, and the flow control apparatus 300 further includes:
a control request receiving module, configured to receive a start control request sent by the client;
a tunnel establishing module, configured to establish a communication tunnel corresponding to the client between the access concentrator and the web server according to the start control request, where the access concentrator is configured to communicate with the client, and the web server is configured to communicate with an application service server and the flow control device;
and the message sending module is used for sending the dialing message corresponding to the communication tunnel to the flow control equipment so that the flow control strategy establishes the corresponding relation between the client identifier and the network address according to the dialing message.
In some embodiments of the present application, based on the above technical solutions, the traffic obtaining module 330 includes:
the mirror image copying unit is used for copying the data transmitted through the communication tunnel to obtain mirror image flow data;
and the mirror image flow sending unit is used for sending the mirror image flow data to the flow control equipment.
In some embodiments of the present application, based on the above technical solutions, the flow control module 340 includes:
the identification obtaining unit is used for obtaining a corresponding client identification according to the network address in the flow data;
the flow identification unit is used for carrying out application flow characteristic identification on the flow data and determining a target application identifier corresponding to the flow data;
a policy obtaining unit, configured to obtain a corresponding flow control policy according to the client identifier and the target application identifier;
and the control processing unit is used for processing the flow data according to the control operation in the corresponding flow control strategy.
In some embodiments of the present application, based on the above technical solutions, the flow control apparatus 300 further includes:
a deactivation request receiving module, configured to receive a policy deactivation request sent by a client, where the policy deactivation request includes a client identifier of the client and target traffic identification information, and the target traffic identification information is used to identify traffic data to be controlled;
the shutdown strategy determining module is used for determining a corresponding control strategy to be shutdown according to the client identification and the target flow identification information;
and the strategy deleting module is used for deleting the control strategy to be deactivated in the flow control equipment.
In some embodiments of the present application, based on the above technical solutions, the flow control apparatus 300 further includes:
the stop control receiving module is used for receiving a stop control request sent by the client;
a tunnel closing module, configured to close a communication tunnel corresponding to the client, which is established between the access concentrator and the network server, according to the stop control request.
It should be noted that the apparatus provided in the foregoing embodiment and the method provided in the foregoing embodiment belong to the same concept, and the specific manner in which each module performs operations has been described in detail in the method embodiment, and is not described again here.
FIG. 4 illustrates a schematic structural diagram of a computer system suitable for use in implementing the electronic device of an embodiment of the present application.
It should be noted that the computer system 400 of the electronic device shown in fig. 4 is only an example, and should not bring any limitation to the functions and the scope of the application of the embodiments.
As shown in fig. 4, the computer system 400 includes a Central Processing Unit (CPU)401 that can perform various appropriate actions and processes according to a program stored in a Read-Only Memory (ROM) 402 or a program loaded from a storage section 408 into a Random Access Memory (RAM) 403. In the RAM 403, various programs and data necessary for system operation are also stored. The CPU 401, ROM 402, and RAM 403 are connected to each other via a bus 404. An Input/Output (I/O) interface 405 is also connected to the bus 404.
The following components are connected to the I/O interface 405: an input section 406 including a keyboard, a mouse, and the like; an output section 407 including a Display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and a speaker; a storage section 408 including a hard disk and the like; and a communication section 409 including a Network interface card such as a LAN (Local Area Network) card, a modem, or the like. The communication section 409 performs communication processing via a network such as the internet. A driver 410 is also connected to the I/O interface 405 as needed. A removable medium 411 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 410 as necessary, so that a computer program read out therefrom is mounted into the storage section 408 as necessary.
In particular, according to embodiments of the present application, the processes described in the various method flowcharts may be implemented as computer software programs. For example, embodiments of the present application include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated by the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 409, and/or installed from the removable medium 411. The computer program executes various functions defined in the system of the present application when executed by a Central Processing Unit (CPU) 401.
It should be noted that the computer readable medium shown in the embodiments of the present application may be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a Read-Only Memory (ROM), an Erasable Programmable Read-Only Memory (EPROM), a flash Memory, an optical fiber, a portable Compact Disc Read-Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present application, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In this application, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
It should be noted that although in the above detailed description several modules or units of the device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit, according to embodiments of the application. Conversely, the features and functions of one module or unit described above may be further divided into embodiments by a plurality of modules or units.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiments of the present application can be embodied in the form of a software product, which can be stored in a non-volatile storage medium (which can be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which can be a personal computer, a server, a touch terminal, or a network device, etc.) to execute the method according to the embodiments of the present application.
Other embodiments of the present application will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains.
It will be understood that the present application is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the application is limited only by the appended claims.
Claims (10)
1. A flow control method applied to an operator system, the operator system including a flow control device, the method comprising:
receiving a policy configuration request sent by a client, wherein the policy configuration request comprises a client identifier of the client and target traffic identification information, and the target traffic identification information is used for identifying traffic data to be controlled;
configuring a flow control strategy aiming at a client in the flow control equipment according to the target flow identification information;
acquiring flow data sent to the client;
and controlling the flow data according to the flow control strategy corresponding to the client identification through the flow control equipment.
2. The method according to claim 1, wherein the configuring, in the traffic control device, a traffic control policy for a client according to the target traffic identification information includes:
acquiring a target application identifier and a control operation from the target traffic identification information, wherein the target application identifier is used for identifying identification information of a controlled application, and the control operation is used for indicating a processing operation on traffic data;
and generating a flow control strategy according to the client identification, the target application identification and the control operation, and storing the flow control strategy into the flow control equipment.
3. The method of claim 1, wherein the operator system further comprises an access concentrator and a network server, and wherein before receiving the policy configuration request sent by the client, the method further comprises:
receiving a starting control request sent by the client;
establishing a communication tunnel corresponding to the client between the access concentrator and the network server according to the starting control request, wherein the access concentrator is used for communicating with the client, and the network server is used for communicating with an application service server and the flow control equipment;
and sending a dialing message corresponding to the communication tunnel to the flow control equipment so that the flow control strategy establishes the corresponding relation between the client identification and the network address according to the dialing message.
4. The method of claim 3, wherein the obtaining traffic data sent to the client comprises:
copying the data transmitted through the communication tunnel to obtain mirror image flow data;
and sending the mirror image flow data to the flow control equipment.
5. The method of claim 3, wherein said flow controlling said flow data according to said flow control policy corresponding to said customer identification by said flow control device comprises:
acquiring a corresponding client identifier according to the network address in the flow data;
carrying out application flow characteristic recognition on the flow data, and determining a target application identifier corresponding to the flow data;
acquiring a corresponding flow control strategy according to the client identifier and the target application identifier;
and processing the flow data according to the control operation in the corresponding flow control strategy.
6. The method of claim 1, further comprising:
receiving a strategy deactivation request sent by a client, wherein the strategy deactivation request comprises a client identifier of the client and target flow identification information, and the target flow identification information is used for identifying flow data to be controlled;
determining a corresponding control strategy to be deactivated according to the client identification and the target flow identification information;
deleting the control strategy to be deactivated in the flow control device.
7. The method of claim 1, further comprising:
receiving a stop control request sent by the client;
and closing a communication tunnel corresponding to the client terminal and established between the access concentrator and the network server according to the stop control request.
8. A flow control apparatus for use in a carrier system, the carrier system including a flow control device, the apparatus comprising:
the system comprises a configuration request module, a configuration request module and a control module, wherein the configuration request module is used for receiving a policy configuration request sent by a client, the policy configuration request comprises a client identifier of the client and target flow identification information, and the target flow identification information is used for identifying flow data to be controlled;
a policy configuration module, configured to configure, in the traffic control device, a traffic control policy for a client according to the target traffic identification information;
the flow acquisition module is used for acquiring flow data sent to the client;
and the flow control module is used for controlling the flow of the flow data through the flow control equipment according to the flow control strategy corresponding to the client identification.
9. An electronic device, comprising:
a processor;
a memory for storing executable instructions of the processor;
wherein the processor is configured to perform the flow control method of any one of claims 1 to 7 via execution of the executable instructions.
10. A computer-readable medium, on which a computer program is stored, which, when being executed by a processor, carries out the flow control method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111625042.0A CN114301772A (en) | 2021-12-28 | 2021-12-28 | Flow control method and device, electronic equipment and readable medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111625042.0A CN114301772A (en) | 2021-12-28 | 2021-12-28 | Flow control method and device, electronic equipment and readable medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114301772A true CN114301772A (en) | 2022-04-08 |
Family
ID=80971460
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111625042.0A Pending CN114301772A (en) | 2021-12-28 | 2021-12-28 | Flow control method and device, electronic equipment and readable medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114301772A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116437349A (en) * | 2023-06-13 | 2023-07-14 | 武汉博易讯信息科技有限公司 | Method, device, equipment and medium for controlling access to mobile network |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120259747A1 (en) * | 2011-04-06 | 2012-10-11 | Telefonaktiebolaget Lm Ericsson (Publ) | Method and apparatus for controlling service traffic in a communication network |
| CN110535777A (en) * | 2019-08-12 | 2019-12-03 | 新华三大数据技术有限公司 | Access request control method, device, electronic equipment and readable storage medium storing program for executing |
| CN110808919A (en) * | 2019-10-21 | 2020-02-18 | 新华三信息安全技术有限公司 | Flow control method and device, network equipment and storage medium |
| CN110868693A (en) * | 2019-11-20 | 2020-03-06 | 深圳传音控股股份有限公司 | Application program flow control method, terminal device and storage medium |
| CN111669337A (en) * | 2020-04-22 | 2020-09-15 | 视联动力信息技术股份有限公司 | Flow control method and device |
| CN113055835A (en) * | 2019-12-10 | 2021-06-29 | 中国电信股份有限公司 | Vehicle-mounted application traffic processing method, device and system |
-
2021
- 2021-12-28 CN CN202111625042.0A patent/CN114301772A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120259747A1 (en) * | 2011-04-06 | 2012-10-11 | Telefonaktiebolaget Lm Ericsson (Publ) | Method and apparatus for controlling service traffic in a communication network |
| CN110535777A (en) * | 2019-08-12 | 2019-12-03 | 新华三大数据技术有限公司 | Access request control method, device, electronic equipment and readable storage medium storing program for executing |
| CN110808919A (en) * | 2019-10-21 | 2020-02-18 | 新华三信息安全技术有限公司 | Flow control method and device, network equipment and storage medium |
| CN110868693A (en) * | 2019-11-20 | 2020-03-06 | 深圳传音控股股份有限公司 | Application program flow control method, terminal device and storage medium |
| CN113055835A (en) * | 2019-12-10 | 2021-06-29 | 中国电信股份有限公司 | Vehicle-mounted application traffic processing method, device and system |
| CN111669337A (en) * | 2020-04-22 | 2020-09-15 | 视联动力信息技术股份有限公司 | Flow control method and device |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116437349A (en) * | 2023-06-13 | 2023-07-14 | 武汉博易讯信息科技有限公司 | Method, device, equipment and medium for controlling access to mobile network |
| CN116437349B (en) * | 2023-06-13 | 2023-09-05 | 武汉博易讯信息科技有限公司 | Method, device, equipment and medium for controlling access to mobile network |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8166538B2 (en) | Unified architecture for remote network access | |
| CN112261172B (en) | Service addressing access method, device, system, equipment and medium | |
| CN112995163B (en) | Authentication method and device for resource access, storage medium and electronic equipment | |
| WO2018064939A1 (en) | Method for disaster recovery of audio and video communication connection, apparatus and system | |
| CN112187532A (en) | Node control method and system | |
| CA3152253A1 (en) | Network cyber-security platform | |
| CN114301772A (en) | Flow control method and device, electronic equipment and readable medium | |
| CN114221959A (en) | Service sharing method, device and system | |
| CN113194099B (en) | Data proxy method and proxy server | |
| CN114268938A (en) | Method, device, equipment and storage medium for managing user front equipment | |
| CN115189897A (en) | Access processing method and device for zero trust network, electronic equipment and storage medium | |
| US7805733B2 (en) | Software implementation of hardware platform interface | |
| CN112350982B (en) | Resource authentication method and device | |
| RU2587421C2 (en) | Method of accessing logic network systems using software service requests | |
| CN114205902A (en) | Response method and device for discovery request in 5G network, electronic equipment and medium | |
| CN109218415B (en) | Distributed node management method, node and storage medium | |
| CN112787947A (en) | Network service processing method, system and gateway equipment | |
| CN114826920B (en) | Network slice opening method, device, equipment and storage medium | |
| US11799856B2 (en) | Application identification | |
| CN115150170B (en) | Security policy configuration method, device, electronic equipment and storage medium | |
| US20220377105A1 (en) | Intelligent orchestration to combat denial of service attacks | |
| CN113271285B (en) | Method and device for accessing network | |
| CN116545777B (en) | User category switching method and device, storage medium and electronic equipment | |
| CN114143048B (en) | Method, device and storage medium for managing safety resources | |
| CN116801372A (en) | Data transmission method, system and device of virtual network group and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |