CN109768891B - Method and system for associating service quality policy with access control list - Google Patents
Method and system for associating service quality policy with access control list Download PDFInfo
- Publication number
- CN109768891B CN109768891B CN201910113213.8A CN201910113213A CN109768891B CN 109768891 B CN109768891 B CN 109768891B CN 201910113213 A CN201910113213 A CN 201910113213A CN 109768891 B CN109768891 B CN 109768891B
- Authority
- CN
- China
- Prior art keywords
- access control
- control list
- list
- service
- quality
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a method and a system for associating a service quality policy with an access control list, and relates to the field of QoS. The method comprises the following steps: after the configuration platform acquires all the sub access control lists which need to be referred by the service quality strategy, a mother access control list is formed according to all the sub access control lists, and the configuration sequence of all the sub access control lists in the mother access control list is matched with the service quality strategy; a quality of service policy is associated with the parent access control list. The invention can realize the purpose that the service quality strategy singly refers to the access control list on the basis of not needing to establish the access control list again; the quality of service policy can also be associated with multiple access control lists without being limited by hardware performance.
Description
Technical Field
The invention relates to the field of Quality of Service (QoS), in particular to a method and a system for associating a QoS policy with an access control list.
Background
On the communication device, the quality of service policies (e.g., traffic matching policies, traffic passing policies, traffic rejection policies, etc.) need to reference the access control list when executed (the contents of the table include certain fields that are required messages for a particular matching policy, etc.).
However, when the quality of service policy refers to the access control list, the following disadvantages exist:
(1) when the service quality strategy carries out performance statistics, the performance of the service quality strategy corresponds to the performance of the access control list quoted by the service quality strategy; however, in the case of an access control list, it often happens that the access control list is referred to by a quality of service policy and other traffic (e.g., interface anti-attack traffic), and the performance statistics of the access control list are the sum of the performances of all the reference objects and are not the performance statistics of the quality of service policy.
In order to solve the above problem, an access control list referred by a service quality policy needs to be created again, but the difficulty of creating the access control list is high, the work efficiency is low, and the error rate is high during creation.
(2) When the service quality policy refers to the access control list, the service quality policy needs to be associated with the access control list, but since the load of hardware (e.g., a chip) is increased when the service quality policy associates one access control list each time (that is, the service quality policy and the access control list are "hard" associated), the number of access control lists associated with the service quality policy is limited by the performance of the hardware; when a quality of service policy requires association of multiple access control lists, hardware performance needs to be improved, which undoubtedly increases usage cost.
Disclosure of Invention
Aiming at the defects in the prior art, the invention solves the technical problems that: how to realize the purpose that the service quality strategy singly refers to the access control list on the basis of not needing to establish the access control list again; how to associate quality of service policies with multiple access control lists without being limited by hardware performance.
In order to achieve the above object, the method for associating a quality of service policy with an access control list provided by the present invention comprises the following steps: after the configuration platform acquires all the sub access control lists which need to be referred by the service quality strategy, a mother access control list is formed according to all the sub access control lists, and the configuration sequence of all the sub access control lists in the mother access control list is matched with the service quality strategy; a quality of service policy is associated with the parent access control list.
On the basis of the technical scheme, the method further comprises the following steps: and the configuration platform sends the service quality policy and the associated mother access control list to the communication equipment, and the communication equipment maps each child access control list in the mother access control list to the corresponding drive.
On the basis of the technical scheme, the method further comprises the following steps: when the service quality policy needs to refer to a new access control list, or the service quality policy needs to delete a certain access control list, or part of the child access control lists in the parent access control list is changed, the parent access control list is correspondingly updated.
On the basis of the above technical solution, the process of forming the master access control list according to all the child access control lists includes: acquiring the configuration sequence of all the sub access control lists according to the service quality strategy; applying for a list ID for each sub-access control list, associating each list ID with a corresponding configuration order.
On the basis of the above technical solution, all list IDs associated with the configuration order are consecutive numeric IDs with an interval, and the interval between adjacent numeric IDs is at least 5.
The system for associating the service quality policy with the access control list comprises an access control list configuration association module arranged on a configuration platform, and is used for: after all the sub access control lists which need to be referred by the service quality strategy are obtained, a mother access control list is formed according to all the sub access control lists, and the configuration sequence of all the sub access control lists in the mother access control list is matched with the service quality strategy; a quality of service policy is associated with the parent access control list.
On the basis of the technical scheme, the system also comprises an access control list mapping module arranged on the communication equipment;
the access control list configuration association module is further configured to: the quality of service policy and its associated parent access control list are sent to the communication device,
the access control list mapping module is to: and mapping each sub access control list in the parent access control list to a corresponding drive.
On the basis of the above technical solution, the access control list configuration association module is further configured to: when the service quality policy needs to refer to a new access control list, or the service quality policy needs to delete a certain access control list, or part of the child access control lists in the parent access control list is changed, the parent access control list is correspondingly updated.
On the basis of the above technical solution, the process of the access control list configuration association module forming the parent access control list according to all the child access control lists includes: acquiring the configuration sequence of all the sub access control lists according to the service quality strategy; applying for a list ID for each sub-access control list, associating each list ID with a corresponding configuration order.
On the basis of the above technical solution, all list IDs associated with the configuration order are consecutive numeric IDs with an interval, and the interval between adjacent numeric IDs is at least 5.
The invention has the beneficial effects that:
(1) compared with the prior art that an access control list which is singly quoted by the service quality strategy is reestablished, the method can reasonably utilize the existing access control list to form the access control list which can be singly quoted by the service quality strategy, and the access control list does not need to be reestablished, thereby obviously reducing the working difficulty, greatly improving the working efficiency, and compared with the reestablishing of the access control list, the error probability of forming the existing sub access control list into the parent access control list is lower.
Meanwhile, the association of the service quality policy and the access control list and the iteration of the access control list (namely the change of the mother access control list) are both arranged at the side of the configuration platform, so that the communication equipment is not influenced; and the parent access control list only utilizes the resources of the child access control list, so that the child access control list is not influenced by being quoted by other services, and the user experience is better.
(2) Compared with the prior art that the number of the access control lists associated with the service quality policies is limited by hardware performance, the invention can realize that only 1 access control list (mother access control list) is associated with the hardware, and a plurality of access control lists (child access control lists) can be associated with the software, namely, the invention can ensure that the number of the access control lists actually associated with the service quality policies is not limited by the hardware performance, because only one access control list is associated with the hardware no matter how many access control lists are associated with the software. Therefore, the invention can realize the purpose of configuring any number of access control lists by the service quality strategy on the basis of not improving the hardware performance, thereby greatly improving the flexibility and expansibility of the service quality strategy, reducing the use cost and being very suitable for practical use and popularization.
Drawings
Fig. 1 is a flowchart illustrating an implementation of a method for associating a quality of service policy with an access control list according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples.
The method for associating the service quality policy with the access control list in the embodiment of the invention comprises the following steps: after the configuration platform acquires all the sub access control lists which need to be referred by the service quality strategy, a mother access control list is formed according to all the sub access control lists, and the configuration sequence of all the sub access control lists in the mother access control list is matched with the service quality strategy; a quality of service policy is associated with the parent access control list.
Therefore, the invention can firstly form 1 mother access control list by a plurality of child access control lists, then associate the mother access control list with the service quality policy, and on the basis:
(1) compared with the prior art that an access control list which is singly quoted by the service quality strategy is reestablished, the method can reasonably utilize the existing access control list to form the access control list which can be singly quoted by the service quality strategy, and the access control list does not need to be reestablished, thereby obviously reducing the working difficulty, greatly improving the working efficiency, and compared with the reestablishing of the access control list, the error probability of forming the existing sub access control list into the parent access control list is lower.
Meanwhile, the association of the service quality policy and the access control list and the iteration of the access control list (namely the change of the mother access control list) are both arranged at the side of the configuration platform, so that the communication equipment is not influenced; and the parent access control list only utilizes the resources of the child access control list, so that the child access control list is not influenced by being quoted by other services, and the user experience is better.
(2) Compared with the prior art that the number of the access control lists associated with the service quality policies is limited by hardware performance, the invention can realize that only 1 access control list (mother access control list) is associated with the hardware, and a plurality of access control lists (child access control lists) can be associated with the software, namely, the invention can ensure that the number of the access control lists actually associated with the service quality policies is not limited by the hardware performance, because only one access control list is associated with the hardware no matter how many access control lists are associated with the software. Therefore, the invention can realize the purpose of configuring any number of access control lists by the service quality strategy, thereby greatly improving the flexibility and expansibility of the service quality strategy and being very suitable for practical use and popularization.
Preferably, the method further comprises the communication device mapping procedure: and the configuration platform sends the service quality policy and the associated mother access control list to the communication equipment, and the communication equipment maps each child access control list in the mother access control list to the corresponding drive. Furthermore, the communication device releases the mapping of the sub access control list and the driver, and the corresponding driver, only when the application of the quality of service policy to the service is cancelled (i.e., the use of the quality of service policy is stopped).
Therefore, the process of how the communication device matches the mother access control list with the driver is clearly explained in the embodiment, so that the public can be ensured to know how to use the mother access control list on the communication device.
Preferably, the method further comprises an access control list updating process: when the service quality policy needs to refer to a new access control list, or the service quality policy needs to delete a certain access control list, or part of the child access control lists in the parent access control list is changed, the parent access control list is correspondingly updated.
Therefore, the parent access control list updating process is clearly set forth in the embodiment, so that the public can be ensured to know how to perform corresponding processing on the parent access control list when the access control list referenced by the service quality policy changes.
Preferably, the process of forming the parent access control list according to all the child access control lists in the method includes: acquiring the configuration sequence of all the sub access control lists according to the service quality strategy; applying for a list ID for each sub-access control list, associating each list ID with a corresponding configuration order.
Therefore, the sub access control list and the configuration sequence thereof are associated in the form of the list ID, so that the configuration of the sub access control list can be conveniently completed through the list ID subsequently, the operation process is simplified, and the use by people is facilitated.
In addition, for each sub access control list application list ID, a specific way of associating each list ID with a corresponding configuration order may be: applying for the list ID from small to large according to the configuration sequence, or applying for the list ID from large to small according to the configuration sequence, wherein the sequence of the list ID can be regular or irregular, and only needs to be associated with the configuration sequence. For example, list IDs 1-5, the associated configuration order is sub access control lists 1-5; or list IDs 1,3, 5, 7, 9, the arrangement order of the associations being child access control lists 1-5.
Preferably, all list IDs associated with the configuration order are consecutive numeric IDs with an interval, and the interval between adjacent numeric IDs is at least 5 (10 in this embodiment, for example, list IDs of 1,11,21,31 …), and the principle is as follows: the configuration logic for the child access control list is generally: the configuration is performed according to the arrangement order of the list IDs, so the list IDs are generally continuous numbers; the purpose of the interval between adjacent digital IDs is: when a sub access control list configured in the middle (for example, a 3 rd configured sub access control list) needs to be inserted, the list ID of the sub access control list can be selected in a digital interval, so that the continuity of the list ID can be ensured without adjusting the configuration logic of the sub access control list.
Preferably, referring to fig. 1, an actual usage flow of the method for associating the quality of service policy with the access control list in the embodiment of the present invention is as follows:
s1: the user configures the service quality policy and the access control list referred by the service quality policy through a Command-Line Interface (CLI)/controller/Network Manager (NMS) tool.
S2: and mapping the configuration of the service quality policy and the configuration of an access control list to be referred by the service quality policy to a database of a configuration platform by a user, wherein the database comprises a service quality policy database, an access control list and the like.
S3: the configuration platform establishes a logical relationship between databases, so that a parent access control list is formed according to all the child access control lists, a list ID is distributed to each child access control list to perform internal mapping, and a service quality strategy is associated with the parent access control list.
S4: and the configuration platform sends the service quality policy and the associated mother access control list to the communication equipment according to a specific format.
S5: the communication device maps each child access control list in the parent access control list to a corresponding driver to form a configuration file.
S6: the communication device calls an API (Application Programming Interface) of the corresponding driver to execute the configuration file.
S7: and the communication equipment stores the configuration file after the configuration file is successfully executed.
The system for associating the service quality policy with the access control list comprises an access control list configuration association module arranged on a configuration platform and an access control list mapping module arranged on communication equipment;
the access control list configuration association module is configured to:
(1) after all the sub access control lists which need to be referred by the service quality strategy are obtained, a mother access control list is formed according to all the sub access control lists, and the configuration sequence of all the sub access control lists in the mother access control list is matched with the service quality strategy;
(2) after the service quality strategy is associated with the mother access control list, the service quality strategy and the associated mother access control list are sent to the communication equipment;
(3) when the service quality policy needs to refer to a new access control list, or the service quality policy needs to delete a certain access control list, or part of the child access control lists in the parent access control list is changed, the parent access control list is correspondingly updated.
The process of forming the mother access control list by the access control list configuration association module according to all the child access control lists comprises the following steps: acquiring the configuration sequence of all the sub access control lists according to the service quality strategy; applying for a list ID for each sub-access control list, associating each list ID with a corresponding configuration sequence; all list IDs associated with the configuration order are consecutive numeric IDs with an interval, the interval of adjacent numeric IDs being at least 5.
The access control list mapping module is to: and mapping each sub access control list in the parent access control list to a corresponding drive.
It should be noted that: in the system provided in the embodiment of the present invention, when performing inter-module communication, only the division of each functional module is illustrated, and in practical applications, the above function distribution may be completed by different functional modules as needed, that is, the internal structure of the system is divided into different functional modules to complete all or part of the above described functions.
Further, the present invention is not limited to the above-mentioned embodiments, and it will be apparent to those skilled in the art that various modifications and improvements can be made without departing from the principle of the present invention, and these modifications and improvements are also considered to be within the scope of the present invention. Those not described in detail in this specification are within the skill of the art.
Claims (8)
1. A method for associating a quality of service policy with an access control list, the method comprising the steps of: after the configuration platform acquires all the sub access control lists which need to be referred by the service quality strategy, a mother access control list is formed according to all the sub access control lists, and the configuration sequence of all the sub access control lists in the mother access control list is matched with the service quality strategy; associating a quality of service policy with a parent access control list;
the method further comprises the following steps: and the configuration platform sends the service quality policy and the associated mother access control list to the communication equipment, and the communication equipment maps each child access control list in the mother access control list to the corresponding drive.
2. The method of associating a quality of service policy with an access control list of claim 1, the method further comprising the steps of: when the service quality policy needs to refer to a new access control list, or the service quality policy needs to delete a certain access control list, or part of the child access control lists in the parent access control list is changed, the parent access control list is correspondingly updated.
3. The method for associating qos policies with ac lists according to claim 1 or 2, wherein the step of forming a parent ac list from all child ac lists comprises: acquiring the configuration sequence of all the sub access control lists according to the service quality strategy; applying for a list ID for each sub-access control list, associating each list ID with a corresponding configuration order.
4. A method of associating a quality of service policy with an access control list according to claim 3, characterized by: all list IDs associated with the configuration order are consecutive numeric IDs with an interval, the interval of adjacent numeric IDs being at least 5.
5. A system for associating quality of service policies with access control lists, comprising: the system comprises an access control list configuration association module arranged on a configuration platform and used for: after all the sub access control lists which need to be referred by the service quality strategy are obtained, a mother access control list is formed according to all the sub access control lists, and the configuration sequence of all the sub access control lists in the mother access control list is matched with the service quality strategy; associating a quality of service policy with a parent access control list;
the system also comprises an access control list mapping module arranged on the communication equipment;
the access control list configuration association module is further configured to: the quality of service policy and its associated parent access control list are sent to the communication device,
the access control list mapping module is to: and mapping each sub access control list in the parent access control list to a corresponding drive.
6. The system for associating a quality of service policy with an access control list of claim 5, wherein the access control list configuration association module is further to: when the service quality policy needs to refer to a new access control list, or the service quality policy needs to delete a certain access control list, or part of the child access control lists in the parent access control list is changed, the parent access control list is correspondingly updated.
7. The system for associating quality of service policies with access control lists according to claim 5 or 6, wherein: the process of the access control list configuration association module forming the mother access control list according to all the child access control lists comprises the following steps: acquiring the configuration sequence of all the sub access control lists according to the service quality strategy; applying for a list ID for each sub-access control list, associating each list ID with a corresponding configuration order.
8. The system for associating a quality of service policy with an access control list of claim 7, wherein: all list IDs associated with the configuration order are consecutive numeric IDs with an interval, the interval of adjacent numeric IDs being at least 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910113213.8A CN109768891B (en) | 2019-02-13 | 2019-02-13 | Method and system for associating service quality policy with access control list |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910113213.8A CN109768891B (en) | 2019-02-13 | 2019-02-13 | Method and system for associating service quality policy with access control list |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109768891A CN109768891A (en) | 2019-05-17 |
| CN109768891B true CN109768891B (en) | 2022-02-01 |
Family
ID=66456184
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910113213.8A Active CN109768891B (en) | 2019-02-13 | 2019-02-13 | Method and system for associating service quality policy with access control list |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109768891B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1826591A (en) * | 2003-08-28 | 2006-08-30 | 思科技术公司 | Reverse path forwarding protection |
| CN102148764A (en) * | 2011-05-09 | 2011-08-10 | 杭州华三通信技术有限公司 | Data processing method and equipment based on QoS (Quality of Service) traffic |
| CN106034046A (en) * | 2015-03-20 | 2016-10-19 | 中兴通讯股份有限公司 | Method and device for sending access control list (ACL) |
| CN107196947A (en) * | 2017-06-08 | 2017-09-22 | 郑州云海信息技术有限公司 | A kind of accesses control list method to set up and system |
| CN108494619A (en) * | 2018-02-28 | 2018-09-04 | 新华三技术有限公司 | Flow statistical method, device and provider's router |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020032798A1 (en) * | 2000-09-08 | 2002-03-14 | Wei Xu | Systems and methods for packet sequencing |
| US9571502B2 (en) * | 2012-09-14 | 2017-02-14 | International Business Machines Corporation | Priority resolution for access control list policies in a networking device |
-
2019
- 2019-02-13 CN CN201910113213.8A patent/CN109768891B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1826591A (en) * | 2003-08-28 | 2006-08-30 | 思科技术公司 | Reverse path forwarding protection |
| CN102148764A (en) * | 2011-05-09 | 2011-08-10 | 杭州华三通信技术有限公司 | Data processing method and equipment based on QoS (Quality of Service) traffic |
| CN106034046A (en) * | 2015-03-20 | 2016-10-19 | 中兴通讯股份有限公司 | Method and device for sending access control list (ACL) |
| CN107196947A (en) * | 2017-06-08 | 2017-09-22 | 郑州云海信息技术有限公司 | A kind of accesses control list method to set up and system |
| CN108494619A (en) * | 2018-02-28 | 2018-09-04 | 新华三技术有限公司 | Flow statistical method, device and provider's router |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109768891A (en) | 2019-05-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109391504B (en) | Network slice deployment method and device | |
| EP3675549A1 (en) | Network slice management method, device and system | |
| CN107302443B (en) | Equipment configuration method and device based on network configuration protocol | |
| CN109560948B (en) | Network slice deployment method and related equipment | |
| CN112104486A (en) | Kubernetes container-based network endpoint slicing method and system | |
| EP2800306B1 (en) | Rule set arrangement processing method and apparatus, and trunking data system | |
| WO2018010555A1 (en) | Northbound interface lte service automatic configuration method, northbound interface apparatus, and storage medium | |
| CN109429244B (en) | Method and device for isolating management data of network slice subnet instances | |
| CN105991363B (en) | Monitoring processing method and device | |
| CN105009521A (en) | Message processing method and gateway | |
| EP1853002A1 (en) | Method of network management system interface negotiation and apparatus thereof | |
| EP3742786A1 (en) | Network alarm method, device, system and terminal | |
| CN111817869A (en) | Network configuration recovery method and related equipment thereof | |
| CN110336730B (en) | Network system and data transmission method | |
| CN106161171B (en) | Method and device for establishing network service instance | |
| CN109768891B (en) | Method and system for associating service quality policy with access control list | |
| CN102480377B (en) | Management method and system of aggregation link | |
| EP2421291B1 (en) | Terminal for device management and method for initiating management session thereof | |
| CN112181441A (en) | Construction and application deployment method and system using chaos engineering and gray scale release | |
| EP3280091B1 (en) | Method, apparatus and system for establishing interface between vnfms | |
| CN109039752B (en) | Unified gateway-based SOA architecture system management method | |
| CN109660379B (en) | Network method, system and terminal | |
| CN111565120A (en) | 5G network slicing product configuration method and system and electronic equipment | |
| WO2021003677A1 (en) | Service upgrade method and apparatus in distributed system, and distributed system | |
| CN111385110B (en) | Network management method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |