CN103248521A

CN103248521A - Business strategy rule configuring method and device, as well as communication system

Info

Publication number: CN103248521A
Application number: CN2013101560453A
Authority: CN
Inventors: 何俊; 杨兴华; 房列朝
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2013-04-28
Filing date: 2013-04-28
Publication date: 2013-08-14
Anticipated expiration: 2033-04-28
Also published as: CN103248521B

Abstract

An embodiment of the invention provides a business strategy rule configuring method and device, as well as a communication system, which can simplify a business strategy configuration process and improve the configuration efficiency. The business strategy rule configuring method comprises the steps that a business strategy configured by a user is acquired, wherein the business strategy comprises a node type used for business execution and a strategy rule used when the business is executed, and the node type is used for representing a set of at least one node in a network; node information included in the node type in the network is acquired; a network node used for executing the strategy rule in the business strategy is determined according to the node information; and the strategy rule to the network node is issued. The embodiment of the invention is suitable for the technical field of networks.

Description

Method, device and the communication system of the configuration of a kind of business game rule

Technical field

The present invention relates to networking technology area, relate in particular to a kind of method, device and communication system of business game configuration.

Background technology

Along with networks development, needed business is more and more on the network equipment.The scale of network also enlarges day by day simultaneously, and apparatus for network node kind and quantity are also more and more, and networking becomes increasingly complex.

Along with the expansion of professional and scale, the number of devices that network needs and kind are also along with increase.The user configuration and management on the various kinds of equipment business and during strategy, the configuration effort amount that needs reply network complexity and device category and quantity to increase to bring increases, and the challenge of dissimilar appliance services configuration varianceizations.Simultaneously, the user also need according to the current network situation dispose timely and effectively on each network equipment the strategy and professional.

A kind of distributed business and tactics configuring method have been proposed in the prior art, by the human-computer interaction interface of business and policy deployment is provided in equipment, after planning the business and strategy that every network equipment need be disposed in order to the user, every network equipment in the logging in network, the business of configuring and policy information.The network equipment is according to business and the strategy execution of configuration then.

Yet this collocation method allocative efficiency is low, and the user need plan the professional and tactful of every equipment, and needs configuration successively, and workload increases fast with the increase of networking and the network equipment.

In order to improve allocative efficiency, the centralized configuration method of a kind of business and strategy has also been proposed in the prior art, the user can concentrate by unified configuration server and carry out business configuration and strategy rule downloading in this method.Concrete, it is modes such as logical groups that the user can organize the network equipment with identical services or policing rule, by unify configuration at logical groups, reduces the configuration effort amount of professional and policing rule, thereby improves professional and policy configurations efficient.

Yet the method for centralized configuration though simplified the layoutprocedure of business game to a certain extent, has improved allocative efficiency, and for the user, whole layoutprocedure is still very complicated.For example, have the logical groups of identical services at tissue, the user needs at first to determine to carry out the node of identical services, and then unified configuration.Owing to often have a large amount of equipment in the network, determine to carry out the work of the node of identical services, for the user, remain a loaded down with trivial details process.Simultaneously, for same equipment, often need to carry out a plurality of business simultaneously, the user need be at same equipment like this, centralized configuration repeatedly, layoutprocedure is still very complicated, allocative efficiency is low.

Summary of the invention

Embodiments of the invention provide method, device and the communication system of a kind of business game rule configuration, can simplify the layoutprocedure of business game, improve allocative efficiency.

Embodiments of the invention adopt following technical scheme:

The method of a kind of business game rule configuration that first aspect, the embodiment of the invention provide, this method comprises:

Obtain user configured business game, described business game comprises the policing rule that uses when professional node type and described business are performed for carrying out, and wherein said node type is used for the set of at least one node of expression network;

Obtain the information of the node that node type comprises described in the described network;

According to the information of described node, be identified for carrying out the network node of the policing rule in the described business game;

Issue described policing rule to described network node.

In first kind of possible execution mode, in conjunction with first aspect, the information of described node comprises the business information of described node support and the sign of described node;

Described information according to described node, the network node that is identified for carrying out the policing rule in the described business game comprises:

According to the business information of described node support and the identification number of described node, will support that the node of described business is defined as network node.

In second kind of possible execution mode, in conjunction with first aspect, the information of described node comprises business information, the sign of described node and the routing iinformation of whole network that described node is supported;

According to the business information of described node support and the identification number of described node, determine to support the candidate network set of node of described business;

The traffic flow information that comprises according to described policing rule and the routing iinformation of described whole network determine that source address in every traffic flow information that described policing rule comprises is to the candidate network node subclass of destination address via the node in the described candidate network set of node;

From described candidate network node subclass, choose a node as described network node for the described policing rule of execution.

In the third possible execution mode, in conjunction with first aspect, the information of described node comprises: business information, the sign of described node and the disposal ability information of described node that described node is supported;

According to the business information of described node support and the sign of described node, determine to support the candidate network set of node of described business;

The information of the data flow that comprises according to disposal ability information and the described policing rule of the node that comprises in the described candidate network set of node, from described candidate network set of node, select to be used for carrying out the network node of described policing rule, wherein selecteed described network node equally loaded need be carried out the data flow of described business, and the information of the data flow that wherein said policing rule comprises is represented described data flow.

In the 4th kind of possible execution mode, in conjunction with first aspect, the information of described node comprises: business information, the sign of described node, the routing iinformation of described whole network and the disposal ability information of described node that described node is supported;

According to the disposal ability information of the node that comprises in the described candidate network node subclass and the information of the data flow that described policing rule comprises, from described candidate network node subclass, select a network node that is used for carrying out described policing rule, wherein selecteed described network node equally loaded need be carried out the data flow of described business, and the information of the data flow that wherein said policing rule comprises is represented described data flow.

In the 5th kind of possible execution mode, in conjunction with first aspect or according to first kind to the 4th kind possible execution mode, after described network node issued the step of described policing rule, this method also comprised described:

After the information of knowing the quantity of the node that described node type comprises and described node changes, the information of the node that comprises according to the described node type after described the changing redefines the network node for the policing rule of carrying out described business game;

Issue described policing rule to the described network node that redefines.

In the 6th kind of possible execution mode, in conjunction with first aspect or according to first kind to the 5th kind possible execution mode, after the described step of obtaining user configured business game, this method also comprises:

The policing rule that repeats in the described user configured business game is merged.

In the 7th kind of possible execution mode, in conjunction with first aspect or according to first kind to the 6th kind possible execution mode, describedly issue described policing rule to described network node and specifically comprise:

Indicate described network node to start described business;

Send described policing rule to described network node.

In the 8th kind of possible execution mode, in conjunction with first aspect or according to first kind to the 7th kind possible execution mode, described node type comprises at least one in following: be in the one or more nodes in the consolidated network zone set, belong to one or more nodes of same device type set, be in the set of the one or more nodes in the same physical location zone.

In the 9th kind of possible execution mode, in conjunction with first aspect or according to first kind to the 7th kind possible execution mode, described node type is link layer, network layer and the transport layer attribute information of one deck type of dividing at least according to described node.

Second aspect, the embodiment of the invention also provide the device of a kind of business game rule configuration, and this device comprises: acquiring unit, determining unit and issue the unit;

Described acquiring unit, be used for obtaining user configured business game, described business game comprises the policing rule that uses when professional node type and described business are performed for carrying out, and wherein said node type is used for the set of at least one node of expression network;

Described acquiring unit is also for the information of obtaining the node that node type comprises described in the described network;

Described determining unit is used for the information according to described node, is identified for carrying out the network node of the policing rule in the described business game;

The described unit that issues is used for issuing described policing rule to described network node.

In first kind of possible execution mode, in conjunction with second aspect, the information of described node comprises the business information of described node support and the sign of described node;

Described determining unit specifically is used for:

In second kind of possible execution mode, in conjunction with second aspect, the information of described node comprises business information, the sign of described node and the routing iinformation of whole network that described node is supported;

Described determining unit specifically is used for:

In the third possible execution mode, in conjunction with second aspect, the information of described node comprises: business information, the sign of described node and the disposal ability information of described node that described node is supported;

Described determining unit specifically is used for: according to the business information of described node support and the sign of described node, determine to support the candidate network set of node of described business;

In the 4th kind of possible execution mode, in conjunction with second aspect, the information of described node comprises: business information, the sign of described node, the routing iinformation of whole network and the disposal ability information of described node that described node is supported;

Described determining unit specifically is used for:

In the 5th kind of possible execution mode, in conjunction with second aspect or according to first kind to the 4th kind possible execution mode, this device also comprises: know the unit;

Describedly know the unit, be used for knowing whether the quantity of the node that described node type comprises and the information of described node change;

Described determining unit, also be used for described know that the unit knows that the quantity of the node that described node type comprises and information change after, the information of the node that comprises according to the described node type after described the changing redefines the network node for the policing rule of carrying out described business game;

The described unit that issues also is used for issuing described policing rule to the described network node that redefines.

In the 6th kind of possible execution mode, in conjunction with second aspect or according to first kind to the 5th kind possible execution mode, described device also comprises: merge cells;

Described merge cells, the policing rule that is used for described user configured business game is repeated merges.

In the 7th kind of possible execution mode, in conjunction with second aspect or according to first kind to the 6th kind possible execution mode, the described unit that issues specifically is used for:

Indicate described network node to start described business;

Send described policing rule to described network node.

In the 8th kind of possible execution mode, in conjunction with second aspect or according to first kind to the 7th kind possible execution mode, the professional node types of be used for carrying out that the described business game that described acquiring unit obtains comprises comprises following at least one: be in the one or more nodes in the consolidated network zone set, belong to one or more nodes of same device type set, be in the set of the one or more nodes in the same physical location zone.

In the 9th kind of possible execution mode, in conjunction with second aspect or according to first kind to the 7th kind possible execution mode, the described business game that described acquiring unit obtains comprises be used for to carry out professional node type for according to link layer, network layer and the transport layer of the described node attribute information of one deck type of dividing at least.

A kind of communication system that the third aspect, the embodiment of the invention provide comprises control node and one or more node, and wherein said one or more nodes are included in one or more node types, wherein:

Described control node is used for: obtain user configured business game, described business game comprises the policing rule that uses when professional node type and described business are performed for carrying out, and wherein said node type is used for the set of at least one node of expression network;

Issue described policing rule to described network node;

Described network node is used for: when described control node is defined as the present networks node to carry out the network node of policing rule of the described business game of described reception, receives the described policing rule that the control node issues, and carry out described policing rule.

In first kind of possible execution mode, in conjunction with the third aspect, described control node specifically is used for: obtain user configured business game, described business game comprises the policing rule that uses when professional node type and described business are performed for carrying out, and wherein said node type is used for the set of at least one node of expression network;

Obtain the information of the node that node type comprises described in the described network, wherein, the information of described node comprises the business information of described node support and the sign of described node;

According to the business information of described node support and the identification number of described node, will support that the node of described business is defined as network node;

Issue described policing rule to described definite network node.

In second kind of possible execution mode, in conjunction with the third aspect, described control node specifically is used for:

Obtain the information of the node that node type comprises described in the described network, wherein, the information of described node comprises business information, the sign of described node and the routing iinformation of whole network that described node is supported;

From described candidate network node subclass, choose a node as described network node for the described policing rule of execution;

Network node to described selection issues described policing rule.

In the third possible execution mode, in conjunction with the third aspect, described control node specifically is used for:

Obtain the information of the node that node type comprises described in the described network, wherein, the information of described node comprises: business information, the sign of described node and the disposal ability information of described node that described node is supported;

The information of the data flow that comprises according to disposal ability information and the described policing rule of the node that comprises in the described candidate network set of node, from described candidate network set of node, select to be used for carrying out the network node of described policing rule, wherein selecteed described network node equally loaded need be carried out the data flow of described business, and the information of the data flow that wherein said policing rule comprises is represented described traffic flow information;

Network node to described selection issues described policing rule.

In the 4th kind of possible execution mode, in conjunction with the third aspect, described control node specifically is used for:

Obtain the information of the node that node type comprises described in the described network, wherein, the information of described node comprises: business information, the sign of described node, the routing iinformation of whole network and the disposal ability information of described node that described node is supported;

According to the disposal ability information of the node that comprises in the described candidate network node subclass and the information of the data flow that described policing rule comprises, from described candidate network node subclass, select a network node that is used for carrying out described policing rule, wherein selecteed described network node equally loaded need be carried out the data flow of described business, and the information of the data flow that wherein said policing rule comprises is represented described data flow;

Network node to described selection issues described policing rule.

The embodiment of the invention provides method, device and the communication system of a kind of business game rule configuration, wherein this method comprises: obtain user configured business game, described business game comprises the policing rule that uses when professional node type and described business are performed for carrying out, and wherein said node type is used for the set of at least one node of expression network; Obtain the information of the node that node type comprises described in the described network; According to the information of described node, be identified for carrying out the network node of the policing rule in the described business game; Issue described policing rule to described network node.Owing to issuing of user configured business game is at the node type for the set of representing one or more nodes, but not at single concrete equipment, and after obtaining the user configured business game that issues, from one or more nodes that described node type comprises, be identified for the network node of specified services in the implementation strategy by the control node, thereby can simplify the layoutprocedure of business game, improve allocative efficiency.

Description of drawings

In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art, to do to introduce simply to the accompanying drawing of required use in embodiment or the description of the Prior Art below, apparently, accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.

Fig. 1 is the professional schematic diagram that the operation layer of the network equipment has;

The communication system schematic diagram that a kind of business game rule that Fig. 2 provides for the embodiment of the invention disposes;

The network organizing schematic diagram that a kind of business game that Fig. 3 provides for the embodiment of the invention disposes;

Fig. 4 provides the method flow schematic diagram of a kind of business game rule configuration for the embodiment of the invention;

The method flow schematic diagram that the another kind of business game rule that Fig. 5 provides for the embodiment of the invention disposes;

The method flow schematic diagram that another business game rule that Fig. 6 provides for the embodiment of the invention disposes;

The method flow schematic diagram that another business game rule that Fig. 7 provides for the embodiment of the invention disposes;

The 4th kind of method flow schematic diagram that the business game rule disposes that Fig. 8 provides for the embodiment of the invention;

The network organizing schematic diagram that the another kind of business game that Fig. 9 provides for the embodiment of the invention disposes;

The apparatus structure schematic diagram that a kind of business game rule that Figure 10 provides for the embodiment of the invention disposes;

The apparatus structure schematic diagram that the another kind of business game rule that Figure 11 provides for the embodiment of the invention disposes;

The apparatus structure schematic diagram that another business game rule that Figure 12 provides for the embodiment of the invention disposes;

A kind of apparatus structure schematic diagram of controlling node that Figure 13 provides for the embodiment of the invention;

A kind of communication system schematic diagram that Figure 14 provides for the embodiment of the invention.

Embodiment

Below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that obtains under the creative work prerequisite.

Term " system " and " network " often are used interchangeably in this article herein.Herein term " and/or ", only be a kind of incidence relation of describing affiliated partner, can there be three kinds of relations in expression, for example, A and/or B, can represent: individualism A exists A and B, these three kinds of situations of individualism B simultaneously.In addition, character "/" herein, generally represent forward-backward correlation to as if a kind of " or " relation.

Along with networks development, needed business is more and more on the equipment in the network system.Exemplary, as shown in Figure 1, some common business functions that network equipment operation layer possesses have been described, comprise IPS (Intrusion Prevention System intrusion prevention system) as safety service, DDOS (Distributed Denial of Service, distributed denial of service) and FW (Fire Wall, fire compartment wall) etc. professional, network optimization business comprises bandwidth control and uses QoS (Quality of Service, service quality) etc. professional, URLF (Uniform Resource Locator Filter, URL(uniform resource locator) is filtered) business, WOC (WAN Optimization Controller, wan optimization control) business comprises that data copy, business such as compression and buffer memory, and ADC (Application Delivery Controller, application delivery control) business comprises SLB (Server Load Balancing, service load balancing), business such as content modification and buffer memory.

Because increasing of the business that has on the network equipment and the network equipment, for fear of the configuration of carrying out distributed business and strategy at each equipment, perhaps organizing the network equipment with identical services or policing rule is logical groups, carry out the centralized configuration formula at logical groups, simplify the method for the business game of user's configure network devices, the method of the business game rule configuration that the embodiment of the invention provides, exemplary, as shown in Figure 2, the network system schematic diagram of describing that carries out the configuration of business game rule, this method is divided into dissimilar nodes with whole network of network equipment, and this network system comprises the control node, node type 1, the node of node type 2 and node type n.User configured business game is based on dissimilar nodes, need be at concrete equipment, and concrete configuration to which equipment is determined by the control node.After the control node obtains the business game of user at dissimilar node configurations, obtain the information of the node that node type comprises described in the network, wherein, the information of described node can comprise the sign of described node, and the business information of described node support, the routing iinformation that can also comprise whole network perhaps can also comprise the disposal ability information of described node.Described control node is identified for carrying out the network node of the policing rule in the described business game according to the information of described node then, issues described policing rule to described network node then.

Wherein, node type specifically can be the set that is in the one or more nodes in the consolidated network zone, for example belongs to the set of the node of same subnet.

Certainly node type can also be the set that belongs to one or more nodes of same device type, as is all the set of one or more nodes of router.

Perhaps node type can also be the set that is in the one or more nodes in the same physical location zone.Need to prove that the physical location of node is the physical location of described node in subnet, as the access device of subnet, outlet device, the equipment of directly communicating by letter with terminal equipment etc.

Need to prove, wherein, the exemplary node type 1 that illustrates among Fig. 2, node type 2 is different equipment with node type n, but in actual applications, because node type 1, the type attribute difference of node type 2 grades, for example, node type 1 is the node of dividing according to different sub-network under the node, the node that node type 2 is divided according to the device type of node, may have at least equipment component both to belong to node type 1 in the node that node type 1 and node type 2 comprise respectively like this, belong to node type 2, the embodiment of the invention is not done concrete restriction to this yet, determines according to actual conditions in the network system.

Certainly, this node type is not limited thereto, and can also be link layer, network layer and the transport layer attribute information of one deck type of dividing at least according to node.

Illustrate, this node types can be divided with network layer, specifically can be the IP addresses of nodes section, i.e. subnet under the node.If this node types is divided with link layer, specifically can be the hardware device port of node; If this node types is divided with transport layer, it specifically can be the host-host protocol of node transport layer, as TCP (Transmission Control Protocol, transmission control protocol) or UDP (User Datagram Protocol, User Datagram Protocol) agreement; And the attribute of the host-host protocol of transport layer also can be used for divide network node, and for example, the host-host protocol of transport layer is Transmission Control Protocol, and port numbers is 8080 node.

Certainly, also can be the attribute information division node types of link layer, network layer and each layer of transport layer in conjunction with node.For example, the IP address belongs to the subnet that address field is 1.1.0.0/16, and the host-host protocol of transport layer is the node type of Transmission Control Protocol.It will be understood by those skilled in the art that, above-mentioned explanation only is exemplary, and the information of any combination of attribute information of three layers of link layer, network layer and transport layers can be used for dividing the node of network, specifically decides according to actual conditions, and the embodiment of the invention is not done concrete restriction at this.

Based on the thought of foregoing description, this control node need can the sensing network system networking information, concrete, according to different node type division methods, the node that can the different node types of the whole network of perception comprises.

For instance, if node type is the subnet under the node, this control node can the included node of perception different sub-network.If node type is the device type of node, the node that this control node can the same device type of perception comprises.

Certainly, according to the needs of following examples, routing iinformation, the disposal ability information of node and the topology information of network etc. that this control node can also the whole network of perception.

Need to prove, for the control node node how the sensing node type comprises, and the information of node, the routing iinformation of whole network, the disposal ability information of node and the topology information of network etc., it will be understood by those skilled in the art that, as the control node, can ask each node in the network system to report the information of self, identification number as node, the disposal ability information of node, and the subnet information under the node, and the routing iinformation of each node, and then the control node can be according to the subnet information under the node, the routing iinformation of each node is known the topology information of routing iinformation and the network of whole network; Certainly also can know the node that the node type in the network system comprises by alternate manner as the control node, and the information of node, the routing iinformation of whole network and the topology information of network etc., the embodiment of the invention is not done concrete restriction to this.

Concrete, the embodiment of the invention provides the method for a kind of business game rule configuration, and is exemplary, is that example describes this method with network organizing schematic diagram shown in Figure 3, wherein Fig. 3 is exemplary, and the control node is shown is independent device, and network node is router.Be understandable that described control node can also be the network element device with business game rule configuration feature, its product form can be router, gateway device, network firewall equipment, or GGSN or PDSN etc.; Certain described control node can also be supported independent external, can dock with existing equipment, also can be built on the network element device of existing network, for example by plug-in card or software integration mode; Described network node can also be other the network equipment, as equipment such as switch, server, gateway, network firewalls.Wherein the executive agent of this method is the control node, and as shown in Figure 4, this method comprises:

401, described control node obtains user configured business game, and described business game comprises the policing rule that uses when professional node type and described business are performed for carrying out.

Wherein said node type is used for the set of at least one node of expression network.

Concrete, the control node obtains user configured business game and can comprise following mode:

A) after described business game is finished in user's configuration, can be by adopting the form of general file to import to described control node described business game.

B) user can pass through graphical user interface (Graphical User Interface is called for short GUI) interface, to the described business game of described control node input configuration.

C) user can pass through the mode of CLI (Command Line Interface, Command Line Interface), imports described business game to described control node.

Wherein, described user configured business game comprises: the node of pending described business in pending business, the network system, and the executive condition of carrying out described business.

Wherein, in the embodiment of the invention, described user configured business game comprises for node type and the policing rule of carrying out described business.Wherein, described policing rule can be understood as the executive condition of carrying out described business.

The described user configured business game of the embodiment of the invention only carries out the configuration of business game at dissimilar nodes, the control node is identified for carrying out the network node of the policing rule in the described business game according to user configured business game, give described network node with described strategy rule downloading, and after not needing the user to carry out the business game configuration at the equipment of each equipment or classification, carry out issuing of policing rule.

Exemplary, for network organizing shown in Figure 3, if described node type is the subnet under the described node, user configured business game (1) is specific as follows:

Node type: network B (1.1.0.0/16);

Rule 1:if ((IP.src==1.2.0.*) || (IP.dest==3.2.0.*)) { do IPS};

Rule 2:if (IP.dest==3.2.0.*) { do IPS}.

Above-mentioned business game shows that user configured business game is at the network equipment in the network B shown in Figure 3, it is the node of subnet 1.1.0.0/16 under node type is, policing rule is: be the data flow of 3.2.0.* for the data flow or the purpose IP that are 1.2.0.* through the source IP of network B, the node of network B is carried out the IPS business.

Certainly, the user according to actual conditions, also can specify the network node of described business when the configuration service strategy, namely specifies this professional equipment of execution.

Need to prove, after the control node obtains user configured business game, can also manage described policing rule, for example the policing rule that repeats in the described user configured business game is merged.

For example, in the policing rule of above-mentioned rule 2 and rule 1: { do IPS} is repetition to if (IP.dest==3.2.0.*), and like this, described control node can merge rule 1 and rule 2, and the policing rule after the merging be regular 1.Can reduce the policing rule amount that the control node issues like this.

Further, after described control node obtains user configured business game, can also obtain the routing iinformation of whole network.Like this, described control node can be in no particular order order according to the node type that comprises in the described business game, determine the node that described node type comprises; According to the routing iinformation of described whole network, determine second traffic flow information set that first traffic flow information set of the node that comprises through described node type, every policing rule determining to comprise in the described business game comprise.Afterwards, described control node compares described second traffic flow information set that the described first traffic flow information combination and every policing rule comprise, if second traffic flow information that described a certain policing rule comprises set is not included in described first traffic flow information, perhaps also can be that partial data stream information in the set of described second traffic flow information is not included in described first traffic flow information, then described control node can be with the described second traffic flow information corresponding strategy redundant rule elimination that is not included in described first traffic flow information, perhaps with the partial data stream information corresponding strategy redundant rule elimination in second traffic flow information that is not included in this policing rule in the set of described first traffic flow information, thereby also can reduce the amount of issuing of policing rule.

For example, rule 1:if ((IP.src==1.2.0.*) || (IP.dest==3.2.0.*)) { the source IP that second set of data flows of do IPS} comprises is that data flow or the purpose IP of 1.2.0.* is the data flow of 3.2.0.*, if, the data flow that comprises in first set of data flows of the node processing that comprises in the network B is that 2.2.0.* or purpose IP are 5.2.0.* for source IP, this shows that rule 1 is invalid for network B, can not active IP in the network B be 1.2.0.* data flow through or purpose IP be that the data flow of 3.2.0.* is passed through.At this moment, described control node can be with rule 1 deletion.

Again for example, if the data flow that comprises in first set of data flows of the node processing that comprises in the network B is that data flow or the purpose IP of 1.2.0.* is the data flow of 5.2.0.* for source IP, like this, purpose IP in the rule 1 is that the data flow of 3.2.0.* is invalid for network B, so described control node can split rule 1, deletion purpose IP is the policing rule of the data flow of 3.2.0.*, and then rule 1 becomes: if (IP.src==1.2.0.*) { do IPS}.

Like this, after the control node merges, deletes policing rule, can reduce the policing rule amount that the control node issues, and then reduce the policing rule amount that network node need be handled, namely for example in above-described embodiment, network node does not need to mate whether every purpose IP through the data flow of network B is 3.2.0.*, thereby can improve the execution efficient of network node policing rule.

402, described control node obtains the information of the node that node type comprises described in the described network.

Wherein, the node type that described control node can the whole network node of perception, the node type of the whole network system of concrete described control node perceived, different according to different node types.

For example, if described node type is the subnet under the node, then controlling node can be according to the networking information of the described network that has disposed, perhaps asks node in the network to report the information of the subnet under self, determines the node that node type that described business game relates to comprises.For example, if described node type is the device type of node, then controlling node can be according to the device type information of node in the networking information of the network that has disposed, perhaps ask node in the network to report self device type information, know the node that node type that described business game relates to comprises.Certainly, the embodiment of the invention is not limited to above-mentioned example for the description of the node type of described control node perceived node, can also adopt other method that well known to a person skilled in the art, the embodiment of the invention is not done concrete restriction to this.

Like this, the node type that is used for carrying out business that described control node comprises according to the user configured business game that obtains, and the node type of each node in the whole network, the node that the node type that at first definite user configured business game relates to comprises.

Then, described control node obtains the information of the node that described node type comprises.Concrete, the information of described node comprises the identification number of described node, and the business information that described node is supported can also comprise the routing iinformation of whole network, perhaps can also comprise the disposal ability information of described node.

Wherein, the information of the described node of described control node perceived can report the information of the node of self by asking node in the whole network, certainly, and the information of the node in the whole network of configuration that can also be artificial.

Certainly, it will be understood by those skilled in the art that, described control node also can directly obtain the information of the node in the whole network, the node that comprises according to the described node type of determining then, determine the information of the node that described node type comprises, so the embodiment of the invention is not done concrete restriction to this.

403, described control node is identified for carrying out the network node of the policing rule in the described business game according to the information of described node.

Described control node can be identified for carrying out the network node of the policing rule in this business game according to the information of described node after the information of having determined the node that type of service that described business game relates to comprises.

404, described control node issues described policing rule to described network node.

Concrete, this control node can issue by network management system.

Concrete, the control node indicates described network node to start described business, sends described policing rule to described network node simultaneously.

The method of a kind of business game rule configuration that the embodiment of the invention provides, this method comprises: obtain user configured business game, described business game comprises the policing rule that uses when professional node type and described business are performed for carrying out, and wherein said node type is used for the set of at least one node of expression network; Obtain the information of the node that node type comprises described in the described network; According to the information of described node, be identified for carrying out the network node of the policing rule in the described business game; Issue described policing rule to described network node.Owing to issuing of user configured business game is at the node type for the set that identifies one or more nodes, but not at single concrete equipment, and after obtaining the user configured business game that issues, from one or more nodes that described node type comprises, be identified for the network node of specified services in the implementation strategy rule by described control node, thereby simplified the process of user's configuration service strategy, improved allocative efficiency.

Based on above-described embodiment, concrete, as shown in Figure 5, the embodiment of the invention provides a kind of method of business game configuration, and the executive agent of this method is the control node, and this method comprises:

501, described control node obtains user configured business game, and described business game comprises the policing rule that uses when professional node type and described business are performed for carrying out.

502, described control node obtains the information of the node that node type comprises described in the described network, and the information of described node comprises the business information of described node support and the sign of described node.

Wherein, all node types in the described network of described control node perceived are determined the node that described node type comprises.

Certainly, described control node also needs the business information that all nodes are supported in the described network of perception.

503, described control node will support that according to the business information of described node support and the identification number of described node the node of described business is defined as network node.

The node that comprises to described node type in described control node perceived, and after the business information supported of the node that comprises, will support that the node of the described business that described business game relates to is defined as network node.

504, described control node issues described policing rule to described network node.

For example, for above-mentioned exemplary user configured business game (1), as shown in Figure 3, if described control node perceived node type is that the node that 1.1.0.0/16 comprises is respectively: B1, B2, B3, B4, B5.And B1, B2, B3 support the IPS business, and B4, B5 do not support the IPS business.

Like this, support that the node of the network B of IPS business is B1, B2, B3, in this enforcement, this control node is defined as network node with B1, B2, B3 so.

Then, described control node is to network node B1, B2, B3 distributing policy rule 1 and policing rule 2.

The method of a kind of business game rule configuration that the embodiment of the invention provides, this method comprises: obtain user configured business game, described business game comprises the policing rule that uses when professional node type and described business are performed for carrying out, and wherein said node type is used for the set of at least one node of expression network; Obtain the information of the node that node type comprises described in the described network, the information of wherein said node comprises the business information that described node is supported; According to the business information of described node support and the identification number of described node, be identified for carrying out the network node of the policing rule in the described business game; Issue described policing rule to described network node.Owing to issuing of user configured business game is at the node type for the set that identifies one or more nodes, but not at single concrete equipment, and after obtaining the user configured business game that issues, the business information that the one or more nodes that comprised according to described node type by described control node are supported, be identified for the network node of specified services in the implementation strategy rule, thereby simplified the process of user's configuration service strategy, improved allocative efficiency.

Based on above-described embodiment, in order to improve the handling property of whole network, avoid same policing rule to be configured to a plurality of network nodes, when the data flow of carrying out described policing rule at needs is flowed through a plurality of network node, these a plurality of network nodes are all carried out described policing rule to same data flow successively, namely in order to avoid same data flow repeatedly to be hit by same policing rule, the embodiment of the invention also provides a kind of method of business game configuration, the executive agent of this method is the control node, as shown in Figure 6, this method comprises:

601, described control node obtains user configured business game, and described business game comprises the policing rule that uses when professional node type and described business are performed for carrying out.

602, described control node obtains the information of the node that node type comprises described in the network, and the information of described node comprises business information, the sign of described node and the routing iinformation of whole network that described node is supported.

Wherein, the routing iinformation of described whole network specifically can be the routing table of storing in the node in the network system.

Wherein, in the present embodiment, the routing iinformation that described control node can also sensing node, concrete, described control node can ask this node to report self routing iinformation, perhaps obtains the routing iinformation of user configured node.

603, described control node determines to support the candidate network set of node of described business according to the business information of described node support and the identification number of described node.

604, the traffic flow information that comprises according to described policing rule of described control node and the routing iinformation of described whole network determine that source address in every traffic flow information that described policing rule comprises is to the candidate network node subclass of destination address via the node in the described candidate network set of node.

Concrete, the business information that the node that the node type that the control node at first relates to according to user configured business game comprises is supported, definite candidate network set of node of supporting described business.Control traffic flow information that node can comprise according to described policing rule and the routing iinformation of described whole network then, determine that source address in every traffic flow information that described policing rule comprises is to the candidate network node subclass of destination address via the node in the described candidate network set of node.

605, described control node is chosen a node as described network node for the described policing rule of execution from described candidate network node subclass.

Concrete, described control node can be chosen first node as the network node of this policing rule from described candidate network node subclass; Can certainly be with last node of described candidate network node subclass network node as this policing rule.Certainly, it will be understood by those skilled in the art that, the control node can also be chosen the network node as this policing rule wantonly from described candidate network node subclass, being intended to reduce same data flow and being hit the number of times of execution by this same policing rule, can not do concrete restriction as for from described candidate network node subclass, how choosing the network node embodiment of the invention to this.

Need to prove, although described control node has been chosen a node as described network node for the described policing rule of execution from described candidate network node subclass, but in actual applications, this same data flow can not be guaranteed only through a network node of carrying out this policing rule, the network node of a plurality of these policing rules of execution may be also can passed through.Be compared to, only consider the scheme of the business information that node is supported when determining network node, be about to support that the node of described business is defined as the scheme of network node, present embodiment has still reduced the number of times that this data flow is hit execution to a certain extent.

Certainly, if make the data flow that comprises in the same policing rule only be hit once by this same policing rule, described control node selects a node must satisfy as the network node of this policing rule from described candidate network node subclass: every the data flow that relates in the described policing rule is via a network node.Could guarantee that like this this same policing rule of data flow quilt that comprises in the same policing rule hits once, and then could effectively guarantee the network processes performance.

For example, for above-mentioned exemplary user configured business game (1), as shown in Figure 3, if the node that network B comprises: B1, B2, B3, B4, B5 support the IPS business, and the source IP of rule in 1 is that the candidate network node subclass 1 of data flow 1 of 1.2.0.* is for { B1, B3, B5}, the purpose IP in the rule 1 are that the candidate network node subclass 2 of the data flow 2 of 3.2.0.* is { B2, B3, B5}.At this moment, be the network node of data flow 1 if from candidate network node subclass 1, select Node B 1, selecting Node B 1 from candidate network node subclass 2 is the network node of data flow 2, can guarantee that like this two data flow only are hit once through network B the time.But if selection Node B 1 is the network node of data flow 1 from candidate network node subclass 1, selecting Node B 3 from candidate network node subclass 2 is the network node of data flow 2, and data flow 1 can be hit by network node B1 and B3 respectively through network B the time like this.But during the business information of supporting compared to the node of only considering when determining network node in the network B, B1, B2, B3, B4, B5 are defined as the scheme of network node, the embodiment of the invention can reduce the number of times that same data flow is hit by same policing rule.

606, described control node issues described policing rule to described network node.

Need to prove, if described control node has selected a node as the network node of this policing rule from described candidate network node subclass, but can't make every data flow only via a network node time, for the data flow that guarantees to comprise in the same policing rule is hit once by this same policing rule, this control node can also reconfigure the routing iinformation of the node in the network as required so that every data flow only via a network node.

Concrete, the control node can reconfigure the routing iinformation of network node according to the actual conditions needs, so that the data flow that comprises in the same policing rule is hit once by this same policing rule; Certainly, the control node also can reconfigure other node in the network according to actual conditions, with change data flow via network node, thereby make the data flow that comprises in the same policing rule be hit once by this same policing rule.Certainly need to prove, according to the actual conditions of network, after reconfiguring the routing iinformation of node, may also need to redefine network node, and issue described policing rule again to the network node that redefines.

Like this if after the routing iinformation of node was reconfigured, this control node also needed to issue the routing iinformation that reconfigures to corresponding node.

The method that a kind of business game that provides based on above-described embodiment disposes, this method comprises: obtain user configured business game, described business game comprises the policing rule that uses when professional node type and described business are performed for carrying out, and wherein said node type is used for the set of at least one node of expression network; Obtain the information of the node that node type comprises described in the network, the information of described node comprises business information, the identification number of described node and the routing iinformation of whole network that described node is supported; According to the business information of described node support and the identification number of described node, determine to support the candidate network set of node of described business; From described candidate network node subclass, choose a node as described network node for the described policing rule of execution; Issue described policing rule to described network node.Owing to issuing of user configured business game is at the node type for the set of representing one or more nodes, but not at single concrete equipment, and after obtaining the user configured business game that issues, from one or more nodes that described node type comprises, be identified for the network node of specified services in the implementation strategy by the control node, thereby can simplify the layoutprocedure of business game, improve allocative efficiency.

And then, in being identified for implementation strategy during the network node of specified services, also considered the routing iinformation of whole network, this makes the control node only only select a node as the network node of this policing rule from described candidate network node subclass, every data flow is when carrying out this policing rule like this, because described network node is a node of selecting from described candidate network node subclass, this candidate network node subclass be in every traffic flow information source address to destination address via node, so both guaranteed to have at least a network node to carry out described policing rule, and when making described data flow via network node, can reduce the number of times that is hit as much as possible, and then improve the handling property of network.

Based on above-described embodiment, for the network equipment load balancing that can make in the whole network, avoid occurring setting up the handling property that is equipped with the traffic handing capacity bottleneck and influences whole network, the embodiment of the invention also provides the method for a kind of business game rule configuration, the executive agent of this method is the control node, as shown in Figure 7, this method comprises:

701, described control node obtains user configured business game, and described business game comprises the policing rule that uses when professional node type and described business are performed for carrying out.

702, described control node obtains the information of the node that node type comprises described in the network, and the information of described node comprises business information, the sign of described node and the disposal ability information of described node that described node is supported.

Concrete disposal ability information can be information such as the bandwidth, hardware configuration, rated throughput of this node.

703, described control node determines to support the candidate network set of node of described business according to the business information of described node support and the identification number of described node.

704, the information of the data flow that comprises according to disposal ability information and the described policing rule of the node that comprises in the described candidate network set of node, from described candidate network set of node, select to be used for carrying out the network node of described policing rule, wherein selecteed described network node equally loaded need be carried out the data flow of described business, and the information of the data flow that wherein said policing rule comprises is represented described data flow.

Wherein, the data flow that comprises for the described policing rule of equally loaded specifically can be to give described network node according to the disposal ability information of described network node with described data flow mean allocation.

Further, the data flow that comprises for the described policing rule of described equally loaded specifically can be the flow size according to described data flow, according to the disposal ability information of described network node with the described network node of distributing to of flow equalization.

Certainly, according to the flow size of described data flow, with the described network node of distributing to of flow equalization, be not limited to average distribution.Specifically can distribute according to the bar number of data flow.As, this policing rule comprises 4 data flow, and the disposal ability of four nodes of this candidate network collection existence is identical, the node to each candidate network collection distributes a data flow like this.Again for example, if wherein the flow of a data flow that comes from network B is bigger, can also give different network nodes with the distribution of flows of different sub-network in the network B.Concrete, the embodiment of the invention is not done concrete restriction to this.

Need to prove, if network node that need distributing to of the same data flow of described policing rule is different is carried out, need reconfigure the routing iinformation of network node this moment, like this can so that the data flow of same policing rule via different network nodes, thereby can be so that network can equally loaded.Like this described after described network node issues the step of described policing rule, the control node also needs to reconfigure the routing iinformation of corresponding node.

705, described control node issues described policing rule to described network node.

Need to prove, the control node can also comprehensive described candidate network the data flow that comprises of routing iinformation, disposal ability information and the policing rule of the concentrated node that comprises, determine the network node of this policing rule, the number of times that same data flow is hit by same policing rule not only can be reduced like this, the load balancing of whole network can also be made.

Concrete, in the business information of supporting according to described node and the sign of described node, after determining to support the candidate network set of node of described business, described control node also is used for: the traffic flow information that comprises according to described policing rule and the routing iinformation of described whole network, determine that source address in every traffic flow information that described policing rule comprises is to the candidate network node subclass of destination address via the node in the described candidate network set of node;

Optionally, the load information of all right monitor network of this control node, CPU usage as network node, if in a single day the control node knows that the load of certain network node is too big, influence the handling property of network, the control node can be determined network node for the data flow of the too big network node load of this load and maybe the partial data stream of this network node load be distributed to other network node that candidate network is concentrated again according to the load information of the concentrated non-network node of candidate network or the information of non-network node.The control node can dynamically reconfigure user configured business game like this.Concrete, how the control node reconfigures this policing rule, and the embodiment of the invention is not done concrete restriction to this.

As seen, the method that a kind of business game rule that provides based on above-described embodiment disposes, this method comprises: obtain user configured business game, described business game comprises the policing rule that uses when professional node type and described business are performed for carrying out, and wherein said node type is used for the set of at least one node of expression network; Obtain the information of the node that node type comprises described in the described network, the information of described node comprises: business information, the identification number of described node, the routing iinformation of whole network and the disposal ability information of described node that described node is supported; According to the business information of described node support and the identification number of described node, determine to support the candidate network set of node of described business; The information of the data flow that comprises according to disposal ability information and the described policing rule of the node that comprises in the described candidate network set of node, from described candidate network set of node, select the network node of described policing rule, wherein selecteed described network node equally loaded need be carried out the data flow of described business, and the information of the data flow that wherein said policing rule comprises is represented described data flow; Issue described policing rule to described network node.Owing to issuing of user configured business game is at the node type for the set of representing one or more nodes, but not at single concrete equipment, and after obtaining the user configured business game that issues, from one or more nodes that described node type comprises, be identified for the network node of specified services in the implementation strategy by the control node, thereby can simplify the layoutprocedure of business game, improve allocative efficiency.

And then, in being identified for implementation strategy during the network node of specified services, also considered the routing iinformation of whole network, this makes the control node only only select a node as the network node of this policing rule from described candidate network node subclass, every data flow is when carrying out this policing rule like this, reduce the number of times that is hit as far as possible, and then improved the handling property of network.And if also when considering the disposal ability information of described node, can guarantee the load balancing of whole network.

Based on above-described embodiment, in order to make the variation of the business of the configuration distributing node in can adaptive network, the embodiment of the invention also provides the method for a kind of business game rule configuration, and the executive agent of this method is the control node, as shown in Figure 8, this method comprises:

801, described control node obtains user configured business game, and described business game comprises the policing rule that uses when professional node type and described business are performed for carrying out.

802, described control node obtains the information of the node that node type comprises described in the network.

803, described control node is identified for carrying out the network node of the policing rule in the described business game according to the information of described node.

804, described control node issues described policing rule to described network node.

805, after described control node knows that the information of the quantity of the node that described node type comprises and described node changes, the information of the node that comprises according to the described node type after described the changing redefines the network node for the policing rule of carrying out described business game.

Concrete, the data volume of described node and information change and comprise and increased new node in the network, or part of nodes disconnects; Perhaps IP addresses of nodes changes etc.

Need to prove, after redefining the network node of described policing rule, if reduce the load of network node in number of times that data flow hit by same policing rule or the equalizing network, the control node may reconfigure the routing iinformation of node according to actual needs.This control node also needs to issue the routing iinformation that reconfigures to the node that reconfigures routing iinformation like this, accordingly.

Certainly, whether will reconfigure routing iinformation, it is fixed to come according to the situation of real network, and the concrete embodiment of the invention is not done concrete restriction.

806, described control node issues described policing rule to the described network node that redefines.

The method that a kind of business game rule that provides based on above-described embodiment disposes, because in this method, issuing of user configured business game is node type at the set that is used for the one or more nodes of expression, but not at single concrete equipment, and after obtaining the user configured business game that issues, from one or more nodes that described node type comprises, be identified for the network node of specified services in the implementation strategy by the control node, thereby can simplify the layoutprocedure of business game, improve allocative efficiency.And then, after the policing rule configuration is finished, because described control node can know in real time whether the quantity of the node that described node type comprises and information change, if the quantity of the node that described node type comprises and the information of node change, the information of the node that described control node can comprise according to the described node type after described the changing, redefine the network node of described business, the control node can dynamically reconfigure user configured business game like this, does not need the user to reconfigure business game.

Below be example by network organizing schematic diagram shown in Figure 3, specify the method for the business game rule configuration that the embodiment of the invention provides, specific as follows:

The user configured business game that this control node obtains is as follows:

Node type: network B (1.1.0.0/16);

Rule 1:if ((IP.src==1.2.0.0/16) ﹠amp; ﹠amp; (IP.dest==3.2.0.0/16)) { do IPS};

Rule 2:if (IP.dest==3.2.0.0/16) || (IP.dest==4.2.0.0/16) { doIPS};

Rule 3:if (IP.dest==5.2.0.0/16) { do IPS}.

Above-mentioned business game, show that user configured business game is at the network equipment in the network B shown in Figure 3, the node of subnet 1.1.0.0/16 namely, policing rule is: be that 1.2.0.0/16 and purpose network are the data flow of 3.2.0.0 for source network, and the purpose network is the data flow of 3.2.0.0 or 4.2.0.0, and the node of network B is carried out the IPS business.

Described control node analysis obtains not have in the above-mentioned user configured business game policing rule of repetition, control node then and obtain the traffic flow information that described network B is carried out, wherein, the data flow that network B flows into, namely the source IP of the data flow of Liu Ruing can only be 1.2.0.0/16, the data flow that flows out can only enter network C and D, the purpose IP that namely flows out the data flow of network B is 3.2.0./16 and 4.2.0.0/16, rule 3 is invalid rules like this, the control knot removal falls rule 3 like this, determines that the pre-policing rule of carrying out of described node type is:

Rule 2:if (IP.dest==3.2.0.0/16) || (IP.dest==4.2.0.0/16) { do IPS}

Thereby behind node, reduce the matched rule quantity of network node at strategy rule downloading, can improve the matching efficiency of node.

Then, described control node knows that the node that comprises in the network B is respectively router B1, B2, B3, B4 and B5, and B1-B5 can both support the IPS business.

Further, described control node is also known the routing iinformation of each node respectively, and is specifically as shown in table 1, and wherein the routing iinformation of the node of each shown in the table 1 only is exemplary description.

Table 1

In order to guarantee that in network same Business Stream only is hit once by same policing rule, according to the routing iinformation of the node that comprises in the network B, for data flow (IP.src==1.2.0.0/16) ﹠amp; ﹠amp; (IP.dest==3.2.0.0/16), according to the shortest preferential route obtain this data flow via node be: A1 → B1 → B4 → C1; With network A 2 → B2 → B3 → B5 → C1, or A2 → B2 → B3 → B4 → C1.

Like this can be for the data flow that comes from A1, can be with arbitrary node among B1 and the B4 as the network node of this policing rule.Can be with arbitrary node among B2, B3, B4 and the B5 as the network node of this policing rule for the data flow that comes from A2.

Need to prove may approach B4 or B5 owing to come from the data flow of A2, if with arbitrary node among B4 or the B5 as the network node of this policing rule, control the routing iinformation that node also needs to issue to this network node this data flow so.

Further, for the data flow that comes from A1, if B4 is defined as network node, also can only select B4 as network node for the data flow that comes from A2 so.

Certainly, if come under the little situation of the data traffic of network A, can also only select arbitrary node in the network B wherein as network node.For example, select B1 as network node, control the routing iinformation that node need be controlled B2 like this, next jumping of B2 is set to B1.After issuing this policing rule to B2, also need to issue new routing iinformation to B1 like this.

Certainly, if come under the bigger situation of the data traffic of network A, in order to reduce the load of a certain node, the control node can be chosen in the network B a plurality of nodes as the network node of a plurality of data flow.

For example, if for the data flow that comes from A1 and A2, after determining that all B4 is as network node, the control node perceived is excessive to the load of B4, in order to alleviate the load of B4, can can from B2, B3, B5, choose arbitrary node as the network node of this policing rule simultaneously with B1 as network node.

Further, network organizing schematic diagram as shown in Figure 9, the Node B 3 that shows in the network B in the network organizing schematic diagram shown in Figure 3 has broken down.After the control node perceived arrives this fault, can change the routing iinformation of B2 timely, make the next-hop node of B2 become B1 or B5, and according to the routing iinformation after the B2 change, redefine the network node of this policing rule, to the network node distributing policy rule that redefines, and do not need manually to be configured again again.

As seen, the method of the business game rule configuration that the embodiment of the invention provides, owing to issuing of user configured business game is at the node type for the set that identifies one or more nodes, but not at single concrete equipment, and after obtaining the user configured business game that issues, the business information that the one or more nodes that comprised according to described node type by described control node are supported, be identified for the network node of specified services in the implementation strategy rule, thereby simplified the process of user's configuration service strategy, improved allocative efficiency.And the control node is after getting access to user configured business game, the policing rule that described business game comprises is analyzed, to repeat and invalid policing rule merges respectively and deletes, like this at strategy rule downloading behind node, can reduce the matched rule quantity of network node, improve the matching efficiency of node; And when described control node is determined described network node, except the business information of having considered described node support, also considered the disposal ability information of routing iinformation and/or the described node of whole network.This makes configured strategy rule in the network system, if when the control node is only considered the routing iinformation of business information that described node is supported and described whole network, it is too many by the number of times that same policing rule hits to reduce same data flow; And if the control node has also been considered the disposal ability information of described node, can also guarantee the load balancing of whole network like this.

And then, after the node in the network being finished the policing rule configuration, if the quantity of the node that described node type comprises and the information of node change, the information of the node that described control node can comprise according to the described node type after described the changing, redefine the network node of described business, the control node can dynamically reconfigure user configured business game like this, does not need the user to reconfigure business game.

The method that a kind of business game rule that provides based on above-described embodiment disposes, the embodiment of the invention also provides a kind of device of implementing this method, and is concrete, as shown in figure 10, the device of a kind of business game rule configuration comprises: acquiring unit 81, determining unit 82 and issue unit 83.

Wherein, described acquiring unit 81, be used for obtaining user configured business game, described business game comprises the policing rule that uses when professional node type and described business are performed for carrying out, and wherein said node type is used for the set of at least one node of expression network.

Described acquiring unit 81 is also for the information of obtaining the node that node type comprises described in the described network.

Described determining unit 82 is used for the information according to described node, is identified for carrying out the network node of the policing rule in the described business game.

The described unit 83 that issues is used for issuing described policing rule to described network node.

Optionally, the information of described node comprises the business information of described node support and the identification number of described node.

Described determining unit 82 specifically is used for:

Optionally, the information of described node comprises business information, the identification number of described node and the routing iinformation of whole network that described node is supported;

Described determining unit 82 specifically is used for:

Optionally, the information of described node comprises: business information, the identification number of described node and the disposal ability information of described node that described node is supported;

Described determining unit 82 specifically is used for:

Optionally, the information of described node comprises: the information of described node comprises: business information, the sign of described node, the routing iinformation of whole network and the disposal ability information of described node that described node is supported;

Described determining unit 82 specifically is used for:

Optionally, as shown in figure 11, this device can also comprise: know unit 84;

Describedly know unit 84, be used for knowing whether the quantity of the node that described node type comprises and the information of described node change;

Described determining unit 82, also be used for described know that the unit knows that the quantity of the node that described node type comprises and information change after, the information of the node that comprises according to the described node type after described the changing redefines the network node for the policing rule of carrying out described business game;

The described unit 83 that issues also is used for issuing described policing rule to the described network node that redefines.

Optionally, as shown in figure 12, described device can also comprise: merge cells 85;

Described merge cells 85, the policing rule that is used for described user configured business game is repeated merges.

Wherein, the described unit 83 that issues specifically is used for: indicate described node to start described business; Send described policing rule to described network node.

Optionally, the described business game that obtains of described acquiring unit 81 comprises is used for carrying out professional node types and comprises following at least one: be in the one or more nodes in the consolidated network zone set, belong to one or more nodes of same device type set, be in the set of the one or more nodes in the same physical location zone.

Optionally, the described business game that obtains of described acquiring unit 81 comprises is used for carrying out professional node type for according to link layer, network layer and the transport layer of the described node attribute information of one deck type of dividing at least.

Need to prove, in actual applications, in the embodiment of the invention, should be understood that under a kind of implementation, the device of described business game rule configuration can be independent device; Under another kind of implementation, the device of described business game rule configuration also can be the network element device with business game rule configuration feature, and its product form can be router, gateway device, network firewall equipment, or GGSN or PDSN etc.; Should be understood that the device support of business game rule configuration is independent external, business game rule inking device can dock with existing equipment, also can be built on the network element device of existing network, for example by plug-in card or software integration mode.

As seen, the device of a kind of business game rule configuration that the embodiment of the invention provides, because issuing of the user configured business game that obtains of described acquiring unit is node type at the set that is used for the one or more nodes of sign, but not at single concrete equipment, and after obtaining the user configured business game that issues, the business information that the one or more nodes that comprised according to described node type by described control node are supported, be identified for the network node of specified services in the implementation strategy rule, thereby simplified the process of user's configuration service strategy, improved allocative efficiency.And the control node is after getting access to user configured business game, the policing rule that described business game comprises is analyzed, to repeat and invalid policing rule merges respectively and deletes, like this at strategy rule downloading behind node, can reduce the matched rule quantity of network node, improve the matching efficiency of node; And when described control node is determined described network node, except the business information of having considered described node support, also considered the routing iinformation of whole network, or not only considered the disposal ability information of routing iinformation and the described node of whole network, this makes configured strategy rule in the network system, not only when the control node was only considered the routing iinformation of business information that described node is supported and described whole network, it was too many by the number of times that same policing rule hits to reduce same data flow; And if the control node has also been considered the disposal ability information of described node, can also guarantee the load balancing of whole network like this.

Figure 13 has described the structure of a kind of computer node 1300 that the embodiment of the invention provides, this device 1300 comprises: at least one processor 1301, CPU for example, at least one network interface 1304 or other user interfaces 1303, memory 1305, at least one communication bus 1302.Communication bus 1302 is used for the connection communication between these assemblies of realization.This HOST1300 optionally comprises user interface 1303, comprises display, keyboard or pointing device (for example, mouse, trace ball (trackball), touch-sensitive plate or touch sensitive display screen).Memory 1305 may comprise the high-speed RAM memory, also may also comprise non-unsettled memory (non-volatile memory), for example at least one magnetic disc store.Memory 1305 optionally can comprise at least one and be positioned at storage device away from aforementioned processing device 1301.

In some embodiments, memory 1305 has been stored following element, executable module or data structure, perhaps their subclass, perhaps their superset:

Operating system 13051 comprises various system programs, is used for realizing various basic businesses and handling hardware based task;

Application program 13052 comprises various application programs, is used for realizing miscellaneous service.

Include but not limited to acquiring unit 81, determining unit 82 in the application program 13052 and issue unit 83.

The specific implementation of each unit is not given unnecessary details at this referring to the corresponding units in Figure 10 or 11 or 12 illustrated embodiments in the application program 13052.

Particularly, processor 1301 is used for: obtain user configured business game, described business game comprises the policing rule that uses when professional node type and described business are performed for carrying out, and wherein said node type is used for the set of at least one node of expression network; Obtain the information of the node that node type comprises described in the described network; According to the information of described node, be identified for carrying out the network node of the policing rule in the described business game; Issue described policing rule to described network node.

Optionally, the information of described node comprises the business information of described node support and the identification number of described node, described processor 1301 also is used for: according to the business information of described node support and the identification number of described node, will support that the node of described business is defined as network node.

Optionally, the information of described node comprises business information, the identification number of described node and the routing iinformation of whole network that described node is supported; Described processor 1301 is used for:

Optionally, the information of described node comprises: business information, the identification number of described node and the disposal ability information of described node that described node is supported; Described processor 1301 is used for:

Optionally, the information of described node comprises: the information of described node comprises: business information, the sign of described node, the routing iinformation of whole network and the disposal ability information of described node that described node is supported; Described processor 1301 is used for:

Further, described processor 1301 also is used for: know whether the quantity of the node that described node type comprises and the information of described node change;

Described know that the unit knows that the quantity of the node that described node type comprises and information change after, the information of the node that comprises according to the described node type after described the changing redefines the network node for the policing rule of carrying out described business game;

Issue described policing rule to the described network node that redefines.

Further, described processor 1301 also is used for: the policing rule that described user configured business game is repeated merges.

Wherein, described processor 1301 issues described policing rule to described network node and specifically comprises: indicate described node to start described business; Send described policing rule to described network node.

Optionally, the described business game that obtains of described processor 1301 comprises is used for carrying out professional node types and comprises following at least one: be in the one or more nodes in the consolidated network zone set, belong to one or more nodes of same device type set, be in the set of the one or more nodes in the same physical location zone.

Optionally, the described business game that obtains of described processor 1301 comprises is used for carrying out professional node type for according to link layer, network layer and the transport layer of the described node attribute information of one deck type of dividing at least.

As seen, the computer node that the embodiment of the invention provides, because issuing of the user configured business game that obtains of described processor is node type at the set that is used for the one or more nodes of sign, but not at single concrete equipment, and after obtaining the user configured business game that issues, the business information that the one or more nodes that comprised according to described node type by described computer node are supported, be identified for the network node of specified services in the implementation strategy rule, thereby simplified the process of user's configuration service strategy, improved allocative efficiency.And this computer node is after getting access to user configured business game, the policing rule that described business game comprises is analyzed, to repeat and invalid policing rule merges respectively and deletes, like this at strategy rule downloading behind node, can reduce the matched rule quantity of network node, improve the matching efficiency of node; And when described computer node is determined described network node, except the business information of having considered described node support, also considered the disposal ability information of routing iinformation and/or the described node of whole network.This makes configured strategy rule in the network system, if when described computer node is only considered the routing iinformation of business information that described node is supported and described whole network, it is too many by the number of times that same policing rule hits to reduce same data flow; And if described computer node has also been considered the disposal ability information of described node, can also guarantee the load balancing of whole network like this.

The embodiment of the invention also provides a kind of communication system, as shown in figure 14, this system comprises control node 31 and one or more network node 32, wherein said one or more network node 32 is included in one or more node types, should be understood that, the control node 31 here and network node 32 all can be computer nodes, and the control node 31 here can be understood as the network node of the method for the business game rule configuration of supporting the embodiment of the invention, wherein:

Described control node 31 is used for: obtain user configured business game, described business game comprises the policing rule that uses when professional node type and described business are performed for carrying out, and wherein said node type is used for the set of at least one node of expression network;

Issue described policing rule to described network node;

Described network node 32 is used for: when described control node 31 is defined as the present networks node to carry out the network node of policing rule of the described business game of described reception, receives the described policing rule that control node 31 issues, and carry out described policing rule.

Optionally, described control node 31 specifically is used for: obtain user configured business game, described business game comprises the policing rule that uses when professional node type and described business are performed for carrying out, and wherein said node type is used for the set of at least one node of expression network;

Issue described policing rule to described definite network node.

Optionally, described control node 31 specifically is used for:

Network node to described selection issues described policing rule.

Optionally, described control node 31 specifically is used for:

The information of the data flow that comprises according to disposal ability information and the described policing rule of the node that comprises in the described candidate network set of node, from described candidate network set of node, select to be used for carrying out the network node of described policing rule, wherein selecteed described network node equally loaded need be carried out the data flow of described business, and the information of the data flow that wherein said policing rule comprises is represented described data flow;

Network node to described selection issues described policing rule.

Optionally, described control node 31 specifically is used for:

Network node to described selection issues described policing rule.

As seen, a kind of communication system that the embodiment of the invention provides, because issuing of the user configured business game that obtains of described control node is node type at the set that is used for the one or more nodes of sign, but not at single concrete equipment, and after obtaining the user configured business game that issues, the business information that the one or more nodes that comprised according to described node type by described control node are supported, be identified for the network node of specified services in the implementation strategy rule, thereby simplified the process of user's configuration service strategy, improved allocative efficiency.And when described control node is determined described network node, except the business information of having considered described node support, also considered the routing iinformation of whole network, or not only considered the disposal ability information of routing iinformation and the described node of whole network.This makes configured strategy rule in the network system, if when the control node is only considered the routing iinformation of business information that described node is supported and described whole network, it is too many by the number of times that same policing rule hits to reduce same data flow; And if the control node has also been considered the disposal ability information of described node, can also guarantee the load balancing of whole network like this.

Through the above description of the embodiments, the those skilled in the art can be well understood to, be the convenience described and succinct, only the division with above-mentioned each functional module is illustrated, in the practical application, can as required the above-mentioned functions distribution be finished by different functional modules, the internal structure that is about to device is divided into different functional modules, to finish all or part of function described above.The system of foregoing description, the concrete course of work of device and unit can not repeat them here with reference to the corresponding process among the preceding method embodiment.

In several embodiment that the application provides, should be understood that, disclosed system, apparatus and method can realize by other mode.For example, device embodiment described above only is schematic, for example, the division of described module or unit, only be that a kind of logic function is divided, during actual the realization other dividing mode can be arranged, for example a plurality of unit or assembly can in conjunction with or can be integrated into another system, or some features can ignore, or do not carry out.Another point, the shown or coupling each other discussed or directly to be coupled or to communicate to connect can be by some interfaces, the indirect coupling of device or unit or communicate to connect can be electrically, machinery or other form.

Described unit as separating component explanation can or can not be physically to separate also, and the parts that show as the unit can be or can not be physical locations also, namely can be positioned at a place, perhaps also can be distributed on a plurality of nodes.Can select wherein some or all of unit to realize the purpose of present embodiment scheme according to the actual needs.

In addition, each functional unit in each embodiment of the present invention can be integrated in the processing unit, also can be that the independent physics in each unit exists, and also can be integrated in the unit two or more unit.Above-mentioned integrated unit both can adopt the form of hardware to realize, also can adopt the form of SFU software functional unit to realize.

If described integrated unit is realized with the form of SFU software functional unit and during as independently production marketing or use, can be stored in the computer read/write memory medium.Based on such understanding, part or all or part of of this technical scheme that technical scheme of the present invention contributes to prior art in essence in other words can embody with the form of software product, this computer software product is stored in the storage medium, comprise that some instructions are with so that a computer equipment (can be personal computer, server, the perhaps network equipment etc.) or processor (processor) carry out all or part of step of the described method of each embodiment of the present invention.And aforesaid storage medium comprises: various media that can be program code stored such as USB flash disk, portable hard drive, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disc or CD.

The above; only be the specific embodiment of the present invention, but protection scope of the present invention is not limited thereto, anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; can expect easily changing or replacing, all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of described claim.

Claims

1. the method for business game rule configuration is characterized in that this method comprises:

Issue described policing rule to described network node.

2. method according to claim 1 is characterized in that, the information of described node comprises the business information of described node support and the sign of described node;

According to the business information of described node support and the sign of described node, will support that the node of described business is defined as network node.

3. method according to claim 1 is characterized in that, the information of described node comprises business information, the sign of described node and the routing iinformation of whole network that described node is supported;

4. method according to claim 1 is characterized in that, the information of described node comprises: business information, the sign of described node and the disposal ability information of described node that described node is supported;

5. method according to claim 1 is characterized in that, the information of described node comprises: business information, the sign of described node, the routing iinformation of described whole network and the disposal ability information of described node that described node is supported;

6. according to each described method of claim 1-5, it is characterized in that after described network node issued the step of described policing rule, this method also comprised described:

Issue described policing rule to the described network node that redefines.

7. according to each described method of claim 1-6, it is characterized in that after the described step of obtaining user configured business game, this method also comprises:

8. according to each described method of claim 1-7, it is characterized in that, describedly issue described policing rule to described network node and specifically comprise:

Indicate described network node to start described business;

Send described policing rule to described network node.

9. according to each described method of claim 1-8, it is characterized in that described node type comprises at least one in following: be in the one or more nodes in the consolidated network zone set, belong to one or more nodes of same device type set, be in the set of the one or more nodes in the same physical location zone.

10. according to each described method of claim 1-8, it is characterized in that described node type is link layer, network layer and the transport layer attribute information of one deck type of dividing at least according to described node.

11. the device of business game rule configuration is characterized in that this device comprises: acquiring unit, determining unit and issue the unit;

12. device according to claim 11 is characterized in that, the information of described node comprises the business information of described node support and the sign of described node;

Described determining unit specifically is used for:

13. device according to claim 11 is characterized in that, the information of described node comprises business information, the sign of described node and the routing iinformation of whole network that described node is supported;

Described determining unit specifically is used for:

14. device according to claim 11 is characterized in that, the information of described node comprises: business information, the sign of described node and the disposal ability information of described node that described node is supported;

15. device according to claim 11 is characterized in that, the information of described node comprises: business information, the sign of described node, the routing iinformation of whole network and the disposal ability information of described node that described node is supported;

Described determining unit specifically is used for:

16. according to each described device of claim 11-15, it is characterized in that this device also comprises: know the unit;

17. according to each described device of claim 11-16, it is characterized in that described device also comprises: merge cells;

18., it is characterized in that the described unit that issues specifically is used for according to each described device of claim 11-17:

Indicate described network node to start described business;

Send described policing rule to described network node.

19. according to each described device of claim 11-18, it is characterized in that the professional node types of be used for carrying out that the described business game that described acquiring unit obtains comprises comprises following at least one: be in the one or more nodes in the consolidated network zone set, belong to one or more nodes of same device type set, be in the set of the one or more nodes in the same physical location zone.

20. according to each described device of claim 11-18, it is characterized in that the described business game that described acquiring unit obtains comprises be used for to carry out professional node type for according to link layer, network layer and the transport layer of the described node attribute information of one deck type of dividing at least.

21. a communication system is characterized in that, comprises control node and one or more network node, wherein said one or more network nodes are included in one or more node types, wherein:

Issue described policing rule to described network node;

Described network node is used for: when described control node is defined as the present networks node to carry out the network node of policing rule of described business game, receives the described policing rule that the control node issues, and carry out described policing rule.

22. system according to claim 21 is characterized in that,

Described control node specifically is used for: obtain user configured business game, described business game comprises the policing rule that uses when professional node type and described business are performed for carrying out, and wherein said node type is used for the set of at least one node of expression network;

Issue described policing rule to described definite network node.

23. system according to claim 21 is characterized in that,

Described control node specifically is used for:

Network node to described selection issues described policing rule.

24. system according to claim 21 is characterized in that,

Described control node specifically is used for:

Network node to described selection issues described policing rule.

25. system according to claim 21 is characterized in that,

Described control node specifically is used for:

Network node to described selection issues described policing rule.