CN114338438A - Management method, system storage medium and device for internet surfing behavior - Google Patents
Management method, system storage medium and device for internet surfing behavior Download PDFInfo
- Publication number
- CN114338438A CN114338438A CN202111474024.7A CN202111474024A CN114338438A CN 114338438 A CN114338438 A CN 114338438A CN 202111474024 A CN202111474024 A CN 202111474024A CN 114338438 A CN114338438 A CN 114338438A
- Authority
- CN
- China
- Prior art keywords
- filtering
- request message
- server
- cpe
- filtering strategy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000007726 management method Methods 0.000 title claims abstract description 237
- 238000001914 filtration Methods 0.000 claims abstract description 232
- 238000000034 method Methods 0.000 claims abstract description 46
- 238000004891 communication Methods 0.000 claims abstract description 30
- 229920006235 chlorinated polyethylene elastomer Polymers 0.000 claims abstract description 14
- 238000000136 cloud-point extraction Methods 0.000 claims abstract description 14
- 230000006399 behavior Effects 0.000 claims description 162
- 230000005540 biological transmission Effects 0.000 abstract description 6
- 230000006870 function Effects 0.000 description 16
- 238000010586 diagram Methods 0.000 description 11
- 238000013461 design Methods 0.000 description 9
- 101100042631 Saccharomyces cerevisiae (strain ATCC 204508 / S288c) SIN3 gene Proteins 0.000 description 8
- 238000012550 audit Methods 0.000 description 8
- 238000012545 processing Methods 0.000 description 8
- 230000008569 process Effects 0.000 description 4
- 238000010200 validation analysis Methods 0.000 description 3
- 238000004590 computer program Methods 0.000 description 2
- 238000011217 control strategy Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000009467 reduction Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 230000006386 memory function Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a management method, a system storage medium and equipment for internet surfing behavior, relates to the field of data communication, and is used for reducing the occupation of data transmission on network bandwidth and reducing the service volume born by a server. The method is applied to Customer Premises Equipment (CPE) in an internet behavior management system, wherein the internet behavior management system comprises a server and a plurality of CPEs; each CPE stores a first filtering strategy, and the server stores a second filtering strategy; the method comprises the following steps: receiving original request messages sent by a plurality of clients; filtering the original request message according to a first filtering strategy to obtain an intermediate request message which accords with the first filtering strategy; and sending the intermediate request message to the server, so that the server filters the intermediate request message based on the second filtering strategy to obtain a target request message according with the second filtering strategy, and sending the target request message to the network side equipment.
Description
Technical Field
The present invention relates to the field of data communications, and in particular, to a method, a system storage medium, and a device for managing an internet access behavior.
Background
Under the application scene related to internet access, the traffic data of the user accessing the internet through the branch network needs to be monitored, controlled and the like, namely the management of the internet access behavior of the user is realized.
The traditional internet behavior management function is usually integrated into a dedicated internet behavior management device. The internet behavior management equipment is deployed at the outlet of each branch network to realize internet behavior management and audit. In the above method for managing internet access behaviors, since one internet access behavior management device needs to be configured for each branch network, the cost for managing internet access behaviors is high.
In order to solve the problem of high cost of internet behavior management, in the prior art, a server with an internet behavior management function is arranged at an internet entrance, the server includes an internet behavior management mirror image instance created for each branch network, and after receiving traffic data sent by each branch network, the server can execute internet behavior management actions aiming at the corresponding traffic data.
However, since all the traffic data of the branch networks need to be directed to the server, the load of the network bandwidth is greatly increased, and the traffic volume borne by the server is also greatly increased.
Disclosure of Invention
The invention provides a management method, a system storage medium and equipment for internet surfing behavior, which are used for reducing the occupation of data transmission on network bandwidth and reducing the service volume born by a server.
In order to achieve the purpose, the invention adopts the following technical scheme:
in a first aspect, a method for managing an internet behavior is provided, and is applied to a Customer Premises Equipment (CPE) in an internet behavior management system, where the internet behavior management system includes a server and a plurality of CPEs; each CPE stores a first filtering strategy, and the server stores a second filtering strategy; the method comprises the following steps: receiving original request messages sent by a plurality of clients; filtering the original request message according to a first filtering strategy to obtain an intermediate request message which accords with the first filtering strategy; and sending the intermediate request message to the server, so that the server filters the intermediate request message based on the second filtering strategy to obtain a target request message according with the second filtering strategy, and sending the target request message to the network side equipment.
In a possible implementation manner, the internet behavior management system further includes a policy management device; the method further comprises the following steps: and receiving a filtering strategy sent by the strategy management equipment, and determining the received filtering strategy as a first filtering strategy. Therefore, the first filtering strategy can be configured at the CPE side, and the filtering of the original request message at the CPE side is realized.
In a possible implementation manner, the internet access behavior management system further includes a policy management device and a plurality of gateway devices; sending the intermediate request message to the server includes: sending an intermediate request message to a target gateway device in the plurality of gateway devices, so that the target gateway device forwards the intermediate request message to a server; the target gateway device is defined for the policy management device based on the SD-WAN network protocol. Therefore, the flow guiding of the internet data request message is completed in the SD-WAN network, a flow guiding tunnel is not required to be specially built, and the management cost of internet behavior is reduced.
In a second aspect, a method for managing an internet behavior is provided, which is applied to a server in an internet behavior management system, where the internet behavior management system further includes a plurality of Customer Premise Equipment (CPE); each CPE stores a first filtering strategy, and the server stores a second filtering strategy; the method comprises the following steps: receiving an intermediate request message sent by each CPE; the intermediate request message is obtained by filtering original request messages sent by a plurality of clients by each CPE according to a first filtering strategy; and filtering the intermediate request message according to the second filtering strategy to obtain a target request message according with the second filtering strategy, and sending the target request message to the network side equipment.
In a possible implementation manner, the internet behavior management system further includes a policy management device, and the method further includes: and receiving the filtering strategy sent by the strategy management equipment, and determining the received filtering strategy as a second filtering strategy. In this way, the first filtering strategy can be configured on the server side, and the filtering of the intermediate request message on the server side is realized.
In one possible implementation, the sum of the route lengths between the server and each CPE is less than a preset length. Namely, the server is deployed near the gateway equipment of the SD-WAN network, and the traffic does not need to be scheduled in a large range.
In a possible implementation manner, the internet access behavior management system further includes a policy management device, where the filtering the intermediate request packet according to the second filtering policy to obtain the target request packet according with the second filtering policy includes: utilizing the target allocation resources, and filtering the intermediate request message according to a second filtering strategy to obtain a target request message which accords with the second filtering strategy; the target allocation resource is a resource which is allocated to each CPE in advance by the policy management equipment. Thereby, the flow load balance can be carried out, and the dynamic capacity expansion of the processing capacity of the user internet behavior can be realized
In a third aspect, a device for managing an internet behavior is provided, which is applied to a Customer Premise Equipment (CPE) in an internet behavior management system, where the internet behavior management system includes a server and a plurality of CPEs; each CPE stores a first filtering strategy, and the server stores a second filtering strategy; the management device includes: the device comprises a receiving unit, a filtering unit and a sending unit. The receiving unit is used for receiving original request messages sent by a plurality of clients; the filtering unit is used for filtering the original request message according to a first filtering strategy to obtain an intermediate request message which accords with the first filtering strategy; and the sending unit is used for sending the intermediate request message to the server, so that the server filters the intermediate request message based on the second filtering strategy to obtain a target request message according with the second filtering strategy, and sends the target request message to the network side equipment.
In a possible implementation manner, the internet behavior management system further includes a policy management device; the management device further includes: a determination unit. And the receiving unit is also used for receiving the filtering strategy sent by the strategy management equipment. A determining unit, configured to determine the received filtering policy as a first filtering policy.
In a possible implementation manner, the internet access behavior management system further includes a policy management device and a plurality of gateway devices; a sending unit, configured to send an intermediate request packet to a target gateway device among the multiple gateway devices, so that the target gateway device forwards the intermediate request packet to the server; the target gateway device is defined for the policy management device based on the SD-WAN network protocol.
In a fourth aspect, a management apparatus for internet access behavior is provided, which is applied to a server in an internet access behavior management system, where the internet access behavior management system further includes a plurality of Customer Premise Equipment (CPE); each CPE stores a first filtering strategy, and the server stores a second filtering strategy; the management device includes: a receiving unit, a filtering unit and a sending unit. And the receiving unit is used for receiving the intermediate request message sent by each CPE. The intermediate request message is obtained by filtering the original request messages sent by the multiple clients by each CPE according to a first filtering strategy. And the filtering unit is used for filtering the intermediate request message according to the second filtering strategy to obtain a target request message which accords with the second filtering strategy. And the sending unit is used for sending the target request message to the network side equipment.
In a possible implementation manner, the internet behavior management system further includes a policy management device; the management device further includes: a determination unit. And the determining unit is used for receiving the filtering strategy sent by the strategy management equipment and determining the received filtering strategy as a second filtering strategy.
In one possible implementation, the sum of the route lengths between the server and each CPE is less than a preset length.
In a possible implementation manner, the internet behavior management system further includes a policy management device; the filtering unit is specifically used for filtering the intermediate request message according to a second filtering strategy by using the target distribution resource to obtain a target request message according with the second filtering strategy; the target allocation resource is a resource which is allocated to each CPE in advance by the policy management equipment.
In a fifth aspect, a system for managing internet surfing behavior is provided, which includes: a server and a plurality of customer premises equipments, CPE; each CPE stores a first filtering strategy, and the server stores a second filtering strategy; when the online behavior management system is running, each CPE performs a management method as in the first aspect or the server performs a management method as in the second aspect.
A sixth aspect provides a computer-readable storage medium having stored therein instructions that, when executed, implement the management method of the first or second aspect.
In a seventh aspect, a customer premises equipment, CPE, is provided, comprising: a processor, a memory, and a communication interface; the communication interface is used for communication between the communication device and other equipment or networks; the memory is used to store one or more programs, the one or more programs comprising computer executable instructions, which when run by the CPE, are executed by the processor stored by the memory to cause the CPE to perform the management method as in the first aspect.
In an eighth aspect, there is provided a server comprising: a processor, a memory, and a communication interface; the communication interface is used for communication between the communication device and other equipment or networks; the memory is used for storing one or more programs, the one or more programs comprising computer executable instructions, the processor executing the computer executable instructions stored by the memory when the server is running, so as to cause the server to execute the management method according to the second aspect.
The invention provides a management method of an internet behavior, a system storage medium and equipment, which are applied to Customer Premise Equipment (CPE) in an internet behavior management system. Each CPE stores a first filtering strategy, and the server stores a second filtering strategy. After receiving the original request messages sent by the plurality of clients, the CPE performs preliminary filtering on the original request messages according to a first filtering strategy, thereby filtering out the original request messages which do not conform to the first filtering strategy and obtaining intermediate request messages which conform to the first filtering strategy. And further sending the intermediate request message to the server, so that the server filters the intermediate request message based on the second filtering strategy to obtain a target request message according with the second filtering strategy, and sending the target request message to the network side equipment. Therefore, the invention filters the original request message which does not conform to the first filtering strategy at the CPE side according to the first filtering strategy, thereby reducing the quantity of the original request message sent by the CPE to the server and realizing the reduction of the occupation of the network bandwidth by data transmission. The CPE sends an intermediate request message which accords with the first filtering strategy to the server. Correspondingly, the server filters the intermediate request message based on the second filtering strategy, namely, the data traffic volume needing to be filtered by the server is reduced, so that the traffic volume born by the server can be reduced.
Drawings
Fig. 1 is a schematic structural diagram of an internet behavior management system according to an embodiment of the present invention;
fig. 2 is a second schematic structural diagram of an internet behavior management system according to an embodiment of the present invention;
fig. 3 is a flowchart of a method for managing an internet access behavior according to an embodiment of the present invention;
fig. 4 is a second flowchart of a method for managing an internet access behavior according to an embodiment of the present invention;
fig. 5 is a third schematic flow chart of a method for managing an internet access behavior according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of a management apparatus for internet surfing provided in an embodiment of the present invention;
fig. 7 is a schematic structural diagram of another management apparatus for internet surfing behavior according to an embodiment of the present invention;
fig. 8 is a schematic structural diagram of a server according to an embodiment of the present invention;
fig. 9 is a second schematic structural diagram of a server according to an embodiment of the present invention.
Detailed Description
Before describing embodiments of the present invention, the noun terms to which embodiments of the present invention relate are explained:
wide area software defined network SD-WAN (software defined wide area network, SDN): the method is a service formed by applying Software Defined Network (SDN) technology to a Wide Area Network (WAN) scene. SD-WANs can be used to connect wide-area, geographic-wide enterprise networks, data centers, internet applications, and cloud services, with the aim of helping users reduce the expense of wide-area networks and improve network connectivity flexibility.
The objective of the SD-WAN is to realize flexible networking of enterprises by using a virtualization technology, an application-level policy and Overlay (Overlay) network, and Customer Premise Equipment (CPE) devices at the edge.
And (3) internet behavior management: the internet behavior management means that the internet users are helped to control and manage the use of the internet. The method comprises the steps of webpage access filtering, network application control, bandwidth flow management, information transceiving audit and user behavior analysis. For example, the illegal and bad websites are filtered to avoid legal risks, malicious webpages are filtered to guarantee safety, and the websites which affect the working efficiency, such as games and shopping, are filtered. For another example, the internet access behavior of the intranet user is recorded and can be checked; and recording intranet security events to help an administrator discover security threats.
In a certain application scenario, the behavior of the user accessing the internet needs to be monitored and controlled, and the management of the internet surfing behavior of the user is realized. The traditional internet behavior management function is usually integrated in the internet behavior management device, and the internet behavior management device is deployed at the exit of each branch network to realize internet behavior management and audit. Because an internet behavior management device needs to be configured for each branch network, the cost of internet behavior management is high. In order to solve the problem of high cost of internet behavior management, in the prior art, a corresponding internet behavior management mirror image instance is created for each branch network in a cloud platform server, and then internet behavior management is performed on a plurality of branch networks on the cloud platform server. Thus, traffic data of multiple branch networks needs to be directed to the cloud platform, which increases the burden of network bandwidth. Correspondingly, the cloud platform server needs to process all the traffic data of the plurality of branch networks, so that the traffic born by the cloud platform server is greatly increased.
In view of this, an embodiment of the present invention provides a method for managing an internet behavior, which is applied to a customer premise equipment CPE in an internet behavior management system, where the internet behavior management system includes a server and a plurality of CPEs; each CPE stores a first filtering strategy, and the server stores a second filtering strategy; the method comprises the following steps: receiving original request messages sent by a plurality of clients; filtering the original request message according to a first filtering strategy to obtain an intermediate request message which accords with the first filtering strategy; and sending the intermediate request message to the server, so that the server filters the intermediate request message based on the second filtering strategy to obtain a target request message according with the second filtering strategy, and sending the target request message to the network side equipment.
According to the invention, the original request message which does not conform to the first filtering strategy is filtered out at the CPE side according to the first filtering strategy, so that the quantity of the original request message sent by the CPE to the server is reduced, and the occupation of data transmission on network bandwidth is reduced. The CPE sends an intermediate request message which accords with the first filtering strategy to the server. Correspondingly, the server filters the intermediate request message based on the second filtering strategy, namely, the data traffic required to be filtered by the server is reduced, so that the traffic born by the cloud platform can be reduced.
Embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
The system architecture and the service scenario described in the embodiment of the present invention are for more clearly illustrating the technical solution of the embodiment of the present invention, and do not form a limitation on the technical solution provided in the embodiment of the present invention, and it can be known by those skilled in the art that the technical solution provided in the embodiment of the present invention is also applicable to similar technical problems along with the evolution of the network architecture and the appearance of a new service scenario.
Fig. 1 is a schematic structural diagram of an internet behavior management system 10 applied in an embodiment of the present invention. As shown in fig. 1, the internet behavior management system may include a secure resource pool 110, a network-side device 120, and a plurality of CPEs (e.g., CPE1, CPE2 in fig. 1), and a plurality of customer networks (e.g., customer network 1, customer network 2 in fig. 1). The secure resource pool 110 is connected to a plurality of CPEs. The CPE is connected to the customer network (e.g., CPE1 is connected to customer network 1 in fig. 1). The CPE and the user network may be connected in a wired manner or in a wireless manner, which is not limited in the embodiment of the present invention.
And the CPE receives the internet surfing data request message of the user network and carries out internet surfing behavior management on the internet surfing data request message according to the internet surfing behavior management strategy at the CPE side.
The secure resource pool 110 receives intermediate request messages sent by a plurality of CPEs and conforming to the internet access behavior management policy of the CPE side, and manages the internet access behavior of the intermediate request messages according to the internet access behavior policy of the server side. The secure resource pool 110 sends an intermediate request message conforming to the server-side internet behavior policy to the network-side device 120.
In an actual application scenario, as shown in fig. 2, the internet behavior management system specifically includes: a security capability management platform 130, an SD-WAN unified management platform 140, a gateway device 150, a secure resource pool 110, a network side device 120, a plurality of CPEs (e.g., CPE1, CPE2 in fig. 1), and a plurality of customer networks (e.g., customer network 1, customer network 2 in fig. 1). The SD-WAN unified management platform 140 is connected to the gateway device 150. The SD-WAN unified management platform 140 may be connected with the CPEs of the plurality of networks through the gateway device 150. For example, the SD-WAN unified management platform 140 is connected with the CPE1 through the gateway device 150. The SD-WAN unified management platform 140 is connected to the CPE2 through the gateway device 150. The SD-WAN unified management platform 140 can also be connected with a plurality of CPEs. For example, the SD-WAN unified management platform 140 is connected with the CPE 1. The security capability management platform 130 is connected with the SD-WAN unified management platform 140. The security capability management platform 130 is connected to the secure resource pool 110. The secure resource pool 110 is connected to the network-side device 120.
The secure resource pool 110 includes a plurality of servers. The server processes the internet access data request message sent by the CPE.
The security capability management device 130 may receive internet behavior management request information (also referred to as an order) from the user network, where the request information is used to request configuration of an internet behavior policy of the user network, allocate an internet behavior management resource for the user network, and send a server-side internet behavior management policy (a second filtering policy, which is described below) to the security resource pool 110. The security capability management device 130 also sends a CPE-side internet access behavior management policy (a first filtering policy described below) to the SD-WAN unified management platform 140.
In one example, the user network 1 sends the internet behavior management request message to the security capability management apparatus 130 through the CPE 1. The internet behavior management request information includes information such as an Internet Protocol (IP) address, a port number, an internet behavior management policy, and an internet behavior management resource of the user network. The security capability management device 130 configures an internet behavior engine in the security resource pool 110 according to the internet behavior management resource, and starts the internet behavior engine. The security capability management device 130 splits the internet behavior management policy into an internet behavior policy on the server side and an internet behavior management policy on the CPE side according to the splitting policy (which is stored in the security capability management device 130 by the operation and maintenance staff in advance). Further, the security capability management device 130 issues the server-side internet behavior policy to the internet behavior engine in the security resource pool 110, and issues the CPE1 with the CPE-side internet behavior management policy through the SD-WAN unified management platform 120. Finally, the security capability management device 130 feeds back the result of the internet access behavior policy of the server side to the SD-WAN unified management platform 140.
For example, the security capability management device 130 generates an internet behavior management policy on the CPE side according to a web filtering policy and an application control policy in the internet behavior management policy, and generates an internet behavior management policy on the server side according to user authentication, traffic management, behavior audit and other policies in the internet behavior management policy.
The SD-WAN unified management platform 140 may be configured to send the CPE side internet behavior management policy to the CPE.
In one example, the SD-WAN unified management platform 140 may be configured to send the CPE side internet behavior management policy to the CPE 1. Correspondingly, after the CPE1 receives and configures the internet access behavior management policy on the CPE side, the CPE1 feeds back a successful configuration result to the SD-WAN unified management platform 140.
The gateway device 150 is configured to receive the network configuration information of the traffic flow delivered by the SD-WAN unified management platform 140.
In one example, the gateway device 150 receives the traffic-directed network configuration information sent by the SD-WAN unified management platform 140. Accordingly, the SD-WAN unified management platform 140 obtains the network configuration information from the CPE1 to the secure resource pool, and further, sends the network configuration information to the gateway device 150.
It should be noted that, in the embodiment of the present invention, the security capability management platform 130 and the SD-WAN unified management platform 140 may be integrated in the same device. For example, the security capability management device 130 and the SD-WAN unified management platform 140 may be integrated in the same server. Thus, the maintenance and management of the equipment can be facilitated.
It should be noted that fig. 1 and 2 are exemplary drawings, and the number of devices shown in fig. 1 and 2 is not limited. And the communication system shown in fig. 1 and 2 may include other devices in addition to the devices shown in fig. 1 and 2, without limitation.
In order to facilitate clear description of technical solutions of the embodiments of the present invention, in the embodiments of the present invention, terms such as "first" and "second" are used to distinguish the same items or similar items having substantially the same functions and actions. For example, the first filtering policy and the second filtering policy are only for distinguishing different indication information, and the sequence order thereof is not limited. Those skilled in the art will appreciate that the terms "first," "second," etc. do not denote any order or quantity, nor do the terms "first," "second," etc. denote any order or importance.
It is to be understood that the terms "exemplary" or "such as" are used herein to mean serving as an example, instance, or illustration. Any embodiment or design described herein as "exemplary" or "e.g.," is not necessarily to be construed as preferred or advantageous over other embodiments or designs. Rather, use of the word "exemplary" or "such as" is intended to present concepts related in a concrete fashion.
In the present invention, "at least one" means one or more, "a plurality" means two or more. "and/or" describes the association relationship of the associated objects, meaning that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone, wherein A and B can be singular or plural. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. "at least one of the following" or similar expressions refer to any combination of these items, including any combination of the singular or plural items. For example, at least one (one) of a, b, or c, may represent: a, b, c, a-b, a-c, b-c, or a-b-c, wherein a, b, c may be single or multiple.
The method for managing the internet surfing behavior provided by the embodiment of the invention is described below with reference to the internet surfing behavior management system shown in fig. 1. In addition, the actions, terms, and the like related to the embodiments of the present invention may be mutually referred to, and are not limited. In the embodiment of the present invention, the name of the message interacted among the devices or the name of the parameter in the message, etc. are only an example, and other names may also be used in the specific implementation, which is not limited. The actions related to the embodiments of the present invention are only an example, and other names may also be used in the specific implementation, for example: the term "comprising" in the embodiments of the present invention may also be replaced by "carrying" or the like.
Fig. 3 is a management method for an internet behavior according to an embodiment of the present invention, where the management method is applied to a CPE in an internet behavior management system, where the internet behavior management system includes a server and a plurality of CPEs; each CPE stores a first filtering policy and the server stores a second filtering policy, as shown in fig. 3, the method includes the following S201-S205.
S201, the CPE receives original request messages sent by a plurality of clients.
The CPE is connected with a plurality of clients, and the clients are clients in the same user network. The original request message may be an internet data request message.
Wherein, the CPE may be any one of the plurality of CPEs in fig. 1. The user network may be any user network in fig. 1, for example, the user network 1, the user network 2, or the user network 2, without limitation.
In one possible implementation, a plurality of clients send internet data request messages to the CPE. Correspondingly, the CPE receives a plurality of internet access data request messages sent by a plurality of clients.
The internet data request message may include an identifier (e.g., an Internet Protocol (IP) address) of the client, a request method field, a Uniform Resource Locator (URL) field, a browser type for generating the request, and a request method (e.g., GET, POST).
S202, the CPE filters the original request message according to the first filtering strategy to obtain an intermediate request message which accords with the first filtering strategy.
In one possible implementation manner, the CPE filters the plurality of internet access data request messages according to a preset first filtering policy to obtain the internet access data request messages meeting the first filtering policy.
Illustratively, the first filtering policy includes a web page filtering policy and an application control policy. The webpage filtering strategy filters the internet access data request messages related to games, shopping and the like, and the application control strategy filters the internet access data request messages related to chatting, stock-frying, games, online videos and the like. The CPE receives 10 internet data request messages. Wherein, 2 internet data request messages are data messages requesting shopping web pages, and 1 internet data request message is a data message requesting game web pages. And the CPE filters the received 10-network-surfing data request message according to a preset webpage filtering strategy and an application control strategy. Further, the CPE determines that 7 internet data request messages of the 10 internet data request messages conform to the first filtering policy.
It should be noted that the first filtering policy may be a Media Access Control (MAC) address and an IP address field set to allow external connection, or may be an Access Control List (ACL) control policy including information such as a destination IP, a destination port, a protocol type, and a time field set for a packet, and is not limited.
S203, the CPE sends the intermediate request message to the server, so that the server filters the intermediate request message based on the second filtering strategy to obtain a target request message which accords with the second filtering strategy, and sends the target request message to the network side equipment.
In a possible implementation manner, the CPE sends the encrypted intermediate request packet to the server through the gateway device, so that the server filters the intermediate request packet based on the second filtering policy to obtain a target request packet conforming to the second filtering policy, and sends the target request packet to the network side device.
Correspondingly, the server receives the intermediate request message sent by each CPE.
The intermediate request message is obtained by filtering original request messages sent by a plurality of clients by each CPE according to a first filtering strategy.
S204, the server filters the intermediate request message according to the second filtering strategy to obtain a target request message which accords with the second filtering strategy.
In a possible implementation manner, after receiving the intermediate request message sent by each CPE, the server obtains, according to the identification information in the intermediate request message, the second filtering policy corresponding to the CPE. And then, the server filters the intermediate request message according to the second filtering strategy to obtain a target request message which accords with the second filtering strategy.
Specifically, a plurality of internet behavior engines are arranged in the server, and each CPE corresponds to at least one internet behavior engine. And a second filtering strategy is configured in the internet behavior engine. The second filtering strategy is an online behavior filtering strategy of the CPE corresponding to the online behavior engine. After the server receives the intermediate request message sent by the CPE, the server determines an internet behavior engine corresponding to the CPE according to the IP in the intermediate request message. Further, the internet behavior engine audits the intermediate request message sent by the CPE according to a second filtering strategy.
Illustratively, the second filtering policy is user authentication, traffic management, behavior audit and the like. Such as web access auditing, mail auditing, outgoing file auditing, multi-level parent-child paths, dynamic flow control, and local username-password authentication.
For example, the internet behavior engine a needs to perform internet behavior management for 7 internet data request messages sent by the CPE 1. And the internet behavior engine A manages and audits the internet behaviors of the 7 internet data request messages according to a second filtering strategy, and confirms that the 5 internet data request messages accord with the second filtering strategy.
It should be noted that the second filtering policy may also be a multi-level parent-child channel, a dynamic flow control policy, a peer-to-peer (P2P) intelligent flow control policy, a flow control blacklist, and the like, which is not limited.
S205, the server sends the target request message to the network side equipment.
The invention provides a management method of an internet behavior, a system storage medium and equipment, which are applied to Customer Premise Equipment (CPE) in an internet behavior management system. Each CPE stores a first filtering strategy, and the server stores a second filtering strategy. After receiving the original request messages sent by the plurality of clients, the CPE performs preliminary filtering on the original request messages according to a first filtering strategy, thereby filtering out the original request messages which do not conform to the first filtering strategy and obtaining intermediate request messages which conform to the first filtering strategy. And further sending the intermediate request message to the server, so that the server filters the intermediate request message based on the second filtering strategy to obtain a target request message according with the second filtering strategy, and sending the target request message to the network side equipment. Therefore, the invention filters the original request message which does not conform to the first filtering strategy at the CPE side according to the first filtering strategy, thereby reducing the quantity of the original request message sent by the CPE to the server and realizing the reduction of the occupation of the network bandwidth by data transmission. The CPE sends an intermediate request message which accords with the first filtering strategy to the server. Correspondingly, the server filters the intermediate request message based on the second filtering strategy, namely, the data traffic volume needing to be filtered by the server is reduced, so that the traffic volume born by the server can be reduced.
In one design, in order to set a corresponding filtering policy in each CPE, the internet access behavior management system provided in the embodiment of the present invention further includes a policy management device, as shown in fig. 4, and the management method for internet access behavior provided in the embodiment of the present invention further includes the following steps S206 to S207.
S206, the CPE receives the filtering strategy sent by the strategy management equipment.
The policy management device may be a network element or a network device in fig. 2, which integrates the security capability management device 110 and the SD-WAN unified management platform 120.
It should be noted that, before the CPE receives the filtering policy sent by the policy management device, the user network first sends the internet access behavior management policy to the policy management device through the CPE. And the strategy management equipment generates a filtering strategy sent to the CPE according to the preset conditions and the internet access behavior management strategy and sends the filtering strategy to the CPE.
S207, the CPE determines the received filtering strategy as a first filtering strategy.
In one possible implementation manner, after receiving the filtering policy, the CPE determines that the filtering policy is an internet access behavior management policy, and sets the filtering policy as a first filtering policy.
Subsequently, if the CPE successfully configures the first filtering policy, the CPE sends a message of successful configuration to the policy management device. If the CPE fails to configure the first filtering strategy, the CPE sends a configuration failure message to the strategy management equipment.
Specifically, the CPE sends a message of success or failure of policy configuration to the SD-WAN unified management platform.
In one design, in order to reduce the management cost of the internet access behavior, the internet access behavior management system provided by the embodiment of the invention further comprises a policy management device and a plurality of gateway devices; wherein each gateway device is connected with one or more CPEs. In this case, S203 provided in the embodiment of the present invention specifically includes S2031 described below.
S2031, the CPE sends an intermediate request packet to a target gateway device among the plurality of gateway devices, so that the target gateway device forwards the intermediate request packet to the server.
The target gateway device is defined by the policy management device based on an SD-WAN network protocol. And the gateway equipment directly connected with the CPE in the plurality of gateway equipment is SD-WAN gateway equipment.
In one possible implementation, the CPE encrypts the intermediate request file and sends the encrypted intermediate request message to the server through the target gateway device.
It can be understood that the technical scheme of the invention is to build an enterprise wide area network by means of SD-WAN. And the SD-WAN gateway equipment and the CPE are both equipment under an SD-WAN unified management platform. And the SD-WAN unified management platform forwards network configuration information of flow drainage to the SD-WAN gateway equipment. The network configuration information is node information of the gateway device required by the CPE to the server. Therefore, the method and the device complete the flow guidance of the request message of the data on the Internet in the SD-WAN network, do not need to specially build a flow guidance tunnel, and reduce the management cost of the behavior of the Internet.
In a design, a filtering policy on a server side is set, and in the management method of the internet behavior provided in the embodiment of the present invention, the internet behavior management system further includes a policy management device, as shown in fig. 5, and further includes the following steps S208 to S209.
S208, the server receives the filtering strategy sent by the strategy management device.
S209, the server determines the received filtering strategy as a second filtering strategy.
In a possible implementation manner, after receiving the filtering policy, the server determines that the filtering policy is an internet access behavior management policy, and sets the filtering policy as a second filtering policy.
Specifically, the internet behavior engine in the server receives the filtering policy sent by the policy management device, and sets the filtering policy as the second filtering policy if the filtering policy is determined to be the internet behavior management policy. And subsequently, the security capability management platform sends the filtering strategy configuration result of the server side to the SD-WAN unified management platform. For example, the security capability management platform sends the filtering policy configuration success of the server side to the SD-WAN unified management platform.
It should be noted that, before the server receives the filtering policy sent by the policy management device, the user network first sends the internet access behavior management policy to the policy management device through the CPE. And the strategy management equipment generates a filtering strategy sent to the server side according to the preset conditions and the internet access behavior management strategy and sends the filtering strategy to the server.
In one design, in order to narrow the range of traffic scheduling, in the method for managing an internet access behavior provided in the embodiment of the present invention, the sum of the routing lengths between the server and each CPE is smaller than a preset length.
It can be understood that the server is deployed near the gateway device of the SD-WAN network in the embodiment of the present invention. That is, on the network link, the transmission path from the CPE to the server is shorter than the preset length, so that the traffic does not need to be scheduled in a large range.
In a design, in order to perform traffic load balancing and implement dynamic capacity expansion of the processing capability of the user internet behavior, in the management method for the internet behavior provided in the embodiment of the present invention, the step S205 specifically includes the following step S2051.
S2051, the server filters the intermediate request message according to the second filtering strategy by using the target distribution resource to obtain a target request message according with the second filtering strategy.
The target allocation resource is a resource which is allocated to each CPE in advance by the policy management equipment.
It should be noted that, before the server receives the filtering policy sent by the policy management device, the user network first sends the required internet behavior management resource to the policy management device through the CPE. The strategy management equipment manages resources according to the internet behavior required by the CPE, and configures corresponding internet behavior management resources for the CPE in the server.
In one possible implementation, the intermediate request packet is load-balanced to the resources allocated to each CPE by the SDN switch. And filtering the intermediate request message by the resource distributed by each CPE according to the second filtering strategy to obtain a target request message which accords with the second filtering strategy.
Specifically, the network data request message is load balanced to the network behavior engine through the SDN switch. Therefore, the user network needs to increase the processing capacity of the internet behavior, and only a newly added engine is classified into a user engine sequence, so that the user service is not influenced.
It can be understood that, in the embodiment of the present invention, an SDN switch is introduced, and through a programmable interface, a balance processing of a traffic load and a service sequence arrangement of various security capabilities (internet behavior, firewall, log audit, etc.) are realized, and a high degree of personalization and a high speed and convenience are realized for load logic and arrangement. Therefore, the flow load is balanced, and the dynamic capacity expansion of the processing capacity of the user internet behavior is realized.
The scheme provided by the embodiment of the invention is mainly introduced from the perspective of a method. To implement the above functions, it includes hardware structures and/or software modules for performing the respective functions. Those of skill in the art will readily appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as hardware or combinations of hardware and computer software. Whether a function is performed as hardware or computer software drives hardware depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present embodiments.
In the embodiment of the present invention, the device may be divided into functional modules according to the method example, for example, each functional module may be divided corresponding to each function, or two or more functions may be integrated into one processing module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. Optionally, the division of the modules in the embodiment of the present invention is schematic, and is only a logic function division, and there may be another division manner in actual implementation.
Fig. 6 is a schematic structural diagram of a device for managing an internet surfing behavior according to an embodiment of the present invention. As shown in fig. 6, the management apparatus 30 may be located in the CPE described above. The method comprises the following steps: a receiving unit 301, a filtering unit 302 and a transmitting unit 303.
A receiving unit 301, configured to receive original request packets sent by multiple clients. For example, as shown in fig. 3, the receiving unit 301 may be configured to perform S201.
The filtering unit 302 is configured to filter the original request packet according to the first filtering policy to obtain an intermediate request packet meeting the first filtering policy. For example, as shown in fig. 3, the receiving unit 301 may be configured to perform S202.
A sending unit 303, configured to send the intermediate request packet to the server, so that the server filters the intermediate request packet based on the second filtering policy, obtains a target request packet that meets the second filtering policy, and sends the target request packet to the network side device. For example, as shown in fig. 3, the transmitting unit 303 may be configured to execute S203.
Optionally, as shown in fig. 6, the management device 30 in the embodiment of the present invention further includes: a validation unit 304.
The receiving unit 301 is configured to receive the filtering policy sent by the policy management device. For example, as shown in fig. 4, the receiving unit 301 may be configured to perform S206.
A confirming unit 304, configured to determine the received filtering policy as the first filtering policy. For example, as shown in fig. 4, the validation unit 304 may be configured to perform S207.
Optionally, the sending unit 303 is specifically configured to send an intermediate request packet to a target gateway device in the multiple gateway devices, so that the target gateway device forwards the intermediate request packet to the server; the target gateway device is defined for the policy management device based on the SD-WAN network protocol. For example, the transmitting unit 303 may be configured to execute S2031.
Fig. 7 is a schematic structural diagram of a device for managing an internet surfing behavior according to an embodiment of the present invention. As shown in fig. 6, the management apparatus 40 may be located in the server described above. The method comprises the following steps: a receiving unit 401, a filtering unit 402 and a transmitting unit 403.
A receiving unit 401, configured to receive an intermediate request message sent by each CPE; the intermediate request message is obtained by filtering the original request messages sent by the multiple clients by each CPE according to a first filtering strategy.
A filtering unit 402, configured to filter the intermediate request packet according to the second filtering policy, obtain a target request packet meeting the second filtering policy, and send the target request packet to the network side device. For example, as shown in fig. 4, filtering unit 402 may be used to perform S204.
The sending unit 403 is configured to send a target request packet to a network side device. For example, as shown in fig. 4, filtering unit 402 may be used to perform S205.
Optionally, as shown in fig. 7, the management apparatus 40 in the embodiment of the present invention further includes: a validation unit 404.
The receiving unit 401 is configured to receive the filtering policy sent by the policy management device.
A confirming unit 404, configured to determine the received filtering policy as the second filtering policy.
Optionally, the sum of the routing lengths between the server and each CPE is less than a preset length.
Optionally, as shown in fig. 7, the filtering unit 402 is specifically configured to filter the intermediate request packet according to the second filtering policy by using the target allocation resource, so as to obtain a target request packet meeting the second filtering policy; the target allocation resource is a resource which is allocated to each CPE in advance by the policy management equipment. For example, the filtering unit 402 may be used to perform S2051.
In the case of implementing the functions of the integrated modules in the form of hardware, the embodiment of the present invention provides a possible structural schematic diagram of the server involved in the above embodiments. As shown in fig. 8, the server 50 includes a processor 501, a memory 502, and a bus 503. The processor 501 and the memory 502 may be connected by a bus 503.
The processor 501 is a control center of the communication apparatus, and may be a single processor or a collective term for a plurality of processing elements. For example, the processor 501 may be a Central Processing Unit (CPU), other general-purpose processors, or the like. Wherein a general purpose processor may be a microprocessor or any conventional processor or the like.
For one embodiment, processor 501 may include one or more CPUs, such as CPU 0 and CPU 1 shown in FIG. 8.
The memory 502 may be, but is not limited to, a read-only memory (ROM) or other type of static storage device that may store static information and instructions, a Random Access Memory (RAM) or other type of dynamic storage device that may store information and instructions, an electrically erasable programmable read-only memory (EEPROM), a magnetic disk storage medium or other magnetic storage device, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer.
As a possible implementation, the memory 502 may be present separately from the processor 501, and the memory 502 may be connected to the processor 501 via a bus 503 for storing instructions or program code. The sensor determination method provided by the embodiments of the present invention can be implemented when the processor 501 calls and executes instructions or program codes stored in the memory 502.
In another possible implementation, the memory 502 may also be integrated with the processor 501.
The bus 503 may be an Industry Standard Architecture (ISA) bus, a Peripheral Component Interconnect (PCI) bus, an Extended ISA (EISA) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 8, but this is not intended to represent only one bus or type of bus.
It is to be noted that the configuration shown in fig. 8 does not constitute a limitation of the server 50. In addition to the components shown in FIG. 8, the server 50 may include more or fewer components than shown, or some components may be combined, or a different arrangement of components.
As an example, in connection with fig. 6, the determining unit 304 and the filtering unit 302 in the determining apparatus 30 implement the same functions as the processor 501 in fig. 8.
Optionally, the server 50 provided in the embodiment of the present invention may further include a communication interface 505.
A communication interface 505 for connecting with other devices through a communication network. The communication network may be an ethernet network, a radio access network, a Wireless Local Area Network (WLAN), etc. The communication interface 505 may comprise a receiving unit for receiving data and a transmitting unit for transmitting data.
In one design, in the server provided in the embodiment of the present invention, the communication interface may be further integrated in the processor.
Fig. 9 shows another hardware configuration of the server in the embodiment of the present invention. As shown in fig. 9, server 60 may include a processor 601 and a communication interface 602. Processor 601 is coupled to a communication interface 602.
The functions of the processor 601 may refer to the description of the processor 501 above. The processor 601 also has a memory function, and the function of the memory 502 can be referred to.
The communication interface 602 is used to provide data to the processor 601. The communication interface 602 may be an internal interface of the communication device, or may be an external interface of the communication device.
It should be noted that the configuration shown in fig. 9 does not constitute a limitation on the server 60, and that the server 60 may include more or less components than those shown in fig. 9, or combine some components, or a different arrangement of components than those shown in fig. 9.
Meanwhile, the schematic diagram of the hardware structure of the CPE according to the embodiment of the present invention may also refer to the description of the server in fig. 8 or fig. 9, which is not described herein again.
Through the above description of the embodiments, it is clear for a person skilled in the art that, for convenience and simplicity of description, only the division of the above functional units is illustrated. In practical applications, the above function allocation can be performed by different functional units according to needs, that is, the internal structure of the device is divided into different functional units to perform all or part of the above described functions. For the specific working processes of the system, the apparatus and the unit described above, reference may be made to the corresponding processes in the foregoing method embodiments, and details are not described here again.
An embodiment of the present invention further provides a system for managing an internet behavior, where the system includes: a server and a plurality of customer premises equipments, CPE; each CPE stores a first filtering strategy, and the server stores a second filtering strategy; when the internet behavior management system runs, the internet behavior management system executes each step in the method flow shown in the above method embodiment.
The embodiment of the present invention further provides a computer-readable storage medium, where instructions are stored in the computer-readable storage medium, and when the instructions are executed by a computer, the computer executes each step in the method flow shown in the above method embodiment.
Embodiments of the present invention further provide a computer program product containing instructions, which when executed on a computer, cause the computer to execute the determination method in the above method embodiments.
The computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination thereof. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, and a hard disk. Random Access Memory (RAM), Read-Only Memory (ROM), Erasable Programmable Read-Only Memory (EPROM), registers, a hard disk, an optical fiber, a portable Compact disk Read-Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any other form of computer-readable storage medium, in any suitable combination, or as appropriate in the art. An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium. Of course, the storage medium may also be integral to the processor. The processor and the storage medium may reside in an Application Specific Integrated Circuit (ASIC). In embodiments of the invention, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
Since the server, the user equipment, the computer-readable storage medium, and the computer program product in the embodiments of the present invention may be applied to the method described above, the technical effects obtained by the embodiments of the method may also refer to the embodiments of the method described above, and no further description is given to the embodiments of the present invention.
The above description is only an embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions within the technical scope of the present invention are intended to be covered by the scope of the present invention.
Claims (11)
1. A management method of an internet behavior is characterized in that the management method is applied to Customer Premises Equipment (CPE) in an internet behavior management system, and the internet behavior management system comprises a server and a plurality of CPEs; each CPE stores a first filtering strategy, and the server stores a second filtering strategy; the method comprises the following steps:
receiving original request messages sent by a plurality of clients;
filtering the original request message according to the first filtering strategy to obtain an intermediate request message which accords with the first filtering strategy;
and sending the intermediate request message to the server, so that the server filters the intermediate request message based on the second filtering strategy to obtain a target request message according with the second filtering strategy, and sending the target request message to network side equipment.
2. The management method according to claim 1, wherein the internet behavior management system further comprises a policy management device; the method further comprises the following steps:
and receiving the filtering strategy sent by the strategy management equipment, and determining the received filtering strategy as the first filtering strategy.
3. The management method according to claim 1 or 2, wherein the internet behavior management system further comprises a policy management device and a plurality of gateway devices; the sending the intermediate request message to the server includes:
sending the intermediate request message to a target gateway device in the plurality of gateway devices, so that the target gateway device forwards the intermediate request message to the server; the target gateway device is defined for the policy management device based on an SD-WAN network protocol.
4. A management method of the behavior of surfing the Net, characterized by, apply to the server in the behavior management system of surfing the Net, the behavior management system of said surfing the Net also includes a plurality of customer end equipments CPE; each CPE stores a first filtering strategy, and the server stores a second filtering strategy; the method comprises the following steps:
receiving an intermediate request message sent by each CPE; the intermediate request message is obtained by filtering original request messages sent by a plurality of clients by each CPE according to the first filtering strategy;
and filtering the intermediate request message according to the second filtering strategy to obtain a target request message according with the second filtering strategy, and sending the target request message to network side equipment.
5. The management method according to claim 4, wherein the internet behavior management system further comprises a policy management device; the method further comprises the following steps:
and receiving the filtering strategy sent by the strategy management equipment, and determining the received filtering strategy as the second filtering strategy.
6. The management method according to claim 4, wherein the sum of the lengths of the routes between the server and each CPE is less than a preset length.
7. The management method according to any one of claims 4 to 6, wherein the internet behavior management system further includes a policy management device; the filtering the intermediate request message according to the second filtering strategy to obtain a target request message according with the second filtering strategy includes:
utilizing target allocation resources, and filtering the intermediate request message according to the second filtering strategy to obtain a target request message according with the second filtering strategy; the target allocation resource is a resource which is allocated to each CPE in advance by the policy management equipment.
8. A network behavior management system is characterized by comprising: a server and a plurality of customer premises equipments, CPE; each CPE stores a first filtering strategy, and the server stores a second filtering strategy; when the internet behavior management system is running, each CPE performs the management method according to any one of claims 1 to 3 or the server performs the management method according to any one of claims 4 to 7.
9. A computer-readable storage medium having stored therein instructions that, when executed, implement the management method of any one of claims 1 to 3 or any one of claims 4 to 7.
10. A customer premises equipment, CPE, comprising: a processor, a memory, and a communication interface; wherein, the communication interface is used for the communication device to communicate with other equipment or networks; the memory is used for storing one or more programs, the one or more programs comprising computer executable instructions, which when the CPE is running, the processor executes the computer executable instructions stored by the memory to cause the CPE to perform the management method according to any one of claims 1 to 3.
11. A server, comprising: a processor, a memory, and a communication interface; wherein, the communication interface is used for the communication device to communicate with other equipment or networks; the memory is used for storing one or more programs, the one or more programs comprise computer-executable instructions, and when the server runs, the processor executes the computer-executable instructions stored in the memory to enable the server to execute the management method according to any one of claims 4 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111474024.7A CN114338438B (en) | 2021-12-02 | 2021-12-02 | Internet surfing behavior management method, system storage medium and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111474024.7A CN114338438B (en) | 2021-12-02 | 2021-12-02 | Internet surfing behavior management method, system storage medium and equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114338438A true CN114338438A (en) | 2022-04-12 |
| CN114338438B CN114338438B (en) | 2023-07-28 |
Family
ID=81048918
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111474024.7A Active CN114338438B (en) | 2021-12-02 | 2021-12-02 | Internet surfing behavior management method, system storage medium and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114338438B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101399749A (en) * | 2007-09-27 | 2009-04-01 | 华为技术有限公司 | Method, system and device for packet filtering |
| CN101567848A (en) * | 2009-06-01 | 2009-10-28 | 北京星网锐捷网络技术有限公司 | Safety control method and exchanger |
| US20110289575A1 (en) * | 2010-05-21 | 2011-11-24 | Barracuda Networks, Inc. | Directory authentication method for policy driven web filtering |
| CN102752215A (en) * | 2012-07-16 | 2012-10-24 | 杭州华三通信技术有限公司 | Processing method for VDP (vertical data processing) request messages and edge switch |
| CN102916826A (en) * | 2011-08-01 | 2013-02-06 | 中兴通讯股份有限公司 | Method and device for controlling network access |
| CN212392885U (en) * | 2020-08-10 | 2021-01-22 | 西安创业天下网络科技有限公司 | 5G signal relay amplifier with CPE function |
| CN112491711A (en) * | 2020-11-17 | 2021-03-12 | 上海八彦图信息科技有限公司 | Routing strategy processing method and device for load balancing and electronic equipment |
| CN115119021A (en) * | 2022-06-28 | 2022-09-27 | 北京达佳互联信息技术有限公司 | Data processing method and device, electronic equipment and storage medium |
-
2021
- 2021-12-02 CN CN202111474024.7A patent/CN114338438B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101399749A (en) * | 2007-09-27 | 2009-04-01 | 华为技术有限公司 | Method, system and device for packet filtering |
| CN101567848A (en) * | 2009-06-01 | 2009-10-28 | 北京星网锐捷网络技术有限公司 | Safety control method and exchanger |
| US20110289575A1 (en) * | 2010-05-21 | 2011-11-24 | Barracuda Networks, Inc. | Directory authentication method for policy driven web filtering |
| CN102916826A (en) * | 2011-08-01 | 2013-02-06 | 中兴通讯股份有限公司 | Method and device for controlling network access |
| CN102752215A (en) * | 2012-07-16 | 2012-10-24 | 杭州华三通信技术有限公司 | Processing method for VDP (vertical data processing) request messages and edge switch |
| CN212392885U (en) * | 2020-08-10 | 2021-01-22 | 西安创业天下网络科技有限公司 | 5G signal relay amplifier with CPE function |
| CN112491711A (en) * | 2020-11-17 | 2021-03-12 | 上海八彦图信息科技有限公司 | Routing strategy processing method and device for load balancing and electronic equipment |
| CN115119021A (en) * | 2022-06-28 | 2022-09-27 | 北京达佳互联信息技术有限公司 | Data processing method and device, electronic equipment and storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 柳佳佳: "基于策略的转发系统的设计与实现" * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114338438B (en) | 2023-07-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106161335B (en) | A kind for the treatment of method and apparatus of network packet | |
| CN103650436B (en) | Service path distribution method, router and business perform entity | |
| US9967237B2 (en) | Systems and methods for implementing a layer two tunnel for personalized service functions | |
| CN107666419B (en) | Virtual broadband access method, controller and system | |
| WO2015192563A1 (en) | Method and device for implementing load balancing and load balancing service system | |
| CN109413069B (en) | Application method and device of virtual website firewall based on block chain | |
| CN113037761B (en) | Login request verification method and device, storage medium and electronic equipment | |
| WO2019177988A1 (en) | System and method of providing a controlled interface between devices | |
| CN109474713B (en) | Message forwarding method and device | |
| CN109450905A (en) | Transmit the method and apparatus and system of data | |
| CN112272166A (en) | Traffic processing method, device, equipment and machine readable storage medium | |
| CN116633934A (en) | Load balancing method, device, node and storage medium | |
| CN110830317B (en) | Internet access behavior management system, equipment and method | |
| Jmila et al. | Designing security-aware service requests for NFV-enabled networks | |
| CN102917027A (en) | Method, device and system for accessing webpage chatting room | |
| CN114338438B (en) | Internet surfing behavior management method, system storage medium and equipment | |
| CN113852697B (en) | SDP terminal flow proxy method, device, equipment and storage medium | |
| CN114598698B (en) | Data transmission method and device, electronic equipment and computer storage medium | |
| CN113872933B (en) | Method, system, device, equipment and storage medium for hiding source station | |
| CN110324826B (en) | Intranet access method and related device | |
| CN109962831B (en) | Virtual client terminal device, router, storage medium, and communication method | |
| EP2786551B1 (en) | Discovering data network infrastructure services | |
| CN111953798A (en) | Cross-network communication method, device and system and proxy server | |
| KR101869584B1 (en) | Method and system for cloud-based identity management (c-idm) implementation | |
| US11082502B2 (en) | Policy architecture for cable networks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |