CN108429624A - A kind of QOS dynamic adjusting methods, equipment and system - Google Patents

A kind of QOS dynamic adjusting methods, equipment and system Download PDF

Info

Publication number
CN108429624A
CN108429624A CN201611191835.5A CN201611191835A CN108429624A CN 108429624 A CN108429624 A CN 108429624A CN 201611191835 A CN201611191835 A CN 201611191835A CN 108429624 A CN108429624 A CN 108429624A
Authority
CN
China
Prior art keywords
user
behavior
security gateway
internet
internet security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201611191835.5A
Other languages
Chinese (zh)
Other versions
CN108429624B (en
Inventor
余刚
代述见
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Maipu Communication Technology Co Ltd
Original Assignee
Maipu Communication Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Maipu Communication Technology Co Ltd filed Critical Maipu Communication Technology Co Ltd
Priority to CN201611191835.5A priority Critical patent/CN108429624B/en
Publication of CN108429624A publication Critical patent/CN108429624A/en
Application granted granted Critical
Publication of CN108429624B publication Critical patent/CN108429624B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/50Network service management, e.g. ensuring proper service fulfilment according to agreements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Abstract

The invention discloses a kind of QOS dynamic adjusting methods, equipment and systems, are related to network communication field, including:Internet security gateway is based on network egress band width configuration classification QOS strategies;Extract current online user number in network;Identify user right;Receive the user behavior label based on user's internet behavior;In conjunction with current online user number, user right and user behavior indicia matched in network and execute configured corresponding level QOS strategy.It realizes and is meeting to can further promote user's online experience while the progress management and control of user's internet behavior and limitation, the service on net of differentiation is embodied for different users.And existing network bandwidth can be efficiently used, the waste of network bandwidth is avoided, to save network bandwidth cost for service on net provider.

Description

A kind of QOS dynamic adjusting methods, equipment and system
Technical field
The invention belongs to network communication field more particularly to a kind of QOS dynamic adjusting methods based on user's internet behavior, Equipment and system.
Background technology
The network communication equipments such as interchanger, router, the egress gateways of current nearly all network equipment vendor are all branch Hold service quality (Quality of Service, abbreviation QOS) function.Also all be support based on source IP address, user group, VLAN, period and application type etc. realize that QOS functions limit the upstream and downstream bandwidth of user, i.e., to the online row of user To be controlled.But the realization of the QOS technologies of the prior art is limitation user's internet behavior and inhibits user's online experience, It is also simultaneously static, unless human intervention, otherwise the execution of QOS strategies is also changeless.However in real network In use environment, Internet user's number, user's internet behavior, bandwidth practical efficiency etc. often will not be according to network administrator'ss Progress is preset, and network administrator is also impossible to be monitored to manually adjust QOS plans in real time to Internet Use Slightly.And when Internet user's number deficiency, the practical efficiency of network bandwidth is relatively low;And when most of user is executing When the internet behaviors such as Online Video/download, network bandwidth is often again not enough.Therefore, how to realize real-time according to network Service condition surfs the Internet hobby dynamically to adjust QOS strategies to improve the utilization rate of network bandwidth according to user, while promoting user Online experience is a problem to be solved.
Invention content
A kind of QOS dynamic adjusting methods of present invention offer, equipment and system, to solve QOS strategies in the prior art Limitation user's internet behavior simultaneously inhibits user's online experience, and QOS strategy executions are all statics, unless human intervention, no Then the execution of QOS strategies is also the problem of immobilizing.
Based on above-mentioned purpose, in a first aspect, an embodiment of the present invention provides a kind of QOS dynamic adjusting methods, the method Including:
Internet security gateway is based on network egress band width configuration classification QOS strategies;
The internet security gateway extracts after receiving the Portal confirmation messages that Portal server is sent in network Current online user number;
The internet security gateway receives basis after the Radius authenticate-acknowledge messages that certification authority server is sent The Radius authenticate-acknowledges message identifies user right;
The internet security gateway sends user behavior tag query request message, data analysis to Data Analysis Platform Platform is sent to the internet security gateway based on user's online after receiving the user behavior tag query request message The user behavior of behavior marks;
Current online user number, user right and user behavior label in the internet security gateway combination network Match and execute the QOS strategies of configured corresponding level.
Second aspect, an embodiment of the present invention provides a kind of QOS dynamic adjusting methods, are applied to internet security gateway In, including:
Based on network egress band width configuration classification QOS strategies;
Current online user number in network is extracted after receiving the Portal confirmation messages of Portal server transmission;
After the Radius authenticate-acknowledge messages for receiving certification authority server transmission, according to the Radius authenticate-acknowledges Message identifies user right;
User behavior tag query request message is sent to Data Analysis Platform, and receives the Data Analysis Platform and sends User behavior label;
In conjunction with current online user number, user right and user behavior indicia matched in network and execute configured pair Answer the QOS strategies of rank.
The third aspect, an embodiment of the present invention provides a kind of QOS dynamic adjusting methods, are applied in Data Analysis Platform, It is sent to the internet security gateway after receiving the user behavior tag query request message of internet security gateway transmission User behavior label based on user's internet behavior;
The behavior auditing daily record sent to the internet security gateway is analyzed, and is formed based on user's internet behavior User behavior marks, and the user behavior is marked deposit local data base in real time.
Fourth aspect, an embodiment of the present invention provides a kind of QOS dynamic adjusting methods, are applied to certification authority server In, the user name of typing higher-level user in the database in advance, after Radius certifications success, to the internet security gateway Send Radius authenticate-acknowledge messages;
Receive the Radius certification requests that the internet security gateway is sent.
5th aspect, an embodiment of the present invention provides a kind of internet security gateways, including:Dispensing unit, transmission unit And receiving unit,
The dispensing unit, for based on network egress band width configuration classification QOS strategies;
The receiving unit, the Portal confirmation messages for receiving Portal server transmission;
The dispensing unit is additionally operable to the current online user number from extraction network in the Portal confirmation messages;
The receiving unit is additionally operable to receive the Radius authenticate-acknowledge messages that certification authority server is sent;It is described to match Unit is set, is additionally operable to identify user right according to the Radius authenticate-acknowledges message;
The transmission unit, for sending user behavior tag query request message to Data Analysis Platform;
The receiving unit is additionally operable to receive the user behavior label that the Data Analysis Platform is sent;
The dispensing unit is additionally operable to combine current online user number in network, user right and user behavior label Match and execute the QOS strategies of configured corresponding level.
6th aspect, an embodiment of the present invention provides a kind of Data Analysis Platforms, including:Receiving unit, transmission unit and Analytic unit,
The receiving unit, the user behavior tag query request message for receiving the transmission of internet security gateway;
The transmission unit, for sending the user behavior mark based on user's internet behavior to the internet security gateway Note;
The analytic unit, the behavior auditing daily record for being sent to the internet security gateway are analyzed, and are formed User behavior label based on user's internet behavior, and the user behavior is marked into deposit local data base in real time.
7th aspect, an embodiment of the present invention provides a kind of certification authority servers, including:Setting unit, transmission unit And receiving unit,
The setting unit, the user name for advance typing higher-level user in the database;
The transmission unit sends Radius authenticate-acknowledges after Radius certifications success to internet security gateway Message;
The receiving unit, the Radius certification requests sent for receiving the internet security gateway.
Eighth aspect, an embodiment of the present invention provides a kind of QOS dynamic debugging systems, the system includes at least the 5th side The Data Analysis Platform described in internet security gateway, the 6th aspect described in face and the Certificate Authority service described in the 7th aspect Device.
Beneficial effects of the present invention are:It can be further while meeting and carrying out management and control and limitation to user's internet behavior User's online experience is promoted, the service on net of differentiation is embodied for different users.And existing network can be efficiently used Bandwidth avoids the waste of network bandwidth, to save network bandwidth cost for service on net provider.
Description of the drawings
Fig. 1 is a kind of network environment figure of QOS dynamic debugging systems provided in an embodiment of the present invention;
Fig. 2 is a kind of method flow diagram of QOS dynamic adjusting methods provided in an embodiment of the present invention;
Fig. 3 is that QOS when user provided in an embodiment of the present invention access is reached the standard grade matches flow chart;
Fig. 4 is that QOS when user offline provided in an embodiment of the present invention exits matches flow chart;
Fig. 5 is a kind of internet security gateway architecture schematic diagram provided in an embodiment of the present invention;
Fig. 6 is a kind of Data Analysis Platform structural schematic diagram provided in an embodiment of the present invention;
Fig. 7 is a kind of certification authority server structural schematic diagram provided in an embodiment of the present invention.
Specific implementation mode
To make technical scheme of the present invention be more clearly understood, the present invention is described in further details in conjunction with attached drawing:
An embodiment of the present invention provides a kind of QOS dynamic adjusting methods, equipment and systems, to solve in the prior art QOS strategies limit user's internet behavior and inhibit user's online experience, and QOS strategy executions are all statics, except non-artificial Intervene, the otherwise execution of QOS strategies is also the problem of immobilizing.
The embodiment of the present invention provides a kind of QOS dynamic debugging systems, which carries out pipe in satisfaction to user's internet behavior User's online experience can be further promoted while control and limitation, the service on net of differentiation is embodied for different users. And existing network bandwidth can be efficiently used, the waste of network bandwidth is avoided, to save network for service on net provider Bandwidth cost.As shown in Figure 1, the QOS dynamic debugging systems of the embodiment of the present invention include internet security gateway (Internet Security Gateway, abbreviation ISG), certification authority server (Authentication Authorization Server, Abbreviation AAS), Portal server and Data Analysis Platform (Date Analysis Plat, abbreviation DSP), for convenience of explanation The present invention, the system can further include Content Management Platform (Content Management Plat, abbreviation CMP), end End and access point (Access Point, abbreviation AP), in the system shown in figure 1, certification authority server, Portal services Preset built-in interface between device, Content Management Platform and Data Analysis Platform, it is certification authority server, Portal server, interior Hold and information exchange is carried out by preset built-in interface between management platform and Data Analysis Platform.
In embodiments of the present invention, the realization process of dynamic adjustment QOS strategies is:
First, the behavior label based on user's internet behavior is pre-defined in DSP, such as pre-defined two behaviors label Mark1 and Mark2, wherein behavior marks Mark1 to indicate that the internet behavior of user is mainly Online Video or download;Behavior mark Remember that Mark2 indicates that the internet behavior of user is mainly non-Online Video or download.High-level (the letter of typing in the database in advance Claim:VIP) the user name (such as cell-phone number) of user, the user right marker bit that can preset VIP user is 1, common to use The marker bit of the user right at family is 0.After Radius certifications success, certification authority server passes through Radius authenticate-acknowledge reports User right marker bit is returned to ISG by text.ISG is identified according to the user right marker bit in Radius authenticate-acknowledge messages and is used Family permission, and Radius authentication results are packaged into Portal messages and return to Portal server, Portal server statistics Real-time online user's number can indicate current online user number in network with setting flag position, such as current only unique An access authentication of user success, then will be sent to the Portal messages of ISG mark position be 1, be otherwise set to 0 and (deposit In multiple online users).Portal server receive ISG transmission Portal messages after to ISG send Portal confirmation messages, Online user's number information is carried in the Portal confirmation messages.
ISG is classified QOS strategies (such as tactful, the L1- here that is divided into L1-L12 grade QOS according to network egress band width configuration L12 grades of QOS strategies correspond to the bandwidth value of different stage respectively, and the corresponding bandwidth value of each rank is configurable, and can be with Maximum bandwidth is configured simultaneously and ensures bandwidth), and according to current online user number, user right and user behavior mark in network Remember that this three elements matches and executes the QOS strategies of configured corresponding level.Such as:When accessing user is currently the only online and is It is matched when ordinary user and executes L1QOS strategies;When accessing user is currently the only online and to match and executing when VIP user L2QOS strategies;When accessing user is not currently the only online and for L3QOS strategies are matched and executed when ordinary user;Work as access User is not currently the only online and for L4QOS strategies is matched and executed when VIP user;When accessing user is currently the only online And behavior is labeled as the L5QOS strategies of the ordinary user of Mark1;When accessing user is that currently the only online and behavior is labeled as It is matched when the VIP user of Mark1 and executes L6QOS strategies;When accessing user is that currently the only online and behavior is labeled as Mark2 Ordinary user when match and execute L7QOS strategy;When accessing user is that currently the only online and behavior is labeled as Mark2 It is matched when VIP user and executes L8QOS strategies;When accessing user is not that currently the only online and behavior is labeled as the general of Mark1 It is matched when general family and executes L9QOS strategies;When accessing user is not the VIP that currently the only online and behavior is labeled as Mark1 It is matched when user and executes L10QOS strategies;When accessing user is not that currently the only online and behavior is labeled as the common of Mark2 It is matched when user and executes L11QOS strategies;When accessing user is not that currently the only online and behavior is used labeled as the VIP of Mark2 The L12QOS strategies for matching and executing when family.
User terminal for the first time access authentication when, complete for the first time access authentication procedure specifically include:ISG is to user terminal requests HTTP GET messages intercepted, while to user terminal complete the 1st time 302 redirection, herein 302 redirect (302redirect) is also referred to as 302 and represents temporary transfer (Temporarily Moved), also referred to as temporarily redirects (Temporarily Redirect), one shows that browser is required to show different URL to the instruction of web browser, It is used when a webpage lives through short-term URL variations, it is a kind of redirection of server end that one, which temporarily redirects, can Searched engine properly processes.
User terminal accesses new target URL after receiving the 1st time 302 redirection, that is, accesses Portal server;Portal After server receives the access request of user terminal, 2 times 302 redirections are completed to user terminal.User terminal receives the 2nd time New target URL is accessed after 302 redirections, that is, accesses CMP, it is specified to user terminal push after CMP receives user terminal requests Certification page.After user terminal renders certification page by browser, user name+encrypted message is submitted by the page;CMP After the user name+encrypted message for receiving user terminal submission, which is also passed to simultaneously Portal server;User name+encrypted message is passed to ISG by Portal server by Portal authentication request packets;ISG User name+encrypted message is extracted after receiving Portal authentication request packets, and initiates Radius to certification authority server simultaneously Certification request.Certification authority server is weighed the Radius authentication results of the user and user by Radius authenticate-acknowledges message Limit information passes to ISG, and ISG determines whether the user that lets pass according to the Radius authentication results, while according to Radius certifications User right marker bit in confirmation message identifies the user right (ordinary user or VIP user).ISG services Certificate Authority User's Radius authentication results of device feedback, which are encapsulated in Portal messages, is sent to Portal server, and Portal server is received Portal confirmation messages are sent to ISG after to the Portal messages, online user's number letter is carried in the Portal confirmation messages Breath;ISG receives the Portal confirmation messages of Portal server transmission, extracts the online user in the Portal confirmation messages Number information judges that the user is currently the only online user or is not current to judge current online user number in network Unique online user.ISG sends user behavior tag query request message to DSP, and DSP receives the user behavior tag query and asks ISG will be returned to after seeking message based on the behavior of user's internet behavior label.When the 1st access of user, the behavior of DSP returns Tag query result is sky.After ISG receives the user behavior tag query response message of DSP transmissions, extraction is based on the user The user behavior label Mark1 or Mark2 of internet behavior is sky;And it combines in the network of the extraction in Portal confirmation messages It current online user number and is matched according to the user right identified in Radius authenticate-acknowledge messages and executes configured pair Answer the QOS strategies of rank.In user's access authentication for the first time, current online user number in ISG combination networks, user right and User behavior indicia matched simultaneously executes certain level-one QOS strategies in L1 to L4.
After user's access authentication success for the first time, according to normal access network itself is liked, ISG carries out user's internet behavior Behavior auditing daily record is generated after audit is sent to DSP.DSP carries out analyzing processing according to the behavior auditing daily record that ISG is sent, and is formed User behavior based on user online marks Mark1 or Mark2, and in real time by the user behavior based on user's internet behavior Label is stored in local data base in a covered manner.
User again access authentication when, specific verification process and access authentication for the first time realize that process is identical, only exist User again access authentication when, current online user number, user right and user behavior indicia matched be simultaneously in ISG combination networks Execute certain level-one QOS strategies in L5~L12.
If there is new user accesses, the access authentication of new user is completed still according to above-mentioned verification process, ISG is according to the use The QOS strategies of a certain rank in the newest online user's number in family, user right and user behavior indicia matched L1~L12.
When the arbitrary user of random time accesses or exits, ISG can be directed to current online user number, user in network Permission and user behavior mark these three elements actively to initiate inquiry or passively receive fresh information, if current online in network Any one element information updates in three user's number, user right and user behavior label elements, and ISG can be currently to exist Line user matches the QOS strategies of new L1~L12 again.
Embodiment 1
An embodiment of the present invention provides a kind of QOS dynamic adjusting methods, are applied to the above-mentioned QOS dynamic debugging systems of the present invention In, as shown in Fig. 2, the method includes:
Step 201, internet security gateway are based on network egress band width configuration classification QOS strategies;
Step 202, the internet security gateway carry after receiving the Portal confirmation messages that Portal server is sent Current online user number in network is taken, in this step, current online use in network is included in the Portal confirmation messages Family number information.
Step 203, the internet security gateway receive the Radius authenticate-acknowledge reports of certification authority server transmission User right is identified according to the Radius authenticate-acknowledges message after text;
Step 204, the internet security gateway send user behavior tag query request message to Data Analysis Platform, Data Analysis Platform is based on after receiving the user behavior tag query request message to internet security gateway transmission The user behavior of user's internet behavior marks;
Current online user number, user right and user's row in step 205, the internet security gateway combination network For indicia matched and execute configured corresponding level QOS strategy.
Further, network egress band width configuration classification QOS strategies are based in the internet security gateway of step 201 Before, method provided in an embodiment of the present invention further includes:
The user behavior label surfed the Internet based on user is predefined in Data Analysis Platform;
After the normal access network of user's access authentication success for the first time, internet behavior of the internet security gateway to user Generate behavior auditing daily record after being audited and be sent to Data Analysis Platform, Data Analysis Platform to the behavior auditing daily record into Row analysis forms the user behavior label based on user's internet behavior, and marks deposit local the user behavior in real time Database;
The certification authority server user name of typing higher-level user in the database in advance, the internet security gateway To the certification authority server initiate Radius certification requests, Radius certifications success after, the certification authority server to The internet security gateway sends Radius authenticate-acknowledge messages.
It further illustrates by way of example below when user's access is reached the standard grade using the QOS dynamics described in the embodiment of the present invention The QOS matching process of method of adjustment, as shown in figure 3, specifically matching flow includes:
ISG is tactful according to the QOS of network egress band width configuration L1-L12, and specifically sets each rank QOS strategies most Big bandwidth and guarantee bandwidth, maximum bandwidth and guarantee bandwidth are configurable, and such as when outlet bandwidth is X, configuration L1QOS is most Big bandwidth 60%X ensures bandwidth 30%X;L2QOS maximum bandwidths 80%X ensures bandwidth 50%X;L3QOS maximum bandwidths 40%X is protected Hinder bandwidth 15%X;L4QOS maximum bandwidths 60%X ensures bandwidth 25%X etc., configures in order maximum bandwidth and the guarantee of L1-L12 Bandwidth, specific band width configuration situation can be selected to set, no longer enumerated here according to practical application scene.In figure 3, AP can broadcast out specified wireless SSID as radio reception device, and user connects wireless SSID using mobile terminal and accesses net Network;And arbitrary outer net is accessed by terminal browser;ISG intercepts the HTTP GET messages that user asks, at the same to Family terminal completes the 1st time 302 redirection;User terminal accesses Portal server after receiving the 1st time 302 redirection; After Portal server receives the access request of user terminal, the 2nd time 302 redirection is completed to user terminal;User terminal It receives the 2nd time 302 and accesses CMP after redirecting;After CMP receives the certification request of user terminal, refer to user terminal push Determine certification page;User terminal submits user name+encrypted message by the certification page that browser renders;CMP receives use After user name+encrypted message that family terminal is submitted, which is transmitted into AAS, while being also passed to Portal server;Portal User name+encrypted message is passed to ISG by server by Portal authentication request packets;ISG receives Portal certifications and asks User name+encrypted message is extracted after seeking message, and initiates Radius certification requests to AAS simultaneously;AAS is by the Radius of the user Authentication result is sent to ISG by Radius authenticate-acknowledge messages, and ISG should to determine whether to let pass according to Radius authentication results User, while (ordinary user or VIP are used according to the user right marker bit identification user right in Radius authenticate-acknowledge messages Family);ISG is sent to Portal server after user's Radius authentication results that AAS is fed back are encapsulated as Portal messages, Portal server receives and sends Portal confirmation messages to ISG after the Portal messages, is taken in the Portal confirmation messages Band online user's number information;ISG extract Portal confirmation messages in current online user number information, with determine in network when Preceding online user's number;Meanwhile ISG sends user behavior tag query request message to DSP, DSP receives the user behavior mark Response message will be marked to be sent to by user behavior based on the behavior of user's internet behavior label after note inquiry request message ISG;ISG receive the user behavior label response message after, extract the user user behavior label Mark1 or Mark2 or For sky;According to the above process, ISG understand that current online user number in network, user right and user behavior label This 3 elements, to which, ISG according to this 3 Match of elemental composition and can execute the QOS plans of corresponding level configured in L1~L12 Slightly.User's access authentication success for the first time is normal to access network, and ISG generates user's row in real time after auditing to user's internet behavior It is sent to DSP for audit log.DSP carries out analyzing processing to the user behavior audit log that ISG is sent, and is formed based on user The user behavior of net marks Mark1 or Mark2, and active user behavior label is stored in local data base in a covered manner.
It is adjusted using the QOS dynamics described in the embodiment of the present invention when further illustrating offline exit by way of example below The QOS matching process of method, as shown in figure 4, specifically matching flow includes:
User is actively offline to exit (as clicked certification page【It exits】Button), user offline exits information real-time delivery To CMP;CMP will receive the user offline and exit information real-time delivery to Portal server;Portal server receives User offline request message is sent to ISG by Portal messages after user offline information;ISG receives user offline request report Literary backward Portal server is returned to user offline success message;ISG sends online user to Portal server simultaneously Number inquiry request message;Portal server returns to query result message to ISG;ISG is sent to be surfed the Internet based on user to DSP and be gone For user behavior tag query request message and receive DSP return user behavior mark response message;For current online User, ISG will be according to newest online user's number, original subscriber's permission and the newest user behavior marks based on user's internet behavior Online user is denoted as to match again and execute configured L1~L12QOS strategies;Current still online user continues according to certainly Body hobby accesses arbitrary network resource;ISG continues to after user's internet behavior progress behavior auditing that behavior auditing daily record is real-time It is sent to DSP;User's internet behavior audit log that DSP is reported according to ISG is analyzed, is handled, and is formed and is surfed the Internet based on user The behavior of behavior marks Mark1 or Mark2, and result is stored in local data base.
QOS dynamic adjusting methods described in the embodiment of the present invention are meeting to the progress management and control of user's internet behavior and limitation User's online experience can be further promoted simultaneously, the service on net of differentiation is embodied for different users.And can have Effect utilizes existing network bandwidth, avoids the waste of network bandwidth, to save network bandwidth cost for service on net provider.
Embodiment 2
An embodiment of the present invention provides a kind of internet security gateways, as shown in figure 5, internet security gateway 50 includes: Dispensing unit 501, transmission unit 502 and receiving unit 503,
The dispensing unit 501, for based on network egress band width configuration classification QOS strategies;
The receiving unit 503, the Portal confirmation messages for receiving Portal server transmission;
The dispensing unit 501 is additionally operable to a from current online user in network is extracted in the Portal confirmation messages Number;
The receiving unit 503 is additionally operable to receive the Radius authenticate-acknowledge messages that certification authority server is sent;
The dispensing unit 501 is additionally operable to identify user right according to the Radius authenticate-acknowledges message;
The transmission unit 502, for sending user behavior tag query request message to Data Analysis Platform;
The receiving unit 503 is additionally operable to receive the user behavior label that the Data Analysis Platform is sent;
The dispensing unit 501 is additionally operable to combine current online user number, user right and user behavior mark in network Note matches and executes the QOS strategies of configured corresponding level.
The transmission unit 502 is additionally operable to after the normal access network of user's access authentication success for the first time, to the upper of user Net behavior generates behavior auditing daily record after being audited and is sent to Data Analysis Platform.
Embodiment 3
An embodiment of the present invention provides a kind of Data Analysis Platforms, as shown in fig. 6, Data Analysis Platform 60 includes:It receives Unit 601, transmission unit 602 and analytic unit 603,
The receiving unit 601, the user behavior tag query request message for receiving the transmission of internet security gateway;
The transmission unit 602, for sending user's row based on user's internet behavior to the internet security gateway For label;
The analytic unit 603, the behavior auditing daily record for being sent to the internet security gateway are analyzed, shape At the user behavior label based on user's internet behavior, and the user behavior is marked into deposit local data base in real time.
Embodiment 4
An embodiment of the present invention provides a kind of certification authority servers, as shown in fig. 7, certification authority server 70 includes: Setting unit 701, transmission unit 702 and receiving unit 703,
The setting unit 701, the user name for advance typing higher-level user in the database;
It is true to send Radius certifications after Radius certifications success to internet security gateway for the transmission unit 702 Recognize message;
The receiving unit 703, the Radius certification requests sent for receiving the internet security gateway.
Embodiment 5
An embodiment of the present invention provides a kind of QOS dynamic debugging systems, the system includes at least mutual described in embodiment 2 The certification authority server networked described in security gateway, Data Analysis Platform described in embodiment 3 and embodiment 4.
The embodiment of the present invention is meeting to can further promote use while the progress management and control of user's internet behavior and limitation Family online experience embodies the service on net of differentiation for different users.And existing network bandwidth can be efficiently used, is kept away Exempt from the waste of network bandwidth, to save network bandwidth cost for service on net provider.
The above description is merely a specific embodiment, but scope of protection of the present invention is not limited thereto, any Those familiar with the art in the technical scope disclosed by the present invention, can easily think of the change or the replacement, and should all contain Lid is within protection scope of the present invention.Therefore, protection scope of the present invention should be based on the protection scope of the described claims.

Claims (11)

1. a kind of QOS dynamic adjusting methods, which is characterized in that the method includes:
Internet security gateway is based on network egress band width configuration classification QOS strategies;
The internet security gateway extracts in network currently after receiving the Portal confirmation messages that Portal server is sent Online user's number;
The internet security gateway receive certification authority server transmission Radius authenticate-acknowledge messages after according to described in Radius authenticate-acknowledge messages identify user right;
The internet security gateway sends user behavior tag query request message, Data Analysis Platform to Data Analysis Platform It is sent to the internet security gateway based on user online row after receiving the user behavior tag query request message For user behavior label;
Current online user number, user right and user behavior indicia matched be simultaneously in the internet security gateway combination network Execute the QOS strategies of configured corresponding level.
2. according to the method described in claim 1, it is characterized in that, being based on network egress bandwidth in the internet security gateway Before configuration classification QOS strategies, the method further includes:
The user behavior label surfed the Internet based on user is predefined in Data Analysis Platform;
After the normal access network of user's access authentication success for the first time, the internet security gateway carries out the internet behavior of user Behavior auditing daily record is generated after audit and is sent to Data Analysis Platform, and Data Analysis Platform divides the behavior auditing daily record Analysis forms the user behavior label based on user's internet behavior, and the user behavior is marked deposit local data in real time Library;
The certification authority server user name of typing higher-level user in the database in advance, the internet security gateway is to institute It states certification authority server and initiates Radius certification requests, after Radius certifications success, the certification authority server is to described Internet security gateway sends Radius authenticate-acknowledge messages.
3. a kind of QOS dynamic adjusting methods are applied in internet security gateway, which is characterized in that including:
Based on network egress band width configuration classification QOS strategies;
Current online user number in network is extracted after receiving the Portal confirmation messages of Portal server transmission;
After the Radius authenticate-acknowledge messages for receiving certification authority server transmission, according to the Radius authenticate-acknowledges message Identify user right;
User behavior tag query request message is sent to Data Analysis Platform, and receives the use that the Data Analysis Platform is sent Family behavior label;
In conjunction with current online user number, user right and user behavior indicia matched in network and execute configured respective stages Other QOS strategies.
4. according to the method described in claim 3, it is characterized in that,
After the normal access network of user's access authentication success for the first time, the behavior that generated after auditing to the internet behavior of user is examined Meter daily record is sent to Data Analysis Platform;
Radius certification requests are initiated to certification authority server.
5. a kind of QOS dynamic adjusting methods are applied in Data Analysis Platform, which is characterized in that
After receiving the user behavior tag query request message that internet security gateway is sent, sent out to the internet security gateway The user behavior based on user's internet behavior is sent to mark;
The behavior auditing daily record sent to the internet security gateway is analyzed, and the user based on user's internet behavior is formed Behavior marks, and the user behavior is marked deposit local data base in real time.
6. a kind of QOS dynamic adjusting methods are applied in certification authority server, which is characterized in that
The user name of advance typing higher-level user in the database, after Radius certifications success, to the internet security net It closes and sends Radius authenticate-acknowledge messages;
Receive the Radius certification requests that the internet security gateway is sent.
7. a kind of internet security gateway, which is characterized in that including:Dispensing unit, transmission unit and receiving unit,
The dispensing unit, for based on network egress band width configuration classification QOS strategies;
The receiving unit, the Portal confirmation messages for receiving Portal server transmission;
The dispensing unit is additionally operable to the current online user number from extraction network in the Portal confirmation messages;
The receiving unit is additionally operable to receive the Radius authenticate-acknowledge messages that certification authority server is sent;
The dispensing unit is additionally operable to identify user right according to the Radius authenticate-acknowledges message;
The transmission unit, for sending user behavior tag query request message to Data Analysis Platform;
The receiving unit is additionally operable to receive the user behavior label that the Data Analysis Platform is sent;
The dispensing unit is additionally operable to combine current online user number, user right and user behavior indicia matched in network And execute the QOS strategies of configured corresponding level.
8. internet security gateway according to claim 7, which is characterized in that
The transmission unit is additionally operable to after the normal access network of user's access authentication success for the first time, to the internet behavior of user Behavior auditing daily record is generated after being audited is sent to Data Analysis Platform.
9. a kind of Data Analysis Platform, which is characterized in that including:Receiving unit, transmission unit and analytic unit,
The receiving unit, the user behavior tag query request message for receiving the transmission of internet security gateway;
The transmission unit, for sending the user behavior label based on user's internet behavior to the internet security gateway;
The analytic unit, the behavior auditing daily record for being sent to the internet security gateway are analyzed, and formation is based on The user behavior of user's internet behavior marks, and the user behavior is marked deposit local data base in real time.
10. a kind of certification authority server, which is characterized in that including:Setting unit, transmission unit and receiving unit,
The setting unit, the user name for advance typing higher-level user in the database;
The transmission unit sends Radius authenticate-acknowledge messages after Radius certifications success to internet security gateway;
The receiving unit, the Radius certification requests sent for receiving the internet security gateway.
11. a kind of QOS dynamic debugging systems, which is characterized in that the system is included at least as described in claim any one of 7-8 Internet security gateway, Data Analysis Platform as claimed in claim 9 and Certificate Authority as claimed in claim 10 clothes Business device.
CN201611191835.5A 2016-12-21 2016-12-21 QOS dynamic adjustment method, equipment and system Active CN108429624B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611191835.5A CN108429624B (en) 2016-12-21 2016-12-21 QOS dynamic adjustment method, equipment and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611191835.5A CN108429624B (en) 2016-12-21 2016-12-21 QOS dynamic adjustment method, equipment and system

Publications (2)

Publication Number Publication Date
CN108429624A true CN108429624A (en) 2018-08-21
CN108429624B CN108429624B (en) 2022-07-26

Family

ID=63147237

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611191835.5A Active CN108429624B (en) 2016-12-21 2016-12-21 QOS dynamic adjustment method, equipment and system

Country Status (1)

Country Link
CN (1) CN108429624B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109714417A (en) * 2018-12-27 2019-05-03 迈普通信技术股份有限公司 Network control system and method based on user behavior
CN113542880A (en) * 2020-04-20 2021-10-22 中国移动通信集团河北有限公司 Method and device for detecting quality of short video service
CN114844662A (en) * 2022-03-01 2022-08-02 天翼安全科技有限公司 Network security policy management method, device and equipment

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7421487B1 (en) * 2003-06-12 2008-09-02 Juniper Networks, Inc. Centralized management of quality of service (QoS) information for data flows
CN101695022A (en) * 2009-11-02 2010-04-14 杭州华三通信技术有限公司 Management method and device for service quality
CN102004770A (en) * 2010-11-16 2011-04-06 杭州迪普科技有限公司 Webpage auditing method and device
CN103580962A (en) * 2012-08-06 2014-02-12 中兴通讯股份有限公司 System and method for providing customization network service for home gateway user
CN103885987A (en) * 2012-12-21 2014-06-25 中国移动通信集团公司 Music recommendation method and system
CN104506593A (en) * 2014-12-11 2015-04-08 上海因联企业咨询合伙企业(普通合伙) Large-scale expansible free wireless value-added platform
CN105978879A (en) * 2016-05-11 2016-09-28 北京交通大学 Safety management system of network channels

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7421487B1 (en) * 2003-06-12 2008-09-02 Juniper Networks, Inc. Centralized management of quality of service (QoS) information for data flows
CN101695022A (en) * 2009-11-02 2010-04-14 杭州华三通信技术有限公司 Management method and device for service quality
CN102004770A (en) * 2010-11-16 2011-04-06 杭州迪普科技有限公司 Webpage auditing method and device
CN103580962A (en) * 2012-08-06 2014-02-12 中兴通讯股份有限公司 System and method for providing customization network service for home gateway user
CN103885987A (en) * 2012-12-21 2014-06-25 中国移动通信集团公司 Music recommendation method and system
CN104506593A (en) * 2014-12-11 2015-04-08 上海因联企业咨询合伙企业(普通合伙) Large-scale expansible free wireless value-added platform
CN105978879A (en) * 2016-05-11 2016-09-28 北京交通大学 Safety management system of network channels

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109714417A (en) * 2018-12-27 2019-05-03 迈普通信技术股份有限公司 Network control system and method based on user behavior
CN113542880A (en) * 2020-04-20 2021-10-22 中国移动通信集团河北有限公司 Method and device for detecting quality of short video service
CN114844662A (en) * 2022-03-01 2022-08-02 天翼安全科技有限公司 Network security policy management method, device and equipment
CN114844662B (en) * 2022-03-01 2024-03-12 天翼安全科技有限公司 Network security policy management method, device and equipment

Also Published As

Publication number Publication date
CN108429624B (en) 2022-07-26

Similar Documents

Publication Publication Date Title
US7882245B2 (en) Presence service access device, presence service system and method for publishing and acquiring presence information
CN102365554B (en) Network system for establishing and managing wireless device, and applying service strategy aiming at device group
US8972612B2 (en) Collecting asymmetric data and proxy data on a communication network
US7222088B2 (en) Service system
CN107566429A (en) Base station, the response method of access request, apparatus and system
KR20140022464A (en) Sharing control system and method for network resources download information
JP2008535062A (en) NETWORK OPERATION AND INFORMATION PROCESSING SYSTEM AND METHOD INCLUDING CONNECTION OF PUBLIC ACCESS NETWORK
CN101399724B (en) Disposal authentication method for network access and service application oriented to user
CN102291459A (en) Network services infrastructure systems and methods
US9043928B1 (en) Enabling web page tracking
CN102084392A (en) System and method of managed content distrubution
CN108429624A (en) A kind of QOS dynamic adjusting methods, equipment and system
US20220116328A1 (en) Policy determination apparatus, policy determining method and program
EP3128713B1 (en) Page push method and system
CN101309157B (en) Multicast service management method and apparatus thereof
CN105612723A (en) Method and device for distributing traffic by using plurality of network interfaces in wireless communication system
CN102045398B (en) Portal-based distributed control method and equipment
US20190253891A1 (en) Portal aggregation service mapping subscriber device identifiers to portal addresses to which connection and authentication requests are redirected and facilitating mass subscriber apparatus configuration
CN107409047A (en) Encrypt the coordinate packet delivering of session
CN107395582A (en) Portal authentication devices and system
EP2732588B1 (en) Policy tokens in communication networks
WO2007143903A1 (en) A system and method for realizing message service
CN100372254C (en) Radio mutual action type communication system
US20080242306A1 (en) Apparatus and Method to Facilitate Use of a Cookie to Protect an Intranet
CN102195979B (en) Method for performing network acceleration based on acceleration KEY, and acceleration KEY

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP02 Change in the address of a patent holder
CP02 Change in the address of a patent holder

Address after: 610041 nine Xing Xing Road 16, hi tech Zone, Sichuan, Chengdu

Patentee after: MAIPU COMMUNICATION TECHNOLOGY Co.,Ltd.

Address before: 610041 15-24 floor, 1 1 Tianfu street, Chengdu high tech Zone, Sichuan

Patentee before: MAIPU COMMUNICATION TECHNOLOGY Co.,Ltd.