CN1863201B - Method for inquiring client terminal to tactics condition executive result - Google Patents
Method for inquiring client terminal to tactics condition executive result Download PDFInfo
- Publication number
- CN1863201B CN1863201B CN2005101090824A CN200510109082A CN1863201B CN 1863201 B CN1863201 B CN 1863201B CN 2005101090824 A CN2005101090824 A CN 2005101090824A CN 200510109082 A CN200510109082 A CN 200510109082A CN 1863201 B CN1863201 B CN 1863201B
- Authority
- CN
- China
- Prior art keywords
- message
- pdp
- pep
- query
- query information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
The invention relates to a method for inquiring the policy condition executing conditions of a client end, and its kernel: first, PEP obtains inquiry information issued by PDP; then, according to the obtained inquiry information, it inquires corresponding policy executing conditions and returns the inquired results to the PDP. And the invention can not only implement the function that PDP inquires of PEP about policy executing conditions, but extend various inquiry conditions and corresponding inquiry results, thus more convenient to implement management of PDP on PEP.
Description
Technical field
The present invention relates to the communications field, relate in particular to the method for a kind of inquiring client terminal the policy condition implementation status.
Background technology
Public open policy service protocol (Common Open Policy Server, COPS) agreement, it is a kind of request-reply type agreement, it adopts client/server (Client/Server) model, usually general strategy is carried out point (Policy Enforcement Point, PEP) as Client, (Policy Decision Point is PDP) as Server for policy decision point.It is mainly used in exchanging policy information between strategic server (Server) and its a plurality of client computer (Client), and Policy Decision Point is separated with Policy Enforcement Point, finishes the dynamic authorization function of PDP to PEP.
Fig. 1 is a typical C OPS model schematic diagram, comprises PDP, PEP, local policy decision point (Local Policy Decision Point, LPDP) three kinds of COPS elements.
Wherein LPDP is optional, and under the default situation of LPDP, PEP is used for local decision-making, and the COPS agreement can not be used in the communication between PEP and the LPDP.Under the situation that LPDP keeps, PEP has the ability of carrying out local decision-making by LPDP, but PDP is final decision-making luminary.Be that PEP must the local decision information that all are relevant be transmitted to PDP by the LPDP decision object, PEP must observe the final decision that PDP makes according to these information.
PEP is used to be responsible for being established to the TCP connection of PDP, and by this connection to PDP send request, receive far-end PDP decision-making, report decision-making execution result, the change of circular solicited status, the deletion of useless state, for purposes such as charging and supervision, PEP should have the ability that reports local policy execution result (success or failure) in addition.PDP issues the decision-making that response PEP asks, initiatively distributing policy by this connection.
PDP utilizes the heartbeat probe message to guarantee to be connected with PEP.If connect and to break down, PEP must rebulid as possible with PDP between be connected or turn to backup PDP.Break if connect, PEP should use LPDP to carry out this locality decision-making.After connection rebulids, by PEP notice PDP since connection break the deleted state in back or pass through allow to enter control event.PDP can inquire about and need carry out all synchronous PEP internal states (all requests that have been mounted must be issued again).PEP also can lose the service disruption that causes with the PDP that continues to pass through before use decision-making minimizing because be connected by buffer memory in finite time.
The COPS object of COPS agreement by self-identifying transmits data necessary, can discern solicited status, sets up request contexts, the type of identification request, refresh mounted request, forwarding strategy, reporting errors, assurance message integrity, transmit client's customizing messages by these data.All comprise customer type information in each message, be used to distinguish different customer types, the customer type difference, the implication of the decision-making of its requirement and client's particular data is also different.Type of message in the COPS context object and request type field have identified the external event of trigger policy.
The simple synchronization flow chart of the prior art one relevant with the present invention as shown in Figure 2, its core is: by cooperating dynamically issuing of mechanism implementation strategy between PEP and the PDP, and the State Control between PEP and the PDP realizes simple query function.Implementation process is as follows:
Simultaneous operation is initiated by PDP, and purpose is the state consistency that guarantees that PDP and PEP installed.
PDP at first sends the simultaneous operation of SSQ message request to PEP;
After PEP receives SSQ message, will specify the request of sending of all states (Request, REQ) message of being installed under the Client Type for it, and receive the strategy (Decision that PDP issues, DEC) message is responded status report (Report State, RPT) message; After all states are all finished synchronously, PEP will send SSC message, show that simultaneous operation finishes.
The core of the prior art two relevant with the present invention is: identify the solicited status of the PEP of particular customer type by specifying Client Handle (handle object) in the SSQ message that issues at PDP, PEP carries out state synchronized for the state of specifying Client Handle sends REQ message then.Implementation process is as follows:
Simultaneous operation is initiated by PDP, and purpose is the state consistency that guarantees that PDP and PEP installed.
PDP at first sends the simultaneous operation of SSQ message request to PEP, and specifies handle object (Client Handle) in the described SSQ message, is used for identifying the solicited status of the PEP of particular customer type, and this solicited status is initiated by PEP, and is installed by PDP.The action scope of described handle object is the particular customer type under a TCP connects.Most of COPS operations all need to indicate this handle object as request, decision, report, delete.The handle object is selected by PEP, is opaque to PDP, and PDP only carries out a simple binary system relatively with Handle value in the handle object of receiving and present mounted Handle value.After described Client Handle does not re-use, must be by the explicit deletion of PEP.
After PEP received SSQ message, for the state of specifying Client Handle sends REQ message, when this state synchronized was finished, PEP sent SSC message and shows that simultaneous operation finishes.
By above-mentioned prior art as can be seen, prior art is owing to only be described issuing with protection mechanism of strategy, and do not have a kind of mechanism to inquire about the actual implementation status of PDP distributing policy, so has following defective:
1, can only guarantee PDP correct to the PEP policy distribution, but have no idea to know the execution result of PEP distributing policy.
Though 2 agreements provide a kind of simple synchronization function that realizes synchronously by Client Handle, but whether the Client Handle that also only can inquire about PDP and PEP correspondence is consistent, and can't mate the tactful content of inquiring about concrete execution by multiple condition, so that compare with strategic server, effectively monitor.
Summary of the invention
The purpose of this invention is to provide the method for a kind of inquiring client terminal to the policy condition implementation status, by the present invention, not only can finish PDP to PEP query strategy implementation status function, and can expand multiple querying condition and corresponding Query Result, thereby realize the management of PDP more easily to PEP.
The objective of the invention is to be achieved through the following technical solutions:
The invention provides the method for a kind of inquiring client terminal to the policy condition execution result, it comprises:
The Query Information that A, Policy Enforcement Point PEP acquisition strategy decision point PDP are handed down to; Wherein, described Query Information comprises the different querying conditions that are provided with according to different query demand, and the combination of the different querying conditions that are provided with according to different query demands;
The described Query Information that B, basis are obtained is inquired about corresponding strategy execution situation, and Query Result is responded to PDP.
Wherein, described steps A specifically comprises:
A1, when PDP issues the SSQ synchronization request message, in described message, carry the Query Information that needs;
A2, described PEP receive described SSQ synchronization request message, and obtain corresponding Query Information in described message.
Wherein, described steps A specifically comprises:
A3, when PDP gives PEP by DEC message distributing policy, in described message, carry the Query Information that needs;
A4, described PEP receive described DEC synchronization request message, and obtain corresponding Query Information in described message.
Wherein, among steps A 1 or the A3, the process of carrying the Query Information that needs in described message specifically comprises:
Carry the Query Information that needs by the handle object that in described message, is provided with;
Or,
Carry the Query Information that needs by the self-defined information object that in described message, is provided with.
Wherein, described step B specifically comprises:
B1, described PEP inquire about corresponding strategy execution situation according to the described Query Information that obtains, and Query Result is fed back to PDP by the REQ response message.
Wherein, described step B specifically comprises:
B2, described PEP inquire about corresponding strategy execution situation according to the described Query Information that obtains, and Query Result is fed back to PDP by the RPT response message.
Wherein, before described steps A, also comprise:
C, set up being connected between PEP and PDP.
Wherein, described step C specifically comprises:
C1, PEP send to connect to PDP and set up request message; Carry the connection type sign in the described message;
C2, when PDP supports described connection type sign, return to PEP connection message accepted in the response of OPN message.
As seen from the above technical solution provided by the invention, the present invention at first PEP obtain the Query Information that PDP is handed down to; Inquire about corresponding strategy execution situation according to the described Query Information that obtains then, and Query Result is responded to PDP.By the present invention, not only can finish PDP to PEP query strategy implementation status function, and can expand multiple querying condition and corresponding Query Result, thereby realize the management of PDP more easily PEP.
Description of drawings
Fig. 1 is the schematic diagram of COPS model;
The flow chart of Fig. 2 for carrying out simultaneous operation in the prior art one;
The policy distribution among first embodiment that provides among the present invention and the flow chart of policy lookup are provided Fig. 3;
Fig. 4 is the flow chart of second embodiment provided by the invention.
Embodiment
The invention provides the method for a kind of inquiring client terminal to the policy condition implementation status, its core is: at first PEP obtains the Query Information that PDP is handed down to; Inquire about corresponding strategy execution situation according to the described Query Information that obtains then, and Query Result is responded to PDP.
The present invention finishes PDP to PEP query strategy implementation status function by reasonable utilization and expansion COPS agreement under the framework of existing COPS agreement.
First embodiment provided by the invention sets up TCP to connect later policy distribution and policy lookup flow process between PEP and PDP, as shown in Figure 3, comprising:
The main effect of this OPN message is to indicate PEP ID to the sign of a PDP connection type of explanation (Client Type).Also may the last time of the PDP that connects of Client Type for this reason be described to PDP, and the detail information of Client.
Step 2, PDP to PEP return to the response of OPN message accept to connect (Client-Accept, CAT) or close connection (Client-Close, CC) message.
If PDP supports this Client Type then sends out CAT message, and can return a maximum time interval that is used for the KA message of maintenance link.
If mistake has taken place the CAT form that this returns, PEP must return a CC message so, and reason points out faults.
If PDP does not support the Client Type that receives on the other hand, then beam back a CC message and give PEP.
Through after the above-mentioned steps, when PEP receives CAT message, just know between PDP and the PEP to have set up with CAT message to be connected by mutual OPN message.Connect by this, can carry out following information interaction between PDP and the PEP:
Step 3, PEP send REQ message request strategy to PDP, in this REQ message with on the decision-making needed PEP relevant information, give PDP as information bands such as equipment interface and role's mapping table, interface capabilities, simultaneously with the label of last this REQ of unique identification, i.e. handle object (clienthandle).
Step 4, PDP after receiving REQ, by DEC message to the PEP distributing policy.And query requests information is encapsulated in the DEC message.
Described Query Information comprises the different querying condition that is provided with according to different query demand, and the combination of the different querying condition that is provided with according to different query demands.
The present invention is by the handle object that carries in the DEC message or use customized information (ClientSpecific Information, ClientSI) object are encapsulated into query requests information in the DEC message.
When carrying Query Information by the handle object, PDP obtains the handle object from the REQ message that receives, and will need information inquiring to be arranged in the described handle object, then with described handle object encapsulation in the DEC message.
When carrying Query Information by the self-defined information object, the user ClientSI object of use is used for the extending user Custom Attributes.Increase the condition query function by in ClientSI, adding a self-defining query object.
Because the very strong agreement of this expandability of cops, the object structure in the ClientSI have a lot of variations, only illustrate a kind of first method below, when the present invention is not limited to the method definition query object.
Be exemplified below:
Query object can use the definition of 4 bytes, preceding two bytes definition object type, and latter two byte definition querying condition, as follows:
For example: type=0xFF01;
Conditional compilation is as follows:
0x1: the All Policies numbering of inquiring user; 0x2: the content of query strategy.
Step 5, PEP return RPT message to PDP after executing DEC message, reporting strategy successful installation or failure all will send a RPT message for each DEC message.And described inquiry response results messages is encapsulated in the described RPT message.
The inquiry response results messages is encapsulated in the RPT message, uses self-defined information (Client SpecificInformation, ClientSI) object encapsulation.Described ClientSI object at first comprises the condition query object of last figure.The mode of type of service, length, content is organized Query Result afterwards, according to the difference of querying condition, can comprise a plurality of query objects.
For example, query object as follows:
Step 6, after PEP receives CAT, begin connect to keep that (Keep-Alive, KA) message is mutual, the validity that connects with checking TCP.
Step 7, as PEP because when needing to cancel customized professional under the various normal or abnormal conditions, (Delete Request State, DRQ) message are carried out a series of professional cancellation operations after PDP receives just to send professional cancellation request to PDP; The back dismounting COPS that disposes connects.
Second embodiment provided by the invention is by the synchronous flow process of expansion COPS, realizes simple condition query, and querying condition is realized by expansion handle object (handle).As shown in Figure 4, comprising:
At first set up being connected between PDP and the PEP, detailed process is as follows:
Step 2, PDP return and give PEP to the response CAT message of OPN message, when PEP receives described CAT message, just can know and set up being connected between PDP and the PEP.
After PDP and PEP connected, the SSQ message of sending to PEP by PDP was carried Query Information and is carried out corresponding query manipulation.Specific as follows:
Step 3, PDP at first send the simultaneous operation of SSQ message request to PEP, and carry the Query Information that needs in described SSQ message.
Described Query Information comprises the different querying condition that is provided with according to different query demand, and the combination of the different querying condition that is provided with according to different query demands.
(ClientSpecific Information, ClientSI) object are encapsulated into Query Information in the SSQ message packet by specifying the handle object or use customized information in SSQ message in the present invention.
When carrying Query Information by the handle object, PDP specifies the handle object in SSQ message, and will need information inquiring to be arranged in the described handle object, then with described handle object encapsulation in the DEC message.
When carrying Query Information by the self-defined information object, the user ClientSI object of use is used for the extending user Custom Attributes.Increase the condition query function by in ClientSI, adding a self-defining query object.Specific implementation can be referring to the associated description in the foregoing description.
After step 4, PEP receive SSQ message,, and in described REQ message, carry the inquiry response object information for the state of specifying Client Handle sends REQ message.
By the embodiment of the invention described above as can be seen, the present invention has following beneficial effect:
By expansion COPS agreement, provide PDP to PEP policy lookup function simply and easily, can expand multiple querying condition and corresponding Query Result, convenient realization PDP is to the management of PEP.
The above; only for the preferable embodiment of the present invention, but protection scope of the present invention is not limited thereto, and anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; the variation that can expect easily or replacement all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claim.
Claims (8)
1. an inquiring client terminal is characterized in that the method for policy condition execution result, comprising:
The Query Information that A, Policy Enforcement Point PEP acquisition strategy decision point PDP are handed down to; Wherein, described Query Information comprises the different querying conditions that are provided with according to different query demand, and the combination of the different querying conditions that are provided with according to different query demands;
The described Query Information that B, basis are obtained is inquired about corresponding strategy execution situation, and Query Result is responded to PDP.
2. method according to claim 1 is characterized in that, described steps A specifically comprises:
A1, when PDP issues synchronization request message SSQ, in described message, carry the Query Information that needs;
A2, described PEP receive described synchronization request message SSQ, and obtain corresponding Query Information in described message.
3. method according to claim 1 is characterized in that, described steps A specifically comprises:
A3, when PDP gives PEP by tactful DEC message distributing policy, in described message, carry the Query Information that needs;
A4, described PEP receive described DEC message, and obtain corresponding Query Information in described message.
4. according to claim 2 or 3 described methods, it is characterized in that among steps A 1 or the A3, the process of carrying the Query Information that needs in described message specifically comprises:
Carry the Query Information that needs by the handle object that in described message, is provided with;
Or,
Carry the Query Information that needs by the self-defined information object that in described message, is provided with.
5. method according to claim 1 is characterized in that, described step B specifically comprises:
B1, described PEP inquire about corresponding strategy execution situation according to the described Query Information that obtains, and Query Result is fed back to PDP by request REQ response message.
6. method according to claim 1 is characterized in that, described step B specifically comprises:
B2, described PEP inquire about corresponding strategy execution situation according to the described Query Information that obtains, and Query Result is fed back to PDP by status report RPT response message.
7. method according to claim 1 is characterized in that, also comprises before described steps A:
C, set up being connected between PEP and PDP.
8. method according to claim 7 is characterized in that, described step C specifically comprises:
C1, PEP send to connect to PDP and set up request OPN message; Carry the connection type sign in the described message;
C2, when PDP supports described connection type sign, return to PEP connection message accepted in the response of described OPN message.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2005101090824A CN1863201B (en) | 2005-10-17 | 2005-10-17 | Method for inquiring client terminal to tactics condition executive result |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2005101090824A CN1863201B (en) | 2005-10-17 | 2005-10-17 | Method for inquiring client terminal to tactics condition executive result |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1863201A CN1863201A (en) | 2006-11-15 |
| CN1863201B true CN1863201B (en) | 2010-12-08 |
Family
ID=37390528
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2005101090824A Expired - Fee Related CN1863201B (en) | 2005-10-17 | 2005-10-17 | Method for inquiring client terminal to tactics condition executive result |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1863201B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101355807B (en) * | 2008-08-20 | 2016-08-03 | 中兴通讯股份有限公司 | A kind of feedback method during failure of policy installation |
| CN101355808B (en) | 2008-08-20 | 2013-01-16 | 中兴通讯股份有限公司 | Method for reporting failure of policy installation |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1394036A (en) * | 2001-06-21 | 2003-01-29 | 华为技术有限公司 | Network management system based on strategy |
| CN1714536A (en) * | 2002-11-01 | 2005-12-28 | 艾利森电话股份有限公司 | A method and system for policy-based control in a distributed network |
-
2005
- 2005-10-17 CN CN2005101090824A patent/CN1863201B/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1394036A (en) * | 2001-06-21 | 2003-01-29 | 华为技术有限公司 | Network management system based on strategy |
| CN1714536A (en) * | 2002-11-01 | 2005-12-28 | 艾利森电话股份有限公司 | A method and system for policy-based control in a distributed network |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1863201A (en) | 2006-11-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1897497B (en) | Expand operation managing maintenance-ability discovery in Ethernet non-light source network | |
| WO2008020721A1 (en) | Element management system in wireless communication network | |
| CN111416865B (en) | Protocol proxy processing method and system based on mimicry defense | |
| CN110138876B (en) | Task deployment method, device, equipment and platform | |
| CN100479367C (en) | Program arranging method and system based on distributing network | |
| CN104506372B (en) | A kind of method and system for realizing active/standby server switching | |
| CN101488890B (en) | Method and system for network attack test | |
| CN103024065A (en) | System configuration management method for cloud storage system | |
| CN110445697B (en) | Video big data cloud platform equipment access service method | |
| CN102025574B (en) | Cable modem termination system and method | |
| CN100563263C (en) | In network storage service, realize the method and system of system high-available | |
| CN102710452B (en) | Method and device for managing visit of multiple clients | |
| CN107911764B (en) | Method for accelerating business management of intensive EPON ONU | |
| JP2002268825A (en) | System for controlling storage management data | |
| CN1863201B (en) | Method for inquiring client terminal to tactics condition executive result | |
| US6868428B2 (en) | Method and system of synchronizing databases of a plurality of monitoring devices | |
| CN106850268B (en) | device and method for realizing linear protection switching | |
| CN101404594B (en) | Hot backup performance test method and apparatus, communication equipment | |
| CN112214377B (en) | Equipment management method and system | |
| CN110417876A (en) | Node server and main control device in session method, distributed system | |
| CN113824594A (en) | Message sending method and equipment | |
| CN108011870B (en) | A kind of remote software online upgrading information automatic identification management method | |
| JP2005237018A (en) | Data transmission to network management system | |
| CN101212346A (en) | Software version management method and device for network element management system | |
| CN113055723A (en) | Version debugging and upgrading method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20101208 Termination date: 20191017 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |