CN102340532B - P2P application identification method and device as well as P2P flow management method and device - Google Patents
P2P application identification method and device as well as P2P flow management method and device Download PDFInfo
- Publication number
- CN102340532B CN102340532B CN201010238666.2A CN201010238666A CN102340532B CN 102340532 B CN102340532 B CN 102340532B CN 201010238666 A CN201010238666 A CN 201010238666A CN 102340532 B CN102340532 B CN 102340532B
- Authority
- CN
- China
- Prior art keywords
- address
- source
- screening set
- linking number
- application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
The invention discloses a P2P application identification method and device as well as a P2P flow management method and device, which respectively overcome the defect of unreasonable network resource distribution and the defect of single management mode of P2P application in the prior art. The P2P application identification method mainly comprises the following steps of: calculating the connection variance of each source IP (Internet Protocol) address in the connection; selecting part of the source IP addresses having connection variances equal to or greater than a preset connection variance threshold or selecting all the source IP addresses to form a primary screened set; screening the source IP addresses in the primary screened set for a second time according to a used connection protocol to form a secondary screened set; and determining whether the P2P application is carried out on the source IP addresses in the secondary screened set right now according to the connections of the source IP addresses in the secondary screened set, the number of ports used by connection ends and a preset port difference threshold. The technical scheme of the P2P application identification technology disclosed by the invention overcomes the defect of unreasonable network resource distribution in the prior art.
Description
Technical field
The administrative skill that the present invention relates to P2P (point-to-point) application, specifically, relates to a kind of P2P application and identification method and device, and a kind of P2P flow managing method and device.
Background technology
Network management system, as the important means of network safety prevention, is applied increasingly extensive at present.By network internal overall architecture and application are carried out to reasonable disposition, to reach optimum network service efficiency.Adjusting by the monitoring for current network running status and strategy, make Network be able to normal operation smoothly, avoid abuse and the waste of Internet resources, ensure the normal operation of network system, is the effective ways of realizing IT management and controlling.
Along with the development of network, in the middle of current network environment, there is the application of increasing P2P (point-to-point) class.P2P network configuration and application can improve the utilance of Internet resources, improve resource-sharing rate, are main trend of future network development.But owing to lacking unified standard and operating specification, the appearance of P2P application also brings a lot of drawbacks, this is mainly reflected on the abuse for Internet resources, such as the file-sharing based on P2P framework, video playback etc. application, occupied bandwidth is excessive, has a strong impact on use of other proper network business etc.Meanwhile, the modes such as encrypted transmission have been taked in various P2P application gradually, evade traditional detection and administrative skill, make P2P application to be effectively identified and effectively to manage.
Along with P2P, to apply the drawback of bringing day by day serious, and a lot of network security products is considered different measures, wishes that application is effectively managed for P2P.Most network management product is also relatively single to the way to manage of P2P application, such as the products such as fire compartment wall, intrusion prevention system (IPS), UTM (UTM) attempt to provide for P2P application block to solve current P2P the problem of abusing Internet resources.The network management product of most, for the identification of P2P class application, has adopted protocol analysis to add the mode of characteristic matching, detects the concrete application of P2P, as bit stream (BT), electric donkey (emule) etc. in network environment.
Gradually adopt encrypted transmission etc. to hide the P2P application of mode, although can evade traditional detection and management, but it is more and more difficult to have caused for the identification of P2P flow, and then had a strong impact on the consequence of P2P flow moderate management, this is unfavorable for that application is reasonably managed and guides to P2P on the contrary.
On the other hand, some network management technologys adopt the way of single limited flow or linking number (as limited flow rate threshold value or linking number threshold value etc.) to carry out the use of limiting P 2 P application, to avoid the interference of P2P business to normal Network, but this will certainly cause the waste of Internet resources.In general network environment, the Network of working period is busy, now should reduce the use of P2P as far as possible and even stop using, to retain enough bandwidth for regular traffic; And to time the bandwidth free time at night, can suitably improve the scope of application of P2P application, to accomplish the maximum utilization of Internet resources.
Therefore be necessary to develop a kind of can realization P2P application traffic is effectively identified and on this basis, carried out the effectively method of management, distribute unreasonable defect in order to overcome existing network system for resource, guarantee the maximum utilization of Internet resources.
Summary of the invention
Technical problem to be solved by this invention is that a kind of P2P application and identification method and device need to be provided, to overcome the prior art defect unreasonable to Resource Allocation in Networks.
In order to solve the problems of the technologies described above, the invention provides a kind of P2P application and identification method, comprise the steps:
Calculate the linking number variance of each source IP address in connecting;
Choose the part or all of source IP address that described linking number variance is more than or equal to default linking number variance threshold values, form primary screening set;
According to used connection protocol, the source IP address in described primary screening set is carried out to postsearch screening, form postsearch screening set;
According to the linking number of the source IP address in described postsearch screening set, port number that peer end of the connection uses and default port residual quantity threshold value, determine whether the source IP address in described postsearch screening set is carrying out P2P application.
Preferably, when getting in described primary screening set, connect the source IP address of same object IP address with transmission control protocol and user datagram protocol, form described postsearch screening set.
Preferably, add up the linking number that source IP address in described postsearch screening set connects different described object IP address, and the quantity of the destination interface that uses of each described object IP address; The difference of the quantity of described linking number and described destination interface and described port residual quantity threshold value are compared; Determine that the source IP address that described difference is less than or equal to described port residual quantity threshold value is carrying out P2P application.
In order to solve the problems of the technologies described above, the present invention also provides a kind of P2P application identification device, comprising:
Computing module, for calculating the linking number variance of the each source IP address of connection;
First selects module, is more than or equal to the part or all of source IP address of default linking number variance threshold values for choosing described linking number variance, forms primary screening set;
Second selects module, for the connection protocol according to used, the source IP address in described primary screening set is carried out to postsearch screening, forms postsearch screening set;
Identification module, for the port number that uses according to the linking number of the source IP address of described postsearch screening set, peer end of the connection and default port residual quantity threshold value, determines whether the source IP address in described postsearch screening set is carrying out P2P application.
Preferably, when described the first selection module is used for choosing described primary screening set, connect the source IP address of same object IP address with transmission control protocol and user datagram protocol, form described postsearch screening set.
Another technical problem to be solved by this invention is that a kind of P2P flow managing method and device need to be provided, to overcome the way to manage single defect of prior art to P2P application.
In order to solve the problems of the technologies described above, the invention provides a kind of P2P flow managing method, comprise the steps:
Calculate the linking number variance of each source IP address in described connection;
Get the part or all of source IP address that described linking number variance is more than or equal to default linking number variance threshold values, form primary screening set;
According to used connection protocol, the source IP address in described primary screening set is carried out to postsearch screening, form postsearch screening set;
According to the linking number of the source IP address in described postsearch screening set, port number that peer end of the connection uses and default port residual quantity threshold value, determine whether the source IP address in described postsearch screening set is carrying out P2P application;
To carrying out the source IP address of P2P application, according to the predefined time interval, the flow information of its all connections is added up, obtain the transmission speed being respectively connected in current time interval;
According to default flow management strategy and described transmission speed, with the unit of being connected to, each P2P application is carried out to traffic management.
Preferably, when getting in described primary screening set, connect the source IP address of same object IP address with transmission control protocol and user datagram protocol, form described postsearch screening set.
Preferably, add up the linking number that source IP address in described postsearch screening set connects different described object IP address, and the quantity of the destination interface that uses of each described object IP address; The difference of the quantity of described linking number and described destination interface and described port residual quantity threshold value are compared; Determine that the source IP address that described difference is less than or equal to described port residual quantity threshold value is carrying out P2P application.
In order to solve the problems of the technologies described above, the present invention also provides a kind of P2P traffic management device, comprising:
The first computing module, for calculating the linking number variance of the each source IP address of connection;
First selects module, is more than or equal to the part or all of source IP address of default linking number variance threshold values for choosing described linking number variance, forms primary screening set;
Second selects module, for the connection protocol according to used, the source IP address in described primary screening set is carried out to postsearch screening, forms postsearch screening set;
Identification module, for the port number that uses according to the linking number of the source IP address of described postsearch screening set, peer end of the connection and default port residual quantity threshold value, determines whether the source IP address in described postsearch screening set is carrying out P2P application;
The second computing module, for to the source IP address that carries out P2P application, according to the predefined time interval, adds up the flow information of its all connections, obtains the transmission speed being respectively connected in current time interval;
Administration module, for according to default flow management strategy and described transmission speed, carries out traffic management with the unit of being connected to each P2P application.
Preferably, when described the first selection module is used for choosing described primary screening set, connect the source IP address of same object IP address with transmission control protocol and user datagram protocol, form described postsearch screening set.
Technical scheme of the present invention is applicable to the application such as network management technology and network audit technology, compared with prior art:
P2P application identification technical scheme of the present invention overcomes the prior art defect unreasonable to Resource Allocation in Networks, and solved and apply for P2P the technical deficiency that can not accurately identify in traditional product, in real network environment, can carry out in real time P2P application identification.
P2P traffic management technical scheme of the present invention has solved the single technological deficiency of traffic management mode of applying for P2P at present, in real network environment, in real time P2P flow is carried out to tactical management, in the scope allowing at flow management strategy, avoid the waste of Internet resources, improved the flexibility of network management system for P2P application management.
Accompanying drawing explanation
Fig. 1 is the schematic flow sheet of a kind of P2P application and identification method of the embodiment of the present invention;
Fig. 2 is the schematic flow sheet of a kind of P2P flow managing method of the embodiment of the present invention;
Fig. 3 is the composition schematic diagram of a kind of P2P application identification device of the embodiment of the present invention;
Fig. 4 is the composition schematic diagram of a kind of P2P traffic management device of the embodiment of the present invention.
Embodiment
Describe embodiments of the present invention in detail below with reference to drawings and Examples, to the present invention, how application technology means solve technical problem whereby, and the implementation procedure of reaching technique effect can fully understand and implement according to this.
Embodiment mono-, a kind of P2P application and identification method
As shown in Figure 1, the present embodiment mainly comprises the steps:
Step S110, gathers the data on flows connecting;
Step S120, during calculating connects, the linking number variance of each source IP address, chooses the part or all of source IP address that described linking number variance is more than or equal to default linking number variance threshold values, forms primary screening set;
Step S130, carries out connection protocol statistics to the IP address in primary screening set, according to used connection protocol, the source IP address in primary screening set is carried out to postsearch screening, forms postsearch screening set;
Step S140, to the source IP address in postsearch screening set, the port number using according to its linking number, peer end of the connection and default port residual quantity threshold value, determine whether it is carrying out P2P application.
The present embodiment is added up screening according to IP linking number feature, connection protocol feature and IP address and port (IP, port) feature to data on flows, determines the P2P node in current network environment.
In a practical application of the present embodiment, the data on flows sample collecting comprises the transport layer protocol that each message uses, source IP, object IP, source port, destination interface and the flow (byte number, take kilobit (KB) as unit) of this message.For example, the data on flows sample format using in this practical application is as follows:
Table 1, data on flows sample
No. | Agreement | Source IP | Object IP | Source port | Destination interface | Flow (KB) |
1 | TCP | 20.115.16.172 | 202.102.224.136 | 1100 | 1900 | 56.99 |
2 | UDP | 20.115.16.172 | 169.20.108.159 | 4357 | 6200 | 8467.19 |
3 | TCP | 20.115.16.172 | 169.20.108.159 | 3476 | 6843 | 634.87 |
4 | TCP | 202.116.47.48 | 211.196.1.233 | 4338 | 433 | 64.87 |
5 | UDP | 20.115.16.172 | 202.102.224.136 | 3256 | 5987 | 0.64 |
Carry out source IP linking number statistics according to above-mentioned data on flows sample, the linking number that for example in upper table, source IP address is 20.115.16.172 is 4, and the linking number that source IP address is 202.116.47.48 is 1.Calculate the linking number variance of each source IP address according to following expression:
For same source IP address, x
1... x
nrespectively the linking number of this source IP address, x
*represent x
1... x
naverage, Y represents linking number variance;
This Y value and predefined linking number variance threshold values are compared, if Y value is more than or equal to this linking number variance threshold values, linking number unusual condition has been described, now get Y value higher than the linking number of this threshold value front m source IP address from big to small as primary screening set; Also choose the part or all of source IP address that Y value is more than or equal to this linking number variance threshold values, as this primary screening set.
In this practical application, the detailed process of above-mentioned steps S130 can be,
Judge in the middle of the IP address in primary screening set whether have IP address to exist and be connected simultaneously with same object IP address with transmission control protocol (TCP) and user datagram protocol (UDP) respectively as source IP; For example, in table 1, source IP address 20.115.16.172 is to object IP address 202.102.224.136 and 169.20.108.159 has respectively TCP to connect and UDP connects existence, now retain such source IP address as the element in postsearch screening set, and abandon the IP address that does not meet this condition.
In this practical application, the detailed process of above-mentioned steps S140 can be,
Source IP address in statistics postsearch screening set connects the number of connection of different object IP address, and the quantity of the destination interface that in the middle of these connections, object IP address is used, and the two is contrasted to statistics; If the quantity of number of connection and destination interface differs in the port residual quantity threshold value (this practical application is 10) default (being less than or equal to port residual quantity threshold value), think that this source IP address is carrying out P2P application, be applied as non-P2P application otherwise can think that this source IP address is ongoing; For example, in the middle of 4 connections of the source IP address 20.115.16.172 in table 1, used 4 different destination interfaces, to differ be zero for its number of connection and port number, now can judge that this source IP address is that the node of 20.115.16.172 is carrying out P2P application.
Embodiment bis-, a kind of P2P flow managing method
The object of the present embodiment using the recognition result in above-described embodiment one as P2P flow analysis.As shown in Figure 2, the present embodiment mainly comprises the steps:
Step S210, gathers the data on flows connecting;
Step S220, during calculating connects, the linking number variance of each source IP address, chooses the part or all of source IP address that described linking number variance is more than or equal to default linking number variance threshold values, forms primary screening set;
Step S230, carries out connection protocol statistics to the source IP address in primary screening set, according to used connection protocol, the source IP address in primary screening set is carried out to postsearch screening, forms postsearch screening set;
Step S240, to the source IP address in postsearch screening set, the port number using according to its linking number, peer end of the connection and default port residual quantity threshold value, determine whether it is carrying out P2P application;
Step S250, to carrying out the source IP address of P2P application, according to the predefined time interval, the flow information of all connections to this IP address is added up, and obtains the transmission speed being respectively connected in current time interval;
Step S260, according to default flow management strategy and be respectively connected to the transmission speed in current time interval, carries out traffic management with the unit of being connected to each P2P application.
Continue step S250 and the step S260 of explanation the present embodiment as an example of the aforesaid practical application of embodiment mono-example.
In above-mentioned steps S250, for IP address 20.115.16.172, follow the tracks of the unidirectional connection of the Servers-all end of this IP address in predetermined time interval to client, and the length characteristic of adding up adjacent 150 data messages in these unidirectional connections; When the length difference of two default adjacent data messages is greater than length difference threshold value (this practical application is 500k), counter increases by 1 accordingly, and in the time that length difference is less than this length difference threshold value (500k), counter is not added up.
Obtain thus test result as described in Table 2:
A test result of table 2, this practical application
That is to say, apply for P2P class, the value of counter every 150 data messages in statistic processes can exceed 15, therefore to set in this step the value of counter be 15 in this practical application, be 20.115.16.172 for IP address, the value of each connection corresponding counts device take this IP address as destination address is greater than at 15 o'clock, assert that this is connected to P2P and connects.
Be connected to basis with the P2P filtering out afterwards, add up the flow information that in each time interval, each P2P connects; The data on flows of for example receiving in current time interval is as shown in table 3:
The data on flows of receiving in table 3, current time interval
No. | Agreement | Source IP | Object IP | Source port | Destination interface | Flow (KB) |
1 | TCP | 202.102.224.136 | 20.115.16.172 | 1100 | 1900 | 56.99 |
2 | UDP | 169.20.108.159 | 20.115.16.172 | 4357 | 6200 | 8467.19 |
3 | TCP | 169.20.108.159 | 20.115.16.172 | 3476 | 6843 | 634.87 |
4 | TCP | 202.116.47.48 | 20.115.16.172 | 4338 | 433 | 64.87 |
5 | UDP | 202.102.224.136 | 20.115.16.172 | 3256 | 5987 | 0.64 |
6 | TCP | 169.20.108.159 | 20.115.16.172 | 6843 | 3476 | 293.50 |
7 | UDP | 202.102.224.136 | 20.115.16.172 | 5987 | 3256 | 420.89 |
Calculate the transmission speed of each unidirectional connection, the time interval using in this practical application is 30 seconds, and the transmission speed that calculates each connection is as table 4:
The flow information of table 4, unidirectional connection
No. | Agreement | Source IP | Object IP | Source port | Destination interface | Speed (KB/ second) |
1 | TCP | 202.102.224.136 | 20.115.16.172 | 1100 | 1900 | 1.9 |
2 | UDP | 169.20.108.159 | 20.115.16.172 | 4357 | 6200 | 282.2 |
3 | TCP | 169.20.108.15 | 920.115.16.172 | 3476 | 6843 | 21.2 |
4 | UDP | 202.102.224.136 | 20.115.16.172 | 3256 | 5987 | 0.02 |
5 | TCP | 202.116.47.48 | 20.115.16.172 | 4338 | 433 | 2.2 |
6 | TCP | 169.20.108.159 | 20.115.16.172 | 6843 | 3476 | 9.8 |
7 | UDP | 202.102.224.136 | 20.115.16.172 | 5987 | 3256 | 14.1 |
In above-mentioned steps S260, after receiving the transmission speed of each connection, according to predefined flow management strategy, can carry out the enforcement of P2P traffic management.
In aforesaid practical application, flow management strategy is while being limited to every connection 10kb/ second on P2P connection traffic.Being numbered 2,3,7 connection and will being terminated in table 4, will be retained and be numbered 1,4,5,6 connection, not limit; If the flow management strategy of now setting is (guarantee linking number as far as possible less time) while being limited to 30kb/ second in unidirectional connection total flow simultaneously, in table 4, being numbered 1,3,4,5 connection will be retained, and will be terminated and be numbered 2,6,7 connection.Similarly, this step can, according to for heterogeneous networks situation and predefined flow management strategy, be processed each connection of P2P application, to reach predefined traffic policy accordingly.
Embodiment tri-, a kind of P2P application identification device,
As shown in Figure 3, the recognition device of the present embodiment mainly comprises acquisition module 310, computing module 320, the first selection module 330, the second selection module 340 and identification module 350, wherein:
First selects module 330, is connected with computing module 320, is more than or equal to the part or all of source IP address of default linking number variance threshold values for choosing described linking number variance, forms primary screening set;
Second selects module 340, is connected with the first selection module 330, for the connection protocol according to used, the source IP address in described primary screening set is carried out to postsearch screening, forms postsearch screening set;
Above-mentioned first selects module 330 to connect the source IP address of same object IP address for choosing described primary screening set when with transmission control protocol and user datagram protocol, forms described postsearch screening set.
Embodiment tetra-, a kind of P2P traffic management device
As shown in Figure 4, the management devices of the present embodiment mainly comprises acquisition module 410, the first computing module 420, the first selection module 430, the second selection module 440, identification module 450, the second computing module 460 and administration module 470, wherein:
The first computing module 420, is connected with acquisition module 410, for calculating the linking number variance of the each source IP address of described connection;
First selects module 430, is connected with the first computing module 420, is more than or equal to the part or all of source IP address of default linking number variance threshold values for choosing described linking number variance, forms primary screening set;
Second selects module 440, is connected with the first selection module 430, for the connection protocol according to used, the source IP address in described primary screening set is carried out to postsearch screening, forms postsearch screening set;
The second computing module 460, is connected with identification module 450, for to the source IP address that carries out P2P application, according to the predefined time interval, the flow information of its all connections is added up, and obtains the transmission speed being respectively connected in current time interval;
Above-mentioned first selects module 430 to connect the source IP address of same object IP address for choosing described primary screening set when with transmission control protocol and user datagram protocol, forms described postsearch screening set.
P2P application identification technical scheme of the present invention has solved and has applied for P2P the technological deficiency that can not accurately identify in traditional product, P2P traffic management technical scheme of the present invention has solved the single technological deficiency of traffic management mode of applying for P2P at present, realize respectively and in real network environment, carried out in real time P2P application identification and carry out tactical management for P2P flow, there is the fast and advantage such as accurate flexibly of speed simultaneously.
P2P traffic management technical scheme of the present invention can guarantee the use of other proper network business (non-P2P application), the use of carrying out P2P business in the scope that also can allow at flow management strategy, to avoid the waste of Internet resources, has improved the flexibility of network management system for P2P application management.
Claims (4)
1. a P2P application and identification method, comprises the steps:
Calculate the linking number variance of each source IP address in connecting;
Choose the part or all of source IP address that described linking number variance is more than or equal to default linking number variance threshold values, form primary screening set;
According to used connection protocol, source IP address in described primary screening set is carried out to postsearch screening, form postsearch screening set, wherein, the source IP address that connects same object IP address when getting in described primary screening set with transmission control protocol and user datagram protocol, forms described postsearch screening set;
According to the linking number of the source IP address in described postsearch screening set, port number that peer end of the connection uses and default port residual quantity threshold value, determine whether the source IP address in described postsearch screening set is carrying out P2P application, wherein, add up the linking number that source IP address in described postsearch screening set connects different described object IP address, and the quantity of the destination interface that uses of each described object IP address; The difference of the quantity of described linking number and described destination interface and described port residual quantity threshold value are compared; Determine that the source IP address that described difference is less than or equal to described port residual quantity threshold value is carrying out P2P application.
2. a P2P flow managing method, comprises the steps:
Calculate the linking number variance of each source IP address in connecting;
Get the part or all of source IP address that described linking number variance is more than or equal to default linking number variance threshold values, form primary screening set;
According to used connection protocol, source IP address in described primary screening set is carried out to postsearch screening, form postsearch screening set, wherein, the source IP address that connects same object IP address when getting in described primary screening set with transmission control protocol and user datagram protocol, forms described postsearch screening set;
According to the linking number of the source IP address in described postsearch screening set, port number that peer end of the connection uses and default port residual quantity threshold value, determine whether the source IP address in described postsearch screening set is carrying out P2P application, wherein, add up the linking number that source IP address in described postsearch screening set connects different described object IP address, and the quantity of the destination interface that uses of each described object IP address; The difference of the quantity of described linking number and described destination interface and described port residual quantity threshold value are compared; Determine that the source IP address that described difference is less than or equal to described port residual quantity threshold value is carrying out P2P application;
To carrying out the source IP address of P2P application, according to the predefined time interval, the flow information of its all connections is added up, obtain the transmission speed being respectively connected in current time interval;
According to default flow management strategy and described transmission speed, with the unit of being connected to, each P2P application is carried out to traffic management.
3. a P2P application identification device, comprising:
Computing module, for calculating the linking number variance of the each source IP address of connection;
First selects module, is more than or equal to the part or all of source IP address of default linking number variance threshold values for choosing described linking number variance, forms primary screening set;
Second selects module, be used for according to used connection protocol, source IP address in described primary screening set is carried out to postsearch screening, form postsearch screening set, wherein, the source IP address that connects same object IP address when choosing in described primary screening set with transmission control protocol and user datagram protocol, forms described postsearch screening set;
Identification module, for the port number that uses according to the linking number of the source IP address of described postsearch screening set, peer end of the connection and default port residual quantity threshold value, determine whether the source IP address in described postsearch screening set is carrying out P2P application, wherein, add up the linking number that source IP address in described postsearch screening set connects different described object IP address, and the quantity of the destination interface that uses of each described object IP address; The difference of the quantity of described linking number and described destination interface and described port residual quantity threshold value are compared; Determine that the source IP address that described difference is less than or equal to described port residual quantity threshold value is carrying out P2P application.
4. a P2P traffic management device, comprising:
The first computing module, for calculating the linking number variance of the each source IP address of connection;
First selects module, is more than or equal to the part or all of source IP address of default linking number variance threshold values for choosing described linking number variance, forms primary screening set;
Second selects module, be used for according to used connection protocol, source IP address in described primary screening set is carried out to postsearch screening, form postsearch screening set, wherein, the source IP address that connects same object IP address when choosing in described primary screening set with transmission control protocol and user datagram protocol, forms described postsearch screening set;
Identification module, for the port number that uses according to the linking number of the source IP address of described postsearch screening set, peer end of the connection and default port residual quantity threshold value, determine whether the source IP address in described postsearch screening set is carrying out P2P application, wherein, add up the linking number that source IP address in described postsearch screening set connects different described object IP address, and the quantity of the destination interface that uses of each described object IP address; The difference of the quantity of described linking number and described destination interface and described port residual quantity threshold value are compared; Determine that the source IP address that described difference is less than or equal to described port residual quantity threshold value is carrying out P2P application;
The second computing module, for to the source IP address that carries out P2P application, according to the predefined time interval, adds up the flow information of its all connections, obtains the transmission speed being respectively connected in current time interval;
Administration module, for according to default flow management strategy and described transmission speed, carries out traffic management with the unit of being connected to each P2P application.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201010238666.2A CN102340532B (en) | 2010-07-26 | 2010-07-26 | P2P application identification method and device as well as P2P flow management method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201010238666.2A CN102340532B (en) | 2010-07-26 | 2010-07-26 | P2P application identification method and device as well as P2P flow management method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN102340532A CN102340532A (en) | 2012-02-01 |
CN102340532B true CN102340532B (en) | 2014-05-14 |
Family
ID=45516030
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201010238666.2A Expired - Fee Related CN102340532B (en) | 2010-07-26 | 2010-07-26 | P2P application identification method and device as well as P2P flow management method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN102340532B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110166447B (en) * | 2019-05-16 | 2021-11-12 | 广西电网有限责任公司 | PON gateway-based application identification system and identification method thereof |
CN114827097B (en) * | 2022-04-21 | 2023-10-17 | 咪咕文化科技有限公司 | Communication network construction method and device and computer equipment |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1708947A (en) * | 2002-10-30 | 2005-12-14 | 奥帕雷克斯公司 | Method and arrangement to reserve resources in an IP network |
CN101431473A (en) * | 2008-12-31 | 2009-05-13 | 深圳市迅雷网络技术有限公司 | Method and apparatus for implementing network speed limit |
CN101741608A (en) * | 2008-11-10 | 2010-06-16 | 北京启明星辰信息技术股份有限公司 | Traffic characteristic-based P2P application identification system and method |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP5228936B2 (en) * | 2009-01-20 | 2013-07-03 | 沖電気工業株式会社 | Overlay traffic detection system and traffic monitoring / control system |
-
2010
- 2010-07-26 CN CN201010238666.2A patent/CN102340532B/en not_active Expired - Fee Related
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1708947A (en) * | 2002-10-30 | 2005-12-14 | 奥帕雷克斯公司 | Method and arrangement to reserve resources in an IP network |
CN101741608A (en) * | 2008-11-10 | 2010-06-16 | 北京启明星辰信息技术股份有限公司 | Traffic characteristic-based P2P application identification system and method |
CN101431473A (en) * | 2008-12-31 | 2009-05-13 | 深圳市迅雷网络技术有限公司 | Method and apparatus for implementing network speed limit |
Non-Patent Citations (4)
Title |
---|
"Impact of P2P Traffic on IP Communication Networks’ Performances";M. Fras等;《IEEE Conference Publications》;20080628;第205-208页 * |
"基于流量模式的P2P流量识别方法综述";孙美凤等;《计算机应用研究》;20091031;第3625-3628页 * |
M. Fras等."Impact of P2P Traffic on IP Communication Networks’ Performances".《IEEE Conference Publications》.2008, |
孙美凤等."基于流量模式的P2P流量识别方法综述".《计算机应用研究》.2009, |
Also Published As
Publication number | Publication date |
---|---|
CN102340532A (en) | 2012-02-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7904597B2 (en) | Systems and processes of identifying P2P applications based on behavioral signatures | |
EP2241058B1 (en) | Method for configuring acls on network device based on flow information | |
Lee et al. | Network monitoring: Present and future | |
CN108737447B (en) | User datagram protocol flow filtering method, device, server and storage medium | |
CN104954367A (en) | Internet omnidirectional cross-domain DDoS (distributed denial of service) attack defense method | |
CN101834785B (en) | Method and device for realizing stream filtration | |
CN104853001A (en) | Address resolution protocol (ARP) message processing method and device | |
CN101902365B (en) | Method for monitoring P2P traffic of wide area network and system thereof | |
CN114363739B (en) | Service application method and device based on optical service unit | |
US7908369B2 (en) | Method of collecting descriptions of streams pertaining to streams relating to at least one client network attached to an interconnection network | |
CN102340532B (en) | P2P application identification method and device as well as P2P flow management method and device | |
CN107222403A (en) | A kind of data transmission method, system and electronic equipment | |
CN104348749B (en) | A kind of flow control methods, apparatus and system | |
CN106230741A (en) | A kind of method and apparatus that message is carried out speed limit | |
CN107147585B (en) | Flow control method and device | |
CN101883001A (en) | Method and system for traffic identification and management of P2P application in small network | |
CN102480503B (en) | P2P (peer-to-peer) traffic identification method and P2P traffic identification device | |
He et al. | Fine-grained P2P traffic classification by simply counting flows | |
CN104348675A (en) | Bidirectional service data flow identification method and device | |
CN102904914A (en) | Method and device for processing service requests | |
Gad et al. | Header field based partitioning of network traffic for distributed packet capturing and processing | |
Ito et al. | A bandwidth allocation scheme to improve fairness and link utilization in data center networks | |
KR20110071774A (en) | Smart border router and method for transmitting flow using the same | |
CN107222299A (en) | A kind of data transmission method, system and electronic equipment | |
Bassi et al. | Online peer-to-peer traffic identification. based on complex events processing of traffic event signatures |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20140514 Termination date: 20190726 |
|
CF01 | Termination of patent right due to non-payment of annual fee |