TW202220413A - Time management system based on software defined network and method thereof - Google Patents

Time management system based on software defined network and method thereof Download PDF

Info

Publication number
TW202220413A
TW202220413A TW109139528A TW109139528A TW202220413A TW 202220413 A TW202220413 A TW 202220413A TW 109139528 A TW109139528 A TW 109139528A TW 109139528 A TW109139528 A TW 109139528A TW 202220413 A TW202220413 A TW 202220413A
Authority
TW
Taiwan
Prior art keywords
network
time
service
terminal device
connection
Prior art date
Application number
TW109139528A
Other languages
Chinese (zh)
Other versions
TWI730925B (en
Inventor
朱煜煌
張哲瑋
鄭凱懋
李明峰
劉景豊
Original Assignee
中華電信股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中華電信股份有限公司 filed Critical 中華電信股份有限公司
Priority to TW109139528A priority Critical patent/TWI730925B/en
Application granted granted Critical
Publication of TWI730925B publication Critical patent/TWI730925B/en
Publication of TW202220413A publication Critical patent/TW202220413A/en

Links

Images

Abstract

The present invention is a time management system based on a software-defined network and method thereof. A network controller predefines the time range of network access in a service and defines information of legal terminal equipment through a network controller, thereby the network controller controls the network access time of legal terminal equipment. The network controller also provides network access that can be combined with an external authentication mechanism outside of the control time, so as to meet the demand for network access in non-time control. In the present invention, the network controller is used to control the rules on the network switch to limit the network access time of legal terminal equipment, it can be effectively limit the network access time and management control mechanism of legal terminal equipment, and combine the authentication mechanism to increase network security in the control domain.

Description

基於軟體定義網路之網路時間管理系統及其方法 Network time management system and method based on software-defined network

本發明係關於網路時間管理之技術,尤指一種基於軟體定義網路之網路時間管理系統及其方法。 The present invention relates to the technology of network time management, in particular to a network time management system and method based on software defined network.

當談及網路安全管控的時候,以現在複雜的資訊安全環境來說,往往已經難以定義網路安全所包含的面向,但是從技術面來看,網路時間管理是目前最直接的網路安全管理方法之一。對企業而言,普遍的威脅來自於使用者連線網路可能帶來的木馬或惡意程式,另一個則是使用者自行帶入的設備,造成同樣的病毒威脅,然而不論哪一種情況,如果能對設備的網路使用導入時間管控,將可降低企業內網的威脅。 When it comes to network security management and control, in the current complex information security environment, it is often difficult to define the aspects of network security, but from a technical point of view, network time management is the most direct network One of the safety management methods. For enterprises, the common threat comes from Trojan horses or malicious programs that may be brought by the user's connection to the network, and the other is the device brought in by the user, causing the same virus threat. However, in either case, if Being able to control the import time of the network usage of the device will reduce the threat of the enterprise intranet.

在一現有技術中,台灣專利第I353137號「網路連線時間管理方法及其系統」之專利揭示,當客戶端要求取得連線時,依照客戶端的身份資料抓取預設的限制上網時段,並就目前要求連線的時間比對預先儲存時間管理的連線限制時段,確認目前是否落入於限制時段中,若是,即限制客戶端上網,反之,則令客戶進行一般上網,之後,再週期性地監控連線中的客戶端的連線時間是否已達或超過限制時段,再自動決定限制或開放上網。該案的時間管理機制分為三 種:立即限制、立即上網以及時間設定,然而此機制是搭配網際網路服務供應商(ISP)的帳號來進行管理,相較於企業網路是乙太網路隨插即用(Ethernet Plug-n-Play)特性,此時間管理機制無法應用於企業區域網路;另外,此機制的管控網路方式是將「目的」IP位址屬於要禁止上網的用戶封包丟棄,達到無法使用網路目的,然而此方式無法第一時間就將「來源」IP位址屬於要禁止上網的用戶封包丟棄,造成網路中存在許多無效「來源」IP位址封包,占用網路頻寬資源。 In a prior art, Taiwan Patent No. I353137 "Network Connection Time Management Method and System" discloses that when a client requests to obtain a connection, it captures a preset restricted time period according to the client's identity data, And compare the connection time limit stored in the pre-stored time management with the current time required for connection, and confirm whether it is currently within the limit time period. If so, the client will be restricted from accessing the Internet. Periodically monitor whether the connection time of the connected client has reached or exceeded the limit period, and then automatically decides to limit or open the Internet. The time management mechanism of the case is divided into three Types: Immediate Restriction, Immediate Internet Access, and Time Setting. However, this mechanism is managed with an Internet Service Provider (ISP) account. Compared with an enterprise network, it is an Ethernet Plug-and-Play n-Play) feature, this time management mechanism cannot be applied to the corporate LAN; in addition, the network management method of this mechanism is to discard the "destination" IP address belonging to the user whose Internet access is to be banned, so as to achieve the purpose of not being able to use the network. However, this method cannot immediately discard the "source" IP address belonging to the user whose Internet access is to be prohibited, resulting in many invalid "source" IP address packets on the network, occupying network bandwidth resources.

對於行動終端的時間管控,另一現有技術提出「移動終端上網時間的管控方法」專利(CN103825898A),其中,由管理者在服務平台開立用戶帳號和密碼,並基於該用戶帳號設定上網時間和管控策略,包括允許上網的時段和允許上網的時間訊息,而在被管控的移動終端上需要安裝上網時間管控的應用程式,需輸入用戶帳號和密碼與服務平台進行身份認證,若身份合法,則啟動應用讓該行動終端可使用網路,該應用實時判斷移動終端的上網時間已屆滿,若是,則控制移動終端的上網功能處於休眠狀態,惟,上述方式必須在終端上安裝軟體,當管控的終端數量龐大或是異動頻繁,安裝軟體工作變得繁複與管理不易,而且容易造成使用者不便。 For the time management and control of mobile terminals, another prior art proposes a patent (CN103825898A) for "Controlling and Controlling Internet Time of Mobile Terminals", in which the administrator opens a user account and password on the service platform, and sets the Internet time and password based on the user account. The management and control strategy includes the time period and the time information of the time allowed to surf the Internet. On the mobile terminal under control, it is necessary to install an application for Internet time control, and it is necessary to enter the user account and password for identity authentication with the service platform. If the identity is legal, then Start the application so that the mobile terminal can use the network. The application determines in real time that the Internet access time of the mobile terminal has expired. If so, it controls the Internet access function of the mobile terminal to be in a dormant state. However, in the above method, software must be installed on the terminal. With a large number of terminals or frequent changes, the installation of software becomes complicated and management is not easy, and it is easy to cause inconvenience to users.

在又一現有技術中,台灣專利第I259371號「時間管理系統及方法」專利,係採用時間方式管制資訊設備之使用時間,藉以提高資訊設備之保密性,該系統包含一個安全驗證模組、一個設定管理模組及一個控制執行模組,其方法是在資訊設備內部建立一使用時間設置程式,以供具有使用權限之管理人員得以透過該設置程式設定資訊設備之使用時間,讓資訊設備可依據該設定時間判別開放權限,以於超出該設定之使用時間範圍時即自動關機,藉此達到限定資訊設備使用時間及防止內部存放資料輕易為人窺知的功效。然而上述時間管理方 式仍是在資訊設備上安裝軟體,同樣會面臨需要變更使用者端設備才可以進行時間管理,加上如果想要變更時間設定,並無統一管理機制,而必須逐台登入進行設定,使用上會非常不便。 In yet another prior art, Taiwan Patent No. I259371 "Time Management System and Method" uses a time method to control the use time of information equipment to improve the confidentiality of information equipment. The system includes a security verification module, a Setting the management module and a control execution module, the method is to establish a usage time setting program in the information equipment, so that the management personnel with the usage authority can set the usage time of the information equipment through the setting program, so that the information equipment can be based on the The set time determines the open authority, so that it will automatically shut down when the set use time range is exceeded, thereby achieving the effect of limiting the use time of the information equipment and preventing the data stored inside from being easily seen by others. However, the above-mentioned time management The method is still to install the software on the information device, and it is also necessary to change the user-end device before time management can be performed. In addition, if you want to change the time setting, there is no unified management mechanism, and you must log in to set the settings one by one. It will be very inconvenient.

有鑑於此,如何提供一種網路時間管理之技術,若能從來源的設備IP位址就進行管控,也能避免網路上有許多無效封包而影響網路,特別的是,不需要在用戶設備端安裝任何軟體,即可達到網路管理目的,此將成為目前本技術領域人員努力追求之目標。 In view of this, how to provide a network time management technology, if it can be controlled from the source device IP address, it can also avoid many invalid packets on the network and affect the network, especially, it does not need to be in the user equipment. The purpose of network management can be achieved by installing any software on the terminal, which will become the goal that those in the technical field are striving to pursue.

為解決上述現有技術之問題,本發明提出一種基於軟體定義網路之網路時間管理方法,係包括:於網路控制器中創立子網路、設定網路服務閘道器以及設定連網時間和超時連網服務之資訊;於終端設備與該網路控制器連線時,令該網路控制器依據該子網路之資訊對該終端設備進行開通,以及將網路傳送規則設定至網路交換器中以供該終端設備使用連網功能;以及令該網路控制器依據該連網時間進行檢測,以於該終端設備處於該連網時間內時,使該終端設備正常使用該連網功能,而於該終端設備處於該連網時間外且設有該超時連網服務時,由網路存取控制系統執行超時處理。 In order to solve the above-mentioned problems of the prior art, the present invention proposes a network time management method based on a software-defined network, which includes: creating a sub-network in a network controller, setting a network service gateway, and setting a connection time and time-out networking service information; when the terminal device is connected to the network controller, the network controller enables the terminal device according to the information of the sub-network, and sets the network transmission rules to in the network switch for the terminal device to use the networking function; and making the network controller perform detection according to the networking time, so that when the terminal device is within the networking time, the terminal device can normally use the Networking function, and when the terminal device is outside the networking time and is provided with the timeout networking service, the network access control system performs timeout processing.

於一實施例中,該於該網路控制器中創立子網路、設定網路服務閘道器以及設定連網時間和超時連網服務之資訊之步驟,係包括下列子步驟:設定該網路控制器管轄之終端設備的範圍,以成為該子網路;依據該終端設備需連線之服務閘道器,於該網路控制器中設定該子網路連接至該服務閘道器以及連接至該服務閘道器之參數;創立連網時間服務叢集、超時連網服務叢集、該網路 存取控制系統以及設定永久連網服務叢集,其中,該網路存取控制系統用於管控中之該終端設備的連網功能認證;以及設定該連網時間的時段、該超時連網服務的使用時間以及該網路存取控制系統存取之網路與認證系統。 In one embodiment, the steps of creating a sub-network in the network controller, setting a network service gateway, and setting a connection time and time-out network service information include the following sub-steps: setting the network service gateway; The scope of the terminal equipment under the jurisdiction of the network controller to become the subnet; according to the service gateway that the terminal equipment needs to connect to, set the subnet to connect to the service gateway in the network controller and parameters to connect to the service gateway; create a network time service cluster, a timeout network service cluster, the network An access control system and setting a permanent network service cluster, wherein the network access control system is used for authentication of the network connection function of the terminal device under control; and setting the time period of the connection time, the timeout connection service the time of use and the network and authentication systems accessed by the network access control system.

於一實施例中,於該網路控制器依據該子網路之資訊對該終端設備進行開通之步驟,係包括下列子步驟:以匯入該終端設備資料或以自動偵測方式,令該終端設備加入創立該子網路時所建立之服務叢集中;以及基於各該終端設備加入之服務叢集以及服務閘道器之參數與連接埠,令該網路控制器依據該終端設備加入之服務叢集開通該終端設備之連網服務,以及產生對應之該網路傳送規則,以設定該網路傳送規則於該網路交換器中。 In one embodiment, the step of enabling the terminal device by the network controller according to the information of the sub-network includes the following sub-steps: importing the terminal device data or automatically detecting The terminal equipment joins the service cluster established when the sub-network is created; and based on the service clusters joined by the terminal equipment and the parameters and connection ports of the service gateway, the network controller is based on the service added by the terminal equipment. The cluster activates the network connection service of the terminal equipment, and generates the corresponding network transmission rule, so as to set the network transmission rule in the network switch.

於一實施例中,該網路控制器依據該連網時間進行檢測之步驟係包括令該網路控制器定期檢查目前時間是否在設定之該連網時間內,以於該目前時間在該連網時間內時,進一步判斷是否已開通服務,而若該目前時間不在該連網時間內時,則執行該超時處理。 In one embodiment, the step of the network controller detecting according to the connection time includes making the network controller periodically check whether the current time is within the set connection time, so that the current time is within the connection time. When the network time is within the network time, it is further judged whether the service has been activated, and if the current time is not within the network connection time, the timeout processing is executed.

於一實施例中,該判斷是否已開通服務步驟係包括:令該網路控制器判斷連網時間服務叢集內之終端設備是否已開通過服務,若已通過,則持續定期檢測是否超時,而若未開通,則進行該終端設備之服務開通。 In one embodiment, the step of judging whether the service has been activated comprises: making the network controller determine whether the terminal equipment in the network connection time service cluster has opened the service; And if it is not activated, the service activation of the terminal equipment is performed.

於一實施例中,該網路存取控制系統執行超時處理之步驟係包括:於該網路控制器設定有該網路存取控制系統及該超時連網服務下,令該終端設備連線至該網路存取控制系統,以由該網路存取控制系統進行認證;以及於該終端設備認證成功後,令該網路控制器開通該終端設備之連網功能,並定時檢測是否達到超時連網時間。 In one embodiment, the step of executing the timeout processing by the network access control system includes: under the network controller setting the network access control system and the timeout networking service, making the terminal device Connect to the network access control system for authentication by the network access control system; and after the terminal device is authenticated successfully, make the network controller enable the network connection function of the terminal device, and periodically detect Whether the timeout connection time has been reached.

於上述實施例中,令該終端設備連線至該網路存取控制系統以由該網路存取控制系統進行認證之步驟,係包括下列子步驟:令該網路控制器清除該終端設備位於該網路交換器之該網路傳送規則;以及令該網路控制器依據創立該子網路時所設定的附加服務,於該網路交換器中設定連線至該網路存取控制系統的網路傳送規則,以使該終端設備僅能連線至該網路存取控制系統進行認證。 In the above-mentioned embodiment, the step of making the terminal equipment connect to the network access control system for authentication by the network access control system includes the following sub-steps: making the network controller clear the terminal equipment the network routing rules at the network switch; and causing the network controller to set up a connection to the network access control in the network switch according to the additional services set when the subnet was created The network transmission rules of the system so that the terminal device can only connect to the network access control system for authentication.

於上述實施例中,令該網路控制器開通該終端設備之連網功能之步驟,係包括下列子步驟:令該網路控制器將認證通過之終端設備加入超時連網服務叢集並開通服務,以產生該認證通過之終端設備連線至該服務閘道器的超時網路傳送規則,傳送該超時網路傳送規則至該網路交換器中,俾使該認證通過之終端設備於該超時連網服務的時間內正常使用該連網功能;以及令該網路控制器持續檢測該超時連網服務叢集內之終端設備超時時間,以於使用時間內,令該認證通過之終端設備繼續使用該連網功能,以及於時間到後,由該網路控制器移除該認證通過之終端設備的該超時網路傳送規則。 In the above-mentioned embodiment, the step of enabling the network controller to enable the networking function of the terminal device includes the following sub-steps: enabling the network controller to add the terminal device that has passed the authentication to the timeout networking service cluster and enable it. service to generate a timeout network transmission rule for the terminal equipment that has passed the authentication to connect to the service gateway, and transmit the timeout network transmission rule to the network switch, so as to make the terminal equipment that has passed the authentication Use the networking function normally within the time-out networking service time; and make the network controller continue to detect the time-out time of the terminal equipment in the time-out networking service cluster, so as to enable the authentication within the usage time The passed terminal equipment continues to use the networking function, and after the time expires, the network controller removes the timeout network transmission rule of the authenticated terminal equipment.

於上述方法中,復包括利用網路流量檢測工具檢測該網路交換機之連接埠,以於該終端設備在該連網時間或該超時連網服務外仍有超過預定數量之封包持續發送時,判斷該終端設備為異常。 In the above method, the method further includes detecting the connection port of the network switch by using a network traffic detection tool, so that when the terminal device still has more than a predetermined number of packets continuously sent outside the network connection time or the timeout connection service , judge that the terminal device is abnormal.

本發明復提出一種基於軟體定義網路之網路時間管理系統,係包括:伺服器,係用於儲存終端設備之連網時間及超時連網服務之資訊;網路交換器,係用於傳送封包;實體控制器,係用於將網路傳送規則設定至該網路交換器中,且該實體控制器內具有用於定期檢查時間之計時器;以及網路存取控制系統,係用於在該終端設備處於該連網時間外且設有該超時連網服務時,執行該終 端設備之連網認證,其中,該計時器用於確認目前時間是否處於該連網時間,以於該目前時間處於該連網時間時,透過該網路交換器傳送該終端設備所發出之封包至服務閘道器以及透過該網路交換器接收由該服務閘道器所回傳之回應封包,而於該目前時間為該連網時間外且設有該超時連網服務時,經由該網路存取控制系統進行認證,以將新的網路傳送規則紀錄於該伺服器並更新該網路交換器中原本的網路傳送規則,俾使該終端設備發出之封包由該網路交換器傳送。 The present invention further proposes a network time management system based on a software-defined network, which includes: a server, which is used to store the information of the network connection time of the terminal equipment and the time-out network service; a network switch, which is used for a transmission packet; a physical controller for setting network transmission rules in the network switch, and a timer for periodically checking the time in the physical controller; and a network access control system for When the terminal device is outside the networking time and the timeout networking service is provided, execute the terminal The network connection authentication of the terminal equipment, wherein the timer is used to confirm whether the current time is at the connection time, so that when the current time is at the connection time, the packet sent by the terminal equipment is transmitted through the network switch to The service gateway receives the response packet returned by the service gateway through the network switch, and when the current time is outside the connection time and the timeout connection service is provided, the service gateway passes through the network The access control system performs authentication to record the new network routing rules on the server and update the original network routing rules in the network switch, so that the packets sent by the terminal equipment can be sent by the network switch. send.

綜上可知,本發明為一種利用軟體定義網路架構控制管理網路存取時間的方式,其著重於透過網路控制器統一管控網路交換器下的合法終端設備的連網存取時間,在超過連網存取時間外將會被停止使用連網功能,並結合外部認證機制達成連網存取時間外的連網需求,再者,作為軟體定義網路架構控制管理網路存取時間,可自行定義多組不同網路存取的時間範圍或是定義無時間管理的服務,並將不同連網存取時間需求的合法終端設備各自加入至不同的服務內,有效的透過網路控制器管控不同存取時間需求的合法終端設備,對於網路管理者增加了網路控管的便利性及彈性的控制不同的終端設備網路存取時間。另外,本發明所揭示之基於軟體定義網路之網路時間管理系統及其方法,利用軟體定義網路的特性,可以集中管理設備的網路開通時間,而且不需要在用戶設備端安裝任何軟體,即可達到網路管理目的,再者,本發明之時間管理方式係從來源的設備IP位址就進行管控,不會造成網路有許多無效封包,而影響網路。 To sum up, the present invention is a method for using a software-defined network architecture to control and manage network access time. If the network access time is exceeded, the network function will be stopped, and the external authentication mechanism will be used to meet the network connection requirements outside the network access time. Furthermore, as a software-defined network architecture, the network access time is controlled and managed. , you can define multiple groups of different network access time ranges or define services without time management, and add legitimate terminal devices with different network access time requirements to different services, effectively controlling the network The controller manages legal terminal devices with different access time requirements, which increases the convenience of network control and flexibility for network administrators to control the network access time of different terminal devices. In addition, the software-defined network-based network time management system and method disclosed in the present invention utilize the characteristics of software-defined networks to centrally manage the network opening time of devices without installing any software on the user equipment. , the purpose of network management can be achieved. Furthermore, the time management method of the present invention is controlled from the source device IP address, which will not cause many invalid packets on the network, which will affect the network.

11-15:階段 11-15: Stages

111-114:流程 111-114: Process

121-122:流程 121-122: Process

131-132:流程 131-132: Process

141-142:流程 141-142: Process

151-153:流程 151-153: Process

211-216:流程 211-216: Process

311-319:流程 311-319: Process

31:網路管理者 31: Network Manager

32、42:網路控制器 32, 42: Network Controller

33、43:終端設備 33, 43: Terminal equipment

34、44:網路交換器 34, 44: Network switch

35、45:服務閘道器 35, 45: Service Gateway

36、46:網路存取控制系統 36, 46: Network access control system

321、421:計時器 321, 421: Timer

322、422:伺服器 322, 422: Server

S11-S13:步驟 S11-S13: Steps

圖1為本發明之基於軟體定義網路之網路時間管理方法之步驟圖。 FIG. 1 is a step diagram of a network time management method based on a software-defined network of the present invention.

圖2為本發明之基於軟體定義網路之網路時間管理方法之時序流程圖。 FIG. 2 is a sequence flow chart of the network time management method based on the software-defined network of the present invention.

圖3為本發明之基於軟體定義網路之網路時間管理系統及其方法之設定網路時間管理與開通流程示意圖。 FIG. 3 is a schematic diagram of a flow chart of setting network time management and activation of the software-defined network-based network time management system and method of the present invention.

圖4為本發明之基於軟體定義網路之網路時間管理系統及其方法之時間外管控與開通流程示意圖。 FIG. 4 is a schematic diagram showing the flow of out-of-time management, control and activation of the software-defined network-based network time management system and method thereof according to the present invention.

圖5為本發明基於軟體定義網路之網路時間管理系統的架構圖。 FIG. 5 is a structural diagram of a network time management system based on a software-defined network of the present invention.

以下藉由特定的具體實施形態說明本發明之技術內容,熟悉此技藝之人士可由本說明書所揭示之內容輕易地瞭解本發明之優點與功效。然本發明亦可藉由其他不同的具體實施形態加以施行或應用。 The following describes the technical content of the present invention through specific embodiments, and those skilled in the art can easily understand the advantages and effects of the present invention from the content disclosed in this specification. However, the present invention can also be implemented or applied by other different specific embodiments.

傳統交換器設備中無時間管控概念,且較困難於統一管控,並且缺乏對於終端設備動態的開通與阻斷,本發明是基於網路控制器定義各式不同存取時間的服務提供給不同需求的使用者,能夠依照使用者自行定義的服務給予不同使用者動態的操作合法終端設備的網路存取時間,且可額外設定並結合外部認證機制,達到非管控時間內的網路存取需求。 There is no concept of time management and control in traditional switch equipment, and it is more difficult to uniformly manage and control, and it lacks dynamic opening and blocking of terminal equipment. The present invention is based on the network controller to define various services with different access times to provide different needs. Users can dynamically give different users the network access time for operating legitimate terminal devices according to their self-defined services, and can additionally set and combine external authentication mechanisms to meet network access requirements during non-controlled time. .

圖1為本發明之基於軟體定義網路之網路時間管理方法之步驟圖。本發明係提出集中式管理與控制終端設備連網功能之網路時間管理方法,根據網路管理者需求,於網路控制器中設定子網路與網路時間管理規則,來限制正常連網功能時間,並可以視需求設定網路存取控制系統認證,於時間外讓認證設備可以使用連網功能。 FIG. 1 is a step diagram of a network time management method based on a software-defined network of the present invention. The present invention proposes a network time management method for centralized management and control of the network connection function of terminal equipment. According to the needs of the network administrator, sub-networks and network time management rules are set in the network controller to limit normal network connection. Function time, and network access control system authentication can be set as required, so that the authentication device can use the networking function outside the time.

於步驟S11,於網路控制器中創立子網路、設定網路服務閘道器以及設定連網時間和超時連網服務之資訊。於本步驟中,可視為創立子網路階段,網路管理者於網路控制器創立子網路,並設定網路服務閘道器與設定附加服務與相關時間設定。 In step S11 , create a sub-network in the network controller, set the network service gateway, and set the connection time and the information of the timeout connection service. In this step, which can be regarded as the stage of creating a sub-network, the network administrator creates a sub-network in the network controller, and configures the network service gateway and sets additional services and related time settings.

於一實施例中,步驟S11進一步包含下列步驟:設定該網路控制器管轄之終端設備的範圍,以成為該子網路;依據該終端設備需連線之服務閘道器,於該網路控制器中設定該子網路連接至該服務閘道器以及連接至該服務閘道器之參數;創立連網時間服務叢集、超時連網服務叢集、該網路存取控制系統以及設定永久連網服務叢集,其中,該網路存取控制系統用於管控中之該終端設備的連網功能認證;以及設定該連網時間的時段、該超時連網服務的使用時間以及該網路存取控制系統存取之網路與認證系統。 In one embodiment, step S11 further includes the following steps: setting the range of the terminal equipment under the jurisdiction of the network controller to become the sub-network; according to the service gateway that the terminal equipment needs to connect to, the network Setting the sub-network connection to the service gateway and parameters connected to the service gateway in the controller; creating a network time service cluster, a timeout network service cluster, the network access control system, and setting permanent Networking service cluster, wherein the network access control system is used for the authentication of the networking function of the terminal device under control; and setting the period of the networking time, the usage time of the overtime networking service, and the network Access control system access network and authentication system.

於步驟S12,於終端設備連線時,令該網路控制器依據該子網路之資訊對該終端設備進行開通,以及將網路傳送規則設定至網路交換器中以供該終端設備使用連網功能。於本步驟中,可視為終端設備開通階段,終端設備連上時,網路控制器會依據套用的子網路對終端設備進行開通,並將網路傳送規則設定至網路交換器中供終端設備使用連網功能。 In step S12, when the terminal device is connected, the network controller is made to activate the terminal device according to the information of the sub-network, and the network transmission rule is set in the network switch for the terminal device to use Internet function. In this step, it can be regarded as the terminal device activation stage. When the terminal device is connected, the network controller will open the terminal device according to the applied subnet, and set the network transmission rules in the network switch for the terminal device. The device uses the networking function.

於一實施例中,步驟S12進一步包含下列步驟:以匯入該終端設備資料或以自動偵測方式,令該終端設備加入創立該子網路時所建立之服務叢集中;以及基於各該終端設備加入之服務叢集以及服務閘道器之參數與連接埠,令該網路控制器依據該終端設備加入之服務叢集開通該終端設備之連網服務,以及產生對應之該網路傳送規則,以設定該網路傳送規則於該網路交換器中。 In one embodiment, step S12 further includes the following steps: importing the terminal equipment data or automatically detecting the terminal equipment to join the service cluster established when the sub-network is created; and based on each terminal equipment The service cluster that the device joins and the parameters and connection ports of the service gateway, so that the network controller activates the network service of the terminal device according to the service cluster that the terminal device joins, and generates the corresponding network transmission rules to Set the network transmission rule in the network switch.

於步驟S13,令該網路控制器依據該連網時間進行檢測,以於該終端設備處於該連網時間內時,使該終端設備正常使用該連網功能,而於該終端設備處於該連網時間外且設有該超時連網服務時,由網路存取控制系統執行超時處理。於本步驟中,可視為時間檢測階段,網路控制器會依據連網時間進行檢測,若時間內可以正常使用連網功能,時間若超過連網時間則會進行超時處理。 In step S13, the network controller is made to perform detection according to the networking time, so that when the terminal device is within the networking time, the terminal device can normally use the networking function, and when the terminal device is in the networking When it is outside the network time and the timeout network service is provided, the network access control system executes the timeout processing. In this step, which can be regarded as a time detection stage, the network controller will perform detection according to the connection time.

於一實施例中,步驟S13進一步包含下列步驟:該網路控制器定期檢查目前時間是否在設定之該連網時間內,以於該目前時間在該連網時間內時,進一步判斷是否已開通服務,而若該目前時間不在該連網時間內時,則執行該超時處理。另外,前述判斷是否已開通服務的方式,即令該網路控制器判斷連網時間服務叢集內之終端設備是否已開通過服務,若已通過,則持續定期檢測是否超時,而若未開通,則進行該終端設備之服務開通。 In one embodiment, step S13 further includes the following steps: the network controller regularly checks whether the current time is within the set networking time, so as to further determine whether the network has been activated when the current time is within the networking time service, and if the current time is not within the networking time, execute the timeout process. In addition, the aforementioned method of judging whether the service has been activated, that is, the network controller determines whether the terminal equipment in the network time service cluster has been activated and passed the service. Then the service of the terminal equipment is activated.

關於前述網路存取控制系統執行超時處理之步驟,係包括:於該網路控制器設定有該網路存取控制系統及該超時連網服務下,令該終端設備連線至該網路存取控制系統,以由該網路存取控制系統進行認證,以及於該終端設備認證成功後,令該網路控制器開通該終端設備之連網功能,並定時檢測是否達到超時連網時間。簡言之,上述可視為超時處理階段以及超時開通階段,網路控制器會依據是否有設定網路存取控制系統與超時連網服務,若有設定下,則使用終端設備至網路存取控制系統的網路傳送規則,亦即終端設備須經由路存取控制系統認證才能使用連網功能,接著,終端設備認證成功後,網路控制器會開通終端設備連網功能,並定時檢測是否已達超時連網時間。 The steps of executing the timeout processing by the aforementioned network access control system include: when the network controller is configured with the network access control system and the timeout networking service, making the terminal device connect to the The network access control system is used for authentication by the network access control system, and after the terminal device is authenticated successfully, the network controller enables the network connection function of the terminal device, and regularly detects whether the timeout is reached Internet connection time. In short, the above can be regarded as the timeout processing stage and the timeout activation stage. The network controller will use the terminal device to connect to the network according to whether the network access control system and the timeout networking service are set. The network transmission rules of the access control system, that is, the terminal device must be authenticated by the access control system before it can use the networking function. Regularly detect whether the timeout connection time has been reached.

前述令該終端設備連線至該網路存取控制系統以由該網路存取控制系統進行認證之步驟,係包括:該網路控制器清除該終端設備位於該網路交 換器之該網路傳送規則;以及該網路控制器依據創立該子網路時所設定的附加服務,於該網路交換器中設定連線至該網路存取控制系統的網路傳送規則,以使該終端設備僅能連線至該網路存取控制系統進行認證。 The aforementioned step of making the terminal equipment connect to the network access control system for authentication by the network access control system includes: the network controller clearing the terminal equipment located in the network communication the network transmission rules of the switch; and the network controller configures the network transmission in the network switch to connect to the network access control system according to the additional services set when the sub-network was created rules so that the terminal device can only connect to the network access control system for authentication.

前述令該網路控制器開通該終端設備之連網功能之步驟,係包括:該網路控制器將認證通過之終端設備加入超時連網服務叢集並開通服務,以產生該認證通過之終端設備連線至該服務閘道器的超時網路傳送規則,傳送該超時網路傳送規則至該網路交換器中,俾使該認證通過之終端設備於該超時連網服務的時間內正常使用該連網功能;以及該網路控制器持續檢測該超時連網服務叢集內之終端設備超時時間,以於使用時間內,令該認證通過之終端設備繼續使用該連網功能,以及於時間到後,由該網路控制器移除該認證通過之終端設備的該超時網路傳送規則。 The aforementioned step of enabling the network controller to activate the networking function of the terminal device includes: the network controller adds the terminal device that has passed the authentication to the timeout networking service cluster and activates the service, so as to generate the terminal that has passed the authentication. The time-out network transmission rule that the device connects to the service gateway, and the time-out network transmission rule is transmitted to the network switch, so that the terminal device that has passed the authentication is connected to the network service time in the time-out period and the network controller continuously detects the timeout period of the terminal equipment in the overtime networking service cluster, so as to allow the terminal equipment that has passed the authentication to continue to use the networking function within the usage time , and after the time expires, the network controller removes the timeout network transmission rule of the authenticated terminal device.

本發明藉由透過創立子網路階段,可以設定管轄的範圍與需求的服務功能和服務時間,並於終端設備開通階段,將管轄內的終端設備分別使用匯入或自動偵測至相對應的服務叢集中,終端設備開通階段則開始檢測是否已超過設定時間,若超過後至超時處理階段,使終端設備無法使用連網功能或只能連至網路存取控制系統認證,超時開通階段則會開通認證過的終端設備連網功能,藉此幫助網路管理者可以有效率的管理終端設備與增加網路安全。 In the present invention, the scope of jurisdiction and the required service functions and service time can be set through the stage of creating a sub-network, and in the stage of opening the terminal equipment, the use of the terminal equipment under the jurisdiction can be imported or automatically detected to the corresponding In the service cluster, the terminal device starts to detect whether the set time has passed during the opening phase. If it exceeds the timeout processing stage, the terminal device cannot use the networking function or can only connect to the network access control system for authentication, and the timeout is opened. In this stage, the authenticated terminal device networking function will be enabled, thereby helping network administrators to efficiently manage terminal devices and increase network security.

下面透過具體實施例以說明本發明。本發明是一種基於軟體定義網路,集中式管理與控制終端設備連網功能之網路時間管理系統及其方法,能根據網路管理者於網路控制器中設定子網路與網路時間管理系統,在此子網路設定中的終端設備根據網路時間管理系統設定的時間內可以正常使用連網功能,超過網路時間管理系統設定的時間外將會被停止使用連網功能。此網路時間管 理系統及其方法可整合網路存取控制系統,若使用者需要在網路時間管理系統設定的時間外使用連網功能,則可經由網路存取控制系統認證成功後,網路控制器則開通終端設備連網功能服務並記錄日誌。 The present invention is described below through specific embodiments. The present invention is a network time management system and method for centrally managing and controlling the networking function of terminal equipment based on a software-defined network, which can set the subnet and network time in the network controller according to the network manager. Management system, the terminal equipment in this sub-network setting can use the networking function normally according to the time set by the network time management system, and will stop using the networking function outside the time set by the network time management system. this network time tube The management system and the method thereof can be integrated with the network access control system. If the user needs to use the networking function outside the time set by the network time management system, the network controller can be authenticated by the network access control system successfully. Then enable the terminal device networking function service and record the log.

圖2為本發明之基於軟體定義網路之網路時間管理方法之時序流程圖,如圖所示,本發明的系統流程主要分為五個階段,分別是創立子網路階段11、終端設備開通階段12、時間檢測階段13、超時處理階段14與超時開通階段15。 Fig. 2 is the sequence flow chart of the network time management method based on the software-defined network of the present invention. As shown in the figure, the system flow of the present invention is mainly divided into five stages, namely the creation of the sub-network stage 11, the terminal equipment The activation stage 12 , the time detection stage 13 , the timeout processing stage 14 and the timeout activation stage 15 .

在創立子網路階段11,網路管理者根據管轄的網段和終端設備,至網路控制器設定符合自己需求的子網路和各項服務的網路時間管理系統,其包括流程111的創立子網路、流程112的設定對外服務閘道器、流程113的設定附加服務、以及流程114的設定附加服務內容。 In the sub-network creation stage 11, the network manager sets up the sub-network and the network time management system for various services to the network controller according to the network segment and terminal equipment under its jurisdiction, which includes the steps of the process 111. Create a sub-network, set the external service gateway in the process 112, set the additional service in the process 113, and set the content of the additional service in the process 114.

首先,於流程111中,網路管理者需要在網路控制器創立子網路,網路管理者要先設定管轄的終端設備範圍,包含但不限於IPv4網段、IPv6網段、來源網路交換器連接埠等範圍,以設定子網路,並在有設定範圍內的終端設備加入網路時,會加入符合設定的子網路。接者,於流程112中,網路管理者於網路控制器設定此子網路連接的對外服務閘道器,並可以設定連接此服務閘道器的參數,包含但不限於VLAN、網路交換器連接埠等資訊,並記住服務閘道器的連接埠位置。之後,於流程113中,網路管理者創立連網時間服務叢集,另外也可以選擇創立超時連網服務叢集與網路存取控制系統,使管控中的終端設備可以經由認證使用連網功能,另外,還可設定永久連網服務叢集,將不需要管控的終端設備加入並永久可以使用連網功能。最後,於流程114中,網路管理者在此階段設定網路時間管理,設定連網時間服務的時段,如果有在流程113設定超時連 網服務與網路存取控制系統,也須一併設定超時連網服務的使用時間,和網路存取控制系統存取的網路與認證系統。 First, in the process 111, the network administrator needs to create a sub-network in the network controller, and the network administrator needs to first set the scope of the terminal equipment under the jurisdiction, including but not limited to IPv4 network segment, IPv6 network segment, source network Switch ports and other ranges to set subnets, and when a terminal device within the set range joins the network, the subnets that match the settings will be added. Then, in the process 112, the network administrator sets the external service gateway connected to the sub-network in the network controller, and can set the parameters for connecting the service gateway, including but not limited to VLAN, network Switch ports and other information, and remember the port location of the service gateway. Afterwards, in the process 113, the network administrator creates a network connection time service cluster, and can also choose to create a timeout network connection service cluster and a network access control system, so that the terminal devices under management and control can use the network connection function through authentication , In addition, you can also set up a permanent network service cluster, add terminal devices that do not need to be controlled and can use the networking function permanently. Finally, in the process 114, the network administrator sets the network time management at this stage, and sets the time period of the connection time service. If there is a timeout connection in the process 113, The network service and network access control system must also set the usage time of the overtime network service together with the network and authentication system accessed by the network access control system.

完成創立子網路階段11後,即進入終端設備開通階段12,網路管理者開始使用匯入或偵測方式將管轄的終端設備加入子網路中,並分別選擇每個終端設備需要加入服務叢集後,網路控制器下傳網路傳送規則於網路交換器中以達成終端設備連網功能,其中包括流程121的終端設備套入子網路以及流程122的開通服務功能。簡言之,於流程121中,網路管理者將匯入終端設備資料或以自動偵測方式於創立子網路階段11設定的子網路,並且加入創立子網路階段11創立的服務叢集中,之後,於流程122中,網路控制器根據每台終端設備加入的服務叢集,與創立子網路階段11設定的服務閘道器的參數與連接埠,網路控制器依據終端設備加入的服務叢集開通連網服務並產生對應的網路傳送規則,並將網路傳送規則設定於網路交換器中,讓套用服務叢集的終端設備可以正常使用連網功能,若有設定連網時間服務叢集,則須進入時間檢測階段13進行時間管理之判斷,若只設定永久連網服務叢集,則不需要進入時間檢測階段13,永久開通連網功能。 After completing the creation of the sub-network stage 11, the terminal device opening stage 12 is entered. The network administrator starts to use the import or detection method to add the terminal devices under its jurisdiction to the sub-network, and select each terminal device to be added to the service. After clustering, the network controller downloads the network transmission rules to the network switch to achieve the terminal equipment networking function, including the terminal equipment embedded in the subnet in the process 121 and the service activation function in the process 122 . In short, in the process 121, the network administrator will import the terminal device data or the subnet set in the sub-network creation stage 11 by automatic detection, and join the service cluster created in the sub-network creation stage 11 , and then, in the process 122, the network controller joins the service cluster according to each terminal device, and the parameters and connection ports of the service gateway set in the sub-network stage 11, and the network controller joins according to the terminal device. The service cluster activates the networking service and generates the corresponding network transmission rules, and sets the network transmission rules in the network switch, so that the terminal devices applying the service cluster can use the network connection function normally. If there is a set connection time For service clusters, it is necessary to enter the time detection stage 13 to determine the time management. If only a permanent networked service cluster is set, it is not necessary to enter the time detection stage 13 to permanently enable the networking function.

在時間檢測階段13中,網路控制器將會開始依照於創立子網路階段11設定之連網時間檢測連網時間服務叢集的狀態,其包括流程131的檢測是否超時以及流程132的判斷是否已開通服務。簡言之,於流程131中,網路控制器會依據創立子網路階段11中連網時間服務設定的正常連網時間,定時檢查目前的時間是否在網路管理者設定的連網時間服務連網時間內,若目前時間在連網時間服務的連網時間內,則進入流程132,反之,則進入超時處理階段14,在判斷是否已開通服務的流程132中,網路控制器會判斷此連網時間服務叢集內的終端 設備是否已經開通過服務,若開通過,則回到流程131持續判斷是否於時間內,若尚未開通過,則回至終端設備開通階段12的流程122。 In the time detection stage 13, the network controller will start to check the status of the network time service cluster according to the connection time set in the sub-network creation stage 11, which includes whether the detection in the process 131 times out and the judgment in the process 132 Whether the service has been activated. In short, in the process 131, the network controller will regularly check whether the current time is within the network time service set by the network administrator according to the normal network connection time set by the network connection time service in the sub-network creation stage 11. During the network connection time, if the current time is within the network connection time of the network connection time service, the process 132 is entered; otherwise, the timeout processing stage 14 is entered. In the process 132 of judging whether the service has been activated, the network controller will Determine the terminals in this networked time service cluster Whether the device has been opened and passed the service, if so, go back to the process 131 to continuously determine whether it is within the time, if not, go back to the process 122 of the terminal device opening stage 12 .

當時間超過連網時間後,將會進入在超時處理階段14,網路控制器會因為時間已經超過連網時間服務設定的時間,需要處理終端設備的網路傳送規則,其包括流程141的切斷連網功能以及流程142的附加服務處理與認證。於流程141中,因為已於創立子網路階段11中設定的連網時間外,網路控制器根據在連網時間服務叢集內的終端設備資訊,清除上述終端設備位於網路交換器的網路傳送規則,此時於連網時間服務叢集內的所有終端設備將會切斷連網功能,若網路管理者有於創立子網路階段11設定附加服務(例如超時連線),則會進入流程142,網路控制器會設定依照創立子網路階段11內附加服務,設定連至網路存取控制系統的網路傳送規則(即超時網路傳送規則),終端設備要嘗試使用連網功能時,只能連至網路存取控制系統認證,若認證不成功,則回時間檢測階段13,判斷時間是否為連網時間內再開通網路,若認證成功,則進至超時開通階段15。 When the time exceeds the network connection time, it will enter the timeout processing stage 14. Because the time has exceeded the time set by the network connection time service, the network controller needs to process the network transmission rules of the terminal device, which includes the process of 141. Disconnect the networking functionality and additional service processing and authentication of process 142. In the process 141, because the network connection time set in the sub-network creation stage 11 has been set, the network controller clears the network of the terminal equipment located in the network switch according to the terminal equipment information in the service cluster at the network connection time. At this time, all terminal devices in the network service cluster will be disconnected from the network function. If the network administrator has set additional services (such as timeout connection) in the sub-network creation stage 11, then The process 142 will be entered, and the network controller will set the network transmission rules (ie timeout network transmission rules) connected to the network access control system according to the additional services in the stage 11 of creating a sub-network, and the terminal device will try to When using the network connection function, you can only connect to the network access control system for authentication. If the authentication is unsuccessful, go back to the time detection stage 13 to determine whether the time is within the network connection time and then open the network. If the authentication is successful, go to Timeout to open phase 15.

在超時開通階段15,網路控制器會依據創立子網路階段11設定的超時連網服務設定網路傳送規則,並於超時連網服務設定的時間後移除對應的網路傳送規則,其包括流程151的開通超時連網服務、流程152的檢測是否在超時有效時限內以及流程153的清除超時連網功能。於流程151中,於超時處理階段14認證成功後,網路控制器會依據由網路存取控制系統的資訊將認證通過的終端設備加入超時連網服務叢集並開通服務,並產生認證成功的終端設備連至服務閘道器的超時網路傳送規則至網路交換器中,使終端設備於超時連網設定的時間內可以正常使用連網功能,而後於流程152中,網路控制器持續檢測超時連網服務叢集內的終端設備超時時間,若於使用時間內則可繼續使用連網功能,反 之,時間到後則進入流程153,網路控制器會移除此終端設備的超時網路傳送規則,此時終端設備將會切斷連網功能,並回時間檢測階段13。 In the timeout activation stage 15, the network controller will set the network transmission rules according to the timeout network service set in the sub-network creation stage 11, and remove the corresponding network transmission after the time set by the timeout network service. The rules include the activation of the timeout networking service in the process 151 , the detection of whether the timeout is within the valid time limit in the process 152 , and the function of clearing the timeout networking in the process 153 . In the process 151, after the authentication is successful in the timeout processing stage 14, the network controller will add the authenticated terminal device to the timeout network service cluster according to the information from the network access control system, activate the service, and generate the authentication. The time-out network transmission rule of the successful terminal device connected to the service gateway is sent to the network switch, so that the terminal device can use the network connection function normally within the time set by the time-out network connection, and then in the process 152, the network The circuit controller continues to detect the timeout period of the terminal equipment in the timeout network service cluster. In addition, when the time is up, the process 153 is entered, and the network controller will remove the timeout network transmission rule of the terminal device. At this time, the terminal device will cut off the network connection function and return to the time detection stage 13 .

圖3為本發明之基於軟體定義網路之網路時間管理系統及其方法之設定網路時間管理與開通流程示意圖,係說明子網路設定與開通流程。如圖所示,首先,於流程211,網路管理者31根據管轄的網段和終端設備,至網路控制器32設定符合自己需求的子網路、使用的服務、網路時間管理系統和網路存取控制系統,之後,於流程212,網路控制器32依據網路管理者31匯入的終端設備33開通資料,將網路傳送規則設定至網路交換器,於流程213,當終端設備33連網路時,經過網路交換器34,於流程214,網路交換器34會將有開通過的終端設備33依照網路傳送規則將封包送往服務閘道器35,接著,於流程215,服務閘道器35回傳回應封包至網路交換器34,最後,於流程216,依照開通設定的網路傳送規則將回應封包送回終端設備33,以達成終端設備33可以正常使用連網功能。 FIG. 3 is a schematic diagram of a network time management and activation process of the software-defined network-based network time management system and method of the present invention, which illustrates the sub-network configuration and activation process. As shown in the figure, first, in the process 211, the network manager 31 sets up the subnet, the service used, the network time management system and the network access control system, then, in the process 212, the network controller 32 sets the network transmission rules to the network switch according to the opening data of the terminal device 33 imported by the network administrator 31, and in the process 213, when When the terminal device 33 is connected to the network, it passes through the network switch 34. In the process 214, the network switch 34 sends the packet to the service gateway 35 according to the network transmission rules for the terminal device 33 that has passed through. Then, In the process 215 , the service gateway 35 sends back the response packet to the network switch 34 , and finally, in the process 216 , the response packet is sent back to the terminal device 33 according to the network transmission rules set by the activation, so that the terminal device 33 can be normal. Use the Internet connection function.

由於傳統的交換器設備中無時間管控概念,本發明透過軟體定義網路架構可將網路存取時間的資訊記錄在網路控制器32中,由網路控制器32分門別類的對不同合法的終端設備33進行時間管控,且由於軟體定義網路架構下可全部由單一網路控制器32控制所有的網路交換器34,讓網路管理者31可便利且彈性的控制任一個合法終端設備33的存取能力與時間。 Since there is no concept of time management and control in the traditional switch equipment, the present invention can record the network access time information in the network controller 32 through the software-defined network architecture, and the network controller 32 classifies the different legal The terminal device 33 performs time management, and because of the software-defined network architecture, all network switches 34 can be controlled by a single network controller 32, so that the network administrator 31 can conveniently and flexibly control any legal terminal device 33 access capacity and time.

圖4為本發明之基於軟體定義網路之網路時間管理系統及其方法之時間外管控與開通流程示意圖,係說明網路存取控制系統的超時開通流程。如圖所示,於流程311,網路控制器32內部的計時器(Timer)321會定期檢測時間,若時間已經超過連網時間,則進入流程312,即告知網路控制器32須要移除連網時間網路傳送規則,接著於流程313,網路控制器32會依照設定,移除網路交換器 34的連網時間網路傳送規則與設定聯至網路存取控制系統36的網路傳送規則,之後,於流程314中,當終端設備33這時候使用連網功能時,則進入流程315,網路交換器34會將封包送至網路存取控制系統36,若認證成功後,則進入流程316,網路存取控制系統36會將終端設備33資訊送至網路控制器32內部的實體伺服器322儲存,網路控制器32依據於網路存取控制系統36開通的終端設備33,產生此終端設備33連至服務閘道器35的網路傳送規則,並設置於網路交換器34中,後續,當終端設備33使用連網功能後,即流程318,則網路交換器34會將封包送至服務閘道器35,即流程319,終端設備33可以正常使用連網功能。 FIG. 4 is a schematic diagram of the out-of-time control and activation flow of the software-defined network-based network time management system and method of the present invention, which illustrates the timeout activation flow of the network access control system. As shown in the figure, in the process 311, the timer (Timer) 321 inside the network controller 32 will periodically detect the time. If the time has exceeded the network connection time, the process will enter the process 312, that is, the network controller 32 needs to be removed Networking time network transmission rules, then in the process 313, the network controller 32 will remove the network switch according to the setting 34 and setting the network transmission rule for connecting to the network access control system 36, and then, in the process 314, when the terminal device 33 uses the networking function at this time, the process 315 is entered, The network switch 34 will send the packet to the network access control system 36 , and if the authentication is successful, the process 316 is entered, and the network access control system 36 will send the information of the terminal device 33 to the internal network controller 32 . The physical server 322 stores, and the network controller 32 generates the network transmission rules for connecting the terminal device 33 to the service gateway 35 according to the terminal device 33 opened by the network access control system 36, and sets it in the network exchange In the device 34, later, when the terminal device 33 uses the networking function, that is, the process 318, the network switch 34 will send the packet to the service gateway 35, that is, the process 319, and the terminal device 33 can use the networking function normally. .

本發明目的是將使用者的合法終端設備做時間上的分權管控機制,依照網路管理者定義不同使用者的網路存取時間,且可依照使用需求將需要在網路存取時間外有額外的連網需求時,可以結合認證機制進行時間管控存取並以利紀錄使用者連網時間,另外,一般的被動式網路設備或是物聯網(IoT)設備可以搭配無時間管理的服務,使得此類設備不受網路存取的時間限制。 The purpose of the present invention is to make a user's legal terminal equipment a time decentralization management and control mechanism, according to the network administrator to define the network access time of different users, and according to the use requirements, the network access time can be required outside the network access time. When there are additional networking requirements, the authentication mechanism can be used for time management and access to facilitate the recording of the user's connection time. In addition, general passive network devices or Internet of Things (IoT) devices can be used with services without time management. , so that such devices are not limited by the time of network access.

由網路控制器32預先設定網路存取的時間的服務內容,並將合法終端設備33加入此服務中,加入之後網路控制器32會定時檢查目前的時間是否在網路管理者31設定的連網時間服務連網時間內,若在時間內則不進行處理,若超出時間外則會透過網路控制器32觸發斷網功能,傳送阻斷的規則至網路交換器34中進行連網阻斷,受到連網阻斷的終端設備33則無法進行連網存取,若此合法終端設備33所加入的服務內有提供外部認證機制,則此用戶可透過網頁輸入認證後再由網路控制器32傳送對此合法終端設備開通的規則至網路交換器34,因此,網路管理者31僅須操作網路控制器32即可控管全域網路架構下的合法終端設備33,並藉由軟體定義網路架構控制管理網路存取時間提供網路安全性與便利性。 The service content of the network access time is preset by the network controller 32, and the legal terminal device 33 is added to the service. After the addition, the network controller 32 will regularly check whether the current time is set by the network administrator 31. If it is within the time, it will not be processed. If it exceeds the time, the network disconnection function will be triggered through the network controller 32, and the blocking rules will be sent to the network switch 34 for connection. Network blocking, the terminal device 33 blocked by the network connection cannot access the network. If the service that the legitimate terminal device 33 joins provides an external authentication mechanism, the user can enter the authentication through the web page and then access the network. The network controller 32 transmits the rules for enabling the legal terminal device to the network switch 34, so the network administrator 31 only needs to operate the network controller 32 to control the legal terminal device 33 under the global network architecture. It provides network security and convenience through software-defined network architecture control and management of network access time.

圖5為本發明基於軟體定義網路之網路時間管理系統的架構圖。如圖所示,網路時間管理系統包括伺服器422及計時器421之網路控制器42、網路交換器44連接著伺服器422、終端設備43、服務閘道器45和網路存取控制系統46,伺服器422為軟體定義網路(SDN)控制器示意圖,包括軟硬體皆可,不侷限於硬體伺服器,網路交換器44為SDN交換器之示意圖,包括軟硬體皆可,不侷限於硬體交換器,本系統可一般化至多台SDN交換器架構,終端設備43也不限於軟硬體,並可以一般化至多台終端設備架構。 FIG. 5 is a structural diagram of a network time management system based on a software-defined network of the present invention. As shown in the figure, the network time management system includes a server 422 and a network controller 42 with a timer 421, a network switch 44 connected to the server 422, terminal equipment 43, service gateway 45 and network access The control system 46, the server 422 is a schematic diagram of a software-defined network (SDN) controller, including both software and hardware, not limited to a hardware server, and the network switch 44 is a schematic diagram of an SDN switch, including software and hardware Any, not limited to hardware switches, the system can be generalized to the architecture of multiple SDN switches, and the terminal device 43 is not limited to hardware and software, and can be generalized to the architecture of multiple terminal devices.

伺服器422端會依據由網路管理者設定的連網、超時時間服務等資訊,並配合計時器421定期檢查時間,將對應的網路傳送規則設定至網路交換器44中,網路交換器44作為傳送封包功能,由終端設備43於連網時間內可以將封包送至服務閘道器45,而連網時間外若有設定超時服務則將只可連至網路存取控制系統46進行認證,並於認證完後紀錄於伺服器422端並更新網路交換器44的網路傳送規則,讓終端設備43可送封包至服務閘道器45,其詳細的運作步驟和流程如前面方法所述。 The server 422 will periodically check the time with the timer 421 according to the network connection, timeout service and other information set by the network administrator, and set the corresponding network transmission rules in the network switch 44. The switch 44 is used as a function of transmitting packets. The terminal equipment 43 can send the packets to the service gateway 45 during the network connection time. If there is a set timeout service outside the network connection time, it can only be connected to the network access control. The system 46 performs authentication, and after the authentication is completed, it is recorded on the server 422 and the network transmission rules of the network switch 44 are updated, so that the terminal device 43 can send packets to the service gateway 45, and its detailed operation steps and processes as described in the previous method.

本發明的設計著重於終端設備集中式管理並設定網路時間管理系統,以控制終端設備連網功能,能與支援同樣方法的網路控制器協同設定子網路,組成多網域的終端設備網路時間管理系統,並根據網路管理者設定的網路時間管理系統,終端設備於網路時間管理內正常使用連網功能,於網路時間管理外則依據是否有超時與認證的附加服務,實施網路管理者設定的功能,此方式可以使網路管理者更有效的管理終端設備與增加網路安全。 The design of the present invention focuses on the centralized management of terminal equipment and sets up a network time management system to control the networking function of terminal equipment, and can coordinate with a network controller supporting the same method to set up sub-networks to form multi-domain terminal equipment The network time management system, and according to the network time management system set by the network administrator, the terminal device normally uses the networking function within the network time management, while outside the network time management, it depends on whether there are additional timeouts and authentication. Service, implement the function set by the network administrator, this method can enable the network administrator to manage the terminal equipment more effectively and increase the network security.

本發明可適用於數種不同的終端設備供網路管理者設定,如工作場所,網路管理者在設定網路時間管理系統時,可根據不同的終端設備而有不同 的時間設定需求,一般工作者終端設備需要符合連網時間管理功能,網路管理者可以於子網路中創立連網時間服務叢集,並設定正常上班連網時間,並將一般工作者終端設備加入連網時間服務叢集,只允許於上班連網時間內使用連網功能,而被動終端設備,包含但不限於門禁刷卡機等IoT終端設備等需要隨時能使用連網功能,因此於設定永久連網服務叢集,加入此服務叢集的終端設備均可以隨時使用連網功能,並將門禁刷卡機等IoT終端設備加入永久連網服務叢集。而若一般工作者需要加班,終端設備需要於連網時間服務叢集設定的時間外使用連網功能,網路管理者可以在子網路中設定網路存取控制系統與超時連網服務叢集功能,並設定超時連網服務叢集的網路使用時間,和網路存取控制能存取的網路與認證系統。一般工作者若於連網時間服務叢集設定的時間後需要使用連網功能,只允許連上網路存取控制系統,若經由此系統認證後,紀錄日誌於網路控制器,並將使用者終端設備加入超時連網服務叢集,並於使用時間內可以正常使用連網功能,超過設定時間後終端設備將被移出超時連網服務叢集並切斷連網功能,需要再次於網路存取控制系統認證或等待連網時間服務叢集設定的時間到方可重新正常使用連網功能。此功能可大量應用於學校或公司網路,讓一般用戶只能於連網時間服務叢集設定時間內使用連網功能,若需要在連網時間服務叢集設定時間外使用連網功能,需經過網路存取控制系統取得認證才可使用,並會記錄日誌於網路控制器供網路管理者確認身分,有效管理終端設備與增加網路安全。一般的被動終端設備包含但不限於門禁系統、投影機等皆加入永久連網服務叢集。 The present invention can be applied to several different terminal devices for network administrators to set. The time setting requirements of the general worker terminal equipment need to meet the network time management function. The network administrator can create a network time service cluster in the subnet, and set the normal work connection time, and connect the general worker terminal equipment to the network time service cluster. Joining the network connection time service cluster is only allowed to use the network connection function during the network connection time at work, and passive terminal devices, including but not limited to IoT terminal devices such as access control card swiping machines, etc., need to be able to use the network connection function at any time. Network service cluster, terminal devices that join this service cluster can use the networking function at any time, and IoT terminal devices such as access control card swiping machines are added to the permanent network service cluster. If the general worker needs to work overtime, the terminal device needs to use the networking function outside the time set by the networking time service cluster. The network administrator can set the network access control system and the timeout networking service cluster in the subnet. function, and set the network usage time of the timeout network service cluster, and the network and authentication system that the network access control can access. If the general worker needs to use the networking function after the time set by the networking time service cluster, it is only allowed to connect to the internet access control system. The device joins the timeout network service cluster and can use the networking function normally within the usage time. After the set time is exceeded, the terminal device will be removed from the timeout network service cluster and the network connection function will be cut off. It needs to access the network again. After the control system is authenticated or waits for the time set by the network time service cluster, the network function can be used normally again. This function can be widely used in schools or corporate networks, so that ordinary users can only use the network connection function within the set time of the network time service cluster. The access control system can only be used after obtaining the authentication, and will record the log in the network controller for the network administrator to confirm the identity, effectively manage the terminal equipment and increase the network security. General passive terminal equipment including but not limited to access control systems, projectors, etc. are all added to the permanent network service cluster.

除了使用網路時間管理系統方法來達成控管終端設備外,本發明也能用來檢測控管網路終端設備是否有異常狀態。控管終端設備於連網時間服 務叢集設定的時間外,經由網路流量檢測工具,透過網路交換機的連接埠檢測,若終端設備於管理時間外還有大量封包持續發送時,則網路管理者可於得知此訊息後去確認此終端設備是否異常,或者是否有非法使用者在時間外嘗試使用連網功能,甚至意圖攻擊其他終端設備或網路系統如分散式阻斷服務,網路管理者得以及時處理並解決終端設備問題或查出非法使用的終端設備。 In addition to using the network time management system method to control the terminal equipment, the present invention can also be used to detect whether the control network terminal equipment has an abnormal state. Control the terminal equipment in the network time server Outside the time set by the service cluster, through the network traffic detection tool, through the port detection of the network switch, if the terminal equipment continues to send a large number of packets outside the management time, the network administrator can know this information after To confirm whether the terminal device is abnormal, or whether there are illegal users trying to use the networking function outside the time, or even intending to attack other terminal devices or network systems such as distributed denial of service, the network administrator can deal with it in time and solve the problem. Terminal equipment problems or the detection of illegally used terminal equipment.

本發明方法的核心在於終端設備連網功能管理,經由設定正常連網時間服務叢集,使加入此服務叢集的終端設備只能於連網時間服務叢集設定的時間內正常使用連網功能,時間外則須經由網路管理者認可才能使用連網功能,否則須等到下次正常連網時間到時才能再次使用連網功能,並可以設定網路存取控制系統與超時連網服務。 The core of the method of the present invention lies in the management of the network connection function of the terminal equipment. By setting the normal network connection time service cluster, the terminal equipment that joins the service cluster can only use the network connection function normally within the time set by the network connection time service cluster. The network connection function must be approved by the network administrator. Otherwise, the network connection function cannot be used again until the next normal connection time. The network access control system and the timeout connection service can be set.

實作本發明是基於軟體定義網路架構,利用軟體定義網路架構可程式化的特性與網路控制器集中式管理網路交換器的特性,由網路控制器根據網路管理者設定的服務與網路時間管理系統,管理旗下的終端設備與網路控制器,來有效管理終端設備與增加網路安全,以達成終端設備控管的需求。 The implementation of the present invention is based on a software-defined network architecture, using the programmable characteristics of the software-defined network architecture and the characteristics of the network controller to centrally manage the network switch, and the network controller according to the network manager. The service and network time management system manages its terminal equipment and network controllers to effectively manage terminal equipment and increase network security to meet the needs of terminal equipment control.

綜上所述,本發明為一種基於軟體定義網路,集中式管理與控制終端設備連網功能之網路時間管理系統及其方法,相較於現有技術更具備下列優點:(1)本發明不需要綁定ISP系統,可以應用於企業區域網路。(2)本發明不須在終端上安裝軟體,只需要網路管理者於網路控制器設定相關服務,終端設備皆可納入管控。(3)相較習知技術仍是在資訊設備上安裝軟體且無統一管理機制,本發明只須於操作網路控制器則可以修改時間管理系統相關功能。(4)本發明能夠依照使用者自行定義的服務給予不同使用者動態的操作合法終端設備的網路存取時間,且可額外設定並結合外部認證機制,達到非管控時間內的網路存取需 求。(5)本發明根據網路管理者設定的網路時間管理系統,終端設備於網路時間管理內正常使用連網功能,於網路時間管理外則依據是否有超時與認證的附加服務,實施網路管理者設定的功能,此方式可以使網路管理者更有效的管理終端設備與增加網路安全。 In summary, the present invention is a network time management system and method for centrally managing and controlling the networking function of terminal equipment based on a software-defined network. Compared with the prior art, the present invention has the following advantages: (1) The present invention There is no need to bind the ISP system, and it can be applied to the enterprise local area network. (2) The present invention does not need to install software on the terminal, and only requires the network administrator to set relevant services on the network controller, and all terminal devices can be included in the management and control. (3) Compared with the prior art, software is still installed on the information equipment and there is no unified management mechanism. The present invention can modify the relevant functions of the time management system only by operating the network controller. (4) The present invention can give different users dynamic network access time for operating legal terminal devices according to user-defined services, and can additionally set and combine external authentication mechanisms to achieve network access within non-controlled time. need beg. (5) The present invention is based on the network time management system set by the network administrator. The terminal device normally uses the networking function within the network time management, and outside the network time management, it depends on whether there is an additional service of timeout and authentication, Implement the function set by the network administrator, this method can enable the network administrator to manage the terminal equipment more effectively and increase the network security.

上述實施例僅為例示性說明,而非用於限制本發明。任何熟習此項技藝之人士均可在不違背本發明之精神及範疇下,對上述實施例進行修飾與改變。因此,本發明之權利保護範圍係由本發明所附之申請專利範圍所定義,只要不影響本發明之效果及實施目的,應涵蓋於此公開技術內容中。 The above-mentioned embodiments are only illustrative, and are not intended to limit the present invention. Any person skilled in the art can modify and change the above embodiments without departing from the spirit and scope of the present invention. Therefore, the scope of the right protection of the present invention is defined by the scope of the patent application attached to the present invention, as long as the effect and implementation purpose of the present invention are not affected, it shall be included in the technical content disclosed herein.

S11-S13:步驟 S11-S13: Steps

Claims (10)

一種基於軟體定義網路之網路時間管理方法,係包括: A network time management method based on a software-defined network, comprising: 於網路控制器中創立子網路、設定網路服務閘道器以及設定連網時間和超時連網服務之資訊; Information on creating sub-networks in the network controller, setting up network service gateways, and setting connection times and timeouts for connection services; 於終端設備與該網路控制器連線時,令該網路控制器依據該子網路之資訊對該終端設備進行開通,以及將網路傳送規則設定至網路交換器中以供該終端設備使用連網功能;以及 When the terminal device is connected to the network controller, the network controller is made to activate the terminal device according to the information of the sub-network, and the network transmission rule is set in the network switch for the terminal the device uses the Internet connection; and 令該網路控制器依據該連網時間進行檢測,以於該終端設備處於該連網時間內時,使該終端設備正常使用該連網功能,而於該終端設備處於該連網時間外且設有該超時連網服務時,由網路存取控制系統執行超時處理。 Make the network controller perform detection according to the networking time, so that when the terminal device is within the networking time, the terminal device can normally use the networking function, and when the terminal device is outside the networking time and When the timeout connection service is provided, the network access control system executes timeout processing. 如請求項1所述之基於軟體定義網路之網路時間管理方法,其中,該於該網路控制器中創立子網路、設定網路服務閘道器以及設定連網時間和超時連網服務之資訊之步驟,係包括下列子步驟: The software-defined network-based network time management method as claimed in claim 1, wherein the network controller is used to create a subnet, set a network service gateway, and set a connection time and a connection timeout. The information steps of the web service include the following sub-steps: 設定該網路控制器管轄之終端設備的範圍,以成為該子網路; set the range of terminal equipment under the jurisdiction of the network controller to become the sub-network; 依據該終端設備需連線之服務閘道器,於該網路控制器中設定該子網路連接至該服務閘道器以及連接至該服務閘道器之參數; According to the service gateway to be connected to the terminal equipment, set the parameters of the sub-network to be connected to the service gateway and the parameters of the connection to the service gateway in the network controller; 創立連網時間服務叢集、超時連網服務叢集、該網路存取控制系統以及設定永久連網服務叢集,其中,該網路存取控制系統用於管控中之該終端設備的連網功能認證;以及 Create a network time service cluster, a timeout network service cluster, the network access control system, and set a permanent network service cluster, wherein the network access control system is used to manage the network connection function of the terminal device under control certification; and 設定該連網時間的時段、該超時連網服務的使用時間以及該網路存取控制系統存取之網路與認證系統。 Set the period of the connection time, the usage time of the timeout connection service, and the network and authentication system accessed by the network access control system. 如請求項1所述之基於軟體定義網路之網路時間管理方法,其中,於該網路控制器依據該子網路之資訊對該終端設備進行開通之步驟,係包括下列子步驟: The software-defined network-based network time management method according to claim 1, wherein the step of enabling the terminal device by the network controller according to the information of the sub-network includes the following sub-steps: 以匯入該終端設備資料或以自動偵測方式,令該終端設備加入創立該子網路時所建立之服務叢集中;以及 By importing the terminal equipment data or by automatic detection, the terminal equipment joins the service cluster established when the sub-network was created; and 基於各該終端設備加入之服務叢集以及服務閘道器之參數與連接埠,令該網路控制器依據該終端設備加入之服務叢集開通該終端設備之連網服務,以及產生對應之該網路傳送規則,以設定該網路傳送規則於該網路交換器中。 Based on the service clusters joined by the terminal equipment and the parameters and connection ports of the service gateway, the network controller is made to activate the network connection service of the terminal equipment according to the service clusters joined by the terminal equipment, and generate the corresponding network delivery rule, to set the network delivery rule in the network switch. 如請求項1所述之基於軟體定義網路之網路時間管理方法,其中,該網路控制器依據該連網時間進行檢測之步驟係包括令該網路控制器定期檢查目前時間是否在設定之該連網時間內,以於該目前時間在該連網時間內時,進一步判斷是否已開通服務,而若該目前時間不在該連網時間內時,則執行該超時處理。 The software-defined network-based network time management method as claimed in claim 1, wherein the step of the network controller detecting according to the network connection time includes making the network controller periodically check whether the current time is set When the current time is within the network connection time, it is further judged whether the service has been activated, and if the current time is not within the network connection time, the timeout processing is executed. 如請求項4所述之基於軟體定義網路之網路時間管理方法,其中,該判斷是否已開通服務步驟係包括:令該網路控制器判斷連網時間服務叢集內之終端設備是否已開通過服務,若已通過,則持續定期檢測是否超時,而若未開通,則進行該終端設備之服務開通。 The software-defined network-based network time management method according to claim 4, wherein the step of judging whether the service has been activated comprises: making the network controller determine whether the terminal equipment in the network time service cluster has been activated Through the service, if it has passed, it will continue to periodically check whether it has timed out, and if it has not been activated, the service activation of the terminal device will be carried out. 如請求項1所述之基於軟體定義網路之網路時間管理方法,其中,該網路存取控制系統執行超時處理之步驟係包括: The software-defined network-based network time management method as claimed in claim 1, wherein the step of executing the timeout processing by the network access control system comprises: 於該網路控制器設定有該網路存取控制系統及該超時連網服務下,令該終端設備連線至該網路存取控制系統,以由該網路存取控制系統進行認證;以及 When the network controller is configured with the network access control system and the timeout networking service, the terminal device is connected to the network access control system for authentication by the network access control system ;as well as 於該終端設備認證成功後,令該網路控制器開通該終端設備之連網功能,並 定時檢測是否達到超時連網時間。 After the terminal device is successfully authenticated, make the network controller enable the network connection function of the terminal device, and Regularly detect whether the timeout connection time is reached. 如請求項6所述之基於軟體定義網路之網路時間管理方法,其中,令該終端設備連線至該網路存取控制系統以由該網路存取控制系統進行認證之步驟,係包括下列子步驟: The software-defined network-based network time management method as described in claim 6, wherein the step of connecting the terminal device to the network access control system for authentication by the network access control system is: Includes the following sub-steps: 令該網路控制器清除該終端設備位於該網路交換器之該網路傳送規則;以及 cause the network controller to clear the network routing rule for the end device at the network switch; and 令該網路控制器依據創立該子網路時所設定的附加服務,於該網路交換器中設定連線至該網路存取控制系統的網路傳送規則,以使該終端設備僅能連線至該網路存取控制系統進行認證。 Make the network controller set in the network switch a network transmission rule for connecting to the network access control system according to the additional service set when the sub-network is created, so that the terminal device can only Connect to the network access control system for authentication. 如請求項6所述之基於軟體定義網路之網路時間管理方法,其中,令該網路控制器開通該終端設備之連網功能之步驟,係包括下列子步驟: The software-defined network-based network time management method as described in claim 6, wherein the step of enabling the network controller to activate the networking function of the terminal device includes the following sub-steps: 令該網路控制器將認證通過之終端設備加入超時連網服務叢集並開通服務,以產生該認證通過之終端設備連線至該服務閘道器的超時網路傳送規則,再傳送該超時網路傳送規則至該網路交換器中,俾使該認證通過之終端設備於該超時連網服務的時間內正常使用該連網功能;以及 Make the network controller add the authenticated terminal device to the timeout network service cluster and activate the service, so as to generate a timeout network transmission rule for connecting the authenticated terminal device to the service gateway, and then transmit the The timeout network transmission rule is sent to the network switch, so that the terminal equipment that has passed the authentication can normally use the network connection function within the time period of the timeout network connection service; and 令該網路控制器持續檢測該超時連網服務叢集內之終端設備超時時間,以於使用時間內,令該認證通過之終端設備繼續使用該連網功能,以及於時間到後,由該網路控制器移除該認證通過之終端設備的該超時網路傳送規則。 Make the network controller continue to detect the timeout period of the terminal equipment in the timeout networking service cluster, so that the terminal equipment that has passed the authentication continues to use the networking function within the use time, and after the time expires, the The network controller removes the timeout network delivery rule for the authenticated terminal device. 如請求項1所述之基於軟體定義網路之網路時間管理方法,復包括利用網路流量檢測工具檢測該網路交換機之連接埠,以於該終端設備在該連網時間或該超時連網服務外仍有超過預定數量之封包持續發送時,判斷該終端設備為異常。 The software-defined network-based network time management method as described in claim 1, further comprising using a network traffic detection tool to detect the connection port of the network switch, so that when the terminal device is connected to the network time or the timeout When more than a predetermined number of packets continue to be sent outside the networking service, it is determined that the terminal device is abnormal. 一種基於軟體定義網路之網路時間管理系統,係包括: A network time management system based on a software-defined network, comprising: 伺服器,係用於儲存終端設備之連網時間及超時連網服務之資訊; The server is used to store the connection time of the terminal device and the information of the overtime connection service; 網路交換器,係用於傳送封包; a network switch, which is used to transmit packets; 實體控制器,係用於將網路傳送規則設定至該網路交換器中,且該實體控制器內具有用於定期檢查時間之計時器;以及 a physical controller for setting network transmission rules in the network switch, and having a timer for periodically checking the time in the physical controller; and 網路存取控制系統,係用於在該終端設備處於該連網時間外且設有該超時連網服務時,執行該終端設備之連網認證, A network access control system is used to execute the network authentication of the terminal device when the terminal device is outside the network connection time and the timeout network connection service is provided, 其中,該計時器用於確認目前時間是否處於該連網時間,以於該目前時間處於該連網時間時,透過該網路交換器傳送該終端設備所發出之封包至服務閘道器以及透過該網路交換器接收由該服務閘道器所回傳之回應封包,而於該目前時間為該連網時間外且設有該超時連網服務時,經由該網路存取控制系統進行認證,以將新的網路傳送規則紀錄於該伺服器並更新該網路交換器中原本的網路傳送規則,俾使該終端設備發出之封包由該網路交換器傳送。 Wherein, the timer is used to confirm whether the current time is at the connection time, so that when the current time is at the connection time, the network switch sends the packet sent by the terminal device to the service gateway and through the network switch The network switch receives the response packet returned by the service gateway, and performs authentication through the network access control system when the current time is outside the networking time and the timeout networking service is provided , so as to record the new network transmission rule in the server and update the original network transmission rule in the network switch, so that the packet sent by the terminal device is transmitted by the network switch.
TW109139528A 2020-11-12 2020-11-12 Time management system based on software defined network and method thereof TWI730925B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW109139528A TWI730925B (en) 2020-11-12 2020-11-12 Time management system based on software defined network and method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW109139528A TWI730925B (en) 2020-11-12 2020-11-12 Time management system based on software defined network and method thereof

Publications (2)

Publication Number Publication Date
TWI730925B TWI730925B (en) 2021-06-11
TW202220413A true TW202220413A (en) 2022-05-16

Family

ID=77517475

Family Applications (1)

Application Number Title Priority Date Filing Date
TW109139528A TWI730925B (en) 2020-11-12 2020-11-12 Time management system based on software defined network and method thereof

Country Status (1)

Country Link
TW (1) TWI730925B (en)

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7634283B2 (en) * 2006-09-11 2009-12-15 Eaton Corporation Wireless communication network, sub-system therefor and method of configuring a non-native network device employing an adapter
TW200833007A (en) * 2007-01-19 2008-08-01 Plantynet Taiwan Co Ltd Management method for network connection time and system thereof
US7640460B2 (en) * 2007-02-28 2009-12-29 Microsoft Corporation Detect user-perceived faults using packet traces in enterprise networks
US8693332B2 (en) * 2009-06-30 2014-04-08 New Renaissance Technology And Intellectual Property Flow state aware management of QoS through dynamic aggregate bandwidth adjustments
CN103249059B (en) * 2012-02-13 2017-03-22 联想(北京)有限公司 Monitoring method and device and equipment
WO2020034106A1 (en) * 2018-08-14 2020-02-20 Oppo广东移动通信有限公司 Network access method, terminal device and network device

Also Published As

Publication number Publication date
TWI730925B (en) 2021-06-11

Similar Documents

Publication Publication Date Title
US8510803B2 (en) Dynamic network access control method and apparatus
US7568107B1 (en) Method and system for auto discovery of authenticator for network login
US7581249B2 (en) Distributed intrusion response system
US10938819B2 (en) Poisoning protection for process control switches
CA2570783C (en) Systems, methods and computer-readable media for regulating remote access to a data network
JP5318111B2 (en) Various methods and apparatus for a central management station for automatically distributing configuration information to remote devices
US11258794B2 (en) Device category based authentication
US20050198374A1 (en) Network management method and network managing server
US8751647B1 (en) Method and apparatus for network login authorization
Pradana et al. The dhcp snooping and dhcp alert method in securing dhcp server from dhcp rogue attack
US8555372B2 (en) Automatic firewall configuration
TWI730925B (en) Time management system based on software defined network and method thereof
Cisco Configuring Security
TWI692956B (en) Ipv6 accessing management system based on software defined network and method thereof
Cisco Increasing Security on IP Networks
Cisco Increasing Security on IP Networks
Cisco Increasing Security on IP Networks
Cisco Increasing Security on IP Networks
Cisco Increasing Security on IP Networks
Cisco Increasing Security on IP Networks
Cisco Increasing Security on IP Networks
Cisco Increasing Security on IP Networks
Cisco Increasing Security on IP Networks
Cisco Increasing Security on IP Networks
Cisco Increasing Security on IP Networks