TWI730925B - Time management system based on software defined network and method thereof - Google Patents

Time management system based on software defined network and method thereof Download PDF

Info

Publication number
TWI730925B
TWI730925B TW109139528A TW109139528A TWI730925B TW I730925 B TWI730925 B TW I730925B TW 109139528 A TW109139528 A TW 109139528A TW 109139528 A TW109139528 A TW 109139528A TW I730925 B TWI730925 B TW I730925B
Authority
TW
Taiwan
Prior art keywords
network
time
terminal device
service
timeout
Prior art date
Application number
TW109139528A
Other languages
Chinese (zh)
Other versions
TW202220413A (en
Inventor
朱煜煌
張哲瑋
鄭凱懋
李明峰
劉景豊
Original Assignee
中華電信股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中華電信股份有限公司 filed Critical 中華電信股份有限公司
Priority to TW109139528A priority Critical patent/TWI730925B/en
Application granted granted Critical
Publication of TWI730925B publication Critical patent/TWI730925B/en
Publication of TW202220413A publication Critical patent/TW202220413A/en

Links

Images

Abstract

The present invention is a time management system based on a software-defined network and method thereof. A network controller predefines the time range of network access in a service and defines information of legal terminal equipment through a network controller, thereby the network controller controls the network access time of legal terminal equipment. The network controller also provides network access that can be combined with an external authentication mechanism outside of the control time, so as to meet the demand for network access in non-time control. In the present invention, the network controller is used to control the rules on the network switch to limit the network access time of legal terminal equipment, it can be effectively limit the network access time and management control mechanism of legal terminal equipment, and combine the authentication mechanism to increase network security in the control domain.

Description

基於軟體定義網路之網路時間管理系統及其方法 Network time management system and method based on software-defined network

本發明係關於網路時間管理之技術,尤指一種基於軟體定義網路之網路時間管理系統及其方法。 The present invention relates to the technology of network time management, in particular to a network time management system and method based on a software-defined network.

當談及網路安全管控的時候,以現在複雜的資訊安全環境來說,往往已經難以定義網路安全所包含的面向,但是從技術面來看,網路時間管理是目前最直接的網路安全管理方法之一。對企業而言,普遍的威脅來自於使用者連線網路可能帶來的木馬或惡意程式,另一個則是使用者自行帶入的設備,造成同樣的病毒威脅,然而不論哪一種情況,如果能對設備的網路使用導入時間管控,將可降低企業內網的威脅。 When it comes to network security management and control, in the current complex information security environment, it is often difficult to define the aspects of network security, but from a technical point of view, network time management is currently the most direct network. One of the safety management methods. For enterprises, the common threat comes from Trojan horses or malicious programs that may be brought by users connecting to the Internet, and the other is a device brought by users themselves, causing the same virus threat. However, in either case, if The introduction of time management and control over the network usage of the equipment will reduce the threat of the corporate intranet.

在一現有技術中,台灣專利第I353137號「網路連線時間管理方法及其系統」之專利揭示,當客戶端要求取得連線時,依照客戶端的身份資料抓取預設的限制上網時段,並就目前要求連線的時間比對預先儲存時間管理的連線限制時段,確認目前是否落入於限制時段中,若是,即限制客戶端上網,反之,則令客戶進行一般上網,之後,再週期性地監控連線中的客戶端的連線時間是否已達或超過限制時段,再自動決定限制或開放上網。該案的時間管理機制分為三 種:立即限制、立即上網以及時間設定,然而此機制是搭配網際網路服務供應商(ISP)的帳號來進行管理,相較於企業網路是乙太網路隨插即用(Ethernet Plug-n-Play)特性,此時間管理機制無法應用於企業區域網路;另外,此機制的管控網路方式是將「目的」IP位址屬於要禁止上網的用戶封包丟棄,達到無法使用網路目的,然而此方式無法第一時間就將「來源」IP位址屬於要禁止上網的用戶封包丟棄,造成網路中存在許多無效「來源」IP位址封包,占用網路頻寬資源。 In a prior art, the patent of Taiwan Patent No. I353137 "Internet Connection Time Management Method and System" discloses that when a client requests to obtain a connection, the client’s identity data is used to capture the preset restricted Internet time period. And compare the current requested connection time with the pre-stored time management connection restriction time period to confirm whether the current time falls within the restricted time period. If it is, the client is restricted from accessing the Internet. Otherwise, the client is allowed to go online. Periodically monitor whether the connection time of the connected client has reached or exceeded the restricted period, and then automatically decide to restrict or open the Internet. The time management mechanism of the case is divided into three Types: immediate restriction, immediate access to the Internet, and time setting. However, this mechanism is managed with an Internet service provider (ISP) account. Compared with the corporate network, it is Ethernet Plug-and-Play (Ethernet Plug-and-Play). n-Play) feature, this time management mechanism cannot be applied to the corporate local area network; in addition, the network control method of this mechanism is to discard the "destination" IP address belonging to the user's packet that is forbidden to access the Internet, so as to achieve the purpose of unable to use the network However, this method cannot immediately discard the packets with the "source" IP address belonging to users who want to prohibit Internet access, resulting in many invalid "source" IP address packets on the network, occupying network bandwidth resources.

對於行動終端的時間管控,另一現有技術提出「移動終端上網時間的管控方法」專利(CN103825898A),其中,由管理者在服務平台開立用戶帳號和密碼,並基於該用戶帳號設定上網時間和管控策略,包括允許上網的時段和允許上網的時間訊息,而在被管控的移動終端上需要安裝上網時間管控的應用程式,需輸入用戶帳號和密碼與服務平台進行身份認證,若身份合法,則啟動應用讓該行動終端可使用網路,該應用實時判斷移動終端的上網時間已屆滿,若是,則控制移動終端的上網功能處於休眠狀態,惟,上述方式必須在終端上安裝軟體,當管控的終端數量龐大或是異動頻繁,安裝軟體工作變得繁複與管理不易,而且容易造成使用者不便。 For the time management and control of mobile terminals, another prior art proposes a patent (CN103825898A) for "Management and Control of Internet Time of Mobile Terminals", in which the administrator opens a user account and password on the service platform, and sets the Internet time and time based on the user account. The control strategy includes the time period when the Internet is allowed and the time when the Internet is allowed. An application for online time control needs to be installed on the controlled mobile terminal, and the user account and password are required to be authenticated with the service platform. If the identity is legal, then Start the application so that the mobile terminal can use the Internet. The application determines in real time that the Internet access time of the mobile terminal has expired. If so, the Internet access function of the mobile terminal is controlled to be in a dormant state. However, the above method must install software on the terminal. With a large number of terminals or frequent changes, software installation becomes complicated and difficult to manage, and it is easy to cause inconvenience to users.

在又一現有技術中,台灣專利第I259371號「時間管理系統及方法」專利,係採用時間方式管制資訊設備之使用時間,藉以提高資訊設備之保密性,該系統包含一個安全驗證模組、一個設定管理模組及一個控制執行模組,其方法是在資訊設備內部建立一使用時間設置程式,以供具有使用權限之管理人員得以透過該設置程式設定資訊設備之使用時間,讓資訊設備可依據該設定時間判別開放權限,以於超出該設定之使用時間範圍時即自動關機,藉此達到限定資訊設備使用時間及防止內部存放資料輕易為人窺知的功效。然而上述時間管理方 式仍是在資訊設備上安裝軟體,同樣會面臨需要變更使用者端設備才可以進行時間管理,加上如果想要變更時間設定,並無統一管理機制,而必須逐台登入進行設定,使用上會非常不便。 In yet another prior art, Taiwan Patent No. I259371 "Time Management System and Method" patent uses time to control the use time of information equipment to improve the confidentiality of information equipment. The system includes a security verification module and a Set up a management module and a control execution module. The method is to create a usage time setting program inside the information equipment, so that managers with usage rights can set the usage time of the information equipment through the setting program, so that the information equipment can be based on The set time determines the open permission, so that it will automatically shut down when it exceeds the set use time range, so as to achieve the effect of limiting the use time of information equipment and preventing the internal storage of data from being easily peeked. However, the above-mentioned time management The method is still to install software on the information equipment, and you will also face the need to change the client device to perform time management. In addition, if you want to change the time setting, there is no unified management mechanism, and you must log in one by one to set it up. It would be very inconvenient.

有鑑於此,如何提供一種網路時間管理之技術,若能從來源的設備IP位址就進行管控,也能避免網路上有許多無效封包而影響網路,特別的是,不需要在用戶設備端安裝任何軟體,即可達到網路管理目的,此將成為目前本技術領域人員努力追求之目標。 In view of this, how to provide a network time management technology, if it can be controlled from the source device IP address, it can also avoid many invalid packets on the network and affect the network, especially, it does not need to be on the user equipment Any software can be installed at the end to achieve the purpose of network management, which will become a goal pursued by those skilled in the art.

為解決上述現有技術之問題,本發明提出一種基於軟體定義網路之網路時間管理方法,係包括:於網路控制器中創立子網路、設定網路服務閘道器以及設定連網時間和超時連網服務之資訊;於終端設備與該網路控制器連線時,令該網路控制器依據該子網路之資訊對該終端設備進行開通,以及將網路傳送規則設定至網路交換器中以供該終端設備使用連網功能;以及令該網路控制器依據該連網時間進行檢測,以於該終端設備處於該連網時間內時,使該終端設備正常使用該連網功能,而於該終端設備處於該連網時間外且設有該超時連網服務時,由網路存取控制系統執行超時處理。 In order to solve the above-mentioned problems in the prior art, the present invention proposes a software-defined network-based network time management method, which includes: creating a subnet in a network controller, setting a network service gateway, and setting a network time And time-out connection service information; when the terminal device is connected to the network controller, the network controller will enable the terminal device based on the information of the subnet, and set the network transmission rule to The network switch is used for the terminal device to use the networking function; and the network controller is made to detect according to the network time, so that the terminal device can use the terminal device normally when the terminal device is within the network time. Networking function, and when the terminal device is outside the network time and the timeout network service is provided, the network access control system executes timeout processing.

於一實施例中,該於該網路控制器中創立子網路、設定網路服務閘道器以及設定連網時間和超時連網服務之資訊之步驟,係包括下列子步驟:設定該網路控制器管轄之終端設備的範圍,以成為該子網路;依據該終端設備需連線之服務閘道器,於該網路控制器中設定該子網路連接至該服務閘道器以及連接至該服務閘道器之參數;創立連網時間服務叢集、超時連網服務叢集、該網路 存取控制系統以及設定永久連網服務叢集,其中,該網路存取控制系統用於管控中之該終端設備的連網功能認證;以及設定該連網時間的時段、該超時連網服務的使用時間以及該網路存取控制系統存取之網路與認證系統。 In one embodiment, the steps of creating a subnet in the network controller, setting the network service gateway, and setting the information of the connection time and the timeout connection service include the following sub-steps: setting the The range of the terminal equipment under the control of the network controller becomes the subnet; according to the service gateway that the terminal device needs to connect to, set the subnet to connect to the service gateway in the network controller And the parameters connected to the service gateway; create a network time service cluster, a timeout network service cluster, and the network An access control system and a set of permanent connection service clusters, wherein the network access control system is used to manage and control the connection function authentication of the terminal device; and set the time period of the connection time and the timeout connection service The usage time of the network and the network and authentication system accessed by the network access control system.

於一實施例中,於該網路控制器依據該子網路之資訊對該終端設備進行開通之步驟,係包括下列子步驟:以匯入該終端設備資料或以自動偵測方式,令該終端設備加入創立該子網路時所建立之服務叢集中;以及基於各該終端設備加入之服務叢集以及服務閘道器之參數與連接埠,令該網路控制器依據該終端設備加入之服務叢集開通該終端設備之連網服務,以及產生對應之該網路傳送規則,以設定該網路傳送規則於該網路交換器中。 In one embodiment, the step of enabling the terminal device by the network controller based on the information of the subnet includes the following sub-steps: importing the terminal device data or automatically detecting the terminal device. The terminal device joins the service cluster created when the subnet is created; and based on the service cluster that each terminal device joins and the parameters and ports of the service gateway, the network controller is made based on the service that the terminal device joins The cluster opens the network service of the terminal device and generates the corresponding network transmission rule to set the network transmission rule in the network switch.

於一實施例中,該網路控制器依據該連網時間進行檢測之步驟係包括令該網路控制器定期檢查目前時間是否在設定之該連網時間內,以於該目前時間在該連網時間內時,進一步判斷是否已開通服務,而若該目前時間不在該連網時間內時,則執行該超時處理。 In one embodiment, the step of detecting by the network controller according to the connection time includes making the network controller periodically check whether the current time is within the set connection time, so that the current time is within the connection time. During the network time, it is further determined whether the service has been activated, and if the current time is not within the network time, the timeout process is executed.

於一實施例中,該判斷是否已開通服務步驟係包括:令該網路控制器判斷連網時間服務叢集內之終端設備是否已開通過服務,若已通過,則持續定期檢測是否超時,而若未開通,則進行該終端設備之服務開通。 In one embodiment, the step of determining whether the service has been activated includes: enabling the network controller to determine whether the terminal device in the network time service cluster has been activated and passed the service, and if it has passed, continuously and periodically checking whether the service has expired, If it is not activated, the service activation of the terminal device will be performed.

於一實施例中,該網路存取控制系統執行超時處理之步驟係包括:於該網路控制器設定有該網路存取控制系統及該超時連網服務下,令該終端設備連線至該網路存取控制系統,以由該網路存取控制系統進行認證;以及於該終端設備認證成功後,令該網路控制器開通該終端設備之連網功能,並定時檢測是否達到超時連網時間。 In one embodiment, the step of executing timeout processing by the network access control system includes: when the network controller is configured with the network access control system and the timeout networking service, the terminal device Connect to the network access control system to be authenticated by the network access control system; and after the terminal device is successfully authenticated, enable the network controller to enable the terminal device's network connection function, and periodically check Whether to reach the timeout connection time.

於上述實施例中,令該終端設備連線至該網路存取控制系統以由該網路存取控制系統進行認證之步驟,係包括下列子步驟:令該網路控制器清除該終端設備位於該網路交換器之該網路傳送規則;以及令該網路控制器依據創立該子網路時所設定的附加服務,於該網路交換器中設定連線至該網路存取控制系統的網路傳送規則,以使該終端設備僅能連線至該網路存取控制系統進行認證。 In the above embodiment, the step of making the terminal device connect to the network access control system to be authenticated by the network access control system includes the following sub-steps: making the network controller clear the terminal device The network transmission rules located in the network switch; and the network controller is configured to connect to the network access control in the network switch based on the additional services set when the subnet is created The network transmission rules of the system, so that the terminal device can only connect to the network access control system for authentication.

於上述實施例中,令該網路控制器開通該終端設備之連網功能之步驟,係包括下列子步驟:令該網路控制器將認證通過之終端設備加入超時連網服務叢集並開通服務,以產生該認證通過之終端設備連線至該服務閘道器的超時網路傳送規則,傳送該超時網路傳送規則至該網路交換器中,俾使該認證通過之終端設備於該超時連網服務的時間內正常使用該連網功能;以及令該網路控制器持續檢測該超時連網服務叢集內之終端設備超時時間,以於使用時間內,令該認證通過之終端設備繼續使用該連網功能,以及於時間到後,由該網路控制器移除該認證通過之終端設備的該超時網路傳送規則。 In the above embodiment, the step of enabling the network controller to enable the terminal device's networking function includes the following sub-steps: enabling the network controller to add the terminal devices that have passed authentication to the timeout networking service cluster and enable Service, to generate a timeout network transmission rule for the terminal device that passed the authentication to connect to the service gateway, and transmit the timeout network transmission rule to the network switch, so that the terminal device that passed the authentication Use the network function normally during the timeout service time; and enable the network controller to continuously detect the timeout period of the terminal equipment in the timeout network service cluster, so as to enable the authentication within the use time The passed terminal device continues to use the networking function, and after the time is up, the network controller removes the timeout network transmission rule of the authenticated terminal device.

於上述方法中,復包括利用網路流量檢測工具檢測該網路交換機之連接埠,以於該終端設備在該連網時間或該超時連網服務外仍有超過預定數量之封包持續發送時,判斷該終端設備為異常。 In the above method, it also includes using a network traffic detection tool to detect the port of the network switch, so that when the terminal device continues to send more than a predetermined number of packets outside the network time or the overtime network service , Determine that the terminal device is abnormal.

本發明復提出一種基於軟體定義網路之網路時間管理系統,係包括:伺服器,係用於儲存終端設備之連網時間及超時連網服務之資訊;網路交換器,係用於傳送封包;實體控制器,係用於將網路傳送規則設定至該網路交換器中,且該實體控制器內具有用於定期檢查時間之計時器;以及網路存取控制系統,係用於在該終端設備處於該連網時間外且設有該超時連網服務時,執行該終 端設備之連網認證,其中,該計時器用於確認目前時間是否處於該連網時間,以於該目前時間處於該連網時間時,透過該網路交換器傳送該終端設備所發出之封包至服務閘道器以及透過該網路交換器接收由該服務閘道器所回傳之回應封包,而於該目前時間為該連網時間外且設有該超時連網服務時,經由該網路存取控制系統進行認證,以將新的網路傳送規則紀錄於該伺服器並更新該網路交換器中原本的網路傳送規則,俾使該終端設備發出之封包由該網路交換器傳送。 The present invention further proposes a network time management system based on a software-defined network, which includes: a server, which is used to store information about the connection time and overtime connection service of terminal equipment; and a network switch, which is used for Transmit packets; the physical controller is used to set the network transmission rules to the network switch, and the physical controller has a timer for periodically checking the time; and the network access control system is used When the terminal device is outside the network time and the timeout network service is set, the terminal is executed The network authentication of the terminal device, where the timer is used to confirm whether the current time is within the network time, so that when the current time is within the network time, the packet sent by the terminal device is sent to the network switch through the network switch The service gateway and the response packet returned by the service gateway are received through the network switch, and when the current time is outside the network time and the timeout network service is set up, through the network The access control system performs authentication to record the new network transmission rules on the server and update the original network transmission rules in the network switch so that the packets sent by the terminal device are sent by the network switch Transmit.

綜上可知,本發明為一種利用軟體定義網路架構控制管理網路存取時間的方式,其著重於透過網路控制器統一管控網路交換器下的合法終端設備的連網存取時間,在超過連網存取時間外將會被停止使用連網功能,並結合外部認證機制達成連網存取時間外的連網需求,再者,作為軟體定義網路架構控制管理網路存取時間,可自行定義多組不同網路存取的時間範圍或是定義無時間管理的服務,並將不同連網存取時間需求的合法終端設備各自加入至不同的服務內,有效的透過網路控制器管控不同存取時間需求的合法終端設備,對於網路管理者增加了網路控管的便利性及彈性的控制不同的終端設備網路存取時間。另外,本發明所揭示之基於軟體定義網路之網路時間管理系統及其方法,利用軟體定義網路的特性,可以集中管理設備的網路開通時間,而且不需要在用戶設備端安裝任何軟體,即可達到網路管理目的,再者,本發明之時間管理方式係從來源的設備IP位址就進行管控,不會造成網路有許多無效封包,而影響網路。 In summary, the present invention is a way to control and manage network access time using a software-defined network architecture. It focuses on uniformly controlling the network access time of legal terminal devices under the network switch through a network controller. After the network access time is exceeded, the use of the network function will be stopped, and the external authentication mechanism will be combined to meet the network requirements outside the network access time. In addition, it will be used as a software-defined network architecture to control and manage the network access time. , You can define multiple sets of different network access time ranges or define services without time management, and add legal terminal devices with different network access time requirements to different services, and effectively control through the network The device manages legal terminal devices with different access time requirements, which increases the convenience and flexibility of network control for network administrators to control the network access time of different terminal devices. In addition, the network time management system and method based on the software-defined network disclosed in the present invention utilize the characteristics of the software-defined network to centrally manage the network activation time of the equipment, and there is no need to install any software on the user equipment. , The purpose of network management can be achieved. Furthermore, the time management method of the present invention is to manage and control from the source device IP address, and will not cause many invalid packets on the network to affect the network.

11-15:階段 11-15: Stage

111-114:流程 111-114: Process

121-122:流程 121-122: Process

131-132:流程 131-132: Process

141-142:流程 141-142: Process

151-153:流程 151-153: Process

211-216:流程 211-216: Process

311-319:流程 311-319: Process

31:網路管理者 31: network manager

32、42:網路控制器 32, 42: network controller

33、43:終端設備 33, 43: terminal equipment

34、44:網路交換器 34, 44: network switch

35、45:服務閘道器 35, 45: service gateway

36、46:網路存取控制系統 36, 46: Network access control system

321、421:計時器 321, 421: Timer

322、422:伺服器 322, 422: Server

S11-S13:步驟 S11-S13: steps

圖1為本發明之基於軟體定義網路之網路時間管理方法之步驟圖。 Fig. 1 is a step diagram of the network time management method based on software-defined network of the present invention.

圖2為本發明之基於軟體定義網路之網路時間管理方法之時序流程圖。 FIG. 2 is a time sequence flow chart of the software-defined network-based network time management method of the present invention.

圖3為本發明之基於軟體定義網路之網路時間管理系統及其方法之設定網路時間管理與開通流程示意圖。 3 is a schematic diagram of the network time management and activation process of the software-defined network-based network time management system and method of the present invention.

圖4為本發明之基於軟體定義網路之網路時間管理系統及其方法之時間外管控與開通流程示意圖。 FIG. 4 is a schematic diagram of the out-of-time control and activation process of the software-defined network-based network time management system and method of the present invention.

圖5為本發明基於軟體定義網路之網路時間管理系統的架構圖。 Fig. 5 is a structural diagram of the network time management system based on the software-defined network of the present invention.

以下藉由特定的具體實施形態說明本發明之技術內容,熟悉此技藝之人士可由本說明書所揭示之內容輕易地瞭解本發明之優點與功效。然本發明亦可藉由其他不同的具體實施形態加以施行或應用。 The following describes the technical content of the present invention with specific specific embodiments. Those familiar with the art can easily understand the advantages and effects of the present invention from the content disclosed in this specification. However, the present invention can also be implemented or applied by other different specific embodiments.

傳統交換器設備中無時間管控概念,且較困難於統一管控,並且缺乏對於終端設備動態的開通與阻斷,本發明是基於網路控制器定義各式不同存取時間的服務提供給不同需求的使用者,能夠依照使用者自行定義的服務給予不同使用者動態的操作合法終端設備的網路存取時間,且可額外設定並結合外部認證機制,達到非管控時間內的網路存取需求。 There is no concept of time management and control in traditional switch equipment, and it is more difficult to manage and control in a unified way, and there is no dynamic opening and blocking of terminal equipment. The present invention is based on the network controller to define various services with different access times to provide different needs Users of, can give different users dynamic network access time for operating legal terminal equipment according to user-defined services, and can be additionally set and combined with external authentication mechanisms to meet network access requirements during uncontrolled hours .

圖1為本發明之基於軟體定義網路之網路時間管理方法之步驟圖。本發明係提出集中式管理與控制終端設備連網功能之網路時間管理方法,根據網路管理者需求,於網路控制器中設定子網路與網路時間管理規則,來限制正常連網功能時間,並可以視需求設定網路存取控制系統認證,於時間外讓認證設備可以使用連網功能。 Fig. 1 is a step diagram of the network time management method based on software-defined network of the present invention. The present invention proposes a network time management method for centralized management and control of terminal equipment networking functions. According to the needs of network managers, subnets and network time management rules are set in the network controller to restrict normal networking Function time, and can set the network access control system authentication as required, so that the authentication device can use the network function outside the time.

於步驟S11,於網路控制器中創立子網路、設定網路服務閘道器以及設定連網時間和超時連網服務之資訊。於本步驟中,可視為創立子網路階段,網路管理者於網路控制器創立子網路,並設定網路服務閘道器與設定附加服務與相關時間設定。 In step S11, create a subnet in the network controller, set up a network service gateway, and set up information about the connection time and the timeout connection service. In this step, it can be regarded as the stage of creating a subnet. The network administrator creates the subnet in the network controller, and sets the network service gateway and configures additional services and related time settings.

於一實施例中,步驟S11進一步包含下列步驟:設定該網路控制器管轄之終端設備的範圍,以成為該子網路;依據該終端設備需連線之服務閘道器,於該網路控制器中設定該子網路連接至該服務閘道器以及連接至該服務閘道器之參數;創立連網時間服務叢集、超時連網服務叢集、該網路存取控制系統以及設定永久連網服務叢集,其中,該網路存取控制系統用於管控中之該終端設備的連網功能認證;以及設定該連網時間的時段、該超時連網服務的使用時間以及該網路存取控制系統存取之網路與認證系統。 In one embodiment, step S11 further includes the following steps: setting the range of the terminal device under the control of the network controller to become the subnet; according to the service gateway that the terminal device needs to connect to, in the network Set the parameters of the subnet connected to the service gateway and the service gateway in the controller; create a network time service cluster, a timeout network service cluster, the network access control system, and set permanent Networking service cluster, in which the network access control system is used to manage and control the network function authentication of the terminal device; and set the network time period, the use time of the overtime network service, and the network Access control system access to the network and authentication system.

於步驟S12,於終端設備連線時,令該網路控制器依據該子網路之資訊對該終端設備進行開通,以及將網路傳送規則設定至網路交換器中以供該終端設備使用連網功能。於本步驟中,可視為終端設備開通階段,終端設備連上時,網路控制器會依據套用的子網路對終端設備進行開通,並將網路傳送規則設定至網路交換器中供終端設備使用連網功能。 In step S12, when the terminal device is connected, the network controller is made to activate the terminal device according to the information of the subnet, and the network transmission rule is set to the network switch for the terminal device to use Networking function. In this step, it can be regarded as the terminal device activation stage. When the terminal device is connected, the network controller will activate the terminal device according to the applied subnet, and set the network transmission rule to the network switch for the terminal The device uses the networking function.

於一實施例中,步驟S12進一步包含下列步驟:以匯入該終端設備資料或以自動偵測方式,令該終端設備加入創立該子網路時所建立之服務叢集中;以及基於各該終端設備加入之服務叢集以及服務閘道器之參數與連接埠,令該網路控制器依據該終端設備加入之服務叢集開通該終端設備之連網服務,以及產生對應之該網路傳送規則,以設定該網路傳送規則於該網路交換器中。 In one embodiment, step S12 further includes the following steps: import the terminal device data or automatically detect the terminal device to join the service cluster created when the subnet is created; and based on each terminal The service cluster that the device joins and the parameters and ports of the service gateway enable the network controller to enable the terminal device’s network service based on the service cluster that the terminal device joins, and generate corresponding network transmission rules to Set the network transmission rule in the network switch.

於步驟S13,令該網路控制器依據該連網時間進行檢測,以於該終端設備處於該連網時間內時,使該終端設備正常使用該連網功能,而於該終端設備處於該連網時間外且設有該超時連網服務時,由網路存取控制系統執行超時處理。於本步驟中,可視為時間檢測階段,網路控制器會依據連網時間進行檢測,若時間內可以正常使用連網功能,時間若超過連網時間則會進行超時處理。 In step S13, the network controller is made to perform detection based on the network connection time, so that when the terminal device is within the network connection time, the terminal device can use the network function normally, and the terminal device is in the connection time. When the network time is outside and the timeout service is set up, the network access control system will execute the timeout process. In this step, it can be regarded as the time detection stage. The network controller will perform the detection based on the connection time. If the connection function can be used normally within the time, if the time exceeds the connection time, it will perform a timeout process.

於一實施例中,步驟S13進一步包含下列步驟:該網路控制器定期檢查目前時間是否在設定之該連網時間內,以於該目前時間在該連網時間內時,進一步判斷是否已開通服務,而若該目前時間不在該連網時間內時,則執行該超時處理。另外,前述判斷是否已開通服務的方式,即令該網路控制器判斷連網時間服務叢集內之終端設備是否已開通過服務,若已通過,則持續定期檢測是否超時,而若未開通,則進行該終端設備之服務開通。 In one embodiment, step S13 further includes the following steps: the network controller periodically checks whether the current time is within the set network time, and when the current time is within the network time, it further determines whether it is enabled Service, and if the current time is not within the networking time, the timeout process is executed. In addition, the aforementioned method of determining whether the service has been activated is to make the network controller determine whether the terminal device in the network time service cluster has activated the service. If it has passed, it will continue to periodically check whether the service has expired, and if it is not activated, Then proceed to the service activation of the terminal device.

關於前述網路存取控制系統執行超時處理之步驟,係包括:於該網路控制器設定有該網路存取控制系統及該超時連網服務下,令該終端設備連線至該網路存取控制系統,以由該網路存取控制系統進行認證,以及於該終端設備認證成功後,令該網路控制器開通該終端設備之連網功能,並定時檢測是否達到超時連網時間。簡言之,上述可視為超時處理階段以及超時開通階段,網路控制器會依據是否有設定網路存取控制系統與超時連網服務,若有設定下,則使用終端設備至網路存取控制系統的網路傳送規則,亦即終端設備須經由路存取控制系統認證才能使用連網功能,接著,終端設備認證成功後,網路控制器會開通終端設備連網功能,並定時檢測是否已達超時連網時間。 Regarding the steps of performing timeout processing by the aforementioned network access control system, it includes: when the network controller is configured with the network access control system and the timeout connection service, the terminal device is connected to the The network access control system is authenticated by the network access control system, and after the terminal device is successfully authenticated, the network controller is enabled to enable the network connection function of the terminal device, and periodically checks whether the timeout is reached Network time. In short, the above can be regarded as the timeout processing phase and the timeout activation phase. The network controller will depend on whether the network access control system and the timeout connection service are set. If there is a setting, the terminal device will be used to connect to the network. The network transmission rules of the access control system, that is, the terminal device must be authenticated by the access control system to use the networking function. Then, after the terminal device is successfully authenticated, the network controller will enable the terminal device networking function, and Regularly check whether the timeout connection time has elapsed.

前述令該終端設備連線至該網路存取控制系統以由該網路存取控制系統進行認證之步驟,係包括:該網路控制器清除該終端設備位於該網路交 換器之該網路傳送規則;以及該網路控制器依據創立該子網路時所設定的附加服務,於該網路交換器中設定連線至該網路存取控制系統的網路傳送規則,以使該終端設備僅能連線至該網路存取控制系統進行認證。 The foregoing step of enabling the terminal device to connect to the network access control system for authentication by the network access control system includes: the network controller clears that the terminal device is located on the network access control system The network transmission rules of the switch; and the network controller sets the network transmission connected to the network access control system in the network switch according to the additional services set when the subnet is created Rules so that the terminal device can only connect to the network access control system for authentication.

前述令該網路控制器開通該終端設備之連網功能之步驟,係包括:該網路控制器將認證通過之終端設備加入超時連網服務叢集並開通服務,以產生該認證通過之終端設備連線至該服務閘道器的超時網路傳送規則,傳送該超時網路傳送規則至該網路交換器中,俾使該認證通過之終端設備於該超時連網服務的時間內正常使用該連網功能;以及該網路控制器持續檢測該超時連網服務叢集內之終端設備超時時間,以於使用時間內,令該認證通過之終端設備繼續使用該連網功能,以及於時間到後,由該網路控制器移除該認證通過之終端設備的該超時網路傳送規則。 The aforementioned step of enabling the network controller to enable the terminal device's networking function includes: the network controller adds the certified terminal device to the timeout networking service cluster and activates the service to generate the certified terminal The device is connected to the timeout network transmission rule of the service gateway, and the timeout network transmission rule is transmitted to the network switch, so that the terminal device that has passed the authentication will be connected to the service for the timeout period The network function is normally used within the network; and the network controller continuously detects the timeout period of the terminal equipment in the timeout network service cluster, so that the terminal equipment that has passed the certification can continue to use the network function within the use time , And after the time is up, the network controller removes the timeout network transmission rule of the terminal device that has passed the authentication.

本發明藉由透過創立子網路階段,可以設定管轄的範圍與需求的服務功能和服務時間,並於終端設備開通階段,將管轄內的終端設備分別使用匯入或自動偵測至相對應的服務叢集中,終端設備開通階段則開始檢測是否已超過設定時間,若超過後至超時處理階段,使終端設備無法使用連網功能或只能連至網路存取控制系統認證,超時開通階段則會開通認證過的終端設備連網功能,藉此幫助網路管理者可以有效率的管理終端設備與增加網路安全。 The present invention can set the scope of jurisdiction and required service functions and service time through the creation of the sub-network stage, and in the terminal device activation stage, the terminal equipment in the jurisdiction can be imported or automatically detected to the corresponding In the service cluster, the terminal device starts to detect whether the set time has been exceeded during the activation phase. If it exceeds the timeout processing phase, the terminal device cannot use the network function or can only connect to the network access control system for authentication, and the timeout is activated. At this stage, the authenticated terminal device networking function will be opened to help network administrators to efficiently manage terminal devices and increase network security.

下面透過具體實施例以說明本發明。本發明是一種基於軟體定義網路,集中式管理與控制終端設備連網功能之網路時間管理系統及其方法,能根據網路管理者於網路控制器中設定子網路與網路時間管理系統,在此子網路設定中的終端設備根據網路時間管理系統設定的時間內可以正常使用連網功能,超過網路時間管理系統設定的時間外將會被停止使用連網功能。此網路時間管 理系統及其方法可整合網路存取控制系統,若使用者需要在網路時間管理系統設定的時間外使用連網功能,則可經由網路存取控制系統認證成功後,網路控制器則開通終端設備連網功能服務並記錄日誌。 The following specific examples illustrate the present invention. The present invention is a network time management system and method based on software-defined network, centralized management and control of terminal equipment networking functions, which can set the subnet and network time in the network controller according to the network manager Management system, the terminal devices in this subnet setting can use the networking function normally according to the time set by the network time management system, and will be stopped using the networking function beyond the time set by the network time management system. This network time management The management system and its method can integrate the network access control system. If the user needs to use the network function outside the time set by the network time management system, the network controller can be authenticated by the network access control system. Then open the terminal equipment networking function service and record the log.

圖2為本發明之基於軟體定義網路之網路時間管理方法之時序流程圖,如圖所示,本發明的系統流程主要分為五個階段,分別是創立子網路階段11、終端設備開通階段12、時間檢測階段13、超時處理階段14與超時開通階段15。 Figure 2 is a time sequence flow chart of the software-defined network-based network time management method of the present invention. As shown in the figure, the system process of the present invention is mainly divided into five stages, namely the creation of sub-network stage 11, terminal equipment The opening phase 12, the time detection phase 13, the timeout processing phase 14, and the timeout opening phase 15.

在創立子網路階段11,網路管理者根據管轄的網段和終端設備,至網路控制器設定符合自己需求的子網路和各項服務的網路時間管理系統,其包括流程111的創立子網路、流程112的設定對外服務閘道器、流程113的設定附加服務、以及流程114的設定附加服務內容。 In the creation of the subnet stage 11, the network administrator sets up the network time management system for the subnet and various services according to the network segment and terminal equipment under the jurisdiction of the network controller, which includes the process 111 Create a subnet, set the external service gateway in the process 112, set the additional service in the process 113, and set the additional service content in the process 114.

首先,於流程111中,網路管理者需要在網路控制器創立子網路,網路管理者要先設定管轄的終端設備範圍,包含但不限於IPv4網段、IPv6網段、來源網路交換器連接埠等範圍,以設定子網路,並在有設定範圍內的終端設備加入網路時,會加入符合設定的子網路。接者,於流程112中,網路管理者於網路控制器設定此子網路連接的對外服務閘道器,並可以設定連接此服務閘道器的參數,包含但不限於VLAN、網路交換器連接埠等資訊,並記住服務閘道器的連接埠位置。之後,於流程113中,網路管理者創立連網時間服務叢集,另外也可以選擇創立超時連網服務叢集與網路存取控制系統,使管控中的終端設備可以經由認證使用連網功能,另外,還可設定永久連網服務叢集,將不需要管控的終端設備加入並永久可以使用連網功能。最後,於流程114中,網路管理者在此階段設定網路時間管理,設定連網時間服務的時段,如果有在流程113設定超時連 網服務與網路存取控制系統,也須一併設定超時連網服務的使用時間,和網路存取控制系統存取的網路與認證系統。 First, in the process 111, the network administrator needs to create a subnet in the network controller, and the network administrator needs to set the range of terminal equipment under jurisdiction, including but not limited to IPv4 network segment, IPv6 network segment, and source network Switch ports and other ranges to set the subnet, and when terminal devices within the set range join the network, the subnet that matches the setting will be added. Then, in the process 112, the network administrator sets the external service gateway connected to this subnet in the network controller, and can set the parameters for connecting to this service gateway, including but not limited to VLAN, network Switch port and other information, and remember the port location of the service gateway. After that, in the process 113, the network administrator creates a network time service cluster, and can also choose to create a timeout network service cluster and a network access control system, so that the terminal devices under control can use the network function through authentication In addition, you can also set up a permanent network service cluster, add terminal devices that do not need to be controlled, and permanently use the network function. Finally, in the process 114, the network administrator sets the network time management at this stage, and sets the time period of the network time service. If there is a timeout connection in the process 113, The network service and the network access control system must also be set together with the use time of the overtime network service, and the network and authentication system accessed by the network access control system.

完成創立子網路階段11後,即進入終端設備開通階段12,網路管理者開始使用匯入或偵測方式將管轄的終端設備加入子網路中,並分別選擇每個終端設備需要加入服務叢集後,網路控制器下傳網路傳送規則於網路交換器中以達成終端設備連網功能,其中包括流程121的終端設備套入子網路以及流程122的開通服務功能。簡言之,於流程121中,網路管理者將匯入終端設備資料或以自動偵測方式於創立子網路階段11設定的子網路,並且加入創立子網路階段11創立的服務叢集中,之後,於流程122中,網路控制器根據每台終端設備加入的服務叢集,與創立子網路階段11設定的服務閘道器的參數與連接埠,網路控制器依據終端設備加入的服務叢集開通連網服務並產生對應的網路傳送規則,並將網路傳送規則設定於網路交換器中,讓套用服務叢集的終端設備可以正常使用連網功能,若有設定連網時間服務叢集,則須進入時間檢測階段13進行時間管理之判斷,若只設定永久連網服務叢集,則不需要進入時間檢測階段13,永久開通連網功能。 After completing the subnet creation phase 11, it will enter the terminal device activation phase 12. The network administrator starts to use the import or detection method to add the terminal devices under the jurisdiction to the subnet, and select each terminal device to be added to the service separately After the clustering, the network controller downloads the network transmission rules to the network switch to achieve the terminal device networking function, including the terminal device in the process 121 into the subnet and the process 122 to activate the service function. In short, in the process 121, the network administrator will import the terminal device data or the subnet set in the subnet creation stage 11 through automatic detection, and join the service cluster created in the subnet creation stage 11 After that, in the process 122, the network controller adds the parameters and ports of the service gateway set in the subnet stage 11 according to the service cluster that each terminal device joins, and the network controller joins according to the terminal device The service cluster opens the network service and generates the corresponding network transmission rules, and sets the network transmission rules in the network switch, so that the terminal devices that apply the service cluster can use the network function normally, if there is a setting of the network time For service clusters, it is necessary to enter the time detection stage 13 for time management judgment. If only the permanent connection service cluster is set, there is no need to enter the time detection stage 13 to permanently enable the connection function.

在時間檢測階段13中,網路控制器將會開始依照於創立子網路階段11設定之連網時間檢測連網時間服務叢集的狀態,其包括流程131的檢測是否超時以及流程132的判斷是否已開通服務。簡言之,於流程131中,網路控制器會依據創立子網路階段11中連網時間服務設定的正常連網時間,定時檢查目前的時間是否在網路管理者設定的連網時間服務連網時間內,若目前時間在連網時間服務的連網時間內,則進入流程132,反之,則進入超時處理階段14,在判斷是否已開通服務的流程132中,網路控制器會判斷此連網時間服務叢集內的終端 設備是否已經開通過服務,若開通過,則回到流程131持續判斷是否於時間內,若尚未開通過,則回至終端設備開通階段12的流程122。 In the time detection phase 13, the network controller will start to detect the status of the connection time service cluster according to the connection time set in the subnet creation phase 11, which includes whether the detection of the process 131 has timed out and the judgment of the process 132 Whether the service has been activated. In short, in process 131, the network controller will periodically check whether the current time is within the network time service set by the network administrator based on the normal network time set by the network time service in the subnet creation phase 11. During the connection time, if the current time is within the connection time of the connection time service, the process 132 is entered; otherwise, the timeout processing stage 14 is entered. In the process 132 of determining whether the service has been activated, the network controller will Determine the terminal in this network time service cluster Whether the device has been opened and passed the service, if it has been opened, return to the process 131 and continue to determine whether it is within the time limit, if it has not been opened, then return to the process 122 of the terminal device provisioning stage 12.

當時間超過連網時間後,將會進入在超時處理階段14,網路控制器會因為時間已經超過連網時間服務設定的時間,需要處理終端設備的網路傳送規則,其包括流程141的切斷連網功能以及流程142的附加服務處理與認證。於流程141中,因為已於創立子網路階段11中設定的連網時間外,網路控制器根據在連網時間服務叢集內的終端設備資訊,清除上述終端設備位於網路交換器的網路傳送規則,此時於連網時間服務叢集內的所有終端設備將會切斷連網功能,若網路管理者有於創立子網路階段11設定附加服務(例如超時連線),則會進入流程142,網路控制器會設定依照創立子網路階段11內附加服務,設定連至網路存取控制系統的網路傳送規則(即超時網路傳送規則),終端設備要嘗試使用連網功能時,只能連至網路存取控制系統認證,若認證不成功,則回時間檢測階段13,判斷時間是否為連網時間內再開通網路,若認證成功,則進至超時開通階段15。 When the time exceeds the network time, it will enter the timeout processing stage 14. The network controller will need to process the network transmission rules of the terminal device because the time has exceeded the time set by the network time service, which includes the process 141 Cut off the network function and the additional service processing and authentication of the process 142. In the process 141, because the network controller has been set up in the subnet stage 11 of the establishment of the network time, the network controller according to the terminal device information in the network time service cluster, clear the above-mentioned terminal device is located in the network switch network At this time, all the terminal devices in the service cluster will cut off the network function during the network time. If the network administrator has set up additional services (such as timeout connection) during the creation of the subnet stage 11, It will enter the process 142, the network controller will set up the additional services in the subnet creation phase 11, and set the network transmission rules (ie timeout network transmission rules) connected to the network access control system, and the terminal device will try When using the network connection function, you can only connect to the network access control system authentication. If the authentication is unsuccessful, it will go back to the time detection stage 13 to determine whether the time is within the network time and then open the network. If the authentication is successful, go to Overtime opening phase 15.

在超時開通階段15,網路控制器會依據創立子網路階段11設定的超時連網服務設定網路傳送規則,並於超時連網服務設定的時間後移除對應的網路傳送規則,其包括流程151的開通超時連網服務、流程152的檢測是否在超時有效時限內以及流程153的清除超時連網功能。於流程151中,於超時處理階段14認證成功後,網路控制器會依據由網路存取控制系統的資訊將認證通過的終端設備加入超時連網服務叢集並開通服務,並產生認證成功的終端設備連至服務閘道器的超時網路傳送規則至網路交換器中,使終端設備於超時連網設定的時間內可以正常使用連網功能,而後於流程152中,網路控制器持續檢測超時連網服務叢集內的終端設備超時時間,若於使用時間內則可繼續使用連網功能,反 之,時間到後則進入流程153,網路控制器會移除此終端設備的超時網路傳送規則,此時終端設備將會切斷連網功能,並回時間檢測階段13。 In the timeout activation phase 15, the network controller will set the network transmission rules according to the timeout connection service set in the subnet creation phase 11, and remove the corresponding network transmission after the timeout of the timeout service setting. Rules, which include the activation of the timeout networking service in the process 151, the detection of whether the process 152 is within the timeout valid time limit, and the clearing of the timeout networking function in the process 153. In the process 151, after the authentication is successful in the timeout processing stage 14, the network controller will add the authenticated terminal devices to the timeout networking service cluster according to the information from the network access control system and activate the service, and generate the authentication The successful terminal device is connected to the service gateway's timeout network transmission rule to the network switch, so that the terminal device can use the network function normally within the time set for the timeout connection, and then in the process 152, the network The controller continuously detects the timeout time of the terminal equipment in the timeout network service cluster. If it is within the use time, you can continue to use the network function. If the time is up, the process 153 is entered, and the network controller will remove the timeout network transmission rule of the terminal device. At this time, the terminal device will cut off the network function and return to the time detection stage 13.

圖3為本發明之基於軟體定義網路之網路時間管理系統及其方法之設定網路時間管理與開通流程示意圖,係說明子網路設定與開通流程。如圖所示,首先,於流程211,網路管理者31根據管轄的網段和終端設備,至網路控制器32設定符合自己需求的子網路、使用的服務、網路時間管理系統和網路存取控制系統,之後,於流程212,網路控制器32依據網路管理者31匯入的終端設備33開通資料,將網路傳送規則設定至網路交換器,於流程213,當終端設備33連網路時,經過網路交換器34,於流程214,網路交換器34會將有開通過的終端設備33依照網路傳送規則將封包送往服務閘道器35,接著,於流程215,服務閘道器35回傳回應封包至網路交換器34,最後,於流程216,依照開通設定的網路傳送規則將回應封包送回終端設備33,以達成終端設備33可以正常使用連網功能。 Figure 3 is a schematic diagram of the network time management and activation process of the software-defined network-based network time management system and method of the present invention, illustrating the sub-network setting and activation process. As shown in the figure, first, in the process 211, the network manager 31 sets the subnet, the service used, the network time management system and the network controller 32 according to the network segment and terminal equipment under the jurisdiction of the network controller 32. After the network access control system, in process 212, the network controller 32 sets the network transmission rules to the network switch based on the terminal device 33 activation data imported by the network manager 31, and in process 213, when When the terminal device 33 is connected to the network, it passes through the network switch 34. In the process 214, the network switch 34 will send the packet to the service gateway 35 according to the network transmission rules. In the process 215, the service gateway 35 returns the response packet to the network switch 34. Finally, in the process 216, the response packet is sent back to the terminal device 33 in accordance with the network transmission rules set by the activation, so that the terminal device 33 can be normal Use the networking function.

由於傳統的交換器設備中無時間管控概念,本發明透過軟體定義網路架構可將網路存取時間的資訊記錄在網路控制器32中,由網路控制器32分門別類的對不同合法的終端設備33進行時間管控,且由於軟體定義網路架構下可全部由單一網路控制器32控制所有的網路交換器34,讓網路管理者31可便利且彈性的控制任一個合法終端設備33的存取能力與時間。 Since there is no concept of time management and control in traditional switch equipment, the present invention can record network access time information in the network controller 32 through a software-defined network architecture. The network controller 32 classifies different legal The terminal device 33 performs time management and control, and since a single network controller 32 can control all network switches 34 under the software-defined network architecture, the network administrator 31 can conveniently and flexibly control any legal terminal device 33 access capacity and time.

圖4為本發明之基於軟體定義網路之網路時間管理系統及其方法之時間外管控與開通流程示意圖,係說明網路存取控制系統的超時開通流程。如圖所示,於流程311,網路控制器32內部的計時器(Timer)321會定期檢測時間,若時間已經超過連網時間,則進入流程312,即告知網路控制器32須要移除連網時間網路傳送規則,接著於流程313,網路控制器32會依照設定,移除網路交換器 34的連網時間網路傳送規則與設定聯至網路存取控制系統36的網路傳送規則,之後,於流程314中,當終端設備33這時候使用連網功能時,則進入流程315,網路交換器34會將封包送至網路存取控制系統36,若認證成功後,則進入流程316,網路存取控制系統36會將終端設備33資訊送至網路控制器32內部的實體伺服器322儲存,網路控制器32依據於網路存取控制系統36開通的終端設備33,產生此終端設備33連至服務閘道器35的網路傳送規則,並設置於網路交換器34中,後續,當終端設備33使用連網功能後,即流程318,則網路交換器34會將封包送至服務閘道器35,即流程319,終端設備33可以正常使用連網功能。 4 is a schematic diagram of the out-of-time control and activation process of the software-defined network-based network time management system and method of the present invention, illustrating the overtime activation process of the network access control system. As shown in the figure, in the process 311, the timer 321 inside the network controller 32 will periodically check the time. If the time has exceeded the network connection time, the process 312 is entered, that is, the network controller 32 needs to be removed. Network transmission rules during connection time, then in process 313, the network controller 32 will remove the network switch according to the setting The network transmission rule of the network time of 34 and the network transmission rule of the network access control system 36 are set. Then, in the process 314, when the terminal device 33 uses the network function at this time, the process 315 is entered. The network switch 34 will send the packet to the network access control system 36. If the authentication is successful, it will enter the process 316. The network access control system 36 will send the terminal equipment 33 information to the network controller 32. The physical server 322 stores, and the network controller 32 generates a network transmission rule for the terminal device 33 to connect to the service gateway 35 based on the terminal device 33 activated by the network access control system 36, and sets it in the network switch In the device 34, after the terminal device 33 uses the networking function, that is, the process 318, the network switch 34 will send the packet to the service gateway 35, that is, the process 319, and the terminal device 33 can use the network function normally. .

本發明目的是將使用者的合法終端設備做時間上的分權管控機制,依照網路管理者定義不同使用者的網路存取時間,且可依照使用需求將需要在網路存取時間外有額外的連網需求時,可以結合認證機制進行時間管控存取並以利紀錄使用者連網時間,另外,一般的被動式網路設備或是物聯網(IoT)設備可以搭配無時間管理的服務,使得此類設備不受網路存取的時間限制。 The purpose of the present invention is to use the user’s legal terminal equipment as a time decentralized management and control mechanism, and define the network access time of different users according to the network administrator, and the network access time can be required outside the network access time according to the usage requirements. When there are additional networking requirements, time control access can be combined with the authentication mechanism to facilitate recording of the user's connection time. In addition, general passive network devices or Internet of Things (IoT) devices can be used with services without time management , So that such devices are not restricted by the time of network access.

由網路控制器32預先設定網路存取的時間的服務內容,並將合法終端設備33加入此服務中,加入之後網路控制器32會定時檢查目前的時間是否在網路管理者31設定的連網時間服務連網時間內,若在時間內則不進行處理,若超出時間外則會透過網路控制器32觸發斷網功能,傳送阻斷的規則至網路交換器34中進行連網阻斷,受到連網阻斷的終端設備33則無法進行連網存取,若此合法終端設備33所加入的服務內有提供外部認證機制,則此用戶可透過網頁輸入認證後再由網路控制器32傳送對此合法終端設備開通的規則至網路交換器34,因此,網路管理者31僅須操作網路控制器32即可控管全域網路架構下的合法終端設備33,並藉由軟體定義網路架構控制管理網路存取時間提供網路安全性與便利性。 The network controller 32 pre-sets the service content of the network access time, and adds the legal terminal device 33 to this service. After the addition, the network controller 32 will periodically check whether the current time is set by the network administrator 31 The network time service is within the network time. If it is within the time, no processing is performed. If the time is exceeded, the network disconnection function will be triggered through the network controller 32, and the blocking rule will be sent to the network switch 34 for connection The terminal device 33 that is blocked by the network cannot access the network. If the service to which the legal terminal device 33 has joined provides an external authentication mechanism, the user can enter the authentication through the web page and then log in to the network. The router controller 32 transmits the rules for enabling the legal terminal device to the network switch 34. Therefore, the network administrator 31 only needs to operate the network controller 32 to control the legal terminal device 33 under the global network architecture. And through the software-defined network architecture to control and manage network access time to provide network security and convenience.

圖5為本發明基於軟體定義網路之網路時間管理系統的架構圖。如圖所示,網路時間管理系統包括伺服器422及計時器421之網路控制器42、網路交換器44連接著伺服器422、終端設備43、服務閘道器45和網路存取控制系統46,伺服器422為軟體定義網路(SDN)控制器示意圖,包括軟硬體皆可,不侷限於硬體伺服器,網路交換器44為SDN交換器之示意圖,包括軟硬體皆可,不侷限於硬體交換器,本系統可一般化至多台SDN交換器架構,終端設備43也不限於軟硬體,並可以一般化至多台終端設備架構。 Fig. 5 is a structural diagram of the network time management system based on the software-defined network of the present invention. As shown in the figure, the network time management system includes the server 422 and the network controller 42 of the timer 421, the network switch 44 is connected to the server 422, the terminal device 43, the service gateway 45 and the network access Control system 46, server 422 is a schematic diagram of a software-defined network (SDN) controller, including software and hardware, and is not limited to a hardware server. The network switch 44 is a schematic diagram of an SDN switch, including software and hardware. Anything, not limited to hardware switches, this system can be generalized to multiple SDN switch architectures, and the terminal device 43 is not limited to software and hardware, and can be generalized to multiple terminal device architectures.

伺服器422端會依據由網路管理者設定的連網、超時時間服務等資訊,並配合計時器421定期檢查時間,將對應的網路傳送規則設定至網路交換器44中,網路交換器44作為傳送封包功能,由終端設備43於連網時間內可以將封包送至服務閘道器45,而連網時間外若有設定超時服務則將只可連至網路存取控制系統46進行認證,並於認證完後紀錄於伺服器422端並更新網路交換器44的網路傳送規則,讓終端設備43可送封包至服務閘道器45,其詳細的運作步驟和流程如前面方法所述。 The server 422 will set the corresponding network transmission rules to the network switch 44 according to the network connection, timeout service and other information set by the network administrator, and cooperate with the timer 421 to periodically check the time, and set the corresponding network transmission rules to the network switch 44. The switch 44 serves as a packet transmission function. The terminal device 43 can send packets to the service gateway 45 during the network time. If the timeout service is set outside the network time, it can only be connected to the network access control The system 46 performs authentication, and after authentication, it records on the server 422 and updates the network transmission rules of the network switch 44 so that the terminal device 43 can send packets to the service gateway 45. The detailed operation steps and processes are As described in the previous method.

本發明的設計著重於終端設備集中式管理並設定網路時間管理系統,以控制終端設備連網功能,能與支援同樣方法的網路控制器協同設定子網路,組成多網域的終端設備網路時間管理系統,並根據網路管理者設定的網路時間管理系統,終端設備於網路時間管理內正常使用連網功能,於網路時間管理外則依據是否有超時與認證的附加服務,實施網路管理者設定的功能,此方式可以使網路管理者更有效的管理終端設備與增加網路安全。 The design of the present invention focuses on the centralized management of terminal equipment and the setting of a network time management system to control the network connection function of the terminal equipment, and can cooperate with the network controller supporting the same method to set the subnet to form a multi-domain terminal equipment Network time management system, and according to the network time management system set by the network administrator, the terminal equipment normally uses the network function in the network time management, and the network time management is based on whether there is an additional timeout and authentication The service implements the functions set by the network administrator. This method can enable the network administrator to more effectively manage the terminal equipment and increase network security.

本發明可適用於數種不同的終端設備供網路管理者設定,如工作場所,網路管理者在設定網路時間管理系統時,可根據不同的終端設備而有不同 的時間設定需求,一般工作者終端設備需要符合連網時間管理功能,網路管理者可以於子網路中創立連網時間服務叢集,並設定正常上班連網時間,並將一般工作者終端設備加入連網時間服務叢集,只允許於上班連網時間內使用連網功能,而被動終端設備,包含但不限於門禁刷卡機等IoT終端設備等需要隨時能使用連網功能,因此於設定永久連網服務叢集,加入此服務叢集的終端設備均可以隨時使用連網功能,並將門禁刷卡機等IoT終端設備加入永久連網服務叢集。而若一般工作者需要加班,終端設備需要於連網時間服務叢集設定的時間外使用連網功能,網路管理者可以在子網路中設定網路存取控制系統與超時連網服務叢集功能,並設定超時連網服務叢集的網路使用時間,和網路存取控制能存取的網路與認證系統。一般工作者若於連網時間服務叢集設定的時間後需要使用連網功能,只允許連上網路存取控制系統,若經由此系統認證後,紀錄日誌於網路控制器,並將使用者終端設備加入超時連網服務叢集,並於使用時間內可以正常使用連網功能,超過設定時間後終端設備將被移出超時連網服務叢集並切斷連網功能,需要再次於網路存取控制系統認證或等待連網時間服務叢集設定的時間到方可重新正常使用連網功能。此功能可大量應用於學校或公司網路,讓一般用戶只能於連網時間服務叢集設定時間內使用連網功能,若需要在連網時間服務叢集設定時間外使用連網功能,需經過網路存取控制系統取得認證才可使用,並會記錄日誌於網路控制器供網路管理者確認身分,有效管理終端設備與增加網路安全。一般的被動終端設備包含但不限於門禁系統、投影機等皆加入永久連網服務叢集。 The present invention can be applied to several different terminal devices for network administrators to set up, such as workplaces. When network administrators set up the network time management system, they can vary according to different terminal devices. The time setting requirements of the general worker terminal equipment need to meet the network time management function. The network administrator can create a network time service cluster in the subnet, and set the normal working network time, and use the general worker terminal equipment Join the network time service cluster, which is only allowed to use the network function during working hours. Passive terminal devices, including but not limited to access control card readers and other IoT terminal devices, need to be able to use the network function at any time. Therefore, set the permanent connection Network service cluster, terminal devices that join this service cluster can use the networking function at any time, and IoT terminal devices such as access control card readers can be added to the permanent network service cluster. If the general worker needs to work overtime, the terminal device needs to use the networking function outside the time set by the networking time service cluster. The network administrator can set the network access control system and the timeout networking service cluster in the subnet. Function, and set the network usage time of the timeout network service cluster, and the network and authentication system that the network access control can access. If the general worker needs to use the network function after the time set by the network time service cluster, only the network access control system is allowed. If the system is authenticated, the log will be recorded in the network controller and the user terminal The device joins the timeout connection service cluster, and the connection function can be used normally during the usage time. After the set time expires, the terminal device will be removed from the timeout connection service cluster and the connection function will be cut off. It needs to be accessed again on the network Control system authentication or wait for the time set by the network time service cluster to return to normal use of the network function. This function can be widely used in school or company networks, so that ordinary users can only use the network function within the set time of the network time service cluster. If you need to use the network function outside the set time of the network time service cluster, you need to go through the network. The access control system can only be used after obtaining the authentication, and will record a log in the network controller for the network administrator to confirm the identity, effectively manage the terminal equipment and increase network security. General passive terminal equipment including but not limited to access control systems, projectors, etc. are added to the permanent network service cluster.

除了使用網路時間管理系統方法來達成控管終端設備外,本發明也能用來檢測控管網路終端設備是否有異常狀態。控管終端設備於連網時間服 務叢集設定的時間外,經由網路流量檢測工具,透過網路交換機的連接埠檢測,若終端設備於管理時間外還有大量封包持續發送時,則網路管理者可於得知此訊息後去確認此終端設備是否異常,或者是否有非法使用者在時間外嘗試使用連網功能,甚至意圖攻擊其他終端設備或網路系統如分散式阻斷服務,網路管理者得以及時處理並解決終端設備問題或查出非法使用的終端設備。 In addition to using the network time management system method to achieve control of the terminal equipment, the present invention can also be used to detect whether the control network terminal equipment has an abnormal state. Control terminal equipment in the network time service After the time set by the service cluster, use the network traffic detection tool to detect through the port of the network switch. If the terminal device continues to send a large number of packets outside the management time, the network administrator can To confirm whether this terminal device is abnormal, or whether illegal users try to use the network function outside of time, or even intend to attack other terminal devices or network systems such as distributed blocking services, the network administrator can deal with it and solve it in time The terminal equipment problem or the illegal use of terminal equipment is detected.

本發明方法的核心在於終端設備連網功能管理,經由設定正常連網時間服務叢集,使加入此服務叢集的終端設備只能於連網時間服務叢集設定的時間內正常使用連網功能,時間外則須經由網路管理者認可才能使用連網功能,否則須等到下次正常連網時間到時才能再次使用連網功能,並可以設定網路存取控制系統與超時連網服務。 The core of the method of the present invention lies in the management of the network connection function of the terminal equipment. By setting the normal network time service cluster, the terminal equipment that joins the service cluster can only use the network function normally during the time set by the network time service cluster. You must be approved by the network administrator to use the networking function, otherwise you will have to wait until the next normal networking time is up before you can use the networking function again, and you can set the network access control system and timeout networking services.

實作本發明是基於軟體定義網路架構,利用軟體定義網路架構可程式化的特性與網路控制器集中式管理網路交換器的特性,由網路控制器根據網路管理者設定的服務與網路時間管理系統,管理旗下的終端設備與網路控制器,來有效管理終端設備與增加網路安全,以達成終端設備控管的需求。 The implementation of the present invention is based on a software-defined network architecture, using the programmable characteristics of the software-defined network architecture and the characteristics of the network controller to centrally manage the network switch, which is set by the network controller according to the network administrator The service and network time management system manages its terminal equipment and network controllers to effectively manage terminal equipment and increase network security to meet the needs of terminal equipment control.

綜上所述,本發明為一種基於軟體定義網路,集中式管理與控制終端設備連網功能之網路時間管理系統及其方法,相較於現有技術更具備下列優點:(1)本發明不需要綁定ISP系統,可以應用於企業區域網路。(2)本發明不須在終端上安裝軟體,只需要網路管理者於網路控制器設定相關服務,終端設備皆可納入管控。(3)相較習知技術仍是在資訊設備上安裝軟體且無統一管理機制,本發明只須於操作網路控制器則可以修改時間管理系統相關功能。(4)本發明能夠依照使用者自行定義的服務給予不同使用者動態的操作合法終端設備的網路存取時間,且可額外設定並結合外部認證機制,達到非管控時間內的網路存取需 求。(5)本發明根據網路管理者設定的網路時間管理系統,終端設備於網路時間管理內正常使用連網功能,於網路時間管理外則依據是否有超時與認證的附加服務,實施網路管理者設定的功能,此方式可以使網路管理者更有效的管理終端設備與增加網路安全。 In summary, the present invention is a network time management system and method based on a software-defined network that centrally manage and control the networking functions of terminal equipment. Compared with the prior art, it has the following advantages: (1) The present invention It does not need to be bound to the ISP system and can be applied to the corporate local area network. (2) The present invention does not need to install software on the terminal, but only needs the network administrator to set related services on the network controller, and the terminal equipment can be controlled. (3) Compared with the prior art, which still installs software on information equipment and does not have a unified management mechanism, the present invention only needs to operate the network controller to modify the relevant functions of the time management system. (4) The present invention can give different users the network access time for operating legal terminal equipment dynamically according to the user-defined service, and can be additionally set and combined with an external authentication mechanism to achieve network access during uncontrolled time need begging. (5) The present invention is based on the network time management system set by the network administrator. The terminal device normally uses the networking function in the network time management, and outside the network time management, it depends on whether there are additional services of timeout and authentication. Implement the function set by the network administrator, this method can enable the network administrator to more effectively manage the terminal equipment and increase network security.

上述實施例僅為例示性說明,而非用於限制本發明。任何熟習此項技藝之人士均可在不違背本發明之精神及範疇下,對上述實施例進行修飾與改變。因此,本發明之權利保護範圍係由本發明所附之申請專利範圍所定義,只要不影響本發明之效果及實施目的,應涵蓋於此公開技術內容中。 The above-mentioned embodiments are only illustrative descriptions, and are not used to limit the present invention. Anyone who is familiar with this technique can modify and change the above-mentioned embodiments without departing from the spirit and scope of the present invention. Therefore, the scope of protection of the rights of the present invention is defined by the scope of the patent application attached to the present invention. As long as it does not affect the effect and implementation purpose of the present invention, it should be covered in the technical content of this disclosure.

S11-S13:步驟 S11-S13: steps

Claims (9)

一種基於軟體定義網路之網路時間管理方法,係包括:於網路控制器中創立子網路、設定網路服務閘道器以及設定連網時間和超時連網服務之資訊;於終端設備與該網路控制器連線時,令該網路控制器依據該子網路之資訊對該終端設備進行開通,以及將網路傳送規則設定至網路交換器中以供該終端設備使用連網功能,其中,開通之步驟係包括以匯入該終端設備資料或以自動偵測方式,令該終端設備加入創立該子網路時所建立之服務叢集中,以及基於各該終端設備加入之服務叢集以及服務閘道器之參數與連接埠,令該網路控制器依據該終端設備加入之服務叢集開通該終端設備之連網服務,以及產生對應之該網路傳送規則,以設定該網路傳送規則於該網路交換器中;以及令該網路控制器依據該連網時間進行檢測,以於該終端設備處於該連網時間內時,使該終端設備正常使用該連網功能,而於該終端設備處於該連網時間外且設有該超時連網服務時,由網路存取控制系統執行超時處理。 A software-defined network-based network time management method, which includes: creating a subnet in a network controller, setting a network service gateway, and setting information about the connection time and timeout connection service; in the terminal When the device is connected with the network controller, the network controller will enable the terminal device according to the information of the subnet, and set the network transmission rule to the network switch for the terminal device to use Networking function, where the steps of opening include importing the terminal device data or automatically detecting the terminal device to join the service cluster created when the subnet is created, and adding each terminal device based on The service cluster and the parameters and ports of the service gateway enable the network controller to activate the terminal device’s network service based on the service cluster that the terminal device joins, and generate corresponding network transmission rules to set the The network transmission rule is in the network switch; and the network controller is made to detect according to the network time, so that the terminal device can use the network function normally when the terminal device is within the network time , And when the terminal device is outside the network time and the timeout network service is provided, the network access control system executes the timeout process. 如請求項1所述之基於軟體定義網路之網路時間管理方法,其中,該於該網路控制器中創立子網路、設定網路服務閘道器以及設定連網時間和超時連網服務之資訊之步驟,係包括下列子步驟:設定該網路控制器管轄之終端設備的範圍,以成為該子網路;依據該終端設備需連線之該服務閘道器,於該網路控制器中設定該子網路連接至該服務閘道器以及連接至該服務閘道器之參數;創立連網時間服務叢集、超時連網服務叢集、該網路存取控制系統以及設定永久連網服務叢集,其中,該網路存取控制系統用於管控中之該終端設備的連網 功能認證;以及設定該連網時間的時段、該超時連網服務的使用時間以及該網路存取控制系統存取之網路與認證系統。 The software-defined network-based network time management method as described in claim 1, wherein the network controller is to create a subnet, set a network service gateway, and set a network time and a timeout connection The information step of the network service includes the following sub-steps: setting the range of the terminal device under the jurisdiction of the network controller to become the subnet; according to the service gateway that the terminal device needs to connect to, in the network Set the parameters of the subnet connected to the service gateway and connected to the service gateway in the router controller; create a network time service cluster, a timeout network service cluster, the network access control system and settings Permanent network service cluster, where the network access control system is used to control the network connection of the terminal device Functional authentication; and setting the time period of the connection time, the use time of the overtime connection service, and the network and authentication system accessed by the network access control system. 如請求項1所述之基於軟體定義網路之網路時間管理方法,其中,該網路控制器依據該連網時間進行檢測之步驟係包括令該網路控制器定期檢查目前時間是否在設定之該連網時間內,以於該目前時間在該連網時間內時,進一步判斷是否已開通服務,而若該目前時間不在該連網時間內時,則執行該超時處理。 The network time management method based on software-defined network as described in claim 1, wherein the step of the network controller detecting according to the network time includes making the network controller periodically check whether the current time is set During the network connection time, when the current time is within the network connection time, it is further determined whether the service has been activated, and if the current time is not within the network connection time, the timeout process is executed. 如請求項3所述之基於軟體定義網路之網路時間管理方法,其中,該判斷是否已開通服務步驟係包括:令該網路控制器判斷連網時間服務叢集內之終端設備是否已開通過服務,若已通過,則持續定期檢測是否超時,而若未開通,則進行該終端設備之服務開通。 The software-defined network-based network time management method according to claim 3, wherein the step of determining whether the service has been activated includes: enabling the network controller to determine whether the terminal device in the network time service cluster has been activated Through the service, if it has been passed, it will continue to periodically check whether it has timed out, and if it has not been activated, the service of the terminal device will be activated. 如請求項1所述之基於軟體定義網路之網路時間管理方法,其中,該網路存取控制系統執行超時處理之步驟係包括:於該網路控制器設定有該網路存取控制系統及該超時連網服務下,令該終端設備連線至該網路存取控制系統,以由該網路存取控制系統進行認證;以及於該終端設備認證成功後,令該網路控制器開通該終端設備之連網功能,並定時檢測是否達到超時連網時間。 The software-defined network-based network time management method according to claim 1, wherein the step of executing timeout processing by the network access control system includes: setting the network access in the network controller Under the control system and the time-out networking service, the terminal device is connected to the network access control system to be authenticated by the network access control system; and after the terminal device is successfully authenticated, the network The circuit controller activates the network connection function of the terminal device, and regularly detects whether the timeout connection time has been reached. 如請求項5所述之基於軟體定義網路之網路時間管理方法,其中,令該終端設備連線至該網路存取控制系統以由該網路存取控制系統進行認證之步驟,係包括下列子步驟:令該網路控制器清除該終端設備位於該網路交換器之該網路傳送規則;以 及令該網路控制器依據創立該子網路時所設定的附加服務,於該網路交換器中設定連線至該網路存取控制系統的網路傳送規則,以使該終端設備僅能連線至該網路存取控制系統進行認證。 The network time management method based on software-defined network according to claim 5, wherein the step of connecting the terminal device to the network access control system to be authenticated by the network access control system is It includes the following sub-steps: making the network controller clear the network transmission rule of the terminal device located in the network switch; And make the network controller set the network transmission rules connected to the network access control system in the network switch based on the additional services set when the subnet was created, so that the terminal device is only Can connect to the network access control system for authentication. 如請求項5所述之基於軟體定義網路之網路時間管理方法,其中,令該網路控制器開通該終端設備之連網功能之步驟,係包括下列子步驟:令該網路控制器將認證通過之終端設備加入超時連網服務叢集並開通服務,以產生該認證通過之終端設備連線至該服務閘道器的超時網路傳送規則,再傳送該超時網路傳送規則至該網路交換器中,俾使該認證通過之終端設備於該超時連網服務的時間內正常使用該連網功能;以及令該網路控制器持續檢測該超時連網服務叢集內之終端設備超時時間,以於使用時間內,令該認證通過之終端設備繼續使用該連網功能,以及於時間到後,由該網路控制器移除該認證通過之終端設備的該超時網路傳送規則。 The software-defined network-based network time management method according to claim 5, wherein the step of enabling the network controller to enable the network connection function of the terminal device includes the following sub-steps: making the network controller Add the authenticated terminal device to the timeout networking service cluster and activate the service to generate a timeout network transmission rule for the terminal device that has passed the authentication to connect to the service gateway, and then transmit the timeout network transmission rule To the network switch, to enable the terminal device that has passed the authentication to normally use the networking function within the timeout service time; and to make the network controller continue to detect the timeout connection service cluster The terminal device timeout period is to allow the terminal device that has passed the authentication to continue to use the networking function within the use time, and after the time is up, the network controller removes the overtime of the terminal device that has passed the authentication. Time network transmission rules. 如請求項1所述之基於軟體定義網路之網路時間管理方法,復包括利用網路流量檢測工具檢測該網路交換機之連接埠,以於該終端設備在該連網時間或該超時連網服務外仍有超過預定數量之封包持續發送時,判斷該終端設備為異常。 The network time management method based on software-defined network as described in claim 1, which further includes using a network traffic detection tool to detect the port of the network switch, so that the terminal device is in the network time or the timeout If there are still more than a predetermined number of packets that continue to be sent outside the network service, the terminal device is judged to be abnormal. 一種基於軟體定義網路之網路時間管理系統,係包括:伺服器,係用於儲存終端設備之連網時間及超時連網服務之資訊;網路交換器,係用於傳送封包;實體控制器,係用於將網路傳送規則設定至該網路交換器中,且該實體控制器內具有用於定期檢查時間之計時器,其中,該實體控制器於該終端設備與其連 線時依據該子網路之資訊對該終端設備進行開通,以匯入該終端設備資料或以自動偵測方式,令該終端設備加入創立該子網路時所建立之服務叢集中,以及基於各該終端設備加入之服務叢集以及服務閘道器之參數與連接埠,令該網路控制器依據該終端設備加入之服務叢集開通該終端設備之連網服務,以及產生對應之該網路傳送規則,以設定該網路傳送規則於該網路交換器中;以及網路存取控制系統,係用於在該終端設備處於該連網時間外且設有該超時連網服務時,執行該終端設備之連網認證,其中,該計時器用於確認目前時間是否處於該連網時間,以於該目前時間處於該連網時間時,透過該網路交換器傳送該終端設備所發出之封包至該服務閘道器以及透過該網路交換器接收由該服務閘道器所回傳之回應封包,而於該目前時間為該連網時間外且設有該超時連網服務時,經由該網路存取控制系統進行認證,以將新的網路傳送規則紀錄於該伺服器並更新該網路交換器中原本的網路傳送規則,俾使該終端設備發出之封包由該網路交換器傳送。 A network time management system based on a software-defined network, which includes: a server, which is used to store the terminal equipment's network time and timeout service information; a network switch, which is used to transmit packets; and entity The controller is used to set the network transmission rules to the network switch, and the physical controller has a timer for periodically checking the time, wherein the physical controller is connected to the terminal device The terminal device is opened based on the information of the subnet when online, to import the terminal device data or automatically detect the terminal device to join the service cluster created when the subnet is created, and based on The parameters and ports of the service cluster and service gateway that each terminal device joins, so that the network controller activates the terminal device's network service based on the terminal device's joined service cluster, and generates the corresponding network transmission Rules to set the network transmission rules in the network switch; and a network access control system to execute when the terminal device is outside the network time and the timeout network service is set The network authentication of the terminal device, wherein the timer is used to confirm whether the current time is within the network time, so that when the current time is within the network time, the packet sent by the terminal device is transmitted through the network switch To the service gateway and receive the response packet returned by the service gateway through the network switch, and when the current time is outside the network time and the timeout network service is set up, through The network access control system performs authentication to record the new network transmission rules on the server and update the original network transmission rules in the network switch so that the packets sent by the terminal device are transmitted by the network Switch transmission.
TW109139528A 2020-11-12 2020-11-12 Time management system based on software defined network and method thereof TWI730925B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW109139528A TWI730925B (en) 2020-11-12 2020-11-12 Time management system based on software defined network and method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW109139528A TWI730925B (en) 2020-11-12 2020-11-12 Time management system based on software defined network and method thereof

Publications (2)

Publication Number Publication Date
TWI730925B true TWI730925B (en) 2021-06-11
TW202220413A TW202220413A (en) 2022-05-16

Family

ID=77517475

Family Applications (1)

Application Number Title Priority Date Filing Date
TW109139528A TWI730925B (en) 2020-11-12 2020-11-12 Time management system based on software defined network and method thereof

Country Status (1)

Country Link
TW (1) TWI730925B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080064427A1 (en) * 2006-09-11 2008-03-13 Luebke Charles J Wireless communication network, sub-system therefor and method of configuring a non-native network device employing an adapter
US20080209273A1 (en) * 2007-02-28 2008-08-28 Microsoft Corporation Detect User-Perceived Faults Using Packet Traces in Enterprise Networks
TWI353137B (en) * 2007-01-19 2011-11-21
CN103249059A (en) * 2012-02-13 2013-08-14 联想(北京)有限公司 Monitoring method and device and equipment
US20140146679A1 (en) * 2009-06-30 2014-05-29 New Renaissance Technology And Intellectual Property FLOW STATE AWARE MANAGEMENT OF QoS THROUGH DYNAMIC AGGREGATE BANDWIDTH ADJUSTMENTS
WO2020034106A1 (en) * 2018-08-14 2020-02-20 Oppo广东移动通信有限公司 Network access method, terminal device and network device

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080064427A1 (en) * 2006-09-11 2008-03-13 Luebke Charles J Wireless communication network, sub-system therefor and method of configuring a non-native network device employing an adapter
TWI353137B (en) * 2007-01-19 2011-11-21
US20080209273A1 (en) * 2007-02-28 2008-08-28 Microsoft Corporation Detect User-Perceived Faults Using Packet Traces in Enterprise Networks
US20140146679A1 (en) * 2009-06-30 2014-05-29 New Renaissance Technology And Intellectual Property FLOW STATE AWARE MANAGEMENT OF QoS THROUGH DYNAMIC AGGREGATE BANDWIDTH ADJUSTMENTS
CN103249059A (en) * 2012-02-13 2013-08-14 联想(北京)有限公司 Monitoring method and device and equipment
WO2020034106A1 (en) * 2018-08-14 2020-02-20 Oppo广东移动通信有限公司 Network access method, terminal device and network device

Also Published As

Publication number Publication date
TW202220413A (en) 2022-05-16

Similar Documents

Publication Publication Date Title
US9210193B2 (en) System and method for flexible network access control policies in a network environment
US8510803B2 (en) Dynamic network access control method and apparatus
US8001610B1 (en) Network defense system utilizing endpoint health indicators and user identity
US7581249B2 (en) Distributed intrusion response system
US9369299B2 (en) Network access control system and method for devices connecting to network using remote access control methods
US9621553B1 (en) Secure network access control
US9258308B1 (en) Point to multi-point connections
US10938819B2 (en) Poisoning protection for process control switches
CA2570783C (en) Systems, methods and computer-readable media for regulating remote access to a data network
US20070204333A1 (en) Method and apparatus for selectively enforcing network security policies using group identifiers
US20180026987A1 (en) Systems and methods for providing software defined network based dynamic access control in a cloud
EP1956463A2 (en) Method and apparatus for providing network security based on device security status
JP2007500396A (en) System and method for dynamic network policy management
US11258794B2 (en) Device category based authentication
EP3876497A1 (en) Updated compliance evaluation of endpoints
JP4120415B2 (en) Traffic control computer
Pradana et al. The dhcp snooping and dhcp alert method in securing dhcp server from dhcp rogue attack
TWI730925B (en) Time management system based on software defined network and method thereof
US9779222B2 (en) Secure management of host connections
US20100325718A1 (en) Automatic Firewall Configuration
Cisco Configuring Security
TWI692956B (en) Ipv6 accessing management system based on software defined network and method thereof
Allen et al. Internet Authentication Service (IAS)