CN102014059A - IPSEC VPN (Internet protocol security virtual private network)-based dynamic QoS (quality of service) bandwidth allocation method - Google Patents
IPSEC VPN (Internet protocol security virtual private network)-based dynamic QoS (quality of service) bandwidth allocation method Download PDFInfo
- Publication number
- CN102014059A CN102014059A CN2010105655124A CN201010565512A CN102014059A CN 102014059 A CN102014059 A CN 102014059A CN 2010105655124 A CN2010105655124 A CN 2010105655124A CN 201010565512 A CN201010565512 A CN 201010565512A CN 102014059 A CN102014059 A CN 102014059A
- Authority
- CN
- China
- Prior art keywords
- bandwidth
- vpn
- vpn session
- qos
- session
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses an IPSEC VPN (Internet protocol security virtual private network)-based dynamic QoS (quality of service) bandwidth allocation method which comprises the following steps: S1: creating a VPN (virtual private network) session, simultaneously establishing the priority of the VPN session, and applying to a bandwidth management center for bandwidth of the VPN session; S2: binding ID (identification) of the VPN session to the ID of a QoS bandwidth template, and associating the VPN session with the QoS bandwidth template, wherein the QoS bandwidth template comprises the ID of the template, the bandwidth commitment value and the bandwidth maximum use value; and S3: leading the bandwidth management center to allocate bandwidth for the VPN session through the QoS bandwidth template associated with the VPN session. By adopting the method, the transmission speed of each VPN session can be well ensured, each VPN session can occupy more bandwidth, and the utilization rate of interface bandwidth can be maximized.
Description
Technical field
The present invention relates to the Internet service technical field, particularly a kind of dynamic QoS bandwidth allocation methods based on IPSEC VPN.
Background technology
Current various VPN (virtual private network) (Virtual Private Network, VPN) application technology is all very ripe, agreement based on various sessions also becomes standard, currently for each session, can't distribute bandwidth for the user, perhaps maximum realization technology is to determine whether disconnecting by the flow of judging the user connecting, and with regard to quality services (Quality of Service, QoS) technology is to carry out Bandwidth Management by the user, but can not carry out based on various VPN sessions, two kinds of technical purpose differences have his own strong points, in order better to be illustrated, here rename and be VPNQ, promptly based on the QoS of IPSEC VPN.
By top explanation to prior art, understanding is dynamic based on each session that VPN connects, that is to say that each bar is connected in the certain hour section does not reach the standard grade, current QoS bandwidth value to each user at user's Bandwidth Management system is constant so, minimum also can reach a committed rate (Committed Information Rate), so when most of user was not online, bandwidth just can not get sufficient utilization.
Summary of the invention
(1) technical problem that will solve
The technical problem to be solved in the present invention is: reasonable distribution bandwidth in vpn system how, make when the most of user among the VPN is online, can not make full use of bandwidth, and when a large number of users is online, can at utmost guarantee reaching the standard grade of high-priority users.
(2) technical scheme
For solving the problems of the technologies described above, the invention provides a kind of dynamic QoS bandwidth allocation methods based on IPSEC (Internet protocol safety) VPN, may further comprise the steps:
S1: create the VPN session, set up the priority of VPN session simultaneously, and apply for the bandwidth of described VPN session to the Bandwidth Management center;
S2: ID and QoS bandwidth template ID binding with described VPN session, make described VPN session related with described QoS bandwidth template, described QoS bandwidth template comprises: the maximum use value of template ID, bandwidth commitment value and bandwidth;
S3: the Bandwidth Management center is that described VPN session distributes bandwidth by the QoS bandwidth template with described VPN session association.
Wherein, step S2 is specially:
If have QoS bandwidth template to be associated in the current vpn system, the described QoS bandwidth template to be associated of then described VPN session direct correlation, if there is not QoS bandwidth template to be associated, then create QoS bandwidth template, with QoS bandwidth template and the described VPN session association of creating.
Wherein, step S3 is specially:
If currently have remaining bandwidth and enough distribute to described VPN session, the Bandwidth Management center is that described VPN session distributes bandwidth by described QoS bandwidth template, and the bandwidth of distributing is not less than described bandwidth commitment value, is not higher than the maximum use value of described bandwidth;
If current remaining bandwidth or the remaining bandwidth of not existing distributed to described VPN session inadequately, then in vpn system, reduce the bandwidth of the low priority VPN session lower earlier than described VPN session priority, up to the VPN session of enough distributing to establishment, the VPN session that the Bandwidth Management center is described establishment by described QoS bandwidth template distributes bandwidth.
Wherein, the described concrete mode that reduces the bandwidth of the low priority VPN session lower than described VPN session priority in vpn system earlier is:
The bandwidth that reduces earlier the minimum low priority VPN session of priority is low to moderate 1/4 of current actual bandwidth most to half of current actual bandwidth, and every reduction once back judges whether remaining bandwidth enough distributes to the VPN session of establishment, if enough, then distribution; Otherwise according to priority reduce low priority VPN session from low to high successively, up to enough distribution.
Wherein, when creating the VPN session, if the bandwidth of always utilizing of current all VPN session surpasses the interface total bandwidth, then successively the bandwidth of this VPN session is reduced to half of current actual bandwidth or is low to moderate 1/4 most, be lower than the interface total bandwidth up to the bandwidth of always utilizing of all VPN sessions by VPN session priority order from low to high.
Wherein, also comprise in real time the step that downloading flow is adjusted the VPN Bandwidth Dynamic of uploading according to the VPN session:
If the total bandwidth that current VPN session utilizes has surpassed 80% of interface total bandwidth, the bandwidth that reduces the minimum VPN session of priority is to half of its actual bandwidth, if the total bandwidth that current VPN session utilizes also surpasses 80% of interface total bandwidth, then be reduced to 1/4 of actual bandwidth again.
Wherein, if the VPN session timeout discharges the bandwidth of oneself occupying automatically and redistributes for the Bandwidth Management center.
Wherein, when in deletion VPN session, send deletion message to the Bandwidth Management center, the bandwidth that this VPN session will be distributed in described Bandwidth Management center discharges.
(3) beneficial effect
The present invention is by distributing bandwidth to each VPN session, and the situation by actual transmissions and interface total bandwidth, by the VPN session priority its bandwidth is dynamically adjusted, can well guarantee the transmission speed of each VPN session, be that minimum can reach the bandwidth commitment value, promptly when network is busy, can guarantee the bandwidth of VPN session; Can distribute the transmission speed of each VPN session to be no more than the maximum use value of bandwidth, promptly when bandwidth is idle, make bandwidth availability ratio reach best, make more occupied bandwidth of each VPN session; Make the maximization of interface bandwidth utilance, guaranteed that simultaneously more user is online; The network management personnel is managing bandwidth better, and the bandwidth that each VPN session is occupied can both be guaranteed.
Description of drawings
Fig. 1 is a kind of dynamic QoS bandwidth allocation methods flow chart based on IPSEC VPN of the embodiment of the invention.
Embodiment
Below in conjunction with drawings and Examples, the specific embodiment of the present invention is described in further detail.Following examples are used to illustrate the present invention, but are not used for limiting the scope of the invention.
Pass through each VPN session and QoS bandwidth template dynamic binding in the method for the present invention, to the maximum use value (PIR) of template ID of each QoS bandwidth template definition, bandwidth commitment value (CIR) and bandwidth, and set the bandwidth commitment value (CIR) and the maximum use value (PIR) of bandwidth of VPN session when binding again, the bandwidth of distribution is between CIR and PIR.And dynamically adjust the CIR/PIR value of the QoS bandwidth template of VPN session correspondence along with the bandwidth value of the real-time Transmission of VPN session.Detailed process comprises as shown in Figure 1:
Step S101 creates the VPN session, sets up the priority of VPN session simultaneously, and applies for the bandwidth of described VPN session to the Bandwidth Management center.
After creating the VPN session, ID and QoS bandwidth template ID binding with the VPN session make the VPN session related with QoS bandwidth template.
Step S102, if having QoS bandwidth template to be associated in the current vpn system, this QoS bandwidth template to be associated of then described VPN session direct correlation, after being successfully associated, execution in step S105, otherwise, execution in step S103.
Step S103 if there is not QoS bandwidth template to be associated, then creates QoS bandwidth template, and each the QoS bandwidth template in the vpn system can be assigned with template ID when creating, configuration cir value and PIR value.
Step S104, with QoS bandwidth template and the VPN session association created, after the association, the cir value of QoS bandwidth template and PIR value are the cir value and the PIR value of VPN session bandwidth.
Step S105, related back is VPN session distribution bandwidth by the Bandwidth Management center by the QoS bandwidth template with the VPN session association.
When distributing bandwidth, check the current VPN session that whether remaining bandwidth is arranged and can distribute to new establishment, promptly the remaining bandwidth amount is more than or equal to the cir value of the new VPN session of creating.If currently have remaining bandwidth and can distribute, execution in step S107 then; If do not exist remaining bandwidth or remaining bandwidth to distribute to the VPN session of new establishment, then execution in step S106 inadequately.
Step S106, elder generation reduces the bandwidth of the low priority VPN session lower than this VPN session priority in vpn system, when enough distributing to the VPN session of establishment, execution in step S107.When reducing the VPN session bandwidth of low priority, the bandwidth that reduces earlier the minimum low priority VPN session of priority is low to moderate 1/4 of current actual bandwidth most to half of current actual bandwidth, and every reduction once back judges whether remaining bandwidth enough distributes to the VPN session of establishment, if enough, then distribute; Otherwise according to priority reduce low priority VPN session from low to high successively, up to enough distribution.If when the bandwidth of the VPN session of each low priority all drops to its CIR, do not have enough allocated bandwidth yet, the failure of VPN session association, i.e. VPN conversation establishing failure.
Step S107, the Bandwidth Management center is that by QoS bandwidth template the VPN session distributes bandwidth, and the bandwidth of distributing is not less than the cir value of VPN session, is not higher than the PIR value of VPN session.Divide timing should at first guarantee cir value, when interface bandwidth uses when residue is arranged and the demand of VPN session can reach maximum PIR.
In process, also can dynamically adjust the bandwidth of each VPN session and distribute according to the transmission situation of network interface bandwidth situation and each VPN session self to whole vpn system Bandwidth Management.
When creating the VPN session, if the bandwidth of always utilizing of current all VPN session surpasses the interface total bandwidth, then successively the bandwidth of this VPN session is reduced to half of current actual bandwidth or is low to moderate 1/4 most, be lower than the interface total bandwidth up to the bandwidth of always utilizing of all VPN sessions by VPN session priority order from low to high.
Because the distribution of bandwidth reduces the interface remaining bandwidth, therefore, can be in real time upload downloading flow to the adjustment of VPN Bandwidth Dynamic according to the VPN session at the vpn system normal operating phase.If the bandwidth of always utilizing of current all VPN session surpasses 80% of interface total bandwidth, the bandwidth that then reduces the minimum VPN session of priority is to half of its actual bandwidth, if the total bandwidth that current VPN session utilizes also surpasses 80% of interface total bandwidth, then be reduced to 1/4 of actual bandwidth again.If certain VPN session takes cir value for a long time, if current have a remaining bandwidth, then directly distribute to an amount of bandwidth of this VPN session, if do not have remaining bandwidth then can be automatically with the bandwidth of the VPN session lower than this VPN session priority be reduced to its current actual bandwidth half in addition 1/4, give to recover its bandwidth again according to the transmission situation of VPN session afterwards.Reduce successively by VPN session priority order from low to high during reduction.
Send deletion message to the Bandwidth Management center when in deletion VPN session, the bandwidth that this VPN session will be distributed in described Bandwidth Management center discharges.If the VPN session timeout discharges bandwidth automatically and redistributes for the Bandwidth Management center.The interface total bandwidth that discharges the back vpn system can increase.
Above execution mode only is used to illustrate the present invention; and be not limitation of the present invention; the those of ordinary skill in relevant technologies field; under the situation that does not break away from the spirit and scope of the present invention; can also make various variations and modification; therefore all technical schemes that are equal to also belong to category of the present invention, and scope of patent protection of the present invention should be defined by the claims.
Claims (8)
1. the dynamic QoS bandwidth allocation methods based on IPSEC VPN is characterized in that, may further comprise the steps:
S1: create the VPN session, set up the priority of VPN session simultaneously, and apply for the bandwidth of described VPN session to the Bandwidth Management center;
S2: ID and QoS bandwidth template ID binding with described VPN session, make described VPN session related with described QoS bandwidth template, described QoS bandwidth template comprises: the maximum use value of template ID, bandwidth commitment value and bandwidth;
S3: the Bandwidth Management center is that described VPN session distributes bandwidth by the QoS bandwidth template with described VPN session association.
2. the dynamic QoS bandwidth allocation methods based on IPSEC VPN as claimed in claim 1 is characterized in that step S2 is specially:
If have QoS bandwidth template to be associated in the current vpn system, the described QoS bandwidth template to be associated of then described VPN session direct correlation, if there is not QoS bandwidth template to be associated, then create QoS bandwidth template, with QoS bandwidth template and the described VPN session association of creating.
3. the dynamic QoS bandwidth allocation methods based on IPSEC VPN as claimed in claim 1 or 2 is characterized in that step S3 is specially:
If currently have remaining bandwidth and enough distribute to described VPN session, the Bandwidth Management center is that described VPN session distributes bandwidth by described QoS bandwidth template, and the bandwidth of distributing is not less than described bandwidth commitment value, is not higher than the maximum use value of described bandwidth;
If current remaining bandwidth or the remaining bandwidth of not existing distributed to described VPN session inadequately, then in vpn system, reduce the bandwidth of the low priority VPN session lower earlier than described VPN session priority, up to the VPN session of enough distributing to establishment, the VPN session that the Bandwidth Management center is described establishment by described QoS bandwidth template distributes bandwidth.
4. the dynamic QoS bandwidth allocation methods based on IPSEC VPN as claimed in claim 3 is characterized in that, the described concrete mode that reduces the bandwidth of the low priority VPN session lower than described VPN session priority in vpn system earlier is:
The bandwidth that reduces earlier the minimum low priority VPN session of priority is low to moderate 1/4 of current actual bandwidth most to half of current actual bandwidth, and every reduction once back judges whether remaining bandwidth enough distributes to the VPN session of establishment, if enough, then distribution; Otherwise according to priority reduce low priority VPN session from low to high successively, up to enough distribution.
5. the dynamic QoS bandwidth allocation methods based on IPSEC VPN as claimed in claim 3, it is characterized in that, when creating the VPN session, if the bandwidth of always utilizing of current all VPN session surpasses the interface total bandwidth, then successively the bandwidth of this VPN session is reduced to half of current actual bandwidth or is low to moderate 1/4 most, be lower than the interface total bandwidth up to the bandwidth of always utilizing of all VPN sessions by VPN session priority order from low to high.
6. the dynamic QoS bandwidth allocation methods based on IPSEC VPN as claimed in claim 3 is characterized in that, also comprises in real time the step that downloading flow is adjusted the VPN Bandwidth Dynamic of uploading according to the VPN session:
If the total bandwidth that current VPN session utilizes has surpassed 80% of interface total bandwidth, the bandwidth that reduces the minimum VPN session of priority is to half of its actual bandwidth, if the total bandwidth that current VPN session utilizes also surpasses 80% of interface total bandwidth, then be reduced to 1/4 of actual bandwidth again.
7. the dynamic QoS bandwidth allocation methods based on IPSEC VPN as claimed in claim 3 is characterized in that, if the VPN session timeout discharges the bandwidth of oneself occupying automatically and redistributes for the Bandwidth Management center.
8. the dynamic QoS bandwidth allocation methods based on IPSEC VPN as claimed in claim 3 is characterized in that, when in deletion VPN session, sends deletion message to the Bandwidth Management center, and the bandwidth that this VPN session will be distributed in described Bandwidth Management center discharges.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010105655124A CN102014059A (en) | 2010-11-30 | 2010-11-30 | IPSEC VPN (Internet protocol security virtual private network)-based dynamic QoS (quality of service) bandwidth allocation method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010105655124A CN102014059A (en) | 2010-11-30 | 2010-11-30 | IPSEC VPN (Internet protocol security virtual private network)-based dynamic QoS (quality of service) bandwidth allocation method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102014059A true CN102014059A (en) | 2011-04-13 |
Family
ID=43844079
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010105655124A Pending CN102014059A (en) | 2010-11-30 | 2010-11-30 | IPSEC VPN (Internet protocol security virtual private network)-based dynamic QoS (quality of service) bandwidth allocation method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102014059A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103686445A (en) * | 2013-12-03 | 2014-03-26 | 浙江宇视科技有限公司 | Method and device for dynamically regulating Qos (quality of service) of video monitoring network |
| CN103813339A (en) * | 2012-11-15 | 2014-05-21 | 鸿富锦精密工业(深圳)有限公司 | Bandwidth management system and method |
| CN109600291A (en) * | 2017-09-30 | 2019-04-09 | 华为软件技术有限公司 | Cross-domain QoS method of adjustment and device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1859303A (en) * | 2006-01-25 | 2006-11-08 | 华为技术有限公司 | Dynamic flow control method based on end port |
| CN101179321A (en) * | 2007-12-13 | 2008-05-14 | 北京卫星信息工程研究所 | Method for implementing wireless resource management of satellite communication system |
| CN101499970A (en) * | 2008-02-02 | 2009-08-05 | 成都迈普产业集团有限公司 | Band-width allocation method for guaranteeing QoS of customer in IP telecommunication network |
| CN101499969A (en) * | 2008-02-01 | 2009-08-05 | 成都迈普产业集团有限公司 | Bandwidth allocation method for IP telecommunication system |
-
2010
- 2010-11-30 CN CN2010105655124A patent/CN102014059A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1859303A (en) * | 2006-01-25 | 2006-11-08 | 华为技术有限公司 | Dynamic flow control method based on end port |
| CN101179321A (en) * | 2007-12-13 | 2008-05-14 | 北京卫星信息工程研究所 | Method for implementing wireless resource management of satellite communication system |
| CN101499969A (en) * | 2008-02-01 | 2009-08-05 | 成都迈普产业集团有限公司 | Bandwidth allocation method for IP telecommunication system |
| CN101499970A (en) * | 2008-02-02 | 2009-08-05 | 成都迈普产业集团有限公司 | Band-width allocation method for guaranteeing QoS of customer in IP telecommunication network |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103813339A (en) * | 2012-11-15 | 2014-05-21 | 鸿富锦精密工业(深圳)有限公司 | Bandwidth management system and method |
| CN103813339B (en) * | 2012-11-15 | 2017-05-31 | 鸿富锦精密工业(深圳)有限公司 | Bandwidth management system and management method |
| CN103686445A (en) * | 2013-12-03 | 2014-03-26 | 浙江宇视科技有限公司 | Method and device for dynamically regulating Qos (quality of service) of video monitoring network |
| CN103686445B (en) * | 2013-12-03 | 2017-04-19 | 浙江宇视科技有限公司 | Method and device for dynamically regulating Qos (quality of service) of video monitoring network |
| CN109600291A (en) * | 2017-09-30 | 2019-04-09 | 华为软件技术有限公司 | Cross-domain QoS method of adjustment and device |
| CN109600291B (en) * | 2017-09-30 | 2021-06-01 | 华为技术有限公司 | Cross-domain QoS (quality of service) adjusting method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102685904B (en) | Bandwidth self-adaptive allocation method and bandwidth self-adaptive allocation system | |
| CN108574599B (en) | Password resource pool, password resource pool management method, management platform and management system | |
| WO2015196562A1 (en) | Method for configuring scheduling information, method for processing configuration parameters and apparatuses | |
| MX350298B (en) | Methods and systems for data context and management via dynamic spectrum controller and dynamic spectrum policy controller. | |
| CN101772102A (en) | Selecting method for isomeric wireless network | |
| CN102868638A (en) | Method and system for dynamically regulating bandwidth | |
| CN103560978A (en) | Method and device for bandwidth dynamic allocation in optical access network | |
| CN105208121A (en) | File access flow control method and system based on distributed file system | |
| CN105591970A (en) | Traffic control method and device | |
| CN106576345A (en) | Propagating communication awareness over a cellular network | |
| CN109495593A (en) | Address distribution method and system | |
| WO2012129856A1 (en) | Method and system for regulating and controlling service license dynamically | |
| CN101110659B (en) | Method for distributing subdistrict frequency band and network appliance thereof | |
| CN104539558A (en) | Capacity-expansible IP telephone exchange blade mechanism frame and automatic capacity expansion method | |
| CN101282297A (en) | Method and device for regulating bandwidth | |
| CN102014059A (en) | IPSEC VPN (Internet protocol security virtual private network)-based dynamic QoS (quality of service) bandwidth allocation method | |
| CN102984073A (en) | Resource management device and method in multicast service | |
| CN108282417A (en) | CHINA RFTCOM Co Ltd method for managing resource, device and broadcasting and TV VOD method, system | |
| CN108881067B (en) | Bandwidth allocation method and system for ensuring business fairness based on application awareness | |
| WO2012163276A1 (en) | Service data scheduling method, base station, and base station controller | |
| CN101340612A (en) | Packet scheduling method for logic channel of radio communication system | |
| CN108234357B (en) | Multicast traffic distribution method and system | |
| WO2011160531A1 (en) | Method and system for adjusting bandwidth resources of application binary interface standard interface | |
| WO2010148813A1 (en) | Uplink power control method and device in carrier aggregation system | |
| CN112600712B (en) | Service quality scheduling method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20110413 |