CN105323116A - Internet characteristic service flow acquisition method, device and system - Google Patents
Internet characteristic service flow acquisition method, device and system Download PDFInfo
- Publication number
- CN105323116A CN105323116A CN201410376592.7A CN201410376592A CN105323116A CN 105323116 A CN105323116 A CN 105323116A CN 201410376592 A CN201410376592 A CN 201410376592A CN 105323116 A CN105323116 A CN 105323116A
- Authority
- CN
- China
- Prior art keywords
- feature
- service
- flow
- service flow
- route
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The embodiment of the invention discloses an Internet characteristic service flow acquisition method, device and system. The method comprises the following steps: receiving whole network service flow, and judging whether the service flow conforms to a service flow characteristic in a preset flow strategy or not; performing route forwarding on the service flow not conforming to the service flow characteristic as ordinary service flow through a route forwarding table; and redirecting the service flow conforming to the service flow characteristic as characteristic service flow to a relay corresponding to a destination address in a next hop route set for the characteristic service flow in the flow strategy through the next hop route in order to perform a deep packet inspection (DPI) analysis. Through the embodiment of the invention, the accuracy of the DPI analysis can be increased through existing limited DPI resources.
Description
Technical field
The present invention relates to the communication technology, the acquisition method of especially a kind of the Internet FEATURE service flow and device, system.
Background technology
Based on the deep-packet detection (DPI) of Application level protocols analysis, adopted by Ge great operator and main product supplier, and carried out test widely and application on site or tried application.Traffic identification, flow and customer behavior analysis are carried out to existing network application, and then to carry out Service control be as requested operator's inevitable choice.
The magnanimity Internet data of user has huge treasure-house to be excavated, but, along with network size constantly expands, the outlet relaying quantity such as operator, data center is many, it is roomy to be with, but flow analysis system because of limited investment and network trunk bandwidth along with business development continue increase, cause flow collection rate progressively to decline, due to DPI be all flows are all gathered after carry out, DPI monitoring capacity limited at present far cannot meet high measurement accuracy requirement, and the accuracy rate that DPI analyzes is lower.
Summary of the invention
An embodiment of the present invention technical problem to be solved is: the acquisition method and device, the system that provide a kind of the Internet FEATURE service flow, to be promoted the accuracy rate that DPI analyzes by existing limited DPI resource.
The acquisition method of a kind of the Internet FEATURE service flow that the embodiment of the present invention provides, comprising:
Receive the whole network service traffics, and judge whether described service traffics meet the service traffics feature in preset flow strategy;
The service traffics not meeting described service traffics feature are general service flow, carry out routing forwarding by route forwarding table to described general service flow;
The service traffics meeting described service traffics feature are FEATURE service flow, by in described traffic policy being the down hop route of described FEATURE service flow set, by on relaying corresponding for destination address in described FEATURE service traffic redirect to this down hop route, to carry out deep-packet detection DPI analysis.
In another embodiment of said method, after on relaying corresponding for destination address in described FEATURE service traffic redirect to described down hop route, also comprise:
From described relaying, acquisition characteristics service traffics carry out DPI analysis.
In another embodiment of said method, before on relaying corresponding for destination address in described FEATURE service traffic redirect to this down hop route, also comprise:
Judge that whether the down hop route for described FEATURE service flow set in described traffic policy is effective;
If described down hop route is invalid, by route forwarding table, routing forwarding is carried out to described FEATURE service flow;
If described down hop a route to be valid, perform the described down hop route by described traffic policy being described FEATURE service flow set, by the operation on relaying corresponding for destination address in described FEATURE service traffic redirect to this down hop route.
In another embodiment of said method, judge whether the down hop route for described FEATURE service flow set in described traffic policy effectively comprises:
Judge whether the interface between described relaying is in state of activation;
And if the interface between described relaying is in state of activation, described down hop a route to be valid;
Otherwise, and if interface between described relaying be in unactivated state, described down hop route is invalid.
In another embodiment of said method, before judging the service traffics feature whether described service traffics meet in preset flow strategy, also comprise:
Judge whether to need to carry out FEATURE service flow collection;
Carry out FEATURE service flow collection if do not need, by route forwarding table, routing forwarding is carried out to described service traffics;
If desired carry out FEATURE service flow collection, perform the described operation whether described service traffics meet the service traffics feature in preset flow strategy that judges.
In another embodiment of said method, described service traffics feature comprises: source IP address, object IP address, network layer protocol, IP precedence, differentiated services code points dscp field, tcp port, User Datagram Protoco (UDP) udp port, data packet length and TCP identify in flag any one or multiple.
In another embodiment of said method, also comprise:
Count the packet of described FEATURE service flow, statistics is redirected to the data packet number of the FEATURE service flow of described relaying.
The harvester of a kind of the Internet FEATURE service flow that the embodiment of the present invention provides, comprising:
Receiving element, for receiving the whole network service traffics;
Flow judging unit, for judging whether described service traffics that receiving element receives meet the service traffics feature in preset flow strategy; The service traffics not meeting described service traffics feature are general service flow, send to routing forwarding unit; The service traffics meeting described service traffics feature are FEATURE service flow, send to traffic redirect unit;
Routing forwarding unit, for carrying out routing forwarding by route forwarding table to described general service flow;
Traffic redirect unit, for the down hop route by described traffic policy being described FEATURE service flow set, by on relaying corresponding for destination address in described FEATURE service traffic redirect to this down hop route, to carry out deep-packet detection DPI analysis;
First memory cell, for storing described route forwarding table;
Second memory cell, for storing described traffic policy, described traffic policy comprises service traffics characteristic sum down hop route, and described down hop route comprises the relay address as the destination address be redirected.
In another embodiment of said apparatus, described flow judging unit, also whether effective for judging the down hop route for described FEATURE service flow set in described traffic policy; If described down hop route is invalid, described FEATURE service flow is sent to routing forwarding unit; If described down hop a route to be valid, described FEATURE service flow is sent to traffic redirect unit;
Described routing forwarding unit, also for carrying out routing forwarding by route forwarding table to the FEATURE service flow that flow judging unit sends.
In another embodiment of said apparatus, described flow judging unit, specifically judges whether the interface between described redirected unit and described relaying is in state of activation; If the interface between described redirected unit and described relaying is in state of activation, judge described down hop a route to be valid; Otherwise, if the interface between described redirected unit and described relaying is in unactivated state, judge that described down hop route is invalid.
In another embodiment of said apparatus, described flow judging unit, also needs to carry out FEATURE service flow collection for judging whether; Carry out FEATURE service flow collection if do not need, described service traffics are transmitted to described routing forwarding unit, so that described routing forwarding unit carries out routing forwarding by route forwarding table to described service traffics; If desired carry out FEATURE service flow collection, start to judge whether described service traffics meet the operation of the service traffics feature in preset flow strategy.
In another embodiment of said apparatus, described service traffics feature comprises: in source IP address, object IP address, network layer protocol, IP precedence, dscp field, tcp port, udp port, data packet length and TCPflag any one or multiple.
In another embodiment of said apparatus, also comprise:
Described counting unit, the packet for the FEATURE service flow be redirected described traffic redirect unit counts, and statistics is redirected to the data packet number of the FEATURE service flow of described relaying.
The collection of a kind of the Internet FEATURE service flow that the embodiment of the present invention provides and analytical system, comprise the harvester of the Internet FEATURE service flow, flow extraction element, relaying and DPI analytical equipment;
The harvester of described the Internet FEATURE service flow, for receiving the whole network service traffics, and judges whether described service traffics meet the service traffics feature in preset flow strategy; The service traffics not meeting described service traffics feature are general service flow, carry out routing forwarding by route forwarding table to described general service flow; The service traffics meeting described service traffics feature are FEATURE service flow, by in described traffic policy being the down hop route of described FEATURE service flow set, by relaying corresponding for destination address in described FEATURE service traffic redirect to this down hop route;
Described relaying, for carrying redirected described FEATURE service flow;
Described flow extraction element, for sending to DPI analytical equipment from acquisition characteristics service traffics on described relaying;
Described DPI analytical equipment, carries out DPI analysis for the FEATURE service flow sent flow extraction element.
In another embodiment of said system, the harvester of described the Internet FEATURE service flow is positioned on backbone network equipment or outlet layer torus network equipment.
In another embodiment of said system, the harvester of described the Internet FEATURE service flow is specially the harvester of the Internet FEATURE service flow described in the above-mentioned any embodiment of the present invention.
The acquisition method of the Internet FEATURE service flow provided based on the above embodiment of the present invention and device, system, receive the whole network service traffics, and judge whether service traffics meet the service traffics feature in preset flow strategy; Be general service flow for the service traffics not meeting service traffics feature, carry out normal routing forwarding by route forwarding table; Be FEATURE service flow for the service traffics meeting service traffics feature, by the down hop route arranged in traffic policy, by relaying corresponding for destination address in this FEATURE service traffic redirect to this down hop route, to carry out DPI analysis.First the embodiment of the present invention carries out identification and the extraction of FEATURE service flow at network side, only carry out DPI analysis for FEATURE service flow, thus effectively reduce the flow analyzed by DPI, improve DPI analysis efficiency, compared with prior art, improved the accuracy rate of DPI analysis by existing limited DPI resource, the accurate identification to the whole network broadband user specific behavior can be realized under the prerequisite of not dilatation DPI disposal ability.
In a particular application, operator often needs obtain Web page push arrival rate and carry out and machine testing.Wherein, Web page push refers to broadband user and installs and pay a return visit the propelling movement of webpage or other accurate advertisement information pushing, and Web page push arrival rate is that broadband user installs and pays a return visit successful, the percentage of head rice that Web page push arrives user side; And the terminal quantity that machine testing accesses under referring to detection same broadband account (corresponding to IP address) exceedes maximum restriction.At present, because DPI monitoring capacity is limited, not as good as the speed of relaying quantity and bandwidth expansion, the whole network flow proportional DPI being analyzed cover continues reduction, thus make DPI analyze accuracy rate reduction, cause Web page push arrival rate and the two low problem of parallel operation Detection accuracy.Based on the above embodiment of the present invention, in core network side, identifying processing is carried out to the whole network service traffics, identify FEATURE service flow and carry out DPI analysis again, effectively can reduce the flow that DPI analyzes, utilize limited DPI resource, realize analyzing the full collection of the whole network user characteristics message and DPI, effectively can solve puzzlement Web page push arrival rate for many years and the two low problem of parallel operation Detection accuracy.
Below by drawings and Examples, technical scheme of the present invention is described in further detail.
Accompanying drawing explanation
What form a part for specification drawings describes embodiments of the invention, and is used from explanation principle of the present invention together with description one.
With reference to accompanying drawing, according to detailed description below, clearly the present invention can be understood, wherein:
Fig. 1 is the flow chart of an acquisition method embodiment of the Internet of the present invention FEATURE service flow.
Fig. 2 is the schematic diagram carrying out service traffics shunting in the embodiment of the present invention.
Fig. 3 is the flow chart of another embodiment of acquisition method of the Internet of the present invention FEATURE service flow.
Fig. 4 is the flow chart of a harvester embodiment of the Internet of the present invention FEATURE service flow.
Fig. 5 is the flow chart of an acquisition system embodiment of the Internet of the present invention FEATURE service flow.
Embodiment
Various exemplary embodiment of the present invention is described in detail now with reference to accompanying drawing.It should be noted that: unless specifically stated otherwise, otherwise positioned opposite, the numerical expression of the parts of setting forth in these embodiments and step and numerical value do not limit the scope of the invention.
Meanwhile, it should be understood that for convenience of description, the size of the various piece shown in accompanying drawing is not draw according to the proportionate relationship of reality.
Illustrative to the description only actually of at least one exemplary embodiment below, never as any restriction to the present invention and application or use.
May not discuss in detail for the known technology of person of ordinary skill in the relevant, method and apparatus, but in the appropriate case, described technology, method and apparatus should be regarded as a part for specification.
In all examples with discussing shown here, any occurrence should be construed as merely exemplary, instead of as restriction.Therefore, other example of exemplary embodiment can have different values.
It should be noted that: represent similar terms in similar label and letter accompanying drawing below, therefore, once be defined in an a certain Xiang Yi accompanying drawing, then do not need to be further discussed it in accompanying drawing subsequently.
Fig. 1 is the flow chart of an acquisition method embodiment of the Internet of the present invention FEATURE service flow.As shown in Figure 1, the acquisition method of this embodiment the Internet FEATURE service flow comprises:
110, receive the whole network service traffics, and judge whether service traffics meet the service traffics feature in preset flow strategy.
Wherein, the service traffics not meeting service traffics feature are general service flow, perform the operation of 120; The service traffics meeting service traffics feature are FEATURE service flow, that is: need the flow carrying out DPI analysis, perform the operation of 130.
By this operation 110, the whole network service traffics are mated with the service traffics feature in preset flow strategy, achieves the shunting to the whole network service traffics, the whole network service traffics are separated into general service flow and FEATURE service flow.As shown in Figure 2, for carrying out a schematic diagram of service traffics shunting in the embodiment of the present invention.
120, by route forwarding table, normal routing forwarding is carried out to general service flow.
Afterwards, the follow-up flow process of the present embodiment is not performed.
130, by traffic policy being the down hop route of FEATURE service flow set, by relaying corresponding for destination address in FEATURE service traffic redirect to this down hop route, thus achieve the collection of the whole network FEATURE service flow, to carry out DPI analysis.
FEATURE service message converges in given trunk by the embodiment of the present invention, utilizes existing limited DPI resource, effectively can reduce the flow that DPI analyzes, utilize limited DPI resource, realizes the full collection to the whole network FEATURE service message and DPI analysis.
The embodiment of the present invention can be applicable on backbone or outlet layer torus network equipment, extract at FEATURE service flow and maintaining method have innovation improve, deployment operation is simple, input resource is few, utilize limited DPI resource, realize the full collection to the whole network user characteristics service message and DPI analysis, give full play to the value of existing DPI system, can realize carrying out DPI depth detection targetedly, maximize to improve and detect integrality, accuracy.
Fig. 3 is the flow chart of another embodiment of acquisition method of the Internet of the present invention FEATURE service flow.
210, receive the whole network service traffics, and judge whether to need to carry out FEATURE service flow collection to the service traffics received, that is: whether be provided with traffic policy.When needs carry out flow analysis, can traffic policy can be set in embody rule, comprise service traffics characteristic sum down hop route.
Carry out FEATURE service flow collection if do not need, perform the operation of 220; If desired carry out FEATURE service flow collection, perform the operation of 230.
220, by route forwarding table, routing forwarding is carried out to service traffics.
Afterwards, the follow-up flow process of the present embodiment is not performed.
230, judge whether service traffics meet the service traffics feature in preset flow strategy.
Wherein, the service traffics not meeting service traffics feature are general service flow, perform the operation of 240; The service traffics meeting service traffics feature are FEATURE service flow, perform the operation of 250.
240, by route forwarding table, normal routing forwarding is carried out to general service flow.
Afterwards, the follow-up flow process of the present embodiment is not performed.
250, judge that whether the down hop route for FEATURE service flow set in traffic policy is effective.
If down hop route is invalid, perform the operation of 260.If down hop a route to be valid, perform the operation of 270.
260, by route forwarding table, routing forwarding is carried out to FEATURE service flow.
Afterwards, the follow-up flow process of the present embodiment is not performed.
270, by traffic policy being the down hop route of FEATURE service flow set, by relaying corresponding for destination address in this FEATURE service traffic redirect to this down hop route, so that realize the monitoring to FEATURE service flow.
280, from relaying, acquisition characteristics service traffics carry out DPI analysis, to determine the essential information of present flow rate, and such as application type etc.
Unrestricted according to a concrete example of the acquisition method embodiment of the Internet of the present invention FEATURE service flow, in operation 250, whether judge in traffic policy for the down hop route of FEATURE service flow set can be effectively judge whether the equipment realizing this acquisition method is in state of activation with the interface in down hop route between the corresponding relaying of destination address; If realize the equipment of this acquisition method to be in state of activation with the interface between corresponding relaying, FEATURE service flow can reach this relaying, then judge down hop a route to be valid.Otherwise if realize the equipment of this acquisition method to be in unactivated state with the interface between corresponding relaying, FEATURE service flow this relaying unreachable, then judge that down hop route is invalid.
In addition, in another specific example, can also to judge in traffic policy for whether the down hop route of FEATURE service flow set is effective in the following way: judge in traffic policy whether the down hop route of down hop route beyond the route forwarding table that whether has been FEATURE service flow set and setting can reach.If in traffic policy for the down hop route beyond FEATURE service flow set route forwarding table and this down hop route can reach, then judge down hop a route to be valid.Otherwise, if the down hop route of the down hop route beyond the route forwarding table that has been not FEATURE service flow set in traffic policy or setting is unreachable, then judge that down hop route is invalid.
Unrestricted according to another concrete example of the acquisition method embodiment of the Internet of the present invention FEATURE service flow, the service traffics characteristic parameter in above-described embodiment can comprise: source IP address, object IP address, network layer protocol, IP precedence, differentiated services code points (DSCP) field, tcp port, User Datagram Protoco (UDP) (UDP) port, data packet length and TCP identify in (flag) any one or multiple.Current TCPflag mainly comprises several as follows: F (FIN terminates): represent end session; S (SYN, synchronous): represent and start session request; R (RST resets): represent interruption one connection; P (PUSH pushes): represent that packet sends immediately; A (ACK, response); U (URG, urgent); E (ECE): represent that Explicit Congestion is reminded and respond; W (CWR): represent that congestion window reduces.
In embody rule, configuration service traffic characteristic can be carried out according to different application demand, such as, when being applied to Web page push, parallel operation detection scene, need to carry out DPI analysis to web flow (HTTP request), then arrange service traffics to be characterized as: network layer protocol is TCP, tcp port is 80/8080, in the whole network service traffics then received network layer protocol be TCP, tcp port be 80/8080 message be FEATURE service message, therefore its FEATURE service traffic redirect formed is on relaying corresponding to destination address in this down hop route.
In another embodiment of the acquisition method of the Internet of the present invention FEATURE service flow, during by relaying corresponding for destination address in FEATURE service traffic redirect to this down hop route, can also count the packet of the FEATURE service flow be redirected, add up the data packet number of the FEATURE service flow being redirected to relaying.
When the embodiment of the present invention is applied particularly on backbone or outlet layer torus network equipment, up, the descending FEATURE service uninterrupted of backbone network equipment can be estimated, the original data on flows that the FEATURE service flow choosing unidirectional (flow is less) or two-way (flow is more) is analyzed as DPI, by the size of FEATURE service flow, the trunk bandwidth that is redirected and required DPI system resource just can be determined.Wherein trunk bandwidth and DPI system resource should support the unidirectional or binary feature service traffics of extraction.Such as, FEATURE service peak flow has 30G, and the ability that so trunk bandwidth and DPI analyze just can not lower than 30G.
(in) direction application traffic strategy is entered at the business interface of backbone network equipment, can by FEATURE service flow and general service flow separation, and the next hop address of will specify in FEATURE service traffic redirect to traffic policy, namely realize FEATURE service traffic aggregation on the relaying of specifying, all business interfaces all apply this traffic policy, can identify the FEATURE service flow of the whole network.
One of ordinary skill in the art will appreciate that: all or part of step realizing said method embodiment can have been come by the hardware that program command is relevant, aforesaid program can be stored in a computer read/write memory medium, this program, when performing, performs the step comprising said method embodiment; And aforesaid storage medium comprises: ROM, RAM, magnetic disc or CD etc. various can be program code stored medium.
Fig. 4 is the flow chart of a harvester embodiment of the Internet of the present invention FEATURE service flow.The harvester of the Internet FEATURE service flow of this embodiment can be used for performing the operation 110 ~ 130 in said method embodiment of the present invention or operation 210 ~ 270.As shown in Figure 4, it comprises receiving element, flow judging unit, routing forwarding unit, traffic redirect unit, the first memory cell and the second memory cell.Wherein:
First memory cell, for storing route forwarding table.
Second memory cell, for storing the traffic policy pre-set, this traffic policy comprises service traffics characteristic sum down hop route, and this down hop route comprises the relay address as the destination address be redirected.Exemplarily, service traffics characteristic parameter wherein can comprise: in source IP address, object IP address, network layer protocol, IP precedence, dscp field, tcp port, udp port, data packet length and TCPflag any one or multiple.
Receiving element, for receiving the whole network service traffics.
Flow judging unit, for judging whether service traffics that receiving element receives meet the service traffics feature in the traffic policy of the second cell stores; Wherein, the service traffics not meeting service traffics feature are general service flow, send to routing forwarding unit; The service traffics meeting service traffics feature are FEATURE service flow, send to traffic redirect unit.
Routing forwarding unit, for carrying out routing forwarding by the route forwarding table in the first memory cell to general service flow.
Traffic redirect unit, for the down hop route by the traffic policy of the second cell stores being FEATURE service flow set, by relaying corresponding for destination address in FEATURE service traffic redirect to this down hop route, to carry out DPI analysis.
In another embodiment of the harvester of the Internet of the present invention FEATURE service flow, whether flow judging unit is also effective for judging the down hop route for FEATURE service flow set in traffic policy; If down hop route is invalid, FEATURE service flow is sent to routing forwarding unit; If down hop a route to be valid, FEATURE service flow is sent to traffic redirect unit.Correspondingly, routing forwarding unit is also for carrying out routing forwarding by route forwarding table to the FEATURE service flow that flow judging unit sends.
In a concrete example, flow judging unit specifically judges whether the interface between the relaying that redirected unit is corresponding with destination address in down hop route is in state of activation.If the interface be redirected between unit and this relaying is in state of activation, judge down hop a route to be valid; Otherwise, if the interface be redirected between unit and this relaying is in unactivated state, judge that down hop route is invalid.
In another embodiment of the harvester of the Internet of the present invention FEATURE service flow, flow judging unit also needs to carry out FEATURE service flow collection for judging whether; Carry out FEATURE service flow collection if do not need, service traffics are transmitted to routing forwarding unit, so that routing forwarding unit carries out routing forwarding by route forwarding table to service traffics; If desired carry out FEATURE service flow collection, start to judge whether service traffics meet the operation of the service traffics feature in preset flow strategy.
Further, again see Fig. 4, in another embodiment of the harvester of the Internet of the present invention FEATURE service flow, also comprise counting unit, packet for the FEATURE service flow be redirected traffic redirect unit counts, and statistics is redirected to the data packet number of the FEATURE service flow of relaying.
Fig. 5 is the flow chart of an acquisition system embodiment of the Internet of the present invention FEATURE service flow.The system of this embodiment can be used in the present invention above-mentioned each embodiment of the method.As shown in Figure 5, it comprises the harvester of the Internet FEATURE service flow, flow extraction element, relaying and DPI analytical equipment.Wherein:
The harvester of the Internet FEATURE service flow, for receiving the whole network service traffics, and judges whether the service traffics received meet the service traffics feature in preset flow strategy; The service traffics not meeting service traffics feature are general service flow, carry out routing forwarding by route forwarding table to general service flow; The service traffics meeting service traffics feature are FEATURE service flow, by traffic policy being the down hop route of FEATURE service flow set, by relaying corresponding for destination address in FEATURE service traffic redirect to this down hop route.
Relaying, for carrying the FEATURE service flow be redirected by traffic redirect unit.
Relaying in the embodiment of the present invention is between two routers, it can be the lateral relaying of the harvester place router of the Internet FEATURE service flow in two routers, flow carrying is sent to end-to-end router, so that end-to-end router carries out routing forwarding to this FEATURE service flow.
Flow extraction element, for sending to DPI analytical equipment from acquisition characteristics service traffics on relaying, such as, can adopt the mode of relaying light splitting to mention FEATURE service flow from relaying and send to DPI analytical equipment.All can be copied the flow of this relaying by relaying spectroscopic modes, and don't affect normal flow business.
DPI analytical equipment, carries out DPI analysis for the FEATURE service flow sent flow extraction element, to determine the essential information of present flow rate, and such as application type etc.
In a particular application, the harvester of the Internet FEATURE service flow can be arranged on backbone network equipment or outlet layer torus network equipment, to realize the collection to the whole network service traffics.The harvester of the Internet FEATURE service flow specifically can be realized by the apparatus structure of any embodiment shown in Fig. 4 of the present invention.
In an embody rule of the present invention, dispose pilot at metropolitan area network of the provincial broadband network of operator, carry out the collection of inter-provincial HTTP request message based on the traffic policy disposed and DPI analyzes.Broadband outlet P deploy traffic policy, is applied in the in direction of P business interface.Strategy content: the HTTP request packet (that is: non-of object IP address province and protocol port is the packet of TCP80) of access non-province is redirected to given trunk; By the forwarding (Access-ListBasedForwarding of definition based on access list during traffic policy specific implementation, ABF) strategy, allow object IP address to be that the packet of this province normally forwards, in remainder data bag, object protocol port is that the packet of TCP80 is redirected to the next-hop ip address (that is: relay address) of specifying.This application is implemented as follows:
Service traffics receive: broadband outlet P receives the whole province's broadband network service traffics;
FEATURE service flow judges and is redirected: by the traffic policy disposed in advance, according to the route forwarding table pre-set, the packet that object IP address is this province is normally forwarded, the packet being TCP80 by object protocol port in remainder data bag is redirected to the next-hop ip address of specifying, be that packet beyond TCP80 normally forwards according to the route forwarding table pre-set by object protocol port in remainder data bag, namely make FEATURE service flow and general service flow separation;
FEATURE service traffic aggregation: according to the next-hop ip address of specifying, by isolated FEATURE service traffic aggregation on the relaying of P, realizes limited relaying and converges the whole network FEATURE service flow.This relaying can be specifically the lateral relaying of P, that is: up connection backbone network, is descendingly connected to Access Network.Select lateral relaying can make flow after flowing out from lateral relaying, normal forwarding can be continued, flow out to the destination needing access from inter-provincial outlet, do not occur loop or sub-optimal path.If select non-lateral relaying, suppose to use second line of a couplet relaying, may loop be occurred, make FEATURE service flow again enter this P application the above embodiment of the present invention; Suppose to use first line of a couplet relaying, may occur circulating in path, cause non-optimal path, thus increase access time delay;
FEATURE service flow extracts: extract the FEATURE service flow on relaying by port spectroscopic modes, the packet split is the inter-provincial HTTP request packet of the whole network, is sent to DPI analytical equipment and carries out DPI analysis, do not have influence on existing network business.
In this specification, each embodiment all adopts the mode of going forward one by one to describe, and what each embodiment stressed is the difference with other embodiment, same or analogous part cross-reference between each embodiment.For device, system embodiment, because itself and embodiment of the method are substantially corresponding, so description is fairly simple, relevant part illustrates see the part of embodiment of the method.
Methods, devices and systems of the present invention may be realized in many ways.Such as, any combination by software, hardware, firmware or software, hardware, firmware realizes methods, devices and systems of the present invention.Said sequence for the step of described method is only to be described, and the step of method of the present invention is not limited to above specifically described order, unless specifically stated otherwise.In addition, in certain embodiments, can be also record program in the recording medium by the invention process, these programs comprise the machine readable instructions for realizing according to method of the present invention.Thus, the present invention also covers the recording medium stored for performing the program according to method of the present invention.
The embodiment of the present invention passes through traffic policy flexibly, and the service feature flow needed for being analyzed by DPI gathers entirely.In core network side, identifying processing is carried out to the whole network service traffics, identify FEATURE service flow and converged in given trunk, extract FEATURE service flow and be sent to DPI analytical equipment, DPI analytical equipment only needs processing feature service traffics, reduce DPI analytical equipment and need data message flow to be processed, improve the treatment effeciency of DPI analytical equipment.In addition, compare distributed DPI proxy server, the embodiment of the present invention selects centralized deployment DPI analytical equipment, and deployed with devices cost is little, and can realize the covering of the whole network FEATURE service flow, maximizes the integrality, the accuracy that improve deep-packet detection.
Description of the invention provides in order to example with for the purpose of describing, and is not exhaustively or limit the invention to disclosed form.Many modifications and variations are obvious for the ordinary skill in the art.Selecting and describing embodiment is in order to principle of the present invention and practical application are better described, and enables those of ordinary skill in the art understand the present invention thus design the various embodiments with various amendment being suitable for special-purpose.
Claims (16)
1. an acquisition method for the Internet FEATURE service flow, is characterized in that, comprising:
Receive the whole network service traffics, and judge whether described service traffics meet the service traffics feature in preset flow strategy;
The service traffics not meeting described service traffics feature are general service flow, carry out routing forwarding by route forwarding table to described general service flow;
The service traffics meeting described service traffics feature are FEATURE service flow, by in described traffic policy being the down hop route of described FEATURE service flow set, by on relaying corresponding for destination address in described FEATURE service traffic redirect to this down hop route, to carry out deep-packet detection DPI analysis.
2. method according to claim 1, is characterized in that, after on relaying corresponding for destination address in described FEATURE service traffic redirect to described down hop route, also comprises:
From described relaying, acquisition characteristics service traffics carry out DPI analysis.
3. method according to claim 2, is characterized in that, before on relaying corresponding for destination address in described FEATURE service traffic redirect to this down hop route, also comprises:
Judge that whether the down hop route for described FEATURE service flow set in described traffic policy is effective;
If described down hop route is invalid, by route forwarding table, routing forwarding is carried out to described FEATURE service flow;
If described down hop a route to be valid, perform the described down hop route by described traffic policy being described FEATURE service flow set, by the operation on relaying corresponding for destination address in described FEATURE service traffic redirect to this down hop route.
4. method according to claim 3, is characterized in that, judges whether the down hop route for described FEATURE service flow set in described traffic policy effectively comprises:
Judge whether the interface between described relaying is in state of activation;
And if the interface between described relaying is in state of activation, described down hop a route to be valid;
Otherwise, and if interface between described relaying be in unactivated state, described down hop route is invalid.
5. method according to claim 3, is characterized in that, before judging the service traffics feature whether described service traffics meet in preset flow strategy, also comprises:
Judge whether to need to carry out FEATURE service flow collection;
Carry out FEATURE service flow collection if do not need, by route forwarding table, routing forwarding is carried out to described service traffics;
If desired carry out FEATURE service flow collection, perform the described operation whether described service traffics meet the service traffics feature in preset flow strategy that judges.
6. the method according to claim 1 to 5 any one, it is characterized in that, described service traffics feature comprises: source IP address, object IP address, network layer protocol, IP precedence, differentiated services code points dscp field, tcp port, User Datagram Protoco (UDP) udp port, data packet length and TCP identify in flag any one or multiple.
7. the method according to claim 1 to 5 any one, is characterized in that, also comprises:
Count the packet of described FEATURE service flow, statistics is redirected to the data packet number of the FEATURE service flow of described relaying.
8. a harvester for the Internet FEATURE service flow, is characterized in that, comprising:
Receiving element, for receiving the whole network service traffics;
Flow judging unit, for judging whether described service traffics that receiving element receives meet the service traffics feature in preset flow strategy; The service traffics not meeting described service traffics feature are general service flow, send to routing forwarding unit; The service traffics meeting described service traffics feature are FEATURE service flow, send to traffic redirect unit;
Routing forwarding unit, for carrying out routing forwarding by route forwarding table to described general service flow;
Traffic redirect unit, for the down hop route by described traffic policy being described FEATURE service flow set, by on relaying corresponding for destination address in described FEATURE service traffic redirect to this down hop route, to carry out deep-packet detection DPI analysis;
First memory cell, for storing described route forwarding table;
Second memory cell, for storing described traffic policy, described traffic policy comprises service traffics characteristic sum down hop route, and described down hop route comprises the relay address as the destination address be redirected.
9. whether device according to claim 8, is characterized in that, described flow judging unit, also effective for judging the down hop route for described FEATURE service flow set in described traffic policy; If described down hop route is invalid, described FEATURE service flow is sent to routing forwarding unit; If described down hop a route to be valid, described FEATURE service flow is sent to traffic redirect unit;
Described routing forwarding unit, also for carrying out routing forwarding by route forwarding table to the FEATURE service flow that flow judging unit sends.
10. device according to claim 9, is characterized in that, described flow judging unit, specifically judges whether the interface between described redirected unit and described relaying is in state of activation; If the interface between described redirected unit and described relaying is in state of activation, judge described down hop a route to be valid; Otherwise, if the interface between described redirected unit and described relaying is in unactivated state, judge that described down hop route is invalid.
11. devices according to claim 9, is characterized in that, described flow judging unit, also need to carry out FEATURE service flow collection for judging whether; Carry out FEATURE service flow collection if do not need, described service traffics are transmitted to described routing forwarding unit, so that described routing forwarding unit carries out routing forwarding by route forwarding table to described service traffics; If desired carry out FEATURE service flow collection, start to judge whether described service traffics meet the operation of the service traffics feature in preset flow strategy.
Device described in 12. according to Claim 8 to 11 any one, it is characterized in that, described service traffics feature comprises: in source IP address, object IP address, network layer protocol, IP precedence, dscp field, tcp port, udp port, data packet length and TCPflag any one or multiple.
Device described in 13. according to Claim 8 to 11 any one, is characterized in that, also comprise:
Described counting unit, the packet for the FEATURE service flow be redirected described traffic redirect unit counts, and statistics is redirected to the data packet number of the FEATURE service flow of described relaying.
The collection of 14. 1 kinds of the Internet FEATURE service flows and analytical system, is characterized in that, comprises the harvester of the Internet FEATURE service flow, flow extraction element, relaying and DPI analytical equipment;
The harvester of described the Internet FEATURE service flow, for receiving the whole network service traffics, and judges whether described service traffics meet the service traffics feature in preset flow strategy; The service traffics not meeting described service traffics feature are general service flow, carry out routing forwarding by route forwarding table to described general service flow; The service traffics meeting described service traffics feature are FEATURE service flow, by in described traffic policy being the down hop route of described FEATURE service flow set, by relaying corresponding for destination address in described FEATURE service traffic redirect to this down hop route;
Described relaying, for carrying redirected described FEATURE service flow;
Described flow extraction element, for sending to DPI analytical equipment from acquisition characteristics service traffics on described relaying;
Described DPI analytical equipment, carries out DPI analysis for the FEATURE service flow sent flow extraction element.
15. systems according to claim 14, is characterized in that, the harvester of described the Internet FEATURE service flow is positioned on backbone network equipment or outlet layer torus network equipment.
16. systems according to claims 14 or 15, it is characterized in that, the harvester of described the Internet FEATURE service flow is specially the device described in claim 8 to 13 any one.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410376592.7A CN105323116B (en) | 2014-08-01 | 2014-08-01 | The acquisition method of internet FEATURE service flow and device, system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410376592.7A CN105323116B (en) | 2014-08-01 | 2014-08-01 | The acquisition method of internet FEATURE service flow and device, system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105323116A true CN105323116A (en) | 2016-02-10 |
| CN105323116B CN105323116B (en) | 2018-06-29 |
Family
ID=55249757
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410376592.7A Active CN105323116B (en) | 2014-08-01 | 2014-08-01 | The acquisition method of internet FEATURE service flow and device, system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105323116B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106209506A (en) * | 2016-06-30 | 2016-12-07 | 瑞斯康达科技发展股份有限公司 | A kind of virtualization deep-packet detection flow analysis method and system |
| CN108900371A (en) * | 2018-06-12 | 2018-11-27 | 广东睿江云计算股份有限公司 | A kind of method of flow control optimization |
| CN109804658A (en) * | 2016-10-10 | 2019-05-24 | 诺基亚通信公司 | Handling capacity in communication network |
| CN110752994A (en) * | 2019-10-28 | 2020-02-04 | 深信服科技股份有限公司 | Traffic classification processing method, device, equipment and readable storage medium |
| CN110796466A (en) * | 2018-08-03 | 2020-02-14 | 武汉稀云科技有限公司 | Internet advertisement putting method and device |
| CN112511426A (en) * | 2019-09-16 | 2021-03-16 | 中国移动通信集团河北有限公司 | Traffic grooming method and device, computing device and storage medium for service |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101399749A (en) * | 2007-09-27 | 2009-04-01 | 华为技术有限公司 | Method, system and device for packet filtering |
| CN101420336A (en) * | 2007-10-26 | 2009-04-29 | 诺基亚西门子通信有限责任两合公司 | Method for recognizing network telephone flow quantity in network and system thereof |
| CN101645806A (en) * | 2009-09-04 | 2010-02-10 | 东南大学 | Network flow classifying system and network flow classifying method combining DPI and DFI |
| CN102394827A (en) * | 2011-11-09 | 2012-03-28 | 浙江万里学院 | Hierarchical classification method for internet flow |
| US20120282255A1 (en) * | 2011-04-07 | 2012-11-08 | Greg Plucinski | Methods and compositions for the treatment of alcoholism and alcohol dependence |
-
2014
- 2014-08-01 CN CN201410376592.7A patent/CN105323116B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101399749A (en) * | 2007-09-27 | 2009-04-01 | 华为技术有限公司 | Method, system and device for packet filtering |
| CN101420336A (en) * | 2007-10-26 | 2009-04-29 | 诺基亚西门子通信有限责任两合公司 | Method for recognizing network telephone flow quantity in network and system thereof |
| CN101645806A (en) * | 2009-09-04 | 2010-02-10 | 东南大学 | Network flow classifying system and network flow classifying method combining DPI and DFI |
| US20120282255A1 (en) * | 2011-04-07 | 2012-11-08 | Greg Plucinski | Methods and compositions for the treatment of alcoholism and alcohol dependence |
| CN102394827A (en) * | 2011-11-09 | 2012-03-28 | 浙江万里学院 | Hierarchical classification method for internet flow |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106209506A (en) * | 2016-06-30 | 2016-12-07 | 瑞斯康达科技发展股份有限公司 | A kind of virtualization deep-packet detection flow analysis method and system |
| CN109804658A (en) * | 2016-10-10 | 2019-05-24 | 诺基亚通信公司 | Handling capacity in communication network |
| CN109804658B (en) * | 2016-10-10 | 2022-04-29 | 诺基亚通信公司 | Throughput in a communication network |
| CN108900371A (en) * | 2018-06-12 | 2018-11-27 | 广东睿江云计算股份有限公司 | A kind of method of flow control optimization |
| CN110796466A (en) * | 2018-08-03 | 2020-02-14 | 武汉稀云科技有限公司 | Internet advertisement putting method and device |
| CN112511426A (en) * | 2019-09-16 | 2021-03-16 | 中国移动通信集团河北有限公司 | Traffic grooming method and device, computing device and storage medium for service |
| CN110752994A (en) * | 2019-10-28 | 2020-02-04 | 深信服科技股份有限公司 | Traffic classification processing method, device, equipment and readable storage medium |
| CN110752994B (en) * | 2019-10-28 | 2022-03-22 | 深信服科技股份有限公司 | Traffic classification processing method, device, equipment and readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105323116B (en) | 2018-06-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105323116A (en) | Internet characteristic service flow acquisition method, device and system | |
| CN106656801B (en) | Reorientation method, device and the Business Stream repeater system of the forward-path of Business Stream | |
| CN100474819C (en) | A deep message detection method, network device and system | |
| CN105072629B (en) | Method, equipment and the system of the quality of the business run in measuring terminals | |
| CN102638388B (en) | Flow label negotiating method, relevant device and system | |
| EP2654340A1 (en) | Session-aware GTPv1 load balancing | |
| AU2015256589B2 (en) | Fine-grained network monitoring | |
| JP2007241805A (en) | System-analyzing device and system-analyzing method | |
| CN101960782B (en) | In-bound mechanism that verifies end-to-end service configuration with application awareness | |
| KR101578193B1 (en) | Method and System for controlling an access gateway using software defined network | |
| EP3963827B1 (en) | Systems and methods for distributed charging in digital telecommunications networks | |
| CN108881028A (en) | The SDN network resource regulating method of application perception is realized based on deep learning | |
| CN104954165B (en) | A kind of method, equipment and the system of link analysis | |
| CN103298035A (en) | Congestion control method and device | |
| KR101388627B1 (en) | Apparatus for blocking abnormal traffic in 4g mobile network | |
| CN106656807A (en) | Message forwarding method and SDN switch | |
| CN105634968A (en) | Apparatus and method for controlling transmission of data traffic | |
| CN112994987A (en) | Cloud network, measurement system, method, device and storage medium for cloud network | |
| CN103702352A (en) | Business channel-based network capacity opening method and device thereof | |
| CN106131153B (en) | Business recognition method and device based on intelligent gateway | |
| KR101821388B1 (en) | System and method for managing network quality and fault | |
| CN103166807A (en) | Analyzing and processing method and analyzing and processing system of traffic flow direction based on application | |
| CN105307219A (en) | Method and system for controlling service quality of communication service | |
| CN106789878B (en) | A kind of file towards large traffic environment also original system and method | |
| JP6828818B2 (en) | Traffic optimizer, communication system, traffic optimization method and program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |