CN106330778B - Network flow control method and device - Google Patents

Network flow control method and device Download PDF

Info

Publication number
CN106330778B
CN106330778B CN201610701581.0A CN201610701581A CN106330778B CN 106330778 B CN106330778 B CN 106330778B CN 201610701581 A CN201610701581 A CN 201610701581A CN 106330778 B CN106330778 B CN 106330778B
Authority
CN
China
Prior art keywords
access request
network access
network
flow
traffic
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610701581.0A
Other languages
Chinese (zh)
Other versions
CN106330778A (en
Inventor
岑杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Guanglian Digital Technology Co ltd
Original Assignee
SHENZHEN AUTONET Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SHENZHEN AUTONET Co Ltd filed Critical SHENZHEN AUTONET Co Ltd
Priority to CN201610701581.0A priority Critical patent/CN106330778B/en
Publication of CN106330778A publication Critical patent/CN106330778A/en
Application granted granted Critical
Publication of CN106330778B publication Critical patent/CN106330778B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/70Admission control; Resource allocation
    • H04L47/80Actions related to the user profile or the type of traffic
    • H04L47/803Application aware
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/70Admission control; Resource allocation
    • H04L47/82Miscellaneous aspects
    • H04L47/822Collecting or measuring resource availability data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a network flow control method, which comprises the following steps: receiving a network access request sent by a terminal when using an APN card, and acquiring a URL (uniform resource locator) address of the network access request; determining the service type of the network access request according to the acquired URL address, wherein the service type is pre-allocated with corresponding network flow; judging whether the current corresponding residual flow of the service type of the network access request meets a preset use condition; and if so, controlling the network flow consumed by the network access request according to the residual flow. The invention also discloses a network flow control device. The invention can realize more refined control on the APN card use flow.

Description

Network flow control method and device
Technical Field
The present invention relates to the field of internet technologies, and in particular, to a method and an apparatus for controlling network traffic.
Background
With the advent of the big data era, mobile terminals such as mobile phones consume more traffic when being used, and the restriction and control on the traffic become more and more urgent needs of users. The apn (access Point name), that is, the name of the access Point, is a term in GPRS (General Packet Radio Service) network application. The APN card is a network traffic card, mainly used for data transmission, so-called internet surfing, and is a special traffic card issued by enterprises through applying for bandwidth resources to mobile or Unicom operators, and the like, the cards realize internet surfing through a specific access point, and a network data access request sent by a mobile terminal using the APN card is transmitted to a Web resource server through an enterprise intranet.
In the prior art, network flow control of an APN card is performed, or only the use flow of the whole card is controlled, or only the use flow of each APP of a terminal is controlled, if more refined flow control is to be realized, for example, flow control is performed on each network access request of a certain APP, additional development needs to be performed on logic of the APP, the cost is high, and in the prior art, it is difficult to finely control the network flow of the APN card.
Disclosure of Invention
The invention mainly aims to provide a network flow control method and a device, and aims to realize more refined control on APN card use flow.
In order to achieve the above object, the present invention provides a method for controlling network traffic, comprising the following steps:
receiving a network access request sent by a terminal when using an APN card, and acquiring a URL (uniform resource locator) address of the network access request;
determining the service type of the network access request according to the acquired URL address, wherein the service type is pre-allocated with corresponding network flow;
judging whether the current corresponding residual flow of the service type of the network access request meets a preset use condition;
and if so, controlling the network flow consumed by the network access request according to the residual flow.
Optionally, before the step of obtaining the URL address of the network access request, the step of receiving the network access request sent by the terminal when using the APN card further includes:
and distributing corresponding network flow for different service types of the network access request.
Optionally, the step of determining whether the remaining traffic corresponding to the service type of the network access request currently meets a preset use condition includes:
acquiring occupied flow of a request data packet of the network access request, and taking the residual flow currently corresponding to the service type of the network access request as a first residual flow;
if the occupied flow of the request data packet is less than or equal to the first residual flow, judging that the first residual flow meets a preset use condition;
the step of controlling the network traffic consumed by the network access request according to the remaining traffic comprises:
and updating the network flow consumed by the network access request according to the occupied flow of the request data packet.
Optionally, the step of determining whether the remaining traffic corresponding to the service type of the network access request currently meets a preset use condition further includes:
acquiring the occupied flow of a response data packet of the network access request, and taking the difference value of the occupied flow of the first residual flow and the occupied flow of the request data packet as a second residual flow;
if the occupied flow of the response data packet is less than or equal to the second residual flow, judging that the second residual flow meets a preset use condition;
the step of controlling the network traffic consumed by the network access request according to the remaining traffic further includes:
and updating the network flow consumed by the network access request according to the occupied flow of the response data packet.
Optionally, after the step of obtaining the URL address of the network access request, the step of receiving the network access request sent by the terminal when using the APN card further includes:
obtaining a private IP of the APN card according to the URL address;
judging whether the APN card is registered according to the private IP;
if not, returning error information to the terminal; if yes, executing the following steps: determining the service type of the network access request according to the acquired URL address, wherein the service type is pre-allocated with corresponding network flow;
or judging whether the URL address is in a preset blacklist or not;
if yes, returning error information to the terminal; if not, executing the following steps: and determining the service type of the network access request according to the acquired URL address, wherein the service type is pre-allocated with corresponding network flow.
In addition, to achieve the above object, the present invention provides a network flow control apparatus, including:
the first acquisition module is used for receiving a network access request sent by a terminal when using an APN card and acquiring a URL (uniform resource locator) address of the network access request;
the determining module is used for determining the service type of the network access request according to the acquired URL address, and the service type is pre-allocated with corresponding network flow;
the first judging module is used for judging whether the residual flow corresponding to the service type of the network access request currently meets the preset use condition;
and the control module is used for controlling the network flow consumed by the network access request according to the residual flow if the residual flow currently corresponding to the service type of the network access request meets the preset use condition.
Optionally, the apparatus further comprises:
and the distribution module is used for distributing corresponding network flow for different service types of the network access request.
Optionally, the first determining module includes:
an obtaining unit, configured to obtain an occupied traffic of a request data packet of the network access request, and use a remaining traffic currently corresponding to a service type of the network access request as a first remaining traffic;
a determining unit, configured to determine that the first remaining traffic satisfies a preset usage condition if an occupied traffic of the request packet is less than or equal to the first remaining traffic;
the control module is further configured to update the network traffic consumed by the network access request according to the occupied traffic of the request packet.
Optionally, the obtaining unit is further configured to obtain an occupied traffic of a response packet of the network access request, and use a difference between the first remaining traffic and the occupied traffic of the request packet as a second remaining traffic;
the determining unit is further configured to determine that the second remaining traffic satisfies a preset use condition if the occupied traffic of the response packet is less than or equal to the second remaining traffic;
the control module is further configured to update the network traffic consumed by the network access request according to the occupied traffic of the response packet.
Optionally, the apparatus further comprises:
the second acquisition module is used for acquiring the private IP of the APN card according to the URL address;
the second judgment module is used for judging whether the APN card is registered according to the private IP; if not, returning error information to the terminal; if yes, a determining module determines the service type of the network access request according to the acquired URL address, wherein the service type is pre-allocated with corresponding network flow;
or, the second judging module is further configured to judge whether the URL address is in a preset blacklist; if yes, returning error information to the terminal; if not, the determining module determines the service type of the network access request according to the acquired URL address, and the service type is pre-allocated with corresponding network flow.
The invention receives a network access request sent by a terminal when using an APN card, and acquires a URL address of the network access request; determining the service type of the network access request according to the acquired URL address, wherein the service type is pre-allocated with corresponding network flow; judging whether the current corresponding residual flow of the service type of the network access request meets a preset use condition; and if so, controlling the network flow consumed by the network access request according to the residual flow. The invention realizes the flow control of the APN card issued by the enterprise by arranging the flow control module in the enterprise intranet without additionally developing the internal logic of the APP; in addition, the invention classifies the network service through the URL address, and pre-configures the available flow under each service classification of each APN card, when receiving the network access request of the terminal, the invention determines the service type of the network access request through the URL address, and realizes the control of the network flow of the access request through the current corresponding residual flow of the service type. The invention can realize more refined control on the APN card use flow by controlling and limiting the flow of different network services.
Drawings
Fig. 1 is a schematic flow chart of a network traffic control method according to a first embodiment of the present invention;
FIG. 2 is a schematic diagram of a network system architecture according to various embodiments of the present invention;
fig. 3 is a flowchart illustrating a network traffic control method according to a second embodiment of the present invention;
FIG. 4 is a detailed flow chart illustrating the control of network traffic according to a second embodiment of the present invention;
FIG. 5 is a schematic flow chart illustrating another detailed process for controlling network traffic according to a second embodiment of the present invention;
fig. 6 is a flowchart illustrating a network traffic control method according to a third embodiment of the present invention;
fig. 7 is a flowchart illustrating a fourth embodiment of a network traffic control method according to the present invention;
FIG. 8 is a functional block diagram of a first embodiment of a network flow control device in accordance with the present invention;
FIG. 9 is a functional block diagram of a second embodiment of a network flow control device in accordance with the present invention;
FIG. 10 is a schematic diagram of a detailed functional block of the first determining module;
fig. 11 is a functional block diagram of a network flow control device according to a third embodiment of the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The invention provides a network flow control method.
Referring to fig. 1, fig. 1 is a flowchart illustrating a network traffic control method according to a first embodiment of the present invention. The method comprises the following steps:
step S10, receiving a network access request sent by the terminal when using the APN card, and acquiring a URL address of the network access request.
The APN card is a network traffic card, and is different from a common SIM (Subscriber identity Module) card in that when a terminal uses the APN card to perform network access, the domain name of the card points to a specific enterprise firewall, so that the terminal can route network traffic to the enterprise firewall through an APN channel every time the terminal uses the APN card, and then network data transmission is performed through an enterprise intranet. In this embodiment, a flow control module is provided in an intranet to implement flow control, flow statistics, and corresponding data forwarding.
Referring to fig. 2, fig. 2 is a schematic diagram of a network system architecture according to various embodiments of the present invention. The network system comprises an APN channel, an enterprise intranet and a public network. The flow control module is arranged in an enterprise intranet, is used as a service to realize communication with a registration server and a Web proxy server respectively, and is used for controlling the flow of each network access request sent by a terminal APP; the registration server is used for binding the private IP and the card number of the APN card and providing registration and query service of the card number; the Web proxy server is used for providing a network information turnover function, for example, when a terminal sends an external resource access request, the request is identified by the proxy server and is replaced by the proxy server as an external request resource, and when the external resource server responds to the access request, the proxy server feeds back a response result to the terminal.
In this embodiment, the mobile terminal may be a mobile phone, a tablet computer, or other device with a network access function. When a terminal uses an APN card to make a network access request, a flow control module located in an enterprise intranet receives the network access request of the terminal and obtains a URL (Uniform Resource Locator) address of the network access request, namely a network address, which points to a network information Resource to be accessed by the terminal.
Step S20, determining the service type of the network access request according to the acquired URL address, wherein the service type is pre-allocated with corresponding network flow.
After the flow control module acquires the URL address of the network access request, determining the service type of the network access request according to the acquired URL address, wherein the service type is pre-allocated with corresponding network flow.
In this embodiment, in order to implement fine-grained control of traffic, a person skilled in the art may first classify network services based on URL addresses, where a standard URL generally includes a server type, a host name, a path, and a file name, and the service types may be divided according to different file names, for example, the service types may be divided into basic services (such as text, pictures, and links), entertainment services (such as video and music), download services, and other services. Generally, the traffic consumed by different services has a large difference, for example, the traffic consumed by the text service is small while the traffic consumed by the video service is large, so that the network services are classified and different available traffic is configured according to different service requirements, and the traffic can be controlled more specifically.
And then, storing the service types classified in advance and the usable network flow data configured for each service type in a corresponding storage unit, wherein the storage unit is also used for recording the residual flow in real time. The flow control module searches the service classification data in the storage unit according to the URL address, and then can determine the service type of the network access request and the corresponding residual flow. It should be noted that, when configuring the available traffic of each service, an enterprise may configure and set default values in a unified manner, and may also implement personalized configuration and modification of available traffic of different services by a user through a terminal-related service, and may make flexible selection in specific implementation.
Step S30, determining whether the remaining traffic corresponding to the service type of the network access request currently meets a preset use condition.
The traffic control module determines whether the remaining traffic currently corresponding to the service type of the network access request meets a preset use condition, for example, the remaining traffic currently corresponding to the service type is greater than or equal to the traffic consumed by the network access request as the preset use condition, and if the remaining traffic does not meet the preset use condition, the network access is denied and an error message is returned to the terminal.
Step S40, if the remaining traffic corresponding to the service type of the network access request currently satisfies a preset use condition, controlling the network traffic consumed by the network access request according to the remaining traffic.
For example, when the service classification to which the URL address belongs has remaining traffic and the remaining traffic is greater than or equal to the traffic that needs to be consumed by the current network access request, it is determined that the remaining traffic meets the preset usage condition, and at this time, the traffic control module may send the request to the Web proxy server and automatically deduct the traffic that is consumed by the current network access request from the remaining traffic; of course, the traffic control module may also display how much traffic remains under the current service classification to the user through the terminal service, and the user determines whether to continue network access.
In this embodiment, a flow control module receives a network access request sent by a terminal when using an APN card, and acquires a URL address of the network access request; determining the service type of the network access request according to the acquired URL address, wherein the service type is pre-allocated with corresponding network flow; judging whether the current corresponding residual flow of the service type of the network access request meets a preset use condition; and if so, controlling the network flow consumed by the network access request according to the residual flow. In the embodiment, the flow control module is arranged in the enterprise intranet to realize the flow control of the APN card issued by the enterprise, and no additional development is needed for the internal logic of the APP; in addition, in this embodiment, network services are classified by a URL address, an available flow under each service classification of each APN card is configured in advance, when a network access request of a terminal is received, a service type of the network access request is determined by the URL address, and control of the network flow of the access request is implemented by a remaining flow currently corresponding to the service type. In this embodiment, by controlling and limiting the traffic of different network services, more refined control of the APN card usage traffic can be achieved.
Further, referring to fig. 3, fig. 3 is a flowchart illustrating a network traffic control method according to a second embodiment of the present invention. Based on the embodiment shown in fig. 1, before the step S10, the method may further include:
step S50, allocating corresponding network traffic for different service types of the network access request.
As an implementation manner, the flow control module may allocate corresponding network flows to different service types requested by the network access in real time, for example, obtain the total remaining flow of the current APN card, and then calculate how much network flow should be allocated to each service according to the preset percentage of flow allocated to each service, so as to implement dynamic allocation of network flows; of course, the traffic control module may also allocate corresponding network traffic for different service types of the network access request at certain time intervals, and may be flexibly configured in specific implementation.
In this embodiment, the dynamic allocation of the network traffic is realized by allocating corresponding network traffic for different service types requested by the network access, that is, the traffic control module can make full use of the remaining traffic of the current APN card, thereby avoiding the occurrence of a situation that the remaining traffic is too large to be used in a certain service type.
Further, referring to fig. 4, fig. 4 is a detailed flowchart illustrating the control of network traffic in the second embodiment of the present invention. Based on the above-mentioned embodiment shown in fig. 3, the step S30 may include:
step S31, acquiring occupied traffic of a request packet of the network access request, and taking remaining traffic currently corresponding to a service type of the network access request as first remaining traffic;
step S32, if the occupied traffic of the request packet is less than or equal to the first remaining traffic, determining that the first remaining traffic satisfies a preset usage condition.
The step S40 may include:
step S41, if the remaining traffic corresponding to the service type of the network access request currently satisfies a preset usage condition, updating the network traffic consumed by the network access request according to the occupied traffic of the request packet.
In this embodiment, since the traffic consumed by the network access request is generally determined by the size of the request data packet and the size of the response data packet, the traffic control module may first obtain the request data packet of the network access request and calculate the occupied traffic size, then compare the occupied traffic of the request data packet with the remaining traffic of the current corresponding service class, that is, the first remaining traffic, and if the occupied traffic of the request data packet is less than or equal to the first remaining traffic, determine that the first remaining traffic satisfies the preset usage condition, at this time, take the occupied traffic of the request data packet as the consumed network traffic, to complete the update of the consumed network traffic, and then forward the network request to the proxy server; and if the occupied flow of the request data packet is larger than the current residual flow, not updating the network flow and returning error information to the terminal.
Further, referring to fig. 5, fig. 5 is a schematic diagram illustrating another detailed flow of controlling network traffic according to the second embodiment of the present invention. The step S30 may further include:
step S33, acquiring an occupied traffic of a response packet of the network access request, and taking a difference between the occupied traffic of the request packet and the first remaining traffic as a second remaining traffic;
step S34, if the occupied traffic of the response packet is less than or equal to the second remaining traffic, determining that the second remaining traffic satisfies a preset usage condition.
The step S40 may further include:
step S42, if the remaining traffic corresponding to the service type of the network access request currently satisfies a preset usage condition, updating the network traffic consumed by the network access request according to the occupied traffic of the response packet.
When receiving a response of network access, a flow control module acquires a response data packet corresponding to a Web server through a proxy server and calculates the occupied flow, meanwhile, the difference value of the occupied flow of the first residual flow and the occupied flow of the request data packet is used as a second residual flow, then the occupied flow of the response data packet is compared with the residual flow under the current corresponding service classification, namely the second residual flow, if the occupied flow of the request data packet is less than or equal to the second residual flow, the occupied flow of the response data packet is used as the consumed network flow so as to finish the update of the consumed network flow, and meanwhile, the network response is forwarded to a mobile terminal to finish the network access process; and if the occupied flow of the response data packet is larger than the current residual flow, not updating the network flow and returning error information to the terminal.
In the embodiment, two stages of a request and a response of a network access request of a terminal are considered, when the terminal carries out the network access request, the flow control module respectively controls the use flow of the two stages through a preset condition, and then judges whether the terminal is allowed to continue network access, so that the residual flow under each service classification can be ensured not to be a negative value, namely the flow consumed by the network access under each service classification can not exceed a preset value, and the flow control requirement of fine granularity of a user is met.
Further, referring to fig. 6, fig. 6 is a flowchart illustrating a network traffic control method according to a third embodiment of the present invention. Based on the above embodiment, after the step S10, the method may further include:
step S60, obtaining the private IP of the APN card according to the URL address;
step S70, judging whether the APN card is registered according to the private IP;
step S80, if the APN card is not registered, returning error information to the terminal; if the APN card is registered, executing the following steps: and determining the service type of the network access request according to the acquired URL address, wherein the service type is pre-allocated with corresponding network flow.
In this embodiment, the APN card registration includes writing of APN card data, such as real name system information, card number of the APN card and binding information of the private IP. After extracting the private IP from the URL, the flow control module can upload the private IP to a registration server, the registration server detects whether the registration information of the APN card meets preset conditions, for example, real-name registration is required and the card number is bound with the private IP, if the private IP is bound with the APN card and the APN card is real-name registration, the APN card is judged to be registered, at the moment, the registration server returns a registered message to the flow control module, and the flow control module determines the service type of the network access request according to the acquired URL address; otherwise, if the private IP is not bound with the APN card or the APN card is not registered in a real name system, judging that the APN card is not registered, and refusing network access and returning error information to the terminal. Of course, the preset condition of whether the APN card is registered can be flexibly set, for example, only the private IP and the APN card are bound.
Particularly, if the URL acquired by the traffic control module is a registration message, the message is directly sent to the registration server, and the registration server completes registration services such as binding of a private IP and an APN card, so that the mobile terminal can perform network access.
It should be noted that, when the network connection of the terminal is unstable, or when the network reconnection is caused by switching from WIFI to data connection, the private IP, that is, the IP address used by the terminal in the local area network, the terminal needs to upload a registration message to the registration server to complete the binding of the new IP and the card number, because the private IP of the APN card is dynamically allocated by the operator, and the IP change is caused each time the terminal reconnects the network. The flow control module extracts the private IP from the URL to identify which APN card is in network access.
In this embodiment, by binding the card number and the private IP of the APN card and extracting the private IP from the URL address, the APN card that has been registered can be identified, and the network access request of the unregistered APN card is rejected, so that the filtering processing of the network access message can be implemented.
Further, referring to fig. 7, fig. 7 is a flowchart illustrating a network traffic control method according to a fourth embodiment of the present invention. After the step S10, the method may further include:
step S90, judging whether the URL address is in a preset blacklist;
step S100, if the URL address is in a preset blacklist, returning error information to the terminal; if the URL address is not in a preset blacklist, executing the following steps: and determining the service type of the network access request according to the acquired URL address, wherein the service type is pre-allocated with corresponding network flow.
In this embodiment, a blacklist may be set for network access in advance based on a URL address, and after the flow control module acquires the URL address, it may first determine whether the URL address is within the preset blacklist, and if so, deny network access and return an error message to the terminal; if not, determining the service type of the network access request according to the acquired URL address.
According to the embodiment, the blacklist is set for the URL, and the request message is intercepted when the URL accessed by the user is in the blacklist, so that the user can be prevented from accessing some illegal or dangerous websites, the filtering processing of the network access message can be realized, and the network access environment is safer.
The invention also provides a network flow control device.
Referring to fig. 8, fig. 8 is a functional block diagram of a network flow control device according to a first embodiment of the present invention. The device comprises:
a first obtaining module 10, configured to receive a network access request sent by a terminal when using an APN card, and obtain a URL address of the network access request.
The APN card is a network traffic card, and is different from a common SIM (Subscriber identity Module) card in that when a terminal uses the APN card to perform network access, the domain name of the card points to a specific enterprise firewall, so that the terminal can route network traffic to the enterprise firewall through an APN channel every time the terminal uses the APN card, and then network data transmission is performed through an enterprise intranet. In this embodiment, a flow control module is provided in an intranet to implement flow control, flow statistics, and corresponding data forwarding.
Referring to fig. 2, fig. 2 is a schematic diagram of a network system architecture according to various embodiments of the present invention. The network system comprises an APN channel, an enterprise intranet and a public network. The flow control module is arranged in an enterprise intranet, is used as a service to realize communication with a registration server and a Web proxy server respectively, and is used for controlling the flow of each network access request sent by a terminal APP; the registration server is used for binding the private IP and the card number of the APN card and providing registration and query service of the card number; the Web proxy server is used for providing a network information turnover function, for example, when a terminal sends an external resource access request, the request is identified by the proxy server and is replaced by the proxy server as an external request resource, and when the external resource server responds to the access request, the proxy server feeds back a response result to the terminal.
In this embodiment, the mobile terminal may be a mobile phone, a tablet computer, or other device with a network access function. When the terminal uses the APN card to make a network access request, the first obtaining module 10 receives the network access request of the terminal and obtains a URL (Uniform Resource Locator) address of the network access request, that is, a network address, where the network address points to a network information Resource to be accessed by the terminal.
A determining module 20, configured to determine a service type of the network access request according to the obtained URL address, where the service type is pre-allocated with corresponding network traffic;
after the first obtaining module 10 obtains the URL address of the network access request, the determining module 20 determines the service type of the network access request according to the obtained URL address, where the service type is pre-allocated with corresponding network traffic.
In this embodiment, in order to implement fine-grained control of traffic, a person skilled in the art may first classify network services based on URL addresses, where a standard URL generally includes a server type, a host name, a path, and a file name, and the service types may be divided according to different file names, for example, the service types may be divided into basic services (such as text, pictures, and links), entertainment services (such as video and music), download services, and other services. Generally, the traffic consumed by different services has a large difference, for example, the traffic consumed by the text service is small while the traffic consumed by the video service is large, so that the network services are classified and different available traffic is configured according to different service requirements, and the traffic can be controlled more specifically.
And then, storing the service types classified in advance and the usable network flow data configured for each service type in a corresponding storage unit, wherein the storage unit is also used for recording the residual flow in real time. The determining module 20 searches the service classification data in the storage unit according to the URL address, and can further determine the service type of the network access request and the corresponding remaining traffic. It should be noted that, when configuring the available traffic of each service, an enterprise may configure and set default values in a unified manner, and may also implement personalized configuration and modification of available traffic of different services by a user through a terminal-related service, and may make flexible selection in specific implementation.
A first judging module 30, configured to judge whether a remaining traffic currently corresponding to a service type of the network access request meets a preset use condition;
the first determining module 30 determines whether the remaining traffic corresponding to the service type of the network access request currently meets a preset use condition, for example, the remaining traffic corresponding to the service type currently is greater than or equal to the traffic consumed by the network access request as the preset use condition, and if the remaining traffic does not meet the preset use condition, the network access is denied and an error message is returned to the terminal.
And the control module 40 is configured to control the network traffic consumed by the network access request according to the remaining traffic if the remaining traffic currently corresponding to the service type of the network access request meets a preset use condition.
For example, when the service class to which the URL address belongs has remaining traffic and the remaining traffic is greater than or equal to the traffic that needs to be consumed by the current network access request, it is determined that the remaining traffic meets the preset usage condition, and at this time, the control module 40 may send the request to the Web proxy server and automatically deduct the traffic that is consumed by the current network access request from the remaining traffic; of course, how much traffic remains under the current traffic classification can also be displayed to the user through the terminal service, and the user determines whether to continue network access.
In this embodiment, the first obtaining module 10 receives a network access request sent by a terminal when using an APN card, and obtains a URL address of the network access request; the determining module 20 determines the service type of the network access request according to the acquired URL address, where the service type is pre-allocated with corresponding network traffic; the first judging module 30 judges whether the remaining traffic currently corresponding to the service type of the network access request meets a preset use condition; if yes, the control module 40 controls the network traffic consumed by the network access request according to the remaining traffic. In the embodiment, the flow control module is arranged in the enterprise intranet to realize the flow control of the APN card issued by the enterprise, and no additional development is needed for the internal logic of the APP; in addition, in this embodiment, network services are classified by a URL address, an available flow under each service classification of each APN card is configured in advance, when a network access request of a terminal is received, a service type of the network access request is determined by the URL address, and control of the network flow of the access request is implemented by a remaining flow currently corresponding to the service type. In this embodiment, by controlling and limiting the traffic of different network services, more refined control of the APN card usage traffic can be achieved.
Further, referring to fig. 9, fig. 9 is a functional block diagram of a second embodiment of the network flow control device according to the present invention. Based on the embodiment shown in fig. 8, the apparatus further includes:
and the allocating module 50 is used for allocating corresponding network traffic for different service types of the network access request.
As an implementation manner, the allocating module 50 may allocate corresponding network traffic to different service types requested by the network access in real time, for example, obtain the total remaining traffic of the current APN card, and then calculate how much network traffic should be allocated to each service according to a preset percentage of traffic allocated to each service, so as to implement dynamic allocation of network traffic; of course, the allocating module 50 may also allocate corresponding network traffic for different service types of the network access request according to a certain time interval, and may be flexibly configured in the specific implementation.
In this embodiment, the allocating module 50 allocates corresponding network traffic for different service types requested by the network access, so as to implement dynamic allocation of network traffic, that is, the remaining traffic of the current APN card can be fully utilized, and the situation that the remaining traffic of a certain service type is too much to be used is avoided.
Further, referring to fig. 10, fig. 10 is a schematic diagram of a detailed functional module of the first determining module. The first determining module 30 may include:
an obtaining unit 31, configured to obtain an occupied traffic of a request data packet of the network access request, and use a remaining traffic currently corresponding to a service type of the network access request as a first remaining traffic;
a determining unit 32, configured to determine that the first remaining traffic satisfies a preset usage condition if an occupied traffic of the request packet is less than or equal to the first remaining traffic;
the control module 40 is further configured to update the network traffic consumed by the network access request according to the occupied traffic of the request packet.
In this embodiment, since the traffic consumed by the network access request is generally determined by the size of the request packet and the size of the response packet, the obtaining unit 31 may first obtain the request packet of the network access request and calculate the occupied traffic size, the determining unit 32 compares the occupied traffic of the request packet with the remaining traffic under the current corresponding service classification, that is, the first remaining traffic, and if the occupied traffic of the request packet is less than or equal to the first remaining traffic, it is determined that the first remaining traffic meets the preset use condition, at this time, the control module 40 uses the occupied traffic of the request packet as the consumed network traffic to complete the update of the consumed network traffic, and then forwards the network request to the proxy server; if the occupied flow of the request data packet is greater than the current remaining flow, the control module 40 does not update the network flow and returns an error message to the terminal.
Further, with reference to fig. 10 continuously, the obtaining unit 31 is further configured to obtain an occupied traffic of a response packet of the network access request, and use a difference value between the first remaining traffic and the occupied traffic of the request packet as a second remaining traffic;
the determining unit 32 is further configured to determine that the second remaining traffic satisfies a preset use condition if the occupied traffic of the response packet is less than or equal to the second remaining traffic;
the control module 40 is further configured to update the network traffic consumed by the network access request according to the occupied traffic of the response packet.
When receiving a response of network access, the flow control module acquires a response data packet corresponding to the Web server through the proxy server and calculates the occupied flow, meanwhile, the difference value of the occupied flow of the first residual flow and the occupied flow of the request data packet is used as a second residual flow, then the occupied flow of the response data packet is compared with the residual flow under the current corresponding service classification, namely the second residual flow, if the occupied flow of the request data packet is less than or equal to the second residual flow, at the moment, the control module 40 takes the occupied flow of the response data packet as the consumed network flow to finish the updating of the consumed network flow, and meanwhile, the network response is forwarded to the mobile terminal to finish the network access process; and if the occupied flow of the response data packet is larger than the current residual flow, not updating the network flow and returning error information to the terminal.
In the embodiment, two stages of a request and a response of a network access request of a terminal are considered, when the terminal carries out the network access request, the flow control module respectively controls the use flow of the two stages through a preset condition, and then judges whether the terminal is allowed to continue network access, so that the residual flow under each service classification can be ensured not to be a negative value, namely the flow consumed by the network access under each service classification can not exceed a preset value, and the flow control requirement of fine granularity of a user is met.
Further, referring to fig. 11, fig. 11 is a functional block diagram of a third embodiment of the network flow control device according to the present invention. The device further comprises:
a second obtaining module 60, configured to obtain a private IP of the APN card according to the URL address;
a second judging module 70, configured to judge whether the APN card is registered according to the private IP; if not, returning error information to the terminal; if yes, the determining module 20 determines the service type of the network access request according to the obtained URL address, where the service type is pre-allocated with corresponding network traffic;
in this embodiment, the APN card registration includes writing of APN card data, such as real name system information, card number of the APN card and binding information of the private IP. After the second obtaining module 60 extracts the private IP from the URL, the private IP may be uploaded to a registration server, and the registration server detects whether the registration information of the APN card meets a preset condition, for example, it is necessary that the APN card is registered in a real name system and the card number is bound to the private IP, if the private IP is bound to the APN card and the APN card is registered in a real name system, the second determining module 70 determines that the APN card is registered, at this time, the registration server returns the registered information, and the determining module 20 determines the service type of the network access request according to the obtained URL address; otherwise, if the private IP is not bound to the APN card, or the APN card is not registered in a real name system, the determining module 60 determines that the APN card is not registered, and at this time, denies network access and returns an error message to the terminal. Of course, the preset condition of whether the APN card is registered can be flexibly set, for example, only the private IP and the APN card are bound.
Particularly, if the URL acquired by the traffic control module is a registration message, the message is directly sent to the registration server, and the registration server completes registration services such as binding of a private IP and an APN card, so that the mobile terminal can perform network access.
It should be noted that, when the network connection of the terminal is unstable, or when the network reconnection is caused by switching from WIFI to data connection, the private IP, that is, the IP address used by the terminal in the local area network, the terminal needs to upload a registration message to the registration server to complete the binding of the new IP and the card number, because the private IP of the APN card is dynamically allocated by the operator, and the IP change is caused each time the terminal reconnects the network. The flow control module extracts the private IP from the URL to identify which APN card is in network access.
In this embodiment, by binding the card number and the private IP of the APN card and extracting the private IP from the URL address, the APN card that has been registered can be identified, and the network access request of the unregistered APN card is rejected, so that the filtering processing of the network access message can be implemented.
Further, with reference to fig. 11, the second determining module 70 is further configured to determine whether the URL address is in a preset blacklist; if yes, returning error information to the terminal; if not, the determining module 20 determines the service type of the network access request according to the obtained URL address, where the service type is pre-allocated with corresponding network traffic.
In this embodiment, a blacklist may be set for network access in advance based on a URL address, after the flow control module obtains the URL address, the second determining module 70 may first determine whether the URL address is in the preset blacklist, and if so, refuse the network access and return an error message to the terminal; if not, the determining module 20 determines the service type of the network access request according to the obtained URL address.
According to the embodiment, the blacklist is set for the URL, and the request message is intercepted when the URL accessed by the user is in the blacklist, so that the user can be prevented from accessing some illegal or dangerous websites, the filtering processing of the network access message can be realized, and the network access environment is safer.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.

Claims (8)

1. A method for controlling network traffic, the method comprising the steps of:
distributing corresponding network flow for different service types of the network access request;
receiving a network access request sent by a terminal when using an APN card, and acquiring a URL (uniform resource locator) address of the network access request;
determining the service type of the network access request according to the acquired URL address, wherein the service type is pre-allocated with corresponding network flow: the method comprises the following steps: firstly, classifying network services based on URL addresses, wherein standard URLs generally comprise server types, host names, paths and file names, and the service types can be divided according to different file names; then storing the service types classified in advance and the usable network flow data configured for each service type in a corresponding storage unit, wherein the storage unit is also used for recording the residual flow in real time;
judging whether the current corresponding residual flow of the service type of the network access request meets a preset use condition;
and if so, controlling the network flow consumed by the network access request according to the residual flow.
2. The method of claim 1, wherein the step of determining whether the remaining traffic corresponding to the service type of the network access request currently satisfies a preset usage condition comprises:
acquiring occupied flow of a request data packet of the network access request, and taking the residual flow currently corresponding to the service type of the network access request as a first residual flow;
if the occupied flow of the request data packet is less than or equal to the first residual flow, judging that the first residual flow meets a preset use condition;
the step of controlling the network traffic consumed by the network access request according to the remaining traffic comprises:
and updating the network flow consumed by the network access request according to the occupied flow of the request data packet.
3. The method of claim 2, wherein the step of determining whether the remaining traffic corresponding to the service type of the network access request currently satisfies a preset usage condition further comprises:
acquiring the occupied flow of a response data packet of the network access request, and taking the difference value of the occupied flow of the first residual flow and the occupied flow of the request data packet as a second residual flow;
if the occupied flow of the response data packet is less than or equal to the second residual flow, judging that the second residual flow meets a preset use condition;
the step of controlling the network traffic consumed by the network access request according to the remaining traffic further includes:
and updating the network flow consumed by the network access request according to the occupied flow of the response data packet.
4. The method according to any one of claims 1 to 3, wherein the step of obtaining the URL address of the network access request after the step of obtaining the URL address of the network access request sent by the receiving terminal when using the APN card further comprises:
obtaining a private IP of the APN card according to the URL address;
judging whether the APN card is registered according to the private IP;
if not, returning error information to the terminal; if yes, executing the following steps: determining the service type of the network access request according to the acquired URL address, wherein the service type is pre-allocated with corresponding network flow;
or judging whether the URL address is in a preset blacklist or not;
if yes, returning error information to the terminal; if not, executing the following steps: and determining the service type of the network access request according to the acquired URL address, wherein the service type is pre-allocated with corresponding network flow.
5. A network flow control apparatus, the apparatus comprising:
the distribution module is used for distributing corresponding network flow for different service types of the network access request;
the first acquisition module is used for receiving a network access request sent by a terminal when using an APN card and acquiring a URL (uniform resource locator) address of the network access request;
the determining module is used for determining the service type of the network access request according to the acquired URL address, and the service type is pre-allocated with corresponding network flow;
the storage unit is configured to store the service types classified in advance and the usable network flow data configured for each service type in the corresponding storage unit, and the storage unit is also used for recording the residual flow in real time;
the first judging module is used for judging whether the residual flow corresponding to the service type of the network access request currently meets the preset use condition;
and the control module is used for controlling the network flow consumed by the network access request according to the residual flow if the residual flow currently corresponding to the service type of the network access request meets the preset use condition.
6. The apparatus of claim 5, wherein the first determining module comprises:
an obtaining unit, configured to obtain an occupied traffic of a request data packet of the network access request, and use a remaining traffic currently corresponding to a service type of the network access request as a first remaining traffic;
a determining unit, configured to determine that the first remaining traffic satisfies a preset usage condition if an occupied traffic of the request packet is less than or equal to the first remaining traffic;
the control module is further configured to update the network traffic consumed by the network access request according to the occupied traffic of the request packet.
7. The apparatus of claim 6,
the obtaining unit is further configured to obtain an occupied traffic of a response packet of the network access request, and use a difference value between the first remaining traffic and the occupied traffic of the request packet as a second remaining traffic;
the determining unit is further configured to determine that the second remaining traffic satisfies a preset use condition if the occupied traffic of the response packet is less than or equal to the second remaining traffic;
the control module is further configured to update the network traffic consumed by the network access request according to the occupied traffic of the response packet.
8. The apparatus of any of claims 5 to 7, further comprising:
the second acquisition module is used for acquiring the private IP of the APN card according to the URL address;
the second judgment module is used for judging whether the APN card is registered according to the private IP; if not, returning error information to the terminal; if yes, a determining module determines the service type of the network access request according to the acquired URL address, wherein the service type is pre-allocated with corresponding network flow;
or, the second judging module is further configured to judge whether the URL address is in a preset blacklist; if yes, returning error information to the terminal; if not, the determining module determines the service type of the network access request according to the acquired URL address, and the service type is pre-allocated with corresponding network flow.
CN201610701581.0A 2016-08-22 2016-08-22 Network flow control method and device Active CN106330778B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610701581.0A CN106330778B (en) 2016-08-22 2016-08-22 Network flow control method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610701581.0A CN106330778B (en) 2016-08-22 2016-08-22 Network flow control method and device

Publications (2)

Publication Number Publication Date
CN106330778A CN106330778A (en) 2017-01-11
CN106330778B true CN106330778B (en) 2020-01-24

Family

ID=57742657

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610701581.0A Active CN106330778B (en) 2016-08-22 2016-08-22 Network flow control method and device

Country Status (1)

Country Link
CN (1) CN106330778B (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108462962B (en) * 2017-02-20 2021-02-05 中国移动通信集团公司 Method and device for connecting access point
CN106982167A (en) * 2017-04-19 2017-07-25 深圳金三立视频科技股份有限公司 Flow managing method and its system
CN107181625B (en) * 2017-07-12 2020-03-10 微鲸科技有限公司 Data service providing method and device
CN110417717B (en) * 2018-12-06 2021-12-14 腾讯科技(深圳)有限公司 Login behavior identification method and device
CN112995052B (en) * 2021-04-25 2021-08-06 北京世纪好未来教育科技有限公司 Flow control method and related device
CN113709060B (en) * 2021-08-27 2022-08-12 南京邮电大学 Mobile phone short video flow delay control method and system based on big data
CN114172902B (en) * 2021-11-12 2024-05-14 北京达佳互联信息技术有限公司 Flow control method and system for service cluster
CN114448491B (en) * 2021-12-20 2023-10-31 中国电信股份有限公司卫星通信分公司 Method and system for reducing terminal loss flow under satellite ocean broadband communication network

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101820420A (en) * 2010-03-23 2010-09-01 宇龙计算机通信科技(深圳)有限公司 Method and system for controlling traffic in streaming media transmission, and streaming media server
CN104052681A (en) * 2014-06-25 2014-09-17 中国联合网络通信集团有限公司 Flow control method and device
CN104768188A (en) * 2015-04-23 2015-07-08 杭州华三通信技术有限公司 Flow control method and device
CN105101270A (en) * 2014-05-12 2015-11-25 宇龙计算机通信科技(深圳)有限公司 Traffic managing device and traffic managing method for terminal

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7554983B1 (en) * 2004-12-20 2009-06-30 Packeteer, Inc. Probing hosts against network application profiles to facilitate classification of network traffic
US7580356B1 (en) * 2005-06-24 2009-08-25 Packeteer, Inc. Method and system for dynamically capturing flow traffic data
US8020206B2 (en) * 2006-07-10 2011-09-13 Websense, Inc. System and method of analyzing web content
CN101715182B (en) * 2009-11-30 2012-11-21 中国移动通信集团浙江有限公司 Method, system and device for controlling traffic
CN102088754B (en) * 2010-12-06 2013-11-13 中国人民解放军信息工程大学 Network access behavior-based access control method and system for wireless local area network
CN104380783B (en) * 2013-06-09 2018-10-19 华为技术有限公司 A kind of method, apparatus and system of flow monitoring
JP6414855B2 (en) * 2013-11-06 2018-10-31 華為終端(東莞)有限公司 Page operation processing method and apparatus, and terminal
CN104243182A (en) * 2014-09-30 2014-12-24 中国联合网络通信集团有限公司 Directional traffic charging method and directional traffic charging system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101820420A (en) * 2010-03-23 2010-09-01 宇龙计算机通信科技(深圳)有限公司 Method and system for controlling traffic in streaming media transmission, and streaming media server
CN105101270A (en) * 2014-05-12 2015-11-25 宇龙计算机通信科技(深圳)有限公司 Traffic managing device and traffic managing method for terminal
CN104052681A (en) * 2014-06-25 2014-09-17 中国联合网络通信集团有限公司 Flow control method and device
CN104768188A (en) * 2015-04-23 2015-07-08 杭州华三通信技术有限公司 Flow control method and device

Also Published As

Publication number Publication date
CN106330778A (en) 2017-01-11

Similar Documents

Publication Publication Date Title
CN106330778B (en) Network flow control method and device
CN110769039B (en) Resource scheduling method and device, electronic equipment and computer readable storage medium
CN105759937B (en) Method for reducing power consumption of terminal and terminal
CN108024270B (en) Information sending method, unit and system
EP3481033A1 (en) Base station, and method, apparatus and system for responding to access request
DE112016000711T5 (en) Dynamic subscriber identity module
US20170264592A1 (en) Methods and systems for secure network service
CN105934960B (en) Mobile device traffic management
US11044729B2 (en) Function scheduling method, device, and system
CN111885733B (en) Resource allocation method, device, storage medium and network equipment
CN107517211A (en) The processing method of the acquisition methods of configuration information, system and configuration information
CN103718602A (en) Quality of service for serving node and method
CN110868339A (en) Node distribution method and device, electronic equipment and readable storage medium
CN108574965B (en) Method and equipment for processing request
CN114079933A (en) Network slice management system, application server and terminal equipment
CN111050355B (en) Method, device and system for dynamically adjusting Qos of mobile terminal
US8719927B2 (en) Data filtering by using a communication device including an interface on a display showing a domain name
CN106604278B (en) Multi-authority mobile network sharing method
US10505811B2 (en) Multi-terminal interaction relation maintenance system and method
KR20180040390A (en) Apparatus for advertising interception and control method thereof
US11316580B2 (en) Communication system, relay server, communication method and program
CN102891900A (en) Domain name resolution method, device and system during traffic offloading
JP2014204298A (en) Communication system, gateway and policy control device
KR20130094367A (en) Network traffic reduction function embedded wireless terminal device and method for the network traffic reduction, recording medium
FI114597B (en) Procedure for logging in

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address

Address after: 518000 1402, building 1, Chongwen Park, Nanshan wisdom Park, 3370 Liuxian Avenue, Fuguang community, Taoyuan Street, Nanshan District, Shenzhen, Guangdong Province

Patentee after: Shenzhen Guanglian Saixun Co.,Ltd.

Address before: Room 701, unit 3, building C, Kexing Science Park, No. 15, Keyuan Road, high tech park, Nanshan District, Shenzhen City, Guangdong Province

Patentee before: SHENZHEN AUTONET Co.,Ltd.

CP03 Change of name, title or address
TR01 Transfer of patent right

Effective date of registration: 20221114

Address after: 518000 1404, building 1, Chongwen Park, Nanshan Zhiyuan, No. 3370 Liuxian Avenue, Fuguang community, Taoyuan Street, Nanshan District, Shenzhen, Guangdong

Patentee after: Shenzhen Guanglian Digital Technology Co.,Ltd.

Address before: 518000 1402, building 1, Chongwen Park, Nanshan wisdom Park, 3370 Liuxian Avenue, Fuguang community, Taoyuan Street, Nanshan District, Shenzhen, Guangdong Province

Patentee before: Shenzhen Guanglian Saixun Co.,Ltd.

TR01 Transfer of patent right