CN101883016B - System and method for generating deep packet inspection equipment linkage strategy - Google Patents
System and method for generating deep packet inspection equipment linkage strategy Download PDFInfo
- Publication number
- CN101883016B CN101883016B CN200910083189.4A CN200910083189A CN101883016B CN 101883016 B CN101883016 B CN 101883016B CN 200910083189 A CN200910083189 A CN 200910083189A CN 101883016 B CN101883016 B CN 101883016B
- Authority
- CN
- China
- Prior art keywords
- strategy
- dpi
- decision
- information
- submodule
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a deep packet inspection equipment linkage strategy generating system, which comprises a deep packet inspection (DPI) execution mechanism, a DPI linkage information control center and a strategy decision module, wherein the DPI execution mechanism is used for identifying and controlling service traffic and supplying information of DPI equipment to the DPI linkage information control center; the DPI linkage information control center is used for managing registration of the DPI equipment and acquisition and maintenance of the equipment information and supplying the acquired information to the strategy decision module by classification; and the strategy decision module is used for acquiring various information of the DPI equipment from the DPI linkage information control center, generating an executable application strategy according to the acquired information and transmitting the generated application strategy to the DPI execution mechanism. The invention also discloses a DPI equipment linkage strategy generating method at the same time. The system and the method can realize centralized management and analysis on the scattered DPI equipment.
Description
Technical field
The present invention relates to deep packet inspection technology, especially relate to a kind of deep packet inspection equipment linkage strategy generation system and method.
Background technology
Along with the sharp increase of Internet service, realizing based on the controlled of miscellaneous service is the problem that the each link of industrial chain is all relatively concerned about, but, the management and control most important condition of dredging realizing based on miscellaneous service is identified corresponding various application exactly, use deep message to detect (DPI, Deep Packet Inspection) technology and be undoubtedly the optimal selection as traffic identification function.
So-called DPI technology is a kind of flow detection and control technology based on application layer, DPI is relative with the level of analysis of common message, generally, common packet check is the content below analyzing IP layer data packet only, comprising: source address, destination address, source port, destination interface and protocol type; And DPI is except the step analysis to above, also increase the analysis to application layer, can identify even its content of various application.
The equipment of realizing DPI technology is called DPI equipment, is the equipment that possesses business data flow identification, business datum flow-control capability.In the time that the data flow of IP packet, transmission control protocol (TCP) or User Datagram Protocol (UDP) is passed through DPI equipment, this equipment is analyzed the application layer message in ICP/IP protocol by the content that deeply reads IP packet load, thereby identifies real application type and feature.Therefore, utilize DPI technology in IP network, to dispose DPI system, can realize the functions such as traffic identification, Service control and business statistics in network operation.DPI technical work connects (OSI in open system, Open SystemInterconnect) transport layer of model is to application layer, there is high Data Stream Processing ability, the business that can carry network is identified and traffic management, can be deployed in net's backbone, metropolitan area network and enterprise network inside.
But, due to the dispersiveness of current DPI deployed with devices and the independence of management, very likely cause the unbalanced of DPI device processes service traffics; In addition, because certain DPI device fails also can cause local Business Processing failure.At present, not yet having scheme to propose that through part is deployed on to each DPI equipment and corresponding information in network manages concentratedly.
Summary of the invention
In view of this, main purpose of the present invention is to provide a kind of deep packet inspection equipment linkage strategy generation system and method, can realize DPI equipment and information centralized management and analysis to disperseing.
For achieving the above object, technical scheme of the present invention is achieved in that
The invention provides a kind of deep packet inspection equipment linkage strategy generation system, comprising: deep message detects DPI actuator, DPI interlock information control center and policy decision module; Wherein,
DPI actuator, for identifying service traffics and controlling, also for the information of each DPI equipment is provided to DPI interlock information control center;
The DPI information control center that links, for collecting the information of each DPI equipment, and offers policy decision module by the information classification of collecting;
Policy decision module, for the information of collecting DPI equipment from DPI interlock information control center, and according to the executable application strategy of Information generation of collecting, then generated application strategy is handed down to DPI actuator.
In such scheme, described policy decision module comprises that DPI equipment linkage tactical management submodule, strategy generate submodule; Wherein, described DPI equipment linkage tactical management submodule, generates for receiving strategy the application strategy that submodule reports, and generates executable application strategy and issues DPI actuator according to the application strategy reporting; Described strategy generates submodule, and the various DPI facility informations that report for receiving DPI interlock information control center, generate various strategies according to the DPI facility information of receiving, and the strategy of generation is offered to DPI equipment linkage tactical management submodule.
In such scheme, the information of described DPI equipment includes but not limited to the routing iinformation of DPI equipment, the state information of DPI equipment, the recognition result information of DPI equipment, the flow information of DPI equipment, the related information of DPI equipment;
Described strategy generates submodule and comprises any one or more in associated identification control strategy decision-making submodule, traffic sharing linkage strategy decision-making submodule, troubleshooting linkage strategy decision-making submodule.
In such scheme, described strategy generates submodule and comprises associated identification control strategy decision-making submodule, traffic sharing linkage strategy decision-making submodule and troubleshooting linkage strategy decision-making submodule;
Described associated identification control strategy decision-making submodule, for obtain the related information of DPI equipment from DPI interlock information control center, carry out corresponding control decision according to the related information obtaining, and the control strategy that self is generated reports DPI equipment linkage tactical management submodule;
Described traffic sharing linkage strategy decision-making submodule, for obtain the flow information of DPI equipment from DPI interlock information control center, carry out traffic sharing strategic decision-making according to the flow information obtaining, and the traffic sharing strategy that self is produced reports DPI equipment linkage tactical management submodule;
Described troubleshooting linkage strategy decision-making submodule, for obtain the state information of DPI equipment from DPI interlock information control center, carry out troubleshooting strategic decision-making according to the state information of obtaining, and the troubleshooting strategy that self is produced reports DPI equipment linkage tactical management submodule.
This system further comprises centralized policy administration module, for coordinating and managing the above linkage strategy generation system, generates and issue corresponding management strategy to the policy decision module in its compass of competency; Accordingly, the strategy that DPI equipment linkage tactical management submodule also issues for receiving centralized policy administration module; Generate executable application strategy in conjunction with the analysis of strategies of receiving afterwards.
This system further comprises external management and decision system, for generating the strategy that DPI equipment is managed, and generated strategy is offered to policy decision module; Accordingly, DPI equipment linkage tactical management submodule is also for receiving the strategy from external management and decision system editor and importing/derivation; Generate executable application strategy in conjunction with the various policy information analyses of receiving afterwards.
The present invention also provides a kind of deep packet inspection equipment linkage strategy-generating method, comprising:
Obtain the information of each DPI equipment, determine different application strategies according to obtained information, generate executable application strategy and issue according to more than one application strategy of determining again afterwards.
In such scheme, described in obtain each DPI equipment information be: by the each strategic decision-making submodule in the information classification reporting policy decision-making module of the each DPI equipment obtaining;
Accordingly, describedly determine that according to obtained information different application strategies is: each strategic decision-making submodule is according to the application strategy of the Information generation self of receiving, and by the DPI equipment linkage tactical management submodule in the application strategy reporting policy decision-making module generating;
The executable application strategy of described generation also issues as: DPI equipment linkage tactical management submodule generates according to the application strategy reporting the application strategy of carrying out and also issues DPI actuator.
The present invention also provides a kind of deep packet inspection equipment linkage strategy-generating method, comprising:
Obtain the information of each DPI equipment, determine different application strategies according to obtained information, afterwards according to more than one application strategy of determining, and generate executable application strategy and issue in conjunction with the policy information that centralized policy administration module and/or external management and decision system provide.
In such scheme, described in obtain each DPI equipment information be: by the each strategic decision-making submodule in the information classification reporting policy decision-making module of the each DPI equipment obtaining;
Accordingly, describedly determine that according to obtained information different application strategies is: each strategic decision-making submodule is according to the application strategy of the Information generation self of receiving, and by the DPI equipment linkage tactical management submodule in the application strategy reporting policy decision-making module generating;
The executable application strategy of described generation also issues the strategy generating according to the application strategy reporting, policy information that centralized policy administration module issues and/or external management and decision system for: DPI equipment linkage tactical management submodule, analyze and generate executable application strategy, and issue DPI actuator.
Deep packet inspection equipment linkage strategy generation system provided by the present invention and method, obtain the various information of each DPI equipment, tentatively determine different application strategies according to obtained various information, afterwards multiple application strategies of tentatively determining are comprehensively analyzed, generated final executable application strategy and issue.So, whole system can, according to the state variation of all DPI equipment, be adjusted application strategy in time, such as: traffic sharing, troubleshooting etc., information according to each DPI equipment is formulated linkage strategy, reaches through part is deployed on to the object that the each DPI equipment in network is managed concentratedly.
The present invention adopts two stage application strategy to determine mechanism in the time formulating application strategy, the application strategy of the first each self-generating of module self by processing for certain category information specially, by policy decision module, all application strategies of receiving are comprehensively analyzed again, generated final executable application strategy.The DPI equipment that can effectively realize being deployed in network by application of the present invention carries out transfer of flow optimization and fault situation amount etc., and then realizes coordination between each DPI equipment, reliable cooperating.
Further, policy decision module of the present invention, be specially the application strategy that the DPI equipment linkage tactical management submodule in policy decision module can also report each strategic decision-making submodule, the application strategy issuing in conjunction with centralized policy administration module and/or external management and decision system are carried out comprehensive analysis and judgement for its application strategy providing, generate the more applicable application strategy carried out, so, can be optimized the traffic management of each DPI equipment in network better, can coordinate better the work between each DPI equipment.
Brief description of the drawings
Fig. 1 is the composition structural representation of DPI linkage strategy generation system of the present invention;
Fig. 2 is the composition structural representation of DPI linkage strategy generation system of the present invention one embodiment;
Fig. 3 is the realization flow schematic diagram of DPI linkage strategy generation method of the present invention.
Embodiment
Basic thought of the present invention is: obtain the various information of each DPI equipment, tentatively determine different application strategies according to obtained various information, generate final executable application strategy and issue afterwards according to preliminary multiple application strategies of determining.
Further, the present invention can also be by multiple application strategies of tentatively determining, the application strategy issuing with centralized policy administration module and/or external management and decision system are analyzed judgement for its application strategy providing combines, and generate the more applicable application strategy carried out.
As shown in Figure 1, deep packet inspection equipment linkage strategy generation system of the present invention mainly comprises: DPI actuator 11, DPI interlock information control center 12 and policy decision module 13; Wherein,
DPI actuator 11, is a DPI interlocking equipment group, and the identification for specific implementation to service traffics and control, also for providing the information of each DPI equipment to DPI interlock information control center 12; And the application strategy that can issue according to policy decision module is to the executive control operation of DPI equipment.
Here, described information can comprise the routing iinformation of DPI equipment, the state information of DPI equipment, the recognition result information of DPI equipment, the flow information of DPI equipment, related information of DPI equipment etc.; It is described that to DPI equipment, executive control operation can be the transfer of data traffic, such as: the data of faulty equipment transmission are turned by normal work and the little one or more device transmission of load; A part of data on equipment large load are turned to the one or more device transmission little by load.
The DPI information control center 12 that links, for managing the registration of DPI equipment group equipment, collection and the maintenance of facility information, and the strategy that the DPI facility information of collecting is offered in policy decision module generates submodule.
In system shown in Figure 1, completing the decision-making of DPI linkage strategy is policy decision module 13 with the module that issues most critical, the various information of policy decision module 13 for collecting DPI equipment from DPI interlock information control center 12, and according to the executable application strategy of Information generation of collecting, then generated application strategy is handed down to DPI actuator 11.
In actual applications, described policy decision module 13 can be used as functional module and is integrated in Network Management Equipment, also can be used as the independent network equipment, such as: separately as strategic decision-making server.Concrete, this policy decision module 13 generates submodule 130 by DPI equipment linkage tactical management submodule 131 and strategy and forms.Wherein,
DPI equipment linkage tactical management submodule 131, it is the center of executable application strategy final decision and issue, this submodule is specifically for completing following functions: receive from strategy and generate the various strategies that submodule 130 generates according to all kinds of DPI facility informations of collecting, the comprehensive various strategies that receive of analyzing, produce executable application strategy again; DPI actuator 11 is issued to identification masterplate and the final application strategy producing.
Here, described comprehensive analysis can be that the different application strategy to receiving judges, relatively, according to the degree of association between each application strategy, whether overlapping, whether have conflict etc. condition, determine that optimum application strategy is final executable application strategy.
This submodule also can be used for application strategy to carry out the adjustment of priority, selects the high application strategy of priority as final executable application strategy; Accordingly, the application strategy that is final generation and adjusts through priority of DPI actuator 11 being issued.
Strategy generates submodule 130, and the various DPI facility informations that report for receiving DPI interlock information control center 12, generate various strategies according to the DPI facility information of receiving, and the strategy of generation is offered to DPI equipment linkage tactical management submodule 131;
Described strategy generates submodule 130 can comprise any one or more in associated identification control strategy decision-making submodule 132, traffic sharing linkage strategy decision-making submodule 133, troubleshooting linkage strategy decision-making submodule 134.That is to say, it can be any one submodule or the combination of any two submodules or the combination of three submodules in associated identification control strategy decision-making submodule 132, traffic sharing linkage strategy decision-making submodule 133, troubleshooting linkage strategy decision-making submodule 134 threes that strategy generates submodule 130.
Accordingly, the information classification of collecting is offered corresponding strategic decision-making submodule in policy decision module by DPI interlock information control center 12.Here, described classification refers to all information of receiving by different classes of differentiation, such as: be divided into the recognition result information of DPI equipment, the routing iinformation of DPI equipment, the state information of DPI equipment, the flow information of DPI equipment, related information of DPI equipment etc., so, can be by strategic decision-making submodules different different classes of information reporting.
In practical application, a certain category information only can be reported to a corresponding strategic decision-making submodule, such as: by state information report troubleshooting strategic decision-making submodule etc.; Also can, according to the correlation of information and strategic decision-making submodule, a few category informations be reported to same strategic decision-making submodule, such as: by all reporting fault processing policy decision-making submodules of routing iinformation, state information; Can also, according to the correlation of information and strategic decision-making submodule, a certain category information be reported to multiple strategic decision-making submodules, such as: routing iinformation is reported to traffic sharing linkage strategy decision-making submodule, troubleshooting strategic decision-making submodule.
In this case, DPI equipment linkage tactical management submodule 131 receives the various generation strategies of auto correlation identification control strategy decision-making submodule 132, traffic sharing linkage strategy decision-making submodule 133, troubleshooting linkage strategy decision-making submodule 134.
Concrete, associated identification control strategy decision-making submodule 132, for obtaining the related information that need to obtain because of traffic identification at different DPI equipment rooms from DPI interlock information control center 12, carry out corresponding control decision according to the related information obtaining, and by self generate control strategy report DPI equipment linkage tactical management submodule 131, do final application strategy decision-making by DPI equipment linkage tactical management submodule 131.Such as: same business datum during by different DPI device transmission, can be by the identification of different DPI facility informations is defined as to same business datum, and then formulate corresponding processing policy.
Traffic sharing linkage strategy decision-making submodule 133, for obtain the flow information of DPI equipment from DPI interlock information control center 12, carry out traffic sharing strategic decision-making according to the flow information obtaining, and by self produce traffic sharing strategy report DPI equipment linkage tactical management submodule 131, do final application strategy decision-making by DPI equipment linkage tactical management submodule 131.The principle of carrying out traffic sharing strategic decision-making here, is to make the flow equilibrium optimization in application layer between each DPI equipment.
Troubleshooting linkage strategy decision-making submodule 134, for obtain the state information of DPI equipment from DPI interlock information control center 12, carry out troubleshooting strategic decision-making according to the state information of obtaining, and by self produce troubleshooting strategy report DPI equipment linkage tactical management submodule 131, do final application strategy decision-making by DPI equipment linkage tactical management submodule 131.
The object of this submodule is evaded equipment Risk exactly, treatment facility fault is brought in time service disconnection and relevant issues.In practical application, this submodule also can receive the DPI facility informations such as routing iinformation, generates the troubleshooting strategy of self in the time carrying out strategic decision-making in conjunction with the various information of receiving.Such as: can determine which DPI device fails according to state information, can know the traffic load situation of each DPI equipment according to routing iinformation, just can determine that according to this load condition that the data flow of transmitting on fault DPI equipment is transferred to which or which DPI comparison in equipment is suitable so, data flow normal transmission can be ensured, flow equalization optimization can be reached again.
In actual applications, if there are multiple linkage strategy generation systems that formed by DPI actuator 11, DPI interlock information control center 12 and policy decision module 13 in network simultaneously, so, in order to coordinate and manage multiple such linkage strategy generation systems, in Fig. 1, can further comprise centralized policy administration module 15, connection strategy decision-making module 13, be used for coordinating and managing the above linkage strategy generation system, generate and issue corresponding management strategy to the policy decision module 13 in its compass of competency.
In actual applications, system shown in Figure 1 can also comprise external management and decision system 14, is outside decision management system, for generating the strategy that DPI equipment is managed, and generated strategy is offered to policy decision module 13.
For the situation that increases centralized policy administration module 15 and/or external management and decision system 14, accordingly, DPI equipment linkage tactical management submodule 131, also for receiving the various strategies that issue from centralized policy administration module 15, and/or for the treatment of editing and import from external management and decision system 14/strategy of deriving; Comprehensively analyze in conjunction with the various strategies of receiving afterwards, generate final executable application strategy.Here carrying out the comprehensive various policy informations of analyzing, comprises from the strategy of policy decision module 13, from the strategy of centralized policy administration module 15 and/or from the strategy of external management and decision system 14.
Here the various strategies that, described combination is received carry out comprehensive analysis and can be specifically: the information that policy decision module 13 is obtained according to DPI interlock information control center 12 is formulated corresponding strategy; Policy decision module 13 receives the corresponding strategy that centralized policy administration module 15 is issued simultaneously; Afterwards, the strategy that policy decision module 13 can be formulated self compares analysis with the strategy receiving, and determines final executable application strategy.If: the strategy that policy decision module 13 is formulated is: should be controlled at 10Mbps to certain application traffic of certain DPI equipment as VOIP flow; And the strategy that centralized policy administration module 15 is formulated is to limit the VOIP flow of its lower all DPI equipment at 5Mbps, and the tactful priority of centralized policy administration module 15 is high, because the strategy that centralized policy administration module is formulated may relate to overall multiple linkage strategy generation system; , after the comprehensive analysis of policy decision module 13,5Mbps centralized policy administration module 15 being formulated according to the priority of decision-making is applied to corresponding DPI equipment.
In the present invention, strategic decision-making is mainly for linkage strategy, therefore, and the information and executing that can provide according to external management and decision system 14 for the identification of business and control strategy; Also can formulate the strategy of corresponding identification and control by external management and decision system 14, according to the strategy of the strategy of priority Select Tactics decision-making module 13 or external management and decision system 14.
Fig. 2 is specific embodiments of the invention, and in the present embodiment, strategy generates submodule 130 and comprises associated identification control strategy decision-making submodule 132, traffic sharing linkage strategy decision-making submodule 133,134 3 submodules of troubleshooting linkage strategy decision-making submodule.In Fig. 2, representing different classes of information with different filling modes, is three category informations here, represents respectively with black filling, oblique line filling and blank filling; Accordingly, DPI interlock information control center 12 represents to transmit to the solid line of associated identification control strategy decision-making submodule 132 data flow that black is filled; DPI interlock information control center 12 represents to transmit to the dotted line of traffic sharing linkage strategy decision-making submodule 133 data flow that oblique line is filled; DPI interlock information control center 12 represents to transmit blank data flow of filling to the chain-dotted line of troubleshooting linkage strategy decision-making submodule 134.
As shown in Figure 2, DPI interlock information control center 12 obtains the information of DPI equipment from DPI actuator 11, and corresponding strategy decision-making submodule in reporting policy decision-making module 13 will be distinguished after obtain information classification: associated identification control strategy decision-making submodule 132, traffic sharing linkage strategy decision-making submodule 133, troubleshooting linkage strategy decision-making submodule 134, each strategic decision-making submodule generates the application strategy of self according to the corresponding information of receiving, and the application strategy that self is generated reports DPI equipment linkage tactical management submodule 131, DPI equipment linkage policy management module 131 is comprehensively analyzed the strategic decision-making information receiving from each strategic decision-making submodule, and final decision produces executable application strategy and is issued to DPI actuator 11, DPI actuator 11 receives after executable application strategy, according to the application strategy issuing, DPI equipment is carried out to control operation, such as transferring data flow, share data traffic etc.
Here, described comprehensive analysis refers to that DPI equipment linkage policy management module 131 will be in conjunction with the policy information from each tactful submodule, and analysis draws executable application strategy.Such as: DPI equipment linkage policy management module 131 is received from traffic sharing linkage strategy decision-making submodule 133, the strategy of troubleshooting linkage strategy decision-making submodule 134, wherein, the strategy of traffic sharing linkage strategy decision-making submodule 133 provides the network topology structure of each node device of current normal work, the strategy of troubleshooting linkage strategy decision-making submodule 134 provides the current node device breaking down and points out to walk circuitous path, so, DPI equipment linkage policy management module 131 is received after these two strategies, first determine that according to the strategy of troubleshooting linkage strategy decision-making submodule 134 which node device breaks down, determine and the each node device of upstream and downstream of this malfunctioning node equipment connection according to the strategy of traffic sharing linkage strategy decision-making submodule 133 again, and all node devices that connect between the each node device of this upstream and downstream, therefrom select afterwards the node device of suitable replacement malfunctioning node equipment according to routing algorithm.Visible, comprehensive analysis is in conjunction with just drawing final application strategy from the policy information of each side; Or, from several similar strategies, select priority high or preferably or the strategy of applicable current running environment as final executable application strategy.
Give an example in conjunction with concrete application, supposing has DPI1, DPI2, DPI3, tetra-DPI equipment of DPI4 in network, wherein, four DPI equipment are all supported P2P agreement, and DPI1 is connected with DPI2, DPI3 respectively, DPI2, DPI3 all connect DPI4, and the data flow that transfers to DPI4 from DPI1 is transmitted via DPI2.
In the time that DPI2 breaks down, first, DPI interlock information control center 12 obtains the information of DPI equipment from DPI actuator 11: DPI1~DPI4 all supports P2P agreement; DPI1 is connected with DPI2, DPI3, and DPI2, DPI3 are connected with DPI4, and DPI1 transmits data by DPI2 to DPI4; DPI4 breaks down.
Then, DPI interlock information control center 12 obtains after above-mentioned information, these information is divided three classes: DPI1~DPI4 all supports P2P agreement to belong to recognition result information; The annexation of DPI1, DPI2, DPI3, DPI4, and the path that DPI1 walks to DPI4 transmission data belongs to routing iinformation; DPI4 breaks down and belongs to state information.
Afterwards, DPI interlock information control center 12 is by the associated identification of recognition result information reporting control strategy decision-making submodule 132; Routing iinformation is reported to traffic sharing linkage strategy decision-making submodule 133 and troubleshooting linkage strategy decision-making submodule 134; By state information report troubleshooting linkage strategy decision-making submodule 134.
Associated identification control strategy decision-making submodule 132, traffic sharing linkage strategy decision-making submodule 133 and troubleshooting linkage strategy decision-making submodule 134 are separately according to the application strategy of the Information generation self of receiving; Wherein, troubleshooting linkage strategy decision-making submodule 134 is received after routing iinformation and state information, the strategic decision-making according to state information and routing iinformation generation self: the data that DPI1 is transmitted to DPI4 via DPI2, are transferred to via DPI3 and transmit to DPI4.
Finally, the strategic decision-making that troubleshooting linkage strategy decision-making submodule 134 generates self reports DPI equipment linkage policy management module 131, DPI equipment linkage policy management module 131 is analyzed through comprehensive, for troubleshooting, DPI1 is transferred data to DPI4 as final executable application strategy via DPI3, and issue this application strategy to DPI actuator 11, DPI actuator 11 controls processing according to the application strategy of receiving to DPI1~DPI4, and the data that DPI1 sent to DPI4 are transmitted via DPI3.
Based on said apparatus, the present invention also provides a kind of deep packet inspection equipment linkage strategy-generating method, and the concrete processing procedure of the method as shown in Figure 3, comprises the following steps:
Step 301:DPI interlock information control center obtains the information of each DPI equipment from DPI actuator, the strategy of reporting policy decision-making module generates submodule;
Here, if generating submodule, strategy comprises multiple strategic decision-making submodules, for example: comprise associated identification control strategy decision-making submodule, traffic sharing linkage strategy decision-making submodule, troubleshooting linkage strategy decision-making submodule, DPI interlock information control center can be by after the classification of DPI facility information, and reporting policy generates each strategic decision-making submodule in submodule.Wherein, the information of described DPI equipment can be the related information of the routing iinformation of DPI equipment and/or the recognition result information of the state information of DPI equipment and/or DPI equipment and/or the flow information of DPI equipment and/or DPI equipment.
Step 302: strategy generates submodule and generates various application strategies according to the corresponding information of receiving, and by the DPI equipment linkage tactical management submodule in the application strategy reporting policy decision-making module generating;
Here, be made up of multiple strategic decision-making submodules if strategy generates submodule, each strategic decision-making submodule generates the application strategy of self separately according to the corresponding information of receiving, reports DPI equipment linkage tactical management submodule.
Step 303:DPI equipment linkage tactical management submodule is comprehensive analyzes the various application strategies of receiving, and finally forms executable application strategy, is issued to DPI actuator;
Here, if DPI equipment linkage tactical management submodule also connects centralized policy administration module and/or external management and decision system; So, the executable application strategy of described final formation is: according to more than one application strategy of determining, and the policy information that the policy information issuing in conjunction with centralized policy administration module and/or external management and decision system provide generates final executable application strategy.
The final executable application strategy that step 304:DPI actuator issues according to policy decision module, carries out corresponding control operation to each DPI equipment.
This step is optional for DPI equipment linkage strategy-generating method.
Can be found out by above-mentioned processing procedure: adopt method provided by the present invention, DPI facility information and the service condition etc. effectively in integrated network, disposed, carry out the formulation of corresponding strategy decision-making, and then effectively realize the optimization equilibrium of DPI recognition of devices service traffics, and the function such as transfer of data traffic in single DPI equipment fault situation.
The above, be only preferred embodiment of the present invention, is not intended to limit protection scope of the present invention, all any amendments of doing within the spirit and principles in the present invention, is equal to and replaces and improvement etc., within all should being included in protection scope of the present invention.
Claims (8)
1. a deep packet inspection equipment linkage strategy generation system, is characterized in that, this system comprises: deep message detects DPI actuator, DPI interlock information control center and policy decision module; Wherein,
DPI actuator, for identifying service traffics and controlling, also for the information of each DPI equipment is provided to DPI interlock information control center;
The DPI information control center that links, for collecting the information of each DPI equipment, and offers policy decision module by the information classification of collecting;
Policy decision module, comprise that DPI equipment linkage tactical management submodule and strategy generate submodule, for the information of collecting DPI equipment from DPI interlock information control center, and according to the executable application strategy of Information generation of collecting, then generated application strategy is handed down to DPI actuator; Wherein,
Described DPI equipment linkage tactical management submodule, generates for receiving strategy the application strategy that submodule reports, and generates executable application strategy and issues DPI actuator according to the application strategy reporting;
Described strategy generates submodule, comprise associated identification control strategy decision-making submodule, traffic sharing linkage strategy decision-making submodule and troubleshooting linkage strategy decision-making submodule, the various DPI facility informations that report for receiving DPI interlock information control center, generate various strategies according to the DPI facility information of receiving, and the strategy of generation is offered to DPI equipment linkage tactical management submodule; Wherein,
Described associated identification control strategy decision-making submodule, for obtain the related information of DPI equipment from DPI interlock information control center, carry out corresponding control decision according to the related information obtaining, and the control strategy that self is generated reports DPI equipment linkage tactical management submodule;
Described traffic sharing linkage strategy decision-making submodule, for obtain the flow information of DPI equipment from DPI interlock information control center, carry out traffic sharing strategic decision-making according to the flow information obtaining, and the traffic sharing strategy that self is produced reports DPI equipment linkage tactical management submodule;
Described troubleshooting linkage strategy decision-making submodule, for obtain the state information of DPI equipment from DPI interlock information control center, carry out troubleshooting strategic decision-making according to the state information of obtaining, and the troubleshooting strategy that self is produced reports DPI equipment linkage tactical management submodule.
2. deep packet inspection equipment linkage strategy generation system according to claim 1, it is characterized in that, the information of described DPI equipment includes but not limited to the routing iinformation of DPI equipment, the state information of DPI equipment, the recognition result information of DPI equipment, the flow information of DPI equipment, the related information of DPI equipment;
Described strategy generates submodule and comprises any one or more in associated identification control strategy decision-making submodule, traffic sharing linkage strategy decision-making submodule, troubleshooting linkage strategy decision-making submodule.
3. deep packet inspection equipment linkage strategy generation system according to claim 1, it is characterized in that, this system further comprises centralized policy administration module, be used for coordinating and managing the above linkage strategy generation system, generate and issue corresponding management strategy to the policy decision module in its compass of competency;
Accordingly, the strategy that DPI equipment linkage tactical management submodule also issues for receiving centralized policy administration module; Generate executable application strategy in conjunction with the analysis of strategies of receiving afterwards.
4. deep packet inspection equipment linkage strategy generation system according to claim 1, it is characterized in that, this system further comprises external management and decision system, for generating the strategy that DPI equipment is managed, and generated strategy is offered to policy decision module;
Accordingly, DPI equipment linkage tactical management submodule is also for receiving the strategy from external management and decision system editor and importing/derivation; Generate executable application strategy in conjunction with the analysis of strategies of receiving afterwards.
5. a deep packet inspection equipment linkage strategy-generating method, is characterized in that, the method comprises:
DPI interlock information control center is by the each strategic decision-making submodule in the information classification reporting policy decision-making module of the each DPI equipment being obtained by DPI actuator; The application strategy of the Information generation self that each strategic decision-making submodule basis is received, and by the DPI equipment linkage tactical management submodule in the application strategy reporting policy decision-making module generating; DPI equipment linkage tactical management submodule generates the application strategy of carrying out and issues DPI actuator according to the application strategy reporting;
Wherein, each strategic decision-making submodule is specially: associated identification control strategy decision-making submodule, traffic sharing linkage strategy decision-making submodule and troubleshooting linkage strategy decision-making submodule;
Described associated identification control strategy decision-making submodule, for obtain the related information of DPI equipment from DPI interlock information control center, carry out corresponding control decision according to the related information obtaining, and the control strategy that self is generated reports DPI equipment linkage tactical management submodule;
Described traffic sharing linkage strategy decision-making submodule, for obtain the flow information of DPI equipment from DPI interlock information control center, carry out traffic sharing strategic decision-making according to the flow information obtaining, and the traffic sharing strategy that self is produced reports DPI equipment linkage tactical management submodule;
Described troubleshooting linkage strategy decision-making submodule, for obtain the state information of DPI equipment from DPI interlock information control center, carry out troubleshooting strategic decision-making according to the state information of obtaining, and the troubleshooting strategy that self is produced reports DPI equipment linkage tactical management submodule.
6. deep packet inspection equipment linkage strategy-generating method according to claim 5, it is characterized in that, the information of described DPI equipment includes but not limited to the routing iinformation of DPI equipment, the state information of DPI equipment, the recognition result information of DPI equipment, the flow information of DPI equipment, the related information of DPI equipment.
7. a deep packet inspection equipment linkage strategy-generating method, is characterized in that, the method comprises:
DPI interlock information control center is by the each strategic decision-making submodule in the information classification reporting policy decision-making module of the each DPI equipment obtaining; The application strategy of the Information generation self that each strategic decision-making submodule basis is received, and by the DPI equipment linkage tactical management submodule in the application strategy reporting policy decision-making module generating; The strategy that the application strategy that DPI equipment linkage tactical management submodule basis reports, the policy information that centralized policy administration module issues and/or external management and decision system generate, analyzes and generates executable application strategy, and issue DPI actuator;
Wherein, each strategic decision-making submodule is specially: associated identification control strategy decision-making submodule, traffic sharing linkage strategy decision-making submodule and troubleshooting linkage strategy decision-making submodule;
Described associated identification control strategy decision-making submodule, for obtain the related information of DPI equipment from DPI interlock information control center, carry out corresponding control decision according to the related information obtaining, and the control strategy that self is generated reports DPI equipment linkage tactical management submodule;
Described traffic sharing linkage strategy decision-making submodule, for obtain the flow information of DPI equipment from DPI interlock information control center, carry out traffic sharing strategic decision-making according to the flow information obtaining, and the traffic sharing strategy that self is produced reports DPI equipment linkage tactical management submodule;
Described troubleshooting linkage strategy decision-making submodule, for obtain the state information of DPI equipment from DPI interlock information control center, carry out troubleshooting strategic decision-making according to the state information of obtaining, and the troubleshooting strategy that self is produced reports DPI equipment linkage tactical management submodule.
8. deep packet inspection equipment linkage strategy-generating method according to claim 7, it is characterized in that, the information of described DPI equipment includes but not limited to the routing iinformation of DPI equipment, the state information of DPI equipment, the recognition result information of DPI equipment, the flow information of DPI equipment, the related information of DPI equipment.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910083189.4A CN101883016B (en) | 2009-05-05 | 2009-05-05 | System and method for generating deep packet inspection equipment linkage strategy |
| PCT/CN2009/073660 WO2010127525A1 (en) | 2009-05-05 | 2009-09-01 | System and method for generating the linkage strategy of deep packet inspection devices |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910083189.4A CN101883016B (en) | 2009-05-05 | 2009-05-05 | System and method for generating deep packet inspection equipment linkage strategy |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101883016A CN101883016A (en) | 2010-11-10 |
| CN101883016B true CN101883016B (en) | 2014-11-05 |
Family
ID=43049936
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200910083189.4A Active CN101883016B (en) | 2009-05-05 | 2009-05-05 | System and method for generating deep packet inspection equipment linkage strategy |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN101883016B (en) |
| WO (1) | WO2010127525A1 (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102752384B (en) * | 2012-06-29 | 2015-03-04 | 安科智慧城市技术(中国)有限公司 | Linkage processing method and device of equipment information |
| CN103888307B (en) * | 2012-12-20 | 2017-11-17 | 中国电信股份有限公司 | For optimizing method, user side board and the broad access network gate of deep-packet detection |
| CN107645502B (en) * | 2017-09-20 | 2021-01-22 | 新华三信息安全技术有限公司 | Message detection method and device |
| CN112187498B (en) * | 2019-07-03 | 2022-09-06 | 中国电信股份有限公司 | Bypass protection method, device and system thereof and Deep Packet Inspection (DPI) system |
| CN111355610A (en) * | 2020-02-25 | 2020-06-30 | 网宿科技股份有限公司 | Exception handling method and device based on edge network |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101286937A (en) * | 2008-05-16 | 2008-10-15 | 华为技术有限公司 | Network flow control method, device and system |
| CN101350781A (en) * | 2008-07-31 | 2009-01-21 | 成都市华为赛门铁克科技有限公司 | Method, equipment and system for monitoring flux |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101399749B (en) * | 2007-09-27 | 2012-04-04 | 华为技术有限公司 | Method, system and device for packet filtering |
| CN101420367B (en) * | 2007-10-24 | 2011-05-11 | 中国电信股份有限公司 | P2P flow control system and method |
-
2009
- 2009-05-05 CN CN200910083189.4A patent/CN101883016B/en active Active
- 2009-09-01 WO PCT/CN2009/073660 patent/WO2010127525A1/en active Application Filing
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101286937A (en) * | 2008-05-16 | 2008-10-15 | 华为技术有限公司 | Network flow control method, device and system |
| CN101350781A (en) * | 2008-07-31 | 2009-01-21 | 成都市华为赛门铁克科技有限公司 | Method, equipment and system for monitoring flux |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2010127525A1 (en) | 2010-11-11 |
| CN101883016A (en) | 2010-11-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101883016B (en) | System and method for generating deep packet inspection equipment linkage strategy | |
| US7668966B2 (en) | Data network controller | |
| CN101115013B (en) | Method of providing resource admission control | |
| US20040230868A1 (en) | System and method for fault diagnosis using distributed alarm correlation | |
| CN104272653A (en) | Congestion control in packet data networking | |
| CN104320358A (en) | QoS (Quality of Service) business control method in power telecommunication net | |
| CN103516602A (en) | Feedback loop for service engineered paths | |
| CN106130928A (en) | Flow control methods under a kind of SDN and system | |
| US20090276510A1 (en) | System and Method for Network Design | |
| Trammell et al. | mPlane: an intelligent measurement plane for the internet | |
| CN106161053A (en) | A kind of SDN controller QoS manages system and method | |
| CN104883362A (en) | Method and device for controlling abnormal access behaviors | |
| US9571346B2 (en) | Fault tolerant communication system, method, and device that uses tree searching | |
| CN108494625A (en) | A kind of analysis system on network performance evaluation | |
| CN100459514C (en) | Method and device for controlling close ring feedback in IP network service quality management system | |
| US10027557B2 (en) | Method for transmitting data streams through a telecommunication network | |
| CN111756642A (en) | Network traffic scheduling system and method based on DPI and machine learning | |
| CN102724193B (en) | Control method aiming at streaming service survivability in IP (Internet protocol) network environment | |
| CN110365549A (en) | A kind of processing method and processing system of SPTN network | |
| US8949412B2 (en) | Method for management of data stream exchanges in an autonomic telecommunications network | |
| CN101048983A (en) | Method and device for optimising the capacity of a communication network | |
| Savchenko et al. | Computer networks monitoring and management methods | |
| CN106686034A (en) | CDN scheduling enhancement method, CDN scheduling enhancement device and CDN scheduling enhancement system | |
| CN117155803B (en) | Multi-level scene-oriented router and adaptive optimization method thereof | |
| CN108418724B (en) | Next-generation key message infrastructure network intelligent management system based on cloud computing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20201201 Address after: East side of Xizhi Road, group 18, Shengli village, Shaxi Town, Taicang City, Suzhou City, Jiangsu Province Patentee after: Suzhou Jiaqian Textile Technology Co.,Ltd. Address before: 518000 Baoan District Xin'an street, Shenzhen, Guangdong, No. 625, No. 625, Nuo platinum Plaza, Patentee before: SHENZHEN SHANGGE INTELLECTUAL PROPERTY SERVICE Co.,Ltd. Effective date of registration: 20201201 Address after: 518000 Baoan District Xin'an street, Shenzhen, Guangdong, No. 625, No. 625, Nuo platinum Plaza, Patentee after: SHENZHEN SHANGGE INTELLECTUAL PROPERTY SERVICE Co.,Ltd. Address before: 518057 Nanshan District Guangdong high tech Industrial Park, South Road, science and technology, ZTE building, Ministry of Justice Patentee before: ZTE Corp. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20221212 Address after: Room 01, building 13, No.1, Zhaoyan Road, Shaxi Town, Taicang City, Jiangsu Province Patentee after: Suzhou Xineng Environmental Protection Technology Co.,Ltd. Address before: East side of Xizhi Road, group 18, Shengli village, Shaxi Town, Taicang City, Suzhou City, Jiangsu Province Patentee before: Suzhou Jiaqian Textile Technology Co.,Ltd. |