CN109672567B - Method for realizing network following strategy - Google Patents

Method for realizing network following strategy Download PDF

Info

Publication number
CN109672567B
CN109672567B CN201910023007.8A CN201910023007A CN109672567B CN 109672567 B CN109672567 B CN 109672567B CN 201910023007 A CN201910023007 A CN 201910023007A CN 109672567 B CN109672567 B CN 109672567B
Authority
CN
China
Prior art keywords
strategy
user
following
network
followed
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910023007.8A
Other languages
Chinese (zh)
Other versions
CN109672567A (en
Inventor
李永明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Mythware Information Technology Co ltd
Original Assignee
Nanjing Mythware Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Mythware Information Technology Co ltd filed Critical Nanjing Mythware Information Technology Co ltd
Priority to CN201910023007.8A priority Critical patent/CN109672567B/en
Publication of CN109672567A publication Critical patent/CN109672567A/en
Application granted granted Critical
Publication of CN109672567B publication Critical patent/CN109672567B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/085Retrieval of network configuration; Tracking network configuration history
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0893Assignment of logical groups to network elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0896Bandwidth or capacity management, i.e. automatically increasing or decreasing capacities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a method for realizing a network following strategy, which relates to the technical field of flow control of network strategies, in particular to a strategy acquisition, strategy matching and flow forwarding mode. The method for realizing the network following strategy introduces a following strategy network mode, does not need a user to add network strategies, all strategies are from the behavior of a followed person, realizes simple and convenient network flow control, and the core part of the following mode is that through an intelligent learning algorithm, the operation of adding, deleting and changing a control flow table is carried out according to the behavior of the user, the operation of the user on strategy control is simplified, the user only needs to set a specific device as the followed person to complete setting, and all flow control execution operations are intelligently completed.

Description

Method for realizing network following strategy
Technical Field
The invention relates to the technical field of flow control of network strategies, in particular to a method for realizing a network following strategy.
Background
With the coming of the Internet era, the Internet is closely connected with life in various industries, fields and different people, and the network technical fields of network monitoring, flow control, behavior control, network security and the like are particularly important, and the common network modes of the current network behavior and flow control include a blacklist mode and a whitelist mode.
However, both the black list mode and the white list mode require the user to actively add the network policy, so the network policy addition is reasonable, and is a necessary course before the user uses the network policy, in addition, the simple black and white list mode cannot meet the requirements of the user, if the user expects that all users of the local area network cannot access xxx.com, the common black and white list manages the IP, the xxx.com adopts a dynamic domain name, the IP can be changed at any time and has a plurality of sub-domain names, and the like, and the black and white list function cannot meet the requirements of the user.
Disclosure of Invention
Aiming at the defects of the prior art, the invention provides a method for realizing a network following strategy, which solves the problems in the background technology.
In order to achieve the purpose, the invention is realized by the following technical scheme: a method for realizing network following strategy comprises the collection of strategy, the matching of strategy and the forwarding mode of flow, the exposition objects of the method for realizing network following strategy are followed users, strategy gateways, Internet and flow discarding stations, the operation objects of the method for realizing network following strategy are following flow and non-following flow, the method for realizing network following strategy comprises the following key steps:
when the network equipment works in the following strategy mode, one or more followed persons exist in the network, the access of the followed persons to the external network is not limited, users except the followed persons are called ordinary users, the access of the ordinary users to the external network is blocked, and after the followed persons access a.com successfully, the ordinary users can access the a.com, namely the ordinary users follow successfully;
the flow data frame unit takes a data frame as a unit, intercepts the data frame and submits the data frame to a following strategy mode module for processing;
whether the user is the person to be followed is judged by the person to be followed unit, and the following operations of different processes are carried out according to the judgment result:
a. whether the user is the followed person is judged by the followed person unit, if the user is the followed person, the user enters an acquisition strategy unit to acquire data, inserts the data into a strategy storage area unit and forwards a data frame to the Internet;
b. whether the user is a followed user is judged by the follower unit, if the user is a common user, the user enters a matching strategy unit, the strategy in the unit is read, if the matching is successful, the data frame is forwarded to the Internet, and if the matching is not successful, the data frame is discarded or rejected;
whether the data stream accessing the Internet is forwarded or not is judged, and two operations are executed on the data stream according to the following strategy matching result: by or discarding (i.e., rejecting), when a policy for the data stream is successfully matched in the flow label, it will be forwarded to the Internet, and the user's access to the Internet is successful; if the flow table strategy is not matched, the flow table strategy is discarded, and the user fails to access the Internet.
Optionally, the followed user can conveniently perform flow control on the following user.
Optionally, the method for implementing the network following policy works in a policy gateway, and according to the traffic accessed by the user to be followed, the traffic of a common user is distinguished, and finally forwarding or discarding is decided.
Optionally, in the method for implementing the network following policy, all behavior data of the followed user is stored according to the behavior of the followed user, and is used for identifying whether the behavior of the common user belongs to following.
Optionally, the network device manages all network devices connected to the network device.
Optionally, the core part of the following policy mode is that, in the policy acquisition unit, the control flow table is added, deleted, and changed according to the behavior of the user in the policy storage area through an intelligent learning algorithm.
The invention has the advantages that: the invention is a method for realizing network following strategy, introduces a following strategy network mode, does not need users to add network strategies, all strategies come from the behavior of the followed person, realizes simple and convenient network flow control, and the following strategy network mode is different from the general network management mode, such as: the following mode is a novel intelligent network policy control mode, and the core part of the intelligent network policy control mode is that through an intelligent learning algorithm, the control flow table is added, deleted and changed according to the behavior of a user, so that the operation of the user on policy control is simplified, the user only needs to set a specific device as a followed person to complete the setting, and all flow control execution operations are completed intelligently.
Drawings
FIG. 1 is a schematic diagram of the logical relationship of the present invention;
fig. 2 is a schematic diagram of an internal implementation flow of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments.
Referring to fig. 1 to 2, the present invention provides a technical solution: a method for realizing network following strategy comprises strategy collection, strategy matching and flow forwarding, wherein the method for realizing network following strategy comprises the following user, strategy gateway, Internet and flow discarding station as the object of explanation, the method for realizing network following strategy comprises following flow and non-following flow as the operation object, the method comprises the following key steps:
when the network equipment works in the following strategy mode, one or more followed persons exist in the network, the access of the followed persons to the external network is not limited, users except the followed persons are called ordinary users, the access of the ordinary users to the external network is blocked, and after the followed persons access a.com successfully, the ordinary users can access the a.com, namely the ordinary users follow successfully;
the flow data frame unit takes a data frame as a unit, intercepts the data frame and submits the data frame to a following strategy mode module for processing;
whether the user is the person to be followed is judged by the person to be followed unit, and the following operations of different processes are carried out according to the judgment result:
a. whether the user is the followed person is judged by the followed person unit, if the user is the followed person, the user enters an acquisition strategy unit to acquire data, inserts the data into a strategy storage area unit and forwards a data frame to the Internet;
b. whether the user is a followed user is judged by the follower unit, if the user is a common user, the user enters a matching strategy unit, the strategy in the unit is read, if the matching is successful, the data frame is forwarded to the Internet, and if the matching is not successful, the data frame is discarded or rejected;
whether the data stream accessing the Internet is forwarded or not is judged, and two operations are executed on the data stream according to the following strategy matching result: by or discarding (i.e., rejecting), when a policy for the data stream is successfully matched in the flow label, it will be forwarded to the Internet, and the user's access to the Internet is successful; if the flow table strategy is not matched, the flow table strategy is discarded, and the user fails to access the Internet.
The followed user can conveniently control the flow of the following user.
The method for realizing the network following strategy works in a strategy gateway, distinguishes the flow of a common user according to the flow accessed by a user to be followed, and finally decides to forward or discard.
In the method for realizing the network following strategy, all behavior data of a followed user is stored according to the behavior of the followed user and is used for identifying whether the behavior of a common user belongs to following.
The network device manages all the network devices connected to it, such as switches, routers, etc.
The core part of the following strategy mode is that in the strategy acquisition unit, through an intelligent learning algorithm, in a strategy storage area, the control flow table is added, deleted and changed according to the user behavior, and the following strategy mode is different from a general network management mode, such as: the method comprises the steps of setting a plurality of lists of a.com … to disallow access of users), setting a white list of a.com … to allow access of users, and the like, wherein after the following person is set in the mode, the flow in the network is controlled, the control mode is more intelligent, the operation of the users on policy control can be simplified, the users can complete setting only by setting specific equipment as the followed person, and all flow control execution operations are completed intelligently.
In summary, the method for implementing network following policy introduces a following policy network mode, which is different from a general network management mode, such as: the core part of the following mode is that through an intelligent learning algorithm, the operations of adding, deleting and changing a control flow table are carried out according to the behaviors of the user, the operation of the user on policy control is simplified, the user only needs to set a specific device as a followed person to complete the setting, and all flow control execution operations are intelligently completed.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art should be considered to be within the technical scope of the present invention, and the technical solutions and the inventive concepts thereof according to the present invention should be equivalent or changed within the scope of the present invention.

Claims (6)

1. A method for implementing network following strategy is characterized in that: the method comprises the steps of strategy acquisition, strategy matching and flow forwarding, wherein the method for realizing the network following strategy comprises the following user, a strategy gateway, the Internet and a flow discarding station as the explanation objects, the following flow and the non-following flow as the operation objects, and the method for realizing the network following strategy comprises the following key steps:
when the network equipment works in the following strategy mode, one or more followed persons exist in the network, the access of the followed persons to the external network is not limited, users except the followed persons are called ordinary users, the access of the ordinary users to the external network is blocked, and after the followed persons access a.com successfully, the ordinary users can access the a.com, namely the ordinary users follow successfully;
the flow data frame unit takes a data frame as a unit, intercepts the data frame and submits the data frame to a following strategy mode module for processing;
whether the user is the person to be followed is judged by the person to be followed unit, and the following operations of different processes are carried out according to the judgment result:
a. whether the user is the followed person is judged by the followed person unit, if the user is the followed person, the user enters an acquisition strategy unit to acquire data, inserts the data into a strategy storage area unit and forwards a data frame to the Internet;
b. whether the user is a followed user is judged by the follower unit, if the user is a common user, the user enters a matching strategy unit, the strategy in the unit is read, if the matching is successful, the data frame is forwarded to the Internet, and if the matching is not successful, the data frame is discarded or rejected;
whether the data stream accessing the Internet is forwarded or not is judged, and two operations are executed on the data stream according to the following strategy matching result: by or discarding (i.e., rejecting), when a policy for the data stream is successfully matched in the flow label, it will be forwarded to the Internet, and the user's access to the Internet is successful; if the flow table strategy is not matched, the flow table strategy is discarded, and the user fails to access the Internet.
2. The method of claim 1, wherein the following policy is implemented by: the followed user can conveniently control the flow of the following user.
3. The method of claim 1, wherein the following policy is implemented by: the method for realizing the network following strategy works in a strategy gateway, distinguishes the flow of a common user according to the flow accessed by a user to be followed, and finally decides to forward or discard.
4. The method of claim 1, wherein the following policy is implemented by: in the method for realizing the network following strategy, all behavior data of the followed user is stored according to the behavior of the followed user and is used for identifying whether the behavior of the common user belongs to following.
5. The method of claim 1, wherein the following policy is implemented by: the network device manages all network devices connected to the network device.
6. The method of claim 1, wherein the following policy is implemented by: the core part of the following strategy mode is that in the strategy acquisition unit, through an intelligent learning algorithm, in a strategy storage area, the control flow table is added, deleted and changed according to the behavior of a user.
CN201910023007.8A 2019-01-10 2019-01-10 Method for realizing network following strategy Active CN109672567B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910023007.8A CN109672567B (en) 2019-01-10 2019-01-10 Method for realizing network following strategy

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910023007.8A CN109672567B (en) 2019-01-10 2019-01-10 Method for realizing network following strategy

Publications (2)

Publication Number Publication Date
CN109672567A CN109672567A (en) 2019-04-23
CN109672567B true CN109672567B (en) 2021-10-29

Family

ID=66150562

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910023007.8A Active CN109672567B (en) 2019-01-10 2019-01-10 Method for realizing network following strategy

Country Status (1)

Country Link
CN (1) CN109672567B (en)

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001043021A2 (en) * 1999-12-07 2001-06-14 Entricom, Inc. Telecommunications order entry, tracking and management system
CN101075923A (en) * 2006-08-29 2007-11-21 腾讯科技(深圳)有限公司 System for tracking customer in network community and its realization
CN101803299A (en) * 2007-09-20 2010-08-11 爱立信电话股份有限公司 Policy routing in a communications network
CN103259791A (en) * 2013-04-28 2013-08-21 华为技术有限公司 Traversal communication routing method, terminal and system
CN104423904A (en) * 2013-08-27 2015-03-18 佳能株式会社 Management apparatus, and control method thereof
CN104769909A (en) * 2012-08-30 2015-07-08 艾诺威网络有限公司 Internetwork authentication
CN105306481A (en) * 2015-11-12 2016-02-03 北京锐安科技有限公司 Method for operating access control policy rule
CN107395617A (en) * 2017-08-14 2017-11-24 中国联合网络通信集团有限公司 Security policy manager method and device
CN108833435A (en) * 2018-07-03 2018-11-16 郑州云海信息技术有限公司 A kind of method for network access control and device, network system
CN108990067A (en) * 2018-07-09 2018-12-11 常熟理工学院 A kind of energy efficiency controlling method applied to super-intensive heterogeneous network

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001043021A2 (en) * 1999-12-07 2001-06-14 Entricom, Inc. Telecommunications order entry, tracking and management system
CN101075923A (en) * 2006-08-29 2007-11-21 腾讯科技(深圳)有限公司 System for tracking customer in network community and its realization
CN101803299A (en) * 2007-09-20 2010-08-11 爱立信电话股份有限公司 Policy routing in a communications network
CN104769909A (en) * 2012-08-30 2015-07-08 艾诺威网络有限公司 Internetwork authentication
CN103259791A (en) * 2013-04-28 2013-08-21 华为技术有限公司 Traversal communication routing method, terminal and system
CN104423904A (en) * 2013-08-27 2015-03-18 佳能株式会社 Management apparatus, and control method thereof
CN105306481A (en) * 2015-11-12 2016-02-03 北京锐安科技有限公司 Method for operating access control policy rule
CN107395617A (en) * 2017-08-14 2017-11-24 中国联合网络通信集团有限公司 Security policy manager method and device
CN108833435A (en) * 2018-07-03 2018-11-16 郑州云海信息技术有限公司 A kind of method for network access control and device, network system
CN108990067A (en) * 2018-07-09 2018-12-11 常熟理工学院 A kind of energy efficiency controlling method applied to super-intensive heterogeneous network

Also Published As

Publication number Publication date
CN109672567A (en) 2019-04-23

Similar Documents

Publication Publication Date Title
CN103546294B (en) Entrance guard authorization method, device and equipment
US7882217B2 (en) Network identity clustering
RU2004126668A (en) SYSTEM AND METHOD OF ORGANIZING MANAGED BROADCASTING
CN104243472A (en) Network with MAC table overflow protection
US20120195234A1 (en) Method for policy-based control of enterprise messaging
US7707312B2 (en) Printer discovery protocol system and method
WO2011076984A1 (en) Apparatus, method and computer-readable storage medium for determining application protocol elements as different types of lawful interception content
CN106685827B (en) Downlink message forwarding method and AP (access point) equipment
US20170208063A1 (en) Communication system, access authentication method and system based on communication system
CN107615710A (en) Direct reply action in SDN switch
CN108123783A (en) Data transmission method, apparatus and system
WO2012151843A1 (en) Ulr filtering system, method and gateway
CN107145568A (en) A kind of quick media event clustering system and method
US20160072754A1 (en) Method and Device for Forwarding Message
CN109672567B (en) Method for realizing network following strategy
CN106603471B (en) A kind of firewall policy detection method and device
EP2472785B1 (en) Service linkage control system and method
CN111107008A (en) Reverse path checking method and device
CN107484151A (en) A kind of SIM card networking control method
WO2016201843A1 (en) Control method and apparatus for mac address learning
US8050681B2 (en) System and method for controlling connections between a wireless router and unlicensed mobile access capable mobile phones
US8965362B1 (en) Methods and apparatus for prefix filtering of international mobile subscriber identity (IMSI) wildcard application
CN101515874B (en) Access control method and access control system for network server
CN106685861B (en) A kind of software defined network system and its message transmission control method
CN109379401A (en) Original flow storage device based on Kafka

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant