CN101640634A - Method for controlling network flow - Google Patents
Method for controlling network flow Download PDFInfo
- Publication number
- CN101640634A CN101640634A CN200910081565A CN200910081565A CN101640634A CN 101640634 A CN101640634 A CN 101640634A CN 200910081565 A CN200910081565 A CN 200910081565A CN 200910081565 A CN200910081565 A CN 200910081565A CN 101640634 A CN101640634 A CN 101640634A
- Authority
- CN
- China
- Prior art keywords
- user
- flow control
- user role
- flow
- role
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention provides a method for controlling network flow, comprising: when a user is accessed into the network, the role of the user can be determined; according to the role of the use, the corresponding flow control policy is looked up in a flow control policy list which is preset; and the network flow of the user is controlled by adopting the flow control policy. The method can realize the technical effect of conveniently and flexibility controlling the network flow aiming at the user.
Description
Technical field
The present invention relates to network communication field, in particular to a kind of control method of network traffics.
Background technology
Those skilled in the art adopt flow control technique to solve service traffics assignment problem in the network usually.
At present, the common flow control methods that adopts is based on IP (Internet Protocol, Internet protocol) address and carries out flow control,, gives the corresponding flow control strategy of each IP address configuration in the network, to limit the bandwidth traffic of this IP address that is.
In realizing process of the present invention, the inventor finds, along with the ambulant increase of the network equipment, the IP address of each client may change because of a variety of causes, for example, mobile office, perhaps used DHCP (Dynamic Host Configuration Protocol, dynamic host allocation protocol), so that same user may be corresponding to different IP addresses, and, cause being not easy to network traffics control therefore corresponding to different flow control strategies.
Summary of the invention
The invention provides a kind of method for controlling network flow, can solve the inconvenient technical problem of network traffics control that the same user of correlation technique may cause corresponding to different flow control strategies.
According to an aspect of the present invention, provide a kind of method for controlling network flow, having comprised: when user access network, determined user's user role; From pre-configured flow control Policy List, search the corresponding flow control strategy according to user role; And adopt the flow control strategy that user's network traffics are controlled.
In embodiments of the present invention, by control user's flow according to user role, so overcome in the correlation technique problem of controlling the network traffics control inconvenience that same user that customer flow causes brings corresponding to different flow control strategies constantly in difference based on the IP address, and then reached the technique effect that can carry out network traffics control flexibly and easily.
Description of drawings
Accompanying drawing described herein is used to provide further understanding of the present invention, constitutes the application's a part, and illustrative examples of the present invention and explanation thereof are used to explain the present invention, do not constitute improper qualification of the present invention.In the accompanying drawings:
Fig. 1 shows the flow chart according to the method for controlling network flow of the embodiment of the invention; And
Fig. 2 shows the schematic diagram according to the network traffics control of the embodiment of the invention.
Embodiment
Below with reference to the accompanying drawings and in conjunction with the embodiments, describe the present invention in detail.
Fig. 1 shows the flow chart according to the method for controlling network flow of the embodiment of the invention.
With reference to Fig. 1, may further comprise the steps according to the method for controlling network flow of the embodiment of the invention:
Step S102 when user access network, determines user's user role;
Step S104 searches the corresponding flow control strategy according to user role from pre-configured flow control Policy List; And
Step S106 adopts the flow control strategy that user's network traffics are controlled.
Control user's flow by what come according to user role from pre-configured flow control Policy List, to find corresponding to the flow control strategy of this user role according to the method for controlling network flow of the embodiment of the invention, thereby avoided together flow control strategy and IP address binding, so can overcome in the correlation technique problem of controlling the network traffics control inconvenience that same user that customer flow causes may bring corresponding to different flow control strategies constantly in difference based on the IP address, and then can reach the technique effect that carries out network traffics control flexibly and easily.
Alternatively, also comprise other parameters in this flow control Policy List, so that the network management personnel takes more flexile network traffics control strategy such as interface, application program, source address, destination address.
For example, the IP address of the research and development engineer A of certain company is 10.0.1.0, bandwidth constraints is 4M/s, the IP address of the employee B of market department is 10.0.2.0, bandwidth constraints is 2M/s, some day, A need arrive office temporarily on the station of B, during method for controlling network flow in adopting correlation technique, because the IP address modification of A is the IP address of B, so its bandwidth constraints also becomes 2M/s, and no longer be the 4M/s that it should be corresponding, if A need use the bandwidth of 4M/s, then need the network management personnel to the flow control strategy tabulation make amendment, when A reuses original IP address, need the network management personnel once more the flow control strategy to be tabulated and make amendment.When the method for controlling network flow that adopts according to present embodiment, A only need be on the computer of B re-accessing network, the user role that then can determine A automatically is the research and development engineer, and distributes to the bandwidth of its 4M/s, and does not need the flow control strategy tabulation to make amendment.So the method for controlling network flow according to the embodiment of the invention can bring great convenience to network traffics control.
Preferably, when user access network, determine that user's user role specifically comprises: when user access network, determine user role according to user's user property; Wherein, user property comprises at least one in the following attribute: safe condition and the current time of user name, user's group, IP address, security domain, access way, the employed PC of user, PC that the user uses.
Can be provided with specifically to determine user role according to the actual conditions of this network by the network management personnel according to which parameter in the user property.For example, for the lower network of security requirement, the network management personnel only can be provided with need just can determine user role according to user name, asks higher network for safe, and the network management personnel can be provided with and need determine user role together according to user name and user's security domain.Except that above-mentioned several user properties, also can dispose according to other user properties and determine user role, for example, other roles' of user combination.Alternatively, can be the user's distributing user role who inserts directly as required also by the network management personnel.
Preferably, the flow control Policy List comprises: a plurality of user roles and each user role be the corresponding flow control strategy respectively.
This flow control Policy List is the tabulation of a static state, is disposed by the network management personnel.Realize network traffics control strategy according to the method for controlling network flow of the embodiment of the invention by in the flow control Policy List, introducing user role based on user role, to reach the purpose that the user with a kind of user role is realized network traffics control, thereby can avoid the network traffics control inconvenience that causes when changing, to reach the technique effect of being convenient to network traffics control in the IP address.
Preferably, before from pre-configured flow control Policy List, searching the corresponding flow control strategy, also comprise: set up the user role tabulation according to user role; And user's IP address and user's user role is inserted in the user role tabulation.
The tabulation of this user role is a dynamic tabulation, wherein, by the network management personnel pre-configured a plurality of user roles.When in the new user access network, according to configuration in advance, distribute one or more roles to the user, user's IP address that newly inserts and the role who is had thereof are inserted in the user role tabulation as a new list item, so that search the user role of data flow correspondence, data flow is taked corresponding flow control strategy.Alternatively, the user role tabulation can also comprise other attributes of user.
Preferably, searching the corresponding flow control strategy according to user role from pre-configured flow control Policy List specifically comprises: set up in the process in data flow, search the user role of data flow correspondence according to the IP address in the data flow from the user role tabulation; And from the flow control Policy List, search the corresponding flow control strategy according to the pairing user role of data flow.
Data flow in network is set up in the process, the source address that can carry according to the IP heading of data flow or destination address come to search the user role of this data flow correspondence from the user role tabulation, from the flow control Policy List, search the corresponding flow control strategy according to this user role then, to reach the purpose of carrying out flow control according to user role.
Preferably, before from pre-configured flow control Policy List, searching the corresponding flow control strategy, also comprise: set up the user role tabulation according to user role; And user's IP address and security domain and user's user role is inserted in the user role tabulation.
During respective user list item in user's IP address and security domain being inserted into the user role tabulation, the user role tabulation comprises User IP at least, security domain and corresponding user role are so that by coming the user role of inquiring user correspondence in conjunction with IP address and security domain.Searching the user by the IP address is combined with security domain, can be this distribution of flows flow control strategy more accurately.Alternatively, the user role tabulation can also comprise other attributes of user.
Preferably, searching the corresponding flow control strategy according to user role from pre-configured flow control Policy List specifically comprises: set up in the process in data flow, search the user role of data flow correspondence according to IP address in the data flow and security domain from the user role tabulation; And from the flow control Policy List, search the corresponding flow control strategy according to the pairing user role of data flow.
Data flow in network is set up in the process, can come from the user role tabulation, to search the user role of this data flow correspondence according to IP address and security domain information that data flow is carried, from the flow control Policy List, search the corresponding flow control strategy according to this user role then, searching the user by the IP address is combined with security domain, can be this distribution of flows flow control strategy more accurately.
Preferably, before from pre-configured flow control Policy List, searching the corresponding flow control strategy, also comprise: set up the user role tabulation according to user role; And user's IP address and access way and user's user role is inserted in the user role tabulation.
In the time of in the respective user list item in user's IP address and access way being inserted into the user role tabulation, the user role tabulation comprises User IP at least, access way and corresponding user role are so that by coming the user role of inquiring user correspondence in conjunction with IP address and access way.Searching the user by the IP address is combined with access way, can be this distribution of flows flow control strategy more accurately.Alternatively, the user role tabulation can also comprise other attributes of user.
Preferably, searching the corresponding flow control strategy according to user role from pre-configured flow control Policy List specifically comprises: set up in the process in data flow, search the user role of data flow correspondence according to IP address in the data flow and access way from the user role tabulation; And from the flow control Policy List, search the corresponding flow control strategy according to the pairing user role of data flow.
Data flow in network is set up in the process, can come from the user role tabulation, to search the user role of this data flow correspondence according to IP address and access way that data flow is carried, from the flow control Policy List, search the corresponding flow control strategy according to this user role then, searching the user by the IP address is combined with access way, can be this distribution of flows flow control strategy more accurately.
Alternatively, also can as the case may be user's IP address be searched user role in conjunction with security domain and access way simultaneously, search more accurately with realization.
Preferably, above-mentioned user supports a plurality of user roles.
Also support a user to have the situation of a plurality of user roles according to the method for controlling network flow of the embodiment of the invention.When a certain user has a plurality of user role simultaneously, its network traffics control strategy that adopts is depended on priority between each user role that the network management personnel disposes in the flow control Policy List, comprehensively the priority between a plurality of user roles that have according to this user is taked corresponding flow control.
In addition, because user role is relevant with the current time,, search the corresponding flow control strategy according to this user role then so can also in user list, search user role in conjunction with the current time according to the IP address in the data flow.
Behind the method for controlling network flow that has adopted according to the embodiment of the invention, the network management personnel only need dispose the tabulation of traffic management Policy List and user role, just can realize traffic management, thereby can reach the technique effect that carries out network traffics control easily and flexibly at user role.
Fig. 2 shows the schematic diagram according to the network traffics control of the embodiment of the invention.
As shown in Figure 2, the switch of a company is supported the 802.1x authentication, and behind authentification of user, system gives these user's type ascribed roles according to user's department.Role (department) according to the user determines the bandwidth that they surf the Net then.Its flow control strategy is as shown in table 1:
Table 1 flow control Policy List
| The role | Interface | Source address | Destination address | Use | The flow control strategy |
| Research and development department | ??e0/0 | ??Any | ??Any | ??Any | Every IP bandwidth constraints 2Mbps |
| Market department | ??e0/0 | ??Any | ??Any | ??Any | Every IP bandwidth constraints 1Mbps |
| ??Any | ??e0/0 | ??Any | ??Any | A sudden peal of thunder | Restriction 10Mbps |
| ??VP | ??e0/1 | ??Any | ??Any | ??Any | High priority |
For engineer (Engineers), system has set up the maximum bandwidth of a 2Mbps to everyone; To market department (Marketing), system has set up the maximum bandwidth of a 1Mbps to everyone; To everyone, the total bandwidth of a sudden peal of thunder can not surpass 10Mbps; The VP of company is on another port e0/1, and flow has high priority.
In addition, role that only need each traffic policy is set to " Any ", promptly mates all user roles, according to the method for controlling network flow of present embodiment just can realize with correlation technique in the traffic policy compatibility.The role is that the flow control strategy of " Any " is degenerated to general traffic policy.
Method for controlling network flow according to present embodiment combines the network traffics control strategy that user role, interface, source address, destination address and application program decide each user, so can realize the convenient, flexible technique effect that network traffics are controlled.
As can be seen from the above description, the above embodiments of the present invention are carried out network traffics control according to user role, thereby have realized the technique effect of easily and flexibly network traffics being controlled.
Obviously, those skilled in the art should be understood that, above-mentioned each module of the present invention or each step can realize with the general calculation device, they can concentrate on the single calculation element, perhaps be distributed on the network that a plurality of calculation element forms, alternatively, they can be realized with the executable program code of calculation element, thereby, they can be stored in the storage device and carry out by calculation element, perhaps they are made into each integrated circuit modules respectively, perhaps a plurality of modules in them or step are made into the single integrated circuit module and realize.Like this, the present invention is not restricted to any specific hardware and software combination.
The above is the preferred embodiments of the present invention only, is not limited to the present invention, and for a person skilled in the art, the present invention can have various changes and variation.Within the spirit and principles in the present invention all, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (10)
1. a method for controlling network flow is characterized in that, comprising:
When user access network, determine described user's user role;
From pre-configured flow control Policy List, search the corresponding flow control strategy according to described user role; And
Adopt described flow control strategy that described user's network traffics are controlled.
2. method for controlling network flow according to claim 1 is characterized in that, when user access network, determines that described user's user role specifically comprises:
When user access network, determine described user role according to described user's user property;
Wherein, described user property comprises at least one in the following attribute: safe condition and the current time of user name, user's group, IP address, security domain, access way, the employed PC of user, PC that the user uses.
3. method for controlling network flow according to claim 2 is characterized in that, described flow control Policy List comprises: a plurality of user roles and each described user role be the corresponding flow control strategy respectively.
4. method for controlling network flow according to claim 3 is characterized in that, also comprises before searching the corresponding flow control strategy according to described user role from pre-configured flow control Policy List:
Set up the user role tabulation; And
Described user's IP address and described user's user role is inserted in the described user role tabulation.
5. method for controlling network flow according to claim 4 is characterized in that, searches the corresponding flow control strategy according to described user role from pre-configured flow control Policy List and specifically comprises:
Set up in the process in data flow, from described user role tabulation, search the user role of described data flow correspondence according to the IP address in the described data flow; And
From described flow control Policy List, search the corresponding flow control strategy according to the pairing user role of described data flow.
6. method for controlling network flow according to claim 3 is characterized in that, also comprises before searching the corresponding flow control strategy according to described user role from pre-configured flow control Policy List:
Set up the user role tabulation; And
Described user's IP address and security domain and described user's user role is inserted in the described user role tabulation.
7. method for controlling network flow according to claim 6 is characterized in that, searches the corresponding flow control strategy according to described user role from pre-configured flow control Policy List and specifically comprises:
Set up in the process in data flow, from described user role tabulation, search the user role of described data flow correspondence according to IP address in the described data flow and security domain; And
From described flow control Policy List, search the corresponding flow control strategy according to the pairing user role of described data flow.
8. method for controlling network flow according to claim 3 is characterized in that, also comprises before searching the corresponding flow control strategy according to described user role from pre-configured flow control Policy List:
Set up the user role tabulation; And
Described user's IP address and access way and described user's user role is inserted in the described user role tabulation.
9. method for controlling network flow according to claim 8 is characterized in that, searches the corresponding flow control strategy according to described user role from pre-configured flow control Policy List and specifically comprises:
Set up in the process in data flow, from described user role tabulation, search the user role of described data flow correspondence according to IP address in the described data flow and access way; And
From described flow control Policy List, search the corresponding flow control strategy according to the pairing user role of described data flow.
10. according to each described method for controlling network flow among the claim 1-9, it is characterized in that described user supports a plurality of user roles.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100815656A CN101640634B (en) | 2009-04-13 | 2009-04-13 | Method for controlling network flow |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100815656A CN101640634B (en) | 2009-04-13 | 2009-04-13 | Method for controlling network flow |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101640634A true CN101640634A (en) | 2010-02-03 |
| CN101640634B CN101640634B (en) | 2012-02-15 |
Family
ID=41615437
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009100815656A Active CN101640634B (en) | 2009-04-13 | 2009-04-13 | Method for controlling network flow |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101640634B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103731363A (en) * | 2014-01-15 | 2014-04-16 | 网神信息技术(北京)股份有限公司 | Internet flow control method and device |
| CN103973591A (en) * | 2014-06-04 | 2014-08-06 | 浪潮电子信息产业股份有限公司 | Solution method for intelligent network traffic congestion |
| CN104601486A (en) * | 2013-10-30 | 2015-05-06 | 阿里巴巴集团控股有限公司 | Method and device for shunt of network flow |
| CN104852862A (en) * | 2015-05-28 | 2015-08-19 | 杭州华三通信技术有限公司 | Method and device for limiting speed of network |
| CN106549793A (en) * | 2015-09-23 | 2017-03-29 | 华为技术有限公司 | Flow control methods and equipment |
| WO2024007552A1 (en) * | 2022-07-04 | 2024-01-11 | 中国电信股份有限公司 | Traffic policy allocation method and apparatus, and storage medium and electronic device |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1783866B (en) * | 2004-11-29 | 2010-12-08 | 中兴通讯股份有限公司 | Method for realizing end-to-end QoS of centralized bandwidth agent |
-
2009
- 2009-04-13 CN CN2009100815656A patent/CN101640634B/en active Active
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104601486A (en) * | 2013-10-30 | 2015-05-06 | 阿里巴巴集团控股有限公司 | Method and device for shunt of network flow |
| CN103731363A (en) * | 2014-01-15 | 2014-04-16 | 网神信息技术(北京)股份有限公司 | Internet flow control method and device |
| CN103731363B (en) * | 2014-01-15 | 2019-03-01 | 网神信息技术(北京)股份有限公司 | Internet traffic control method and device |
| CN103973591A (en) * | 2014-06-04 | 2014-08-06 | 浪潮电子信息产业股份有限公司 | Solution method for intelligent network traffic congestion |
| CN104852862A (en) * | 2015-05-28 | 2015-08-19 | 杭州华三通信技术有限公司 | Method and device for limiting speed of network |
| CN104852862B (en) * | 2015-05-28 | 2018-08-24 | 新华三技术有限公司 | A kind of network speed limit method and device |
| CN106549793A (en) * | 2015-09-23 | 2017-03-29 | 华为技术有限公司 | Flow control methods and equipment |
| WO2017050112A1 (en) * | 2015-09-23 | 2017-03-30 | 华为技术有限公司 | Flow control method and equipment |
| CN106549793B (en) * | 2015-09-23 | 2020-08-07 | 华为技术有限公司 | Flow control method and device |
| US10742685B2 (en) | 2015-09-23 | 2020-08-11 | Huawei Technologies Co., Ltd. | Flow control method and device |
| WO2024007552A1 (en) * | 2022-07-04 | 2024-01-11 | 中国电信股份有限公司 | Traffic policy allocation method and apparatus, and storage medium and electronic device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101640634B (en) | 2012-02-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101640634B (en) | Method for controlling network flow | |
| CN102111318B (en) | Method for distributing virtual local area network resource and switch | |
| CN102882758B (en) | Method, network side equipment and the data center apparatus of virtual private cloud access network | |
| CN103379184B (en) | The method and system of Network access | |
| CN101364889B (en) | Method for multicast user quick access | |
| CN104185192B (en) | The access method and relevant device of a kind of management equipment | |
| CN101692652A (en) | Method for preventing interrupt of traffics in aggregation link | |
| CN105099898A (en) | PPPOE (point-to-point protocol over Ethernet) message forwarding method and BRAS (broadband remote access server) | |
| CN105939267B (en) | Outband management method and device | |
| CN102316416A (en) | Access method for terminal and wireless communication network | |
| CN106936683A (en) | A kind of method and device for realizing tunnel configuration | |
| CN104301247A (en) | Method and device for load balancing of PPPOE access equipment | |
| CN101640608A (en) | Network action monitoring method | |
| CN102158565B (en) | A kind of method and system for remote equipment configuration of IP address | |
| CN106059916A (en) | Route injection method and route injection device | |
| JP5164744B2 (en) | Communication network system and bandwidth control method for inter-base communication | |
| CN101754277A (en) | Method for selecting access gateway and control node of access gateway | |
| US20170034739A1 (en) | Method and device for processing to share network resources, and method, device and system for sharing network resources | |
| CN104702591A (en) | Method and system for penetrating through firewall based on port forwarding multiplexing technology | |
| CN103209107A (en) | Method for realizing user access control | |
| CN106209634B (en) | Learning method and device of address mapping relation | |
| CN101640678A (en) | Network connection digital control method | |
| CN103442098B (en) | A kind of method, system and server distributing virtual IP address address | |
| CN102497402B (en) | Content injection method and system thereof, and content delivery method and system thereof | |
| CN102271070A (en) | Method and system for transmitting service data based on personal network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: HILLSTONE NETWORKS COMMUNICATION TECHNOLOGY CO., L Free format text: FORMER OWNER: HILLSTONE NETWORKS (BEIJING) INC. Effective date: 20131219 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 100085 HAIDIAN, BEIJING TO: 215163 SUZHOU, JIANGSU PROVINCE |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20131219 Address after: Suzhou City, Jiangsu province 215163 Suzhou high tech Industrial Development Zone, kolding Road No. 78 Su Gaoxin Software Park Building 7 layer 3 Patentee after: HILLSTONE NETWORKS Address before: 100085 Beijing city Haidian District on the seven Street No. 1 Huizhong 3 storey building Patentee before: Hillstone Networks Communication Technology (Beijing) Co., Ltd. |
|
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 215163 No. 181 Jingrun Road, Suzhou High-tech Zone, Jiangsu Province Patentee after: SHANSHI NETWORK COMMUNICATION TECHNOLOGY CO., LTD. Address before: 215163 3rd Floor, 7th Building, No. 78 Keling Road, Suzhou High-tech Industrial Development Zone, Suzhou City, Jiangsu Province Patentee before: HILLSTONE NETWORKS |