KR20170084618A - Network apparatus for controlling traffic with usage pattern of user and method thereof - Google Patents

Network apparatus for controlling traffic with usage pattern of user and method thereof Download PDF

Info

Publication number
KR20170084618A
KR20170084618A KR1020160003872A KR20160003872A KR20170084618A KR 20170084618 A KR20170084618 A KR 20170084618A KR 1020160003872 A KR1020160003872 A KR 1020160003872A KR 20160003872 A KR20160003872 A KR 20160003872A KR 20170084618 A KR20170084618 A KR 20170084618A
Authority
KR
South Korea
Prior art keywords
user
traffic
usage pattern
pattern
network device
Prior art date
Application number
KR1020160003872A
Other languages
Korean (ko)
Inventor
김학서
김영민
박혜숙
이연희
Original Assignee
한국전자통신연구원
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 한국전자통신연구원 filed Critical 한국전자통신연구원
Priority to KR1020160003872A priority Critical patent/KR20170084618A/en
Publication of KR20170084618A publication Critical patent/KR20170084618A/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/16Threshold monitoring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Technology Law (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A network device and a traffic control method for traffic control reflecting a usage pattern of a user are disclosed. A network device according to an embodiment includes a transmitting and receiving unit for transmitting and receiving a packet, a memory for storing a usage pattern of a user, a traffic control policy according to a usage pattern of a user and a usage pattern, And collects traffic information corresponding to the user pattern, and processes the traffic according to the set control policy when the collected traffic matches the set usage pattern.

Description

BACKGROUND OF THE INVENTION Field of the Invention [0001] The present invention relates to a network apparatus and a traffic control method,

The present invention relates to network technology, and more particularly, to network management and service technology.

A network device such as a router or a wired / wireless router is used to connect to the Internet through a user terminal at a company or a home. These devices support user control policies and can block or transmit user traffic by a control policy defined as 5-tuple. For example, the network device can set a control policy such as an access control list (ACL), which is a source IP address, a destination IP address, a protocol number, a TCP / UDP source port number, a TCP / UDP destination port number or the like to transmit or block user traffic.

However, the policy set in the network device is fixed by the administrator in advance, and once applied, the traffic of the user matching the condition is blocked unconditionally. If it is necessary to transmit the traffic of the corresponding user by necessity, it is difficult to efficiently use because it is necessary to delete the set control policy and transmit the traffic again after the set control policy is transmitted.

According to an embodiment, a network device and a traffic control method capable of controlling user traffic by considering a usage pattern of a user when the user terminal accesses the Internet network are proposed.

A network device according to an embodiment includes a transmitting and receiving unit for transmitting and receiving a packet, a memory for storing a usage pattern of a user, a traffic control policy according to a usage pattern of a user and a usage pattern, And collects traffic information corresponding to the user pattern, and processes the traffic according to the set control policy when the collected traffic matches the set usage pattern.

According to one embodiment, since the user terminal can control by considering the usage pattern when connecting to the network, it provides more flexibility than the 5-tuple ACL type control. In addition, it is possible to customize traffic control according to the entire usage pattern of individual users, a specific service usage pattern of individual users, and a specific service usage pattern of various users.

For example, using a network device having such a function in the home can prevent children from excessively connecting to a specific game, service, or the like.

1 is a configuration diagram of a network system to which the present invention is applied;
2 is a reference diagram showing an example of a usage pattern set in a network device according to an embodiment of the present invention;
3 is a configuration diagram of a network device according to an embodiment of the present invention;
4 is a flowchart illustrating a traffic control method according to an embodiment of the present invention.

Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings. In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear. In addition, the terms described below are defined in consideration of the functions of the present invention, which may vary depending on the intention of the user, the operator, or the like. Therefore, the definition should be based on the contents throughout this specification.

The present invention preliminarily sets a usage pattern defined by an administrator in a network device, selects only a user or a service that meets a predetermined usage pattern condition, and effectively controls only selected traffic. For example, rather than performing traffic control by setting a 5-tuple-based control policy fixedly on a network device used when a user terminal accesses the network, And performs a control policy only on the traffic of the user conforming to the set usage pattern condition. At this time, the user pattern can be set as a whole or individually, such as a total usage pattern of individual users, a specific service usage pattern of individual users, and a specific service usage pattern of various users. Hereinafter, a user traffic control technique considering a user pattern will be described in detail with reference to the following drawings.

1 is a configuration diagram of a network system to which the present invention is applied.

Referring to FIG. 1, a user terminal 101 accesses the Internet 103 through a network device 102 and accesses a desired server 104 after a connection. At this time, a control policy for the user terminal 101 can be set in the network device 102. The control policy set in this manner generally sets a policy based on 5-tuple information including a source IP address and the like, and is applied to the network device 102. After the control policy is applied, all traffic is controlled by the control policy, and the control policy must be deleted in order to change it.

Blocking traffic based on preset control policies is very simple, but can lead to inconvenience to efficient use of network and user management method. In order to solve this problem, the present invention defines a usage pattern of a user and controls only traffic matching the condition.

2 is a reference diagram showing an example of a usage pattern set in a network device according to an embodiment of the present invention.

Referring to FIG. 1 and FIG. 2, various usage patterns can be set in the network device 102. For example, traffic from a plurality of user terminals collectively collects traffic of a specific destination address exiting through the network device 102, and may block all traffic thereafter when traffic is transmitted above a threshold X set.

As another example, when a single user sends and receives traffic to multiple services or destination addresses, the general case allows traffic to be forwarded and blocks traffic when it is at a certain time (from several hours to several hours). This usage pattern is defined by the administrator and can efficiently control the use of the user's network. Various user patterns can be defined by combining the source IP address, destination IP address, protocol, and time as well as the above-described usage pattern. In addition, by setting the time at which the control policy is applied, the control policy is controlled only within the application time, thereby enabling more flexible user traffic control.

3 is a block diagram of a network device according to an embodiment of the present invention.

3, the network device 102 includes a transceiver 1020, a processor 1022, and a memory 1024. In FIG. 3, the memory 1024 is included in the network device 102, but may be physically separate from the network device 102.

The transmission / reception unit 1020 transmits and receives a packet. In the memory 1024, a preset user pattern is stored. An example of the user pattern is as described above with reference to FIG.

The processor 1022 classifies the transmission / reception packet according to the user pattern, confirms the user pattern, and confirms the policy according to the user pattern. And controls packets conforming to the user pattern. An example of packet control is blocking or transmitting a packet.

Processor 1022 predefines usage patterns and stores them in memory 1024, classifies packets according to usage patterns, and verifies usage patterns and policies. The usage pattern can be defined by the administrator. The processor 1022 classifies received packets based on the defined usage patterns and collects traffic information that matches the usage patterns. At this time, if the collected traffic information matches the usage pattern, the control policy is executed.

4 is a flowchart illustrating a traffic control method according to an embodiment of the present invention.

Referring to FIG. 4, when the network device receives (401) a packet, it classifies the received packet according to the usage pattern, analyzes the set usage pattern, and collects traffic information matching the usage pattern (402). Then, it is checked whether the condition of the control policy is satisfied based on the collected information according to the usage pattern. If the condition is matched (404), packet control according to the control policy is performed (405) Processing is performed (406). In addition, packets that are not registered as usage patterns or packets that do not match control conditions perform normal packet processing according to the conventional method.

As described above, it is possible to define a usage pattern of a user rather than a fixed type of control such as an ACL type to a network device used by a user terminal to access the network, to collect traffic information according to a usage pattern, It can be more flexibly applied to individual control of a user, control of a specific service of a user, and use of a specific service of a user. In addition, since the control policy duration can be set, once set control policy is released over time, user traffic can be transmitted.

The embodiments of the present invention have been described above. It will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims. Therefore, the disclosed embodiments should be considered in an illustrative rather than a restrictive sense. The scope of the present invention is defined by the appended claims rather than by the foregoing description, and all differences within the scope of equivalents thereof should be construed as being included in the present invention.

101: user terminal 102: network device
103: Internet network 104: Server
1020: Transmitting / receiving unit 1022: Processor
1024: Memory

Claims (1)

A transmitting and receiving unit for transmitting and receiving a packet;
A memory for storing a usage pattern of a user; And
A traffic control policy according to a usage pattern and a usage pattern of a user is set and stored in the memory, the packets transmitted and received through the transceiver are classified according to usage patterns, the traffic information matching the user pattern is collected, A processor that processes the traffic according to the set control policy if the pattern is met;
Lt; RTI ID = 0.0 > 1, < / RTI >
KR1020160003872A 2016-01-12 2016-01-12 Network apparatus for controlling traffic with usage pattern of user and method thereof KR20170084618A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020160003872A KR20170084618A (en) 2016-01-12 2016-01-12 Network apparatus for controlling traffic with usage pattern of user and method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020160003872A KR20170084618A (en) 2016-01-12 2016-01-12 Network apparatus for controlling traffic with usage pattern of user and method thereof

Publications (1)

Publication Number Publication Date
KR20170084618A true KR20170084618A (en) 2017-07-20

Family

ID=59443590

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020160003872A KR20170084618A (en) 2016-01-12 2016-01-12 Network apparatus for controlling traffic with usage pattern of user and method thereof

Country Status (1)

Country Link
KR (1) KR20170084618A (en)

Similar Documents

Publication Publication Date Title
US11218488B2 (en) Access enforcement at a wireless access point
US10212160B2 (en) Preserving an authentication state by maintaining a virtual local area network (VLAN) association
KR101029954B1 (en) Providing quality of service for various traffic flows in a communications environment
US9276852B2 (en) Communication system, forwarding node, received packet process method, and program
JP5862577B2 (en) COMMUNICATION SYSTEM, CONTROL DEVICE, POLICY MANAGEMENT DEVICE, COMMUNICATION METHOD, AND PROGRAM
US8966075B1 (en) Accessing a policy server from multiple layer two networks
WO2012160809A1 (en) Communication system, control device, communication method, and program
CN108512885A (en) Network packet to being identified as message queue telemetering transmission packet executes specific action
US20160036514A1 (en) Communication terminal, communication control apparatus, communication system, communication control method, and program
EP3982600A1 (en) Qos policy method, device, and computing device for service configuration
CN1996939A (en) Method for message access control, forwarding engine and communication device
US20130028176A1 (en) Wireless transmission of data packets based on client associations
CN104160735B (en) Send out message processing method, transponder, message processor, message handling system
US20130275620A1 (en) Communication system, control apparatus, communication method, and program
CN105052177B (en) Radio Network System, terminal management apparatus, relay apparatus and communication means
KR101712168B1 (en) Method for controling packet-in message, switch and controller thereof
CN106411852B (en) Distributed terminal access control method and device
CN104081801A (en) Intelligent edge device
US20160352686A1 (en) Transmitting network traffic in accordance with network traffic rules
KR20170084618A (en) Network apparatus for controlling traffic with usage pattern of user and method thereof
CN113853776B (en) Method, system and computer readable medium for network architecture
EP2204953A1 (en) Method, apparatus and system for realizing dynamic correlation of control plane traffic rate
US20170019845A1 (en) Communication terminal, communication method, and program-containing storage medium
KR101328735B1 (en) Apparatus and method for connection cotrol in wireless network environment
JP2017059868A (en) Address management device and communication system