CN113608778A - Application management method and device, storage medium and electronic equipment - Google Patents

Application management method and device, storage medium and electronic equipment Download PDF

Info

Publication number
CN113608778A
CN113608778A CN202110903695.4A CN202110903695A CN113608778A CN 113608778 A CN113608778 A CN 113608778A CN 202110903695 A CN202110903695 A CN 202110903695A CN 113608778 A CN113608778 A CN 113608778A
Authority
CN
China
Prior art keywords
application
application program
management
information
connection table
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110903695.4A
Other languages
Chinese (zh)
Inventor
陈震
卞正皑
林盛
周劭婧
陈园
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Corp Ltd
Original Assignee
China Telecom Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Corp Ltd filed Critical China Telecom Corp Ltd
Priority to CN202110903695.4A priority Critical patent/CN113608778A/en
Publication of CN113608778A publication Critical patent/CN113608778A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/70Software maintenance or management
    • G06F8/71Version control; Configuration management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W28/00Network traffic management; Network resource management
    • H04W28/16Central resource management; Negotiation of resources or communication parameters, e.g. negotiating bandwidth or QoS [Quality of Service]
    • H04W28/24Negotiating SLA [Service Level Agreement]; Negotiating QoS [Quality of Service]

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Quality & Reliability (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)

Abstract

The disclosure belongs to the technical field of network communication, and relates to an application management method and device, a storage medium and an electronic device. The method comprises the following steps: acquiring management configuration information of an application program, and acquiring service data corresponding to the application program; analyzing the service data to generate connection table information, and determining a strategy control rule corresponding to the application program according to the connection table information; and establishing a service quality grade corresponding to the application program based on the policy control rule, and processing the application program by using the service quality grade. The method and the device can customize and distinguish the processing rules of different application programs according to the user requirements, and provide a data basis for logic centralized management for realizing the policy control of the application programs; on the other hand, the service quality grade processing application program is established according to the strategy control rule, so that the flexibility and the accuracy of application program management are improved, the load, the cost and the complexity of application program management are reduced, and the application scenes of application program management modes are enriched.

Description

Application management method and device, storage medium and electronic equipment
Technical Field
The present disclosure relates to the field of network communication technologies, and in particular, to an application management method, an application management apparatus, a computer-readable storage medium, and an electronic device.
Background
With the Technology maturation of 5G (5th Generation Mobile Communication Technology, fifth Generation Mobile Communication Technology) and the improvement of networks, the 5G era has come, the applications on the user side are more and more abundant and diversified, and the users have higher requirements for the service capability of the networks.
The identification and control requirements of some users on service applications are also continuously increasing. For example, a student group, a parent wants to perform intelligent identification control on the application of surfing the internet by the student; for example, in an enterprise 5G intranet, a manager desires to perform application management on an intranet terminal, so as to improve production efficiency and safety and reliability. For the requirement that the user A controls the user B to apply admission control, the processing capability of the current network in the aspect has defects at present, and the capability of the service customization requirement of the user cannot be met.
In view of the above, there is a need in the art to develop a new application management method and apparatus.
It is to be noted that the information disclosed in the above background section is only for enhancement of understanding of the background of the present disclosure, and thus may include information that does not constitute prior art known to those of ordinary skill in the art.
Disclosure of Invention
An object of the present disclosure is to provide an application management method, an application management apparatus, a computer-readable storage medium, and an electronic device, thereby overcoming, at least to some extent, the technical problem that an application cannot be managed due to the limitations of the related art.
Additional features and advantages of the disclosure will be set forth in the detailed description which follows, or in part will be obvious from the description, or may be learned by practice of the disclosure.
According to a first aspect of embodiments of the present invention, there is provided an application management method, the method including: acquiring management configuration information of an application program, and acquiring service data corresponding to the application program;
analyzing the service data to generate connection table information, and determining a strategy control rule corresponding to the application program according to the connection table information;
and establishing a service quality grade corresponding to the application program based on the policy control rule, and processing the application program by using the service quality grade.
In an exemplary embodiment of the present invention, the managing the configuration information includes: and the management configuration information is generated by performing autonomous configuration processing on the application program.
In an exemplary embodiment of the present invention, the analyzing the service data to generate connection table information includes:
performing data mirroring on the service data to obtain mirrored data;
and analyzing and processing the mirror image data to obtain protocol information, and generating connection table information according to the protocol information.
In an exemplary embodiment of the invention, the method further comprises:
and acquiring the connection table information at intervals of preset time, and storing the connection table information.
In an exemplary embodiment of the present invention, the determining a policy control rule corresponding to the application program according to the connection table information includes:
acquiring management name information in the management configuration information, and determining application name information in the connection table information according to protocol information in the connection table information;
and determining the same management name information according to the application name information, and determining a policy control rule according to the management configuration information of the same management name information.
In an exemplary embodiment of the present invention, the establishing a quality of service level corresponding to the application program based on the policy control rule includes:
if the policy control rule is applied to the blacklist, establishing a processing rule as a service quality grade of the discarded message;
and if the strategy control rule is the strategy control rule applied to the white list, establishing a processing rule as a service quality grade which is preferentially forwarded.
In an exemplary embodiment of the invention, the method further comprises:
acquiring an ending time length of priority forwarding processing of the white list application, and acquiring a time length threshold value corresponding to the ending time length;
and if the ending duration is greater than the duration threshold, deleting the service quality grade of the white list application.
According to a second aspect of embodiments of the present invention, there is provided an application management apparatus, the apparatus including: the information acquisition module is configured to acquire management configuration information of an application program and acquire service data corresponding to the application program;
the rule determining module is configured to analyze the service data to generate connection table information and determine a policy control rule corresponding to the application program according to the connection table information;
and the application processing module is configured to establish a service quality grade corresponding to the application program based on the policy control rule and process the application program by using the service quality grade.
According to a third aspect of embodiments of the present invention, there is provided an electronic apparatus including: a processor and a memory; wherein the memory has stored thereon computer readable instructions which, when executed by the processor, implement the application management method in any of the exemplary embodiments described above.
According to a fourth aspect of embodiments of the present invention, there is provided a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the application management method in any of the above-described exemplary embodiments.
As can be seen from the foregoing technical solutions, the application management method, the application management apparatus, the computer storage medium and the electronic device in the exemplary embodiments of the present disclosure have at least the following advantages and positive effects:
in the method and the device provided by the exemplary embodiment of the disclosure, on one hand, the management configuration information set by the user for the application program is obtained, the processing rules of different application programs can be customized and distinguished according to the user requirements, and a data basis of logic centralized management is provided for realizing the policy control of the application program; on the other hand, the service quality level processing application program is established according to different strategy control rules, so that the accuracy, flexibility and precision of application program management are improved, the load, cost and complexity of application program management are reduced, and the application scenes of application program management modes are enriched.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure. It is to be understood that the drawings in the following description are merely exemplary of the disclosure, and that other drawings may be derived from those drawings by one of ordinary skill in the art without the exercise of inventive faculty.
Fig. 1 schematically illustrates a flow diagram of an application management method in an exemplary embodiment of the present disclosure;
FIG. 2 schematically illustrates a system block diagram of a method of generating management configuration information in an exemplary embodiment of the disclosure;
FIG. 3 schematically illustrates a flow diagram of a method of parsing processing in an exemplary embodiment of the disclosure;
FIG. 4 schematically illustrates a system block diagram for generating and storing connection table information in an exemplary embodiment of the disclosure;
FIG. 5 schematically illustrates a flow chart of a method of determining policy control rules in an exemplary embodiment of the disclosure;
fig. 6 schematically illustrates a flow chart of a method of establishing a quality of service level in an exemplary embodiment of the disclosure;
FIG. 7 schematically illustrates a system block diagram of a processing application in an exemplary embodiment of the disclosure;
FIG. 8 is a flow chart diagram schematically illustrating a method for recovering a quality of service class configuration for a whitelist in an exemplary embodiment of the disclosure;
fig. 9 is a schematic structural diagram of an application management apparatus in an exemplary embodiment of the present disclosure;
FIG. 10 schematically illustrates an electronic device for implementing an application management method in an exemplary embodiment of the present disclosure;
fig. 11 schematically illustrates a computer-readable storage medium for implementing an application management method in an exemplary embodiment of the present disclosure.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art. The described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough understanding of embodiments of the disclosure. One skilled in the relevant art will recognize, however, that the subject matter of the present disclosure can be practiced without one or more of the specific details, or with other methods, components, devices, steps, and the like. In other instances, well-known technical solutions have not been shown or described in detail to avoid obscuring aspects of the present disclosure.
The terms "a," "an," "the," and "said" are used in this specification to denote the presence of one or more elements/components/parts/etc.; the terms "comprising" and "having" are intended to be inclusive and mean that there may be additional elements/components/etc. other than the listed elements/components/etc.; the terms "first" and "second", etc. are used merely as labels, and are not limiting on the number of their objects.
Furthermore, the drawings are merely schematic illustrations of the present disclosure and are not necessarily drawn to scale. The same reference numerals in the drawings denote the same or similar parts, and thus their repetitive description will be omitted. Some of the block diagrams shown in the figures are functional entities and do not necessarily correspond to physically or logically separate entities.
To solve the problems in the related art, the present disclosure provides an application management method, and fig. 1 shows a flowchart of the application management method, and as shown in fig. 1, the application management method at least includes the following steps:
and S110, acquiring management configuration information of the application program, and acquiring service data corresponding to the application program.
And S120, analyzing the service data to generate connection table information, and determining a strategy control rule corresponding to the application program according to the connection table information.
And S130, establishing a service quality grade corresponding to the application program based on the policy control rule, and processing the application program by using the service quality grade.
In the exemplary embodiment of the present disclosure, on one hand, the management configuration information set by the user for the application program is obtained, the processing rules of different application programs can be customized and distinguished according to the user requirements, and a data basis of logic centralized management is provided for implementing policy control of the application program; on the other hand, the service quality level processing application program is established according to different strategy control rules, so that the accuracy, flexibility and precision of application program management are improved, the load, cost and complexity of application program management are reduced, and the application scenes of application program management modes are enriched.
The following describes each step of the application management method in detail.
In step S110, the management configuration information of the application program is acquired, and the service data corresponding to the application program is acquired.
In an exemplary embodiment of the present disclosure, the management configuration information may be black and white list information of the application configured by the user.
Fig. 2 is a system block diagram illustrating a method for generating Management configuration information, and as shown in fig. 2, the system module for generating Management configuration information includes CRM, user side APP (application), and UDM (Unified Data Management) network element of 5G core network.
Among them, a 5GC (5G core network ) supports a data storage architecture for computation and storage separation. A Unified Data Repository (UDR) is the master database. An Unstructured Data Storage Function (UDSF) is introduced to store dynamic Data.
CRM is a business system for China operators to accept services such as mobile phone bandwidth. And each province has its own independent CRM system.
In an alternative embodiment, managing configuration information includes: and the management configuration information is generated by performing autonomous configuration processing on the application program according to the management configuration information determined by the package authority information corresponding to the application program.
Therefore, the CRM system and the user side APP are linked to complete the setting of management configuration information by the user according to the package permission information and the generation of the management configuration information through the autonomous configuration processing, so that the application of the user A to the application admission control permission of the user B is realized.
It is worth mentioning that the a user and the B user have already generated a binding relationship, and the B user and the a user have a master-slave binding relationship therebetween.
The package authority information may be a template of management configuration information, a black list and a white list of the application program have been specified in the template, and the user may directly generate the same management configuration information as specified by the template.
The self-configuration process is that the B user can set the black list and the white list of the application program in the application program providing the application management to obtain the self-configured management configuration information.
After obtaining the management configuration information configured by the user, the UDM network element of the 5GC may receive the management configuration information configured in the CRM, and store the corresponding management configuration information in the UDM network element.
For example, the management configuration information defined by the black and white list may include basic information as shown in table (1):
user group Terminal number Business APP Categories Application name Black and white list
Zhang Xin 1891234567 Instant messaging class WeChat White list
Watch (1)
The management configuration information includes a user group, a terminal number, a service APP category and an application name. In addition, the management configuration information may also include other information, which is not particularly limited in this exemplary embodiment.
Furthermore, business data corresponding to the application program can be obtained.
In step S120, the service data is analyzed to generate connection table information, and a policy control rule corresponding to the application program is determined according to the connection table information.
In an exemplary embodiment of the present disclosure, after the management configuration information and the service data of the application are obtained, the service data may be analyzed to obtain the connection table information.
In an alternative embodiment, fig. 3 shows a flow chart of a method of parsing processing, as shown in fig. 3, the method at least includes the following steps: in step S310, data mirroring is performed on the service data to obtain mirrored data.
Since the service data generated by the user in the process of using the application program is not actively reported to the operator, the service data can be subjected to data mirroring to obtain mirrored data.
Specifically, the data mirroring process may adopt a normalized mirror phase flow manner of 5GC, or may adopt other manners, which is not particularly limited in this exemplary embodiment.
In step S320, the mirror image data is analyzed to obtain protocol information, and connection table information is generated according to the protocol information.
After the mirror image data is obtained, the mirror image data can be further analyzed and processed to obtain the service end protocol information of the APP corresponding to the service data. The Protocol information may be IP (Internet Protocol ) information of the server, or may be other Protocol information, which is not limited in this exemplary embodiment.
Further, the connection table information may be generated in a fixed format corresponding to the protocol information.
In the exemplary embodiment, the connection table information can be generated through data mirroring and analysis processing, the problem that an operator end cannot actively report service data is solved, and a data basis can be provided for subsequently determining the service quality level.
In addition to this, the connection table information may be synchronized periodically.
In an alternative embodiment, the connection table information is acquired at intervals of a preset time, and is stored.
Fig. 4 is a diagram illustrating a system module for generating and storing connection table information, and as shown in fig. 4, the system module includes a UDM network of 5GC, a PCF (Policy Control Function) network element, and a DPI (Deep Packet Inspection) device.
The PCF network element supports a unified policy framework to manage network behaviors, provides policy rules to a network entity to implement execution, accesses subscription information of a unified data repository UDR and the like.
DPI is a seven-layer protocol analysis technique, which determines a data flow identification means of an application to which a message data flow belongs by parsing application layer data (including the header and payload contents of an IP/TCP/UDP message) to match the protocol characteristics of the application.
After the DPI equipment identifies the application to which the data flow belongs, the DPI equipment can perform accurate routing control, safety control, analysis and statistics and other operations on the message according to the requirements of a use scene.
In addition, the detection of application information is generally performed by a 4-7 layer analysis using DIP.
On the network deployment, DPI equipment is other to be hung on 5G core network system, and 5G core network system is with user's business data mirror image to DPI equipment on, and the IP information that the DPI equipment corresponds the service end through mirror image data analysis, and the linkage table information is generated.
And the PCF network element of the 5G core network system acquires the connection information table from the DPI equipment and caches the connection information table in the PC F network element. And in order to ensure the accuracy of the connection table information, the PCF network element can periodically synchronize the connection table information with the DPI device.
It is worth to be noted that, the DPI device performs data mirroring processing, analysis processing, and the like on the service data depending on the DPI priori knowledge base.
The generated connection table information includes information contents as shown in table (2):
business APP Categories Application name Node destination IP Aging time (millisecond)
Instant messaging class WeChat 1.2.3.4 YYYYMMDDHHMMSSMS
Watch (2)
The connection table information includes service APP major class, application name information, node destination IP, and aging time (millisecond). In addition, other information may be included according to the setting of the actual situation, and this exemplary embodiment is not particularly limited to this.
After the connection table information is obtained, a policy control rule corresponding to the application program can be determined according to the connection table information.
In an alternative embodiment, fig. 5 shows a flow chart of a method for determining policy control rules, as shown in fig. 5, the method at least comprises the following steps: in step S510, management name information in the management configuration information is acquired, and application name information in the connection table information is determined according to protocol information in the connection table information.
According to the information content of the management configuration information shown in table (1), the application name therein can be acquired as the management name information. The management name information is name information in which a black-and-white list is specified.
Also, in the connection table information shown in table (2), application name information to be queried for the policy control rule may be determined from the protocol information. The application name information is name information of an unknown black and white list.
In step S520, the same management name information is determined from the application name information, and the policy control rule is determined from the management configuration information of the same management name information.
Therefore, in order to determine the black-and-white list content corresponding to the application name information in the connection table information, the same management name information may be determined in the management name information, which corresponds to querying the black-and-white list configuration content corresponding to the application name information.
Further, after the black-and-white list configuration content is determined according to the same management configuration information of the management name information, a policy control rule for the black-and-white list can be determined.
That is, the change policy control rule includes two rules, one is a policy control rule for the blacklist application and the other is a policy control rule for the whitelist.
Specifically, the management configuration information of table (1) and the connection table information of table (2) are summarized, and the correspondence relationship between the management name information, the application name information, and the protocol information shown in table (3) can be obtained:
Figure BDA0003200864480000101
watch (3)
Therefore, according to the corresponding relationship among the management name information, the application name information and the protocol information in table (3), the configuration content of the black-and-white list can be determined to determine the corresponding policy control rule.
In the exemplary embodiment, the policy control rule of the application program can be determined according to the connection table information, the determination mode is simple and accurate, the setting of the policy control rule is complete, and the control accuracy of the application program processed by the policy control rule subsequently is ensured.
In step S130, a quality of service level corresponding to the application is established based on the policy control rule, and the application is processed using the quality of service level.
In an exemplary embodiment of the present disclosure, after the policy control rule is determined, a quality of service level corresponding to the application may be established.
In an alternative embodiment, fig. 6 shows a flowchart of a method for establishing a quality of service level, and as shown in fig. 6, the method at least includes the following steps: in step S610, if the policy control rule is the policy control rule applied to the blacklist, the processing rule is established as the service quality level of the discarded packet.
When the determined policy control rule is a policy control rule applied to the blacklist, a quality of service level dedicated to the blacklist application may be established.
The Quality of Service class may be a QoS (Quality of Service class/Quality of Service guarantee) flow.
QoS refers to a network that can provide better service capability for a given network communication using various basic technologies, and is a security mechanism of the network, which is a technology for solving the problems of network delay and congestion. QoS guarantees are important for capacity-limited networks because these applications often require fixed transmission rates and are sensitive to latency.
For blacklist applications, the processing rule of the dedicated QoS flow is to discard packets. Specifically, when the application program used by the user is the blacklist application, the dedicated QoS flow loss packet is used in a matching manner, so that the function that the user cannot use the blacklist application is achieved.
In step S620, if the policy control rule is the policy control rule applied to the white list, the processing rule is established as the service quality level to be forwarded preferentially.
When the determined policy control rule is a policy control rule applied to the white list, a quality of service level dedicated to the white list application may be established. And, the quality of service class may be a QoS flow.
For white list applications, the processing rule for the dedicated QoS flow is priority forwarding. Specifically, when the application used by the user is a white list application, the dedicated QoS flow is matched to implement the priority forwarding process.
In the exemplary embodiment, corresponding quality of service levels can be established for different policy control rules, accurate processing of blacklist application and whitelist application is guaranteed, and admission rules for differentiating different application programs are customized.
Thus, after a quality of service level is established, the corresponding application program of the blacklist application or the whitelist application can be processed by using the quality of service level.
Fig. 7 shows a system block diagram of processing application programs, and as shown in fig. 7, the user traffic detection control is divided into two functions of user traffic detection and user traffic control.
First, the user service detection Function is jointly implemented by a 5G core network SMF (Session Management Function) network element, a UPF network element, a PCF network element, and a UDM network element.
The SMF network element may support a customized Mobility management scheme, such as "Mobile Initiated Connection Only" (MICO) or RAN enhanced Function, such as "RRC Inactive" state, together with an AMF (Access and Mobility management Function) network element. Its main tasks may include session management; UE IP address allocation and management; selecting and controlling UPF; configuring flow control at the UPF, routing the flow to the appropriate destination; a policy enforcement and QoS control section; and (4) downlink data notification.
When a user establishes a Protocol Data Unit (PDU) session, a 5G core network System (SMF) network element acquires management configuration information of a black and white list from a Universal Data Management (UDM) network element, and acquires a corresponding policy control rule from a PCF module.
The Policy Control rule may be a PCC (Policy and Charging Control) rule. The PCC rules include two types, dynamic PCC rules and static predefined PCC rules.
Further, aiming at the application of the black and white list, a special QoS flow is established and is sent to a UPF network element of the 5G core network system, and the UPF network element realizes the monitoring and processing of the service condition of the black and white list service of the user.
And secondly, the user service control function is realized by a UPF network element and an SMF network element of the 5G core network system.
Aiming at the blacklist application of the user, when the user establishes the PDU session, the SMF network element sends a special QoS flow to the UPF network element. The processing rule of the special QoS network element is to discard the message. When the user uses the application of the blacklist application, the dedicated QoS flow is matched for use. When the data reaches the UPF network element, the UPF network element discards the message according to the processing rule, thereby achieving the function that the user can not use the blacklist application.
Aiming at the white list application of the user, when the user establishes the PDU session, the SMF network element sends a special QoS flow to the UPF network element. The special QoS flow sets the priority of the corresponding QoS flow according to the service requirement of the user so as to realize bandwidth guarantee. The processing rule of the dedicated QoS flow is priority forwarding. When the user uses the application program of the white list application, the forwarding process is matched and implemented by using the special QoS flow.
Moreover, session QoS flow configuration may be reclaimed for the whitelist application by the end duration to control the saved number of UPF sessions.
In an alternative embodiment, fig. 8 is a flowchart illustrating a method for recycling quality of service class configuration of a white list, where as shown in fig. 8, the method at least includes the following steps: in step S810, an end duration of the priority forwarding process performed on the white list application is obtained, and a duration threshold corresponding to the end duration is obtained.
For example, application 1 is a white list application. When the user switches from the application 1 to the application 2 for use, the ending duration of the application 1 starts to be timed to obtain the corresponding ending duration.
Further, a time threshold may be set according to the ending duration, and the time threshold is used as a threshold for limiting the session ending duration of the application 1.
In step S820, if the ending duration is greater than the duration threshold, the qos level of the white list application is deleted.
Further, the end duration may be compared to the duration threshold. When the comparison result is that the ending duration is greater than the duration threshold, the corresponding session QoS flow configuration may be recycled, i.e., the QoS class of the white list application is deleted.
In the present exemplary embodiment, the configured quality of service class is deleted according to the end duration of the white list, which can ensure that the session storage quantity of the UPF network element is limited within a certain range, reduce the number of entries of the current activated IP session policy of the UPF network element, and greatly reduce the load of the UPF network element.
In the application management method in the application scene, on one hand, the PCF is used for controlling the admission control of the business flow deployed by the strategy network element, and the objective IP strategy control is only carried out aiming at the current existing conversation, so that the load of the UPF can be greatly reduced. And moreover, a DPI priori knowledge base is continuously improved by utilizing normalized flow mirror image analysis, so that two problems that no host message can be applied and analyzed based on domain names, such as ' games or host message encrypted HTTPS (hypertext transfer protocol secure) protocol ', and the like ', and the incompleteness of manual maintenance based on IP (Internet protocol) are solved.
On the other hand, based on the discrimination of the DPI priori knowledge base, the admission control discrimination integrity rate of the service flow is greatly improved, the application identification capability of the 5GC is not limited by the identification capability of the UPF application protocol, and the response can be carried out according to the application identification capability with mature industry. And the admission control judgment is moved to the PCF network element, and the PCF issues the IP strategy of the current session node, thereby greatly releasing the UPF resources and reducing the investment cost of the UPF.
On the other hand, the rule control is unified in the PCF network element, and the UPF does not carry out any configuration locally, thereby being beneficial to the deployment and the expansion of the UPF network element. Based on PCF rule control, the single UPF can realize the microsize control function of the service session without additionally increasing the UPF network element configuration function, thereby improving the complexity of network element design. At the same time, the number of matching plans for the UPF will be minimized for the current session only. Furthermore, application identification is carried out on the global flow based on the independent DPI, the consistency of the application identification strategies in the multiple UPFs can be ensured, the deviation of the application identification strategies of the multiple UPFs caused by static rule configuration is avoided, and the logic centralized management of application identification and strategy control is realized.
In addition, in an exemplary embodiment of the present disclosure, an application management apparatus is also provided. Fig. 9 shows a schematic structure of the application management apparatus, and as shown in fig. 9, the application management apparatus 900 may include: an information acquisition module 910, a rule determination module 920, and an application processing module 930. Wherein:
an information obtaining module 910, configured to obtain management configuration information of an application program, and obtain service data corresponding to the application program; the rule determining module 920 is configured to analyze the service data to generate connection table information, and determine a policy control rule corresponding to the application program according to the connection table information; the application processing module 930 is configured to establish a quality of service level corresponding to the application program based on the policy control rule, and process the application program using the quality of service level.
In an exemplary embodiment of the present invention, the managing the configuration information includes: and the management configuration information is generated by performing autonomous configuration processing on the application program.
In an exemplary embodiment of the present invention, the analyzing the service data to generate connection table information includes:
performing data mirroring on the service data to obtain mirrored data;
and analyzing and processing the mirror image data to obtain protocol information, and generating connection table information according to the protocol information.
In an exemplary embodiment of the invention, the method further comprises:
and acquiring the connection table information at intervals of preset time, and storing the connection table information.
In an exemplary embodiment of the present invention, the determining a policy control rule corresponding to the application program according to the connection table information includes:
acquiring management name information in the management configuration information, and determining application name information in the connection table information according to protocol information in the connection table information;
and determining the same management name information according to the application name information, and determining a policy control rule according to the management configuration information of the same management name information.
In an exemplary embodiment of the present invention, the establishing a quality of service level corresponding to the application program based on the policy control rule includes:
if the policy control rule is applied to the blacklist, establishing a processing rule as a service quality grade of the discarded message;
and if the strategy control rule is the strategy control rule applied to the white list, establishing a processing rule as a service quality grade which is preferentially forwarded.
In an exemplary embodiment of the invention, the method further comprises:
acquiring an ending time length of priority forwarding processing of the white list application, and acquiring a time length threshold value corresponding to the ending time length;
and if the ending duration is greater than the duration threshold, deleting the service quality grade of the white list application.
The details of the application management apparatus 900 are already described in detail in the corresponding application management method, and therefore are not described herein again.
It should be noted that although several modules or units of the application management device 900 are mentioned in the above detailed description, such division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit, according to embodiments of the present disclosure. Conversely, the features and functions of one module or unit described above may be further divided into embodiments by a plurality of modules or units.
In addition, in an exemplary embodiment of the present disclosure, an electronic device capable of implementing the above method is also provided.
An electronic device 1000 according to such an embodiment of the invention is described below with reference to fig. 10. The electronic device 1000 shown in fig. 10 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present invention.
As shown in fig. 10, the electronic device 1000 is embodied in the form of a general purpose computing device. The components of the electronic device 1000 may include, but are not limited to: the at least one processing unit 1010, the at least one memory unit 1020, a bus 1030 connecting different system components (including the memory unit 1020 and the processing unit 1010), and a display unit 1040.
Wherein the storage unit stores program code that is executable by the processing unit 1010 to cause the processing unit 1010 to perform steps according to various exemplary embodiments of the present invention as described in the "exemplary methods" section above in this specification.
The memory unit 1020 may include readable media in the form of volatile memory units, such as a random access memory unit (RAM)1021 and/or a cache memory unit 1022, and may further include a read-only memory unit (ROM) 1023.
Storage unit 1020 may also include a program/utility 1024 having a set (at least one) of program modules 1025, such program modules 1025 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.
Bus 1030 may be any one or more of several types of bus structures including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, and a local bus using any of a variety of bus architectures.
The electronic device 1000 may also communicate with one or more external devices 1200 (e.g., keyboard, pointing device, bluetooth device, etc.), with one or more devices that enable a user to interact with the electronic device 1000, and/or with any devices (e.g., router, modem, etc.) that enable the electronic device 1000 to communicate with one or more other computing devices. Such communication may occur through input/output (I/O) interfaces 1050. Also, the electronic device 1000 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network such as the internet) via the network adapter 1060. As shown, the network adapter 1040 communicates with other modules of the electronic device 1000 via the bus 1030. It should be appreciated that although not shown, other hardware and/or software modules may be used in conjunction with the electronic device 1000, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, a terminal device, or a network device, etc.) to execute the method according to the embodiments of the present disclosure.
In an exemplary embodiment of the present disclosure, there is also provided a computer-readable storage medium having stored thereon a program product capable of implementing the above-described method of the present specification. In some possible embodiments, aspects of the invention may also be implemented in the form of a program product comprising program code means for causing a terminal device to carry out the steps according to various exemplary embodiments of the invention described in the above-mentioned "exemplary methods" section of the present description, when said program product is run on the terminal device.
Referring to fig. 11, a program product 1100 for implementing the above method according to an embodiment of the present invention is described, which may employ a portable compact disc read only memory (CD-ROM) and include program code, and may be run on a terminal device, such as a personal computer. However, the program product of the present invention is not limited in this regard and, in the present document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
A computer readable signal medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.

Claims (10)

1. A method for application management, the method comprising:
acquiring management configuration information of an application program, and acquiring service data corresponding to the application program;
analyzing the service data to generate connection table information, and determining a strategy control rule corresponding to the application program according to the connection table information;
and establishing a service quality grade corresponding to the application program based on the policy control rule, and processing the application program by using the service quality grade.
2. The application management method according to claim 1, wherein the management configuration information includes: and the management configuration information is generated by performing autonomous configuration processing on the application program.
3. The application management method according to claim 1, wherein the parsing the service data to generate connection table information includes:
performing data mirroring on the service data to obtain mirrored data;
and analyzing and processing the mirror image data to obtain protocol information, and generating connection table information according to the protocol information.
4. The application management method of claim 3, wherein the method further comprises:
and acquiring the connection table information at intervals of preset time, and storing the connection table information.
5. The method according to claim 3, wherein the determining the policy control rule corresponding to the application program according to the connection table information includes:
acquiring management name information in the management configuration information, and determining application name information in the connection table information according to protocol information in the connection table information;
and determining the same management name information according to the application name information, and determining a policy control rule according to the management configuration information of the same management name information.
6. The method of claim 1, wherein establishing a quality of service level corresponding to the application based on the policy control rule comprises:
if the policy control rule is applied to the blacklist, establishing a processing rule as a service quality grade of the discarded message;
and if the strategy control rule is the strategy control rule applied to the white list, establishing a processing rule as a service quality grade which is preferentially forwarded.
7. The application management method of claim 6, wherein the method further comprises:
acquiring an ending time length of priority forwarding processing of the white list application, and acquiring a time length threshold value corresponding to the ending time length;
and if the ending duration is greater than the duration threshold, deleting the service quality grade of the white list application.
8. An application management apparatus, comprising:
the information acquisition module is configured to acquire management configuration information of an application program and acquire service data corresponding to the application program;
the rule determining module is configured to analyze the service data to generate connection table information and determine a policy control rule corresponding to the application program according to the connection table information;
and the application processing module is configured to establish a service quality grade corresponding to the application program based on the policy control rule and process the application program by using the service quality grade.
9. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the application management method of any one of claims 1 to 7.
10. An electronic device, comprising:
a processor;
a memory for storing executable instructions of the processor;
wherein the processor is configured to perform the application management method of any of claims 1-7 via execution of the executable instructions.
CN202110903695.4A 2021-08-06 2021-08-06 Application management method and device, storage medium and electronic equipment Pending CN113608778A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110903695.4A CN113608778A (en) 2021-08-06 2021-08-06 Application management method and device, storage medium and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110903695.4A CN113608778A (en) 2021-08-06 2021-08-06 Application management method and device, storage medium and electronic equipment

Publications (1)

Publication Number Publication Date
CN113608778A true CN113608778A (en) 2021-11-05

Family

ID=78339805

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110903695.4A Pending CN113608778A (en) 2021-08-06 2021-08-06 Application management method and device, storage medium and electronic equipment

Country Status (1)

Country Link
CN (1) CN113608778A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115334136A (en) * 2022-07-05 2022-11-11 北京天融信网络安全技术有限公司 Connection aging control method, system, equipment and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101499995A (en) * 2008-01-29 2009-08-05 华为技术有限公司 Service scheduling method, system and apparatus for service scheduling
US20120221955A1 (en) * 2009-01-28 2012-08-30 Raleigh Gregory G End user device that secures an association of application to service policy with an application certificate check
CN102917331A (en) * 2012-10-24 2013-02-06 中国联合网络通信集团有限公司 Policy control method and system
US20130279521A1 (en) * 2010-12-17 2013-10-24 Telefonaktiebolaget L M Ericsson (Publ) Policy and/or Charging Control
WO2014084967A1 (en) * 2012-10-10 2014-06-05 Citrix Systems, Inc. Policy-based application management
CN104427556A (en) * 2013-08-21 2015-03-18 中国电信股份有限公司 Method and device for controlling quality-of-service level of wireless local area network

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101499995A (en) * 2008-01-29 2009-08-05 华为技术有限公司 Service scheduling method, system and apparatus for service scheduling
US20120221955A1 (en) * 2009-01-28 2012-08-30 Raleigh Gregory G End user device that secures an association of application to service policy with an application certificate check
US20130279521A1 (en) * 2010-12-17 2013-10-24 Telefonaktiebolaget L M Ericsson (Publ) Policy and/or Charging Control
WO2014084967A1 (en) * 2012-10-10 2014-06-05 Citrix Systems, Inc. Policy-based application management
CN102917331A (en) * 2012-10-24 2013-02-06 中国联合网络通信集团有限公司 Policy control method and system
CN104427556A (en) * 2013-08-21 2015-03-18 中国电信股份有限公司 Method and device for controlling quality-of-service level of wireless local area network

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115334136A (en) * 2022-07-05 2022-11-11 北京天融信网络安全技术有限公司 Connection aging control method, system, equipment and storage medium
CN115334136B (en) * 2022-07-05 2024-02-02 北京天融信网络安全技术有限公司 Connection aging control method, system, equipment and storage medium

Similar Documents

Publication Publication Date Title
CN110890976B (en) Dynamic intention guarantee method and device in computer network and storage medium
CN110113188B (en) Cross-subdomain communication operation and maintenance method, total operation and maintenance server and medium
CN111258627B (en) Interface document generation method and device
US11436248B2 (en) Systems and methods for providing dynamically configured responsive storage
CN113364804B (en) Method and device for processing flow data
WO2022116665A1 (en) Method and system for adjusting tcp flow
CN113608778A (en) Application management method and device, storage medium and electronic equipment
CN110752994B (en) Traffic classification processing method, device, equipment and readable storage medium
CN111224891B (en) Flow application identification system and method based on dynamic learning triples
CN109857419B (en) Method and device for automatically upgrading scheduling system
WO2020048504A1 (en) Method and apparatus for deploying resource required for network function, storage medium, and electronic device
CN115022936B (en) Data forwarding method and related equipment
CN112787947B (en) Network service processing method, system and gateway equipment
CN108810009B (en) L2TP data processing method, device and system
CN113079055A (en) Method and device for dynamically acquiring AGV (automatic guided vehicle) running data
CN115460091B (en) Edge service processing method and device, storage medium and electronic equipment
CN116320088B (en) Method and device for realizing AAA forwarding
CN111294313B (en) Control method and controller of access equipment
CN115174393B (en) Service function chain dynamic adjustment method based on in-band network telemetry
US11563640B2 (en) Network data extraction parser-model in SDN
CN117499975A (en) Application detection method and device, computer readable storage medium and electronic equipment
CN111695148B (en) Security filtering method and device for self-learning of network node
US20230354107A1 (en) Adjustment of network handover processing based on service time requirements
US20230057132A1 (en) Acknowledgement of data packet transmission using rlc in am mode operating in 5g protocol stack with mitigation of rlc channel congestion
WO2024109101A1 (en) Data transmission optimization method and apparatus, computer readable medium, and electronic device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination