CN109672567B - Method for realizing network following strategy - Google Patents
Method for realizing network following strategy Download PDFInfo
- Publication number
- CN109672567B CN109672567B CN201910023007.8A CN201910023007A CN109672567B CN 109672567 B CN109672567 B CN 109672567B CN 201910023007 A CN201910023007 A CN 201910023007A CN 109672567 B CN109672567 B CN 109672567B
- Authority
- CN
- China
- Prior art keywords
- strategy
- user
- following
- network
- followed
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/085—Retrieval of network configuration; Tracking network configuration history
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0893—Assignment of logical groups to network elements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0896—Bandwidth or capacity management, i.e. automatically increasing or decreasing capacities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method for realizing a network following strategy, which relates to the technical field of flow control of network strategies, in particular to a strategy acquisition, strategy matching and flow forwarding mode. The method for realizing the network following strategy introduces a following strategy network mode, does not need a user to add network strategies, all strategies are from the behavior of a followed person, realizes simple and convenient network flow control, and the core part of the following mode is that through an intelligent learning algorithm, the operation of adding, deleting and changing a control flow table is carried out according to the behavior of the user, the operation of the user on strategy control is simplified, the user only needs to set a specific device as the followed person to complete setting, and all flow control execution operations are intelligently completed.
Description
Technical Field
The invention relates to the technical field of flow control of network strategies, in particular to a method for realizing a network following strategy.
Background
With the coming of the Internet era, the Internet is closely connected with life in various industries, fields and different people, and the network technical fields of network monitoring, flow control, behavior control, network security and the like are particularly important, and the common network modes of the current network behavior and flow control include a blacklist mode and a whitelist mode.
However, both the black list mode and the white list mode require the user to actively add the network policy, so the network policy addition is reasonable, and is a necessary course before the user uses the network policy, in addition, the simple black and white list mode cannot meet the requirements of the user, if the user expects that all users of the local area network cannot access xxx.com, the common black and white list manages the IP, the xxx.com adopts a dynamic domain name, the IP can be changed at any time and has a plurality of sub-domain names, and the like, and the black and white list function cannot meet the requirements of the user.
Disclosure of Invention
Aiming at the defects of the prior art, the invention provides a method for realizing a network following strategy, which solves the problems in the background technology.
In order to achieve the purpose, the invention is realized by the following technical scheme: a method for realizing network following strategy comprises the collection of strategy, the matching of strategy and the forwarding mode of flow, the exposition objects of the method for realizing network following strategy are followed users, strategy gateways, Internet and flow discarding stations, the operation objects of the method for realizing network following strategy are following flow and non-following flow, the method for realizing network following strategy comprises the following key steps:
when the network equipment works in the following strategy mode, one or more followed persons exist in the network, the access of the followed persons to the external network is not limited, users except the followed persons are called ordinary users, the access of the ordinary users to the external network is blocked, and after the followed persons access a.com successfully, the ordinary users can access the a.com, namely the ordinary users follow successfully;
the flow data frame unit takes a data frame as a unit, intercepts the data frame and submits the data frame to a following strategy mode module for processing;
whether the user is the person to be followed is judged by the person to be followed unit, and the following operations of different processes are carried out according to the judgment result:
a. whether the user is the followed person is judged by the followed person unit, if the user is the followed person, the user enters an acquisition strategy unit to acquire data, inserts the data into a strategy storage area unit and forwards a data frame to the Internet;
b. whether the user is a followed user is judged by the follower unit, if the user is a common user, the user enters a matching strategy unit, the strategy in the unit is read, if the matching is successful, the data frame is forwarded to the Internet, and if the matching is not successful, the data frame is discarded or rejected;
whether the data stream accessing the Internet is forwarded or not is judged, and two operations are executed on the data stream according to the following strategy matching result: by or discarding (i.e., rejecting), when a policy for the data stream is successfully matched in the flow label, it will be forwarded to the Internet, and the user's access to the Internet is successful; if the flow table strategy is not matched, the flow table strategy is discarded, and the user fails to access the Internet.
Optionally, the followed user can conveniently perform flow control on the following user.
Optionally, the method for implementing the network following policy works in a policy gateway, and according to the traffic accessed by the user to be followed, the traffic of a common user is distinguished, and finally forwarding or discarding is decided.
Optionally, in the method for implementing the network following policy, all behavior data of the followed user is stored according to the behavior of the followed user, and is used for identifying whether the behavior of the common user belongs to following.
Optionally, the network device manages all network devices connected to the network device.
Optionally, the core part of the following policy mode is that, in the policy acquisition unit, the control flow table is added, deleted, and changed according to the behavior of the user in the policy storage area through an intelligent learning algorithm.
The invention has the advantages that: the invention is a method for realizing network following strategy, introduces a following strategy network mode, does not need users to add network strategies, all strategies come from the behavior of the followed person, realizes simple and convenient network flow control, and the following strategy network mode is different from the general network management mode, such as: the following mode is a novel intelligent network policy control mode, and the core part of the intelligent network policy control mode is that through an intelligent learning algorithm, the control flow table is added, deleted and changed according to the behavior of a user, so that the operation of the user on policy control is simplified, the user only needs to set a specific device as a followed person to complete the setting, and all flow control execution operations are completed intelligently.
Drawings
FIG. 1 is a schematic diagram of the logical relationship of the present invention;
fig. 2 is a schematic diagram of an internal implementation flow of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments.
Referring to fig. 1 to 2, the present invention provides a technical solution: a method for realizing network following strategy comprises strategy collection, strategy matching and flow forwarding, wherein the method for realizing network following strategy comprises the following user, strategy gateway, Internet and flow discarding station as the object of explanation, the method for realizing network following strategy comprises following flow and non-following flow as the operation object, the method comprises the following key steps:
when the network equipment works in the following strategy mode, one or more followed persons exist in the network, the access of the followed persons to the external network is not limited, users except the followed persons are called ordinary users, the access of the ordinary users to the external network is blocked, and after the followed persons access a.com successfully, the ordinary users can access the a.com, namely the ordinary users follow successfully;
the flow data frame unit takes a data frame as a unit, intercepts the data frame and submits the data frame to a following strategy mode module for processing;
whether the user is the person to be followed is judged by the person to be followed unit, and the following operations of different processes are carried out according to the judgment result:
a. whether the user is the followed person is judged by the followed person unit, if the user is the followed person, the user enters an acquisition strategy unit to acquire data, inserts the data into a strategy storage area unit and forwards a data frame to the Internet;
b. whether the user is a followed user is judged by the follower unit, if the user is a common user, the user enters a matching strategy unit, the strategy in the unit is read, if the matching is successful, the data frame is forwarded to the Internet, and if the matching is not successful, the data frame is discarded or rejected;
whether the data stream accessing the Internet is forwarded or not is judged, and two operations are executed on the data stream according to the following strategy matching result: by or discarding (i.e., rejecting), when a policy for the data stream is successfully matched in the flow label, it will be forwarded to the Internet, and the user's access to the Internet is successful; if the flow table strategy is not matched, the flow table strategy is discarded, and the user fails to access the Internet.
The followed user can conveniently control the flow of the following user.
The method for realizing the network following strategy works in a strategy gateway, distinguishes the flow of a common user according to the flow accessed by a user to be followed, and finally decides to forward or discard.
In the method for realizing the network following strategy, all behavior data of a followed user is stored according to the behavior of the followed user and is used for identifying whether the behavior of a common user belongs to following.
The network device manages all the network devices connected to it, such as switches, routers, etc.
The core part of the following strategy mode is that in the strategy acquisition unit, through an intelligent learning algorithm, in a strategy storage area, the control flow table is added, deleted and changed according to the user behavior, and the following strategy mode is different from a general network management mode, such as: the method comprises the steps of setting a plurality of lists of a.com … to disallow access of users), setting a white list of a.com … to allow access of users, and the like, wherein after the following person is set in the mode, the flow in the network is controlled, the control mode is more intelligent, the operation of the users on policy control can be simplified, the users can complete setting only by setting specific equipment as the followed person, and all flow control execution operations are completed intelligently.
In summary, the method for implementing network following policy introduces a following policy network mode, which is different from a general network management mode, such as: the core part of the following mode is that through an intelligent learning algorithm, the operations of adding, deleting and changing a control flow table are carried out according to the behaviors of the user, the operation of the user on policy control is simplified, the user only needs to set a specific device as a followed person to complete the setting, and all flow control execution operations are intelligently completed.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art should be considered to be within the technical scope of the present invention, and the technical solutions and the inventive concepts thereof according to the present invention should be equivalent or changed within the scope of the present invention.
Claims (6)
1. A method for implementing network following strategy is characterized in that: the method comprises the steps of strategy acquisition, strategy matching and flow forwarding, wherein the method for realizing the network following strategy comprises the following user, a strategy gateway, the Internet and a flow discarding station as the explanation objects, the following flow and the non-following flow as the operation objects, and the method for realizing the network following strategy comprises the following key steps:
when the network equipment works in the following strategy mode, one or more followed persons exist in the network, the access of the followed persons to the external network is not limited, users except the followed persons are called ordinary users, the access of the ordinary users to the external network is blocked, and after the followed persons access a.com successfully, the ordinary users can access the a.com, namely the ordinary users follow successfully;
the flow data frame unit takes a data frame as a unit, intercepts the data frame and submits the data frame to a following strategy mode module for processing;
whether the user is the person to be followed is judged by the person to be followed unit, and the following operations of different processes are carried out according to the judgment result:
a. whether the user is the followed person is judged by the followed person unit, if the user is the followed person, the user enters an acquisition strategy unit to acquire data, inserts the data into a strategy storage area unit and forwards a data frame to the Internet;
b. whether the user is a followed user is judged by the follower unit, if the user is a common user, the user enters a matching strategy unit, the strategy in the unit is read, if the matching is successful, the data frame is forwarded to the Internet, and if the matching is not successful, the data frame is discarded or rejected;
whether the data stream accessing the Internet is forwarded or not is judged, and two operations are executed on the data stream according to the following strategy matching result: by or discarding (i.e., rejecting), when a policy for the data stream is successfully matched in the flow label, it will be forwarded to the Internet, and the user's access to the Internet is successful; if the flow table strategy is not matched, the flow table strategy is discarded, and the user fails to access the Internet.
2. The method of claim 1, wherein the following policy is implemented by: the followed user can conveniently control the flow of the following user.
3. The method of claim 1, wherein the following policy is implemented by: the method for realizing the network following strategy works in a strategy gateway, distinguishes the flow of a common user according to the flow accessed by a user to be followed, and finally decides to forward or discard.
4. The method of claim 1, wherein the following policy is implemented by: in the method for realizing the network following strategy, all behavior data of the followed user is stored according to the behavior of the followed user and is used for identifying whether the behavior of the common user belongs to following.
5. The method of claim 1, wherein the following policy is implemented by: the network device manages all network devices connected to the network device.
6. The method of claim 1, wherein the following policy is implemented by: the core part of the following strategy mode is that in the strategy acquisition unit, through an intelligent learning algorithm, in a strategy storage area, the control flow table is added, deleted and changed according to the behavior of a user.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910023007.8A CN109672567B (en) | 2019-01-10 | 2019-01-10 | Method for realizing network following strategy |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910023007.8A CN109672567B (en) | 2019-01-10 | 2019-01-10 | Method for realizing network following strategy |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109672567A CN109672567A (en) | 2019-04-23 |
CN109672567B true CN109672567B (en) | 2021-10-29 |
Family
ID=66150562
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910023007.8A Active CN109672567B (en) | 2019-01-10 | 2019-01-10 | Method for realizing network following strategy |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109672567B (en) |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2001043021A2 (en) * | 1999-12-07 | 2001-06-14 | Entricom, Inc. | Telecommunications order entry, tracking and management system |
CN101075923A (en) * | 2006-08-29 | 2007-11-21 | 腾讯科技(深圳)有限公司 | System for tracking customer in network community and its realization |
CN101803299A (en) * | 2007-09-20 | 2010-08-11 | 爱立信电话股份有限公司 | Policy routing in a communications network |
CN103259791A (en) * | 2013-04-28 | 2013-08-21 | 华为技术有限公司 | Traversal communication routing method, terminal and system |
CN104423904A (en) * | 2013-08-27 | 2015-03-18 | 佳能株式会社 | Management apparatus, and control method thereof |
CN104769909A (en) * | 2012-08-30 | 2015-07-08 | 艾诺威网络有限公司 | Internetwork authentication |
CN105306481A (en) * | 2015-11-12 | 2016-02-03 | 北京锐安科技有限公司 | Method for operating access control policy rule |
CN107395617A (en) * | 2017-08-14 | 2017-11-24 | 中国联合网络通信集团有限公司 | Security policy manager method and device |
CN108833435A (en) * | 2018-07-03 | 2018-11-16 | 郑州云海信息技术有限公司 | A kind of method for network access control and device, network system |
CN108990067A (en) * | 2018-07-09 | 2018-12-11 | 常熟理工学院 | A kind of energy efficiency controlling method applied to super-intensive heterogeneous network |
-
2019
- 2019-01-10 CN CN201910023007.8A patent/CN109672567B/en active Active
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2001043021A2 (en) * | 1999-12-07 | 2001-06-14 | Entricom, Inc. | Telecommunications order entry, tracking and management system |
CN101075923A (en) * | 2006-08-29 | 2007-11-21 | 腾讯科技(深圳)有限公司 | System for tracking customer in network community and its realization |
CN101803299A (en) * | 2007-09-20 | 2010-08-11 | 爱立信电话股份有限公司 | Policy routing in a communications network |
CN104769909A (en) * | 2012-08-30 | 2015-07-08 | 艾诺威网络有限公司 | Internetwork authentication |
CN103259791A (en) * | 2013-04-28 | 2013-08-21 | 华为技术有限公司 | Traversal communication routing method, terminal and system |
CN104423904A (en) * | 2013-08-27 | 2015-03-18 | 佳能株式会社 | Management apparatus, and control method thereof |
CN105306481A (en) * | 2015-11-12 | 2016-02-03 | 北京锐安科技有限公司 | Method for operating access control policy rule |
CN107395617A (en) * | 2017-08-14 | 2017-11-24 | 中国联合网络通信集团有限公司 | Security policy manager method and device |
CN108833435A (en) * | 2018-07-03 | 2018-11-16 | 郑州云海信息技术有限公司 | A kind of method for network access control and device, network system |
CN108990067A (en) * | 2018-07-09 | 2018-12-11 | 常熟理工学院 | A kind of energy efficiency controlling method applied to super-intensive heterogeneous network |
Also Published As
Publication number | Publication date |
---|---|
CN109672567A (en) | 2019-04-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103546294B (en) | Entrance guard authorization method, device and equipment | |
US7882217B2 (en) | Network identity clustering | |
RU2004126668A (en) | SYSTEM AND METHOD OF ORGANIZING MANAGED BROADCASTING | |
CN104243472A (en) | Network with MAC table overflow protection | |
US20120195234A1 (en) | Method for policy-based control of enterprise messaging | |
US7707312B2 (en) | Printer discovery protocol system and method | |
WO2011076984A1 (en) | Apparatus, method and computer-readable storage medium for determining application protocol elements as different types of lawful interception content | |
CN106685827B (en) | Downlink message forwarding method and AP (access point) equipment | |
US20170208063A1 (en) | Communication system, access authentication method and system based on communication system | |
CN107615710A (en) | Direct reply action in SDN switch | |
CN108123783A (en) | Data transmission method, apparatus and system | |
WO2012151843A1 (en) | Ulr filtering system, method and gateway | |
CN107145568A (en) | A kind of quick media event clustering system and method | |
US20160072754A1 (en) | Method and Device for Forwarding Message | |
CN109672567B (en) | Method for realizing network following strategy | |
CN106603471B (en) | A kind of firewall policy detection method and device | |
EP2472785B1 (en) | Service linkage control system and method | |
CN111107008A (en) | Reverse path checking method and device | |
CN107484151A (en) | A kind of SIM card networking control method | |
WO2016201843A1 (en) | Control method and apparatus for mac address learning | |
US8050681B2 (en) | System and method for controlling connections between a wireless router and unlicensed mobile access capable mobile phones | |
US8965362B1 (en) | Methods and apparatus for prefix filtering of international mobile subscriber identity (IMSI) wildcard application | |
CN101515874B (en) | Access control method and access control system for network server | |
CN106685861B (en) | A kind of software defined network system and its message transmission control method | |
CN109379401A (en) | Original flow storage device based on Kafka |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |