CN106068628B - For managing the device and method for being used for the strategy and/or resource of Configuration network - Google Patents

For managing the device and method for being used for the strategy and/or resource of Configuration network Download PDF

Info

Publication number
CN106068628B
CN106068628B CN201480077060.1A CN201480077060A CN106068628B CN 106068628 B CN106068628 B CN 106068628B CN 201480077060 A CN201480077060 A CN 201480077060A CN 106068628 B CN106068628 B CN 106068628B
Authority
CN
China
Prior art keywords
resource
strategy
network
rule
data model
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201480077060.1A
Other languages
Chinese (zh)
Other versions
CN106068628A (en
Inventor
哈依姆·珀拉特
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Cloud Computing Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Publication of CN106068628A publication Critical patent/CN106068628A/en
Application granted granted Critical
Publication of CN106068628B publication Critical patent/CN106068628B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/02Standardisation; Integration
    • H04L41/022Multivendor or multi-standard integration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0893Assignment of logical groups to network elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0895Configuration of virtualised networks or elements, e.g. virtualised network function or OpenFlow elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/34Signalling channels for network management communication
    • H04L41/342Signalling channels for network management communication between virtual entities, e.g. orchestrators, SDN or NFV entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/40Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using virtualisation of network functions or resources, e.g. SDN or NFV entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/02Standardisation; Integration
    • H04L41/0226Mapping or translating multiple network management protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0894Policy-based network configuration management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention proposes the device 100 and method for managing the strategy for configuring one or more networks and/or resource.Described device 100 includes the first interface 101 for described device 100 to be connected to at least one network management entity 110,111,112.Second interface 102 is provided for described device 100 to be connected to SDN controller 120.Described device 100 further includes abstraction module 103, the abstraction module is used to receive at least one strategy and/or resource rule from each network management entity 110,111,112, and for the strategy received and/or resource rules abstraction to be melted into unified data model.Described device 100 also has logic module 104, the logic module is used for from 120 receiving frame of SDN controller, for creating at least one network configuration rule based on the frame received and the unified data model, and at least one described network configuration rule to be forwarded to the SDN controller 120.

Description

For managing the device and method for being used for the strategy and/or resource of Configuration network
Technical field
The present invention relates to the device and method for management strategy and/or resource, the strategy and/or resource can be used for Configure one or more networks.Exactly, the present invention propose Unified Policy manager using as described device, the unified plan Slightly manager can receive the multiple and different strategies and/or money of different-format from the network management entity in one or more networks Source rule, and these strategies and/or resource rules abstraction are melted into common data form.Method of the invention can pass through institute The device of proposition executes.
Background technique
Known different network is (for example, fixed (that is, wired) network, mobile network, wireless network in state of the art Network, IMS network etc.), the network respectively has the tactical management of its own.Exactly, heterogeneous networks use different entities Come management strategy and resource.
For example, cable network usually using broadband network Service Gateway (Broadband Network Gateway, BNG).BNG is the access point of subscriber, and subscriber is connected to broadband network by access point.When in BNG and customer terminal equipment When establishing connection between (Customer Premise Equipment, CPE), subscriber it is accessible by network by network service Provider (Network Service Provider, NSP) or ISP (Internet Service Provider, ISP) provide broadband service.BNG is established and management session of subscriber.Exactly, BNG from access network aggregation Business from multiple session of subscriber, and the business of aggregation is routed to the network of service provider.BNG is usually mentioned by service It is disposed for quotient, and at the first accumulation point being preferably in network, for example, edge router.Edge router itself It can be used for serving as BNG.Because subscriber is then connected directly to edge router, BNG effectively manage subscriber's access and Subscriber management function, for example, the authentication, authorization, accounting of session of subscriber, address distribution, safety, tactical management or Service Quality It measures (Quality of Service, QoS).
As another example, cellular network is usually using strategy and charge execution function (Policy and Charging Enforcement Function, PCEF), "Policy and Charging Rules Function (Policy and Charging Rule Function, PCRF) and tactful and charging control (Policy and Charging Control, PCC).In PCC framework In, PCRF is the central entity generated strategy based on the input from separate sources with charging decisions, and the input includes movement Operator's configuration, user's ordering information, information on services etc..PCC decision is then transmitted to PCEF in the form of PCC rule, The PCC rule includes: server data stream (service data flow, SDF) information, and the information allows the knowledge of IP operation Not;Billing parameter, the billing parameter are used to carry out charging to this business;Or qos parameter, the qos parameter will be applied to SDF The IP operation that filter is identified.PCC rule can also statically configure in PCEF, and then be moved by GX interface by PCRF Refer to state.
PCRF and PCEF is closely related functional entity, and the functional entity includes that policy control decision is formulated and flowed Charging control function.PCRF, which is designed to provide, is related to the network of the flow based charging control of server data stream detection, QoS and PCEF Control.PCEF is substantially business processing and QoS of user's offer in gateway.In addition, PCEF is also responsible for providing service data Stream detection and counting are together with online and offline charging interaction.
As last example, WiFi network is usually using access network discovery and selection function (Access Network Discovery and Selection Function, ANDSF), it is that the system architecture for being compatible with mobile network for 3GPP is drilled Into (System Architecture Evolution, SAE) Evolved Packet Core (Evolved Packet Core, EPC the entity in).The purpose of ANDSF is assisting user equipment (User Equipment, UE) to find non-3 GPP access network Network, for example, WiFi or WIMAX, the non-3GPP access network can be used for except 3GPP access network (for example, HSPA or LTE) Outer data communication, and the rule for monitoring the connection of these networks is provided to UE.
Due to numerous known tactical management entities of heterogeneous networks, service is transferred between these networks and applies right and wrong Often difficult.Exactly, each network management entity can be used its own policy template and its supplier it is specifically real Scheme is applied, this to integrate several network management entities under individually management situation to be very difficult.
Software defined network (Software Defined Network, SDN) and network function virtualize (Network Function Virtualization, NFV) it is to realize the use of virtualization technology so that physical unit to be converted into virtually filling Two new technologies set.It can solve above-described coordination heterogeneous networks management however, only virtualizing numerous physical units not The problem of multiple strategies between entity and/or resource rule.
In enterprise network, it is further known that being referred to as Cisco's business strategy manager (Cisco Enterprise Policy Manager, CEPM) system, and the system be for realizing the management of fine granularity distributed authorization, parsing, execution and examine The enterprise level solution of core.CEPM uses the loose coupling of multi-layer and measured authorization model, and the model is by collecting In and/or distributed policy management point (Policy Administration Point, PAP), high speed concentration and/or distribution Formula policy decision point (Policy Decision Point, PDP) and built in advance or customized optimisation strategy execution point (Policy Enforcement Points, PEP) composition.
However, CEPM framework has a disadvantage in that it is based on multilayer application, this needs heavy with numerous resources And valuableness is integrated, the resource is for example, computer, network connection, management system etc..In addition, though most of strategy execution It is network-oriented (for example, ACL, QoS), but there is no the clear and simple interfaces to network side.In addition, the frame Structure is not particularly suited for integrated with SDN.
It summarizes to disadvantages mentioned above, only the strategy of very limited number and/or resource rule convergence platform are known 's.More seriously, there is no the single devices or method that allow the Unified Policy management in one or more networks.
Summary of the invention
In view of disadvantages described above and problem, the invention is intended to improve state of the art.Exactly, of the invention The device and method that target is to provide a kind of offer Unified Policy management.The present invention is specifically intended for at least portion across network Divide or cross over the strategy of multiple networks and/or the unification of resource.The present invention has following target as a result: making the difference in network Network configuration and roaming between part or between the different networks is simpler and more efficient.
Above-mentioned purpose of the invention is realized by the scheme provided in accompanying independent claim item.In corresponding appurtenance Benefit further defines advantageous embodiment of the invention in requiring.Exactly, according to the device advocated and advocated Method realizes the Unified Policy management for being used for multiple networks.
In the first aspect, the present invention provides a kind of physics or virtual device for management strategy and/or resource, institute Strategy and/or resource are stated for configuring one or more networks, described device includes: first interface, for being connected at least one A network management entity;Second interface, for being connected to software defined network (software defined network, SDN) Entity, for example, SDN controller;Abstraction module, for receiving at least one strategy and/or money from each network management entity Source rule, and for the strategy received and/or resource rules abstraction to be melted into unified data model;Logic module is used for From SDN controller receiving frame, for creating at least one network configuration rule based on the frame and unified data model that receive, And at least one network configuration rule to be forwarded to SDN controller.
Therefore device according to the first aspect of the invention serves as Unified Policy manager.Described device especially serves as strategy Converge platform.Preferably, described device is SDN application.Described device can will be received from one or more network management entities To all strategy and/or resources be unified into unified data model.This allows specially across single management domain (for example, single carry Body or single network), or even crossing over several management domains (for example, several carriers or network) is each user (that is, every user) Unified Policy and/or resource rule.Unified data model is stored preferably in local data base.Optionally, user information Storage is in the database.Database can be inside or outside the device of first aspect.First and second interfaces can be corresponding Ground is north orientation and south orientation application programming interface (application programming interface, API).
The device of first aspect may be implemented for the single of strategy in one or more networks and/or resource rule Decanting point.By using the device of first aspect, the different piece of network internetwork roaming or between the different networks roaming can With the unified and more efficient way execution compared with state of the art.Exactly, available faster processing is roamed simultaneously And there is less administrative burden.In addition, the device of first aspect allows to construct better simply strategy and/or resource management frame Structure, the framework exactly include less element, therefore are cheaper and have more preferable compared with state of the art Network efficiency.For example, providing the single DPI in the device of first aspect can be used for across one or more networks Whole users, to increase network efficiency.For example, when using the device of first aspect, it is possible to which unloading is simple to be turned The frame processing of element is sent out, so as to simplified strategy and/or resource management architecture.
In the first form of implementation according to the device of first aspect, logic module is used to extract letter from the frame received Breath, for parsing extracted information according to unified data model, and for according to associated with extracted information Unified data model in abstract strategy and/or resource rule come create at least one network configuration rule.
When extracting information, the information in the header or payload of frame is can be used in device.For example, device can be with Use MAC Address, IP address or the log-on message being contained in frame.Extracted information can for example be used to inquire to be directed to and be used for The unified data model of this user (that is, the user for sending frame) and the strategy optionally for dedicated movement.For example, If mobile subscriber attempts to connect to WiFi operator access point (access point, AP), then in unified data model User profile must be roamed comprising WiFi, otherwise will be rejected to the access of WiFi network.The device of first aspect One or a set of network configuration rule can be efficiently created, can efficiently be matched by the one or more networks of the rule It sets for each user.
In the second form of implementation according to first aspect thus or the device according to the first form of implementation of first aspect In, logic module from the frame received for extracting at least user identifier ID and/or metadata, for according to uniform data mould Type parses extracted ID and/or metadata, and for according to the system for corresponding to extracted User ID and/or metadata Strategy and/or resource rule in one data model is regular to create at least one network configuration.
Metadata may include application type, position and/or device ID.User ID and/or metadata can equally pass through It is extracted using the information in the header of the frame received and/or payload.By extracting User ID and/or metadata, net Network can be configured for specific user in an efficient manner.
Implement according to first aspect thus or according to the third of the device of any previous form of implementation of first aspect In form, logic module includes at least one deep message detection (deep packet inspection, DPI) unit, and For checking the frame received by using DPI.
For only needing provide single DPI across whole users of one or more networks so that it is one or Multiple networks are more efficient.
Implement according to first aspect thus or according to the 4th of the device of any previous form of implementation of first aspect the In form, abstraction module be used for by multiple strategies received of identical network management entity and/or resource regular collection at Single Unified Policy and/or resource rule.
Therefore, strategy and/or resource management can be generally simplified.It is also possible that by multiple strategies and/or money Source rule, for example, the strategy of two or more heterogeneous networks management entities and/or resource rule, be gathered into Unified Policy and/ Or resource rule.
Implement according to first aspect thus or according to the 5th of the device of any previous form of implementation of first aspect the In form, abstraction module is used for the Data Format Transform of each strategy received and/or resource rule into common number According to format.
Thus the strategy of network and/or resource management be simplified, and can also be proposed by first aspect Device more efficiently and performs faster.
Implement according to first aspect thus or according to the 6th of the device of any previous form of implementation of first aspect the In form, described device further comprises the front-end module configured with multiple plug-in units, and each plug-in unit is for interpreting at least one biography The strategy and/or resource rule of system format.
Due to front-end module, it is formed such that the external module with existing legacy interface is connectable to the institute of first aspect The infrastructure of the device of proposition.Preferably for non-traditional interface, it is additionally present of the local being provided in front-end module and inserts Part.By the different plug-in units of front-end module so that device is more flexible, especially because described device can with it is new and traditional The network management entity of type works together.
Implement according to first aspect thus or according to the 7th of the device of any previous form of implementation of first aspect the In form, described device further comprises third interface and the 4th interface, for device to be connected at least one other device To be preferably used for described device together with several other device clusterings for management and/or synchronization policy and/or resource For management and/or synchronization policy and/or resource.
Third and fourth interface can be correspondingly east orientation and/or west to API.By by numerous proposed device clusterings Together, the strategy that can make one or more networks and resource management are faster.Further, it enables strategy and/or resource management frame Structure is scalable.Multiple devices can cluster be together in single management domain or in several management domains.
Implement according to first aspect thus or according to the 8th of the device of any previous form of implementation of first aspect the In form, network configuration rule is for Open Flow and/or the SDN order of flow creation or comprising creating for flow Open Flow and/or SDN order.
Otherwise related command can be sent to SDN controller and also from device accordingly by first interface and second interface So.According to transmitted order, SDN controller can be with Configuration network.Exactly, SDN controller can configure related exchange Machine (for example, Open Flow interchanger, standard switchboard etc.) and/or related application are (for example, SDN application, such as firewall (firewall, FW), wide area network (wide area network, WAN) optimal controller (WAN optimization Controller, WOC), deep message detection (DPI), network address translation (network address translation, NAT), application delivery controller (application delivery controller, ADC) or the like).
Implement according to first aspect thus or according to the 9th of the device of any previous form of implementation of first aspect the In form, network configuration rule includes that service quality (Quality of Service, QoS) configuration rule and/or service chaining are matched Set rule.
Implement according to first aspect thus or according to the tenth of the device of any previous form of implementation of first aspect the In form, first interface and/or second interface are application programming interface, API.
The present invention provides a kind of for management strategy and/or the method for resource in second aspect, the strategy and/or money Source the described method comprises the following steps for configuring one or more networks: received from least one network management entity to A few strategy and/or resource rule;The strategy received and/or resource rules abstraction are melted into unified data model;From soft Part defines receiving frame in network (software defined network, SDN) controller;Based on the frame received and unified number According to model creation at least one network configuration rule, and at least one network configuration rule is forwarded to SDN controller.
By the method for second aspect, whole advantages of the device of first aspect referred to above equally may be implemented. Exactly, the unification of the strategy received and/or resource rule is realized.It therefore, can be compared with state of the art more Efficient mode completes the configuration of one or more networks and the roaming especially between heterogeneous networks part or network.
In the first form of implementation according to the method for second aspect, the creation of at least one network configuration rule includes: Information is extracted from the frame received;Extracted information is parsed according to unified data model;And according to extracted The associated unified data model of information in abstract strategy and/or resource rule come create at least one network configuration rule Then.
In the second form of implementation according to second aspect thus or the method according to the first form of implementation of second aspect In, the method further includes according at least one network configuration rule come the step of configuring one or more networks.
Implement according to second aspect thus or according to the third of the method for any previous form of implementation of second aspect In form, which comprises receive a network being registered in network or close to new network with the user's that is roamed First frame;SDN controller is sent by the frame received;And forward the frame to logic module.
Implement according to second aspect thus or according to the 4th of the method for any previous form of implementation of second aspect the In form, the method further includes: at least user identifier ID and/or metadata are extracted from the frame received;According to system One data model parses extracted ID and/or metadata, and according to corresponding to extracted User ID and/or metadata Unified data model in strategy and/or resource rule come create at least one network configuration rule.
Implement according to second aspect thus or according to the 5th of the method for any previous form of implementation of second aspect the In form, the method further includes the frame received is checked by using DPI.
In the 6th form according to second aspect thus or the method according to any previous form of implementation of second aspect In, the method further includes by multiple strategies received of identical network management entity and/or resource regular collection at Single Unified Policy and/or resource rule.
Implement according to second aspect thus or according to the 7th of the method for any previous form of implementation of second aspect the In form, the method further includes: by the Data Format Transform of each strategy received and/or resource rule at common Data format.
Implement according to second aspect thus or according to the 8th of the method for any previous form of implementation of second aspect the In form, the method further includes: interpret the strategy and/or resource rule of at least one conventional form.
Implement according to second aspect thus or according to the 9th of the method for any previous form of implementation of second aspect the In form, network configuration rule is for Open Flow and/or the SDN order of flow creation or comprising creating for flow Open Flow and/or SDN order.
Implement according to second aspect thus or according to the tenth of the method for any previous form of implementation of second aspect the In form, network configuration rule includes that service quality (Quality of Service, QoS) configuration rule and/or service chaining are matched Set rule.
The corresponding reality for being directed to the device according to first aspect is realized according to the above-mentioned form of implementation of the method for second aspect Apply the corresponding effect and advantage of form description.
It must further be noted that the whole devices, cell and the component that describe in this application can be in softwares or hard Implement in part element or its any kind of combination.By each entity described in present application execute all steps with And it is described as the functionality executed by each entity meaning that corresponding entity is used to execute corresponding steps and functionality.Following To in the description of specific embodiment, even if the exact functionality or step that are executed as general entity are not reflected in described in execution In the description of specific steps or the specific detailed elements of functional entity, those skilled in the art also should be clear Chu, these methods and functionality can be implemented with corresponding software or hardware element or its any kind of combination.
Detailed description of the invention
Fig. 1 shows the device according to an embodiment of the invention for management strategy and/or resource, wherein the dress Set that be integrated into further comprise in the network of network management entity and SDN controller.
Fig. 2 shows the devices according to an embodiment of the invention for management strategy and/or resource, wherein the dress Set that be integrated into further comprise in the network of network management entity, SDN controller and respective switch.
Fig. 3 shows the device according to an embodiment of the invention for management strategy and/or resource, wherein the dress Set that be integrated into further comprise in the network of network management entity, SDN controller and respective switch.
Fig. 4 shows the device according to an embodiment of the invention for management strategy and/or resource, wherein the dress Set that be integrated into further comprise in the network of network management entity, SDN controller and respective switch.
Fig. 5 is the flow chart for showing the method and step of method according to an embodiment of the invention.
Specific embodiment
Fig. 1 shows network, and it includes the dresses according to an embodiment of the invention for management strategy and/or resource 100 are set, wherein strategy and/or resource can be used for Configuration network.It is furthermore possible that providing device 100 for managing in network It is more than the strategy an of management domain and/or the strategy and/or resource of resource or even more than one network.That is, another Outside, the strategy and/or resource managed can be used for configuring more than one network.Device 100 is referred to alternatively as Unified Policy management Device (unified policy manager, UPM).The network of Fig. 1 further includes network management entity 110,111,112, makees Entity 110, application for Lightweight Directory Access Protocol (Lightweight Directory Access Protocol, LDAP) The particular instance of program policy entity 111 and Network Management System (Network Management System, NMS) 112.Net Network management entity 110,111,112 is also possible to other business and operational administrative entity.
Device 100 includes first interface 101, and the first interface is for being connected to network management entity 110,111,112 At least one of, it is preferred that being connected to the whole in network management entity 110,111,112.Preferably, first interface 101 are or including at least one north orientation API, for device 100 to be connected to network management entity 110,111,112.At least One API can be installed as module as needed.
Device 100 includes second interface 102, and the second interface is used to be connected to the SDN entity such as SDN controller 120. Preferably, second interface 102 is or is used for including at least one south orientation API, the south orientation API correspondingly from SDN controller 120 It sends configuring request and/or network configuration rule and sends SDN controller 120 for configuring request and/or network configuration rule. Network configuration rule can be used to Configuration network (or alternatively configuring more than one network) by SDN controller 120.
Device 100 also includes abstraction module 103, and the abstraction module is used to pass through first interface 101 from each net At least one strategy and/or resource rule are received in network management entity 110,111,112, and by the strategy received and/or Resource rules abstraction is melted into unified data model.Abstraction module 103 is preferably unified layer, and the layer will come from north orientation Whole strategies and/or resource rules abstraction of API are melted into common unified data model.Preferably, abstraction module 103 by This is used for by identical network management entity 110,111,112 or even from more than one network management entity 110,111,112 Multiple strategies received and/or resource regular collection to single Unified Policy and/or resource rule in.Abstraction module 103 can be also used for the Data Format Transform of each strategy received and/or resource rule into common data format.
Device 100 further includes logic module 104, and the logic module is for receiving from SDN controller 120 Frame, for creating at least one network configuration rule based on the frame received and based on unified data model, and being used for will At least one network configuration rule is forwarded to SDN controller 120.Logic module 104 can be for example real by controller or processor It applies.Logic module 104 can be according to from customer data base, network and/or optionally from deep message detection (deep packet Inspection, DPI) the received information of engine parses the whole strategies and/or resource rule in unified data model, and And design needs to provide network of relation configuration rule in a network.Exactly, logic module 104 is used for from the frame received Middle extraction information, the frame received is for example, User ID and/or metadata.In addition, logic module 104 is also used to according to system One data model parses extracted information, that is, for example extracted User ID and/or extracted metadata, and use It is advised in creating at least one network configuration according to the strategy and/or resource rule that abstract those of in unified data model Then, the strategy of the abstract and/or resource rule are associated with extracted information, that is, for example, corresponding to extracted use Family ID and/or metadata.
Fig. 2 shows devices 100 according to another embodiment of the present invention.Embodiment shown in Fig. 2 reflects the first of Fig. 1 The optional and more detailed embodiment of embodiment.Exactly, embodiment shown in Fig. 2 also includes shown in Fig. 1 First interface 101, second interface 102, abstraction module 103 and the logic module 104 of embodiment.
In Fig. 2, the exemplary network management entity 110,112,111 of network is respectively used for authentication, authorization, accounting (Authentication, Authorization and Accounting, AAA), service management and PCC.SDN control in network Device 120 processed is connected to several interchangers 210,211, and the interchanger can be for example including at least one Open Flow interchanger 210 and/or at least one standard switchboard 211.
First interface 101 is north orientation API, and the north orientation API may include application and/or interface, for example, common object is asked Ask the application of proxy construction (Common Object Request Broker Architecture, CORBA) north orientation, simple object Access protocol (Simple Object Access Protocol, SOAP), dial user's remote authentication service (Remote Authentication Dial in User Service, RADIUS), Simple Network Management Protocol (Simple Network Management Protocol, SNMP) or representative state transfer (Representational State Transfer, REST).Second interface 102 is SDN API.
Logic module 104 preferably includes one or more application, for example, DPI 204, AAA, QoS or routing.Logic mould Block 104 can make these that should act on it by the received frame of second interface 102.For example, logic module 104 is preferably used In checking the frame received by using 204 engine of DPI.Logic module 104 further preferably can be in database 203 Middle storage unified data model.Database 203 can be inside or outside device 100.Database 203 can store whole systems One strategy and/or resource rule, and user information optionally can be also stored, for example, the information of selected user or complete The information of portion user.
The device 100 of Fig. 2 further includes front-end module 206, and the front-end module can for example be embodied as pluggable plan Slightly front end.Front-end module 206 be to realize the external module of the existing interface with conventional measures utensil to device 100 company The infrastructure connect.For this purpose, front-end module 206 is preferably configured with multiple plug-in units 205, wherein each plug-in unit 205 is used for Interpret the strategy and/or resource rule of at least one conventional form.Plug-in unit 205 may include PCRF plug-in unit, BNG plug-in unit or ASDNF plug-in unit.For unconventional support, there is preferably local plug-in units.
Device 100 shown in Fig. 2 further includes third interface 201 and/or the 4th interface 202.These are additional to connect Mouthfuls 201 and 202 for being connected at least one other device (for example, another device 100) for device 100, with for manage and/ Or synchronization policy and/or resource, preferably device 100 is used to manage together with several other device clusterings and/or same Step strategy and/or resource.Preferably, third interface 201 and/or the 4th interface 202 are east orientation and/or west to API, they be If the communication channel under single management domain or several management domains by 100 cluster of equipment for drying together.
Fig. 3 and 4 correspondingly illustrates the operating mode of the device 100 presented in Fig. 2.Exactly, Fig. 3 is related in Fig. 2 Shown in device 100 configuration, and Fig. 4 be related to by device 100 shown in Fig. 2 manage frame flow.
In Fig. 3, network management entity 110,111,112 is each user configuration (step A) strategy and/or resource first Rule optionally crosses over different architecture frameworks.Strategy and/or resource rule then convey (step B) by first interface 101 and arrive Device 100, and preferably conveyed by using front-end module 206.It is therefore preferred to using conventional inserts or locally slotting Part.Preferably, its resource and/or policing rule are transported to by each network management entity 110,111,112 by custom plug-in Device 100.
Via front-end module 206, strategy and/or resource rule are further conveyed to abstraction module 103.When abstract mould When block 103 receives at least one strategy and/or resource rule, the abstraction module preferably will whole strategies and/or resource Rules abstraction (step C) is at unified data model, that is, is converted into unified format.This abstract is beneficial, because Method and the agreement of its own can be used with limiting policy and/or resource rule in each network management entity 110,111,112. For example, it may include for the strategy of mobile network and/or resource rule for the frequency range of each application and specific Bandwidth, and can therefore use IP multimedia subsystem (IP Multimedia Subsystem, IMS) as architecture framework. Strategy and/or resource rule for fixing (wired) network may include based on digital subscriber line (Digital Subscriber line, DSL) or optical technology band-width tactics, and therefore can for this point using Metro Ethernet opinion Altar (Metro Ethernet Forum, MEF).Abstraction module 103 therefore using unified data model with by Different Strategies with/ Or resource regular collection is at unified format.Unified data model preferably stores (step D) in the database 203.
In Fig. 4, when user's registration is to network, preferably at Open Flow interchanger 210 or in standard switchboard The first frame (step E) of user is received at 211.Interchanger 210,211 can also be exchanged comprising fixed network interchanger, WiFi Machine, cellular base stations interchanger or the like.First frame can be similarly in user close to the new part of network or close to newly Network with for roam in the case where be received.
The frame received is sent to SDN controller 120 (step F), and the SDN controller is by using second interface 102 forward the frame to device 100.The logic module 104 of device 100 is then checked for the frame that (step G) is received, thus institute It states logic module and extracts such as User ID and/or metadata (for example, application type, position and/or device ID) preferably from frame Information.Optionally, logic module 104 is will be to frame application DPI 204 or another before the inspection of frame or during the inspection of frame Using.Logic module 104 can also use the header of frame or the information in payload (for example, User ID, MAC Address, IP Location and/or log-on message etc.) to extract information from frame.
Extracted information is then parsed according to unified data model by logic module 104.Extracted information can also be with For inquiring (step H) database 203, comprising for user related with frame, optionally for the strategy of specific user action And/or the unified data model of resource rule.For example, if the user of mobile network attempts to connect to WiFi operator and connects Access point, then logic module 104 can inquire database 203 for the configuration file of user, the configuration file must include WiFi roaming, the movement for being otherwise attached to WiFi access point will be rejected.
Logic module 104 then creates (step I) at least one network configuration rule based on the frame received, and outstanding It is regular according to the strategy and/or resource of the abstract in the unified data model stored in the database 203, more precisely It says, according to corresponding to, those of extracted information is tactful and/or resource is regular.At least one network configuration rule may include QoS configuration rule and/or service chaining configuration rule.
At least one network configuration rule sends (step J) using second interface 102 and arrives SDN controller 120, and SDN Controller 120 for configuring (step K) one or more networks, especially by or based at least one network configuration rule come Configure associated switch 210,211 and application.
Fig. 5 is shown according to the arrangements described above of device 100 and according to the frame flow of the management of device 100 according to this hair The method and step of the flow chart of the method for bright one embodiment.Exactly, in step s 50, at least one network management Entity 110,111,112 is registered to a network, is especially registered to netsurfing service.At least one network management entity 110, 111,112 at least one strategy and/or resource rule are then generated in step s 51, and by least one strategy and/or provide Source rule is sent to device 100.In step S52, the first frame of user is received at the management interchanger 210,211 of network And device 100 is forwarded to by SDN controller 120.With that is, device 100 is obtained to correspond to and is received in step S53 At least one strategy and/or resource rule of the user of frame, correspondingly generates at least one network configuration rule, and will at least One network configuration rule is sent to SDN controller 120.According at least one network configuration rule received, SDN controller S54 configures (or reconfiguring) network.
In the specific example that arrangements described above and frame flow operate, the strategy for user " XXX " can filled It sets and is received from management network entity 110 at 100, the management network entity is ldap server.Because of not homologous ray (example Such as, IMS, LDAP, CEMS etc.) storing data in different formats, so the abstraction module 103 of device 100 now preferably will The strategy received is converted into unified format, and the strategy is abstracted the unified data model in chemical conversion database 203.Institute The following unified format of chemical conversion can be for example abstracted by stating strategy:
User XXX, permitted network: R&D, Marketing;BW configuration file: { BW:5Mbps of promise, maximum are exerted Power 25Mbps }, roaming: allow
Now when user is connected to network, the first frame of user is received at interchanger 210,211 and passes through control Device processed is sent to device 100.Once user is identified according to transmitted frame, for example, then inquiring system by using LDAP One data model, and above-mentioned abstract strategy can be obtained from unified data model.The strategy then can be by logic mould Block 104 is converted into Open Flow or SDN order, preferably includes QoS configuration rule and/or service chain creation rule.It is related Open Flow or SDN order be subsequently sent to SDN controller 120, the SDN controller can correspondingly match for user Set network.
To sum up, the present invention is provided for example for the device 100 and method in SDN environment.Device 100 serves as UPM simultaneously And by multiple and different strategies and/or resource regular collection at unified data model, that is, provide common format.For this purpose, abstract Change module 103 to abstract the strategy and/or resource rule that receive, and logic module 104 can be based on unified Data model requests to create after at least one network configuration rule.Strategy and/or resource rule can for each user across The more different piece of network or heterogeneous networks is unified, especially across being single or even several management domains.Therefore device 100 is For it is multiple and different strategy and/or resource rule single decanting points, and have network different piece or heterogeneous networks it Between network configuration and roaming can unify and more efficient way complete benefit.
The different embodiments and embodiment for having been combined as example describe the present invention.However, fields Technical staff and the people for practicing required invention can understand simultaneously from the research of schema, the present invention and independent claims And realize other variations.In detail in the claims and in the description, word " comprising " is not excluded for other element or steps, and Indefinite article " one " is not excluded for multiple.Discrete component or other units can meet several entities described in claims or The function of project.The simple fact for describing certain measurements in mutually different dependent claims does not indicate that these measurements Combination can not use in advantageous embodiment.

Claims (15)

1. a kind of for managing the device (100) of the strategy for configuring one or more networks and/or resource, feature exists In, including
First interface (101), for being connected at least one network management entity (110,111,112),
Second interface (102), for being connected to software defined network SDN controller (120),
Abstraction module (103), for from each network management entity (110,111,112) receive at least one strategy and/or Resource rule, and for the strategy received and/or resource rules abstraction to be melted into unified data model, wherein institute It states the strategy received and/or resource rule belongs to different networks, wherein the unified data model is used for Different Strategies And/or resource regular collection is at unified format;
Logic module (104), for extracting information from the frame received from SDN controller (120) receiving frame, And the information is parsed according to the unified data model, according to abstract strategy and/or money in the unified data model Source rule is regular to create at least one network configuration, and described at least one described network configuration rule to be forwarded to SDN controller (120).
2. the apparatus according to claim 1 (100), it is characterised in that
The logic module (104) is for extracting information from the frame received, for according to the unified data model Parse the information of the extraction, and for according in the unified data model associated with the information of the extraction Abstract strategy and/or resource rule are regular to create at least one described network configuration.
3. device (100) according to claim 1 or 2, it is characterised in that
The logic module (104) is used for for extracting at least user identifier ID and/or metadata from the frame received The ID and/or metadata of the extraction are parsed according to the unified data model, and for according to corresponding to the extraction Strategy and/or resource rule in the unified data model of User ID and/or metadata create at least one described net Network configuration rule.
4. device (100) according to claim 1 or 2, it is characterised in that
The logic module (104) includes at least one deep message detection DPI unit (204), and for by using DPI To check the frame received.
5. device (100) according to claim 1 or 2, it is characterised in that
The abstraction module (103) is used for multiple strategies received of identical network management entity (110,111,112) And/or resource regular collection is at single Unified Policy and/or resource rule.
6. device (100) according to claim 1 or 2, it is characterised in that
The abstraction module (103) is used for the Data Format Transform of each strategy received and/or resource rule at normal The data format seen.
7. device (100) according to claim 1 or 2, which is characterized in that it further comprise front-end module (206), configuration Have multiple plug-in units (205), each plug-in unit (205) is used to interpret the strategy and/or resource rule of at least one conventional form.
8. device (100) according to claim 1 or 2, which is characterized in that further comprise third interface (201) and Four interfaces (202), for described device (100) to be connected at least one other device for management and/or synchronization policy And/or resource, it is preferably used for described device (100) together with several other device clusterings for managing and/or same Step strategy and/or resource.
9. device (100) according to claim 1 or 2, it is characterised in that
The network configuration rule is Open Flow and/or the SDN order for flow creation;Or, the network configuration rule It is comprising Open Flow and/or the SDN order for flow creation.
10. device (100) according to claim 1 or 2, it is characterised in that
The network configuration rule includes service quality QoS, configuration rule and/or service chaining configuration rule.
11. device (100) according to claim 1 or 2, it is characterised in that
The first interface (101) and/or the second interface (102) are application programming interface API.
12. a kind of method for managing the strategy for configuring one or more networks and/or resource, which is characterized in that packet Include following steps
From receiving at least one network management entity (110,111,112), (S51) at least one tactful and/or resource is regular, Wherein, the strategy received and/or resource rule belong to different networks;
The strategy received and/or resource rules abstraction are melted into unified data model, wherein the unified data model For by Different Strategies and/or resource regular collection at unified format;
(S52) frame is received from software defined network SDN controller (120),
Information is extracted from the frame received, and the information is parsed according to the unified data model, according to Strategy and/or resource rule are abstracted in unified data model to create at least one network configuration rule, and
At least one network configuration rule forwarding (S53) is arrived into the SDN controller (120).
13. according to the method for claim 12, which is characterized in that creating at least one described network configuration rule includes
Information is extracted from the frame received,
The information of the extraction is parsed according to the unified data model, and
According in the unified data model associated with the information of the extraction abstract strategy and/or resource rule come Create at least one network configuration rule.
14. method according to claim 12 or 13, which is characterized in that further comprise the steps
The one or more of networks of S54 are configured according at least one described network configuration rule.
15. method according to claim 12 or 13, which is characterized in that including
Receive (S52) network being registered in the network or close to new network with the first frame of the user roamed,
The SDN controller (120) is sent by the frame received, and forwards the frame to logic module (104).
CN201480077060.1A 2014-03-17 2014-03-17 For managing the device and method for being used for the strategy and/or resource of Configuration network Active CN106068628B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2014/055302 WO2015139724A1 (en) 2014-03-17 2014-03-17 Device and method for managing policies and/or resources used for configuring a network

Publications (2)

Publication Number Publication Date
CN106068628A CN106068628A (en) 2016-11-02
CN106068628B true CN106068628B (en) 2019-10-01

Family

ID=50424195

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201480077060.1A Active CN106068628B (en) 2014-03-17 2014-03-17 For managing the device and method for being used for the strategy and/or resource of Configuration network

Country Status (2)

Country Link
CN (1) CN106068628B (en)
WO (1) WO2015139724A1 (en)

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10455053B2 (en) * 2016-05-23 2019-10-22 Citrix Systems, Inc. Systems and methods for provisioning network automation by logically separating L2-L3 entities from L4-L7 entities using a software defined network (SDN) controller
WO2018000389A1 (en) * 2016-06-30 2018-01-04 华为技术有限公司 Method and device for managing network slice
WO2018015792A1 (en) * 2016-07-22 2018-01-25 Telefonaktiebolaget Lm Ericsson (Publ) User data isolation in software defined networking (sdn) controller
CN108270592B (en) * 2016-12-30 2021-05-04 中兴通讯股份有限公司 Network resource configuration control method and device
CN108471629B (en) * 2017-02-23 2021-04-20 华为技术有限公司 Method, equipment and system for controlling service quality in transmission network
US10560328B2 (en) * 2017-04-20 2020-02-11 Cisco Technology, Inc. Static network policy analysis for networks
CN109787804B (en) * 2017-11-15 2022-04-26 华为技术有限公司 Method, equipment and system for managing service resources
CN108737152B (en) * 2018-03-23 2021-10-08 全球能源互联网研究院有限公司 Control equipment supporting multi-protocol power service arrangement
CN110505190A (en) * 2018-05-18 2019-11-26 深信服科技股份有限公司 Dispositions method, safety equipment, storage medium and the device of differential section
CN111130826A (en) * 2018-10-31 2020-05-08 中兴通讯股份有限公司 Communication network management method, communication network management device, computer equipment and storage medium
CN109921940B (en) * 2019-03-18 2021-12-17 赛特斯信息科技股份有限公司 System and method for realizing off-line arrangement processing of network service based on SDWAN scene
CN111832273A (en) * 2019-04-10 2020-10-27 中兴通讯股份有限公司 Method and device for determining destination message, storage medium and electronic device
US20230112579A1 (en) * 2021-10-11 2023-04-13 Hewlett Packard Enterprise Development Lp Automatic policy engine selection
CN115913986B (en) * 2022-10-24 2023-11-17 航天科工空间工程网络技术发展(杭州)有限公司 Network management data management method for satellite network equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1241828A1 (en) * 2001-03-01 2002-09-18 Alcatel Gateway system and method providing a common generic interface to network management applications
CN101351015A (en) * 2002-04-12 2009-01-21 诺基亚公司 QoS management for multi-radio access network based on tactic
CN101364936A (en) * 2007-08-08 2009-02-11 中国电信股份有限公司 Service differentiating and quality control system and method for multiple edge wideband access network
CN103179530A (en) * 2011-12-26 2013-06-26 中国移动通信集团设计院有限公司 Method and device for intercepting short messages

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011100932A2 (en) * 2011-04-14 2011-08-25 华为技术有限公司 Linkage strategy implementation method and apparatus, open platform veneer and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1241828A1 (en) * 2001-03-01 2002-09-18 Alcatel Gateway system and method providing a common generic interface to network management applications
CN101351015A (en) * 2002-04-12 2009-01-21 诺基亚公司 QoS management for multi-radio access network based on tactic
CN101364936A (en) * 2007-08-08 2009-02-11 中国电信股份有限公司 Service differentiating and quality control system and method for multiple edge wideband access network
CN103179530A (en) * 2011-12-26 2013-06-26 中国移动通信集团设计院有限公司 Method and device for intercepting short messages

Also Published As

Publication number Publication date
CN106068628A (en) 2016-11-02
WO2015139724A1 (en) 2015-09-24

Similar Documents

Publication Publication Date Title
CN106068628B (en) For managing the device and method for being used for the strategy and/or resource of Configuration network
US9705815B2 (en) Graph database for services planning and configuration in network services domain
US9124485B2 (en) Topology aware provisioning in a software-defined networking environment
CN104519121B (en) Session aware services chain in computer network
CN104255046B (en) The method of customized mobile broadband network system and customization mobile broadband network
US10200258B2 (en) Transaction integrity for network services configuration
CN105765919B (en) It is used for transmission and receives the method and system of packet
CN103931149B (en) OpenFlow data and chain of command is utilized to realize 3G block core in cloud computer
US9615318B2 (en) Multiplexing core networks in RAN sharing
US9729510B2 (en) Network consolidation by means of virtualization
CN107003985A (en) The system and method for providing and customizing virtual wireless network are be provided based on service-oriented network
CN106953737A (en) There is provided in computer network using output protocol and apply metadata
US11317272B2 (en) Method and system for enabling broadband roaming services
WO2013135156A1 (en) Distributed deployment and centralized control cable television network broadband access system
EP3286879B1 (en) Network-based policy control for hybrid accesses
JP2008538885A (en) Method for managing service bindings on an access domain and access node
US10397791B2 (en) Method for auto-discovery in networks implementing network slicing
KR102174651B1 (en) Intergrated wire and wireless network packet broker and method for timestamping packet of the same
WO2020093994A1 (en) Bearer side network system, fixed-mobile coexistence and convergence system, and deployment method therefor
CN104995882B (en) Message processing method and device
CN107508736B (en) A kind of Internet framework of multi-service convergence access
CN101159599A (en) Two-layer equipment strategy controlled method
CN103891325B (en) NAI subscribes to ID prompting digital processings
Burakowski et al. Virtualized network infrastructure supporting co-existence of Parallel Internets
Kapovits et al. Advanced topics in service delivery over integrated satellite terrestrial networks

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20220209

Address after: 550025 Huawei cloud data center, jiaoxinggong Road, Qianzhong Avenue, Gui'an New District, Guiyang City, Guizhou Province

Patentee after: Huawei Cloud Computing Technology Co.,Ltd.

Address before: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen

Patentee before: HUAWEI TECHNOLOGIES Co.,Ltd.