CN114079971A - Service flow management and control method, system, DPI node and storage medium - Google Patents
Service flow management and control method, system, DPI node and storage medium Download PDFInfo
- Publication number
- CN114079971A CN114079971A CN202111365518.1A CN202111365518A CN114079971A CN 114079971 A CN114079971 A CN 114079971A CN 202111365518 A CN202111365518 A CN 202111365518A CN 114079971 A CN114079971 A CN 114079971A
- Authority
- CN
- China
- Prior art keywords
- user
- account information
- traffic
- policy
- user account
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 44
- 238000011217 control strategy Methods 0.000 claims abstract description 43
- 238000013507 mapping Methods 0.000 claims abstract description 33
- 238000012545 processing Methods 0.000 claims description 14
- 230000001360 synchronised effect Effects 0.000 claims description 7
- 238000012544 monitoring process Methods 0.000 claims description 5
- 238000007689 inspection Methods 0.000 claims description 4
- 238000007726 management method Methods 0.000 description 65
- 230000006399 behavior Effects 0.000 description 22
- 238000004891 communication Methods 0.000 description 11
- 230000003993 interaction Effects 0.000 description 11
- 238000010586 diagram Methods 0.000 description 10
- 239000000284 extract Substances 0.000 description 8
- 230000001133 acceleration Effects 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000005236 sound signal Effects 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 230000001808 coupling effect Effects 0.000 description 2
- 230000036541 health Effects 0.000 description 2
- 210000001503 joint Anatomy 0.000 description 2
- 238000010295 mobile communication Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 230000006978 adaptation Effects 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W28/00—Network traffic management; Network resource management
- H04W28/02—Traffic management, e.g. flow control or congestion control
- H04W28/0215—Traffic management, e.g. flow control or congestion control based on user or device properties, e.g. MTC-capable devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W28/00—Network traffic management; Network resource management
- H04W28/02—Traffic management, e.g. flow control or congestion control
- H04W28/10—Flow control between communication endpoints
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the application discloses a method and a system for managing and controlling service flow, a DPI node and a storage medium, wherein the method comprises the following steps: when a user terminal accesses a network, acquiring a user IP and account information of the user terminal, and establishing an association relation between the user IP and the user account information; the method comprises the steps of sending user account information to a strategy control network element so that the strategy control network element associates the user account information with a mapping list to obtain an association relation between the user account information and a control strategy, receiving a flow control strategy which is sent by the strategy control network element and is associated with the user account information, forming an association relation between a user IP and the user account information and the flow control strategy to control service flow of a user terminal, and realizing ubiquitous unified control of the service strategy based on the user account on the basis of the user IP.
Description
Technical Field
The application relates to a communication technology, and provides a method and a system for managing and controlling service flow, a Deep Packet Inspection (DPI) node and a computer readable storage medium.
Background
The current operator deploys independent DPI flow management and control systems in different access networks to realize hot services of 4G users, 5G users and fixed network broadband users, wherein the key point of service realization lies in account information backtracking, real-time association needs to be established between data flow and user identity information, users who access through different access networks can carry out unified management and control of user behavior refinement based on IP flow, but service strategy mechanisms among network systems are mutually independent, when users access through different access networks, due to the difference of IP, the requirement of strategy synchronization cannot be met, and unified strategy management cannot be carried out on the users.
Disclosure of Invention
The application aims to provide a method and a system for managing and controlling service flow, a DPI node and a computer readable storage medium, and the method and the system can be used for realizing ubiquitous unified control of a service strategy based on a user account.
The application provides a service flow management and control method, which is applied to a DPI node and comprises the following steps: when a user terminal accesses a network, acquiring a user IP and user account information of the user terminal, and establishing an association relationship between the user IP and the user account information; sending the user account information to a policy control network element so that the policy control network element associates the user account information with a mapping list to obtain an association relation between the user account information and a traffic control policy; and receiving a traffic control policy associated with the user account information and sent by the policy control network element, and forming an association relationship between the user IP and the user account information as well as the traffic control policy so as to control the service traffic of the user terminal.
Further, the acquiring the account information of the user terminal includes: receiving an authentication message which is synchronous with the mirror image of the authentication server and interacts with the user terminal, and extracting the user IP and the user account information from the authentication message.
Further, after the forming of the association relationship between the user IP and the user account information and the traffic control policy, the method includes: when the business flow of the user terminal is detected to enter, acquiring a user IP of the user terminal, and determining a corresponding flow control strategy according to the incidence relation between the user IP and the user account information and the incidence relation between the user account information and a control strategy; and managing and controlling the service flow of the user terminal according to the flow management and control strategy.
Further, the traffic management policy includes different sub-traffic management and control policies corresponding to the traffic of different service types, and the managing and controlling the service traffic of the user terminal according to the traffic management and control policy includes: identifying the service type of the service flow of the user terminal; and associating a corresponding sub-traffic control strategy according to the service type of the service traffic, and managing and controlling the service traffic of the user terminal according to the sub-traffic control strategy.
Further, the user identity corresponding to the account information is a subordinate user identity of a government-enterprise user, the traffic control policy includes a sub-traffic control policy corresponding to the subordinate user identity, and controlling the service traffic of the user terminal according to the traffic control policy includes: monitoring the business flow corresponding to the subordinate user of the enterprise user to determine the network behavior of the subordinate user; and managing and controlling the service flow of the user terminal corresponding to the subordinate user according to the network behavior of the subordinate user and the sub-flow management and control strategy.
Further, after the controlling the service traffic of the user terminal according to the traffic control policy, the method further includes: and when the service flow is determined to be the service flow of a preset industry, requesting the policy control network element to acquire the user identity of the user terminal so as to provide a potential demand user list for the preset industry.
The application also provides a traffic flow management and control system, which comprises: the DPI node is used for acquiring a user IP and user account information of a user terminal when the user terminal is accessed to a network, establishing an association relation between the user IP and the user account information, and sending the user account information to a policy control network element; the policy control network element is used for associating the user account information with a mapping list to obtain an association relation between the user account information and a traffic control policy, and sending the traffic control policy associated with the user account information to a DPI node; the DPI node is further configured to receive a traffic control policy associated with the user account information and sent by the policy control network element, and form an association relationship between the user IP and the user account information as well as the traffic control policy, so as to control the service traffic of the user terminal.
Further, the mapping list is used for storing the incidence relation between a plurality of user account information and user identity information; the policy control network element is used for storing an association relationship between a user identity and a traffic control policy, associating the user account information with the mapping list to obtain user identity information, and forming an association relationship between the user account information and the user identity information as well as the traffic service policy.
The present application further provides a DPI node, including: the system comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for acquiring a user IP and user account information of a user terminal when the user terminal is accessed to a network and establishing an association relation between the user IP and the user account information; the sending module is used for sending the user account information to a policy control network element so that the policy control network element associates the user account information with a mapping list to obtain an association relation between the user account information and a traffic control policy; and the receiving module is used for receiving the traffic control strategy which is sent by the strategy control network element and is associated with the user account information, and forming an association relation between the user IP and the user account information as well as the traffic control strategy so as to control the service traffic of the user terminal.
The present application also provides a computer device, comprising: one or more processors; storage means for storing one or more programs which, when executed by the one or more processors, cause the computer device to implement the method as described above.
The present application also proposes a computer-readable storage medium having stored thereon computer-readable instructions, which, when executed by a processor of a computer, cause the computer to perform the method as described above.
Compared with the prior art, the method has the following beneficial effects:
according to the technical scheme, when the user terminal is accessed to a network, the user IP and account information of the user terminal are obtained, and the incidence relation between the user IP and the user account information is established; sending the user account information to a policy control network element, so that the policy control network element associates the user account information with a mapping list to obtain an association relationship between the user account information and a control policy, receiving a traffic control policy which is sent by the policy control network element and is associated with the user account information, and forming an association relationship between a user IP and the user account information as well as the traffic control policy to control the service traffic of a user terminal, namely, the policy control network element and a DPI system are separated by transfer control, so that a coupling effect is realized between the mapping list and the DPI system, a multi-level association table of the user IP and the user account and the traffic control is established, and the DPI is based on the butt joint with each professional network and the unified policy management, so that the ubiquitous unified control of the service policy based on the user account is realized on the basis of the user IP.
Drawings
FIG. 1 is a schematic illustration of an implementation environment to which the present application relates;
fig. 2 is a flow chart illustrating a traffic flow management method according to an exemplary embodiment of the present application;
fig. 3 is a schematic diagram illustrating an architecture of a traffic flow management system according to an exemplary embodiment of the present application;
FIG. 4 is a block diagram illustrating an architecture of another traffic flow management system according to an exemplary embodiment of the present application;
FIG. 5 is a schematic diagram of a government-enterprise user scenario shown in an exemplary embodiment of the present application;
figure 6 is a schematic diagram of a DPI node according to an exemplary embodiment of the present application;
FIG. 7 illustrates a schematic diagram of a computer device suitable for use in implementing embodiments of the present application.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
The block diagrams shown in the figures are functional entities only and do not necessarily correspond to physically separate entities. I.e. these functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor means and/or microcontroller means.
The flow charts shown in the drawings are merely illustrative and do not necessarily include all of the contents and operations/steps, nor do they necessarily have to be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the actual execution sequence may be changed according to the actual situation.
It should also be noted that: reference to "a plurality" in this application means two or more. "and/or" describe the association relationship of the associated objects, meaning that there may be three relationships, e.g., A and/or B may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship.
Referring to fig. 1, fig. 1 is a schematic diagram of an implementation environment related to the present application. The implementation environment comprises a DPI node 10 and a policy management and control network element 20, wherein the DPI node 10 and a server 20 communicate through a wired or wireless network;
the DPI node 10 is configured to obtain a user IP and user account information of the user terminal, and send the user account information to the policy control network element to obtain a corresponding traffic control policy;
the policy control network element 20 is configured to associate the user account information with the mapping list to obtain an association relationship between the user account information and a traffic control policy;
the DPI node 10 is further configured to receive a traffic control policy associated with the user account information and sent by the policy control network element, form an association relationship between the user IP and the user account information and the traffic control policy, and further control the service traffic of the user terminal according to the traffic control policy.
The DPI node and the policy control Network element 20 may be independent physical servers, may also be a server cluster or a distributed system formed by a plurality of physical servers, and may also be cloud servers providing basic cloud computing services such as cloud service, cloud database, cloud computing, cloud function, cloud storage, Network service, cloud communication, middleware service, domain name service, security service, CDN (Content Delivery Network), big data, and artificial intelligence platform, which are not limited herein.
Referring to fig. 2, fig. 2 is a flowchart illustrating a traffic flow management method performed by DPI node 10 shown in fig. 1 according to an exemplary embodiment of the present application, where the traffic flow management method includes steps S110 to S130, and is described in detail as follows:
s110, when the user terminal accesses the network, acquiring the user IP and the user account information of the user terminal, and establishing the association relationship between the user IP and the user account information.
In this embodiment, the user terminal may access the network through a wireless mobile communication network, a broadband network, and the like, and when the user terminal accesses the network, account information of the user terminal is obtained, where the account information refers to an account and a password of a broadband internet access service, and when the account information is that the broadband service is opened, a broadband operator (telecommunications, mobile, communications, and the like) provides the user terminal with the account information as a verification credential for accessing the network. For example, when accessing a network through a Point-to-Point Protocol over Ethernet (PPPoE) session, a user terminal dials a number through PPPoE, inputs an account and a password, and obtains the account password of the user terminal.
It should be noted that, in an example of this embodiment, acquiring the user IP and the user account information of the user terminal includes: receiving an authentication message which is synchronous with the mirror image of the authentication server and interacts with the user terminal, and extracting user IP and user account information from the authentication message.
It can be understood that, when the user terminal wants to access the network, an account and a password are input, the authentication server needs to authenticate the account and the password to determine whether the account and the password are correct and whether the account is accessed to the network, when the authentication server and the user terminal perform authentication interaction, the authentication message includes a message in an authentication stage of authenticating the account and the password, and the message in the authentication stage includes the account and the password; after the authentication server obtains the authentication message, the authentication message is copied and sent to a DPI node, and then the DPI extracts user account information from the authentication message; for example, when the user terminal accesses the network through the PPPoE session, the DPI node receives the Authentication packet, splits and interprets the PPPoE session packet in the Radius interaction packet, where the PPPoE session packet includes an interaction packet at a PPPoE Authentication stage, such as a CHAP (Challenge Handshake Authentication Protocol) Authentication packet, and then the DPI node extracts the user account information from the PPPoE session packet.
It can be understood that, the authentication server needs to record online information of the user IP of the user terminal at the user terminal in addition to authenticating the account and the password of the user terminal, the authentication message in this embodiment also includes a negotiation-stage message, the negotiation-stage message includes the user IP, after the DPI receives the authentication message, the DPI extracts the user IP from the authentication message, and establishes a corresponding relationship between the user account information and the IP, so as to subsequently determine a traffic control policy corresponding to the IP. For example, when the user terminal accesses the network through the PPPoE session, the PPPoE session message further includes an interactive message in an IPCP (Internet Protocol Control Protocol) negotiation stage, such as an IPCP negotiation message, and further extracts the user IP.
In another example of this embodiment, when the authentication server performs authentication interaction with the user terminal, the account information and the user IP of the user terminal may be obtained, and at this time, the authentication server may also directly send the account information and the user IP to the DPI node without mirroring the synchronization packet.
And S120, sending the user account information to a policy control network element so that the policy control network element associates the user account information with the mapping list to obtain an association relation between the user account information and the traffic control policy.
In this embodiment, the DPI node sends the user account information to a policy control network element, the policy control network element associates the user account information with the mapping list, and the policy control network element obtains an association relationship between the user account information and a traffic control policy, where the association relationship between the user account information and the traffic control policy obtained by the policy control network element may be an association relationship between the currently obtained user account information and the traffic control policy, or an association relationship between all the user account information and the traffic control policy, which is not limited herein.
It should be noted that the traffic control policy is a policy for managing and controlling the service traffic of the user terminal, and includes, but is not limited to, management and control manners such as acceleration, disabling, and traffic security protection of the service traffic.
S130, receiving a traffic control strategy which is sent by the strategy control network element and is associated with the user account information, and forming an association relation between the user IP and the user account information as well as the traffic control strategy so as to control the service traffic of the user terminal.
In this embodiment, after the policy control network element obtains the relationship between the user account information and the traffic control policy, the traffic control policy associated with the user account information is sent to the DPI node, and then the DPI node merges the association relationship between the user IP and the user account information, so that a session flow table of a single user terminal is formed, that is, the association relationship between the user IP and the user account information and the traffic control policy is formed, so as to control the service traffic of the user terminal, where one or more traffic control policies received by the DPI may be used, and are not limited herein.
Illustratively, when a user terminal a accesses a network, a DPI node receives an authentication message which is synchronous with an authentication server mirror image and interacts with the user terminal a, extracts user account information a and a user IP1 from the authentication message, the DPI node establishes an association relationship between the user account information a and an IP1, the DPI node sends the user account information a to a policy control network element, and then receives a traffic control policy a associated with the user account information a, thereby forming an association relationship between the IP1 and the user account information a and the traffic control policy a. It can be understood that the DPI node may receive authentication packets corresponding to a plurality of user terminals whose authentication servers are mirror-synchronized at the same time, and then the DPI node may form user account information and a traffic control policy of the plurality of user terminals, for example, an association relationship between the IP3 and the user account information B and the traffic control policy B may also be formed for the user terminal B.
It is to be noted that, after the DPI node forms an association relationship between the user IP and the user account information and the traffic control policy, the method provided in this embodiment further includes:
when the business flow of the user terminal is detected to enter, acquiring a user IP of the user terminal, and determining a corresponding flow control strategy through the incidence relation between the user IP and the user account information and the flow control strategy; and controlling the service flow of the user terminal according to the flow control strategy.
In this embodiment, when a user terminal accesses a network, the user terminal may use the network, and when the user terminal uses the network, a service flow may enter a DPI node, and then the DPI node detects that a service flow of the user terminal enters, the DPI node obtains a user IP of the service flow, because the DPI node establishes an association relationship between the user IP and user account information, the DPI node also forms an association relationship between the user IP and the user account information and a flow control policy, and then the DPI node may determine the flow control policy corresponding to the user IP, and further manage and control the service flow of the user terminal according to the flow control policy, for example, accelerate or disable the service flow of the user terminal.
Illustratively, when the user terminal a uses the network, the traffic flow enters the DPI node, the DPI node collects and identifies the traffic flow on the link, identifies and acquires the user IP as IP1, and determines the traffic control policy corresponding to the IP1 according to the IP1, the user account information a, and the traffic control policy a.
It should be noted that, the DPI node in this embodiment may also accurately identify the traffic flows of different service types, and further associate corresponding flow management and control policies with the traffic flows of different service types; optionally, the traffic management policy includes different sub-traffic management policies corresponding to the traffic of different service types; the service type refers to a type of a service corresponding to the service traffic, for example, the type of the service corresponding to the game traffic is an entertainment service, the type of the service corresponding to the payment traffic is a payment service, and the type of the service corresponding to the instant messaging traffic is a communication service; different service types correspond to different sub-flow management strategies, and then the step of managing and controlling the service flow of the user terminal according to the flow management and control strategy comprises the following steps:
identifying the service type of the service flow of the user terminal; and associating a corresponding sub-traffic control strategy according to the service type of the service traffic, and managing and controlling the service traffic of the user terminal according to the sub-traffic control strategy.
For example, the entertainment service type corresponds to a sub-traffic control policy 1, the payment service type corresponds to a sub-traffic control policy 2, and the communication service type corresponds to a sub-traffic control policy 3; when the service flow of the user terminal enters the DPI node, the DPI node identifies the service type of the service flow of the user terminal, if the service type is entertainment service, the corresponding sub-flow management and control strategy 1 is associated, and then the service flow of the user terminal is managed and controlled according to the sub-flow management and control strategy 1.
It can be understood that the correspondence between the service traffic of the service type and the sub-traffic management and control policy can be flexibly adjusted according to the actual requirements of the user, for example, the sub-traffic control policy 1 corresponding to the service traffic of the entertainment service type is traffic acceleration, and the sub-traffic management and control policy 3 corresponding to the communication service type is forbidden traffic.
In an example of this embodiment, the method for traffic control may be applied to a scenario of traffic control for a personal user, optionally, where a user identity corresponding to account information is a personal user, and controlling the traffic of the user terminal according to a sub-traffic control policy includes: the service flow of the payment service type of the user terminal is disabled within a first preset time period, wherein the first preset time period can be set by a user, for example, the service flow of the payment service type of the user terminal is disabled within 2:00 and 6:00 in the morning, such as the flow of the disabled wechat payment.
Further, if the individual user is a preset behavior limitation user, service traffic of the payment service type of the user terminal is forbidden in a first preset time period. The preset behavior limitation user can be a young person or an old person; it can be understood that when the operator opens the traffic for the user, the operator may obtain the identity information of the user, such as the identification number, and further determine the age of the individual user according to the identity information, so as to determine whether the user corresponding to the account information is a preset behavior-restricted user, and if so, forbid the service traffic of the payment service type in the first preset time period, so as to avoid the underage and the elderly from fraudulently consuming.
Optionally, the controlling the service traffic of the user terminal according to the sub-traffic control policy further includes: and accelerating the service flow of the entertainment service type of the user terminal within a second preset time period. Wherein the acceleration refers to the acceleration of traffic, the type of entertainment service includes, but is not limited to, games, videos, etc., and the second preset time period may be a preset time period from the game or video being turned on, for example, the traffic of the game service of the user terminal is accelerated within 10 minutes after the game is turned on.
Optionally, the controlling the service traffic of the user terminal according to the sub-traffic control policy based on the subordinate user identity of the government-enterprise user or the account information includes: accelerating the service flow of the instant messaging service type of the user terminal within a first preset time period, for example, accelerating the service flow of a video call of an employee during meeting time; forbidding the service flow of the entertainment service type of the user terminal in a second preset time period, for example, forbidding the service flow of the game service of the staff in the working time of 9:00-12: 00; it is understood that the sub-traffic control policies corresponding to the traffic flows can be flexibly set by the government users, which is only exemplified herein.
Optionally, the service traffic of the user terminal is controlled according to the traffic control policy, or an optimal network path may be selected for the service traffic of the user terminal, so as to ensure that the service traffic is stable and no packet is lost. For example, an optimal non-blocked path is selected for the video traffic of the user terminal to ensure that the user can watch the video smoothly.
The service flow management and control method provided by this embodiment may be applied to a traffic management and control scenario of a government-enterprise user, where a user identity corresponding to account information is a subordinate user identity of the government-enterprise user, the traffic management and control policy includes a sub-traffic management and control policy corresponding to the subordinate user identity, and managing and controlling service flow of the user terminal according to the traffic management and control policy includes: monitoring the service flow of a subordinate user terminal of an enterprise user to determine the network behavior of the subordinate user; and managing and controlling the service flow of the user terminal according to the network behavior and the sub-flow management and control strategy of the subordinate user.
The government and enterprise users comprise but are not limited to enterprise, school, government and other industry clients, and subordinate users of the government and enterprise users comprise employees, students, teachers, official staff and the like; in this embodiment, the service traffic of the subordinate user terminal of the enterprise user is monitored, and the network behavior of the subordinate user can be determined according to the use of the service traffic, for example, when the use of the service traffic is to transmit a file to the outside of the enterprise, the network behavior of the subordinate user is determined to be a data uploading behavior; and for another example, if the purpose of the traffic flow is game starting, the network behavior of the subordinate user can be determined to be game playing.
It should be noted that the sub-traffic policing policy in this embodiment corresponds to the network behavior of the subordinate user, and after determining the network behavior of the subordinate user, the sub-traffic policing policy corresponding to the network behavior of the subordinate user is determined, so as to manage and control the traffic of the user terminal of the subordinate user.
Optionally, the sub-traffic control policy includes disabling traffic flow when the network behavior is data external transmission; if the network behavior is the game behavior of the working time, the service flow is forbidden; and if the network behavior is normal working behavior, accelerating the service flow or performing flow safety protection.
It is to be noted that, in this embodiment, a policy control network element determines a user identity corresponding to account information, and an association relationship between the user identity and a traffic control policy is stored in the policy control network element, so that after the policy control network element is associated with a mapping list, the association relationship between the user account information and the user identity and the traffic control policy can be obtained; therefore, when the policy control network element determines that the user identity corresponding to the account information is an individual user identity, the policy control network element sends the traffic control policy corresponding to the individual user to the DPI node, and the DPI node performs traffic flow control; the policy control network element determines that the user identity corresponding to the account information is a subordinate user identity of the government-enterprise user, and if the user identity is an employee of a certain enterprise, the policy control network element first finds a traffic control policy of the enterprise, further finds a sub-traffic control policy corresponding to each employee in the traffic control policy of the enterprise, and sends the sub-traffic control policy to the DPI node.
In this embodiment, the DPI node may further perform real-time backtracking on the accessed user, specifically, the real-time backtracking on the user identity of the ubiquitous access network, and after controlling the service traffic of the user terminal according to the traffic control policy, the method further includes: and when the service flow is determined to be the service flow of the preset industry, acquiring the user identity of the user terminal from the strategy control network element to provide a potential demand user list for the preset industry.
The DPI node analyzes the service flow, so that the purpose of the service flow can be determined, and further the industry to which the service flow belongs can be determined; when the DPI node detects the business flow of the user such as game entertainment, education learning, medical health and the like, the DPI node can request the strategy control network element to acquire the identity information because the strategy control network element stores the user identity information and the flow control strategy, so that a potential demand user list is provided for the game entertainment, the education learning and the medical health business.
It is understood that, in the embodiments of the present application, the user identity information is obtained to provide the preset industry with the data related to the list of potential users in need, when the above embodiments of the present application are applied to specific products or technologies, user permission or consent needs to be obtained, and the collection, use and processing of the related data need to comply with the relevant laws and regulations and standards of the relevant countries and regions.
The technical solution of the embodiment shown in fig. 2 is explained from the perspective of a DPI node, and the technical solution of the embodiment of the present application is explained from the perspective of a traffic flow management and control system in conjunction with fig. 3 as follows:
fig. 3 shows an architecture diagram of a traffic flow management and control system, which includes a DPI node 10, a policy management and control network element 20, and a user terminal 50, where:
the DPI node 10 is configured to, when the user terminal 50 accesses a network, acquire a user IP and user account information of the user terminal 50, establish an association relationship between the user IP and the user account information, and send the user account information to the policy control network element 20;
the policy control network element 20 is configured to associate the user account information with the mapping list 30 to obtain an association relationship between the user account information and a traffic control policy, and send the traffic control policy associated with the user account information to the DPI node 10;
the DPI node 10 is further configured to receive a traffic control policy associated with the user account information and sent by the policy control network element 20, and form an association relationship between the user IP and the user account information and the traffic control policy, so as to control the service traffic of the user terminal 50.
In this embodiment, the DPI node 10 sends user account information to the policy control network element 20, where the user account information refers to an account and a password of a broadband internet access service, and the policy control network element 20 may associate the user account information with the mapping list 30 to obtain an association relationship between the user account information and a traffic control policy, for example, in an example, the mapping list 30 includes a mapping relationship between the user account information and the traffic control policy, and then the policy control network element 20 matches the user account information with the mapping list 30 to obtain an association relationship between the received user account information and the traffic control policy.
It should be noted that, in another example of this embodiment, the policy control network element 20 stores an association relationship between user identity information and a traffic control policy, the mapping list 30 stores an association relationship between a plurality of user account information and user identity information, and the policy control network element 20 associates the user account information with the mapping list 30 to obtain the user identity information and form an association relationship between the user account information and the user identity information and a traffic service policy, where the mapping list may be located in a database of another server or a database of the policy control network element 20. When the mapping list 30 is stored in a database of another server, after receiving the user account information, the policy control network element 20 sends the user account information to the server, and the server searches for the mapping list in the local database, and sends the identity information associated with the user account information to the policy control network element 20, so that the policy control network element 20 obtains the association relationship between the user account and the user identity information and the traffic service policy.
In this embodiment, the traffic control system further includes an authentication server 40, where the authentication server 40 is configured to perform authentication interaction with the user terminal 50, and after the authentication is successful, mirror-image the authentication packet to the DPI node 10; and the DPI node 10 is configured to extract the IP and the user account information from the authentication packet.
It can be understood that, when the user terminal 50 wants to access the network, the authentication server 40 authenticates the account and the password sent by the user terminal 50, determines whether the account and the password are matched and correct, and configures the user IP of the user terminal 50 when the account and the password are matched and correct; after the authentication server 40 successfully authenticates the user terminal 50, the authentication message is mirrored and synchronized to the DPI node 10, and then the DPI node 10 can extract the user IP and the user account information from the authentication message, at this time, the DPI node 10 can establish an association relationship between the user IP and the user account information, so as to subsequently determine a traffic control policy corresponding to the corresponding IP and the account.
For convenience of understanding, the present embodiment describes a traffic flow control method with a specific example, as shown in fig. 4, which is applied to a traffic flow control system, and includes: a user (terminal) 50, a base station 60, an LAC (location area code) Network element 70, an LNS (L2TP Network Server, L2TP access concentrator) 80, a Radius (authentication Server) 40, a DPI node 10, a policy management and control Network element 20, and a mapping list 30;
the LAC network element 70 is an area set for paging, covers a geographical area, and is generally divided into administrative areas (a county or a district) or paging volumes at the initial stage; LAC70 and LNS80 are used for building a data link layer tunnel from a core network to a metropolitan area network SR/Bras, LNS80 is a device for processing the end part of an L2TP protocol server, is used as the other end point of the L2TP tunnel, is the opposite end device of LAC70, and is the logic termination end point of the PPP session tunneled by LAC 70; LAC dialing is carried out on a User Plane Function (UPF) and a User Plane Function (PGW) without complicated conversion from an IMSI number to a mobile phone number, so that the method is low in cost and high in reliability.
Radius40 is used for authentication interaction with user 50.
The DPI node 10 is provided with a traffic feature library, and is configured to identify the traffic of the user 50, and is further configured to identify user information in the authentication message sent by the Radius40, establish a mapping relationship between a user IP and a user account, and monitor and control the traffic based on the user IP.
The policy control network element 20 is configured to store a service traffic control policy of a user account, associate the IP and account information with the user identity information, match and issue a corresponding service traffic control policy, and perform related control operations.
The mapping list 30 stores the association relationship between the user accounts and the identity information of a plurality of access networks of the user. The service flow management and control method comprises the following steps:
1. the user 50 accesses the internet through a wireless mobile communication network, a broadband network, or the like.
2. When the user 50 is online, the authentication traffic is transmitted to the Radius40 through the LAC70, and after the authentication is successful, the Radius40 mirrors the authentication interaction packet to the DPI node 10.
3. The DPI node 10 splits the PPPoE session packet in the authentication interaction, extracts the user IP and account information, and merges with the user traffic flow in real time to form a session flow table of the IP and account information and traffic flow of a single user.
4. The DPI node 10 uploads the user account to the policy control network element 20, and the policy control network element 20 associates the user account with the mapping list to obtain user identity information, and forms associated information of the user account, the user identity information, and the traffic control policy.
5. And the policy control network element 20 returns a corresponding traffic control policy to the DPI node 10 according to the user account.
6. The DPI node 10 forms a session flow table of the IP and account information and the traffic flow and traffic control policy.
7. User service traffic enters the DPI node 10 through a VPN (virtual private network) formed by the LAC70 and the LNS80, and the DPI node 10 acquires a user IP of the traffic, matches the user IP with an account of a user, further acquires a traffic control policy, and performs uniform policy scheduling on the service traffic.
Here, an application scenario of the method for controlling traffic flow is described:
the ubiquitous access scene of individual users: the same user accesses the internet through a plurality of accounts of a wireless fixed broadband, can enjoy the same services (such as network acceleration, flow security protection and the like) according to the application requirements of the user, and realizes the consistency of the single-user service strategy under the ubiquitous access condition;
a government-enterprise user scene: the system comprises a plurality of industry clients such as large enterprises, schools and governments, and can perform operations such as unified monitoring, management and control on internet surfing behaviors of subordinates of the industry clients based on management requirements of the industry clients, for example, bad access or illegal websites are prohibited in a campus network; even if the student leaves the school and goes home, the student can be limited from accessing illegal webpages according to the same strategy of family broadband association, such as online entertainment during working of government and enterprise employees is limited, and the working efficiency is improved.
For example, as shown in fig. 5, when employee 1 user accesses the network through the mobile phone account corresponding to IP1, the DPI node acquires the IP1 and the mobile phone account 1 through an authentication message mirrored by the authentication server, sends the mobile phone account 1 to a control strategy network element, sends the mobile phone account 1 to a server corresponding to the mapping list, and receives the association relationship between the mobile phone account number 1 and the employee 1 returned by the server, the management and control strategy network element stores the flow management and control strategy set by the enterprise A for each employee, further, the management and control policy network element forms a corresponding relationship between IP1 and mobile account 1 and employee 1 and between enterprise a and traffic management and control policy 1, and further sending the traffic control policy 1 to a DPI node, wherein the DPI node forms an association relationship between the IP1 and the mobile account 1 and the employee 1 and the traffic control policy 1, and further controls the service traffic of the IP1 according to the traffic control policy 1. When the employee 1 accesses the network by using the broadband account corresponding to the IP2, the DPI node forms an association relationship between the IP2 and the broadband account 1 and between the employee 1 and the traffic control policy 1, and also controls the service traffic of the IP2 according to the traffic control policy 1.
It should be noted that the IP address of a single user may change, for example, internet access is performed through a mobile phone and a computer, and the IP addresses are different, so that the traffic control policy is associated based on the IP address, and thus, unified management of the control policy and synchronization of scheduling of each network policy cannot be realized; the service flow management and control method provided by the embodiment of the invention applies the corresponding management and control strategy to the management and control strategy network element through the user account, has high generalization degree, realizes unified strategy scheduling on the service flow and realizes the consistency of the service strategy.
Further, the authentication message is mirrored to the DPI node through Radius, so that the problem of huge overhead caused by packet-by-packet decapsulation in the related art is solved, for example, PGW and UPF need to decapsulate a user flow packet-by-packet to intercept the IMSI (International Mobile Subscriber Identity) information of the user, which seriously affects the device operation and forwarding.
Furthermore, the problem of hysteresis of an offline analysis mode based on the association of the authentication database is solved through the real-time backtracking of the user identity of the ubiquitous access network.
Furthermore, through DPI system transformation, a DPI node is deployed independently from centralized service of a professional network, authentication messages and user flow messages of user internet access traffic are integrated in a correlation mode, real-time correlation between IP and user account information and traffic and a traffic control strategy is achieved through authentication interaction information lightweight reading overhead, and real-time synchronous backtracking of IP information in a whole life cycle of an authentication process is guaranteed.
Furthermore, under the situation of a government-enterprise user, hierarchical policy management is introduced, a three-level association table of information of the administrative enterprise user and the individual user and a professional network account is established, and the problem that the network in the related technology is only suitable for a 2C (personal-oriented) scene and is not suitable for a 2B (enterprise-oriented) scene is solved;
furthermore, based on the butt joint with each professional network and the unified strategy management, no matter the professional network is accessed through wireless or fixed bandwidth, the problem of asynchronous scheduling of each network service strategy is solved through a unified strategy, the ubiquitous unified control of the service strategies is realized, the multi-dimensional management of the multi-access network can be carried out, and the flexibility is higher.
Further, compared with traditional routing forwarding, the policy control network element and the DPI system are separated in transfer control, a coupling effect is achieved between the database and the DPI system, a multi-level association table of the IP, the account number, the identity and the policy is established, and efficient forwarding of the DPI system based on services is achieved.
The following describes embodiments of an apparatus of the present application, which may be used to implement the traffic-based traffic flow management and control method in the above embodiments of the present application. For details that are not disclosed in the embodiments of the apparatus of the present application, please refer to the embodiments of the traffic flow control method described above in the present application.
As shown in fig. 6, fig. 6 is a schematic diagram of a DPI node according to an exemplary embodiment of the present application, including:
the acquiring module 610 acquires a user IP and user account information of the user terminal when the user terminal accesses the network, and establishes an association relationship between the user IP and the user account information;
the sending module 620 is configured to send the user account information to the policy control network element, so that the policy control network element associates the user account information with the mapping list to obtain an association relationship between the user account information and the traffic control policy;
the receiving module 630 receives a traffic control policy associated with the user account information and sent by the policy control network element, and forms an association relationship between the user IP and the user account information as well as the traffic control policy, so as to control the service traffic of the user terminal.
In some embodiments of the present application, based on the foregoing scheme, the obtaining module 620 is specifically configured to receive an authentication message that is synchronized with an authentication server mirror image and interacts with a user terminal, and extract user IP and user account information from the authentication message.
In some embodiments of the application, based on the foregoing scheme, the DPI node further includes a management and control module, configured to obtain a user IP of the user terminal when detecting that the traffic flow of the user terminal enters, and determine a corresponding flow management and control policy according to an association relationship between the user IP and user account information and an association relationship between the user account information and the flow management and control policy; and managing and controlling the service flow of the user terminal according to the flow management and control strategy.
In some embodiments of the present application, based on the foregoing solution, the traffic management policy includes different sub-traffic management policies corresponding to traffic flows of different traffic types; the process of the management and control module for managing and controlling the service flow of the user terminal according to the flow management and control strategy comprises the following steps: identifying the service type of the service flow of the user terminal; and associating the corresponding sub-flow traffic control strategy according to the service type of the service traffic, and managing and controlling the service traffic of the user terminal according to the sub-flow traffic control strategy.
In some embodiments of the present application, based on the foregoing scheme, the user identity corresponding to the account information is a subordinate user identity of the government-enterprise user, and the traffic control policy includes a sub-traffic control policy corresponding to the subordinate user identity; the process of the management and control module for managing and controlling the service flow of the user terminal according to the flow management and control strategy comprises the following steps: monitoring the service flow corresponding to the subordinate user of the enterprise user to determine the network behavior of the subordinate user; and managing and controlling the service flow of the user terminal corresponding to the subordinate user according to the network behavior of the subordinate user and the sub-flow management and control strategy.
In some embodiments of the application, based on the foregoing scheme, the DPI node further includes a request module, configured to request the policy control network element to acquire a user identity of the user terminal when it is determined that the service traffic is service traffic of a preset industry, so as to provide a potentially required user list for the preset industry.
It should be noted that the apparatus provided in the foregoing embodiment and the method provided in the foregoing embodiment belong to the same concept, and the specific manner in which each module and unit execute operations has been described in detail in the method embodiment, and is not described again here.
In an exemplary embodiment, a computer device includes one or more processors; storage means for storing one or more programs which, when executed by the one or more processors, cause the computer device to implement the method as described above.
FIG. 7 is a block diagram illustrating a computer device according to an example embodiment.
It should be noted that the computer device is only one example adapted to the application and should not be considered as providing any limitation to the scope of use of the application. Nor should the computer device be interpreted as having a need to rely on or have to have one or more components of the exemplary computer device shown in fig. 7.
As shown in fig. 7, in an exemplary embodiment, the computer device includes a processing component 701, a memory 702, a power component 703, a multimedia component 704, an audio component 705, a processor 706, a sensor component 707, and a communication component 708. The above components are not all necessary, and the computer device may add other components or reduce some components according to its own functional requirements, which is not limited in this embodiment.
The processing component 701 generally controls overall operation of the computer device, such as operations associated with display, data communication, and log data processing. Processing component 701 may include one or more processors 706 to execute instructions to perform all or a portion of the steps of the above-described operations. Further, processing component 701 may include one or more modules that facilitate interaction between processing component 701 and other components. For example, the processing component 701 may include a multimedia module to facilitate interaction between the multimedia component 704 and the processing component 701.
The memory 702 is configured to store various types of data to support operation at the computer device, examples of which include instructions for any application or method operating on the computer device. The memory 702 has stored therein one or more modules configured to be executed by the one or more processors 706 to perform all or a portion of the steps of the methods described in the embodiments above.
The power supply component 703 provides power to the various components of the computer device. The power components 703 may include a power management system, one or more power supplies, and other components associated with generating, managing, and distributing power for a computer device.
The multimedia component 704 includes a screen that provides an output interface between the computer device and the user. In some embodiments, the screen may include a TP (Touch Panel) and an LCD (Liquid Crystal Display). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive an input signal from a user. The touch panel includes one or more touch sensors to sense touch, slide, and gestures on the touch panel. The touch sensor may not only sense the boundary of a touch or slide action, but also detect the duration and pressure associated with the touch or slide operation.
The audio component 705 is configured to output and/or input audio signals. For example, audio component 705 includes a microphone configured to receive external audio signals when the computer device is in an operational mode, such as a call mode, a recording mode, and a voice recognition mode. In some embodiments, audio component 705 also includes a speaker for outputting audio signals.
The sensor component 707 includes one or more sensors for providing various aspects of state assessment for the computer device. For example, the sensor component 707 can detect an open/closed state of the computer device and can also detect a temperature change of the computer device.
The communication component 708 is configured to facilitate wired or wireless communication between the computer device and other devices. The computer device may access a Wireless network based on a communication standard, such as Wi-Fi (Wireless-Fidelity, Wireless network).
It will be appreciated that the configuration shown in FIG. 7 is merely illustrative and that a computer device may include more or fewer components than shown in FIG. 7 or have different components than shown in FIG. 7. Each of the components shown in fig. 7 may be implemented in hardware, software, or a combination thereof.
In an exemplary embodiment, a computer-readable storage medium has stored thereon a computer program which, when executed by a processor, implements the method as described above. The computer-readable storage medium may be included in the computer device described in the above embodiments, or may exist separately without being incorporated in the computer device.
It should be noted that the computer readable storage medium shown in the embodiments of the present application may be, for example, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination thereof. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a Read-Only Memory (ROM), an Erasable Programmable Read-Only Memory (EPROM), a flash Memory, an optical fiber, a portable Compact Disc Read-Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present application, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
Other embodiments of the present application will be apparent to those skilled in the art from consideration of the specification and practice of the embodiments disclosed herein. This application is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains.
The above description is only a preferred exemplary embodiment of the present application, and is not intended to limit the embodiments of the present application, and those skilled in the art can easily make various changes and modifications according to the main concept and spirit of the present application, so that the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (10)
1. A method for managing and controlling service flow is applied to a Deep Packet Inspection (DPI) node, and comprises the following steps:
when a user terminal accesses a network, acquiring a user IP and user account information of the user terminal, and establishing an association relationship between the user IP and the user account information;
sending the user account information to a policy control network element so that the policy control network element associates the user account information with a mapping list to obtain an association relation between the user account information and a traffic control policy;
and receiving a traffic control policy associated with the user account information and sent by the policy control network element, and forming an association relation between the user IP and the user account information as well as the traffic control policy so as to control the service traffic of the user terminal.
2. The method according to claim 1, wherein the acquiring account information of the user terminal comprises:
receiving an authentication message which is synchronous with the mirror image of the authentication server and interacts with the user terminal, and extracting the user IP and the user account information from the authentication message.
3. The method according to claim 1, wherein after the forming of the association relationship between the user IP and the user account information and the traffic control policy, the method includes:
when the business flow of the user terminal is detected to enter, acquiring a user IP of the user terminal, and determining a corresponding flow control strategy according to the incidence relation between the user IP and the user account information and the flow control strategy;
and managing and controlling the service flow of the user terminal according to the flow management and control strategy.
4. The method according to claim 3, wherein the traffic management policy includes different sub-traffic management policies corresponding to traffic of different service types, and the managing and controlling the traffic of the user equipment according to the traffic management policy includes:
identifying the service type of the service flow of the user terminal;
and associating a corresponding sub-traffic control strategy according to the service type of the service traffic, and managing and controlling the service traffic of the user terminal according to the sub-traffic control strategy.
5. The method according to claim 3, wherein the user identity corresponding to the account information is a subordinate user identity of a government-enterprise user, and the traffic control policy comprises a sub-traffic control policy corresponding to the subordinate user identity; the controlling the service traffic of the user terminal according to the traffic control policy includes:
monitoring the business flow corresponding to the subordinate user of the government-enterprise user to determine the network behavior of the subordinate user;
and managing and controlling the service flow of the user terminal corresponding to the subordinate user according to the network behavior of the subordinate user and the sub-flow management and control strategy.
6. The method according to claim 4 or 5, wherein after the controlling the traffic flow of the user equipment according to the traffic control policy, the method further comprises:
and when the service flow is determined to be the service flow of a preset industry, requesting the policy control network element to acquire the user identity of the user terminal so as to provide a potential demand user list for the preset industry.
7. A traffic flow management and control system, comprising:
the deep packet inspection DPI node is used for acquiring a user IP and user account information of a user terminal when the user terminal is accessed to a network, establishing an association relation between the user IP and the user account information, and sending the user account information to a policy control network element;
the policy control network element is configured to associate the user account information with a mapping list to obtain an association relationship between the user account information and the traffic control policy, and send the traffic control policy associated with the user account information to a DPI node;
the DPI node is further configured to receive a traffic control policy associated with the user account information and sent by the policy control network element, and form an association relationship between the user IP and the user account information and the traffic control policy, so as to control the service traffic of the user terminal.
8. The system according to claim 7, wherein the mapping list is used for storing a plurality of association relationships between user account information and user identity information;
the policy control network element is configured to store an association relationship between a user identity and a traffic control policy, associate the user account information with the mapping list to obtain user identity information, and form an association relationship between the user account information and the user identity information and the traffic service policy.
9. A Deep Packet Inspection (DPI) node is characterized by comprising:
the system comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for acquiring a user IP and user account information of a user terminal when the user terminal is accessed to a network and establishing an association relation between the user IP and the user account information;
the sending module is used for sending the user account information to a policy control network element so that the policy control network element associates the user account information with a mapping list to obtain an association relation between the user account information and the traffic control policy;
and the receiving module is used for receiving a traffic control strategy which is sent by the strategy control network element and is associated with the user account information, and forming an association relation between the user IP and the user account information as well as the traffic control strategy so as to control the service traffic of the user terminal.
10. A computer-readable storage medium having computer-readable instructions stored thereon, which, when executed by a processor of a computer, cause the computer to perform the method of any one of claims 1 and 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111365518.1A CN114079971A (en) | 2021-11-17 | 2021-11-17 | Service flow management and control method, system, DPI node and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111365518.1A CN114079971A (en) | 2021-11-17 | 2021-11-17 | Service flow management and control method, system, DPI node and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114079971A true CN114079971A (en) | 2022-02-22 |
Family
ID=80283748
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111365518.1A Pending CN114079971A (en) | 2021-11-17 | 2021-11-17 | Service flow management and control method, system, DPI node and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114079971A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114866553A (en) * | 2022-04-27 | 2022-08-05 | 阿里云计算有限公司 | Data distribution method, equipment and storage medium |
| CN114980064A (en) * | 2022-05-16 | 2022-08-30 | 中国电信股份有限公司 | Information association method and device, electronic equipment and storage medium |
| CN116471237A (en) * | 2023-06-16 | 2023-07-21 | 四川轻化工大学 | Network addiction control method based on QoS technology |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101465856A (en) * | 2008-12-31 | 2009-06-24 | 杭州华三通信技术有限公司 | Method and system for controlling user access |
| CN101511055A (en) * | 2009-02-19 | 2009-08-19 | 华为技术有限公司 | Method and device for delivering advertisement |
| CN101599895A (en) * | 2008-06-04 | 2009-12-09 | 华为技术有限公司 | Data processing method and wideband network gateway, strategy controller device and access node apparatus |
| WO2010102570A1 (en) * | 2009-03-12 | 2010-09-16 | 成都市华为赛门铁克科技有限公司 | Method and apparatus for realizing green internet-access |
| CN103974232A (en) * | 2013-01-24 | 2014-08-06 | 中国电信股份有限公司 | Method and system for identifying WiFi user terminal |
| US20170019424A1 (en) * | 2014-03-11 | 2017-01-19 | Telefonaktiebolaget Lm Ericsson (Publ) | Methods, Devices and Computer Programs for Subjecting Traffic Associated with a Service to a Specific Treatment |
| CN110808919A (en) * | 2019-10-21 | 2020-02-18 | 新华三信息安全技术有限公司 | Flow control method and device, network equipment and storage medium |
| CN112685618A (en) * | 2019-10-17 | 2021-04-20 | 中国移动通信集团浙江有限公司 | User feature identification method and device, computing equipment and computer storage medium |
-
2021
- 2021-11-17 CN CN202111365518.1A patent/CN114079971A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101599895A (en) * | 2008-06-04 | 2009-12-09 | 华为技术有限公司 | Data processing method and wideband network gateway, strategy controller device and access node apparatus |
| CN101465856A (en) * | 2008-12-31 | 2009-06-24 | 杭州华三通信技术有限公司 | Method and system for controlling user access |
| CN101511055A (en) * | 2009-02-19 | 2009-08-19 | 华为技术有限公司 | Method and device for delivering advertisement |
| WO2010102570A1 (en) * | 2009-03-12 | 2010-09-16 | 成都市华为赛门铁克科技有限公司 | Method and apparatus for realizing green internet-access |
| CN103974232A (en) * | 2013-01-24 | 2014-08-06 | 中国电信股份有限公司 | Method and system for identifying WiFi user terminal |
| US20170019424A1 (en) * | 2014-03-11 | 2017-01-19 | Telefonaktiebolaget Lm Ericsson (Publ) | Methods, Devices and Computer Programs for Subjecting Traffic Associated with a Service to a Specific Treatment |
| CN112685618A (en) * | 2019-10-17 | 2021-04-20 | 中国移动通信集团浙江有限公司 | User feature identification method and device, computing equipment and computer storage medium |
| CN110808919A (en) * | 2019-10-21 | 2020-02-18 | 新华三信息安全技术有限公司 | Flow control method and device, network equipment and storage medium |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114866553A (en) * | 2022-04-27 | 2022-08-05 | 阿里云计算有限公司 | Data distribution method, equipment and storage medium |
| CN114866553B (en) * | 2022-04-27 | 2024-05-28 | 阿里云计算有限公司 | Data distribution method, device and storage medium |
| CN114980064A (en) * | 2022-05-16 | 2022-08-30 | 中国电信股份有限公司 | Information association method and device, electronic equipment and storage medium |
| CN114980064B (en) * | 2022-05-16 | 2023-10-03 | 中国电信股份有限公司 | Information association method, device, electronic equipment and storage medium |
| CN116471237A (en) * | 2023-06-16 | 2023-07-21 | 四川轻化工大学 | Network addiction control method based on QoS technology |
| CN116471237B (en) * | 2023-06-16 | 2023-10-13 | 四川轻化工大学 | Network addiction control method based on QoS technology |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100461686C (en) | Biostatistically verified VLAN | |
| CN114079971A (en) | Service flow management and control method, system, DPI node and storage medium | |
| US8151322B2 (en) | Systems and methods for user access authentication based on network access point | |
| CN103916637B (en) | A kind of method and apparatus for safely sharing monitoring frontend | |
| WO2013008998A1 (en) | Wireless local area network access apparatus and operating method thereof | |
| CN109862565A (en) | A kind of WLAN unaware control method, system and readable storage medium storing program for executing | |
| CN107113319A (en) | Method, device, system and the proxy server of response in a kind of Virtual Networking Computing certification | |
| CN104809369B (en) | Packet sets method, client, server and the system of equipment access rights | |
| Beltran | Characterization of web single sign-on protocols | |
| CN106230594B (en) | Method for user authentication based on dynamic password | |
| CN101986598B (en) | Authentication method, server and system | |
| CN107277812A (en) | A kind of wireless network authentication method and system based on Quick Response Code | |
| CN104184709A (en) | Verification method, device, server, service data center and system | |
| CN106027565A (en) | PPPOE (Point-to-Point Protocol over Ethernet)-based Intranet-Extranet uniform authentication method and device | |
| CN104796408B (en) | Single-point live login method and single-point live login device | |
| CN103729590A (en) | Method, device and system for setting equipment access right | |
| CN109150787A (en) | A kind of authority acquiring method, apparatus, equipment and storage medium | |
| CN108924154A (en) | Identity identifying method and device | |
| US8769623B2 (en) | Grouping multiple network addresses of a subscriber into a single communication session | |
| CN106559785A (en) | Authentication method, equipment and system and access device and terminal | |
| US20090271852A1 (en) | System and Method for Distributing Enduring Credentials in an Untrusted Network Environment | |
| CN109067749A (en) | A kind of information processing method, equipment and computer readable storage medium | |
| CN113014554A (en) | Automatic switching method and system for internet access channel, ONU (optical network unit) equipment and OLT (optical line terminal) equipment | |
| CN106878020A (en) | Network system, the authentication method of the network equipment and device | |
| CN101193129A (en) | Generation method and device for authentication user name |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |