CN101640634B - Method for controlling network flow - Google Patents
Method for controlling network flow Download PDFInfo
- Publication number
- CN101640634B CN101640634B CN2009100815656A CN200910081565A CN101640634B CN 101640634 B CN101640634 B CN 101640634B CN 2009100815656 A CN2009100815656 A CN 2009100815656A CN 200910081565 A CN200910081565 A CN 200910081565A CN 101640634 B CN101640634 B CN 101640634B
- Authority
- CN
- China
- Prior art keywords
- user
- flow control
- role
- user role
- control strategy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a method for controlling network flow, comprising: when a user is accessed into the network, the role of the user can be determined; according to the role of the use, the corresponding flow control policy is looked up in a flow control policy list which is preset; and the network flow of the user is controlled by adopting the flow control policy. The method can realize the technical effect of conveniently and flexibility controlling the network flow aiming at the user.
Description
Technical field
The present invention relates to network communication field, in particular to a kind of control method of network traffics.
Background technology
Those skilled in the art adopt flow control technique to solve the service traffics assignment problem in the network usually.
At present, the flow control methods that adopts usually is based on IP (Internet Protocol, Internet protocol) address and carries out flow control,, gives the corresponding flow control strategy of each IP address configuration in the network, to limit the bandwidth traffic of this IP address that is.
In realizing process of the present invention, the inventor finds, along with the ambulant increase of the network equipment; The IP address of each client possibly change because of a variety of causes, for example, and mobile office; Perhaps used DHCP (Dynamic Host Configuration Protocol, dynamic host allocation protocol), so that same user maybe be corresponding to different IP addresses; And, cause being not easy to network traffics control therefore corresponding to different flow control strategies.
Summary of the invention
The invention provides a kind of method for controlling network flow, can solve the inconvenient technical problem of network traffics control that the same user of correlation technique possibly cause corresponding to different flow control strategies.
According to an aspect of the present invention, a kind of method for controlling network flow is provided, has comprised: when user access network, confirmed user's user role; From pre-configured flow control Policy List, search the corresponding flow control strategy according to user role; And adopt the flow control strategy that user's network traffics are controlled.
In embodiments of the present invention; Through control user's flow according to user role; So overcome in the correlation technique problem of controlling the network traffics control inconvenience that same user that customer flow causes brings corresponding to different flow control strategies in difference constantly based on the IP address, and then reached the technique effect that can carry out network traffics control flexibly and easily.
Description of drawings
Accompanying drawing described herein is used to provide further understanding of the present invention, constitutes the application's a part, and illustrative examples of the present invention and explanation thereof are used to explain the present invention, do not constitute improper qualification of the present invention.In the accompanying drawings:
Fig. 1 shows the flow chart according to the method for controlling network flow of the embodiment of the invention; And
Fig. 2 shows the sketch map according to the network traffics control of the embodiment of the invention.
Embodiment
Below with reference to accompanying drawing and combine embodiment, specify the present invention.
Fig. 1 shows the flow chart according to the method for controlling network flow of the embodiment of the invention.
With reference to Fig. 1, may further comprise the steps according to the method for controlling network flow of the embodiment of the invention:
Step S102 when user access network, confirms user's user role;
Step S104 searches the corresponding flow control strategy according to user role from pre-configured flow control Policy List; And
Step S106 adopts the flow control strategy that user's network traffics are controlled.
Control user's flow through what come according to user role from pre-configured flow control Policy List, to find corresponding to the flow control strategy of this user role according to the method for controlling network flow of the embodiment of the invention; Thereby avoided together flow control strategy and IP address binding; So can overcome in the correlation technique problem of controlling the network traffics control inconvenience that same user that customer flow causes possibly bring corresponding to different flow control strategies in difference constantly based on the IP address, and then can reach the technique effect that carries out network traffics control flexibly and easily.
Alternatively, also comprise other parameters in this flow control Policy List, so that the network management personnel takes more flexile network traffics control strategy such as interface, application program, source address, destination address.
For example, the IP address of the research and development engineer A of certain company is 10.0.1.0, and bandwidth constraints is 4M/s; The IP address of the employee B of market department is 10.0.2.0, and bandwidth constraints is 2M/s, some day; A need arrive office temporarily on the station of B, during method for controlling network flow in adopting correlation technique, because the IP address modification of A is the IP address of B; So its bandwidth constraints also becomes 2M/s, and no longer be the 4M/s that it should be corresponding, if A need use the bandwidth of 4M/s; Then need the network management personnel that the flow control strategy is tabulated and make amendment, when A reuses original IP address, need the network management personnel once more the flow control strategy to be tabulated and make amendment.When the method for controlling network flow that adopts according to present embodiment; A only need be on the computer of B re-accessing network; The user role that then can confirm A automatically is the research and development engineer, and distributes to the bandwidth of its 4M/s, and need not make amendment to the tabulation of flow control strategy.So the method for controlling network flow according to the embodiment of the invention can bring great convenience to network traffics control.
Preferably, when user access network, confirm that user's user role specifically comprises: when user access network, confirm user role according to user's user property; Wherein, user property comprises at least one in the following attribute: safe condition and the current time of user name, user's group, IP address, security domain, access way, the employed PC of user, PC that the user uses.
Can be provided with specifically to confirm user role according to the actual conditions of this network by the network management personnel according to which parameter in the user property.For example; For the lower network of security requirement; The network management personnel only can be provided with need just can confirm user role according to user name, asks higher network for safe, and the network management personnel can be provided with and need confirm user role together according to user name and user's security territory.Except that above-mentioned several kinds of user properties, also can dispose according to other user properties and confirm user role, for example, other roles' of user combination.Alternatively, can be the user's distributing user role who inserts directly as required also by the network management personnel.
Preferably, the flow control Policy List comprises: a plurality of user roles and each user role be the corresponding flow control strategy respectively.
This flow control Policy List is the tabulation of a static state, is disposed by the network management personnel.Method for controlling network flow according to the embodiment of the invention is realized the network traffics control strategy based on user role through in the flow control Policy List, introducing user role; To reach the purpose that the user with a kind of user role is realized network traffics control; Thereby can avoid the network traffics control inconvenience that causes when changing, to reach the technique effect of being convenient to network traffics control in the IP address.
Preferably, from pre-configured flow control Policy List, search the corresponding flow control strategy according to user role before, also comprise: set up the user role tabulation; And user's IP address and user's user role is inserted in the user role tabulation.
The tabulation of this user role is a dynamic tabulation, wherein, by the network management personnel pre-configured a plurality of user roles.When in the new user access network; According to configuration in advance; Distribute one or more roles to the user; The user's IP address of access newly and the role who is had thereof are inserted in the user role tabulation as a new list item, so that search the corresponding user role of data flow, data flow is taked corresponding flow control strategy.Alternatively, the user role tabulation can also comprise other attributes of user.
Preferably; From pre-configured flow control Policy List, searching the corresponding flow control strategy according to user role specifically comprises: set up in the process in data flow, from the user role tabulation, search the corresponding user role of data flow according to the IP address in the data flow; And from the flow control Policy List, search the corresponding flow control strategy according to the pairing user role of data flow.
Data flow in network is set up in the process; The source address that can carry according to the IP heading of data flow or destination address come from the user role tabulation, to search the corresponding user role of this data flow; From the flow control Policy List, search the corresponding flow control strategy according to this user role then, to reach the purpose of carrying out flow control according to user role.
Preferably, from pre-configured flow control Policy List, search the corresponding flow control strategy according to user role before, also comprise: set up the user role tabulation; And user's IP address and security domain and user's user role is inserted in the user role tabulation.
During respective user list item in user's IP address and security domain being inserted into the user role tabulation; The user role tabulation comprises User IP at least; Security domain and corresponding user role are so that through combining IP address and security domain to come the corresponding user role of inquiring user.Through the IP address is combined to search the user with security domain, can be this distribution of flows flow control strategy more accurately.Alternatively, the user role tabulation can also comprise other attributes of user.
Preferably; From pre-configured flow control Policy List, searching the corresponding flow control strategy according to user role specifically comprises: set up in the process in data flow, from the user role tabulation, search the corresponding user role of data flow according to IP address in the data flow and security domain; And from the flow control Policy List, search the corresponding flow control strategy according to the pairing user role of data flow.
Data flow in network is set up in the process; Can come from the user role tabulation, to search the corresponding user role of this data flow according to IP address and security domain information that data flow is carried; From the flow control Policy List, search the corresponding flow control strategy according to this user role then; Through the IP address is combined to search the user with security domain, can be this distribution of flows flow control strategy more accurately.
Preferably, from pre-configured flow control Policy List, search the corresponding flow control strategy according to user role before, also comprise: set up the user role tabulation; And user's IP address and access way and user's user role is inserted in the user role tabulation.
In the time of in the respective user list item in user's IP address and access way being inserted into the user role tabulation; The user role tabulation comprises User IP at least; Access way and corresponding user role are so that through combining IP address and access way to come the corresponding user role of inquiring user.Through the IP address is combined to search the user with access way, can be this distribution of flows flow control strategy more accurately.Alternatively, the user role tabulation can also comprise other attributes of user.
Preferably; From pre-configured flow control Policy List, searching the corresponding flow control strategy according to user role specifically comprises: set up in the process in data flow, from the user role tabulation, search the corresponding user role of data flow according to IP address in the data flow and access way; And from the flow control Policy List, search the corresponding flow control strategy according to the pairing user role of data flow.
Data flow in network is set up in the process; Can come from the user role tabulation, to search the corresponding user role of this data flow according to IP address and access way that data flow is carried; From the flow control Policy List, search the corresponding flow control strategy according to this user role then; Through the IP address is combined to search the user with access way, can be this distribution of flows flow control strategy more accurately.
Alternatively, also can combine security domain and access way to search user role simultaneously user's IP address as the case may be, search more accurately with realization.
Preferably, above-mentioned user supports a plurality of user roles.
Also support a user to have the situation of a plurality of user roles according to the method for controlling network flow of the embodiment of the invention.When a certain user has a plurality of user role simultaneously; Its network traffics control strategy that adopts is depended on the priority between each user role that the network management personnel disposes in the flow control Policy List, the priority between a plurality of user roles that comprehensively have according to this user is taked corresponding flow control.
In addition, because user role is relevant with the current time,, search the corresponding flow control strategy according to this user role then so can also combine the current time in user list, to search user role according to the IP address in the data flow.
Behind the method for controlling network flow that has adopted according to the embodiment of the invention; The network management personnel only need dispose the tabulation of traffic management Policy List and user role; Just can realize traffic management, thereby can reach the technique effect that carries out network traffics control easily and flexibly to user role.
Fig. 2 shows the sketch map according to the network traffics control of the embodiment of the invention.
As shown in Figure 2, the switch of a company is supported the 802.1x authentication, and behind authentification of user, system gives these user's type ascribed roles according to user's department.Role (department) according to the user determines the bandwidth that they surf the Net then.Its flow control strategy is as shown in table 1:
Table 1 flow control Policy List
| The role | Interface | Source address | Destination address | Use | The flow control strategy |
| Research and development department | e0/0 | Any | Any | Any | Every IP bandwidth constraints 2Mbps |
| Market department | e0/0 | Any | Any | Any | Every IP bandwidth constraints 1Mbps |
| Any | e0/0 | Any | Any | A sudden peal of thunder | Restriction 10Mbps |
| VP | e0/1 | Any | Any | Any | High priority |
For engineer (Engineers), system has set up the maximum bandwidth of a 2Mbps to everyone; To market department (Marketing), system has set up the maximum bandwidth of a 1Mbps to everyone; To everyone, the total bandwidth of a sudden peal of thunder can not surpass 10Mbps; The VP of company is on another port e0/1, and flow has high priority.
In addition, role that only need each traffic policy is set to " Any ", promptly matees all user roles, according to the method for controlling network flow of present embodiment just can realize with correlation technique in the traffic policy compatibility.The role is that the flow control strategy of " Any " is degenerated to general traffic policy.
Method for controlling network flow according to present embodiment has combined user role, interface, source address, destination address and application program to decide each user's network traffics control strategy, so can realize the convenient, flexible technique effect that network traffics are controlled.
From above description, can find out that the above embodiments of the present invention are carried out network traffics control according to user role, thereby have realized the technique effect of easily and flexibly network traffics being controlled.
Obviously, it is apparent to those skilled in the art that above-mentioned each module of the present invention or each step can realize with the general calculation device; They can concentrate on the single calculation element; Perhaps be distributed on the network that a plurality of calculation element forms, alternatively, they can be realized with the executable program code of calculation element; Thereby; Can they be stored in the storage device and carry out, perhaps they are made into each integrated circuit modules respectively, perhaps a plurality of modules in them or step are made into the single integrated circuit module and realize by calculation element.Like this, the present invention is not restricted to any specific hardware and software combination.
The above is merely the preferred embodiments of the present invention, is not limited to the present invention, and for a person skilled in the art, the present invention can have various changes and variation.All within spirit of the present invention and principle, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (8)
1. a method for controlling network flow is characterized in that, comprising:
When user access network, confirm said user's user role;
From pre-configured flow control Policy List, search the corresponding flow control strategy according to said user role; And
Adopt said flow control strategy that said user's network traffics are controlled,
Wherein, when user access network, confirm that said user's user role specifically comprises:
When user access network, confirm said user role according to said user's user property;
Wherein, said user property comprises at least one in the following attribute: safe condition and the current time of security domain, access way, the employed PC of user, PC that the user uses,
Wherein, said flow control Policy List comprises: a plurality of user roles and each said user role be the corresponding flow control strategy respectively,
Wherein, from pre-configured flow control Policy List, search the corresponding flow control strategy according to said user role before, also comprise:
Set up the user role tabulation; And
Said user's IP address and said user's user role is inserted in the said user role tabulation.
2. method for controlling network flow according to claim 1 is characterized in that, said user property also comprises at least one in the following attribute: user name, user's group.
3. method for controlling network flow according to claim 1 is characterized in that, from pre-configured flow control Policy List, searches the corresponding flow control strategy according to said user role and specifically comprises:
Set up in the process in data flow, from said user role tabulation, search the corresponding user role of said data flow according to the IP address in the said data flow; And
From said flow control Policy List, search the corresponding flow control strategy according to the pairing user role of said data flow.
4. method for controlling network flow according to claim 1 is characterized in that, from pre-configured flow control Policy List, searches the corresponding flow control strategy according to said user role and specifically comprises:
Set up in the process in data flow, from said user role tabulation, search the corresponding user role of said data flow according to IP address in the said data flow and security domain;
And
From said flow control Policy List, search the corresponding flow control strategy according to the pairing user role of said data flow.
5. method for controlling network flow according to claim 1 is characterized in that, from pre-configured flow control Policy List, searches the corresponding flow control strategy according to said user role and specifically comprises:
Set up in the process in data flow, from said user role tabulation, search the corresponding user role of said data flow according to IP address in the said data flow and access way; And
From said flow control Policy List, search the corresponding flow control strategy according to the pairing user role of said data flow.
6. according to each described method for controlling network flow among the claim 1-5, it is characterized in that said user supports a plurality of user roles.
7. a method for controlling network flow is characterized in that, comprising:
When user access network, confirm said user's user role;
From pre-configured flow control Policy List, search the corresponding flow control strategy according to said user role; And
Adopt said flow control strategy that said user's network traffics are controlled,
Wherein, when user access network, confirm that said user's user role specifically comprises:
When user access network, confirm said user role according to said user's user property;
Wherein, said user property comprises at least one in the following attribute: safe condition and the current time of security domain, access way, the employed PC of user, PC that the user uses,
Wherein, said flow control Policy List comprises: a plurality of user roles and each said user role be the corresponding flow control strategy respectively,
Wherein, from pre-configured flow control Policy List, search the corresponding flow control strategy according to said user role before, also comprise:
Set up the user role tabulation; And
Said user's IP address and security domain and said user's user role is inserted in the said user role tabulation.
8. a method for controlling network flow is characterized in that, comprising:
When user access network, confirm said user's user role;
From pre-configured flow control Policy List, search the corresponding flow control strategy according to said user role; And
Adopt said flow control strategy that said user's network traffics are controlled,
Wherein, when user access network, confirm that said user's user role specifically comprises:
When user access network, confirm said user role according to said user's user property;
Wherein, said user property comprises at least one in the following attribute: safe condition and the current time of security domain, access way, the employed PC of user, PC that the user uses,
Wherein, said flow control Policy List comprises: a plurality of user roles and each said user role be the corresponding flow control strategy respectively,
Wherein, from pre-configured flow control Policy List, search the corresponding flow control strategy according to said user role before, also comprise:
Set up the user role tabulation; And
Said user's IP address and access way and said user's user role is inserted in the said user role tabulation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100815656A CN101640634B (en) | 2009-04-13 | 2009-04-13 | Method for controlling network flow |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100815656A CN101640634B (en) | 2009-04-13 | 2009-04-13 | Method for controlling network flow |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101640634A CN101640634A (en) | 2010-02-03 |
| CN101640634B true CN101640634B (en) | 2012-02-15 |
Family
ID=41615437
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009100815656A Active CN101640634B (en) | 2009-04-13 | 2009-04-13 | Method for controlling network flow |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101640634B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104601486A (en) * | 2013-10-30 | 2015-05-06 | 阿里巴巴集团控股有限公司 | Method and device for shunt of network flow |
| CN103731363B (en) * | 2014-01-15 | 2019-03-01 | 网神信息技术(北京)股份有限公司 | Internet traffic control method and device |
| CN103973591A (en) * | 2014-06-04 | 2014-08-06 | 浪潮电子信息产业股份有限公司 | Solution method for intelligent network traffic congestion |
| CN104852862B (en) * | 2015-05-28 | 2018-08-24 | 新华三技术有限公司 | A kind of network speed limit method and device |
| CN106549793B (en) * | 2015-09-23 | 2020-08-07 | 华为技术有限公司 | Flow control method and device |
| CN117395545A (en) * | 2022-07-04 | 2024-01-12 | 中国电信股份有限公司 | Traffic policy distribution method and device, storage medium and electronic equipment |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1783866A (en) * | 2004-11-29 | 2006-06-07 | 中兴通讯股份有限公司 | Method for realizing end-to-end QoS of centralized bandwidth agent |
-
2009
- 2009-04-13 CN CN2009100815656A patent/CN101640634B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1783866A (en) * | 2004-11-29 | 2006-06-07 | 中兴通讯股份有限公司 | Method for realizing end-to-end QoS of centralized bandwidth agent |
Non-Patent Citations (1)
| Title |
|---|
| 梁根.基于角色流量管理和个性化带宽分配应用研究.《计算机工程与设计》.2009,(第4期),865-868,872. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101640634A (en) | 2010-02-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101640634B (en) | Method for controlling network flow | |
| CN103379184B (en) | The method and system of Network access | |
| CN104185192B (en) | The access method and relevant device of a kind of management equipment | |
| CN110324159B (en) | Link configuration method, controller and storage medium | |
| CN101364889B (en) | Method for multicast user quick access | |
| CN103200094A (en) | Method for achieving gateway dynamic load distribution | |
| CN102316416A (en) | Access method for terminal and wireless communication network | |
| CN105099898A (en) | PPPOE (point-to-point protocol over Ethernet) message forwarding method and BRAS (broadband remote access server) | |
| CN105939267B (en) | Outband management method and device | |
| CN105142189B (en) | The roam control method and device of website | |
| CN103313308A (en) | Data transmission method and device | |
| CN106936683A (en) | A kind of method and device for realizing tunnel configuration | |
| CN104301247A (en) | Method and device for load balancing of PPPOE access equipment | |
| JP5164744B2 (en) | Communication network system and bandwidth control method for inter-base communication | |
| CN101754277A (en) | Method for selecting access gateway and control node of access gateway | |
| CN104702591A (en) | Method and system for penetrating through firewall based on port forwarding multiplexing technology | |
| CN106257865A (en) | Device management method, Apparatus and system | |
| CN103442098B (en) | A kind of method, system and server distributing virtual IP address address | |
| CN101640678A (en) | Network connection digital control method | |
| CN111343070A (en) | Communication control method for sdwan network | |
| CN106936674B (en) | Multi-operator network communication method | |
| CN101257390A (en) | Machine frame type network appliance and method for network treater to insert card and process business | |
| CN106302420A (en) | A kind of content distribution network system and management method | |
| CN102271070A (en) | Method and system for transmitting service data based on personal network | |
| CN103051626A (en) | Authentication method and network device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: HILLSTONE NETWORKS COMMUNICATION TECHNOLOGY CO., L Free format text: FORMER OWNER: HILLSTONE NETWORKS (BEIJING) INC. Effective date: 20131219 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 100085 HAIDIAN, BEIJING TO: 215163 SUZHOU, JIANGSU PROVINCE |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20131219 Address after: Suzhou City, Jiangsu province 215163 Suzhou high tech Industrial Development Zone, kolding Road No. 78 Su Gaoxin Software Park Building 7 layer 3 Patentee after: HILLSTONE NETWORKS Address before: 100085 Beijing city Haidian District on the seven Street No. 1 Huizhong 3 storey building Patentee before: Hillstone Networks Communication Technology (Beijing) Co., Ltd. |
|
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 215163 No. 181 Jingrun Road, Suzhou High-tech Zone, Jiangsu Province Patentee after: SHANSHI NETWORK COMMUNICATION TECHNOLOGY CO., LTD. Address before: 215163 3rd Floor, 7th Building, No. 78 Keling Road, Suzhou High-tech Industrial Development Zone, Suzhou City, Jiangsu Province Patentee before: HILLSTONE NETWORKS |