CN106301861A - Collision detection method, device and controller - Google Patents

Collision detection method, device and controller Download PDF

Info

Publication number
CN106301861A
CN106301861A CN201510313546.7A CN201510313546A CN106301861A CN 106301861 A CN106301861 A CN 106301861A CN 201510313546 A CN201510313546 A CN 201510313546A CN 106301861 A CN106301861 A CN 106301861A
Authority
CN
China
Prior art keywords
strategy
time
service
guard time
guard
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510313546.7A
Other languages
Chinese (zh)
Other versions
CN106301861B (en
Inventor
黄旗明
周靖
于魁飞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Zhigu Ruituo Technology Services Co Ltd
Original Assignee
Beijing Zhigu Ruituo Technology Services Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Zhigu Ruituo Technology Services Co Ltd filed Critical Beijing Zhigu Ruituo Technology Services Co Ltd
Priority to CN201510313546.7A priority Critical patent/CN106301861B/en
Publication of CN106301861A publication Critical patent/CN106301861A/en
Application granted granted Critical
Publication of CN106301861B publication Critical patent/CN106301861B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0893Assignment of logical groups to network elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0805Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
    • H04L43/0817Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking functioning

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Environmental & Geological Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the present application provides a kind of collision detection method, device and controller.Method includes: according at least to the first service time of one first strategy; determine that the first guard time of described first strategy, described first guard time are contained in the duration duration less than the described first service time of described first service time and described first guard time;Only in the first guard time of described first strategy, detect described first strategy whether with at least one other policy conflict.The embodiment of the present application provides the scheme of a kind of collision detection.

Description

Collision detection method, device and controller
Technical field
The invention relates to networking technology area, particularly relate to a kind of collision detection method, Device and controller.
Background technology
Compared to conventional network structure, software defined network (Software Defined Network, Be called for short SDN) programmable features make network can produce a large amount of strategy, these strategies have The features such as quantity is many, kind is wide, so policy conflict is a very important problem, therefore, Need these strategies are carried out collision detection and clash handle.
In the collision detection of strategy, generally using the service time of strategy as participating in collision detection Time period, and the service time of some strategy is longer so that the detection limit of collision detection is relatively big, Have impact on the operational effect of network.
Summary of the invention
In view of this, a purpose of the embodiment of the present application is to provide the side of a kind of collision detection Case.
For achieving the above object, according to the first aspect of the embodiment of the present application, it is provided that a kind of conflict Detection method, including:
According at least to the first service time of one first strategy, determine the first of described first strategy Guard time, described first guard time is contained in the described first service time and described first The duration of guard time is less than the duration of described first service time;
Only in the first guard time of described first strategy, detect described first strategy whether with At least one other policy conflict.
In conjunction with first aspect, in the first possible implementation of first aspect, described extremely Few first service time according to one first strategy, when determining the first protection of described first strategy Between, including:
First service time, described first strategy according at least to described first strategy are applied At least one thing corresponding at least one stability parameter of network environment, described first strategy At least one importance parameter of part or service, determines the first guard time of described first strategy.
In conjunction with first aspect or any of the above-described kind of possible implementation of first aspect, first In the implementation that the second of aspect is possible, described according at least to the first of described first strategy At least one stability parameter of the network environment that service time, described first strategy are applied, At least one event corresponding to described first strategy or at least one importance parameter of service, Determine the first guard time of described first strategy, including:
According at least at least one stability parameter described and at least one importance parameter described, Determining a coefficient, described coefficient is less than 1;
Determine the duration of described first guard time equal to the described first service time duration with The product of described coefficient;
According at least to the initial time of described first service time and described first guard time Duration, determines described first guard time.
In conjunction with first aspect or any of the above-described kind of possible implementation of first aspect, first In the third possible implementation of aspect, at least one stability parameter described includes: use In identifying at least one of the stability of at least one network equipment that described first strategy relates to First parameter, for identifying the generation frequency of New Policy in the network segment that described first strategy is applied One second parameter.
In conjunction with first aspect or any of the above-described kind of possible implementation of first aspect, first In 4th kind of possible implementation of aspect, the initial time of described first guard time and institute The initial time stating the first service time is identical.
In conjunction with first aspect or any of the above-described kind of possible implementation of first aspect, first In 5th kind of possible implementation of aspect, described first strategy of described detection whether with at least After one other policy conflict, also include:
In response to testing result for not conflict, or, testing result for conflict but according to conflict at Reason rule determines described first strategy of execution, performs described first strategy.
In conjunction with first aspect or any of the above-described kind of possible implementation of first aspect, first In 6th kind of possible implementation of aspect, described first strategy of described execution, including:
Described first strategy is configured at least one network equipment that described first strategy relates to On.
In conjunction with first aspect or any of the above-described kind of possible implementation of first aspect, first In 7th kind of possible implementation of aspect, described first strategy of described detection whether with at least After one other policy conflict, also include:
It is conflict in response to testing result, and determines according to clash handle rule and do not perform described the One strategy and execution substitute one second strategy of described first strategy, deactivate described first strategy.
In conjunction with first aspect or any of the above-described kind of possible implementation of first aspect, first In 8th kind of possible implementation of aspect, described first strategy of described deactivation, including:
Finish time in response to described first guard time is later than the second of described second strategy The finish time of guard time, the initial time of described first guard time is revised as described The finish time of two guard times.
In conjunction with first aspect or any of the above-described kind of possible implementation of first aspect, first In 9th kind of possible implementation of aspect, described first strategy of described deactivation, including:
Finish time in response to described first guard time is not later than the of described second strategy The finish time of two guard times, terminate described first strategy.
In conjunction with first aspect or any of the above-described kind of possible implementation of first aspect, first In tenth kind of possible implementation of aspect, described clash handle rule includes: perform mutually Multiple strategy the highest strategies of medium priorities of conflict.
For achieving the above object, according to the second aspect of the embodiment of the present application, it is provided that a kind of conflict Detection device, including:
Determine module, for the first service time according at least to one first strategy, determine described First guard time of the first strategy, described first guard time is contained in described first service The duration of time and described first guard time is less than the duration of described first service time;
Detection module, for only in the first guard time of described first strategy, detection is described First strategy whether with at least one other policy conflict.
In conjunction with second aspect, in the first possible implementation of second aspect, described really Cover half block specifically for:
First service time, described first strategy according at least to described first strategy are applied An event corresponding at least one stability parameter of network environment, described first strategy or clothes At least one importance parameter of business, determines the first guard time of described first strategy.
In conjunction with second aspect or any of the above-described kind of possible implementation of second aspect, second In the implementation that the second of aspect is possible, described determine that module includes:
First determines unit, for according at least at least one stability parameter described and described extremely A few importance parameter, determines a coefficient, and described coefficient is less than 1;
Second determines unit, for determining that the duration of described first guard time is equal to described first The duration of service time and the product of described coefficient;
3rd determines unit, is used for the initial time according at least to the described first service time and institute State the duration of the first guard time, determine described first guard time.
In conjunction with second aspect or any of the above-described kind of possible implementation of second aspect, second In the third possible implementation of aspect, at least one stability parameter described includes: use In identifying at least one of the stability of at least one network equipment that described first strategy relates to First parameter, for identifying the generation frequency of New Policy in the network segment that described first strategy is applied One second parameter.
In conjunction with second aspect or any of the above-described kind of possible implementation of second aspect, second In 4th kind of possible implementation of aspect, the initial time of described first guard time and institute The initial time stating the first service time is identical.
In conjunction with second aspect or any of the above-described kind of possible implementation of second aspect, second In 5th kind of possible implementation of aspect, described device also includes:
Perform module, be used in response to testing result as not conflict, or, testing result is punching Dash forward but determine described first strategy of execution according to clash handle rule, perform described first strategy.
In conjunction with second aspect or any of the above-described kind of possible implementation of second aspect, second In 6th kind of possible implementation of aspect, described execution module specifically for: in response to inspection Survey result for not conflict, or, testing result for conflict but determine according to clash handle rule and hold Described first strategy of row, described first strategy is configured to that described first strategy relates at least one On the individual network equipment.
In conjunction with second aspect or any of the above-described kind of possible implementation of second aspect, second In 7th kind of possible implementation of aspect, described device also includes:
Deactivation module, for for conflicting and true according to clash handle rule in response to testing result Fixed one second strategy not performing described first strategy and performing to substitute described first strategy, deactivation Described first strategy.
In conjunction with second aspect or any of the above-described kind of possible implementation of second aspect, second In 8th kind of possible implementation of aspect, described deactivation module specifically for: in response to inspection Survey result for conflict, and determine according to clash handle rule do not perform described first strategy and perform Substitute one second strategy of described first strategy, and the finish time of described first guard time It is later than the finish time of the second guard time of described second strategy, by described first guard time Initial time be revised as finish time of described second guard time.
In conjunction with second aspect or any of the above-described kind of possible implementation of second aspect, second In 9th kind of possible implementation of aspect, described deactivation module specifically for: in response to inspection Survey result for conflict, and determine according to clash handle rule do not perform described first strategy and perform Substitute one second strategy of described first strategy, and the finish time of described first guard time It is not later than the finish time of the second guard time of described second strategy, terminates described first strategy.
In conjunction with second aspect or any of the above-described kind of possible implementation of second aspect, second In tenth kind of possible implementation of aspect, described clash handle rule includes: perform mutually Multiple strategy the highest strategies of medium priorities of conflict.
For achieving the above object, according to the third aspect of the embodiment of the present application, it is provided that a kind of control Device, including:
Communication interface, for the multiple network device communications administered with described controller;
Memorizer, is used for storing instruction;
Processor, for performing the instruction of described memorizer storage, described instruction makes described place Reason device operates below performing:
According at least to the first service time of one first strategy, determine the first of described first strategy Guard time, described first guard time is contained in the described first service time and described first The duration of guard time is less than the duration of described first service time;
Only in the first guard time of described first strategy, detect described first strategy whether with At least one other policy conflict;
According to testing result and/or clash handle rule, determine at least one strategy of execution;
At least one strategy described is configured at least one plan described by described communication interface On at least one network equipment slightly related to.
At least one technical scheme in the most multiple technical schemes has the advantages that
The embodiment of the present application, by the first service time according at least to one first strategy, determines institute State the first guard time of the first strategy, and only at the first guard time of described first strategy In, detect described first strategy whether with at least one other policy conflict, it is provided that Yi Zhongchong The scheme of prominent detection, and, strategy is only when a protection more shorter than the service time of self Interior participation collision detection, decreases the detection limit of collision detection, improves the effect of the network operation Rate.
Accompanying drawing explanation
The schematic flow sheet of a kind of collision detection method embodiment that Fig. 1 provides for the application;
The structural representation of a kind of collision-detection means embodiment that Fig. 2 provides for the application;
Fig. 3~5 is respectively the structural representation of a kind of implementation of embodiment illustrated in fig. 2;
The structural representation of a kind of controller embodiment that Fig. 6 provides for the application;
Fig. 7 is the structural representation of a kind of implementation of embodiment illustrated in fig. 6.
Detailed description of the invention
Below in conjunction with the accompanying drawings and embodiment, the detailed description of the invention of the application is made the most in detail Explanation.Following example are used for illustrating the present invention, but are not limited to the scope of the present invention.
The schematic flow sheet of a kind of collision detection method embodiment that Fig. 1 provides for the application.As Shown in Fig. 1, the present embodiment includes:
110, according at least to the first service time of one first strategy, described first strategy is determined The first guard time, described first guard time is contained in described first service time and institute State the duration duration less than the described first service time of the first guard time.
For example, the inspection of the conflict described in a kind of collision-detection means embodiment that the application provides Survey device, or, the controller described in a kind of controller embodiment that the application provides, as The executive agent of the present embodiment, performs 110~120.
In the present embodiment, described first strategy can be any strategy, and is not specific to certain strategy, " first " is only for other strategy mentioned in difference the present embodiment.
In the present embodiment, the described first service time is the service time of described first strategy, " the One " service time of other strategy only for mentioning in difference the present embodiment;Described first protects The time of protecting is the guard time of described first strategy, and " first " is only in difference the present embodiment The guard time of other strategy mentioned.
In the present embodiment, described first guard time is contained in meaning of described first service time , when the initial time of described first guard time is no earlier than described first service time initial Carve, and the finish time of described first guard time is not later than the end of described first service time Moment.Wherein, when the initial time of described first guard time is alternatively with described first service Between initial time identical, or, different.
120, only in the first guard time of described first strategy, described first strategy is detected Whether with at least one other policy conflict.
In the present embodiment, described only in the first guard time of described first strategy, detect institute State the first strategy whether with at least one other policy conflict, it is meant that when described first protection Do not detect outside between the first strategy whether with at least one other policy conflict, say, that Outside described first guard time, described first strategy is not involved in collision detection.
In the present embodiment, at least one other strategy described is applied with described first strategy alternatively In the same network segment, or, relate to consolidated network equipment with described first strategy.For example, The network segment that first strategy is applied has in addition to the first strategy, also has four tactful A, B, C, D, Detect whether the first strategy conflicts with these four tactful A, B, C, D, or, due to first Strategy relates to the network equipment S1, S2, and strategy A relates to the network equipment S1, S2, and strategy B relates to And the network equipment S2, S3, strategy C relates to the network equipment S3, S4, and strategy D relates to network Equipment S1, detects whether the first strategy conflicts with strategy A, B, D.
In the present embodiment, at least one other strategy described is optionally at each when performing 120 From guard time in.
The present embodiment by according at least to first service time of one first strategy, determines described the First guard time of one strategy, and only in the first guard time of described first strategy, Detect described first strategy whether with at least one other policy conflict, it is provided that a kind of conflict inspection The scheme surveyed, and, strategy is only in a guard time more shorter than the service time of self Participate in collision detection, decrease the detection limit of collision detection, improve the efficiency of the network operation.
The method being further described through the present embodiment below by way of some optional implementations.
In the present embodiment, in 110, there is multiple implementation.
In the optional implementation of one, the described first service according at least to one first strategy Time, determine the first guard time of described first strategy, including:
First service time, described first strategy according at least to described first strategy are applied At least one thing corresponding at least one stability parameter of network environment, described first strategy At least one importance parameter of part or service, determines the first guard time of described first strategy.
Wherein, at least one stability parameter described is used for identifying the stability of described network environment, Described network environment includes hardware environment and software environment.Generally, the stablizing of described network environment Property is the highest, and the most described network environment is the most stable, and the duration of described first guard time is the biggest;Institute The stability stating network environment is the lowest, and the most described network environment is the most unstable, described first protection The duration of time is the least.
Wherein, at least one importance parameter described is used for identifying at least one event described (Event) or service (Service) importance.Generally, at least one event described or clothes The importance of business is the highest, and at least one event i.e. described or service are the most important, described first protection The duration of time is the biggest;The importance of at least one event described or service is the lowest, i.e. described in extremely A few event or service are the most inessential, and the duration of described first guard time is the least.
Wherein, each importance parameter for identify an event corresponding to described first strategy or The importance of service, correspondingly, at least one importance parameter described and at least one thing described Part or service one_to_one corresponding.
Generally, strategy can corresponding one or more events or service, when a strategy is right When answering multiple events or service, alternatively, this strategy is carried out according to the plurality of event or service Decompose, obtain multiple substrategy, the corresponding event of each substrategy or service.Correspondingly, Described first strategy in the present embodiment is optionally one by corresponding multiple events or service The substrategy that strategy obtains after decomposing, an only corresponding event or service.
In this implementation, alternatively, described the first clothes according at least to described first strategy At least one stability parameter of network environment that business time, described first strategy are applied, institute State at least one importance parameter of at least one event corresponding to the first strategy or service, really First guard time of fixed described first strategy, including:
According at least at least one stability parameter described and at least one importance parameter described, Determining a coefficient, described coefficient is less than 1;
Determine the duration of described first guard time equal to the described first service time duration with The product of described coefficient;
According at least to the initial time of described first service time and described first guard time Duration, determines described first guard time.
Wherein, the initial time of described first guard time and described first service time is initial Moment is identical, or, different.For example, manager can set a rule, will be every The initial time of the service time of individual strategy is as the initial time of the guard time of this strategy.Again For example, the network rings that manager can be applied according to this strategy when a strategy produces Border, at least one event of this strategy correspondence or service, when dynamically setting the protection of this strategy Between initial time.
For example, the service time of a strategy is from 12:00 at noon on June 1st, 2010 To 22:00 in evening on June 1st, 2010, i.e. this service time time a length of 10 hours, Assume that the described coefficient determined is 0.9, then may determine that this strategy guard time time a length of 0.9*10=9 hour, if during the service of the initial time of the guard time of this strategy and this strategy Between initial time identical, then may determine that the guard time of this strategy is for from June, 2010 1 evening of June 12:00 to 2010 year noon on the 1st 21:00.
In this implementation, alternatively, at least one stability parameter described includes but does not limits In: for identifying the stability of at least one network equipment that described first strategy relates at least One the first parameter, for identifying the generation of New Policy in the network segment that described first strategy is applied One second parameter of frequency.
Wherein, at least one network equipment that described first strategy relates to refers to configure described At least one network equipment of one strategy, it is also possible to be referred to as the event that described first strategy is corresponding Or at least one network equipment that service relates to.
Wherein, each first parameter is for identifying at least one network that described first strategy relates to The stability of a network equipment in equipment, correspondingly, at least one first parameter described and institute State at least one network equipment one_to_one corresponding.
The network equipment related to below by the explanation service of several examples, strategy and strategy.
1, a service is to arrange fire wall to stop the main frame such as 128.172.10.56 of particular address to arrive 128.172.10.150 the connection with outer net;
This service corresponding strategy as follows:
Set Firewall_1, Firewall_2, Firewall_3
{ If:IP in 128.172.10.56~128.172.10.150
Then:Reject}
This strategy relates to three network equipments, particularly as follows: No. 1 fire wall (Firewall_1), No. 2 fire walls (Firewall_2), No. 3 fire walls (Firewall_3).
2, the network rate of user 128.171.10.47 is set to 10,000,000 for arranging gateway by a service Bits per second (Mb/s);
This service corresponding strategy as follows:
Set Gateway_2
{ If:IP=128.171.10.47
Then:Rate=10M}
This strategy relates to a network equipment, i.e. No. 2 gateways (Gateway_2).
3, a service is added new stream list item for all switches thus is local 128.172.10.0 And between far-end 176.121.11.0, set up a VPN passage;
This service corresponding strategy as follows:
Set Switch_1
{Add new Flowtable Entry:
If:Source IP in 176.121.11.0
Then:Transfer to Port_1
If:Destination IP in 176.121.11.0
Then:Transfer to Port_3}
Set Switch_2
{Add new Flowtable Entry:
If:Source IP in 176.121.11.0
Then:Transfer to Port_1
If:Destination IP in 176.121.11.0
Then:Transfer to Port_5}
This strategy relates to multiple network equipment, owning in the network segment that this service of being specially is applied Switch, including: No. 1 switch (Switch_1), No. 2 switches (Switch_2), etc..
4, a service is 10 for arranging virtualization manager by 5,6, No. 7 switch sections Virtual switch;
This service corresponding strategy as follows:
Set Virtualization
{Slice Switch_5,Switch_6,Switch_7into 10V_Switches}
This strategy relates to three network equipments, particularly as follows: No. 5 switches (Switch_5), 6 Number switch (Switch_6), No. 7 switches (Switch_7).
5, a service is to repair the link error caused because of the damage of No. 11 switches, in route During forwarding, this node is dodged;
This service corresponding strategy as follows:
Set Switch_1
{Add new Flowtable Entry}
Set Switch_10
{Add new Flowtable Entry}
Set Switch_12
{Add new Flowtable Entry}
This strategy relates to multiple network equipment, except 11 in the network segment that this service of being specially is applied All switches outside number switch, including: No. 1 switch (Switch_1) ..., 10 Number switch (Switch_10), No. 12 switches (Switch_12), etc..
Wherein, the network segment that described first strategy is applied refers to that described first strategy relates at least The network segment belonging to one network equipment.In SDN, the described network segment typically at least includes one The scope that controller is administered.
In this implementation, alternatively, each first parameter is that map network equipment needs dimension Protect, repair, virtualized average time interval and the network equipment needs of same type in network Maintenance, reparation, the ratio of virtualized maximum history average time interval, use seqtRepresent, Further, if seqt> 1, then take seqt=1.Described second parameter is the current New Policy of the described network segment Generation rate (Current Frequency of New Policies), i.e. (example within for the previous period In 24 hours) number of New Policy that produces of this network segment of unit interval, with this network segment history The ratio of New Policy generation rate, uses fnpRepresent, and, if fnp< 1, then take fnp=1.With institute As a example by stating the first corresponding event of strategy or service, at least one importance parameter described is institute State the priority of event or service and the ratio of possible limit priority, use peRepresent.
Based on above-mentioned parameter, inventor proposes a kind of for calculating the optional of described coefficient W Formula is as follows:
W = a &CenterDot; min { s eqt } + b &CenterDot; p e c &CenterDot; ( f np - 1 ) + 1 - - - ( 1 )
Wherein, min{seqtRepresent the minima at least one first parameter described, a, b, c For constant coefficient, and a+b=1,0 < c < 1.It should be noted that to guarantee that W is less than 1, Alternatively, a+b < 1, such as, and a+b=0.99, the most only illustrate as a example by a+b=1.
Illustrate how below to use formula (1) and formula (1) in a concrete scene Effect.
In a kind of possible scene, a service is had to stop particular address for arranging fire wall Main frame and the connection of outer net, described particular address is 128.172.10.56 to 128.172.10.150 All addresses in scope, and the persistent period of this service be 10 days, correspondingly, to should Service one following strategy of generation:
Set Firewall_1, Firewall_2, Firewall_3
{ If:IP in 128.172.10.56~128.172.10.150
Then:Reject}
The service time of this strategy time a length of 10 days, this strategy relates to three network equipments, Particularly as follows: No. 1 fire wall, No. 2 fire walls, No. 3 fire walls.
Assume No. 1 fire wall, No. 2 fire walls, s that No. 3 fire walls are correspondingeqtBe followed successively by 0.93, 0.97,1, take minima min{s thereineqt}=0.93.Owing to this service relates to network security, So the priority of this service is higher and be 6, and possible limit priority is 7, so pe=0.86.The network segment that this strategy is applied current 24 hours interior New Policy generation rates is 1.7/hour, the history New Policy generation rate of this network segment is 1.2/hour, so fnp=1.42. Assume that a, b, c in formula (1) are respectively 0.5,0.5,0.5, then according to formula (1) Obtain W=0.74, correspondingly, the guard time of this strategy time a length of: 0.74*10=7.4 days.
According to the scheme of prior art, this strategy has the time participation collision detection of 10 days, And the method using the present embodiment, this strategy participates in the duration of collision detection will shorten to 7.4 My god.Scheme compared to existing technology, after using the method for the present embodiment, this strategy is with 26% Probability avoid collision detection.Scrutinize wherein each parameter, three nets that this strategy relates to The s that network equipment is correspondingeqtAll close to 1, illustrate that the network equipment that this strategy relates to is the most stable; The priority of this service is 6, is only second to limit priority 7, the priority of this service is described also Higher;The current New Policy generation rate of the network segment that this strategy is applied is the biggest, but through revising After the correction of coefficient c=0.5, the impact that it brings reduces.The W=0.74 finally given, Belong to bigger coefficient.It can be seen that relate to safe service for this, on the one hand protect The time length ratio protecting the time shortens 26% service time, improves the efficiency of the network operation, another Aspect accounts for the guard time of service time 74% and also is able to make it participate in collision detection well, should Security service is not affected by too many.
In above-mentioned scene, if this service is the service of non-safety-related, be such as one general Logical service, priority is relatively low, it is assumed that be 3, then pe=0.43, if other parameter constants, root W=0.56 can be obtained according to formula (1), correspondingly, guard time time a length of 5.6 days. Compared to the duration 10 days of service time, this strategy participates in the duration of collision detection and significantly reduces, The efficiency of the network operation significantly improves.It addition, a kind of extreme case is, the priority of this service Be 1, then pe=0.14, if other parameter constants, then can obtain W=according to formula (1) 0.44.Contrast both of these case understands, due to constant coefficient a and the existence of b, simple service The change of priority the impact of W is restricted, concrete impact effect can be by often Coefficient a and b determines.In the case of the priority of this service is 1, W=0.44, this explanation The guard time of one unessential service only account for its service time less than half, the most relatively Lack this strategy and participated in the number of times of collision detection, thus improve network operation efficiency.
In above-mentioned scene, if current New Policy generation rate increases, such as, current 24 Hour interior New Policy generation rate is 3/hour, history New Policy generation rate is 1.2/and little Time, so fnp=2.5, if other parameter constants, W=0.51 can be obtained according to formula (1). Can be seen that, although it is higher that this service relates to safe service, priority, but when this strategy When New Policy generation rate current in the network segment applied uprises, the duration of guard time also can contract Short.If only considering the impact on W of the current New Policy generation rate, i.e. assume min{seqt}= 1, pe=1, fnp=1.42, if c=0.5, W=0.83, if c=1, W=0.70, thus It can be seen that when the New Policy that this network segment currently produces is more, i.e. the total amount of strategy in network During increase, the duration of guard time can correspondingly shorten, thus decreases the detection of collision detection Amount, improves the efficiency of the network operation.
In the present embodiment, in 120, the testing result of detection may have multiple, correspondingly, based on Different testing results, may have different subsequent treatment.
In the optional implementation of one, whether described first strategy of described detection is with at least one After other policy conflict individual, also include:
In response to testing result for not conflict, or, testing result for conflict but according to conflict at Reason rule determines described first strategy of execution, performs described first strategy.
Wherein, described clash handle rule can be set in advance.In a kind of possible scene In, described clash handle rule can only consider the priority of strategy, alternatively, described conflict Process the strategy that rule is the highest for performing mutual afoul multiple strategy medium priorities.
When described clash handle rule is the highest for performing mutual afoul multiple strategy medium priorities One tactful time, described testing result be conflict but according to clash handle rule determine execution institute State the first strategy it is meant that the priority of described first strategy is higher than and described first policy conflict The priority of other strategies all.
Wherein, for different executive agents, the implication of described first strategy of described execution Different.For example, if the executive agent of the present embodiment is to manage described first strategy to relate to And the controller of at least one network equipment or collision detection in the controller is set Device, described first strategy of the most described execution specifically, be configured to described by described first strategy On at least one network equipment, specifically, with the form of machine language by described first strategy Content is configured at least one network equipment described;If the executive agent of the present embodiment is described Any one network equipment or be arranged on described at least one network equipment that first strategy relates to Collision-detection means in the network equipment, described first strategy of the most described execution is specifically, to report Literary composition performs the operation of described first policy mandates.
It should be noted that described first strategy is in described first guard time, may not Only once participate in collision detection, the only punching each time in described first guard time The testing result of prominent detection is does not conflicts or testing result for conflict but is advised according to clash handle The most still determine execution described first strategy in the case of, described first strategy be only possible to by described extremely Few network equipment performs until the finish time of described first guard time arrives.
In this implementation, a kind of possible scene is, the end of described first guard time Moment is early than the finish time of described first service time.
In this scene, if described first strategy by least one network equipment described perform until The finish time of described first guard time arrives, then in the end from described first guard time In moment to the time period of the finish time of described first service time, at least one network described The processing mode of described first strategy is had multiple by equipment.
Owing to described first strategy is not involved in collision detection outside described first guard time, because of This, in order to avoid described first strategy rushes with New Policy outside described first guard time Prominent, alternatively, for any one network equipment at least one network equipment described, Perform described first strategy until described first guard time finish time arrive after, in institute Described first strategy of execution is optionally pursued with before stating the finish time arrival of first service time Unless there are New Policy and described first policy conflict.
Wherein, described New Policy is that the controller administering the described network equipment is protected described first The finish time of time is allocated to the described network equipment after arriving, if described New Policy and institute Stating the first policy conflict, the described network equipment can receive after being configured for described New Policy firmly Part is reported to the police, and the described network equipment determines described New Policy and described first strategy according to described warning Conflict, correspondingly, terminates described first strategy.
If on the contrary, from the finish time of described first guard time to described first service time Between finish time time period in do not have New Policy be configured to the described network equipment or have new Strategy is configured to the described network equipment but does not receives hardware alarms, and the most described network equipment is permissible Described first strategy is continued executing with within the first service time, and in the described first service time After finish time reaches, terminate described first strategy.
In another optional implementation, described first strategy of described detection whether with at least After one other policy conflict, also include:
It is conflict in response to testing result, and determines according to clash handle rule and perform institute State the first strategy and perform to substitute one second strategy of described first strategy, deactivating described first plan Slightly.
Wherein, described clash handle rule can be set in advance.In a kind of possible scene In, described clash handle rule can only consider the priority of strategy, alternatively, described conflict Process the strategy that rule is the highest for performing mutual afoul multiple strategy medium priorities.
Wherein, one second strategy of described first strategy is substituted along with the difference of clash handle rule May also can be different.
When described clash handle rule is the highest for performing mutual afoul multiple strategy medium priorities One tactful time, described testing result for conflict but determine according to clash handle rule and do not perform Described first strategy and perform to substitute one second strategy of described first strategy it is meant that described the The two tactful priority with described first policy conflict and described second strategy are higher than described first The priority of strategy.
In this implementation, in order to reduce the loss of service that clash handle causes, alternatively, Described first strategy of described deactivation, including:
Finish time in response to described first guard time is later than the second of described second strategy The finish time of guard time, the initial time of described first guard time is revised as described The finish time of two guard times.
It is to say, by described first strategy at described first guard time determined from 110 Initial time to the finish time of described second guard time time period in deactivation.Further Ground, based on above-mentioned amended described first guard time, performs 120 again.
If on the contrary, the finish time of described first guard time is not later than described second strategy The finish time of the second guard time, then can there is other processing mode.Alternatively, described Deactivate described first strategy, including:
Finish time in response to described first guard time is not later than the of described second strategy The finish time of two guard times, terminate described first strategy.
Wherein, terminate described first strategy and be optionally described first strategy deletion, specifically, Described deletion can be to be not later than described in the finish time determining described first guard time Delete immediately after at the end of second guard time of two strategies, it is also possible to be described first Service time deletes after terminating.
In conjunction with above two implementation, for example, have four strategies, be designated as strategy respectively A, strategy B, strategy C, strategy D, if using strategy A as the first strategy, examining in 120 Survey strategy A whether conflict with strategy B, strategy C, strategy D, if tactful A not with strategy Arbitrary policy conflict in B, strategy C, strategy D, then implementation strategy A, it is assumed that strategy A Conflict with strategy B, strategy D simultaneously, then comparison strategy A, strategy B, tactful D preferential Level, if the priority of strategy A is the highest, it is determined that implementation strategy A, if strategy B or strategy The priority of D is the highest, it is determined that implementation strategy B or strategy D and non-implementation strategy A, i.e. Strategy B or strategy D is described second strategy.
The structural representation of a kind of collision-detection means embodiment that Fig. 2 provides for the application.As Shown in Fig. 2, collision-detection means 200 includes:
Determine module 21, for the first service time according at least to one first strategy, determine institute Stating the first guard time of the first strategy, described first guard time is contained in described first clothes The duration of business time and described first guard time is less than the duration of described first service time;
Detection module 22, for only in the first guard time of described first strategy, detects institute State the first strategy whether with at least one other policy conflict.
In the present embodiment, collision-detection means 200 can set with the form of software and/or hardware Put in arbitrary network equipment, such as, be arranged on a controller or described controller administration appoint In one network equipment.
In the present embodiment, described first strategy can be any strategy, and is not specific to certain strategy, " first " is only for other strategy mentioned in difference the present embodiment.
In the present embodiment, the described first service time is the service time of described first strategy, " the One " service time of other strategy only for mentioning in difference the present embodiment;Described first protects The time of protecting is the guard time of described first strategy, and " first " is only in difference the present embodiment The guard time of other strategy mentioned.
In the present embodiment, described first guard time is contained in meaning of described first service time , when the initial time of described first guard time is no earlier than described first service time initial Carve, and the finish time of described first guard time is not later than the end of described first service time Moment.Wherein, when the initial time of described first guard time is alternatively with described first service Between initial time identical, or, different.
In the present embodiment, detection module 22 only in the first guard time of described first strategy, Detect described first strategy whether with at least one other policy conflict, it is meant that described first Outside guard time, detection module 22 does not detect the first strategy whether other strategy with at least one Conflict, say, that described first strategy is not involved in conflict outside described first guard time Detection.
In the present embodiment, at least one other strategy described is applied with described first strategy alternatively In the same network segment, or, relate to consolidated network equipment with described first strategy.For example, The network segment that first strategy is applied has in addition to the first strategy, also has four tactful A, B, C, D, Detect whether the first strategy conflicts with these four tactful A, B, C, D, or, due to first Strategy relates to the network equipment S1, S2, and strategy A relates to the network equipment S1, S2, and strategy B relates to And the network equipment S2, S3, strategy C relates to the network equipment S3, S4, and strategy D relates to network Equipment S1, detects whether the first strategy conflicts with strategy A, B, D.
In the present embodiment, at least one other strategy described is optional when detection module 22 detects Be in respective guard time.
The collision-detection means of the present embodiment is determined by module according at least to one first strategy The first service time, determining the first guard time of described first strategy, detection module is only in institute State in the first guard time of the first strategy, detect described first strategy whether with at least one its Its policy conflict, it is provided that the scheme of a kind of collision detection, and, strategy is only at a ratio certainly Participate in collision detection in the guard time that service time of body is shorter, decrease the inspection of collision detection Measure, improve the efficiency of the network operation.
The conflict inspection of the present embodiment it is further described through below by way of some optional implementations Survey device 200.
In the present embodiment, determine that module 21 has multiple implementation.
In the optional implementation of one, determine module 21 specifically for:
First service time, described first strategy according at least to described first strategy are applied An event corresponding at least one stability parameter of network environment, described first strategy or clothes At least one importance parameter of business, determines the first guard time of described first strategy.
In this implementation, alternatively, as it is shown on figure 3, determine that module 21 includes:
First determines unit 211, for according at least at least one stability parameter described and institute Stating at least one importance parameter, determine a coefficient, described coefficient is less than 1;
Second determines unit 212, for determining that the duration of described first guard time is equal to described The duration of first service time and the product of described coefficient;
3rd determines unit 213, for the initial time according at least to the described first service time With the duration of described first guard time, determine described first guard time.
Wherein, the initial time of described first guard time and described first service time is initial Moment is identical, or, different.
In this implementation, alternatively, at least one stability parameter described includes: be used for Identify at least one network equipment that described first strategy relates to stability at least one One parameter, for identifying the generation frequency of New Policy in the network segment that described first strategy is applied One second parameter.
A kind of collision detection method illustrating reference the application offer of this implementation is real Execute the corresponding description in example.
In the present embodiment, the testing result of detection module 22 may have multiple, correspondingly, and base In different testing results, may there is different subsequent treatment.
In the optional implementation of one, as shown in Figure 4, collision-detection means 200 is also wrapped Include:
Perform module 23, for the testing result in response to detection module 22 for not conflict, or Person, the testing result of detection module 22 is conflict but determines execution institute according to clash handle rule State the first strategy, perform described first strategy.
Wherein, described clash handle rule can be set in advance.In a kind of possible scene In, described clash handle rule can only consider the priority of strategy, alternatively, described conflict Process the strategy that rule is the highest for performing mutual afoul multiple strategy medium priorities.
Wherein, when collision-detection means 200 is arranged in different main bodys, perform module 23 The implication performing described first strategy is different.For example, if collision-detection means 200 It is arranged in the controller managing at least one network equipment that described first strategy relates to, then holds Row module 23 specifically for: in response to the testing result of detection module 22 for not conflict, or Person, the testing result of detection module 22 is conflict but determines execution institute according to clash handle rule State the first strategy, described first strategy is configured at least one network equipment described.If punching Prominent detection device 200 is arranged at least one network equipment that described first strategy relates to appoints In one network equipment, then perform module 23 specifically for: in response to the inspection of detection module 22 Survey result for not conflict, or, the testing result of detection module 22 for conflict but according to conflict Process rule and determine described first strategy of execution, message is performed the behaviour of described first policy mandates Make.
A kind of collision detection method illustrating reference the application offer of this implementation is real Execute the corresponding description in example.
In another optional implementation, as it is shown in figure 5, collision-detection means 200 is also Including:
Deactivation module 24, is used for being conflict in response to the testing result of detection module 22, and root Determine according to clash handle rule and do not perform described first strategy and perform to substitute described first strategy One second strategy, deactivate described first strategy.
Wherein, described clash handle rule can be set in advance.In a kind of possible scene In, described clash handle rule can only consider the priority of strategy, alternatively, described conflict Process the strategy that rule is the highest for performing mutual afoul multiple strategy medium priorities.
In this implementation, in order to reduce the loss of service that clash handle causes, alternatively, Deactivation module 24 specifically for: in response to testing result for conflict, and according to clash handle advise Then determine and do not perform described first strategy and perform to substitute one second strategy of described first strategy, And the finish time of described first guard time is when being later than the second protection of described second strategy Between finish time, the initial time of described first guard time is revised as described second protection The finish time of time.
If on the contrary, the finish time of described first guard time is not later than described second strategy The finish time of the second guard time, then can there is other processing mode.Alternatively, deactivation Module 24 specifically for: be conflict in response to testing result, and according to clash handle rule really Fixed one second strategy not performing described first strategy and performing to substitute described first strategy, and The finish time of described first guard time is not later than the second guard time of described second strategy Finish time, terminate described first strategy.
A kind of collision detection method illustrating reference the application offer of this implementation is real Execute the corresponding description in example.
The structural representation of a kind of controller embodiment that Fig. 6 provides for the application.Such as Fig. 6 institute Showing, controller 600 includes:
Communication interface 61, for the multiple network device communications with controller 600 administration;
Memorizer 62, is used for storing instruction;
Processor 63, for performing the instruction of memorizer 62 storage, described instruction makes to process Device 63 performs following operation:
According at least to the first service time of one first strategy, determine the first of described first strategy Guard time, described first guard time is contained in the described first service time and described first The duration of guard time is less than the duration of described first service time;
Only in the first guard time of described first strategy, detect described first strategy whether with At least one other policy conflict;
According to testing result and/or clash handle rule, determine at least one strategy of execution;
At least one strategy described is configured at least one strategy described by communication interface 61 On at least one network equipment related to.
Wherein, described regular according to testing result and/or clash handle, determine and perform at least one Strategy, including: in response to testing result for not conflict, determine at least one strategy of execution;Or Person, is conflict in response to testing result, determines at least one plan of execution according to clash handle rule Slightly.
In the present embodiment, memorizer 62 includes high speed random access memory (Random-alternatively Access Memory, is called for short RAM), the most also include nonvolatile memory (non- Volatile memory), for example, at least one disk memory.
In the present embodiment, described instruction is stored in memorizer 62 with the form of a program alternatively In.
In the present embodiment, processor 63 is probably a central processing unit (Central Processing Unit, is called for short CPU), or specific integrated circuit (Application Specific Integrated Circuit, is called for short ASIC), or it is configured to perform one of aforesaid operations Or multiple integrated circuit.The aforesaid operations that described instruction makes processor 63 perform is referred to Corresponding description in above-mentioned collision detection method embodiment, is not repeated herein.
In the optional implementation of one, as it is shown in fig. 7, subscriber equipment 600 also includes: Communication bus 64.Wherein, communication interface 61, memorizer 62, processor 63 are by communication always Line 64 completes mutual communication and control.
A kind of collision detection method that effective effect of the present embodiment provides with reference to the application is implemented Corresponding description in example.
Those of ordinary skill in the art are it is to be appreciated that combine the embodiments described herein and retouch The unit of each example stated and method step, it is possible to electronic hardware or computer software and Being implemented in combination in of electronic hardware.These functions perform with hardware or software mode actually, Depend on application-specific and the design constraint of technical scheme.Professional and technical personnel can be to often Individual specifically should being used for uses different methods to realize described function, but this realization is not It is considered as beyond the scope of this invention.
If described function realizes and as independent product pin using the form of SFU software functional unit When selling or use, can be stored in a computer read/write memory medium.Based on such Understand, part that original technology is contributed by technical scheme the most in other words or The part of this technical scheme of person can embody with the form of software product, this computer software Product is stored in a storage medium, including some instructions with so that a computer equipment (can be personal computer, server, or the network equipment etc.) performs the present invention, and each is real Execute all or part of step of method described in example.And aforesaid storage medium includes: USB flash disk, shifting Dynamic hard disk, read only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disc or CD etc. are various can store journey The medium of sequence code.
Embodiment of above is merely to illustrate the present invention, and not limitation of the present invention, relevant The those of ordinary skill of technical field, without departing from the spirit and scope of the present invention, Can also make a variety of changes and modification, the technical scheme of the most all equivalents falls within the present invention Category, the scope of patent protection of the present invention should be defined by the claims.

Claims (10)

1. a collision detection method, it is characterised in that described method includes:
According at least to the first service time of one first strategy, determine the first of described first strategy Guard time, described first guard time is contained in the described first service time and described first The duration of guard time is less than the duration of described first service time;
Only in the first guard time of described first strategy, detect described first strategy whether with At least one other policy conflict.
Method the most according to claim 1, it is characterised in that described according at least to one The first service time of the first strategy, determine the first guard time of described first strategy, including:
First service time, described first strategy according at least to described first strategy are applied At least one thing corresponding at least one stability parameter of network environment, described first strategy At least one importance parameter of part or service, determines the first guard time of described first strategy.
Method the most according to claim 2, it is characterised in that described at least one is steady Qualitative parameter includes: for identifying the steady of at least one network equipment that described first strategy relates to At least one first parameter qualitatively is new for identifying in the network segment that described first strategy is applied One second parameter of the generation frequency of strategy.
4. according to described method arbitrary in claims 1 to 3, it is characterised in that described the The initial time of one guard time is identical with the initial time of described first service time.
5. according to described method arbitrary in Claims 1 to 4, it is characterised in that described inspection Survey described first strategy whether with at least one other policy conflict after, also include:
In response to testing result for not conflict, or, testing result for conflict but according to conflict at Reason rule determines described first strategy of execution, performs described first strategy.
6. according to described method arbitrary in Claims 1 to 4, it is characterised in that described inspection Survey described first strategy whether with at least one other policy conflict after, also include:
It is conflict in response to testing result, and determines according to clash handle rule and do not perform described the One strategy and execution substitute one second strategy of described first strategy, deactivate described first strategy.
Method the most according to claim 6, it is characterised in that described deactivation described One strategy, including:
Finish time in response to described first guard time is later than the second of described second strategy The finish time of guard time, the initial time of described first guard time is revised as described The finish time of two guard times.
8. according to described method arbitrary in claim 5~7, it is characterised in that described punching The prominent rule that processes includes: perform the strategy that mutual afoul multiple strategy medium priorities are the highest.
9. a collision-detection means, it is characterised in that described device includes:
Determine module, for the first service time according at least to one first strategy, determine described First guard time of the first strategy, described first guard time is contained in described first service The duration of time and described first guard time is less than the duration of described first service time;
Detection module, for only in the first guard time of described first strategy, detection is described First strategy whether with at least one other policy conflict.
10. a controller, it is characterised in that described controller includes:
Communication interface, for the multiple network device communications administered with described controller;
Memorizer, is used for storing instruction;
Processor, for performing the instruction of described memorizer storage, described instruction makes described place Reason device operates below performing:
According at least to the first service time of one first strategy, determine the first of described first strategy Guard time, described first guard time is contained in the described first service time and described first The duration of guard time is less than the duration of described first service time;
Only in the first guard time of described first strategy, detect described first strategy whether with At least one other policy conflict;
According to testing result and/or clash handle rule, determine at least one strategy of execution;
At least one strategy described is configured at least one plan described by described communication interface On at least one network equipment slightly related to.
CN201510313546.7A 2015-06-09 2015-06-09 Conflict detection method, device and controller Active CN106301861B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510313546.7A CN106301861B (en) 2015-06-09 2015-06-09 Conflict detection method, device and controller

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510313546.7A CN106301861B (en) 2015-06-09 2015-06-09 Conflict detection method, device and controller

Publications (2)

Publication Number Publication Date
CN106301861A true CN106301861A (en) 2017-01-04
CN106301861B CN106301861B (en) 2020-06-23

Family

ID=57660144

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510313546.7A Active CN106301861B (en) 2015-06-09 2015-06-09 Conflict detection method, device and controller

Country Status (1)

Country Link
CN (1) CN106301861B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115952496A (en) * 2023-02-14 2023-04-11 鹏城实验室 Defense method, device, equipment and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060106938A1 (en) * 2003-11-14 2006-05-18 Cisco Systems, Inc. Load balancing mechanism using resource availability profiles
CN101867825A (en) * 2010-06-25 2010-10-20 中国传媒大学 Device for circularly monitoring multi-channel video and method thereof
WO2013030626A1 (en) * 2011-08-31 2013-03-07 Nokia Corporation Method and apparatus for privacy policy management
US20140075121A1 (en) * 2012-09-07 2014-03-13 International Business Machines Corporation Selective Delaying of Write Requests in Hardware Transactional Memory Systems
CN103681402A (en) * 2013-11-29 2014-03-26 上海华力微电子有限公司 Automatic skip-stop detection system
CN104363159A (en) * 2014-07-02 2015-02-18 北京邮电大学 Virtual open network building system and method based on software definition network

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060106938A1 (en) * 2003-11-14 2006-05-18 Cisco Systems, Inc. Load balancing mechanism using resource availability profiles
CN101867825A (en) * 2010-06-25 2010-10-20 中国传媒大学 Device for circularly monitoring multi-channel video and method thereof
WO2013030626A1 (en) * 2011-08-31 2013-03-07 Nokia Corporation Method and apparatus for privacy policy management
US20140075121A1 (en) * 2012-09-07 2014-03-13 International Business Machines Corporation Selective Delaying of Write Requests in Hardware Transactional Memory Systems
CN103681402A (en) * 2013-11-29 2014-03-26 上海华力微电子有限公司 Automatic skip-stop detection system
CN104363159A (en) * 2014-07-02 2015-02-18 北京邮电大学 Virtual open network building system and method based on software definition network

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
张玉静: "带有时间约束支持冲突检测的访问控制模型", 《计算机技术与发展》 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115952496A (en) * 2023-02-14 2023-04-11 鹏城实验室 Defense method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN106301861B (en) 2020-06-23

Similar Documents

Publication Publication Date Title
CN105934929B (en) Arbitration process method, arbitration storage device and system after a kind of cluster fissure
CN104580168B (en) A kind of processing method of Attacking Packets, apparatus and system
US20040221177A1 (en) Device and method for simulating network traffic treatments of a network using policy rules
US10708231B2 (en) Using headerspace analysis to identify unneeded distributed firewall rules
US11283683B2 (en) Network modification impact prediction
US20170288952A1 (en) Network policy conflict detection and resolution
Wang et al. Survivable virtual network mapping using optimal backup topology in virtualized SDN
CN105871930A (en) Self-adaptive firewall security policy configuration method and system based on applications
CN103959712B (en) Time control in large-scale firewall cluster
CN106549780A (en) A kind of network collocating method, apparatus and system
CN111935071B (en) Multilayer mimicry defense method, device, storage medium and multilayer mimicry system
CN105721487B (en) Information processing method and electronic equipment
CN109660624A (en) Planing method, server and the storage medium of content distributing network resource
CN104009896B (en) Node equipment access method, system and device based on MAC address
CN112511439B (en) Data forwarding method, device, equipment and computer readable storage medium
CN110569987B (en) Automatic operation and maintenance method, operation and maintenance equipment, storage medium and device
CN106301861A (en) Collision detection method, device and controller
CN109861961A (en) Cyber-defence device and cyber-defence system
Wahbi et al. A distributed asynchronous solver for nash equilibria in hypergraphical games
CN107645458A (en) Three-tier message drainage method and controller
CN106878075A (en) A kind of message processing method and device
CN114884955B (en) Transparent proxy deployment system and method
CN110213301A (en) A kind of method, server and system shifting network attack face
JP6826486B2 (en) Network design equipment and network design method
CN114978563A (en) Method and device for blocking IP address

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant