CN108429624A - A kind of QOS dynamic adjusting methods, equipment and system - Google Patents
A kind of QOS dynamic adjusting methods, equipment and system Download PDFInfo
- Publication number
- CN108429624A CN108429624A CN201611191835.5A CN201611191835A CN108429624A CN 108429624 A CN108429624 A CN 108429624A CN 201611191835 A CN201611191835 A CN 201611191835A CN 108429624 A CN108429624 A CN 108429624A
- Authority
- CN
- China
- Prior art keywords
- user
- behavior
- security gateway
- internet
- internet security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/50—Network service management, e.g. ensuring proper service fulfilment according to agreements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Abstract
The invention discloses a kind of QOS dynamic adjusting methods, equipment and systems, are related to network communication field, including:Internet security gateway is based on network egress band width configuration classification QOS strategies;Extract current online user number in network;Identify user right;Receive the user behavior label based on user's internet behavior;In conjunction with current online user number, user right and user behavior indicia matched in network and execute configured corresponding level QOS strategy.It realizes and is meeting to can further promote user's online experience while the progress management and control of user's internet behavior and limitation, the service on net of differentiation is embodied for different users.And existing network bandwidth can be efficiently used, the waste of network bandwidth is avoided, to save network bandwidth cost for service on net provider.
Description
Technical field
The invention belongs to network communication field more particularly to a kind of QOS dynamic adjusting methods based on user's internet behavior,
Equipment and system.
Background technology
The network communication equipments such as interchanger, router, the egress gateways of current nearly all network equipment vendor are all branch
Hold service quality (Quality of Service, abbreviation QOS) function.Also all be support based on source IP address, user group,
VLAN, period and application type etc. realize that QOS functions limit the upstream and downstream bandwidth of user, i.e., to the online row of user
To be controlled.But the realization of the QOS technologies of the prior art is limitation user's internet behavior and inhibits user's online experience,
It is also simultaneously static, unless human intervention, otherwise the execution of QOS strategies is also changeless.However in real network
In use environment, Internet user's number, user's internet behavior, bandwidth practical efficiency etc. often will not be according to network administrator'ss
Progress is preset, and network administrator is also impossible to be monitored to manually adjust QOS plans in real time to Internet Use
Slightly.And when Internet user's number deficiency, the practical efficiency of network bandwidth is relatively low;And when most of user is executing
When the internet behaviors such as Online Video/download, network bandwidth is often again not enough.Therefore, how to realize real-time according to network
Service condition surfs the Internet hobby dynamically to adjust QOS strategies to improve the utilization rate of network bandwidth according to user, while promoting user
Online experience is a problem to be solved.
Invention content
A kind of QOS dynamic adjusting methods of present invention offer, equipment and system, to solve QOS strategies in the prior art
Limitation user's internet behavior simultaneously inhibits user's online experience, and QOS strategy executions are all statics, unless human intervention, no
Then the execution of QOS strategies is also the problem of immobilizing.
Based on above-mentioned purpose, in a first aspect, an embodiment of the present invention provides a kind of QOS dynamic adjusting methods, the method
Including:
Internet security gateway is based on network egress band width configuration classification QOS strategies;
The internet security gateway extracts after receiving the Portal confirmation messages that Portal server is sent in network
Current online user number;
The internet security gateway receives basis after the Radius authenticate-acknowledge messages that certification authority server is sent
The Radius authenticate-acknowledges message identifies user right;
The internet security gateway sends user behavior tag query request message, data analysis to Data Analysis Platform
Platform is sent to the internet security gateway based on user's online after receiving the user behavior tag query request message
The user behavior of behavior marks;
Current online user number, user right and user behavior label in the internet security gateway combination network
Match and execute the QOS strategies of configured corresponding level.
Second aspect, an embodiment of the present invention provides a kind of QOS dynamic adjusting methods, are applied to internet security gateway
In, including:
Based on network egress band width configuration classification QOS strategies;
Current online user number in network is extracted after receiving the Portal confirmation messages of Portal server transmission;
After the Radius authenticate-acknowledge messages for receiving certification authority server transmission, according to the Radius authenticate-acknowledges
Message identifies user right;
User behavior tag query request message is sent to Data Analysis Platform, and receives the Data Analysis Platform and sends
User behavior label;
In conjunction with current online user number, user right and user behavior indicia matched in network and execute configured pair
Answer the QOS strategies of rank.
The third aspect, an embodiment of the present invention provides a kind of QOS dynamic adjusting methods, are applied in Data Analysis Platform,
It is sent to the internet security gateway after receiving the user behavior tag query request message of internet security gateway transmission
User behavior label based on user's internet behavior;
The behavior auditing daily record sent to the internet security gateway is analyzed, and is formed based on user's internet behavior
User behavior marks, and the user behavior is marked deposit local data base in real time.
Fourth aspect, an embodiment of the present invention provides a kind of QOS dynamic adjusting methods, are applied to certification authority server
In, the user name of typing higher-level user in the database in advance, after Radius certifications success, to the internet security gateway
Send Radius authenticate-acknowledge messages;
Receive the Radius certification requests that the internet security gateway is sent.
5th aspect, an embodiment of the present invention provides a kind of internet security gateways, including:Dispensing unit, transmission unit
And receiving unit,
The dispensing unit, for based on network egress band width configuration classification QOS strategies;
The receiving unit, the Portal confirmation messages for receiving Portal server transmission;
The dispensing unit is additionally operable to the current online user number from extraction network in the Portal confirmation messages;
The receiving unit is additionally operable to receive the Radius authenticate-acknowledge messages that certification authority server is sent;It is described to match
Unit is set, is additionally operable to identify user right according to the Radius authenticate-acknowledges message;
The transmission unit, for sending user behavior tag query request message to Data Analysis Platform;
The receiving unit is additionally operable to receive the user behavior label that the Data Analysis Platform is sent;
The dispensing unit is additionally operable to combine current online user number in network, user right and user behavior label
Match and execute the QOS strategies of configured corresponding level.
6th aspect, an embodiment of the present invention provides a kind of Data Analysis Platforms, including:Receiving unit, transmission unit and
Analytic unit,
The receiving unit, the user behavior tag query request message for receiving the transmission of internet security gateway;
The transmission unit, for sending the user behavior mark based on user's internet behavior to the internet security gateway
Note;
The analytic unit, the behavior auditing daily record for being sent to the internet security gateway are analyzed, and are formed
User behavior label based on user's internet behavior, and the user behavior is marked into deposit local data base in real time.
7th aspect, an embodiment of the present invention provides a kind of certification authority servers, including:Setting unit, transmission unit
And receiving unit,
The setting unit, the user name for advance typing higher-level user in the database;
The transmission unit sends Radius authenticate-acknowledges after Radius certifications success to internet security gateway
Message;
The receiving unit, the Radius certification requests sent for receiving the internet security gateway.
Eighth aspect, an embodiment of the present invention provides a kind of QOS dynamic debugging systems, the system includes at least the 5th side
The Data Analysis Platform described in internet security gateway, the 6th aspect described in face and the Certificate Authority service described in the 7th aspect
Device.
Beneficial effects of the present invention are:It can be further while meeting and carrying out management and control and limitation to user's internet behavior
User's online experience is promoted, the service on net of differentiation is embodied for different users.And existing network can be efficiently used
Bandwidth avoids the waste of network bandwidth, to save network bandwidth cost for service on net provider.
Description of the drawings
Fig. 1 is a kind of network environment figure of QOS dynamic debugging systems provided in an embodiment of the present invention;
Fig. 2 is a kind of method flow diagram of QOS dynamic adjusting methods provided in an embodiment of the present invention;
Fig. 3 is that QOS when user provided in an embodiment of the present invention access is reached the standard grade matches flow chart;
Fig. 4 is that QOS when user offline provided in an embodiment of the present invention exits matches flow chart;
Fig. 5 is a kind of internet security gateway architecture schematic diagram provided in an embodiment of the present invention;
Fig. 6 is a kind of Data Analysis Platform structural schematic diagram provided in an embodiment of the present invention;
Fig. 7 is a kind of certification authority server structural schematic diagram provided in an embodiment of the present invention.
Specific implementation mode
To make technical scheme of the present invention be more clearly understood, the present invention is described in further details in conjunction with attached drawing:
An embodiment of the present invention provides a kind of QOS dynamic adjusting methods, equipment and systems, to solve in the prior art
QOS strategies limit user's internet behavior and inhibit user's online experience, and QOS strategy executions are all statics, except non-artificial
Intervene, the otherwise execution of QOS strategies is also the problem of immobilizing.
The embodiment of the present invention provides a kind of QOS dynamic debugging systems, which carries out pipe in satisfaction to user's internet behavior
User's online experience can be further promoted while control and limitation, the service on net of differentiation is embodied for different users.
And existing network bandwidth can be efficiently used, the waste of network bandwidth is avoided, to save network for service on net provider
Bandwidth cost.As shown in Figure 1, the QOS dynamic debugging systems of the embodiment of the present invention include internet security gateway (Internet
Security Gateway, abbreviation ISG), certification authority server (Authentication Authorization Server,
Abbreviation AAS), Portal server and Data Analysis Platform (Date Analysis Plat, abbreviation DSP), for convenience of explanation
The present invention, the system can further include Content Management Platform (Content Management Plat, abbreviation CMP), end
End and access point (Access Point, abbreviation AP), in the system shown in figure 1, certification authority server, Portal services
Preset built-in interface between device, Content Management Platform and Data Analysis Platform, it is certification authority server, Portal server, interior
Hold and information exchange is carried out by preset built-in interface between management platform and Data Analysis Platform.
In embodiments of the present invention, the realization process of dynamic adjustment QOS strategies is:
First, the behavior label based on user's internet behavior is pre-defined in DSP, such as pre-defined two behaviors label
Mark1 and Mark2, wherein behavior marks Mark1 to indicate that the internet behavior of user is mainly Online Video or download;Behavior mark
Remember that Mark2 indicates that the internet behavior of user is mainly non-Online Video or download.High-level (the letter of typing in the database in advance
Claim:VIP) the user name (such as cell-phone number) of user, the user right marker bit that can preset VIP user is 1, common to use
The marker bit of the user right at family is 0.After Radius certifications success, certification authority server passes through Radius authenticate-acknowledge reports
User right marker bit is returned to ISG by text.ISG is identified according to the user right marker bit in Radius authenticate-acknowledge messages and is used
Family permission, and Radius authentication results are packaged into Portal messages and return to Portal server, Portal server statistics
Real-time online user's number can indicate current online user number in network with setting flag position, such as current only unique
An access authentication of user success, then will be sent to the Portal messages of ISG mark position be 1, be otherwise set to 0 and (deposit
In multiple online users).Portal server receive ISG transmission Portal messages after to ISG send Portal confirmation messages,
Online user's number information is carried in the Portal confirmation messages.
ISG is classified QOS strategies (such as tactful, the L1- here that is divided into L1-L12 grade QOS according to network egress band width configuration
L12 grades of QOS strategies correspond to the bandwidth value of different stage respectively, and the corresponding bandwidth value of each rank is configurable, and can be with
Maximum bandwidth is configured simultaneously and ensures bandwidth), and according to current online user number, user right and user behavior mark in network
Remember that this three elements matches and executes the QOS strategies of configured corresponding level.Such as:When accessing user is currently the only online and is
It is matched when ordinary user and executes L1QOS strategies;When accessing user is currently the only online and to match and executing when VIP user
L2QOS strategies;When accessing user is not currently the only online and for L3QOS strategies are matched and executed when ordinary user;Work as access
User is not currently the only online and for L4QOS strategies is matched and executed when VIP user;When accessing user is currently the only online
And behavior is labeled as the L5QOS strategies of the ordinary user of Mark1;When accessing user is that currently the only online and behavior is labeled as
It is matched when the VIP user of Mark1 and executes L6QOS strategies;When accessing user is that currently the only online and behavior is labeled as Mark2
Ordinary user when match and execute L7QOS strategy;When accessing user is that currently the only online and behavior is labeled as Mark2
It is matched when VIP user and executes L8QOS strategies;When accessing user is not that currently the only online and behavior is labeled as the general of Mark1
It is matched when general family and executes L9QOS strategies;When accessing user is not the VIP that currently the only online and behavior is labeled as Mark1
It is matched when user and executes L10QOS strategies;When accessing user is not that currently the only online and behavior is labeled as the common of Mark2
It is matched when user and executes L11QOS strategies;When accessing user is not that currently the only online and behavior is used labeled as the VIP of Mark2
The L12QOS strategies for matching and executing when family.
User terminal for the first time access authentication when, complete for the first time access authentication procedure specifically include:ISG is to user terminal requests
HTTP GET messages intercepted, while to user terminal complete the 1st time 302 redirection, herein 302 redirect
(302redirect) is also referred to as 302 and represents temporary transfer (Temporarily Moved), also referred to as temporarily redirects
(Temporarily Redirect), one shows that browser is required to show different URL to the instruction of web browser,
It is used when a webpage lives through short-term URL variations, it is a kind of redirection of server end that one, which temporarily redirects, can
Searched engine properly processes.
User terminal accesses new target URL after receiving the 1st time 302 redirection, that is, accesses Portal server;Portal
After server receives the access request of user terminal, 2 times 302 redirections are completed to user terminal.User terminal receives the 2nd time
New target URL is accessed after 302 redirections, that is, accesses CMP, it is specified to user terminal push after CMP receives user terminal requests
Certification page.After user terminal renders certification page by browser, user name+encrypted message is submitted by the page;CMP
After the user name+encrypted message for receiving user terminal submission, which is also passed to simultaneously
Portal server;User name+encrypted message is passed to ISG by Portal server by Portal authentication request packets;ISG
User name+encrypted message is extracted after receiving Portal authentication request packets, and initiates Radius to certification authority server simultaneously
Certification request.Certification authority server is weighed the Radius authentication results of the user and user by Radius authenticate-acknowledges message
Limit information passes to ISG, and ISG determines whether the user that lets pass according to the Radius authentication results, while according to Radius certifications
User right marker bit in confirmation message identifies the user right (ordinary user or VIP user).ISG services Certificate Authority
User's Radius authentication results of device feedback, which are encapsulated in Portal messages, is sent to Portal server, and Portal server is received
Portal confirmation messages are sent to ISG after to the Portal messages, online user's number letter is carried in the Portal confirmation messages
Breath;ISG receives the Portal confirmation messages of Portal server transmission, extracts the online user in the Portal confirmation messages
Number information judges that the user is currently the only online user or is not current to judge current online user number in network
Unique online user.ISG sends user behavior tag query request message to DSP, and DSP receives the user behavior tag query and asks
ISG will be returned to after seeking message based on the behavior of user's internet behavior label.When the 1st access of user, the behavior of DSP returns
Tag query result is sky.After ISG receives the user behavior tag query response message of DSP transmissions, extraction is based on the user
The user behavior label Mark1 or Mark2 of internet behavior is sky;And it combines in the network of the extraction in Portal confirmation messages
It current online user number and is matched according to the user right identified in Radius authenticate-acknowledge messages and executes configured pair
Answer the QOS strategies of rank.In user's access authentication for the first time, current online user number in ISG combination networks, user right and
User behavior indicia matched simultaneously executes certain level-one QOS strategies in L1 to L4.
After user's access authentication success for the first time, according to normal access network itself is liked, ISG carries out user's internet behavior
Behavior auditing daily record is generated after audit is sent to DSP.DSP carries out analyzing processing according to the behavior auditing daily record that ISG is sent, and is formed
User behavior based on user online marks Mark1 or Mark2, and in real time by the user behavior based on user's internet behavior
Label is stored in local data base in a covered manner.
User again access authentication when, specific verification process and access authentication for the first time realize that process is identical, only exist
User again access authentication when, current online user number, user right and user behavior indicia matched be simultaneously in ISG combination networks
Execute certain level-one QOS strategies in L5~L12.
If there is new user accesses, the access authentication of new user is completed still according to above-mentioned verification process, ISG is according to the use
The QOS strategies of a certain rank in the newest online user's number in family, user right and user behavior indicia matched L1~L12.
When the arbitrary user of random time accesses or exits, ISG can be directed to current online user number, user in network
Permission and user behavior mark these three elements actively to initiate inquiry or passively receive fresh information, if current online in network
Any one element information updates in three user's number, user right and user behavior label elements, and ISG can be currently to exist
Line user matches the QOS strategies of new L1~L12 again.
Embodiment 1
An embodiment of the present invention provides a kind of QOS dynamic adjusting methods, are applied to the above-mentioned QOS dynamic debugging systems of the present invention
In, as shown in Fig. 2, the method includes:
Step 201, internet security gateway are based on network egress band width configuration classification QOS strategies;
Step 202, the internet security gateway carry after receiving the Portal confirmation messages that Portal server is sent
Current online user number in network is taken, in this step, current online use in network is included in the Portal confirmation messages
Family number information.
Step 203, the internet security gateway receive the Radius authenticate-acknowledge reports of certification authority server transmission
User right is identified according to the Radius authenticate-acknowledges message after text;
Step 204, the internet security gateway send user behavior tag query request message to Data Analysis Platform,
Data Analysis Platform is based on after receiving the user behavior tag query request message to internet security gateway transmission
The user behavior of user's internet behavior marks;
Current online user number, user right and user's row in step 205, the internet security gateway combination network
For indicia matched and execute configured corresponding level QOS strategy.
Further, network egress band width configuration classification QOS strategies are based in the internet security gateway of step 201
Before, method provided in an embodiment of the present invention further includes:
The user behavior label surfed the Internet based on user is predefined in Data Analysis Platform;
After the normal access network of user's access authentication success for the first time, internet behavior of the internet security gateway to user
Generate behavior auditing daily record after being audited and be sent to Data Analysis Platform, Data Analysis Platform to the behavior auditing daily record into
Row analysis forms the user behavior label based on user's internet behavior, and marks deposit local the user behavior in real time
Database;
The certification authority server user name of typing higher-level user in the database in advance, the internet security gateway
To the certification authority server initiate Radius certification requests, Radius certifications success after, the certification authority server to
The internet security gateway sends Radius authenticate-acknowledge messages.
It further illustrates by way of example below when user's access is reached the standard grade using the QOS dynamics described in the embodiment of the present invention
The QOS matching process of method of adjustment, as shown in figure 3, specifically matching flow includes:
ISG is tactful according to the QOS of network egress band width configuration L1-L12, and specifically sets each rank QOS strategies most
Big bandwidth and guarantee bandwidth, maximum bandwidth and guarantee bandwidth are configurable, and such as when outlet bandwidth is X, configuration L1QOS is most
Big bandwidth 60%X ensures bandwidth 30%X;L2QOS maximum bandwidths 80%X ensures bandwidth 50%X;L3QOS maximum bandwidths 40%X is protected
Hinder bandwidth 15%X;L4QOS maximum bandwidths 60%X ensures bandwidth 25%X etc., configures in order maximum bandwidth and the guarantee of L1-L12
Bandwidth, specific band width configuration situation can be selected to set, no longer enumerated here according to practical application scene.In figure 3,
AP can broadcast out specified wireless SSID as radio reception device, and user connects wireless SSID using mobile terminal and accesses net
Network;And arbitrary outer net is accessed by terminal browser;ISG intercepts the HTTP GET messages that user asks, at the same to
Family terminal completes the 1st time 302 redirection;User terminal accesses Portal server after receiving the 1st time 302 redirection;
After Portal server receives the access request of user terminal, the 2nd time 302 redirection is completed to user terminal;User terminal
It receives the 2nd time 302 and accesses CMP after redirecting;After CMP receives the certification request of user terminal, refer to user terminal push
Determine certification page;User terminal submits user name+encrypted message by the certification page that browser renders;CMP receives use
After user name+encrypted message that family terminal is submitted, which is transmitted into AAS, while being also passed to Portal server;Portal
User name+encrypted message is passed to ISG by server by Portal authentication request packets;ISG receives Portal certifications and asks
User name+encrypted message is extracted after seeking message, and initiates Radius certification requests to AAS simultaneously;AAS is by the Radius of the user
Authentication result is sent to ISG by Radius authenticate-acknowledge messages, and ISG should to determine whether to let pass according to Radius authentication results
User, while (ordinary user or VIP are used according to the user right marker bit identification user right in Radius authenticate-acknowledge messages
Family);ISG is sent to Portal server after user's Radius authentication results that AAS is fed back are encapsulated as Portal messages,
Portal server receives and sends Portal confirmation messages to ISG after the Portal messages, is taken in the Portal confirmation messages
Band online user's number information;ISG extract Portal confirmation messages in current online user number information, with determine in network when
Preceding online user's number;Meanwhile ISG sends user behavior tag query request message to DSP, DSP receives the user behavior mark
Response message will be marked to be sent to by user behavior based on the behavior of user's internet behavior label after note inquiry request message
ISG;ISG receive the user behavior label response message after, extract the user user behavior label Mark1 or Mark2 or
For sky;According to the above process, ISG understand that current online user number in network, user right and user behavior label
This 3 elements, to which, ISG according to this 3 Match of elemental composition and can execute the QOS plans of corresponding level configured in L1~L12
Slightly.User's access authentication success for the first time is normal to access network, and ISG generates user's row in real time after auditing to user's internet behavior
It is sent to DSP for audit log.DSP carries out analyzing processing to the user behavior audit log that ISG is sent, and is formed based on user
The user behavior of net marks Mark1 or Mark2, and active user behavior label is stored in local data base in a covered manner.
It is adjusted using the QOS dynamics described in the embodiment of the present invention when further illustrating offline exit by way of example below
The QOS matching process of method, as shown in figure 4, specifically matching flow includes:
User is actively offline to exit (as clicked certification page【It exits】Button), user offline exits information real-time delivery
To CMP;CMP will receive the user offline and exit information real-time delivery to Portal server;Portal server receives
User offline request message is sent to ISG by Portal messages after user offline information;ISG receives user offline request report
Literary backward Portal server is returned to user offline success message;ISG sends online user to Portal server simultaneously
Number inquiry request message;Portal server returns to query result message to ISG;ISG is sent to be surfed the Internet based on user to DSP and be gone
For user behavior tag query request message and receive DSP return user behavior mark response message;For current online
User, ISG will be according to newest online user's number, original subscriber's permission and the newest user behavior marks based on user's internet behavior
Online user is denoted as to match again and execute configured L1~L12QOS strategies;Current still online user continues according to certainly
Body hobby accesses arbitrary network resource;ISG continues to after user's internet behavior progress behavior auditing that behavior auditing daily record is real-time
It is sent to DSP;User's internet behavior audit log that DSP is reported according to ISG is analyzed, is handled, and is formed and is surfed the Internet based on user
The behavior of behavior marks Mark1 or Mark2, and result is stored in local data base.
QOS dynamic adjusting methods described in the embodiment of the present invention are meeting to the progress management and control of user's internet behavior and limitation
User's online experience can be further promoted simultaneously, the service on net of differentiation is embodied for different users.And can have
Effect utilizes existing network bandwidth, avoids the waste of network bandwidth, to save network bandwidth cost for service on net provider.
Embodiment 2
An embodiment of the present invention provides a kind of internet security gateways, as shown in figure 5, internet security gateway 50 includes:
Dispensing unit 501, transmission unit 502 and receiving unit 503,
The dispensing unit 501, for based on network egress band width configuration classification QOS strategies;
The receiving unit 503, the Portal confirmation messages for receiving Portal server transmission;
The dispensing unit 501 is additionally operable to a from current online user in network is extracted in the Portal confirmation messages
Number;
The receiving unit 503 is additionally operable to receive the Radius authenticate-acknowledge messages that certification authority server is sent;
The dispensing unit 501 is additionally operable to identify user right according to the Radius authenticate-acknowledges message;
The transmission unit 502, for sending user behavior tag query request message to Data Analysis Platform;
The receiving unit 503 is additionally operable to receive the user behavior label that the Data Analysis Platform is sent;
The dispensing unit 501 is additionally operable to combine current online user number, user right and user behavior mark in network
Note matches and executes the QOS strategies of configured corresponding level.
The transmission unit 502 is additionally operable to after the normal access network of user's access authentication success for the first time, to the upper of user
Net behavior generates behavior auditing daily record after being audited and is sent to Data Analysis Platform.
Embodiment 3
An embodiment of the present invention provides a kind of Data Analysis Platforms, as shown in fig. 6, Data Analysis Platform 60 includes:It receives
Unit 601, transmission unit 602 and analytic unit 603,
The receiving unit 601, the user behavior tag query request message for receiving the transmission of internet security gateway;
The transmission unit 602, for sending user's row based on user's internet behavior to the internet security gateway
For label;
The analytic unit 603, the behavior auditing daily record for being sent to the internet security gateway are analyzed, shape
At the user behavior label based on user's internet behavior, and the user behavior is marked into deposit local data base in real time.
Embodiment 4
An embodiment of the present invention provides a kind of certification authority servers, as shown in fig. 7, certification authority server 70 includes:
Setting unit 701, transmission unit 702 and receiving unit 703,
The setting unit 701, the user name for advance typing higher-level user in the database;
It is true to send Radius certifications after Radius certifications success to internet security gateway for the transmission unit 702
Recognize message;
The receiving unit 703, the Radius certification requests sent for receiving the internet security gateway.
Embodiment 5
An embodiment of the present invention provides a kind of QOS dynamic debugging systems, the system includes at least mutual described in embodiment 2
The certification authority server networked described in security gateway, Data Analysis Platform described in embodiment 3 and embodiment 4.
The embodiment of the present invention is meeting to can further promote use while the progress management and control of user's internet behavior and limitation
Family online experience embodies the service on net of differentiation for different users.And existing network bandwidth can be efficiently used, is kept away
Exempt from the waste of network bandwidth, to save network bandwidth cost for service on net provider.
The above description is merely a specific embodiment, but scope of protection of the present invention is not limited thereto, any
Those familiar with the art in the technical scope disclosed by the present invention, can easily think of the change or the replacement, and should all contain
Lid is within protection scope of the present invention.Therefore, protection scope of the present invention should be based on the protection scope of the described claims.
Claims (11)
1. a kind of QOS dynamic adjusting methods, which is characterized in that the method includes:
Internet security gateway is based on network egress band width configuration classification QOS strategies;
The internet security gateway extracts in network currently after receiving the Portal confirmation messages that Portal server is sent
Online user's number;
The internet security gateway receive certification authority server transmission Radius authenticate-acknowledge messages after according to described in
Radius authenticate-acknowledge messages identify user right;
The internet security gateway sends user behavior tag query request message, Data Analysis Platform to Data Analysis Platform
It is sent to the internet security gateway based on user online row after receiving the user behavior tag query request message
For user behavior label;
Current online user number, user right and user behavior indicia matched be simultaneously in the internet security gateway combination network
Execute the QOS strategies of configured corresponding level.
2. according to the method described in claim 1, it is characterized in that, being based on network egress bandwidth in the internet security gateway
Before configuration classification QOS strategies, the method further includes:
The user behavior label surfed the Internet based on user is predefined in Data Analysis Platform;
After the normal access network of user's access authentication success for the first time, the internet security gateway carries out the internet behavior of user
Behavior auditing daily record is generated after audit and is sent to Data Analysis Platform, and Data Analysis Platform divides the behavior auditing daily record
Analysis forms the user behavior label based on user's internet behavior, and the user behavior is marked deposit local data in real time
Library;
The certification authority server user name of typing higher-level user in the database in advance, the internet security gateway is to institute
It states certification authority server and initiates Radius certification requests, after Radius certifications success, the certification authority server is to described
Internet security gateway sends Radius authenticate-acknowledge messages.
3. a kind of QOS dynamic adjusting methods are applied in internet security gateway, which is characterized in that including:
Based on network egress band width configuration classification QOS strategies;
Current online user number in network is extracted after receiving the Portal confirmation messages of Portal server transmission;
After the Radius authenticate-acknowledge messages for receiving certification authority server transmission, according to the Radius authenticate-acknowledges message
Identify user right;
User behavior tag query request message is sent to Data Analysis Platform, and receives the use that the Data Analysis Platform is sent
Family behavior label;
In conjunction with current online user number, user right and user behavior indicia matched in network and execute configured respective stages
Other QOS strategies.
4. according to the method described in claim 3, it is characterized in that,
After the normal access network of user's access authentication success for the first time, the behavior that generated after auditing to the internet behavior of user is examined
Meter daily record is sent to Data Analysis Platform;
Radius certification requests are initiated to certification authority server.
5. a kind of QOS dynamic adjusting methods are applied in Data Analysis Platform, which is characterized in that
After receiving the user behavior tag query request message that internet security gateway is sent, sent out to the internet security gateway
The user behavior based on user's internet behavior is sent to mark;
The behavior auditing daily record sent to the internet security gateway is analyzed, and the user based on user's internet behavior is formed
Behavior marks, and the user behavior is marked deposit local data base in real time.
6. a kind of QOS dynamic adjusting methods are applied in certification authority server, which is characterized in that
The user name of advance typing higher-level user in the database, after Radius certifications success, to the internet security net
It closes and sends Radius authenticate-acknowledge messages;
Receive the Radius certification requests that the internet security gateway is sent.
7. a kind of internet security gateway, which is characterized in that including:Dispensing unit, transmission unit and receiving unit,
The dispensing unit, for based on network egress band width configuration classification QOS strategies;
The receiving unit, the Portal confirmation messages for receiving Portal server transmission;
The dispensing unit is additionally operable to the current online user number from extraction network in the Portal confirmation messages;
The receiving unit is additionally operable to receive the Radius authenticate-acknowledge messages that certification authority server is sent;
The dispensing unit is additionally operable to identify user right according to the Radius authenticate-acknowledges message;
The transmission unit, for sending user behavior tag query request message to Data Analysis Platform;
The receiving unit is additionally operable to receive the user behavior label that the Data Analysis Platform is sent;
The dispensing unit is additionally operable to combine current online user number, user right and user behavior indicia matched in network
And execute the QOS strategies of configured corresponding level.
8. internet security gateway according to claim 7, which is characterized in that
The transmission unit is additionally operable to after the normal access network of user's access authentication success for the first time, to the internet behavior of user
Behavior auditing daily record is generated after being audited is sent to Data Analysis Platform.
9. a kind of Data Analysis Platform, which is characterized in that including:Receiving unit, transmission unit and analytic unit,
The receiving unit, the user behavior tag query request message for receiving the transmission of internet security gateway;
The transmission unit, for sending the user behavior label based on user's internet behavior to the internet security gateway;
The analytic unit, the behavior auditing daily record for being sent to the internet security gateway are analyzed, and formation is based on
The user behavior of user's internet behavior marks, and the user behavior is marked deposit local data base in real time.
10. a kind of certification authority server, which is characterized in that including:Setting unit, transmission unit and receiving unit,
The setting unit, the user name for advance typing higher-level user in the database;
The transmission unit sends Radius authenticate-acknowledge messages after Radius certifications success to internet security gateway;
The receiving unit, the Radius certification requests sent for receiving the internet security gateway.
11. a kind of QOS dynamic debugging systems, which is characterized in that the system is included at least as described in claim any one of 7-8
Internet security gateway, Data Analysis Platform as claimed in claim 9 and Certificate Authority as claimed in claim 10 clothes
Business device.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611191835.5A CN108429624B (en) | 2016-12-21 | 2016-12-21 | QOS dynamic adjustment method, equipment and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611191835.5A CN108429624B (en) | 2016-12-21 | 2016-12-21 | QOS dynamic adjustment method, equipment and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108429624A true CN108429624A (en) | 2018-08-21 |
CN108429624B CN108429624B (en) | 2022-07-26 |
Family
ID=63147237
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611191835.5A Active CN108429624B (en) | 2016-12-21 | 2016-12-21 | QOS dynamic adjustment method, equipment and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108429624B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109714417A (en) * | 2018-12-27 | 2019-05-03 | 迈普通信技术股份有限公司 | Network control system and method based on user behavior |
CN113542880A (en) * | 2020-04-20 | 2021-10-22 | 中国移动通信集团河北有限公司 | Method and device for detecting quality of short video service |
CN114844662A (en) * | 2022-03-01 | 2022-08-02 | 天翼安全科技有限公司 | Network security policy management method, device and equipment |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7421487B1 (en) * | 2003-06-12 | 2008-09-02 | Juniper Networks, Inc. | Centralized management of quality of service (QoS) information for data flows |
CN101695022A (en) * | 2009-11-02 | 2010-04-14 | 杭州华三通信技术有限公司 | Management method and device for service quality |
CN102004770A (en) * | 2010-11-16 | 2011-04-06 | 杭州迪普科技有限公司 | Webpage auditing method and device |
CN103580962A (en) * | 2012-08-06 | 2014-02-12 | 中兴通讯股份有限公司 | System and method for providing customization network service for home gateway user |
CN103885987A (en) * | 2012-12-21 | 2014-06-25 | 中国移动通信集团公司 | Music recommendation method and system |
CN104506593A (en) * | 2014-12-11 | 2015-04-08 | 上海因联企业咨询合伙企业(普通合伙) | Large-scale expansible free wireless value-added platform |
CN105978879A (en) * | 2016-05-11 | 2016-09-28 | 北京交通大学 | Safety management system of network channels |
-
2016
- 2016-12-21 CN CN201611191835.5A patent/CN108429624B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7421487B1 (en) * | 2003-06-12 | 2008-09-02 | Juniper Networks, Inc. | Centralized management of quality of service (QoS) information for data flows |
CN101695022A (en) * | 2009-11-02 | 2010-04-14 | 杭州华三通信技术有限公司 | Management method and device for service quality |
CN102004770A (en) * | 2010-11-16 | 2011-04-06 | 杭州迪普科技有限公司 | Webpage auditing method and device |
CN103580962A (en) * | 2012-08-06 | 2014-02-12 | 中兴通讯股份有限公司 | System and method for providing customization network service for home gateway user |
CN103885987A (en) * | 2012-12-21 | 2014-06-25 | 中国移动通信集团公司 | Music recommendation method and system |
CN104506593A (en) * | 2014-12-11 | 2015-04-08 | 上海因联企业咨询合伙企业(普通合伙) | Large-scale expansible free wireless value-added platform |
CN105978879A (en) * | 2016-05-11 | 2016-09-28 | 北京交通大学 | Safety management system of network channels |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109714417A (en) * | 2018-12-27 | 2019-05-03 | 迈普通信技术股份有限公司 | Network control system and method based on user behavior |
CN113542880A (en) * | 2020-04-20 | 2021-10-22 | 中国移动通信集团河北有限公司 | Method and device for detecting quality of short video service |
CN114844662A (en) * | 2022-03-01 | 2022-08-02 | 天翼安全科技有限公司 | Network security policy management method, device and equipment |
CN114844662B (en) * | 2022-03-01 | 2024-03-12 | 天翼安全科技有限公司 | Network security policy management method, device and equipment |
Also Published As
Publication number | Publication date |
---|---|
CN108429624B (en) | 2022-07-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7882245B2 (en) | Presence service access device, presence service system and method for publishing and acquiring presence information | |
CN102365554B (en) | Network system for establishing and managing wireless device, and applying service strategy aiming at device group | |
US8972612B2 (en) | Collecting asymmetric data and proxy data on a communication network | |
US7222088B2 (en) | Service system | |
CN107566429A (en) | Base station, the response method of access request, apparatus and system | |
KR20140022464A (en) | Sharing control system and method for network resources download information | |
JP2008535062A (en) | NETWORK OPERATION AND INFORMATION PROCESSING SYSTEM AND METHOD INCLUDING CONNECTION OF PUBLIC ACCESS NETWORK | |
CN101399724B (en) | Disposal authentication method for network access and service application oriented to user | |
CN102291459A (en) | Network services infrastructure systems and methods | |
US9043928B1 (en) | Enabling web page tracking | |
CN102084392A (en) | System and method of managed content distrubution | |
CN108429624A (en) | A kind of QOS dynamic adjusting methods, equipment and system | |
US20220116328A1 (en) | Policy determination apparatus, policy determining method and program | |
EP3128713B1 (en) | Page push method and system | |
CN101309157B (en) | Multicast service management method and apparatus thereof | |
CN105612723A (en) | Method and device for distributing traffic by using plurality of network interfaces in wireless communication system | |
CN102045398B (en) | Portal-based distributed control method and equipment | |
US20190253891A1 (en) | Portal aggregation service mapping subscriber device identifiers to portal addresses to which connection and authentication requests are redirected and facilitating mass subscriber apparatus configuration | |
CN107409047A (en) | Encrypt the coordinate packet delivering of session | |
CN107395582A (en) | Portal authentication devices and system | |
EP2732588B1 (en) | Policy tokens in communication networks | |
WO2007143903A1 (en) | A system and method for realizing message service | |
CN100372254C (en) | Radio mutual action type communication system | |
US20080242306A1 (en) | Apparatus and Method to Facilitate Use of a Cookie to Protect an Intranet | |
CN102195979B (en) | Method for performing network acceleration based on acceleration KEY, and acceleration KEY |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CP02 | Change in the address of a patent holder | ||
CP02 | Change in the address of a patent holder |
Address after: 610041 nine Xing Xing Road 16, hi tech Zone, Sichuan, Chengdu Patentee after: MAIPU COMMUNICATION TECHNOLOGY Co.,Ltd. Address before: 610041 15-24 floor, 1 1 Tianfu street, Chengdu high tech Zone, Sichuan Patentee before: MAIPU COMMUNICATION TECHNOLOGY Co.,Ltd. |