CN115701145A - Traffic management method, device, equipment and computer readable storage medium - Google Patents

Traffic management method, device, equipment and computer readable storage medium Download PDF

Info

Publication number
CN115701145A
CN115701145A CN202111467664.5A CN202111467664A CN115701145A CN 115701145 A CN115701145 A CN 115701145A CN 202111467664 A CN202111467664 A CN 202111467664A CN 115701145 A CN115701145 A CN 115701145A
Authority
CN
China
Prior art keywords
user
authentication
module
broadband access
policy
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111467664.5A
Other languages
Chinese (zh)
Inventor
余舟毅
冯力刚
董继生
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to PCT/CN2022/107616 priority Critical patent/WO2023011233A1/en
Publication of CN115701145A publication Critical patent/CN115701145A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/14Charging, metering or billing arrangements for data wireline or wireless communications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/20Traffic policing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/24Traffic characterised by specific attributes, e.g. priority or QoS
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W28/00Network traffic management; Network resource management
    • H04W28/02Traffic management, e.g. flow control or congestion control
    • H04W28/10Flow control between communication endpoints
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/24Accounting or billing

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application discloses a traffic management method, a traffic management device, traffic management equipment and a computer readable storage medium, and belongs to the technical field of communication. The method applied to the broadband access equipment comprises the following steps: the broadband access device receives authentication, authorization and accounting information and an SA (security, authorization and accounting) strategy sent by an AAA server, wherein the SA strategy is used for indicating a processing mode of the flow of the target service aiming at the first user. And then, the broadband access equipment realizes the access authentication process of the first user according to the authentication authorization charging information and realizes the charging process of the flow of the first user. The method and the device simplify the network architecture for traffic-aware traffic management, and achieve traffic-aware traffic management through a concise network architecture.

Description

Traffic management method, device, equipment and computer readable storage medium
The present application claims priority from chinese patent application No. 202110876943.0 entitled "a broadband network gateway system" filed on 31/07/2021, the entire contents of which are incorporated herein by reference.
Technical Field
The present application relates to the field of communications technologies, and in particular, to a method, an apparatus, a device, and a computer-readable storage medium for traffic management.
Background
With the development of communication technology, the network architecture for traffic management is more and more complex. How to simplify the network architecture, or how to implement traffic management through a compact network architecture, becomes an urgent problem to be solved.
Disclosure of Invention
The application provides a traffic management method, a traffic management device, traffic management equipment and a computer readable storage medium, so as to realize traffic management through a simple network architecture.
In a first aspect, a traffic management method is provided, where the method is applied to a broadband access device, and the method includes:
the broadband access device receives Authentication Authorization Accounting (AAA) information and a Service Awareness (SA) policy sent by an AAA server, where the SA policy is used to indicate a processing mode of a traffic of a target service for a first user. And then, the broadband access equipment realizes the access authentication process of the first user according to the authentication authorization charging information and realizes the charging process of the flow of the first user.
The AAA server in the application can issue authentication authorization accounting information and SA strategy. The broadband access equipment acquires the SA strategy besides the authentication, authorization and accounting information. Therefore, two different servers do not need to be arranged in the network architecture respectively, so that the network architecture for carrying out the traffic-aware traffic management is simplified, and the traffic-aware traffic management is realized through a simple network architecture.
In a possible implementation manner, the broadband access device is further configured to perform a function of the SA foreground module, and the method further includes: and the broadband access equipment processes the flow of the target service from the first user according to the SA strategy. By processing the traffic according to the SA policy, the SA capability is realized in the broadband service, and the quality of the broadband service and the communication experience of the first user are improved. In this case, the Broadband Access device may be a Broadband Access device, such as a conventional Broadband Network Gateway (BNG) device, a Broadband Remote Access Server (BRAS), or a virtual Broadband network gateway (vBNG) system. The broadband access device is also integrated with an SA foreground module to execute the functions of the SA foreground module.
In one possible implementation, the method further includes: the broadband access equipment receives the first message, determines that the first message belongs to a first user, and determines that the first message belongs to a target service;
the broadband access device processes the flow of the target service from the first user according to the SA policy, and the process comprises the following steps: and based on that the first message belongs to the first user and belongs to the target service, the broadband access equipment processes the first message according to the processing mode in the SA strategy.
In a possible implementation manner, the determining, by the broadband access device, that the first packet belongs to the first user includes: the broadband access equipment determines that the first message belongs to the first user based on the source address of the first message. The determination mode is flexible and simple.
In one possible implementation, the method further includes: the broadband access device obtains statistical information of the flow of the target service from the first user. The statistical information can be sent to the SA background device, and the statistical information can be used in the charging process and also in other processes such as data analysis.
In a possible implementation manner, the broadband access device is a vBNG system, where the vBNG system includes a Control Plane (CP) device and a User Plane (UP) device, the CP device is configured to receive an SA policy sent by the AAA server, and the UP device is configured to execute a function of an SA foreground module. At this time, the CP device is configured to execute the function of the SA background module, and the SA policy issued by the AAA server is first sent to the CP device in the vBNG system and then transmitted to the UP device by the CP device. Thus, the method can be integrated with a vBNG system with user plane and control plane separation (CU separation).
In one possible implementation, the method further includes: the CP device sends the SA policy to the UP device through a control plane user plane separated protocol (CUSP).
In a possible implementation manner, the broadband access device is a CP device in a vBNG system, and the method further includes: and the CP equipment sends the SA strategy to the SA foreground equipment, and the SA foreground equipment is used for processing the flow of the target service from the first user according to the SA strategy. At this time, the CP device and the SA background device may be mutually independent devices, and the SA background device may perform other related functions besides issuing the SA policy to the SA foreground, for example, the SA background device receives statistical information of a target service sent by the SA foreground device.
In a possible implementation manner, the sending, by the CP device, the SA policy to the SA foreground device includes: and the CP equipment sends the SA strategy to the SA foreground equipment through the CUSP.
In a possible implementation manner, the SA policy is carried in a Type Length Value (TLV) field of the CUSP packet. By expanding the CUSP, the CUSP can carry the SA strategy.
In a possible implementation manner, the SA policy includes a correspondence between an identifier of a target service and a processing manner, where the identifier of the target service includes at least one of the following: an application layer protocol identification, an application layer protocol group identification, a Uniform Resource Locator (URL) identification, or a URL group identification.
In a possible implementation manner, the receiving, by the broadband access device, the authentication, authorization, accounting information and the SA policy sent by the AAA server includes: the broadband access device receives authentication authorization accounting information and an SA policy sent by an AAA server through a Remote Authentication Dial In User Service (RADIUS) protocol. The AAA server may be a RADIUS server. For example, the RADIUS server may issue the SA policy via the extended RADIUS protocol, the SA policy being included in the extended TLV field.
In a possible implementation manner, the receiving, by the broadband access device, the authentication, authorization, accounting information and the SA policy sent by the AAA server includes: the broadband access device receives the authentication, authorization and accounting information and the SA policy sent by the AAA server through a Policy and Charging Rules Function (PCRF) protocol. The AAA server may be a PCRF server. For example, the PCRF server may issue the SA policy via the extended PCRF protocol, the SA policy being included in the extended TLV field.
In a possible implementation manner, the processing manner of the traffic of the target service for the first user includes performing at least one of the following processes on the traffic: bandwidth control, mirroring or redirection.
In a second aspect, a traffic management method is provided, where the method is applied to an AAA server, and the method includes:
the AAA server sends an SA policy to the target equipment, wherein the SA policy indicates a processing mode of the flow of the target service of the first user.
The AAA server in this application may also issue an SA policy. Therefore, two different servers do not need to be arranged in the network architecture respectively, so that the network architecture for carrying out the traffic-aware traffic management is simplified, and the traffic-aware traffic management is realized through a simple network architecture.
In a possible implementation manner, the target device is a broadband access device, and the method further includes: the AAA server sends authentication authorization accounting information to the broadband access equipment, and the authentication authorization accounting information is used for the broadband access equipment to realize the access authentication process of the first user and the flow accounting process of the first user. At this time, the broadband access device obtains the SA policy information in addition to the authentication, authorization, and accounting information. In this case, the broadband access device may be a broadband access device, such as a conventional BNG device, or a vBNG system.
In one possible implementation, the broadband access device includes a CP device in a vBNG system. At this time, the CP device may further transfer the SA device to the UP device, and the UP device is used to execute the function of the SA foreground module.
In one possible implementation, the target device is an SA background device, and the method further includes: the AAA server sends authentication authorization accounting information to the broadband access equipment, and the authentication authorization accounting information is used for the broadband access equipment to realize the access authentication process of the first user and the flow accounting process of the first user. At this time, the SA background device and the broadband access device may be mutually independent devices, and the AAA server sends the SA policy and the authentication authorization accounting information to the SA background device and the broadband access device, respectively. In this case, the broadband access device may be a broadband access device, such as a conventional BNG device, or a vBNG system.
In one possible implementation, the SA policy and authentication authorization accounting information is sent via the RADIUS protocol.
In one possible implementation, the SA policy and the authentication authorization charging information are sent through a PCRF protocol.
In a possible implementation manner, the processing manner of the traffic of the target service for the first user includes performing at least one of the following processes on the traffic: bandwidth control, mirroring or redirection.
In a third aspect, a traffic management method is provided, where the method is applied to an SA background device, and the method includes:
the SA background equipment receives an SA strategy sent by the AAA server, wherein the SA strategy indicates a processing mode of the flow of the target service of the first user.
In the application, the SA background equipment receives the SA strategy from the AAA server, and the AAA server can issue authentication, authorization and accounting information and also issue the SA strategy. Therefore, two different servers do not need to be arranged in the network architecture respectively, so that the network architecture for carrying out the traffic-aware traffic management is simplified, and the traffic-aware traffic management is realized through a simple network architecture.
In one possible implementation, the method further includes: and the SA background equipment sends the SA strategy to the SA foreground equipment.
In one possible implementation, sending, by the SA background device, the SA policy to the SA foreground device includes: based on a request message sent by the SA foreground equipment, the SA background equipment sends an SA strategy to the SA foreground equipment, and the request message comprises a source address corresponding to the first user. At this time, the SA foreground device requests, based on the source address, the SA policy of the first user corresponding to the source address, so as to process the traffic of the target service from the first user.
In a possible implementation manner, the SA background device is configured to execute a function of a CP module in the vBNG system, and the SA foreground device is configured to execute a function of an UP module in the vBNG system, where the method further includes: and the SA background equipment receives authentication and authorization accounting information sent by the AAA server, wherein the authentication and authorization accounting information is used for the CP module and the UP module to realize the access authentication process of the first user and the flow accounting process of the first user. At this point, the CP device is used to perform the functions of the SA backend module, so that the method can be combined with a CU-separated vBNG system.
In one possible implementation, sending, by the SA background device, the SA policy to the SA foreground device includes: and the SA background equipment sends the SA strategy to the SA foreground equipment through the CUSP. At this time, the SA policy issued by the AAA server is first sent to the CP device in the vBNG system, and then is transmitted to the UP device by the CP device through the extended CUSP.
In one possible implementation, the SA policy and authentication authorization accounting information is sent via the RADIUS protocol.
In one possible implementation, the SA policy and the authentication, authorization, and charging information are sent through a PCRF protocol.
In a possible implementation manner, the processing manner of the traffic of the target service for the first user includes performing at least one of the following processes on the traffic: bandwidth control, mirroring or redirection.
In a fourth aspect, a traffic management apparatus is provided, where the apparatus is applied to a broadband access device, and the apparatus includes:
the receiving module is used for receiving authentication authorization accounting information and an SA policy which are sent by the AAA server, wherein the SA policy indicates a processing mode of the flow of a target service for a first user;
and the implementation module is used for implementing the access authentication process of the first user and the flow charging process of the first user according to the authentication authorization charging information.
In a possible implementation manner, the broadband access device is further configured to perform a function of an SA foreground module, and the apparatus further includes: and the processing module is used for processing the flow of the target service from the first user according to the SA strategy.
In a possible implementation manner, the receiving module is further configured to receive a first message;
the device still includes: the determining module is used for determining that the first message belongs to the first user; determining that the first message belongs to a target service;
and the processing module is used for processing the first message according to a processing mode in the SA strategy on the basis that the first message belongs to the first user and the target service.
In a possible implementation manner, the determining module is configured to determine that the first packet belongs to the first user based on a source address of the first packet.
In one possible implementation, the apparatus further includes: and the obtaining module is used for obtaining the statistical information of the flow of the target service from the first user.
In a possible implementation manner, the broadband access device is a vBNG system, the vBNG system includes a CP device and a UP device, the CP device is configured to receive an SA policy sent by the AAA server, and the UP device is configured to execute a function of the SA foreground module.
In one possible implementation, the apparatus further includes: a first sending module, configured to send, by the CP device, the SA policy to the UP device through the CUSP.
In a possible implementation manner, the broadband access device is a CP device in a vBNG system, and the apparatus further includes: and the second sending module is used for sending the SA strategy to the SA foreground equipment by the CP equipment, and the SA foreground equipment is used for processing the flow of the target service from the first user according to the SA strategy.
In a possible implementation manner, the second sending module is configured to send, by the CP device, the SA policy to the SA foreground device through the CUSP.
In one possible implementation manner, the SA policy is carried in a TLV field of the CUSP packet.
In a possible implementation manner, the SA policy includes a correspondence between an identifier of a target service and a processing manner, where the identifier of the target service includes at least one of the following: an application layer protocol identification, an application layer protocol group identification, a URL identification, or a URL group identification.
In a possible implementation manner, the receiving module is configured to receive, through the RADIUS protocol, the authentication, authorization, accounting information and the SA policy sent by the AAA server.
In a possible implementation manner, the receiving module is configured to receive, through a PCRF protocol, authentication, authorization, charging information and an SA policy that are sent by the AAA server.
In a possible implementation manner, the processing manner of the traffic of the target service for the first user includes performing at least one of the following processes on the traffic: bandwidth control, mirroring or redirection.
In a fifth aspect, there is provided a traffic management apparatus, where the traffic management apparatus is applied to an AAA server, and the apparatus includes:
and the sending module is used for sending the SA strategy to the target equipment, wherein the SA strategy indicates the processing mode of the flow of the target service of the first user.
In a possible implementation manner, the target device is a broadband access device, and the sending module is further configured to send authentication authorization charging information to the broadband access device, where the authentication authorization charging information is used by the broadband access device to implement an access authentication process of the first user and a charging process of a traffic of the first user.
In one possible implementation, the broadband access device includes a CP device in a vBNG system.
In a possible implementation manner, the target device is an SA background device, and the sending module is further configured to send authentication authorization charging information to the broadband access device, where the authentication authorization charging information is used by the broadband access device to implement an access authentication process of the first user and a charging process of a traffic of the first user.
In one possible implementation, the SA policy and authentication authorization accounting information is sent via the RADIUS protocol.
In one possible implementation, the SA policy and the authentication, authorization, and charging information are sent through a PCRF protocol.
In a possible implementation manner, the processing manner of the traffic of the target service for the first user includes performing at least one of the following processes on the traffic: bandwidth control, mirroring or redirection.
In a sixth aspect, a traffic management apparatus is provided, where the apparatus is applied to SA background devices, and the apparatus includes:
and the receiving module is used for receiving the SA policy sent by the AAA server, wherein the SA policy indicates a processing mode of the flow of the target service for the first user.
In one possible implementation, the apparatus further includes: and the sending module is used for sending the SA strategy to the SA foreground equipment.
In a possible implementation manner, the sending module is configured to send the SA policy to the SA foreground device based on a request message sent by the SA foreground device, where the request message includes a source address corresponding to the first user.
In a possible implementation manner, the SA background device is configured to execute a function of a CP module in the vBNG system, the SA foreground device is configured to execute a function of an UP module in the vBNG system, and the receiving module is further configured to receive authentication authorization accounting information sent by the AAA server, where the authentication authorization accounting information is used for the CP module and the UP module to implement an access authentication process of the first user and an accounting process of a traffic of the first user.
In a possible implementation manner, the sending module is configured to send the SA policy to the SA foreground device through the CUSP.
In one possible implementation, the SA policy and authentication authorization accounting information is sent via the RADIUS protocol.
In one possible implementation, the SA policy and the authentication authorization charging information are sent through a PCRF protocol.
In a possible implementation manner, the processing manner of the traffic of the target service for the first user includes performing at least one of the following processes on the traffic: bandwidth control, mirroring or redirection.
In a seventh aspect, a broadband access system is provided, which includes a broadband access device, an AAA server, and an SA backend device, wherein,
the AAA server is used for sending an SA policy to the SA background equipment, wherein the SA policy indicates a processing mode of the flow of the target service of the first user, and sending authentication authorization charging information to the broadband access equipment, and the authentication authorization charging information is used for the broadband access equipment to realize the access authentication process of the first user and the charging process of the flow of the first user.
In a possible implementation manner, the broadband access device is further configured to execute a function of the SA foreground module, and the SA background device is configured to send an SA policy to the broadband access device; the broadband access device is used for processing the flow of the target service from the first user according to the SA strategy.
In an eighth aspect, there is provided a broadband access system, comprising a broadband access device and an AAA server, wherein,
the AAA server is used for sending authentication authorization accounting information and an SA strategy to the broadband access equipment, wherein the SA strategy indicates a processing mode of the flow of the target service of the first user;
the broadband access equipment is used for realizing the access authentication process of the first user and the flow charging process of the first user according to the authentication authorization charging information; and processing traffic of the target service from the first user according to the SA policy.
In a ninth aspect, a broadband access system is provided, which comprises an SA backend device and an AAA server, wherein,
the AAA server is used for sending authentication authorization accounting information and an SA strategy to the SA background equipment, and the SA strategy indicates a processing mode of the flow of the target service of the first user;
the SA background equipment is used for realizing an access authentication process of a first user and a charging process of the flow of the first user according to the authentication authorization charging information, and the SA background equipment is used for executing the function of a CP (content provider network) module in the vBNG system; and sending the SA strategy to SA foreground equipment, wherein the SA foreground equipment is used for executing the function of the UP module in the vBNG system.
In a tenth aspect, there is provided a traffic management device, the device comprising a memory and a processor; the memory has stored therein at least one instruction that is loaded and executed by the processor to cause the traffic management device to implement the method of the first aspect and any possible implementation manner of the first aspect.
In an eleventh aspect, there is provided a traffic management device, the device comprising a memory and a processor; the memory has stored therein at least one instruction that is loaded and executed by the processor to cause the traffic management device to implement the method of any one of the possible implementations of the second aspect and the second aspect described above.
In a twelfth aspect, a traffic management device is provided, the device comprising a memory and a processor; the memory has stored therein at least one instruction, which is loaded and executed by the processor to cause the traffic management device to implement the method in any one of the possible implementations of the third aspect and the fourth aspect.
Optionally, there are one or more processors and one or more memories.
Alternatively, the memory may be integrated with the processor, or provided separately from the processor.
In a specific implementation process, the memory may be a non-transitory (non-transitory) memory, such as a Read Only Memory (ROM), which may be integrated on the same chip as the processor, or may be separately disposed on different chips.
In a thirteenth aspect, there is provided a computer program (product) comprising: computer program code which, when run by a computer, causes the computer to perform the method of the above-mentioned aspects.
In a fourteenth aspect, a computer-readable storage medium is provided, which stores a program or instructions, which when executed on a computer, performs the method in the above aspects.
In a fifteenth aspect, a chip is provided, which includes a processor for calling and executing instructions stored in a memory from the memory, so that a communication device in which the chip is installed performs the method in the above aspects.
In a sixteenth aspect, there is provided another chip comprising: the system comprises an input interface, an output interface, a processor and a memory, wherein the input interface, the output interface, the processor and the memory are connected through an internal connection path, the processor is used for executing codes in the memory, and when the codes are executed, the processor is used for executing the method in each aspect.
A seventeenth aspect provides a network system, where the system includes a broadband access device, an AAA server, and an SA backend device, where the broadband access device is configured to perform the method in any one of the foregoing possible implementations of the first aspect and the first aspect, the AAA server is configured to perform the method in any one of the foregoing possible implementations of the second aspect and the second aspect, and the SA backend device is configured to perform the method in any one of the foregoing possible implementations of the third aspect and the third aspect.
Drawings
Fig. 1 is a schematic diagram of a multi-layer protocol provided in an embodiment of the present application;
FIG. 2 is a diagram illustrating SA capabilities implemented in a related art according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of an SA foreground module and an SA background module according to an embodiment of the present disclosure;
FIG. 4 is a schematic diagram of an implementation environment provided by an embodiment of the present application;
fig. 5 is a schematic structural diagram of a traffic management system according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of a traffic management system according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of a traffic management system according to an embodiment of the present application;
fig. 8 is a schematic structural diagram of a traffic management system according to an embodiment of the present application;
fig. 9 is a schematic structural diagram of a traffic management system according to an embodiment of the present application;
fig. 10 is a schematic structural diagram of a traffic management system according to an embodiment of the present application;
fig. 11 is a schematic structural diagram of a traffic management system according to an embodiment of the present application;
fig. 12 is a schematic structural diagram of a traffic management system according to an embodiment of the present application;
fig. 13 is a schematic flowchart of a traffic management method according to an embodiment of the present application;
fig. 14 is a schematic flowchart of a traffic management method according to an embodiment of the present application;
fig. 15 is a schematic flow chart of a traffic management method according to an embodiment of the present application;
fig. 16 is a schematic structural diagram of a flow management device according to an embodiment of the present application;
fig. 17 is a schematic structural diagram of a traffic management device according to an embodiment of the present application;
fig. 18 is a schematic structural diagram of a flow management device according to an embodiment of the present application;
fig. 19 is a schematic structural diagram of a traffic management device according to an embodiment of the present application.
Detailed Description
The terminology used in the description of the embodiments section of the present application is for the purpose of describing particular embodiments of the present application only and is not intended to be limiting of the present application.
With the development of communication technology, there is an increasing demand for broadband services, including but not limited to fixed broadband (FBB). The broadband service belongs to one of the traffic management modes, and the broadband service is provided through a simple network architecture, that is, the traffic management is realized through the simple network architecture.
Currently, increasing SA capability in broadband services is a research focus. The SA capability includes Deep Packet Inspection (DPI) capability, and refers to a capability of identifying a service to which traffic of a user belongs and processing the traffic based on the service to which the traffic belongs. The service includes, but is not limited to, a certain URL group, or a certain Application (APP), a certain APP group. It should be noted that the SA capability depends on the device's identification capability for the fifth (layer 5, L5) to seventh (layer 7, L7) protocols. Since the network architecture providing the broadband service includes devices having only an identification capability for the protocols of the second layer (layer 2, L2) to the fourth layer (layer 4, L4), for example, the identification capability for the protocols of the third layer (layer 3, L3), the network architecture providing the broadband service does not have the SA capability. The above protocols of the respective layers can be seen in fig. 1. In fig. 1, the L2 protocol includes a Medium Access Control (MAC) protocol, the L3 protocol includes an Internet Protocol (IP), the L4 protocol includes a Transmission Control Protocol (TCP) or a user data packet protocol (UDP), and the L5-L7 protocol includes a hypertext transfer protocol (HTTP).
In the related art, an SA foreground module and an SA background module are added based on devices included in a network architecture for providing broadband services. And an independent server is deployed, an SA strategy is issued through the independent server, and the SA foreground module and the SA background module realize the SA capability based on the SA strategy. In addition, the related art needs to deploy another independent server to issue authentication authorization accounting information to the devices included in the network architecture for providing broadband services. Referring to fig. 2, in the related art, an SA foreground module is integrated in a BNG to form a BNG/SA foreground, and the SA background, a server a, and a server B (the server a and the server B are two different servers) are combined to implement the SA capability through the steps shown in fig. 2.
201, the server a sends the SA policy to the SA background to form a corresponding relationship between the user Identification (ID) and the SA policy.
202, the user terminal sends an online request to the BNG/SA foreground.
203, the BNG/SA foreground sends an authentication authorization message to the server B to realize the authentication authorization of the user terminal.
204, the BNG/SA foreground transmits an authentication authorization message to the SA background, and the authentication authorization message carries the IP address and the user ID.
205, the SA background generates the corresponding relation between the IP address and the user ID according to the authentication authorization message.
206, the flow of the user terminal reaches the BNG/SA foreground, the BNG drains the flow to the SA foreground, and the SA foreground extracts the IP address of the flow.
207, the SA foreground requests the SA policy from the SA background using the IP address of the traffic.
And 208, the SA background searches the corresponding relation between the IP address and the user ID and the corresponding relation between the user ID and the SA strategy in sequence based on the IP address to obtain the SA strategy.
209, SA strategy is issued by the SA background.
And 210, the SA foreground executes the SA strategy and processes the flow according to the SA strategy.
And 211, the SA foreground counts the related information of the flow and reports the information to the SA background for charging.
Based on the above process shown in fig. 2, it can be seen that although the SA capability can be added in the broadband service, two different servers need to be deployed, which not only has higher cost, but also makes the network architecture more complex.
Referring to fig. 3, fig. 3 shows a schematic structural diagram of the SA foreground module and the SA background module. The SA foreground module includes a Service Aware Function (SAF) unit, and the SA background module includes a Data Analysis Function (DAF) unit and a Policy Control Function (PCF) unit. Among them, the SAF unit, the DAF unit, and the PCF unit function as follows.
And the SAF unit is used for identifying the service to which the flow of the user belongs according to the SA strategy and the feature library issued by the PCF unit, processing the flow of the user according to the SA strategy based on the service to which the flow belongs, counting the information related to the flow of the user and reporting the information to the DAF unit.
The DAF unit is used for receiving and storing the information counted by the SAF unit (for example, storing the information in a database), performing data analysis (for example, charging) based on the received information and the SA policy issued by the PCF unit, obtaining a data analysis result, notifying the PCF unit to update the SA policy issued to the SAF unit according to the analysis result, and presenting the data analysis result in a report form (for example, presenting the data analysis result to an operator).
And the PCF unit is used for providing a human-computer interaction interface and an operator docking interface, supporting the generation of an SA strategy and the generation of a feature library, issuing the SA strategy to the SAF unit and the DAF unit, and issuing the feature library to the SAF unit.
In view of the above problems in the related art, an embodiment of the present application provides a traffic management method, which can be applied to a network architecture for providing broadband services, where the network architecture is used for a user terminal to access a destination network. Or, the network architecture may transmit the traffic of the user to the destination network, so that the user may use the user terminal to surf the internet. The destination network includes, but is not limited to, the internet (internet) by way of example, and the embodiments of the present application do not limit the destination network. Taking the implementation environment of the network architecture shown in fig. 4 as an example, as shown in fig. 4, a user terminal, a home gateway (RG), an Optical Network Terminal (ONT), an Optical Line Terminal (OLT), a traffic management system, a fixed network, and a destination network are connected in sequence. Illustratively, the fixed network includes, but is not limited to, at least one of the following: an accelerated path network and a public interconnect backbone network. The user terminal is accessed to the fixed network through the RG, the ONT, the OLT and the like, and then is accessed to the target network through the fixed network. Before the fixed network accesses the destination network, the traffic management system can manage the traffic of the user.
Illustratively, the traffic management system may include a plurality of devices, a first device of the plurality of devices being directly connected to the OLT and the fixed network, respectively, and a second device of the plurality of devices being connected to the first device. Wherein the first device comprises at least one of the plurality of devices and the second device comprises the other of the plurality of devices except the first device. Thereby, the first device is positioned on the transmission path of the user's traffic, while the second device is hanging. With regard to the types of the first device and the second device, reference may be made to the subsequent descriptions of fig. 6 to 12.
In an exemplary embodiment, referring to fig. 5, a traffic management system includes a broadband access device and an AAA server, the broadband access device and the AAA server being connected.
Illustratively, the broadband access device may include a Broadband Network Gateway (BNG), also known as a broadband remote access server. In one possible implementation, the broadband access device includes a BNG module, and the BNG module may be implemented by a forwarding device such as a router or a switch. The traffic management system may further include an SA background module, which may be implemented by a computer device, such as a server device, for example.
Illustratively, the broadband access device further comprises an SA foreground module. Illustratively, the SA front end module may be implemented by a plug-in card that may be plugged into a forwarding device such as a router, switch, etc.
Based on the above description, the embodiments of the present application provide several types of traffic management systems as follows.
Type one, referring to fig. 6, the traffic management system includes a broadband access device and an AAA server, and the traffic management system further includes an SA background module. The broadband access device comprises a BNG module and an SA foreground module. The AAA server, the BNG module, the SA foreground module and the SA background module are connected in sequence.
The traffic management system shown in fig. 6 is applied to the network architecture shown in fig. 4, and the user terminal, the RG, the ONT, and the OLT, the broadband access device, the fixed network, and the destination network are sequentially connected. The AAA server and the SA background module are respectively connected with the broadband access equipment. That is, the broadband access device is located on the transmission path of the traffic of the user, and the AAA server and the SA backend module are suspended.
Illustratively, the SA background module and the SA foreground module are previously connected through a private interface. In one possible implementation, the functions of the BNG module and the SA foreground module may be implemented by the BNG device. Illustratively, the SA background module may be located on other devices than the broadband access device. For example, the functions of the SA background module may be implemented by the SA background device.
Type two, referring to fig. 7, on the basis of type one shown in fig. 6, the SA backend module is further connected with the AAA server.
Type three, as shown in fig. 8, the traffic management system includes a broadband access device and an AAA server, the broadband access device is a vBNG system, and the vBNG system includes a CP device and an UP device. AAA server, CP device and UP device are connected in turn. Wherein, the BNG module included in the broadband access device in the above description is embodied as a CP device and a UP device. The CP device comprises an SA background module, and the UP device comprises an SA foreground module.
Applying the traffic management system shown in fig. 8 to the network architecture shown in fig. 4, the user terminal, the RG, the ONT, the OLT, the UP device including the SA foreground module, the fixed network, and the destination network are sequentially connected. The CP device including the SA background module is connected with the UP device including the SA foreground module, and the AAA server is connected with the CP device including the SA background module. That is, the UP device including the SA foreground module is located on the transmission path of the user's traffic, and the CP device including the SA background module and the AAA server are on-hook.
Type four, referring to fig. 9, the traffic management system includes a broadband access device and an AAA server, and the broadband access device is a CP device in the vBNG system. The CP device in the vBNG system comprises an SA background module. The flow management system also comprises SA foreground equipment which realizes the function of an SA foreground module. The AAA server, the CP device comprising the SA background module and the SA foreground device are connected in sequence.
The traffic management system shown in fig. 9 is applied to the network architecture shown in fig. 4, and the user terminal, the RG, the ONT, the OLT, the SA front-end device, the fixed network, and the destination network are connected in sequence. The CP equipment including the SA background module is connected with the SA foreground equipment, and the AAA server is connected with the CP equipment including the SA background module. That is, the SA foreground device is located on the transmission path of the traffic of the user, and includes the CP device of the SA background module and the AAA server side-hang.
Alternatively, in an exemplary embodiment, in the traffic management system, the CP device in the vBNG system may not include the SA backend module, that is, the SA backend module is located in another device besides the CP device. See, for example, the description of type five and type six below.
Type five, as shown in fig. 10, the traffic management system includes a broadband access device and an AAA server, and the traffic management system further includes an SA background module. The broadband access device comprises a CP module, an UP module and an SA foreground module. AAA server, CP module, UP module, SA foreground module and SA background module are connected in sequence.
Applying the traffic management system shown in fig. 10 to the network architecture shown in fig. 4, the user terminal, the RG, the ONT, the OLT, the broadband access device, the fixed network, and the destination network are connected in sequence. The AAA server and the SA background module are respectively connected with the broadband access equipment. That is, the broadband access device is located on the transmission path of the traffic of the user, and the AAA server and the SA backend module are suspended.
Illustratively, the functionality of the CP module may be implemented by the CP device, and the functionality of the UP module and SA foreground may be implemented by the UP device. Optionally, the function of the SA background module may be implemented by an SA background device, and the SA background device is connected to the SA foreground module through a private interface.
Type six, see fig. 11, the SA backend module is also connected to the AAA server on the basis of type five shown in fig. 10.
Type seven, as shown in fig. 12, the traffic management system includes a broadband access device and an AAA server, the broadband access device includes an SA foreground device and an SA background device, the SA foreground device implements the function of the UP module, and the SA background device implements the function of the CP module. The AAA server, the SA background device comprising the CP module and the SA foreground device comprising the UP module are connected in sequence.
The traffic management system shown in fig. 12 is applied to the network architecture shown in fig. 4, where the user terminal, the RG, the ONT, the OLT, the SA foreground device including the UP module, the fixed network, and the destination network are sequentially connected. The SA background equipment including CP module is connected with SA foreground equipment including UP module, AAA server is connected with SA background equipment including CP module. That is, the SA foreground device including the UP module is located on the transmission path of the user's traffic, and the SA background device including the CP module and the AAA server are on-hook.
The embodiment of the application provides a traffic management method, which is applied to broadband access equipment included in the traffic management systems of the types. As shown in fig. 13, the method includes steps 1301 and 1302 as follows.
1301, the broadband access device receives authentication, authorization and accounting information and an SA policy sent by the AAA server, where the SA policy indicates a processing mode of a traffic of a target service for the first user.
The authentication authorization charging information comprises authentication authorization information and charging information, the authentication authorization information is used for realizing the access authentication process of the first user, and the charging information is used for realizing the charging process of the flow of the first user. The charging process of the flow of the first user comprises the following steps: a charging process for traffic of a first user. For example, the above charging procedure for the traffic of the first user may not distinguish the service to which the traffic belongs.
The manner in which each type of traffic management system receives the authentication, authorization, and accounting information and the SA policy is described with reference to cases one to seven.
Corresponding to the case of the traffic management system of type one, see fig. 6, the broadband access device includes a BNG module and an SA front desk module. The BNG module receives the authentication authorization accounting information and the SA policy from the AAA server. The BNG module sends the SA policy to the SA foreground module.
Corresponding to case two of the traffic management system of type two, see fig. 7, the broadband access device comprises a BNG module and a SA front end module. The BNG module receives authentication authorization accounting information from the AAA server, the SA background module receives the SA strategy from the AAA server, and the SA background module sends the SA strategy to the SA foreground module.
Corresponding to the third case of the traffic management system of type three, referring to fig. 8, the broadband access device includes a CP device and a UP device, the CP device includes an SA background module, and the UP device includes an SA foreground module. The CP device receives the authentication authorization accounting information and the SA strategy from the AAA server, and the CP device sends the SA strategy to the UP device, so that an SA foreground module included in the UP device obtains the SA strategy.
Corresponding to the case four of the traffic management system of type four, referring to fig. 9, the broadband access device includes a CP device, and the CP device includes an SA background module. And the CP equipment receives the authentication, authorization and accounting information and the SA strategy from the AAA server, and sends the SA strategy to the SA foreground equipment.
Corresponding to case five of the traffic management system of type five, referring to fig. 10, the broadband access device includes a CP module, an UP module, and an SA foreground module. The CP module receives authentication authorization accounting information and SA strategy from the AAA server, the CP module sends the SA strategy to the UP module, and the UP module sends the SA strategy to the SA foreground module.
Corresponding to the sixth case of the traffic management system of type six, referring to fig. 11, the broadband access device includes a CP module, an UP module, and an SA foreground module. The CP module receives authentication authorization accounting information from the AAA server, the SA background module receives an SA strategy from the AAA server, and the SA background module sends the SA strategy to the SA foreground module.
Corresponding to the seventh case of the traffic management system of type seven, referring to fig. 12, the broadband access device includes an SA foreground device and an SA background device, the SA foreground device includes an UP module, and the SA background device includes a CP module. The SA background equipment receives the authentication authorization accounting information and the SA strategy from the AAA server, a CP module included in the SA background equipment obtains the authentication authorization accounting information, and the SA background equipment sends the SA strategy to the SA foreground equipment.
In the above cases three, four, five, and seven, the SA policy may be transmitted through the CUSP. For example, a TLV field may be added in the extended CUSP protocol, with the SA policy carried in this newly added TLV field.
Illustratively, the SA policy includes a correspondence between an identifier of the target service and a processing manner, where the identifier of the target service includes at least one of: the service identifier includes an application layer protocol identifier, an application layer protocol group identifier, a URL identifier, or a URL group identifier. Wherein the processing manner may include a processing action.
Illustratively, the processing manner includes but is not limited to at least one of blocking (block), mirroring (mirror), bandwidth control and redirection, and the present embodiment does not limit the processing manner. Blocking refers to terminating the transmission process of the traffic. Mirroring refers to copying traffic, normally transmitting original traffic, and using the copied traffic for data analysis. Bandwidth control refers to determining a network for transmitting traffic, for example, if the traffic needs a larger bandwidth, an acceleration channel network is used to transmit the traffic, and if the traffic does not need a larger bandwidth, a public internet backbone network is used to transmit the traffic, and the traffic transmission rate can be controlled through a bandwidth control process. Redirection is to change the routing information of traffic and transmit the traffic through devices with different loads, so as to control the transmission rate of the traffic.
Based on the content included in the SA policy, the embodiment of the present application needs to extend the CUSP, so that the CP device can send the SA policy through the CUSP. In an exemplary embodiment, the SA policy is carried in a TLV field of a CUSP packet, and the CUSP packet is a packet using CUSP. Exemplarily, the TLV field includes a first TLV field, and the first TLV field carries a URL group identifier and/or a protocol group identifier, where the URL group identifier and/or the protocol group identifier is used to identify a target service for which the SA policy is intended, and the first TLV field is referred to table 1 below.
TABLE 1
Types of Length of Value of
List (list) Without limitation URL group identification list (URL group ID list)
Lists Without limitation Protocol group identification list (protocol group ID list)
In table 2, the URL group identification list includes at least one URL group identification, one URL group identification is used to uniquely indicate one URL group, and one URL group includes at least one URL. The protocol group identification list comprises at least one protocol group identification, one protocol group identification is used for uniquely indicating one protocol group, and one protocol group comprises at least one protocol.
In addition, the TLV field also comprises a second TLV field and/or a third TLV field, the second TLV field carries the URL group identification and the processing mode corresponding to the URL group identification, and the third TLV field carries the protocol group identification and the processing mode corresponding to the protocol group identification. The second TLV field is see table 2 below, and the third TLV field is see table 3 below. In tables 2 and 3, the action (action) is an action included in the processing method.
TABLE 2
Types of Length of Value of
Character string (string) Without limitation URL group identification
string Without limitation Movement of
TABLE 3
Type (B) Length of Value of
string Without limitation Protocol group identification
string Without limitation Movement of
In some embodiments, the AAA server comprises a RADIUS server. In this case, the authentication, authorization, accounting information and the SA policy are sent by the RADIUS server through the RADIUS protocol.
One SA policy may be uniquely indicated by one policy ID, and when sending the SA policy, the policy ID for indicating the SA policy needs to be sent. Therefore, the embodiment of the application needs to extend the RADIUS protocol, so that the RADIUS protocol can carry the policy ID. Illustratively, the policy ID is carried in a TLV field of a RADIUS packet, which is a packet using the RADIUS protocol. Extensions to the RADIUS protocol include: a fourth TLV field as shown in table 4 below is added.
TABLE 4
Type (B) Length of Value of
string Without limitation Policy ID
In table 4, the length of the type field is, for example, 1 to 31 (without an end-pointer), the length of the length field is, for example, 3 to 33, and the value field is used to carry the policy ID.
In other embodiments, the AAA server comprises a PCRF server. And the authentication, authorization and charging information and the SA policy are sent by the PCRF server through a PCRF protocol. At this time, the extension mode of the PCRF protocol may be similar to that of the RADIUS protocol, and is not described herein again.
1302, the broadband access device implements an access authentication procedure of the first user and a charging procedure of the traffic of the first user according to the authentication authorization charging information.
The access authentication process of the first user is also called a dial-up networking process of the first user. In the access authentication process, the user terminal used by the first user sends a request through a point to point protocol over Ethernet (PPPoE), where the request includes a user ID of the first user corresponding to the user terminal, and the user ID is used to uniquely indicate the user terminal used by the first user. Then, the AAA server receives an authentication and authorization message sent based on the request, where the authentication and authorization message carries a user ID and an IP address, and the IP address is an address to be allocated to the user terminal. The AAA server analyzes the authentication and authorization message to obtain a user ID, confirms whether a user terminal indicated by the user ID can surf the internet (namely, access to a target network) and the authority of the user terminal after surfing the internet, and obtains authentication and authorization information. If the authentication authorization information indicates that the user terminal can surf the internet and has certain authority, the IP address is allocated to the user terminal. After the user terminal obtains the IP address, the user terminal may send a message using the IP address, where the sent message carries the IP address.
The manner in which the traffic management systems of the respective types implement the access authentication process of the first user according to the authentication authorization information is described in the first to seventh cases.
Corresponding to the case of the traffic management system of type one, see fig. 6, the broadband access device includes a BNG module and an SA front desk module. The BNG module receives a request sent by a user terminal, determines an IP address needing to be distributed to the user terminal, generates an authentication and authorization message based on a user ID and the IP address carried in the request, and sends the authentication and authorization message to the AAA server. And then, the BNG module receives the authentication authorization information sent by the AAA server, and if the authentication authorization indicates that the user terminal can surf the internet and has certain authority, the BNG module allocates the IP address to the user terminal.
Corresponding to the second case of the traffic management system of type two, see fig. 7, the broadband access device includes a BNG module and an SA foreground module, and the second case is the same as the first case, and is not described herein again.
Corresponding to the third case of the traffic management system of type three, referring to fig. 8, the broadband access device includes a CP device and a UP device, the CP device includes an SA background module, and the UP device includes an SA foreground module. The UP device receives the request sent by the user terminal and forwards the request to the CP device. And then, the CP equipment determines an IP address needing to be distributed to the user terminal, generates an authentication and authorization message based on the user ID and the IP address carried in the request, and sends the authentication and authorization message to the AAA server. And then, the CP device receives the authentication authorization information sent by the AAA server, if the authentication authorization information indicates that the user terminal can surf the Internet and has certain authority, the CP device sends the IP address to the UP device, and the UP device distributes the IP address to the user terminal.
Corresponding to the case four of the traffic management system of type four, referring to fig. 9, the broadband access device includes a CP device, and the CP device includes an SA background module. The SA foreground device receives the request sent by the user terminal and forwards the request to the CP device. And then, the CP equipment determines an IP address needing to be distributed to the user terminal, generates an authentication and authorization message based on the user ID and the IP address carried in the request, and sends the authentication and authorization message to the AAA server. And then, the CP equipment receives the authentication and authorization information sent by the AAA server, and if the authentication and authorization information indicates that the user terminal can surf the Internet and has certain authority, the CP equipment sends the IP address to the SA foreground equipment, and the SA foreground equipment distributes the IP address to the user terminal.
Corresponding to case five of the traffic management system of type five, referring to fig. 10, the broadband access device includes a CP module, an UP module, and an SA foreground module. The UP module receives a request sent by a user terminal and forwards the request to the CP module. And then, the CP module determines an IP address needing to be distributed to the user terminal, generates an authentication and authorization message based on the user ID and the IP address carried in the request, and sends the authentication and authorization message to the AAA server. And then, the CP module receives authentication authorization information sent by the AAA server, if the authentication authorization information indicates that the user terminal can surf the Internet and has certain authority, the CP module sends the IP address to the UP module, and the UP module distributes the IP address to the user terminal.
Corresponding to case six of the traffic management system of type six, referring to fig. 11, the broadband access device includes a CP module, an UP module, and an SA foreground module. Case six is the same as case five and will not be described here.
Corresponding to case seven of the traffic management system of type seven, referring to fig. 12, the broadband access device includes an SA foreground device and an SA background device. The SA foreground device includes a UP module, and the SA background device includes a CP module. And the SA foreground equipment receives the request sent by the user terminal and forwards the request to the SA background equipment. And then, the CP module included in the SA background equipment determines the IP address needing to be distributed to the user terminal, and generates an authentication and authorization message based on the user ID and the IP address carried in the request, so that the SA background equipment sends the authentication and authorization message to the AAA server. And then, the SA background equipment receives authentication authorization information sent by the AAA server, and if the authentication authorization information indicates that the user terminal can surf the Internet and has certain authority, the SA background equipment sends the IP address to the SA foreground equipment, and the SA foreground equipment distributes the IP address to the user terminal.
In addition, a manner in which each type of traffic management system implements a charging process of the traffic of the first user according to the charging information is described in cases one to seven. As can be seen from the above description in step 1301, the traffic of the first user includes the traffic of the reference service of the first user, and the reference service does not need to use the SA policy. For example, in the embodiment of the present application, first statistical information (hereinafter referred to as first statistical information) of the traffic of the reference service of the first user is obtained, and then the traffic of the reference service of the first user is charged based on the charging information and the first statistical information.
Corresponding to the case of the traffic management system of type one, see fig. 6, the broadband access device includes a BNG module and an SA front desk module. And the BNG module counts to obtain the first statistical information and charges based on the charging information and the first statistical information.
In the second case corresponding to the traffic management system of type two, referring to fig. 7, the broadband access device includes a BNG module and an SA foreground module, and the second case is the same as the first case, and is not described herein again.
Corresponding to the third case of the traffic management system of type three, referring to fig. 8, the broadband access device includes a CP device and a UP device, the CP device includes an SA background module, and the UP device includes an SA foreground module. The UP device counts to obtain first statistical information and sends the first statistical information to the CP device, and the CP device carries out charging based on the received first statistical information and the charging information.
Corresponding to the case four of the traffic management system of type four, referring to fig. 9, the broadband access device includes a CP device, and the CP device includes an SA background module. And the SA foreground device counts to obtain first statistical information and sends the first statistical information to the CP device, and the CP device carries out charging based on the charging information and the first statistical information.
Corresponding to case five of the traffic management system of type five, referring to fig. 10, the broadband access device includes a CP module, an UP module, and an SA foreground module. And the UP module counts to obtain first statistical information and sends the first statistical information to the CP module, and the CP module carries out charging based on the charging information and the first statistical information.
Corresponding to case six of the traffic management system of type six, referring to fig. 11, the broadband access device includes a CP module, an UP module, and an SA foreground module. Case six is the same as case five and will not be described here.
Corresponding to the seventh case of the traffic management system of type seven, referring to fig. 12, the broadband access device includes an SA foreground device and a CP module, the SA foreground device includes an UP module, and the CP module is located in the SA background device. The method comprises the steps that a UP module included by SA foreground equipment counts to obtain first statistical information, the SA foreground equipment sends the first statistical information to SA background equipment, and a CP module included by the SA background equipment carries out charging based on charging information and the first statistical information.
In addition, in this embodiment of the application, the SA foreground module further processes traffic of the target service from the first user according to the SA policy. Therefore, when the broadband access device comprises the SA foreground module, the broadband access device can process the traffic of the target service from the first user according to the SA policy. For example, the broadband access device shown in fig. 6, 7, 8, 10, 11, and 12 can process the traffic of the target service from the first user according to the SA policy. In addition, the SA foreground device shown in fig. 9 can also process the traffic of the target service from the first user according to the SA policy.
The traffic of the target service from the first user comprises a first message, and the first message is sent by a user terminal used by the first user. As can be known from the network architecture shown in fig. 4, the first packet is transmitted to the traffic management system sequentially through the RG device, the ONT device, and the OLT device. In an exemplary embodiment, the method further includes the SA foreground module receiving the first message, determining that the first message belongs to the first user, and determining that the first message belongs to the target service. Processing the flow of the target service from the first user according to the SA strategy, wherein the processing comprises the following steps: and the SA foreground module processes the first message according to a processing mode in the SA strategy based on that the first message belongs to the first user and belongs to the target service.
Illustratively, the SA front end module determines that the first packet belongs to the first user, including: the SA foreground module determines that the first message belongs to the first user based on the source address of the first message. The source address of the first message can be obtained by analyzing the first message, and the source address of the first message is also the IP address allocated to the user terminal sending the first message in the access authentication process. Therefore, if the source address of the first message is the same as the IP address assigned to the user terminal used by the first user, it can be determined that the first message belongs to the first user.
Illustratively, the step of determining, by the SA foreground module, that the first packet belongs to the target service includes: and the SA foreground module identifies the first user through the feature library to obtain the business of the first user. If the service to which the first user belongs is the same as the target service, it can be determined that the first message belongs to the target service. Illustratively, the feature library is a binary data file, which is generated by the SA background module and sent to the SA foreground. The feature library may include identifying features specific to application layer protocols and applications. When the application layer protocol or the application program is identified, the identification engine included in the SA foreground can perform characteristic analysis on the data message, compare the data message with various identification characteristics in the characteristic library, and obtain an identification result according to the comparison result. Illustratively, the SA foreground module stores a first correspondence of source addresses to policy IDs. Since the source address of the first message can be obtained by analyzing the first message, the first corresponding relationship can be queried according to the source address of the first message, and the policy ID corresponding to the source address is obtained, thereby obtaining the SA policy indicated by the policy ID. As can be seen from the foregoing, the SA policy includes a correspondence between the identifier of the target service and the processing manner, and thus the service indicated by the identifier of the target service included in the SA policy is the target service.
After determining that the first packet belongs to the first user and belongs to the target service according to the above description, querying the SA policy to obtain a processing mode corresponding to the identifier of the target service, so that the first packet can be processed according to the processing mode in the SA policy. For example, the SA policy includes correspondence between URL identification (i.e., identification of target traffic) and bandwidth control (i.e., processing manner) indicating adoption of the expedited path network. And under the condition that the first message belongs to the first user and the URL indicated by the URL identification, transmitting the first message by adopting an accelerated channel network, thereby carrying out accelerated transmission on the first message.
In addition, under the condition that the first message belongs to the first user but does not belong to the target service, the SA strategy does not need to be inquired, and the first message can be directly processed according to a reference mode. Still taking the case that the SA policy includes the URL identifier and the correspondence between the URL identifier and the bandwidth control for indicating to use the accelerated channel network as an example, in the case that it is determined that the first packet belongs to the first user and does not belong to the URL indicated by the URL identifier, the accelerated channel network is not used to transmit the first packet, but the first packet is transmitted according to a reference manner, for example, a manner of a public internet backbone network, in which case the first packet is not transmitted at an accelerated rate.
Next, a description will be given of a manner in which each type of traffic management system processes traffic of a target service from a first user through cases one to seven.
Corresponding to the case of the traffic management system of type one, see fig. 6, the broadband access device includes a BNG module and an SA front desk module. The BNG module receives a first message sent by the user terminal, and the SA foreground module obtains the first message through the BNG module. And after determining that the first message belongs to the first user and the target service, the SA foreground module processes the first message according to a processing mode in the SA strategy.
In case one, the SA policy and the first correspondence used by the SA foreground module are both sent by the BNG module.
Illustratively, the first correspondence is generated by the BNG module according to a second correspondence between the source address and a subscriber ID, the subscriber ID being indicative of the subscriber terminal. The source address is also the IP address allocated by the user terminal during the access authentication process, and the BNG module obtains the second corresponding relationship during the authentication access process. In addition, the user terminal subscribes to the SA policy before sending the message, and since the user terminal is indicated by the user ID and the SA policy is indicated by the policy ID, a third correspondence between the user ID and the policy ID is formed and stored in the AAA server. The BNG module sends the user ID to the AAA server, the AAA server inquires the third corresponding relation according to the user ID to obtain a strategy ID corresponding to the user ID, and returns the strategy ID corresponding to the user ID to the BNG module, so that the BNG module generates the first corresponding relation according to the strategy ID corresponding to the user ID and the second corresponding relation, and then sends the first corresponding relation to the SA foreground module.
In a second case corresponding to the traffic management system of type two, referring to fig. 7, the broadband access device includes a BNG module and an SA front stage module, and in the second case, the manner in which the SA front stage module processes the first message is described in the first case, which is not described herein again.
In case two, the SA policy used by the SA foreground module is sent by the SA background module, and the first correspondence used by the SA foreground module is sent by the BNG module or the SA background module. The way in which the BNG module generates the first correspondence is referred to as the first case, and is not described herein again.
Illustratively, when the SA background module sends the first corresponding relationship to the SA foreground module, the first corresponding relationship is generated by the SA background module according to the second corresponding relationship. The authentication authorization message sent by the BNG module to the AAA server in the access authentication process is also copied to the SA background module, so that the SA background module can obtain the second corresponding relation through the authentication authorization message. In addition, the SA background module also stores the corresponding relation between the SA strategy and the strategy ID. After the SA background module obtains the second mapping relationship, the SA background module may send the user ID to the AAA server, obtain a policy ID corresponding to the user ID returned by the server based on the third mapping relationship, and thereby generate the first mapping relationship according to the policy ID corresponding to the user ID and the second mapping relationship. Or the SA background may send the policy ID to the AAA server, the server queries the third correspondence according to the policy ID to obtain the user ID corresponding to the policy ID, and returns the user ID corresponding to the policy ID to the SA background module, so that the SA background module generates the first correspondence according to the user ID corresponding to the policy ID and the second correspondence. In short, the SA background module can generate the first correspondence according to the second correspondence, thereby sending the first correspondence to the SA foreground module.
Illustratively, the SA background module sends the SA policy to the SA foreground module, including: the SA foreground module sends a request message to the SA background module, wherein the request message comprises a source address corresponding to the first user, namely the source address of the first message. After receiving the request message, the SA background module queries the generated first correspondence according to the source address of the first message to obtain a policy ID corresponding to the source address, and returns the SA policy indicated by the policy ID to the SA foreground module. Thus, the SA policy used by the SA foreground module may be sent by the SA background module.
Corresponding to the third case of the traffic management system of type three, referring to fig. 8, the broadband access device includes a CP device and a UP device, the CP device includes an SA background module, and the UP device includes an SA foreground module. The UP device receives a first message sent by a user terminal, and an SA foreground module included in the UP device obtains the first message. And after determining that the first message belongs to the first user and the target service, the SA foreground module processes the first message according to a processing mode in the SA strategy.
In case three, the SA policy and the first corresponding relationship used by the SA foreground module are both sent to the UP device by the CP device, and then the SA foreground module included in the UP device may obtain the SA policy and the first corresponding relationship. The process of acquiring the first corresponding relationship by the CP device is referred to as the process of acquiring the first corresponding relationship by the BNG module in the above case one, and is not described herein again.
In a case of the traffic management system of type four, referring to fig. 9, after the SA foreground device receives the first message sent by the user terminal, and determines that the first message belongs to the first user and belongs to the target service, the SA foreground device processes the first message according to the processing mode in the SA policy.
In case four, the SA policy and the first correspondence used by the SA foreground device are both sent by the CP device. The process of the CP device obtaining the first corresponding relationship refers to the process of the BNG module obtaining the first corresponding relationship in the above case one, and is not described herein again.
Corresponding to case five of the traffic management system of type five, referring to fig. 10, the broadband access device includes a CP module, an UP module, and an SA foreground module. And the UP module receives a first message sent by the user terminal and forwards the first message to the SA foreground module. And after determining that the first message belongs to the first user and the target service, the SA foreground module processes the first message according to a processing mode in the SA strategy.
In case five, the SA policy and the first correspondence used by the SA foreground module are both sent by the UP module, and the SA policy and the first correspondence sent by the UP module are both from the CP module. The way for the CP module to generate the first corresponding relationship refers to the way for the BNG module to generate the first corresponding relationship in the above case one, and is not described herein again.
In case six corresponding to the traffic management system of type six, referring to fig. 11, the broadband access device includes a CP module, an UP module, and an SA foreground module, and the manner in which the SA foreground module in case six processes the first message is described in case five, which is not described herein again.
In case six, the SA policy used by the SA foreground module is sent by the SA background module. The manner in which the SA background module sends the SA policy to the SA foreground module is as described in the second embodiment above, and is not described here again. The first corresponding relation used by the SA foreground module is sent by the UP module or the SA background module, and the first corresponding relation sent by the UP module comes from the CP module. The mode of the CP module generating the first corresponding relationship refers to the mode of the BNG module generating the first corresponding relationship in the above case one, and the mode of the SA background module generating the first corresponding relationship refers to the mode of the SA background module generating the first corresponding relationship in the above case two, which are not described herein again.
In case seven of the traffic management system of type seven, referring to fig. 12, the SA foreground device receives the first message sent by the user terminal, and after determining that the first message belongs to the first user and belongs to the target service, the SA foreground device processes the first message according to the processing mode in the SA policy.
In case seven, the SA policy used by the SA foreground device and the first correspondence are both sent by the SA background device. The manner in which the SA background device sends the SA policy to the SA foreground device is as described in the second embodiment above, and is not described here again. The mode of generating the first corresponding relationship by the SA background device refers to the mode of generating the first corresponding relationship by the SA background module in the above case two, which is not described herein again.
In an exemplary embodiment, the method further comprises: the SA foreground module (or SA foreground device) obtains statistical information (hereinafter referred to as second statistical information to distinguish from the first statistical information in the above description) of the traffic of the target service from the first user. Wherein the second statistical information includes but is not limited to: data size, duration, time delay, and the like, and the second statistical information is not limited in the embodiment of the present application. For example, the second statistical information (e.g. data volume and duration) may be used for charging for the traffic of the target service from the first user, and the second statistical information (e.g. delay) may also be used for data analysis.
Illustratively, the embodiment of the present application further provides an SA identifier, so as to distinguish the first statistical information from the second statistical information. Illustratively, the SA is identified as a TLV field. The embodiment of the application expands the RADIUS protocol, so that a fifth TLV field is carried in the RADIUS message, and the RADIUS message is a message using the RADIUS protocol. See table 5 below for this fifth TLV field. In table 5, the length of the type field is, for example, 1 to 31 (without an end-pointer), the length of the length field is, for example, 3 to 33, and the value field carries the SA id.
TABLE 5
Types of Length of Value of
string Without limitation SA identification
Exemplarily, the SA policy corresponds to policy charging information, and the policy charging information is used for implementing a charging process of a flow of a target service of the first user. In the embodiment of the application, the flow of the target service of the first user is charged based on the policy charging information and the second statistical information.
The manner in which each type of traffic management system charges the traffic of the target service from the first user is described in cases one to seven.
Corresponding to the case of the traffic management system of type one, see fig. 6, the broadband access device includes a BNG module and an SA front desk module. And the SA foreground module performs statistics to obtain second statistical information and sends the second statistical information to the BNG module, and the BNG module performs charging based on the second statistical information and the policy charging information corresponding to the SA policy.
In case two corresponding to the traffic management system of type two, referring to fig. 7, the broadband access device includes a BNG module and an SA foreground module, the SA foreground module performs statistics to obtain second statistical information and sends the second statistical information to the SA background module, and the SA background module performs charging based on the second statistical information and policy charging information corresponding to the SA policy.
Corresponding to the third case of the traffic management system of type three, referring to fig. 8, the broadband access device includes a CP device and a UP device, the CP device includes an SA background module, and the UP device includes an SA foreground module. And the SA foreground module counts to obtain second statistical information, and sends the second statistical information to the CP device through the UP device, and the CP device carries out charging based on the second statistical information and the strategy charging information corresponding to the SA strategy.
Corresponding to the case four of the traffic management system of type four, referring to fig. 9, the broadband access device includes a CP device, and the CP device includes an SA background module. And the SA foreground equipment counts to obtain second statistical information and sends the second statistical information to the CP equipment, and the CP equipment carries out charging based on the second statistical information and the strategy charging information corresponding to the SA strategy.
Corresponding to case five of the traffic management system of type five, referring to fig. 10, the broadband access device includes a CP module, an UP module, and an SA foreground module. And the SA foreground module counts to obtain second statistical information, and sends the second statistical information to the CP module through the UP module. And the CP module carries out charging based on the second statistical information and the strategy charging information corresponding to the SA strategy.
Corresponding to the sixth case of the traffic management system of type six, referring to fig. 11, the broadband access device includes a CP module, an UP module, and an SA foreground module. And the SA foreground module counts to obtain second statistical information, and sends the second statistical information to the SA background module through the UP module. And the SA background module carries out charging based on the second statistical information and the strategy charging information corresponding to the SA strategy.
Corresponding to the seventh case of the traffic management system of type seven, referring to fig. 12, the broadband access device includes an SA foreground device and a CP module, the SA foreground device includes an UP module, and the CP module is located in the SA background device. And the SA background equipment performs statistics to obtain second statistical information and sends the second statistical information to the SA background equipment, and the SA background equipment performs charging based on the second statistical information and the strategy charging information corresponding to the SA strategy.
The traffic management method provided in the embodiments of the present application is explained above. Based on the method, the embodiment of the application can provide various broadband services. The information to be used in the following broadband service is information obtained when the user knows and agrees. For various broadband services see the description below.
Quality difference analysis service: and acquiring statistical information of the flow of the target service from the user, wherein the statistical information comprises time delay, and obtaining the poor quality user based on the time delay analysis, thereby optimizing the communication experience aiming at the poor quality user. For example, the users with poor quality can be graded, so that different optimization modes are adopted for the users with poor quality of different levels.
User portrait service: and identifying the target service to which the message of the user belongs, and obtaining the user portrait by analyzing the target service accessed by the user preference, thereby improving the communication experience of the user based on the user portrait. For example, the analysis results in a user representation as: the user prefers the game class URL, and the communication experience of the user can be optimized on the game class URL.
Blocking service: and identifying the target service to which the message of the user belongs, and blocking the message according to actual requirements. For example, if the target service to which the message belongs is prohibited from being used, the message may be blocked. Therefore, safety problems or violation of related regulations can be avoided, and the communication experience of the user is guaranteed.
And (3) targeted service: by acquiring the statistical information of the flow of the target service from the user, the condition that the user uses each target service in the internet surfing process can be determined. Therefore, an appropriate SA strategy can be purposefully recommended to the user according to the condition that the user uses the target service, and therefore the communication experience of the user is improved. For example, in response to detecting that the frequency of using the target URL by the user is high, an SA policy related to the target URL, for example, an SA policy accelerated for the target URL, may be recommended to the user, so as to improve the communication experience of the user when using the target URL.
To sum up, the AAA server in the embodiment of the present application may issue both the authentication, authorization, and accounting information and the SA policy. The broadband access equipment acquires the SA strategy besides the authentication, authorization and accounting information. Therefore, two different servers do not need to be arranged in the network architecture respectively, so that the network architecture for carrying out traffic management is simplified, and the traffic management is realized through a simple network architecture.
In addition, based on the network architecture provided by the embodiment of the application, the SA capability can be added to the broadband service.
The embodiment of the present application further provides a traffic management method, which is applied to an AAA server, where the AAA server may be the AAA server shown in fig. 6-12, and referring to fig. 14, the method includes the following steps 1401.
In step 1401, the aaa server sends an SA policy to the target device, where the SA policy indicates a manner of handling traffic for the target service of the first user.
Step 1401 is as described above in steps 1301 and 1302, and will not be described here.
An embodiment of the present application further provides a traffic management method, where the method is applied to an SA background device, where the SA background device may be the SA background device shown in fig. 6 to 12 or a device where an SA background module shown in fig. 6 to 12 is located, see fig. 15, and the method includes the following step 1501.
In step 1501, the SA background device receives an SA policy sent by the AAA server, where the SA policy indicates a processing mode of traffic of a target service for a first user.
Step 1501 is described above in steps 1301 and 1302, and will not be described further herein.
An embodiment of the present application further provides a traffic management method, where the method is applied to a broadband access system, and the system includes a broadband access device, an AAA server, and an SA background device, where the broadband access device may be the broadband access device shown in fig. 6 to 12, the AAA server may be the AAA server shown in fig. 6 to 12, and the SA background device may be the SA background device shown in fig. 6 to 12 or a device where an SA background module shown in fig. 6 to 12 is located, and the method includes:
the AAA server sends an SA strategy to the SA background equipment, wherein the SA strategy indicates a processing mode of the flow of the target service of the first user;
the AAA server sends authentication, authorization and accounting information to the broadband access equipment, and the authentication, authorization and accounting information is used for the broadband access equipment to realize the access authentication process of the first user and the flow accounting process of the first user.
In a possible implementation manner, the broadband access device is further configured to perform a function of the SA foreground module, and the method further includes: and the SA background equipment sends an SA strategy to the broadband access equipment, and the broadband access equipment processes the flow of the target service from the first user according to the SA strategy.
The application provides a flow management method, which is applied to a broadband access system, the system comprises a broadband access device and an AAA server, and the method comprises the following steps:
the AAA server sends authentication, authorization and accounting information and an SA strategy to the broadband access equipment, wherein the SA strategy indicates a processing mode of the flow of the target service of the first user;
the broadband access equipment realizes the access authentication process of the first user and the flow charging process of the first user according to the authentication authorization charging information;
the broadband access device processes the flow of the target service from the first user according to the SA strategy, and is also used for executing the function of an SA foreground module.
An embodiment of the present application further provides a traffic management method, where the method is applied to a broadband access system, and the system includes an SA background device and an AAA server, where the AAA server may be the AAA server shown in fig. 6 to 12, and the SA background device may be the SA background device shown in fig. 6 to 12 or a device where an SA background module shown in fig. 6 to 12 is located, and the method includes:
the AAA server sends authentication authorization accounting information and an SA strategy to SA background equipment, wherein the SA strategy indicates a processing mode of the flow of the target service of the first user;
the SA background equipment is used for realizing an access authentication process of a first user and a charging process of the flow of the first user according to the authentication authorization charging information, and the SA background equipment is used for executing the function of a CP (content provider network) module in the vBNG (broadband network access gateway) system;
and the SA background equipment sends the SA strategy to the SA foreground equipment, and the SA foreground equipment is used for executing the function of the UP module in the vBNG system.
For each method applied to the broadband access system, refer to the descriptions in steps 1301 and 1302 above, and are not described here again. For the broadband access system, reference may be made to the description of the traffic management system in fig. 5 to 12, which is not described herein again.
The traffic management method provided in the embodiment of the present application is described above, and in accordance with the foregoing method, the embodiment of the present application further provides the traffic management apparatus shown in fig. 16, 17, and 18. The traffic management apparatus shown in fig. 16 is configured to execute the method performed by the broadband access device in the above method embodiment through the respective modules shown in fig. 16. The traffic management apparatus shown in fig. 17 is used for executing the method performed by the AAA server in the above method embodiment through the respective modules shown in fig. 17. The apparatus shown in fig. 18 is used for executing the method performed by the SA background device in the above method embodiment through the respective modules shown in fig. 18. The following describes each flow rate management device.
As shown in fig. 16, an embodiment of the present application provides a traffic management apparatus, which is applied to a broadband access device, and includes the following modules.
A receiving module 1601, configured to receive authentication, authorization, accounting information and an SA policy sent by an AAA server, where the SA policy indicates a processing mode of a traffic of a target service for a first user; the receiving module 1601 may be configured to perform step 1301 shown in fig. 13.
An implementation module 1602, configured to implement an access authentication procedure of the first user and a traffic charging procedure of the first user according to the authentication authorization charging information. The receiving module 1602 may be configured to perform the step 1302 shown in fig. 13.
In a possible implementation manner, the broadband access device is further configured to perform a function of an SA foreground module, and the apparatus further includes: and the processing module is used for processing the flow of the target service from the first user according to the SA strategy.
In a possible implementation manner, the receiving module 1601 is further configured to receive a first message;
the device still includes: the determining module is used for determining that the first message belongs to the first user; determining that the first message belongs to a target service;
and the processing module is used for processing the first message according to the processing mode in the SA strategy based on the fact that the first message belongs to the first user and the target service.
In a possible implementation manner, the determining module is configured to determine that the first packet belongs to the first user based on a source address of the first packet.
In one possible implementation, the apparatus further includes: and the obtaining module is used for obtaining the statistical information of the flow of the target service from the first user.
In a possible implementation manner, the broadband access device is a vBNG system, the vBNG system includes a CP device and an UP device, the CP device is configured to receive an SA policy sent by the server, and the UP device is configured to execute a function of the SA foreground module.
In one possible implementation, the apparatus further includes: and the first sending module is used for sending the SA strategy to the UP device by the CP device through the CUSP.
In a possible implementation manner, the broadband access device is a CP device in a vBNG system, and the apparatus further includes: and the second sending module is used for sending the SA strategy to the SA foreground equipment by the CP equipment, and the SA foreground equipment is used for processing the flow of the target service from the first user according to the SA strategy.
In a possible implementation manner, the second sending module is configured to send, by the CP device, the SA policy to the SA foreground device through the CUSP.
In one possible implementation, the SA policy is carried in the TLV field of the CUSP packet.
In a possible implementation manner, the SA policy includes a correspondence between an identifier of a target service and a processing manner, where the identifier of the target service includes at least one of the following: an application layer protocol identification, an application layer protocol group identification, a URL identification, or a URL group identification.
In a possible implementation manner, the receiving module 1601 is configured to receive, through a RADIUS protocol, authentication, authorization, accounting information and an SA policy sent by the AAA server.
In a possible implementation manner, the receiving module 1601 is configured to receive, through a PCRF protocol, authentication, authorization, charging information and an SA policy sent by an AAA server.
In a possible implementation manner, the processing manner of the traffic of the target service for the first user includes performing at least one of the following processes on the traffic: bandwidth control, mirroring or redirection.
As shown in fig. 17, the embodiment of the present application provides a traffic management apparatus, which is applied to an AAA server and includes the following modules.
The sending module 1701 is configured to send an SA policy to the target device, where the SA policy indicates a processing manner of a traffic of the target service for the first user. The sending module 1701 may be used to execute step 1401 shown in fig. 14.
In a possible implementation manner, the target device is a broadband access device, and the sending module 1701 is further configured to send authentication authorization charging information to the broadband access device, where the authentication authorization charging information is used for the broadband access device to implement an access authentication process of the first user and a charging process of a traffic of the first user.
In one possible implementation, the broadband access device includes a CP device in a vBNG system.
In a possible implementation manner, the target device is an SA background device, and the sending module 1701 is further configured to send authentication, authorization and accounting information to the broadband access device, where the authentication, authorization and accounting information is used for the broadband access device to implement an access authentication process of the first user and an accounting process of a traffic of the first user.
In one possible implementation, the SA policy and authentication authorization accounting information is sent via the RADIUS protocol.
In one possible implementation, the SA policy and the authentication authorization charging information are sent through a PCRF protocol.
In a possible implementation manner, the processing manner of the traffic of the target service for the first user includes performing at least one of the following processes on the traffic: bandwidth control, mirroring or redirection.
As shown in fig. 18, an embodiment of the present application provides a traffic management apparatus, which is applied to an SA backend device, and includes the following modules.
A receiving module 1801, configured to receive an SA policy sent by the AAA server, where the SA policy indicates a processing manner of traffic of a target service for a first user. The receiving module 1801 may be configured to execute step 1501 shown in fig. 15.
In one possible implementation, the apparatus further includes: and the sending module is used for sending the SA strategy to the SA foreground equipment.
In a possible implementation manner, the sending module is configured to send the SA policy to the SA foreground device based on a request message sent by the SA foreground device, where the request message includes a source address corresponding to the first user.
In a possible implementation manner, the SA background device is configured to execute a function of a CP module in the vBNG system, the SA foreground device is configured to execute a function of an UP module in the vBNG system, and the receiving module 1801 is further configured to receive authentication authorization charging information sent by the server, where the authentication authorization charging information is used for the CP module and the UP module to implement an access authentication process of the first user and a charging process of a traffic of the first user.
In a possible implementation manner, the sending module is configured to send the SA policy to the SA foreground device through the CUSP.
In one possible implementation, the SA policy and authentication authorization accounting information is sent via the RADIUS protocol.
In one possible implementation, the SA policy and the authentication, authorization, and charging information are sent through a PCRF protocol.
In a possible implementation manner, the processing manner of the traffic of the target service for the first user includes performing at least one of the following processes on the traffic: bandwidth control, mirroring or redirection.
To sum up, the AAA server in the embodiment of the present application may issue both the authentication, authorization, and accounting information and the SA policy. Therefore, two different servers do not need to be arranged in the network architecture respectively, so that the network architecture for carrying out traffic management is simplified, and the traffic management is realized through a simple network architecture.
It should be understood that the apparatuses provided in fig. 16, 17 and 18 are only illustrated by the division of the functional modules when the functions of the apparatuses are implemented, and in practical applications, the functions may be distributed and performed by different functional modules according to needs, that is, the internal structure of the apparatus is divided into different functional modules to perform all or part of the functions described above. In addition, the apparatus and method embodiments provided by the above embodiments belong to the same concept, and specific implementation processes thereof are described in the method embodiments for details, which are not described herein again.
In an exemplary embodiment, an embodiment of the present application provides a traffic management device, which includes a memory and a processor; the memory has stored therein at least one instruction that is loaded and executed by the processor to cause the traffic management device to implement the traffic management method described above and illustrated in fig. 13, 14 or 15.
Referring to fig. 19, fig. 19 is a schematic diagram illustrating an exemplary traffic management device 1900 according to the present application, where the traffic management device 1900 includes at least one processor 1901, a memory 1903, and at least one network interface 1904.
The processor 1901 is, for example, a general purpose CPU, a Digital Signal Processor (DSP), a Network Processor (NP), a GPU, a neural Network Processor (NPU), a Data Processing Unit (DPU), a microprocessor, or one or more integrated circuits or application-specific integrated circuits (ASICs), a Programmable Logic Device (PLD), or other programmable logic devices, transistor logic devices, hardware components, or any combination thereof, for implementing the present invention. PLDs are, for example, complex Programmable Logic Devices (CPLDs), field-programmable gate arrays (FPGAs), general Array Logic (GAL), or any combination thereof. Which may implement or execute the various logical blocks, modules, and circuits described in connection with the disclosure. A processor may also be a combination of computing functions, e.g., comprising one or more microprocessors, a DSP and a microprocessor, or the like.
Optionally, traffic management device 1900 also includes a bus 1902. The bus 1902 is used to transfer information between components of the traffic management device 1900. The bus 1902 may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The bus 1902 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick line is shown in FIG. 19, but it is not intended that there be only one bus or one type of bus.
The Memory 1903 is, for example, but is not limited to, a read-only Memory (ROM) or other type of storage device that can store static information and instructions, a Random Access Memory (RAM) or other type of dynamic storage device that can store information and instructions, an electrically erasable programmable read-only Memory (EEPROM), a compact disk read-only Memory (CD-ROM) or other optical disk storage, optical disk storage (including compact disk, laser disk, optical disk, digital versatile disk, blu-ray disk, etc.), a magnetic disk storage medium or other magnetic storage device, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer. The memory 1903 is, for example, separate and coupled to the processor 1901 via the bus 1902. The memory 1903 may also be integrated with the processor 1901.
The network interface 1904 may use any transceiver or other device for communicating with other devices or a communication network, such as an ethernet, a Radio Access Network (RAN), or a Wireless Local Area Network (WLAN). The network interface 1904 may include a wired network interface and may also include a wireless network interface. Specifically, the network interface 1904 may be an Ethernet (Ethernet) interface, such as: a Fast Ethernet (FE) interface, a Gigabit Ethernet (GE) interface, an Asynchronous Transfer Mode (ATM) interface, a WLAN interface, a cellular network interface, or a combination thereof. The ethernet interface may be an optical interface, an electrical interface, or a combination thereof. In some embodiments of the present application, the network interface 1904 may be used for the traffic management device 1900 to communicate with other devices.
In particular implementations, processor 1901 may include one or more CPUs, such as CPU0 and CPU1 shown in fig. 19, as some embodiments. Each of these processors may be a single core processor or a multi-core processor. A processor herein may refer to one or more devices, circuits, and/or processing cores that process data (e.g., computer program instructions).
In particular implementations, traffic management device 1900 may include multiple processors, such as processor 1901 and processor 1905 shown in fig. 19, as some embodiments. Each of these processors may be a single-core processor or a multi-core processor. A processor herein may refer to one or more devices, circuits, and/or processing cores that process data, such as computer program instructions.
In some embodiments, the memory 1903 is used to store program instructions 1910 for implementing the concepts of the present application, and the processor 1901 may execute the program instructions 1910 stored in the memory 1903. That is, the traffic management device 1900 may implement the methods provided by the method embodiments shown in fig. 13, 14 or 15 by the processor 1901 and the program instructions 1910 in the memory 1903. One or more software modules may be included in the program instructions 1910. Alternatively, the processor 1901 may itself store program instructions to implement aspects of the present application.
In a specific implementation process, the traffic management device 1900 of the present application may correspond to a first network element device for executing the method, and the processor 1901 in the traffic management device 1900 reads instructions in the memory 1903 to enable the traffic management device 1900 shown in fig. 19 to execute all or part of steps in the method embodiment.
The traffic management device 1900 may also correspond to the apparatus shown in fig. 16, 17, or 18 described above, and each functional module in the apparatus shown in fig. 16, 17, or 18 is implemented by software of the traffic management device 1900. In other words, the apparatus shown in fig. 16, 17 or 18 includes functional modules that are generated by the processor 1901 of the traffic management device 1900 reading the program instructions 1910 stored in the memory 1903.
The steps of the method shown in fig. 13, 14 or 15 are performed by instructions in the form of hardware integrated logic circuits or software in the processor of the traffic management device 1900. The steps of a method embodiment disclosed in this application may be directly implemented by a hardware processor, or may be implemented by a combination of hardware and software modules in the processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The storage medium is located in a memory, and a processor reads information in the memory and performs the steps of the above method embodiments in combination with hardware thereof, which are not described in detail here to avoid repetition.
It should be understood that the processor may be a Central Processing Unit (CPU), other general purpose processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a field-programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components, etc. A general purpose processor may be a microprocessor or any conventional processor or the like. It is noted that the processor may be an advanced reduced instruction set machine (ARM) architecture supported processor.
Further, in an alternative embodiment, the memory may include both read-only memory and random access memory, and provide instructions and data to the processor. The memory may also include non-volatile random access memory. For example, the memory may also store device type information.
The memory may be either volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory. The non-volatile memory may be a read-only memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an electrically Erasable EPROM (EEPROM), or a flash memory. Volatile memory can be Random Access Memory (RAM), which acts as external cache memory. By way of example, and not limitation, many forms of RAM are available. For example, static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), synchronous Dynamic Random Access Memory (SDRAM), double data rate synchronous dynamic random access memory (DDR SDRAM), enhanced synchronous SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), and direct bus RAM (DR RAM).
In an exemplary embodiment, the present application provides a computer program (product) comprising: computer program code which, when run by a computer, causes the computer to perform the traffic management method described above and illustrated in fig. 13, 14 or 15.
In an exemplary embodiment, the present application provides a computer-readable storage medium, which stores a program or instructions, when the program or instructions are run on a computer, the traffic management method shown in fig. 13, 14 or 15 described above is executed.
In an exemplary embodiment, the present application provides a chip, which includes a processor, and is configured to call and execute instructions stored in a memory, so that a communication device in which the chip is installed executes the traffic management method shown in fig. 13, 14, or 15.
In an exemplary embodiment, an embodiment of the present application provides another chip, including: an input interface, an output interface, a processor and a memory, wherein the input interface, the output interface, the processor and the memory are connected through an internal connection path, the processor is used for executing codes in the memory, and when the codes are executed, the processor is used for executing the traffic management method shown in the figure 13, the figure 14 or the figure 15.
In an exemplary embodiment, the present application provides a network system, where the system includes a broadband access device, an AAA server, and an SA backend device, where the broadband access device is configured to execute the traffic management method shown in fig. 13, the AAA server is configured to execute the traffic management method shown in fig. 14, and the SA backend device is configured to execute the traffic management method shown in fig. 15.
In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on a computer, the procedures or functions described in accordance with the present application are generated, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by wire (e.g., coaxial cable, fiber optic, digital subscriber line) or wirelessly (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that includes one or more available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid State Disk), among others.
The terms "first," "second," and the like in this application are used for distinguishing between similar items and items that have substantially the same function or similar functionality, and it should be understood that "first," "second," and "nth" do not have any logical or temporal dependency or limitation on the number or order of execution. It will be further understood that, although the following description uses the terms first, second, etc. to describe various elements, these elements should not be limited by these terms. These terms are only used to distinguish one element from another.
It should also be understood that, in the embodiments of the present application, the size of the serial number of each process does not mean the execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present application.
The term "at least one" in this application means one or more, and the term "plurality" in this application means two or more, for example, a plurality of second devices means two or more second devices. The terms "system" and "network" are often used interchangeably herein.
It is to be understood that the terminology used in the description of the various described examples herein is for the purpose of describing particular examples only and is not intended to be limiting. As used in the description of the various described examples and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items. The term "and/or" is an associative relationship that describes an associated object, meaning that three relationships may exist, e.g., A and/or B, may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" in the present application generally indicates that the former and latter related objects are in an "or" relationship.
It is also to be understood that the terms "if" and "if" may be interpreted to mean "when" ("where" or "upon") or "in response to a determination" or "in response to a detection". Similarly, the phrase "if it is determined," or "if [ a stated condition or event ] is detected," may be interpreted to mean "upon determining," or "in response to determining," or "upon detecting [ a stated condition or event ], or" in response to detecting [ a stated condition or event ] ", depending on the context.
The above description is only exemplary of the present application and should not be taken as limiting the present application, and any modifications, equivalents, improvements, etc. made within the principle of the present application should be included in the protection scope of the present application.

Claims (38)

1. A traffic management method, applied to a broadband access device, the method comprising:
the broadband access equipment receives authentication, authorization and accounting information and a service perception (SA) strategy which are sent by an authentication, authorization and accounting (AAA) server, wherein the SA strategy indicates a processing mode of the flow of a target service for a first user;
and the broadband access equipment realizes the access authentication process of the first user and the flow charging process of the first user according to the authentication authorization charging information.
2. The method of claim 1, wherein the broadband access device is further configured to perform the functions of an SA foreground module, and wherein the method further comprises:
and the broadband access equipment processes the flow of the target service from the first user according to the SA strategy.
3. The method of claim 2, further comprising:
the broadband access equipment receives a first message;
the broadband access equipment determines that the first message belongs to the first user;
the broadband access equipment determines that the first message belongs to the target service;
the broadband access device processes the traffic of the target service from the first user according to the SA policy, including:
and based on that the first message belongs to the first user and the target service, the broadband access equipment processes the first message according to the processing mode in the SA policy.
4. The method of claim 3, wherein the determining, by the broadband access device, that the first packet belongs to the first user comprises:
and the broadband access equipment determines that the first message belongs to the first user based on the source address of the first message.
5. The method according to any one of claims 2-4, further comprising:
and the broadband access equipment acquires the statistical information of the flow of the target service from the first user.
6. The method according to any of claims 2-5, wherein said broadband access device is a virtual broadband network gateway (vBNG) system, said vBNG system comprising a Control Plane (CP) device and a User Plane (UP) device, said CP device is configured to receive said SA policy sent by said AAA server, and said UP device is configured to perform the function of said SA foreground module.
7. The method of claim 6, further comprising:
the CP device sends the SA policy to the UP device through a control plane and user plane separation protocol CUSP.
8. The method of claim 1, wherein the broadband access device is a CP device in a vBNG system, and wherein the method further comprises:
and the CP equipment sends the SA strategy to SA foreground equipment, and the SA foreground equipment is used for processing the flow of the target service from the first user according to the SA strategy.
9. The method of claim 8, wherein the CP device sends the SA policy to an SA foreground device, comprising:
and the CP equipment sends the SA strategy to the SA foreground equipment through the CUSP.
10. The method according to claim 7 or 9, wherein the SA policy is carried in a type length value, TLV, field of the CUSP packet.
11. The method according to any of claims 1-10, wherein the SA policy includes a correspondence between an identifier of the target service and the processing manner, wherein the identifier of the target service includes at least one of: an application layer protocol identifier, an application layer protocol group identifier, a uniform resource locator, URL, identifier, or a URL group identifier.
12. The method as claimed in any one of claims 1-11, wherein the receiving, by the broadband access device, the authentication, authorization and accounting information and the service-aware SA policy sent by the authentication, authorization and accounting AAA server comprises:
and the broadband access equipment receives the authentication, authorization and accounting information and the SA strategy which are sent by the AAA server through a remote authentication dial-in user service (RADIUS) protocol.
13. The method as claimed in any one of claims 1-12, wherein the receiving, by the broadband access device, the authentication, authorization and accounting information and the service-aware SA policy sent by the authentication, authorization and accounting AAA server comprises:
and the broadband access equipment receives the authentication, authorization and accounting information and the SA policy which are sent by the AAA server through a Policy and Charging Rule Function (PCRF) protocol.
14. The method according to any of claims 1-13, wherein the processing of the traffic of the target service for the first user comprises at least one of the following processing of the traffic: bandwidth control, mirroring or redirection.
15. A flow management method is applied to an authentication, authorization and accounting (AAA) server, and comprises the following steps:
and the AAA server sends a service-aware SA policy to the target equipment, wherein the SA policy indicates a processing mode of the flow of the target service of the first user.
16. The method of claim 15, wherein the target device is a broadband access device, and wherein the method further comprises:
and the AAA server sends authentication and authorization accounting information to the broadband access equipment, wherein the authentication and authorization accounting information is used for the broadband access equipment to realize the access authentication process of the first user and the accounting process of the flow of the first user.
17. The method of claim 16, wherein the broadband access device comprises a control plane CP device in a virtual broadband network gateway, vBNG, system.
18. The method of claim 15, wherein the target device is an SA background device, the method further comprising:
and the AAA server sends authentication and authorization accounting information to broadband access equipment, wherein the authentication and authorization accounting information is used for realizing the access authentication process of the first user and the accounting process of the flow of the first user by the broadband access equipment.
19. The method of claim 16 or 18,
and the SA strategy and the authentication authorization accounting information are sent by a remote authentication dial-in user service (RADIUS) protocol.
20. The method of claim 16 or 18,
and the SA policy and the authentication authorization charging information are sent through a Policy and Charging Rule Function (PCRF) protocol.
21. The method according to any of claims 15-20, wherein the handling of the traffic for the target service of the first user comprises at least one of the following handling of the traffic: bandwidth control, mirroring or redirection.
22. A traffic management method is applied to a service-aware (SA) background device, and comprises the following steps:
and the SA background equipment receives an SA strategy sent by an authentication, authorization and accounting (AAA) server, wherein the SA strategy indicates a processing mode of the flow of the target service of the first user.
23. The method of claim 22, further comprising:
and the SA background equipment sends the SA strategy to SA foreground equipment.
24. The method of claim 23, wherein the SA background device sends the SA policy to an SA foreground device, comprising:
based on a request message sent by the SA foreground device, the SA background device sends the SA policy to the SA foreground device, wherein the request message includes a source address corresponding to the first user.
25. The method according to claim 23 or 24, wherein said SA background device is configured to perform the functions of a control plane CP module in a virtual broadband network gateway, vBNG, system, and said SA foreground device is configured to perform the functions of a user plane UP module in said vBNG system, and wherein said method further comprises:
and the SA background equipment receives authentication authorization accounting information sent by the AAA server, wherein the authentication authorization accounting information is used for realizing the access authentication process of the first user and the accounting process of the flow of the first user by the CP module and the UP module.
26. The method of claim 25, wherein the SA background device sends the SA policy to an SA foreground device, comprising:
and the SA background equipment sends the SA strategy to the SA foreground equipment through a control plane and user plane separation protocol CUSP.
27. The method of claim 25,
and the SA strategy and the authentication authorization accounting information are sent by a remote authentication dial-in user service (RADIUS) protocol.
28. The method of claim 25,
and the SA strategy and the authentication authorization charging information are sent through a Policy and Charging Rule Function (PCRF) protocol.
29. The method according to any of claims 22-28, wherein said handling of traffic for the target service of the first user comprises at least one of: bandwidth control, mirroring or redirection.
30. A traffic management device, comprising a memory and a processor; the memory has stored therein at least one instruction that is loaded and executed by the processor to cause the traffic management device to implement the traffic management method of any of claims 1-14.
31. A traffic management device, comprising a memory and a processor; the memory has stored therein at least one instruction that is loaded and executed by the processor to cause the traffic management device to implement the traffic management method of any of claims 15-21.
32. A traffic management device, comprising a memory and a processor; the memory has stored therein at least one instruction that is loaded and executed by the processor to cause the traffic management device to implement the traffic management method of any of claims 22-29.
33. A computer-readable storage medium having stored therein at least one instruction, which is loaded and executed by a processor, to cause a computer to implement the traffic management method according to any one of claims 1-29.
34. A computer program product comprising at least one instruction which is loaded and executed by a processor to cause a computer to implement a method of traffic management according to any of claims 1-29.
35. A broadband access system is characterized in that the system comprises a broadband access device, an authentication, authorization and accounting (AAA) server and a service-aware (SA) background device, wherein,
the AAA server is used for sending an SA strategy to the SA background equipment, wherein the SA strategy indicates a processing mode of the flow of the target service of the first user; and sending authentication authorization charging information to the broadband access equipment, wherein the authentication authorization charging information is used for the broadband access equipment to realize the access authentication process of the first user and the charging process of the flow of the first user.
36. The system of claim 35, wherein,
the SA background equipment is used for sending the SA strategy to the broadband access equipment;
the broadband access device is used for processing the flow of the target service from the first user according to the SA strategy.
37. A broadband access system, characterized in that the system comprises a broadband access device and an authentication, authorization and accounting, AAA, server, wherein,
the AAA server is used for sending authentication, authorization and accounting information and a service perception (SA) strategy to the broadband access equipment, wherein the SA strategy indicates a processing mode of the flow of a target service for a first user;
the broadband access equipment is used for realizing the access authentication process of the first user and the flow charging process of the first user according to the authentication authorization charging information; and processing the flow of the target service from the first user according to the SA strategy.
38. A broadband access system, characterized in that the system comprises a service-aware SA backend device and an authentication, authorization and accounting (AAA) server, wherein,
the AAA server is used for sending authentication, authorization and accounting information and an SA strategy to the SA background equipment, wherein the SA strategy indicates a processing mode of the flow of the target service of the first user;
the SA background device is configured to implement an access authentication process of the first user and a charging process of a traffic of the first user according to the authentication authorization charging information, and the SA background device is configured to execute a function of a control plane CP module in a virtual broadband network gateway vBNG system; and sending the SA strategy to SA foreground equipment, wherein the SA foreground equipment is used for executing the function of a user plane UP module in the vBNG system.
CN202111467664.5A 2021-07-31 2021-12-03 Traffic management method, device, equipment and computer readable storage medium Pending CN115701145A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2022/107616 WO2023011233A1 (en) 2021-07-31 2022-07-25 Traffic management method and apparatus, device, and computer-readable storage medium

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN2021108769430 2021-07-31
CN202110876943 2021-07-31

Publications (1)

Publication Number Publication Date
CN115701145A true CN115701145A (en) 2023-02-07

Family

ID=85120851

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111467664.5A Pending CN115701145A (en) 2021-07-31 2021-12-03 Traffic management method, device, equipment and computer readable storage medium

Country Status (2)

Country Link
CN (1) CN115701145A (en)
WO (1) WO2023011233A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116320088A (en) * 2023-03-03 2023-06-23 武汉麦丰创新网络科技有限公司 Method and device for realizing AAA forwarding

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100470071B1 (en) * 2002-12-23 2005-02-05 한국전자통신연구원 Apparatus of authentication server with combine information management for WLAN interworking system
CN100358326C (en) * 2004-06-04 2007-12-26 西安电子科技大学 Wide-band wireless IP network safety system structure and realizing method
US8351898B2 (en) * 2009-01-28 2013-01-08 Headwater Partners I Llc Verifiable device assisted service usage billing with integrated accounting, mediation accounting, and multi-account
CN105376071B (en) * 2014-08-15 2019-08-23 中国电信股份有限公司 Method, system and the PCRF with content charging are ensured to QoS after realization
US11323862B2 (en) * 2016-05-06 2022-05-03 Convida Wireless, Llc Traffic steering at the service layer
WO2018188082A1 (en) * 2017-04-14 2018-10-18 华为技术有限公司 Method, device, and system for implementing strategy control
DE102019107023A1 (en) * 2018-04-10 2019-10-10 Reliance Jio Infocomm Limited SYSTEM AND METHOD FOR CATEGORIZING AND ROUTING NETWORKS ASSOCIATED WITH USER DEVICES

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116320088A (en) * 2023-03-03 2023-06-23 武汉麦丰创新网络科技有限公司 Method and device for realizing AAA forwarding
CN116320088B (en) * 2023-03-03 2023-09-15 武汉麦丰创新网络科技有限公司 Method and device for realizing AAA forwarding

Also Published As

Publication number Publication date
WO2023011233A1 (en) 2023-02-09

Similar Documents

Publication Publication Date Title
US10230627B2 (en) Service path allocation method, router and service execution entity
EP2949109B1 (en) Methods, systems, and computer readable media for using a diameter routing agent (dra) to obtain mappings between mobile subscriber identification information and dynamically assigned internet protocol (ip) addresses and for making the mappings accessible to applications
US9356844B2 (en) Efficient application recognition in network traffic
CN102075537B (en) Method and system for realizing data transmission between virtual machines
CN108353022B (en) Data message processing method, device and system
US20180367431A1 (en) Heavy network flow detection method and software-defined networking switch
CN105357180B (en) Network system, the hold-up interception method of attack message, device and equipment
US10798609B2 (en) Methods, systems, and computer readable media for lock-free communications processing at a network node
US20220329609A1 (en) Network Security Protection Method and Protection Device
CN113452758A (en) Service access method and device
CN115701145A (en) Traffic management method, device, equipment and computer readable storage medium
CN111147468A (en) User access method, device, electronic equipment and storage medium
CN104883362A (en) Method and device for controlling abnormal access behaviors
CN106789671B (en) Service message forwarding method and device
CN113965367B (en) Policy object upper limit control method, system, computer and storage medium
CN114338809B (en) Access control method, device, electronic equipment and storage medium
CN116112572A (en) Service processing method, device, network equipment and storage medium
WO2022078330A1 (en) Domain name recursive query method and apparatus, and recursive server and dns system
WO2017219891A1 (en) Access control method and apparatus in service restriction
CN115412549A (en) Information configuration method and device and request processing method and device
CN116032763B (en) Processing method, system and gateway equipment of network service
JP2018038002A (en) Policy management system, policy management method, and policy management device
CN112804150A (en) Method and system for realizing distributed hierarchical routing forwarding table
CN116827837A (en) Method, apparatus, device and computer readable storage medium for detecting network performance
CN115396513A (en) Flow control method and device, storage medium and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination