CN108429624B - QOS dynamic adjustment method, equipment and system - Google Patents
QOS dynamic adjustment method, equipment and system Download PDFInfo
- Publication number
- CN108429624B CN108429624B CN201611191835.5A CN201611191835A CN108429624B CN 108429624 B CN108429624 B CN 108429624B CN 201611191835 A CN201611191835 A CN 201611191835A CN 108429624 B CN108429624 B CN 108429624B
- Authority
- CN
- China
- Prior art keywords
- user
- behavior
- security gateway
- internet
- internet security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/50—Network service management, e.g. ensuring proper service fulfilment according to agreements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method, a device and a system for dynamically adjusting QOS, which relate to the field of network communication and comprise the following steps: the Internet security gateway configures a hierarchical QOS strategy based on the network exit bandwidth; extracting the number of current online users in the network; identifying user rights; receiving a user behavior mark based on the user internet surfing behavior; matching and executing the configured QOS strategy of the corresponding level by combining the number of the current online users in the network, the user authority and the user behavior mark. The internet surfing experience of the user can be further improved while the management and the control and the limitation on the internet surfing behavior of the user are met, and differentiated internet surfing services are embodied for different users. The existing network bandwidth can be effectively utilized, the waste of the network bandwidth is avoided, and therefore the network bandwidth cost is saved for the internet service provider.
Description
Technical Field
The invention belongs to the field of network communication, and particularly relates to a method, equipment and a system for dynamically adjusting QOS (quality of service) based on user internet surfing behavior.
Background
At present, almost all network communication devices such as switches, routers, and egress gateways of network device manufacturers support Quality of Service (QOS) functions. And the method also supports the realization of QOS function based on source IP address, user group, VLAN, time period, application type and the like to limit the uplink and downlink bandwidth of the user, namely to control the internet behavior of the user. However, the QOS technology in the prior art is implemented to limit the user's internet access behavior and suppress the user's internet access experience, and is also static, and the QOS policy is implemented without human intervention. However, in an actual network usage environment, the number of users accessing the internet, the user internet behavior, the actual bandwidth utilization rate, and the like are often not preset by a network administrator, and the network administrator is unlikely to monitor the network usage in real time so as to manually adjust the QOS policy. When the number of the users on the internet is insufficient, the actual utilization rate of the network bandwidth is relatively low; when most users are performing online activities such as online video/downloading, the network bandwidth is often not enough. Therefore, how to dynamically adjust the QOS policy according to the real-time use condition of the network and the user internet surfing preference to improve the utilization rate of the network bandwidth and improve the user internet surfing experience is an urgent problem to be solved.
Disclosure of Invention
The invention provides a method, equipment and a system for dynamically adjusting QOS (quality of service), which are used for solving the problems that a QOS strategy in the prior art limits user internet access behaviors and inhibits user internet access experience, and the execution of the QOS strategy is static and is fixed unless human intervention is performed.
Based on the above purpose, in a first aspect, an embodiment of the present invention provides a method for dynamically adjusting QOS, where the method includes:
the Internet security gateway configures a hierarchical QOS strategy based on the network exit bandwidth;
the Internet security gateway extracts the number of current online users in the network after receiving a Portal confirmation message sent by a Portal server;
the Internet security gateway receives a Radius authentication confirmation message sent by an authentication authorization server and then identifies user authority according to the Radius authentication confirmation message;
the internet security gateway sends a user behavior mark query request message to a data analysis platform, and the data analysis platform sends a user behavior mark based on the user internet surfing behavior to the internet security gateway after receiving the user behavior mark query request message;
and the Internet security gateway matches and executes the configured QOS strategy of the corresponding level by combining the current online user number, the user authority and the user behavior mark in the network.
In a second aspect, an embodiment of the present invention provides a method for dynamically adjusting QOS, which is applied to an internet security gateway, and includes:
configuring a hierarchical QOS strategy based on the network exit bandwidth;
after receiving a Portal confirmation message sent by a Portal server, extracting the number of current online users in the network;
after receiving a Radius authentication confirmation message sent by an authentication authorization server, identifying user authority according to the Radius authentication confirmation message;
sending a user behavior mark query request message to a data analysis platform, and receiving a user behavior mark sent by the data analysis platform;
matching and executing the configured QOS strategy of the corresponding level by combining the number of the current online users in the network, the user authority and the user behavior mark.
In a third aspect, an embodiment of the present invention provides a QOS dynamic adjustment method, which is applied to a data analysis platform, and sends a user behavior token based on a user internet behavior to an internet security gateway after receiving a user behavior token query request message sent by the internet security gateway;
and analyzing the behavior audit log sent by the Internet security gateway to form a user behavior mark based on the user Internet surfing behavior, and storing the user behavior mark into a local database in real time.
In a fourth aspect, the embodiment of the present invention provides a QOS dynamic adjustment method, which is applied to an authentication authorization server, and is configured to record a user name of a high-level user in a database in advance, and after Radius authentication is successful, send a Radius authentication confirmation message to the internet security gateway;
and receiving a Radius authentication request sent by the Internet security gateway.
In a fifth aspect, an embodiment of the present invention provides an internet security gateway, including: a configuration unit, a sending unit and a receiving unit,
the configuration unit is used for configuring a hierarchical QOS strategy based on the network exit bandwidth;
the receiving unit is used for receiving a Portal confirmation message sent by a Portal server;
the configuration unit is also used for extracting the number of the current online users in the network from the Portal confirmation message;
the receiving unit is further configured to receive a Radius authentication confirmation message sent by the authentication and authorization server; the configuration unit is further configured to identify a user right according to the Radius authentication confirmation message;
the sending unit is used for sending a user behavior mark query request message to the data analysis platform;
the receiving unit is further configured to receive a user behavior tag sent by the data analysis platform;
the configuration unit is also used for matching and executing the configured QOS strategy of the corresponding level by combining the number of the current online users in the network, the user authority and the user behavior mark.
In a sixth aspect, an embodiment of the present invention provides a data analysis platform, including: a receiving unit, a sending unit and an analyzing unit,
the receiving unit is used for receiving a user behavior mark query request message sent by an Internet security gateway;
the sending unit is used for sending a user behavior mark based on a user internet surfing behavior to the internet security gateway;
and the analysis unit is used for analyzing the behavior audit log sent by the Internet security gateway, forming a user behavior mark based on the user Internet surfing behavior, and storing the user behavior mark into a local database in real time.
In a seventh aspect, an embodiment of the present invention provides an authentication and authorization server, including: a setting unit, a transmitting unit and a receiving unit,
the setting unit is used for inputting the user name of the high-level user in the database in advance;
the sending unit is used for sending a Radius authentication confirmation message to the Internet security gateway after Radius authentication succeeds;
and the receiving unit is used for receiving the Radius authentication request sent by the Internet security gateway.
In an eighth aspect, an embodiment of the present invention provides a QOS dynamic adjustment system, where the system includes at least the internet security gateway in the fifth aspect, the data analysis platform in the sixth aspect, and the authentication and authorization server in the seventh aspect.
The beneficial effects of the invention are as follows: the internet surfing experience of the user can be further improved while the management and the control and the limitation on the internet surfing behavior of the user are met, and differentiated internet surfing services are embodied for different users. The existing network bandwidth can be effectively utilized, the waste of the network bandwidth is avoided, and therefore the network bandwidth cost is saved for the internet service provider.
Drawings
Fig. 1 is a networking environment diagram of a QOS dynamic adjustment system according to an embodiment of the present invention;
fig. 2 is a flowchart of a method for dynamically adjusting QOS according to an embodiment of the present invention;
fig. 3 is a QOS matching flow chart when a user accesses online according to an embodiment of the present invention;
fig. 4 is a flow chart of QOS matching when a user logs off and logs off according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of an internet security gateway according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of a data analysis platform according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of an authentication and authorization server according to an embodiment of the present invention.
Detailed Description
In order to make the technical scheme of the invention more clear, the invention is further explained in detail with reference to the attached drawings:
embodiments of the present invention provide a method, an apparatus, and a system for dynamically adjusting QOS, so as to solve the problems in the prior art that a QOS policy limits a user internet access behavior and inhibits a user internet access experience, and the QOS policy execution is static, and unless human intervention is performed, the QOS policy execution is also fixed.
The embodiment of the invention provides a QOS dynamic adjustment system, which can further improve the user internet surfing experience while meeting the control and limitation on the user internet surfing behavior and embody differentiated internet surfing services for different users. The existing network bandwidth can be effectively utilized, the waste of the network bandwidth is avoided, and therefore the network bandwidth cost is saved for the internet service provider. As shown in fig. 1, the QOS dynamic adjustment system according to the embodiment of the present invention includes an Internet Security Gateway (ISG), an Authentication Authorization Server (AAS), a Portal Server, and a data Analysis platform (DSP), for convenience of describing the present invention, the system may further include a Content Management Platform (CMP), a terminal, and an Access Point (AP), where in the system shown in fig. 1, built-in interfaces are preset among the Authentication Authorization Server, the Portal Server, the Content Management platform, and the data Analysis platform, and the Authentication Authorization Server, the Portal Server, the Content Management platform, and the data Analysis platform perform information interaction through the preset built-in interfaces.
In the embodiment of the invention, the realization process of dynamically adjusting the QOS strategy comprises the following steps:
firstly, behavior marks based on the internet surfing behavior of the user are predefined in the DSP, for example, two behavior marks Mark1 and Mark2 are predefined, wherein the behavior Mark1 indicates that the internet surfing behavior of the user is mainly online video or downloading; the behavior Mark2 shows that the internet behavior of the user is mainly off-line video or downloading. The user name (for example, a mobile phone number) of a high-level (for short, VIP) user is entered in a database in advance, and the user authority marking bit of the VIP user may be set to be 1, and the user authority marking bit of a common user may be set to be 0. And when the Radius authentication is successful, the authentication and authorization server returns the user permission mark bit to the ISG through a Radius authentication confirmation message. The ISG identifies the user authority according to the user authority mark bit in the Radius authentication confirmation message, packages the Radius authentication result into a Portal message and returns the Portal message to the Portal server, the Portal server counts the number of the real-time online users, and can set the mark bit to represent the number of the current online users in the network, for example, if only one unique user is successfully accessed and authenticated currently, the mark bit of the Portal message sent to the ISG is set to be 1, otherwise, the mark bit is set to be 0 (namely, a plurality of online users exist). And the Portal server sends a Portal confirmation message to the ISG after receiving the Portal message sent by the ISG, wherein the Portal confirmation message carries the information of the number of the online users.
The ISG configures a hierarchical QOS policy according to a network egress bandwidth (for example, the policy is classified into a L1-L12 QOS policy, where the L1-L12 QOS policies correspond to different levels of bandwidth values respectively, the bandwidth value corresponding to each level is configurable and can configure a maximum bandwidth and a guaranteed bandwidth at the same time), and matches and executes the configured QOS policy of the corresponding level according to three elements of the number of current online users in the network, user permissions and user behavior flags. Such as: matching and executing an L1QOS strategy when the access user is the current only online and common user; matching and executing the L2QOS strategy when the access user is the current only online and is a VIP user; matching and executing an L3QOS strategy when the access user is not the current only online and is a common user; matching and executing the L4QOS strategy when the access user is not the current only online and is a VIP user; when the access user is the only current online and the behavior is marked as the L5QOS strategy of the common user of Mark 1; matching and enforcing the L6QOS policy when the access subscriber is the only VIP subscriber currently online and behaviorally labeled Mark 1; matching and executing the L7QOS strategy when the access user is the only current online common user with the behavior marked as Mark 2; matching and enforcing the L8QOS policy when the access subscriber is the only VIP subscriber currently online and behaviourally tagged as Mark 2; matching and executing the L9QOS strategy when the access user is not the only current online common user and the behavior is marked as Mark 1; matching and enforcing the L10QOS policy when the access subscriber is not the only VIP subscriber currently online and behaviorally labeled Mark 1; matching and executing the L11QOS strategy when the access user is not the only current online common user and the behavior is marked as Mark 2; the L12QOS policy that is matched and enforced when the access subscriber is not the only VIP subscriber currently online and behaviourally tagged as Mark 2.
When the user terminal is authenticated for the first time, the process of completing the authentication for the first time specifically comprises the following steps: the ISG intercepts the HTTP GET message requested by the user terminal and completes the 1 st 302 redirection to the user terminal, where 302 redirection (302Redirect) is also referred to as 302 for temporary transfer (temporal Moved), also referred to as temporal Redirect (temporal Redirect), an instruction to the web browser to show that the browser is required to display different URLs, and is used when a web page experiences short-term URL changes, and one temporary redirection is a server-side redirection that can be handled correctly by the search engine.
The user terminal receives the 1 st redirection (302) and accesses a new target URL, namely accesses a Portal server; after receiving the access request of the user terminal, the Portal server completes 2 times of 302 reorientations to the user terminal. And after receiving the 2 nd redirection 302, the user terminal accesses a new target URL, namely accesses the CMP, and after receiving the request of the user terminal, the CMP pushes a specified authentication page to the user terminal. After the user terminal renders an authentication page through a browser, user name + password information is submitted through the page; after receiving the user name and password information submitted by the user terminal, the CMP transmits the information to an authentication and authorization server and also transmits the information to a Portal server; the Portal server transmits the user name and password information to the ISG through a Portal authentication request message; and after receiving the Portal authentication request message, the ISG extracts the user name plus password information and simultaneously initiates a Radius authentication request to an authentication and authorization server. The authentication authorization server transmits the Radius authentication result and the user permission information of the user to the ISG through the Radius authentication confirmation message, the ISG judges whether to release the user according to the Radius authentication result, and the ISG identifies the user permission (a common user or a VIP user) according to the user permission marking position in the Radius authentication confirmation message. The ISG encapsulates the user Radius authentication result fed back by the authentication and authorization server in a Portal message and sends the Portal message to the Portal server, the Portal server sends a Portal confirmation message to the ISG after receiving the Portal message, and the Portal confirmation message carries the information of the number of the online users; the ISG receives a Portal confirmation message sent by a Portal server, and extracts the information of the number of the online users in the Portal confirmation message to judge the number of the current online users in the network, namely to judge whether the user is the current only online user or not. And the ISG sends a user behavior mark inquiry request message to the DSP, and the DSP returns a behavior mark based on the user internet behavior to the ISG after receiving the user behavior mark inquiry request message. When the user accesses for the 1 st time, the behavior returned by the DSP marks that the query result is null. After receiving a user behavior Mark inquiry response message sent by the DSP, the ISG extracts a user behavior Mark1 or Mark2 based on the user internet behavior or the ISG is empty; and matching and executing the configured QOS strategy of the corresponding level according to the number of the current online users in the network extracted from the Portal confirmation message and the user authority identified in the Radius authentication confirmation message. When the user accesses the authentication for the first time, the ISG is matched with the number of the current online users in the network, the user authority and the user behavior mark, and a certain level QOS strategy from L1 to L4 is executed.
After the user successfully accesses the authentication for the first time, the user normally accesses the network according to the preference of the user, and the ISG audits the internet access behavior of the user and generates an audit log which is sent to the DSP. And the DSP analyzes and processes the behavior audit log sent by the ISG to form a user behavior Mark1 or Mark2 based on the user internet access behavior, and stores the user behavior Mark based on the user internet access behavior into a local database in a covering manner.
When the user accesses the authentication again, the specific authentication process is the same as the implementation process of the first access authentication, and only when the user accesses the authentication again, the ISG is matched with the current online user number, the user authority and the user behavior mark in the network and executes a certain level of QOS strategy from L5 to L12.
If a new user accesses, the access authentication of the new user is still completed according to the authentication process, and the ISG matches a QOS strategy of a certain level in L1-L12 according to the latest online user number, user authority and user behavior mark of the user.
When any user accesses or exits at any time, the ISG actively initiates query or passively receives updated information aiming at the three elements of the current online user number, the user authority and the user behavior mark in the network, and if the information of any one element of the three elements of the current online user number, the user authority and the user behavior mark in the network is updated, the ISG re-matches a new QOS strategy from L1 to L12 for the current online user.
Example 1
An embodiment of the present invention provides a method for dynamically adjusting QOS, which is applied to the QOS dynamic adjustment system of the present invention, and as shown in fig. 2, the method includes:
and step 205, the internet security gateway matches and executes the configured QOS policy of the corresponding level by combining the current online user number, the user authority and the user behavior mark in the network.
Further, before the internet security gateway configures a hierarchical QOS policy based on the network egress bandwidth in step 201, the method provided by the embodiment of the present invention further includes:
predefining user behavior marks based on user surfing in a data analysis platform;
after the user successfully accesses and authenticates the normal access network for the first time, the Internet security gateway audits the Internet surfing behavior of the user, generates a behavior audit log and sends the behavior audit log to a data analysis platform, the data analysis platform analyzes the behavior audit log to form a user behavior mark based on the Internet surfing behavior of the user, and the user behavior mark is stored in a local database in real time;
the authentication and authorization server inputs the user name of a high-level user in a database in advance, the internet security gateway initiates a Radius authentication request to the authentication and authorization server, and after Radius authentication is successful, the authentication and authorization server sends a Radius authentication confirmation message to the internet security gateway.
The QOS matching process of the QOS dynamic adjustment method according to the embodiment of the present invention when a user accesses to the internet is further described below by way of example, and as shown in fig. 3, the specific matching process includes:
the ISG configures a QOS strategy of L1-L12 according to the network exit bandwidth, and specifically sets the maximum bandwidth and the guaranteed bandwidth of the QOS strategy of each level, wherein the maximum bandwidth and the guaranteed bandwidth are both configurable, for example, when the exit bandwidth is X, the maximum bandwidth of L1QOS is configured to be 60% and the guaranteed bandwidth of X is configured to be 30% X; the maximum bandwidth of the L2QOS is 80% X, and the bandwidth is guaranteed to be 50% X; the maximum bandwidth of the L3QOS is 40% X, and the bandwidth is guaranteed to be 15% X; the maximum bandwidth of the L4QOS is 60% X, the guaranteed bandwidth is 25% X, and the maximum bandwidth and the guaranteed bandwidth of the L1-L12 are sequentially configured, and the specific bandwidth configuration condition can be selected and set according to the actual application scene, which is not illustrated one by one. In fig. 3, the AP as a wireless access device may broadcast a specified wireless SSID, and a user uses a mobile terminal to connect to the wireless SSID to access a network; and access any extranet through a terminal browser; the ISG intercepts HTTP GET message of user request, and completes 302 redirection for 1 st time to the user terminal; the user terminal accesses the Portal server after receiving the 1 st 302 redirection; after receiving the access request of the user terminal, the Portal server finishes 302 nd redirection to the user terminal; the user terminal accesses the CMP after receiving the 2 nd 302 redirection; after receiving an authentication request of a user terminal, CMP pushes an appointed authentication page to the user terminal; the user terminal submits user name and password information through an authentication page rendered by a browser; CMP receives user name and password information submitted by user terminal, and transmits the information to AAS and Portal server; the Portal server transmits the user name and password information to the ISG through a Portal authentication request message; after receiving the Portal authentication request message, the ISG extracts the user name plus password information and simultaneously initiates a Radius authentication request to the AAS; the AAS sends the Radius authentication result of the user to the ISG through a Radius authentication confirmation message, the ISG judges whether to release the user according to the Radius authentication result, and identifies the user authority (common user or VIP user) according to the user authority mark bit in the Radius authentication confirmation message; the ISG packages the user Radius authentication result fed back by the AAS into a Portal message and then sends the Portal message to a Portal server, the Portal server sends a Portal confirmation message to the ISG after receiving the Portal message, and the Portal confirmation message carries the information of the number of the online users; the ISG extracts the information of the number of the current online users in the Portal confirmation message to determine the number of the current online users in the network; meanwhile, the ISG sends a user behavior mark query request message to the DSP, and the DSP sends a behavior mark based on the user internet behavior to the ISG through a user behavior mark response message after receiving the user behavior mark query request message; after receiving the user behavior Mark response message, the ISG extracts a user behavior Mark1 or Mark2 of the user or the user behavior Mark is null; according to the above process, the ISG can know the current number of online users, user authority and the 3 elements of the user behavior mark in the network, so that the ISG can match and execute the QOS strategies of the corresponding levels configured in L1-L12 according to the 3 elements. The user successfully accesses the network normally after the authentication for the first time, and the ISG audits the user internet behavior, generates a user behavior audit log in real time and sends the user behavior audit log to the DSP. And the DSP analyzes and processes the user behavior audit log sent by the ISG to form a user behavior Mark1 or Mark2 based on user internet surfing, and the real-time user behavior Mark is stored in a local database in a covering mode.
The QOS matching process of the QOS dynamic adjustment method according to the embodiment of the present invention when offline quitting is further described below by way of example, and as shown in fig. 4, the specific matching process includes:
the user actively logs off the line and logs off (such as clicking an exit button of an authentication page), and the offline log-off information of the user is transmitted to the CMP in real time; the CMP transmits the received offline quit information of the user to a Portal server in real time; after receiving the user offline information, the Portal server sends a user offline request message to the ISG through a Portal message; after receiving the user off-line request message, the ISG returns a successful message of the user off-line to the Portal server; meanwhile, the ISG sends an online user number query request message to a Portal server; the Portal server returns a query result message to the ISG; the ISG sends a user behavior mark inquiry request message based on the user internet behavior to the DSP and receives a user behavior mark response message returned by the DSP; aiming at the current online user, the ISG marks the latest online user number, the original user authority and the latest user behavior based on the user online behavior as the online user to be matched again and executes the configured L1-L12 QOS strategy; the user who is still on line at present continues to access any network resource according to the preference of the user; the ISG continuously conducts behavior audit on the user internet behavior and then sends a behavior audit log to the DSP in real time; and the DSP analyzes and processes the audit logs of the user internet behavior reported by the ISG to form a behavior Mark Mark1 or Mark2 based on the user internet behavior, and stores the result in a local database.
The QOS dynamic adjustment method provided by the embodiment of the invention can further improve the user internet surfing experience while meeting the control and limitation on the user internet surfing behavior, and embodies differentiated internet surfing services for different users. The existing network bandwidth can be effectively utilized, the waste of the network bandwidth is avoided, and therefore the network bandwidth cost is saved for the internet service provider.
Example 2
An embodiment of the present invention provides an internet security gateway, as shown in fig. 5, an internet security gateway 50 includes: a configuration unit 501, a transmission unit 502 and a reception unit 503,
the configuration unit 501 is configured to configure a hierarchical QOS policy based on a network egress bandwidth;
the receiving unit 503 is configured to receive a Portal confirmation message sent by a Portal server;
the configuration unit 501 is further configured to extract the number of current online users in the network from the Portal confirmation message;
the receiving unit 503 is further configured to receive a Radius authentication confirmation message sent by the authentication and authorization server;
the configuration unit 501 is further configured to identify a user right according to the Radius authentication confirmation message;
the sending unit 502 is configured to send a user behavior tag query request message to the data analysis platform;
the receiving unit 503 is further configured to receive a user behavior flag sent by the data analysis platform;
the configuration unit 501 is further configured to match and execute the configured QOS policy of the corresponding level in combination with the number of current online users in the network, the user authority, and the user behavior flag.
The sending unit 502 is further configured to audit the internet access behavior of the user after the user successfully accesses the authentication for the first time and normally accesses the network, generate a behavior as an audit log, and send the audit log to the data analysis platform.
Example 3
An embodiment of the present invention provides a data analysis platform, as shown in fig. 6, a data analysis platform 60 includes: a receiving unit 601, a transmitting unit 602 and an analyzing unit 603,
the receiving unit 601 is configured to receive a user behavior token query request message sent by an internet security gateway;
the sending unit 602 is configured to send a user behavior tag based on a user internet surfing behavior to the internet security gateway;
the analysis unit 603 is configured to analyze the behavior audit log sent by the internet security gateway, form a user behavior tag based on a user internet behavior, and store the user behavior tag in a local database in real time.
Example 4
An embodiment of the present invention provides an authentication and authorization server, as shown in fig. 7, an authentication and authorization server 70 includes: a setting unit 701, a transmitting unit 702 and a receiving unit 703,
the setting unit 701 is configured to enter a user name of a high-level user in a database in advance;
the sending unit 702 is configured to send a Radius authentication confirmation message to the internet security gateway after the Radius authentication succeeds;
the receiving unit 703 is configured to receive a Radius authentication request sent by the internet security gateway.
Example 5
The embodiment of the invention provides a QOS dynamic adjustment system, which at least comprises an Internet security gateway in embodiment 2, a data analysis platform in embodiment 3 and an authentication and authorization server in embodiment 4.
The embodiment of the invention can further improve the user internet surfing experience while meeting the control and limitation of the user internet surfing behavior, and embody differentiated internet surfing services for different users. The existing network bandwidth can be effectively utilized, the waste of the network bandwidth is avoided, and therefore the network bandwidth cost is saved for the internet service provider.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily think of the changes or substitutions within the technical scope of the present invention, and shall cover the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (11)
1. A QOS dynamic adjustment method is characterized by comprising the following steps:
the Internet security gateway configures a hierarchical QOS strategy based on network exit bandwidth, wherein each level of QOS strategy of the hierarchical QOS strategy corresponds to different levels of bandwidth values;
the Internet security gateway extracts the number of current online users in the network after receiving a Portal confirmation message sent by a Portal server;
the Internet security gateway receives a Radius authentication confirmation message sent by an authentication authorization server and then identifies user authority according to the Radius authentication confirmation message;
the internet security gateway sends a user behavior mark query request message to a data analysis platform, and the data analysis platform sends a user behavior mark based on the internet surfing behavior to the internet security gateway after receiving the user behavior mark query request message;
and the Internet security gateway matches and executes the configured QOS strategy of the corresponding level by combining the number of the current online users in the network, the user authority and the user behavior mark.
2. The method of claim 1, wherein prior to the internet security gateway configuring the hierarchical QOS policy based on network egress bandwidth, the method further comprises:
predefining user behavior marks based on user surfing in a data analysis platform;
after the user successfully accesses and authenticates the normal access network for the first time, the Internet security gateway audits the Internet surfing behavior of the user, generates a behavior audit log and sends the behavior audit log to a data analysis platform, the data analysis platform analyzes the behavior audit log to form a user behavior mark based on the Internet surfing behavior of the user, and the user behavior mark is stored in a local database in real time;
the authentication and authorization server inputs the user name of a high-level user in a database in advance, the internet security gateway initiates a Radius authentication request to the authentication and authorization server, and after Radius authentication is successful, the authentication and authorization server sends a Radius authentication confirmation message to the internet security gateway.
3. A QOS dynamic adjustment method is applied to an Internet security gateway and is characterized by comprising the following steps:
configuring a hierarchical QOS strategy based on a network exit bandwidth, wherein each level of QOS strategy of the hierarchical QOS strategy corresponds to different levels of bandwidth values;
extracting the number of current online users in the network after receiving a Portal confirmation message sent by a Portal server;
after receiving a Radius authentication confirmation message sent by an authentication authorization server, identifying user authority according to the Radius authentication confirmation message;
sending a user behavior mark query request message to a data analysis platform, and receiving a user behavior mark sent by the data analysis platform;
matching and executing the configured QOS strategy of the corresponding level by combining the number of the current online users in the network, the user authority and the user behavior mark.
4. The method of claim 3,
after the user successfully accesses and authenticates the normal access network for the first time, auditing the internet surfing behavior of the user, generating a line as an audit log and sending the audit log to a data analysis platform;
and initiating a Radius authentication request to an authentication and authorization server.
5. A QOS dynamic adjustment method is applied in a data analysis platform and is characterized in that,
after receiving a user behavior mark query request message sent by an Internet security gateway, sending a user behavior mark based on the user Internet surfing behavior to the Internet security gateway so that the Internet security gateway executes a corresponding hierarchical QOS strategy for the user according to the user behavior mark, wherein each level of QOS strategy of the hierarchical QOS strategy corresponds to different levels of bandwidth values;
and analyzing the behavior audit log sent by the Internet security gateway to form a user behavior mark based on the user Internet surfing behavior, and storing the user behavior mark into a local database in real time.
6. A QOS dynamic adjustment method is applied in an authentication and authorization server and is characterized in that,
the method comprises the steps that a user name of a high-level user is input into a database in advance, after Radius authentication succeeds, a Radius authentication confirmation message is sent to an internet security gateway, so that the internet security gateway can identify user authority according to the Radius authentication confirmation message, a corresponding hierarchical QOS strategy is executed on the user based on the user authority, and each level of QOS strategy of the hierarchical QOS strategy corresponds to different levels of bandwidth values;
and receiving a Radius authentication request sent by the Internet security gateway.
7. An internet security gateway, comprising: a configuration unit, a sending unit and a receiving unit,
the configuration unit is used for configuring a hierarchical QOS strategy based on network exit bandwidth, wherein each level of QOS strategy of the hierarchical QOS strategy corresponds to different levels of bandwidth values;
the receiving unit is used for receiving a Portal confirmation message sent by a Portal server;
the configuration unit is also used for extracting the number of the current online users in the network from the Portal confirmation message;
the receiving unit is further configured to receive a Radius authentication confirmation message sent by the authentication and authorization server;
the configuration unit is further configured to identify a user right according to the Radius authentication confirmation message;
the sending unit is used for sending a user behavior mark query request message to the data analysis platform;
the receiving unit is further configured to receive a user behavior tag sent by the data analysis platform;
the configuration unit is also used for matching and executing the configured QOS strategy of the corresponding level by combining the number of the current online users in the network, the user authority and the user behavior mark.
8. The Internet security gateway of claim 7,
and the sending unit is also used for auditing the internet access behavior of the user after the user successfully accesses the normal access network for the first time, generating a behavior audit log and sending the audit log to the data analysis platform.
9. A data analysis platform, comprising: a receiving unit, a sending unit and an analyzing unit,
the receiving unit is used for receiving a user behavior mark query request message sent by an Internet security gateway;
the sending unit is used for sending a user behavior mark based on a user internet behavior to the internet security gateway so that the internet security gateway executes a corresponding hierarchical QOS strategy for the user according to the user behavior mark, and each level of QOS strategy of the hierarchical QOS strategy corresponds to different levels of bandwidth values;
and the analysis unit is used for analyzing the behavior audit log sent by the Internet security gateway, forming a user behavior mark based on the user Internet surfing behavior, and storing the user behavior mark into a local database in real time.
10. An authentication and authorization server, comprising: a setting unit, a transmitting unit and a receiving unit,
the setting unit is used for inputting the user name of the high-level user in the database in advance;
the sending unit is used for sending a Radius authentication confirmation message to an internet security gateway after Radius authentication is successful, so that the internet security gateway identifies user authority according to the Radius authentication confirmation message, and executes a corresponding hierarchical QOS strategy for the user based on the user authority, wherein each level of QOS strategy of the hierarchical QOS strategy corresponds to different levels of bandwidth values;
and the receiving unit is used for receiving the Radius authentication request sent by the Internet security gateway.
11. A QOS dynamic adjustment system, characterized in that it comprises at least an internet security gateway according to any of claims 7-8, a data analysis platform according to claim 9 and an authentication authorization server according to claim 10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611191835.5A CN108429624B (en) | 2016-12-21 | 2016-12-21 | QOS dynamic adjustment method, equipment and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611191835.5A CN108429624B (en) | 2016-12-21 | 2016-12-21 | QOS dynamic adjustment method, equipment and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108429624A CN108429624A (en) | 2018-08-21 |
| CN108429624B true CN108429624B (en) | 2022-07-26 |
Family
ID=63147237
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611191835.5A Active CN108429624B (en) | 2016-12-21 | 2016-12-21 | QOS dynamic adjustment method, equipment and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108429624B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109714417B (en) * | 2018-12-27 | 2021-08-10 | 迈普通信技术股份有限公司 | Network control system and method based on user behavior |
| CN113542880B (en) * | 2020-04-20 | 2022-11-29 | 中国移动通信集团河北有限公司 | Method and device for detecting quality of short video service |
| CN114844662B (en) * | 2022-03-01 | 2024-03-12 | 天翼安全科技有限公司 | Network security policy management method, device and equipment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7421487B1 (en) * | 2003-06-12 | 2008-09-02 | Juniper Networks, Inc. | Centralized management of quality of service (QoS) information for data flows |
| CN101695022A (en) * | 2009-11-02 | 2010-04-14 | 杭州华三通信技术有限公司 | Management method and device for service quality |
| CN102004770A (en) * | 2010-11-16 | 2011-04-06 | 杭州迪普科技有限公司 | Webpage auditing method and device |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103580962A (en) * | 2012-08-06 | 2014-02-12 | 中兴通讯股份有限公司 | System and method for providing customization network service for home gateway user |
| CN103885987B (en) * | 2012-12-21 | 2018-04-10 | 中国移动通信集团公司 | A kind of music recommends method and system |
| CN104506593A (en) * | 2014-12-11 | 2015-04-08 | 上海因联企业咨询合伙企业(普通合伙) | Large-scale expansible free wireless value-added platform |
| CN105978879B (en) * | 2016-05-11 | 2019-04-26 | 北京交通大学 | Network channel safety management system |
-
2016
- 2016-12-21 CN CN201611191835.5A patent/CN108429624B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7421487B1 (en) * | 2003-06-12 | 2008-09-02 | Juniper Networks, Inc. | Centralized management of quality of service (QoS) information for data flows |
| CN101695022A (en) * | 2009-11-02 | 2010-04-14 | 杭州华三通信技术有限公司 | Management method and device for service quality |
| CN102004770A (en) * | 2010-11-16 | 2011-04-06 | 杭州迪普科技有限公司 | Webpage auditing method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108429624A (en) | 2018-08-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9635553B2 (en) | Access control interfaces for enhanced wireless router | |
| CN107493280B (en) | User authentication method, intelligent gateway and authentication server | |
| CN104994073B (en) | Mobile phone terminal, server and its account number and apparatus bound control execute method | |
| CN101990183B (en) | Method, device and system for protecting user information | |
| CN102368768B (en) | Identification method, equipment and system as well as identification server | |
| EP1690189B1 (en) | On demand session provisioning of ip flows | |
| CN108092988B (en) | Non-perception authentication and authorization network system and method based on dynamic temporary password creation | |
| CN104144163A (en) | Identity verification method, device and system | |
| CN108429624B (en) | QOS dynamic adjustment method, equipment and system | |
| US9043928B1 (en) | Enabling web page tracking | |
| CN110505188B (en) | Terminal authentication method, related equipment and authentication system | |
| CN103580962A (en) | System and method for providing customization network service for home gateway user | |
| CN103997479B (en) | A kind of asymmetric services IP Proxy Methods and equipment | |
| CN109936847A (en) | Shared method for network access, system and its equipment | |
| CN105873053B (en) | Method and system for embedding access authentication page into webpage and wireless access point | |
| CN108200039B (en) | Non-perception authentication and authorization system and method based on dynamic establishment of temporary account password | |
| CN103634304B (en) | A kind of method realizing quick WEB authentication on intelligent television | |
| CN103428161A (en) | Phone authentication service system | |
| KR101387937B1 (en) | A Method for Controlling the Usage of Network Resources Using User Authentication | |
| AU2017344389B2 (en) | Portal aggregation service mapping subscriber device identifiers to portal addresses to which connection and authentication requests are redirected and facilitating mass subscriber apparatus configuration | |
| CN102045398B (en) | Portal-based distributed control method and equipment | |
| CN114944927A (en) | Portal authentication-based client-side-free mutual exclusion access platform | |
| JP4970833B2 (en) | Broadband data transmission method | |
| KR101261471B1 (en) | Method and apparatus for managing user account information | |
| KR20140102502A (en) | Method and apparatus for controlling traffic |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP02 | Change in the address of a patent holder | ||
| CP02 | Change in the address of a patent holder |
Address after: 610041 nine Xing Xing Road 16, hi tech Zone, Sichuan, Chengdu Patentee after: MAIPU COMMUNICATION TECHNOLOGY Co.,Ltd. Address before: 610041 15-24 floor, 1 1 Tianfu street, Chengdu high tech Zone, Sichuan Patentee before: MAIPU COMMUNICATION TECHNOLOGY Co.,Ltd. |