CN106068628B - For managing the device and method for being used for the strategy and/or resource of Configuration network - Google Patents
For managing the device and method for being used for the strategy and/or resource of Configuration network Download PDFInfo
- Publication number
- CN106068628B CN106068628B CN201480077060.1A CN201480077060A CN106068628B CN 106068628 B CN106068628 B CN 106068628B CN 201480077060 A CN201480077060 A CN 201480077060A CN 106068628 B CN106068628 B CN 106068628B
- Authority
- CN
- China
- Prior art keywords
- resource
- strategy
- network
- rule
- data model
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/02—Standardisation; Integration
- H04L41/022—Multivendor or multi-standard integration
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0893—Assignment of logical groups to network elements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0895—Configuration of virtualised networks or elements, e.g. virtualised network function or OpenFlow elements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/34—Signalling channels for network management communication
- H04L41/342—Signalling channels for network management communication between virtual entities, e.g. orchestrators, SDN or NFV entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/40—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using virtualisation of network functions or resources, e.g. SDN or NFV entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/02—Standardisation; Integration
- H04L41/0226—Mapping or translating multiple network management protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0894—Policy-based network configuration management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- General Business, Economics & Management (AREA)
- Mobile Radio Communication Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention proposes the device 100 and method for managing the strategy for configuring one or more networks and/or resource.Described device 100 includes the first interface 101 for described device 100 to be connected to at least one network management entity 110,111,112.Second interface 102 is provided for described device 100 to be connected to SDN controller 120.Described device 100 further includes abstraction module 103, the abstraction module is used to receive at least one strategy and/or resource rule from each network management entity 110,111,112, and for the strategy received and/or resource rules abstraction to be melted into unified data model.Described device 100 also has logic module 104, the logic module is used for from 120 receiving frame of SDN controller, for creating at least one network configuration rule based on the frame received and the unified data model, and at least one described network configuration rule to be forwarded to the SDN controller 120.
Description
Technical field
The present invention relates to the device and method for management strategy and/or resource, the strategy and/or resource can be used for
Configure one or more networks.Exactly, the present invention propose Unified Policy manager using as described device, the unified plan
Slightly manager can receive the multiple and different strategies and/or money of different-format from the network management entity in one or more networks
Source rule, and these strategies and/or resource rules abstraction are melted into common data form.Method of the invention can pass through institute
The device of proposition executes.
Background technique
Known different network is (for example, fixed (that is, wired) network, mobile network, wireless network in state of the art
Network, IMS network etc.), the network respectively has the tactical management of its own.Exactly, heterogeneous networks use different entities
Come management strategy and resource.
For example, cable network usually using broadband network Service Gateway (Broadband Network Gateway,
BNG).BNG is the access point of subscriber, and subscriber is connected to broadband network by access point.When in BNG and customer terminal equipment
When establishing connection between (Customer Premise Equipment, CPE), subscriber it is accessible by network by network service
Provider (Network Service Provider, NSP) or ISP (Internet Service
Provider, ISP) provide broadband service.BNG is established and management session of subscriber.Exactly, BNG from access network aggregation
Business from multiple session of subscriber, and the business of aggregation is routed to the network of service provider.BNG is usually mentioned by service
It is disposed for quotient, and at the first accumulation point being preferably in network, for example, edge router.Edge router itself
It can be used for serving as BNG.Because subscriber is then connected directly to edge router, BNG effectively manage subscriber's access and
Subscriber management function, for example, the authentication, authorization, accounting of session of subscriber, address distribution, safety, tactical management or Service Quality
It measures (Quality of Service, QoS).
As another example, cellular network is usually using strategy and charge execution function (Policy and Charging
Enforcement Function, PCEF), "Policy and Charging Rules Function (Policy and Charging Rule
Function, PCRF) and tactful and charging control (Policy and Charging Control, PCC).In PCC framework
In, PCRF is the central entity generated strategy based on the input from separate sources with charging decisions, and the input includes movement
Operator's configuration, user's ordering information, information on services etc..PCC decision is then transmitted to PCEF in the form of PCC rule,
The PCC rule includes: server data stream (service data flow, SDF) information, and the information allows the knowledge of IP operation
Not;Billing parameter, the billing parameter are used to carry out charging to this business;Or qos parameter, the qos parameter will be applied to SDF
The IP operation that filter is identified.PCC rule can also statically configure in PCEF, and then be moved by GX interface by PCRF
Refer to state.
PCRF and PCEF is closely related functional entity, and the functional entity includes that policy control decision is formulated and flowed
Charging control function.PCRF, which is designed to provide, is related to the network of the flow based charging control of server data stream detection, QoS and PCEF
Control.PCEF is substantially business processing and QoS of user's offer in gateway.In addition, PCEF is also responsible for providing service data
Stream detection and counting are together with online and offline charging interaction.
As last example, WiFi network is usually using access network discovery and selection function (Access Network
Discovery and Selection Function, ANDSF), it is that the system architecture for being compatible with mobile network for 3GPP is drilled
Into (System Architecture Evolution, SAE) Evolved Packet Core (Evolved Packet Core,
EPC the entity in).The purpose of ANDSF is assisting user equipment (User Equipment, UE) to find non-3 GPP access network
Network, for example, WiFi or WIMAX, the non-3GPP access network can be used for except 3GPP access network (for example, HSPA or LTE)
Outer data communication, and the rule for monitoring the connection of these networks is provided to UE.
Due to numerous known tactical management entities of heterogeneous networks, service is transferred between these networks and applies right and wrong
Often difficult.Exactly, each network management entity can be used its own policy template and its supplier it is specifically real
Scheme is applied, this to integrate several network management entities under individually management situation to be very difficult.
Software defined network (Software Defined Network, SDN) and network function virtualize (Network
Function Virtualization, NFV) it is to realize the use of virtualization technology so that physical unit to be converted into virtually filling
Two new technologies set.It can solve above-described coordination heterogeneous networks management however, only virtualizing numerous physical units not
The problem of multiple strategies between entity and/or resource rule.
In enterprise network, it is further known that being referred to as Cisco's business strategy manager (Cisco Enterprise Policy
Manager, CEPM) system, and the system be for realizing the management of fine granularity distributed authorization, parsing, execution and examine
The enterprise level solution of core.CEPM uses the loose coupling of multi-layer and measured authorization model, and the model is by collecting
In and/or distributed policy management point (Policy Administration Point, PAP), high speed concentration and/or distribution
Formula policy decision point (Policy Decision Point, PDP) and built in advance or customized optimisation strategy execution point
(Policy Enforcement Points, PEP) composition.
However, CEPM framework has a disadvantage in that it is based on multilayer application, this needs heavy with numerous resources
And valuableness is integrated, the resource is for example, computer, network connection, management system etc..In addition, though most of strategy execution
It is network-oriented (for example, ACL, QoS), but there is no the clear and simple interfaces to network side.In addition, the frame
Structure is not particularly suited for integrated with SDN.
It summarizes to disadvantages mentioned above, only the strategy of very limited number and/or resource rule convergence platform are known
's.More seriously, there is no the single devices or method that allow the Unified Policy management in one or more networks.
Summary of the invention
In view of disadvantages described above and problem, the invention is intended to improve state of the art.Exactly, of the invention
The device and method that target is to provide a kind of offer Unified Policy management.The present invention is specifically intended for at least portion across network
Divide or cross over the strategy of multiple networks and/or the unification of resource.The present invention has following target as a result: making the difference in network
Network configuration and roaming between part or between the different networks is simpler and more efficient.
Above-mentioned purpose of the invention is realized by the scheme provided in accompanying independent claim item.In corresponding appurtenance
Benefit further defines advantageous embodiment of the invention in requiring.Exactly, according to the device advocated and advocated
Method realizes the Unified Policy management for being used for multiple networks.
In the first aspect, the present invention provides a kind of physics or virtual device for management strategy and/or resource, institute
Strategy and/or resource are stated for configuring one or more networks, described device includes: first interface, for being connected at least one
A network management entity;Second interface, for being connected to software defined network (software defined network, SDN)
Entity, for example, SDN controller;Abstraction module, for receiving at least one strategy and/or money from each network management entity
Source rule, and for the strategy received and/or resource rules abstraction to be melted into unified data model;Logic module is used for
From SDN controller receiving frame, for creating at least one network configuration rule based on the frame and unified data model that receive,
And at least one network configuration rule to be forwarded to SDN controller.
Therefore device according to the first aspect of the invention serves as Unified Policy manager.Described device especially serves as strategy
Converge platform.Preferably, described device is SDN application.Described device can will be received from one or more network management entities
To all strategy and/or resources be unified into unified data model.This allows specially across single management domain (for example, single carry
Body or single network), or even crossing over several management domains (for example, several carriers or network) is each user (that is, every user)
Unified Policy and/or resource rule.Unified data model is stored preferably in local data base.Optionally, user information
Storage is in the database.Database can be inside or outside the device of first aspect.First and second interfaces can be corresponding
Ground is north orientation and south orientation application programming interface (application programming interface, API).
The device of first aspect may be implemented for the single of strategy in one or more networks and/or resource rule
Decanting point.By using the device of first aspect, the different piece of network internetwork roaming or between the different networks roaming can
With the unified and more efficient way execution compared with state of the art.Exactly, available faster processing is roamed simultaneously
And there is less administrative burden.In addition, the device of first aspect allows to construct better simply strategy and/or resource management frame
Structure, the framework exactly include less element, therefore are cheaper and have more preferable compared with state of the art
Network efficiency.For example, providing the single DPI in the device of first aspect can be used for across one or more networks
Whole users, to increase network efficiency.For example, when using the device of first aspect, it is possible to which unloading is simple to be turned
The frame processing of element is sent out, so as to simplified strategy and/or resource management architecture.
In the first form of implementation according to the device of first aspect, logic module is used to extract letter from the frame received
Breath, for parsing extracted information according to unified data model, and for according to associated with extracted information
Unified data model in abstract strategy and/or resource rule come create at least one network configuration rule.
When extracting information, the information in the header or payload of frame is can be used in device.For example, device can be with
Use MAC Address, IP address or the log-on message being contained in frame.Extracted information can for example be used to inquire to be directed to and be used for
The unified data model of this user (that is, the user for sending frame) and the strategy optionally for dedicated movement.For example,
If mobile subscriber attempts to connect to WiFi operator access point (access point, AP), then in unified data model
User profile must be roamed comprising WiFi, otherwise will be rejected to the access of WiFi network.The device of first aspect
One or a set of network configuration rule can be efficiently created, can efficiently be matched by the one or more networks of the rule
It sets for each user.
In the second form of implementation according to first aspect thus or the device according to the first form of implementation of first aspect
In, logic module from the frame received for extracting at least user identifier ID and/or metadata, for according to uniform data mould
Type parses extracted ID and/or metadata, and for according to the system for corresponding to extracted User ID and/or metadata
Strategy and/or resource rule in one data model is regular to create at least one network configuration.
Metadata may include application type, position and/or device ID.User ID and/or metadata can equally pass through
It is extracted using the information in the header of the frame received and/or payload.By extracting User ID and/or metadata, net
Network can be configured for specific user in an efficient manner.
Implement according to first aspect thus or according to the third of the device of any previous form of implementation of first aspect
In form, logic module includes at least one deep message detection (deep packet inspection, DPI) unit, and
For checking the frame received by using DPI.
For only needing provide single DPI across whole users of one or more networks so that it is one or
Multiple networks are more efficient.
Implement according to first aspect thus or according to the 4th of the device of any previous form of implementation of first aspect the
In form, abstraction module be used for by multiple strategies received of identical network management entity and/or resource regular collection at
Single Unified Policy and/or resource rule.
Therefore, strategy and/or resource management can be generally simplified.It is also possible that by multiple strategies and/or money
Source rule, for example, the strategy of two or more heterogeneous networks management entities and/or resource rule, be gathered into Unified Policy and/
Or resource rule.
Implement according to first aspect thus or according to the 5th of the device of any previous form of implementation of first aspect the
In form, abstraction module is used for the Data Format Transform of each strategy received and/or resource rule into common number
According to format.
Thus the strategy of network and/or resource management be simplified, and can also be proposed by first aspect
Device more efficiently and performs faster.
Implement according to first aspect thus or according to the 6th of the device of any previous form of implementation of first aspect the
In form, described device further comprises the front-end module configured with multiple plug-in units, and each plug-in unit is for interpreting at least one biography
The strategy and/or resource rule of system format.
Due to front-end module, it is formed such that the external module with existing legacy interface is connectable to the institute of first aspect
The infrastructure of the device of proposition.Preferably for non-traditional interface, it is additionally present of the local being provided in front-end module and inserts
Part.By the different plug-in units of front-end module so that device is more flexible, especially because described device can with it is new and traditional
The network management entity of type works together.
Implement according to first aspect thus or according to the 7th of the device of any previous form of implementation of first aspect the
In form, described device further comprises third interface and the 4th interface, for device to be connected at least one other device
To be preferably used for described device together with several other device clusterings for management and/or synchronization policy and/or resource
For management and/or synchronization policy and/or resource.
Third and fourth interface can be correspondingly east orientation and/or west to API.By by numerous proposed device clusterings
Together, the strategy that can make one or more networks and resource management are faster.Further, it enables strategy and/or resource management frame
Structure is scalable.Multiple devices can cluster be together in single management domain or in several management domains.
Implement according to first aspect thus or according to the 8th of the device of any previous form of implementation of first aspect the
In form, network configuration rule is for Open Flow and/or the SDN order of flow creation or comprising creating for flow
Open Flow and/or SDN order.
Otherwise related command can be sent to SDN controller and also from device accordingly by first interface and second interface
So.According to transmitted order, SDN controller can be with Configuration network.Exactly, SDN controller can configure related exchange
Machine (for example, Open Flow interchanger, standard switchboard etc.) and/or related application are (for example, SDN application, such as firewall
(firewall, FW), wide area network (wide area network, WAN) optimal controller (WAN optimization
Controller, WOC), deep message detection (DPI), network address translation (network address translation,
NAT), application delivery controller (application delivery controller, ADC) or the like).
Implement according to first aspect thus or according to the 9th of the device of any previous form of implementation of first aspect the
In form, network configuration rule includes that service quality (Quality of Service, QoS) configuration rule and/or service chaining are matched
Set rule.
Implement according to first aspect thus or according to the tenth of the device of any previous form of implementation of first aspect the
In form, first interface and/or second interface are application programming interface, API.
The present invention provides a kind of for management strategy and/or the method for resource in second aspect, the strategy and/or money
Source the described method comprises the following steps for configuring one or more networks: received from least one network management entity to
A few strategy and/or resource rule;The strategy received and/or resource rules abstraction are melted into unified data model;From soft
Part defines receiving frame in network (software defined network, SDN) controller;Based on the frame received and unified number
According to model creation at least one network configuration rule, and at least one network configuration rule is forwarded to SDN controller.
By the method for second aspect, whole advantages of the device of first aspect referred to above equally may be implemented.
Exactly, the unification of the strategy received and/or resource rule is realized.It therefore, can be compared with state of the art more
Efficient mode completes the configuration of one or more networks and the roaming especially between heterogeneous networks part or network.
In the first form of implementation according to the method for second aspect, the creation of at least one network configuration rule includes:
Information is extracted from the frame received;Extracted information is parsed according to unified data model;And according to extracted
The associated unified data model of information in abstract strategy and/or resource rule come create at least one network configuration rule
Then.
In the second form of implementation according to second aspect thus or the method according to the first form of implementation of second aspect
In, the method further includes according at least one network configuration rule come the step of configuring one or more networks.
Implement according to second aspect thus or according to the third of the method for any previous form of implementation of second aspect
In form, which comprises receive a network being registered in network or close to new network with the user's that is roamed
First frame;SDN controller is sent by the frame received;And forward the frame to logic module.
Implement according to second aspect thus or according to the 4th of the method for any previous form of implementation of second aspect the
In form, the method further includes: at least user identifier ID and/or metadata are extracted from the frame received;According to system
One data model parses extracted ID and/or metadata, and according to corresponding to extracted User ID and/or metadata
Unified data model in strategy and/or resource rule come create at least one network configuration rule.
Implement according to second aspect thus or according to the 5th of the method for any previous form of implementation of second aspect the
In form, the method further includes the frame received is checked by using DPI.
In the 6th form according to second aspect thus or the method according to any previous form of implementation of second aspect
In, the method further includes by multiple strategies received of identical network management entity and/or resource regular collection at
Single Unified Policy and/or resource rule.
Implement according to second aspect thus or according to the 7th of the method for any previous form of implementation of second aspect the
In form, the method further includes: by the Data Format Transform of each strategy received and/or resource rule at common
Data format.
Implement according to second aspect thus or according to the 8th of the method for any previous form of implementation of second aspect the
In form, the method further includes: interpret the strategy and/or resource rule of at least one conventional form.
Implement according to second aspect thus or according to the 9th of the method for any previous form of implementation of second aspect the
In form, network configuration rule is for Open Flow and/or the SDN order of flow creation or comprising creating for flow
Open Flow and/or SDN order.
Implement according to second aspect thus or according to the tenth of the method for any previous form of implementation of second aspect the
In form, network configuration rule includes that service quality (Quality of Service, QoS) configuration rule and/or service chaining are matched
Set rule.
The corresponding reality for being directed to the device according to first aspect is realized according to the above-mentioned form of implementation of the method for second aspect
Apply the corresponding effect and advantage of form description.
It must further be noted that the whole devices, cell and the component that describe in this application can be in softwares or hard
Implement in part element or its any kind of combination.By each entity described in present application execute all steps with
And it is described as the functionality executed by each entity meaning that corresponding entity is used to execute corresponding steps and functionality.Following
To in the description of specific embodiment, even if the exact functionality or step that are executed as general entity are not reflected in described in execution
In the description of specific steps or the specific detailed elements of functional entity, those skilled in the art also should be clear
Chu, these methods and functionality can be implemented with corresponding software or hardware element or its any kind of combination.
Detailed description of the invention
Fig. 1 shows the device according to an embodiment of the invention for management strategy and/or resource, wherein the dress
Set that be integrated into further comprise in the network of network management entity and SDN controller.
Fig. 2 shows the devices according to an embodiment of the invention for management strategy and/or resource, wherein the dress
Set that be integrated into further comprise in the network of network management entity, SDN controller and respective switch.
Fig. 3 shows the device according to an embodiment of the invention for management strategy and/or resource, wherein the dress
Set that be integrated into further comprise in the network of network management entity, SDN controller and respective switch.
Fig. 4 shows the device according to an embodiment of the invention for management strategy and/or resource, wherein the dress
Set that be integrated into further comprise in the network of network management entity, SDN controller and respective switch.
Fig. 5 is the flow chart for showing the method and step of method according to an embodiment of the invention.
Specific embodiment
Fig. 1 shows network, and it includes the dresses according to an embodiment of the invention for management strategy and/or resource
100 are set, wherein strategy and/or resource can be used for Configuration network.It is furthermore possible that providing device 100 for managing in network
It is more than the strategy an of management domain and/or the strategy and/or resource of resource or even more than one network.That is, another
Outside, the strategy and/or resource managed can be used for configuring more than one network.Device 100 is referred to alternatively as Unified Policy management
Device (unified policy manager, UPM).The network of Fig. 1 further includes network management entity 110,111,112, makees
Entity 110, application for Lightweight Directory Access Protocol (Lightweight Directory Access Protocol, LDAP)
The particular instance of program policy entity 111 and Network Management System (Network Management System, NMS) 112.Net
Network management entity 110,111,112 is also possible to other business and operational administrative entity.
Device 100 includes first interface 101, and the first interface is for being connected to network management entity 110,111,112
At least one of, it is preferred that being connected to the whole in network management entity 110,111,112.Preferably, first interface
101 are or including at least one north orientation API, for device 100 to be connected to network management entity 110,111,112.At least
One API can be installed as module as needed.
Device 100 includes second interface 102, and the second interface is used to be connected to the SDN entity such as SDN controller 120.
Preferably, second interface 102 is or is used for including at least one south orientation API, the south orientation API correspondingly from SDN controller 120
It sends configuring request and/or network configuration rule and sends SDN controller 120 for configuring request and/or network configuration rule.
Network configuration rule can be used to Configuration network (or alternatively configuring more than one network) by SDN controller 120.
Device 100 also includes abstraction module 103, and the abstraction module is used to pass through first interface 101 from each net
At least one strategy and/or resource rule are received in network management entity 110,111,112, and by the strategy received and/or
Resource rules abstraction is melted into unified data model.Abstraction module 103 is preferably unified layer, and the layer will come from north orientation
Whole strategies and/or resource rules abstraction of API are melted into common unified data model.Preferably, abstraction module 103 by
This is used for by identical network management entity 110,111,112 or even from more than one network management entity 110,111,112
Multiple strategies received and/or resource regular collection to single Unified Policy and/or resource rule in.Abstraction module
103 can be also used for the Data Format Transform of each strategy received and/or resource rule into common data format.
Device 100 further includes logic module 104, and the logic module is for receiving from SDN controller 120
Frame, for creating at least one network configuration rule based on the frame received and based on unified data model, and being used for will
At least one network configuration rule is forwarded to SDN controller 120.Logic module 104 can be for example real by controller or processor
It applies.Logic module 104 can be according to from customer data base, network and/or optionally from deep message detection (deep packet
Inspection, DPI) the received information of engine parses the whole strategies and/or resource rule in unified data model, and
And design needs to provide network of relation configuration rule in a network.Exactly, logic module 104 is used for from the frame received
Middle extraction information, the frame received is for example, User ID and/or metadata.In addition, logic module 104 is also used to according to system
One data model parses extracted information, that is, for example extracted User ID and/or extracted metadata, and use
It is advised in creating at least one network configuration according to the strategy and/or resource rule that abstract those of in unified data model
Then, the strategy of the abstract and/or resource rule are associated with extracted information, that is, for example, corresponding to extracted use
Family ID and/or metadata.
Fig. 2 shows devices 100 according to another embodiment of the present invention.Embodiment shown in Fig. 2 reflects the first of Fig. 1
The optional and more detailed embodiment of embodiment.Exactly, embodiment shown in Fig. 2 also includes shown in Fig. 1
First interface 101, second interface 102, abstraction module 103 and the logic module 104 of embodiment.
In Fig. 2, the exemplary network management entity 110,112,111 of network is respectively used for authentication, authorization, accounting
(Authentication, Authorization and Accounting, AAA), service management and PCC.SDN control in network
Device 120 processed is connected to several interchangers 210,211, and the interchanger can be for example including at least one Open Flow interchanger
210 and/or at least one standard switchboard 211.
First interface 101 is north orientation API, and the north orientation API may include application and/or interface, for example, common object is asked
Ask the application of proxy construction (Common Object Request Broker Architecture, CORBA) north orientation, simple object
Access protocol (Simple Object Access Protocol, SOAP), dial user's remote authentication service (Remote
Authentication Dial in User Service, RADIUS), Simple Network Management Protocol (Simple Network
Management Protocol, SNMP) or representative state transfer (Representational State Transfer,
REST).Second interface 102 is SDN API.
Logic module 104 preferably includes one or more application, for example, DPI 204, AAA, QoS or routing.Logic mould
Block 104 can make these that should act on it by the received frame of second interface 102.For example, logic module 104 is preferably used
In checking the frame received by using 204 engine of DPI.Logic module 104 further preferably can be in database 203
Middle storage unified data model.Database 203 can be inside or outside device 100.Database 203 can store whole systems
One strategy and/or resource rule, and user information optionally can be also stored, for example, the information of selected user or complete
The information of portion user.
The device 100 of Fig. 2 further includes front-end module 206, and the front-end module can for example be embodied as pluggable plan
Slightly front end.Front-end module 206 be to realize the external module of the existing interface with conventional measures utensil to device 100 company
The infrastructure connect.For this purpose, front-end module 206 is preferably configured with multiple plug-in units 205, wherein each plug-in unit 205 is used for
Interpret the strategy and/or resource rule of at least one conventional form.Plug-in unit 205 may include PCRF plug-in unit, BNG plug-in unit or
ASDNF plug-in unit.For unconventional support, there is preferably local plug-in units.
Device 100 shown in Fig. 2 further includes third interface 201 and/or the 4th interface 202.These are additional to connect
Mouthfuls 201 and 202 for being connected at least one other device (for example, another device 100) for device 100, with for manage and/
Or synchronization policy and/or resource, preferably device 100 is used to manage together with several other device clusterings and/or same
Step strategy and/or resource.Preferably, third interface 201 and/or the 4th interface 202 are east orientation and/or west to API, they be
If the communication channel under single management domain or several management domains by 100 cluster of equipment for drying together.
Fig. 3 and 4 correspondingly illustrates the operating mode of the device 100 presented in Fig. 2.Exactly, Fig. 3 is related in Fig. 2
Shown in device 100 configuration, and Fig. 4 be related to by device 100 shown in Fig. 2 manage frame flow.
In Fig. 3, network management entity 110,111,112 is each user configuration (step A) strategy and/or resource first
Rule optionally crosses over different architecture frameworks.Strategy and/or resource rule then convey (step B) by first interface 101 and arrive
Device 100, and preferably conveyed by using front-end module 206.It is therefore preferred to using conventional inserts or locally slotting
Part.Preferably, its resource and/or policing rule are transported to by each network management entity 110,111,112 by custom plug-in
Device 100.
Via front-end module 206, strategy and/or resource rule are further conveyed to abstraction module 103.When abstract mould
When block 103 receives at least one strategy and/or resource rule, the abstraction module preferably will whole strategies and/or resource
Rules abstraction (step C) is at unified data model, that is, is converted into unified format.This abstract is beneficial, because
Method and the agreement of its own can be used with limiting policy and/or resource rule in each network management entity 110,111,112.
For example, it may include for the strategy of mobile network and/or resource rule for the frequency range of each application and specific
Bandwidth, and can therefore use IP multimedia subsystem (IP Multimedia Subsystem, IMS) as architecture framework.
Strategy and/or resource rule for fixing (wired) network may include based on digital subscriber line (Digital
Subscriber line, DSL) or optical technology band-width tactics, and therefore can for this point using Metro Ethernet opinion
Altar (Metro Ethernet Forum, MEF).Abstraction module 103 therefore using unified data model with by Different Strategies with/
Or resource regular collection is at unified format.Unified data model preferably stores (step D) in the database 203.
In Fig. 4, when user's registration is to network, preferably at Open Flow interchanger 210 or in standard switchboard
The first frame (step E) of user is received at 211.Interchanger 210,211 can also be exchanged comprising fixed network interchanger, WiFi
Machine, cellular base stations interchanger or the like.First frame can be similarly in user close to the new part of network or close to newly
Network with for roam in the case where be received.
The frame received is sent to SDN controller 120 (step F), and the SDN controller is by using second interface
102 forward the frame to device 100.The logic module 104 of device 100 is then checked for the frame that (step G) is received, thus institute
It states logic module and extracts such as User ID and/or metadata (for example, application type, position and/or device ID) preferably from frame
Information.Optionally, logic module 104 is will be to frame application DPI 204 or another before the inspection of frame or during the inspection of frame
Using.Logic module 104 can also use the header of frame or the information in payload (for example, User ID, MAC Address, IP
Location and/or log-on message etc.) to extract information from frame.
Extracted information is then parsed according to unified data model by logic module 104.Extracted information can also be with
For inquiring (step H) database 203, comprising for user related with frame, optionally for the strategy of specific user action
And/or the unified data model of resource rule.For example, if the user of mobile network attempts to connect to WiFi operator and connects
Access point, then logic module 104 can inquire database 203 for the configuration file of user, the configuration file must include
WiFi roaming, the movement for being otherwise attached to WiFi access point will be rejected.
Logic module 104 then creates (step I) at least one network configuration rule based on the frame received, and outstanding
It is regular according to the strategy and/or resource of the abstract in the unified data model stored in the database 203, more precisely
It says, according to corresponding to, those of extracted information is tactful and/or resource is regular.At least one network configuration rule may include
QoS configuration rule and/or service chaining configuration rule.
At least one network configuration rule sends (step J) using second interface 102 and arrives SDN controller 120, and SDN
Controller 120 for configuring (step K) one or more networks, especially by or based at least one network configuration rule come
Configure associated switch 210,211 and application.
Fig. 5 is shown according to the arrangements described above of device 100 and according to the frame flow of the management of device 100 according to this hair
The method and step of the flow chart of the method for bright one embodiment.Exactly, in step s 50, at least one network management
Entity 110,111,112 is registered to a network, is especially registered to netsurfing service.At least one network management entity 110,
111,112 at least one strategy and/or resource rule are then generated in step s 51, and by least one strategy and/or provide
Source rule is sent to device 100.In step S52, the first frame of user is received at the management interchanger 210,211 of network
And device 100 is forwarded to by SDN controller 120.With that is, device 100 is obtained to correspond to and is received in step S53
At least one strategy and/or resource rule of the user of frame, correspondingly generates at least one network configuration rule, and will at least
One network configuration rule is sent to SDN controller 120.According at least one network configuration rule received, SDN controller
S54 configures (or reconfiguring) network.
In the specific example that arrangements described above and frame flow operate, the strategy for user " XXX " can filled
It sets and is received from management network entity 110 at 100, the management network entity is ldap server.Because of not homologous ray (example
Such as, IMS, LDAP, CEMS etc.) storing data in different formats, so the abstraction module 103 of device 100 now preferably will
The strategy received is converted into unified format, and the strategy is abstracted the unified data model in chemical conversion database 203.Institute
The following unified format of chemical conversion can be for example abstracted by stating strategy:
User XXX, permitted network: R&D, Marketing;BW configuration file: { BW:5Mbps of promise, maximum are exerted
Power 25Mbps }, roaming: allow
Now when user is connected to network, the first frame of user is received at interchanger 210,211 and passes through control
Device processed is sent to device 100.Once user is identified according to transmitted frame, for example, then inquiring system by using LDAP
One data model, and above-mentioned abstract strategy can be obtained from unified data model.The strategy then can be by logic mould
Block 104 is converted into Open Flow or SDN order, preferably includes QoS configuration rule and/or service chain creation rule.It is related
Open Flow or SDN order be subsequently sent to SDN controller 120, the SDN controller can correspondingly match for user
Set network.
To sum up, the present invention is provided for example for the device 100 and method in SDN environment.Device 100 serves as UPM simultaneously
And by multiple and different strategies and/or resource regular collection at unified data model, that is, provide common format.For this purpose, abstract
Change module 103 to abstract the strategy and/or resource rule that receive, and logic module 104 can be based on unified
Data model requests to create after at least one network configuration rule.Strategy and/or resource rule can for each user across
The more different piece of network or heterogeneous networks is unified, especially across being single or even several management domains.Therefore device 100 is
For it is multiple and different strategy and/or resource rule single decanting points, and have network different piece or heterogeneous networks it
Between network configuration and roaming can unify and more efficient way complete benefit.
The different embodiments and embodiment for having been combined as example describe the present invention.However, fields
Technical staff and the people for practicing required invention can understand simultaneously from the research of schema, the present invention and independent claims
And realize other variations.In detail in the claims and in the description, word " comprising " is not excluded for other element or steps, and
Indefinite article " one " is not excluded for multiple.Discrete component or other units can meet several entities described in claims or
The function of project.The simple fact for describing certain measurements in mutually different dependent claims does not indicate that these measurements
Combination can not use in advantageous embodiment.
Claims (15)
1. a kind of for managing the device (100) of the strategy for configuring one or more networks and/or resource, feature exists
In, including
First interface (101), for being connected at least one network management entity (110,111,112),
Second interface (102), for being connected to software defined network SDN controller (120),
Abstraction module (103), for from each network management entity (110,111,112) receive at least one strategy and/or
Resource rule, and for the strategy received and/or resource rules abstraction to be melted into unified data model, wherein institute
It states the strategy received and/or resource rule belongs to different networks, wherein the unified data model is used for Different Strategies
And/or resource regular collection is at unified format;
Logic module (104), for extracting information from the frame received from SDN controller (120) receiving frame,
And the information is parsed according to the unified data model, according to abstract strategy and/or money in the unified data model
Source rule is regular to create at least one network configuration, and described at least one described network configuration rule to be forwarded to
SDN controller (120).
2. the apparatus according to claim 1 (100), it is characterised in that
The logic module (104) is for extracting information from the frame received, for according to the unified data model
Parse the information of the extraction, and for according in the unified data model associated with the information of the extraction
Abstract strategy and/or resource rule are regular to create at least one described network configuration.
3. device (100) according to claim 1 or 2, it is characterised in that
The logic module (104) is used for for extracting at least user identifier ID and/or metadata from the frame received
The ID and/or metadata of the extraction are parsed according to the unified data model, and for according to corresponding to the extraction
Strategy and/or resource rule in the unified data model of User ID and/or metadata create at least one described net
Network configuration rule.
4. device (100) according to claim 1 or 2, it is characterised in that
The logic module (104) includes at least one deep message detection DPI unit (204), and for by using DPI
To check the frame received.
5. device (100) according to claim 1 or 2, it is characterised in that
The abstraction module (103) is used for multiple strategies received of identical network management entity (110,111,112)
And/or resource regular collection is at single Unified Policy and/or resource rule.
6. device (100) according to claim 1 or 2, it is characterised in that
The abstraction module (103) is used for the Data Format Transform of each strategy received and/or resource rule at normal
The data format seen.
7. device (100) according to claim 1 or 2, which is characterized in that it further comprise front-end module (206), configuration
Have multiple plug-in units (205), each plug-in unit (205) is used to interpret the strategy and/or resource rule of at least one conventional form.
8. device (100) according to claim 1 or 2, which is characterized in that further comprise third interface (201) and
Four interfaces (202), for described device (100) to be connected at least one other device for management and/or synchronization policy
And/or resource, it is preferably used for described device (100) together with several other device clusterings for managing and/or same
Step strategy and/or resource.
9. device (100) according to claim 1 or 2, it is characterised in that
The network configuration rule is Open Flow and/or the SDN order for flow creation;Or, the network configuration rule
It is comprising Open Flow and/or the SDN order for flow creation.
10. device (100) according to claim 1 or 2, it is characterised in that
The network configuration rule includes service quality QoS, configuration rule and/or service chaining configuration rule.
11. device (100) according to claim 1 or 2, it is characterised in that
The first interface (101) and/or the second interface (102) are application programming interface API.
12. a kind of method for managing the strategy for configuring one or more networks and/or resource, which is characterized in that packet
Include following steps
From receiving at least one network management entity (110,111,112), (S51) at least one tactful and/or resource is regular,
Wherein, the strategy received and/or resource rule belong to different networks;
The strategy received and/or resource rules abstraction are melted into unified data model, wherein the unified data model
For by Different Strategies and/or resource regular collection at unified format;
(S52) frame is received from software defined network SDN controller (120),
Information is extracted from the frame received, and the information is parsed according to the unified data model, according to
Strategy and/or resource rule are abstracted in unified data model to create at least one network configuration rule, and
At least one network configuration rule forwarding (S53) is arrived into the SDN controller (120).
13. according to the method for claim 12, which is characterized in that creating at least one described network configuration rule includes
Information is extracted from the frame received,
The information of the extraction is parsed according to the unified data model, and
According in the unified data model associated with the information of the extraction abstract strategy and/or resource rule come
Create at least one network configuration rule.
14. method according to claim 12 or 13, which is characterized in that further comprise the steps
The one or more of networks of S54 are configured according at least one described network configuration rule.
15. method according to claim 12 or 13, which is characterized in that including
Receive (S52) network being registered in the network or close to new network with the first frame of the user roamed,
The SDN controller (120) is sent by the frame received, and forwards the frame to logic module (104).
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/EP2014/055302 WO2015139724A1 (en) | 2014-03-17 | 2014-03-17 | Device and method for managing policies and/or resources used for configuring a network |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106068628A CN106068628A (en) | 2016-11-02 |
CN106068628B true CN106068628B (en) | 2019-10-01 |
Family
ID=50424195
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201480077060.1A Active CN106068628B (en) | 2014-03-17 | 2014-03-17 | For managing the device and method for being used for the strategy and/or resource of Configuration network |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN106068628B (en) |
WO (1) | WO2015139724A1 (en) |
Families Citing this family (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10455053B2 (en) * | 2016-05-23 | 2019-10-22 | Citrix Systems, Inc. | Systems and methods for provisioning network automation by logically separating L2-L3 entities from L4-L7 entities using a software defined network (SDN) controller |
WO2018000389A1 (en) * | 2016-06-30 | 2018-01-04 | 华为技术有限公司 | Method and device for managing network slice |
WO2018015792A1 (en) * | 2016-07-22 | 2018-01-25 | Telefonaktiebolaget Lm Ericsson (Publ) | User data isolation in software defined networking (sdn) controller |
CN108270592B (en) * | 2016-12-30 | 2021-05-04 | 中兴通讯股份有限公司 | Network resource configuration control method and device |
CN108471629B (en) * | 2017-02-23 | 2021-04-20 | 华为技术有限公司 | Method, equipment and system for controlling service quality in transmission network |
US10560328B2 (en) * | 2017-04-20 | 2020-02-11 | Cisco Technology, Inc. | Static network policy analysis for networks |
CN109787804B (en) * | 2017-11-15 | 2022-04-26 | 华为技术有限公司 | Method, equipment and system for managing service resources |
CN108737152B (en) * | 2018-03-23 | 2021-10-08 | 全球能源互联网研究院有限公司 | Control equipment supporting multi-protocol power service arrangement |
CN110505190A (en) * | 2018-05-18 | 2019-11-26 | 深信服科技股份有限公司 | Dispositions method, safety equipment, storage medium and the device of differential section |
CN111130826A (en) * | 2018-10-31 | 2020-05-08 | 中兴通讯股份有限公司 | Communication network management method, communication network management device, computer equipment and storage medium |
CN109921940B (en) * | 2019-03-18 | 2021-12-17 | 赛特斯信息科技股份有限公司 | System and method for realizing off-line arrangement processing of network service based on SDWAN scene |
CN111832273A (en) * | 2019-04-10 | 2020-10-27 | 中兴通讯股份有限公司 | Method and device for determining destination message, storage medium and electronic device |
US20230112579A1 (en) * | 2021-10-11 | 2023-04-13 | Hewlett Packard Enterprise Development Lp | Automatic policy engine selection |
CN115913986B (en) * | 2022-10-24 | 2023-11-17 | 航天科工空间工程网络技术发展(杭州)有限公司 | Network management data management method for satellite network equipment |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1241828A1 (en) * | 2001-03-01 | 2002-09-18 | Alcatel | Gateway system and method providing a common generic interface to network management applications |
CN101351015A (en) * | 2002-04-12 | 2009-01-21 | 诺基亚公司 | QoS management for multi-radio access network based on tactic |
CN101364936A (en) * | 2007-08-08 | 2009-02-11 | 中国电信股份有限公司 | Service differentiating and quality control system and method for multiple edge wideband access network |
CN103179530A (en) * | 2011-12-26 | 2013-06-26 | 中国移动通信集团设计院有限公司 | Method and device for intercepting short messages |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2011100932A2 (en) * | 2011-04-14 | 2011-08-25 | 华为技术有限公司 | Linkage strategy implementation method and apparatus, open platform veneer and device |
-
2014
- 2014-03-17 WO PCT/EP2014/055302 patent/WO2015139724A1/en active Application Filing
- 2014-03-17 CN CN201480077060.1A patent/CN106068628B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1241828A1 (en) * | 2001-03-01 | 2002-09-18 | Alcatel | Gateway system and method providing a common generic interface to network management applications |
CN101351015A (en) * | 2002-04-12 | 2009-01-21 | 诺基亚公司 | QoS management for multi-radio access network based on tactic |
CN101364936A (en) * | 2007-08-08 | 2009-02-11 | 中国电信股份有限公司 | Service differentiating and quality control system and method for multiple edge wideband access network |
CN103179530A (en) * | 2011-12-26 | 2013-06-26 | 中国移动通信集团设计院有限公司 | Method and device for intercepting short messages |
Also Published As
Publication number | Publication date |
---|---|
CN106068628A (en) | 2016-11-02 |
WO2015139724A1 (en) | 2015-09-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106068628B (en) | For managing the device and method for being used for the strategy and/or resource of Configuration network | |
US9705815B2 (en) | Graph database for services planning and configuration in network services domain | |
US9124485B2 (en) | Topology aware provisioning in a software-defined networking environment | |
CN104519121B (en) | Session aware services chain in computer network | |
CN104255046B (en) | The method of customized mobile broadband network system and customization mobile broadband network | |
US10200258B2 (en) | Transaction integrity for network services configuration | |
CN105765919B (en) | It is used for transmission and receives the method and system of packet | |
CN103931149B (en) | OpenFlow data and chain of command is utilized to realize 3G block core in cloud computer | |
US9615318B2 (en) | Multiplexing core networks in RAN sharing | |
US9729510B2 (en) | Network consolidation by means of virtualization | |
CN107003985A (en) | The system and method for providing and customizing virtual wireless network are be provided based on service-oriented network | |
CN106953737A (en) | There is provided in computer network using output protocol and apply metadata | |
US11317272B2 (en) | Method and system for enabling broadband roaming services | |
WO2013135156A1 (en) | Distributed deployment and centralized control cable television network broadband access system | |
EP3286879B1 (en) | Network-based policy control for hybrid accesses | |
JP2008538885A (en) | Method for managing service bindings on an access domain and access node | |
US10397791B2 (en) | Method for auto-discovery in networks implementing network slicing | |
KR102174651B1 (en) | Intergrated wire and wireless network packet broker and method for timestamping packet of the same | |
WO2020093994A1 (en) | Bearer side network system, fixed-mobile coexistence and convergence system, and deployment method therefor | |
CN104995882B (en) | Message processing method and device | |
CN107508736B (en) | A kind of Internet framework of multi-service convergence access | |
CN101159599A (en) | Two-layer equipment strategy controlled method | |
CN103891325B (en) | NAI subscribes to ID prompting digital processings | |
Burakowski et al. | Virtualized network infrastructure supporting co-existence of Parallel Internets | |
Kapovits et al. | Advanced topics in service delivery over integrated satellite terrestrial networks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20220209 Address after: 550025 Huawei cloud data center, jiaoxinggong Road, Qianzhong Avenue, Gui'an New District, Guiyang City, Guizhou Province Patentee after: Huawei Cloud Computing Technology Co.,Ltd. Address before: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen Patentee before: HUAWEI TECHNOLOGIES Co.,Ltd. |