WO2012037817A1 - Method and system for implementing strategy synchronization - Google Patents

Method and system for implementing strategy synchronization Download PDF

Info

Publication number
WO2012037817A1
WO2012037817A1 PCT/CN2011/074749 CN2011074749W WO2012037817A1 WO 2012037817 A1 WO2012037817 A1 WO 2012037817A1 CN 2011074749 W CN2011074749 W CN 2011074749W WO 2012037817 A1 WO2012037817 A1 WO 2012037817A1
Authority
WO
WIPO (PCT)
Prior art keywords
service
deep packet
packet inspection
racf
information
Prior art date
Application number
PCT/CN2011/074749
Other languages
French (fr)
Chinese (zh)
Inventor
杨波
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2012037817A1 publication Critical patent/WO2012037817A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/02Capturing of monitoring data
    • H04L43/028Capturing of monitoring data by filtering

Definitions

  • the present invention relates to the field of communications, and in particular, to a method and system for implementing policy synchronization in an NGN (Network Generation Network) environment.
  • NGN Network Generation Network
  • DPI technology is called “Deep Packet Inspection” and is called “deep packet inspection”. The so-called “depth” is compared with the normal message analysis hierarchy. "Common message detection” only analyzes the contents of the IP packet below 4 layers, including the source address, destination address, source port, destination port, and protocol type. In addition to the previous analytic hierarchy analysis, DPI also adds application layer analysis to identify various applications and their content.
  • the RACF Resource and Admission Control Function
  • the RACF includes: PD-FE (Policy Decision Function Entity) and The TRC-FE, the PD-FE is based on the media stream session information (obtained from the SCF (Service Control Function)), and the user's transmission resource subscription information (obtained from the NACF (Network Attachment Control Function) Make a preliminary QoS (Quality Of Service) resource decision, and then interact with TRC-FE (Transport Resource Control Function Entity) to confirm whether there are enough QoS resources, and finally make a final The decision is made and the decision is sent to the PE-FE (Policy Execute Function Entity).
  • SCF Service Control Function
  • NACF Network Attachment Control Function
  • the DPI cannot satisfy the policy synchronization of the service.
  • the uplink traffic of the FTP application passes through the DPI A and then goes to the application server through the network routing.
  • the downlink traffic passes through the network routing and then passes through the DPI B to reach the user side. This may duplicate a service by the DPI A and DPI B devices. Identification, at the same time may lead to the same business, in DPI
  • the control rules on A and DPI B are different.
  • the present invention provides a method for implementing policy synchronization, including: all the deep packet inspection devices in the network identify the service flow, and if the first deep packet inspection device identifies a service, the service is Corresponding connection information and service information reporting resource admission control function (RACF) device;
  • RAF resource admission control function
  • the step of identifying the service flow by all the deep packet detecting devices in the network includes: Each deep packet detecting device identifies the service flow passing through the deep packet detecting device according to the preset service identification template.
  • the step of determining, by the RACF device, the service control policy according to the service information includes: the RACF device acquiring the subscription information of the service and the user according to the service information, and determining the service control policy according to the network usage situation.
  • each deep packet inspection device Before identifying the service flow, each deep packet inspection device registers with the RACF device to carry information of the deep packet inspection device.
  • FIG. 4 is a schematic diagram of a system for implementing policy synchronization according to an embodiment of the present invention. As shown in FIG. 4, the system mainly includes: a RACF device and multiple DPI devices, such as DPI A, DPI B, DPI C, and DPI D.
  • a RACF device and multiple DPI devices, such as DPI A, DPI B, DPI C, and DPI D.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A method and system for implementing strategy synchronization are provided in the present invention. The method comprises: all deep packet inspection (DPI) devices in a network perform service flow recognition, and if a first DPI device recognizes a service, the connection information and service information corresponding to the service are reported to a resource and admission control function (RACF) device; the RACF device determines a service control strategy according to the service information and transmits the connection information and the service control strategy to the all DPI devices in the network; the all DPI devices in the network perform service recognition according to the connection information; if recognizing the service according to the connection information, a second DPI device controlles the service according to the service control strategy. The present invention can solve the problem of the implementation of strategy synchronization of the DPI devices under a network generation network (NGN) environment.

Description

一种实现策略同步的方法及系统  Method and system for realizing policy synchronization
技术领域 Technical field
本发明涉及通信领域,并且特别地,涉及一种在 NGN( Network Generation Network, 下一代网络)环境下的实现策略同步的方法及系统。  The present invention relates to the field of communications, and in particular, to a method and system for implementing policy synchronization in an NGN (Network Generation Network) environment.
背景技术 Background technique
DPI技术全称为 "Deep Packet Inspection" , 称为 "深度包检测" 。 所谓 "深度" 是和普通的报文分析层次相比较而言的, "普通报文检测" 仅分析 IP包的 4层以下的内容, 包括源地址、 目的地址、 源端口、 目的端口以及协 议类型, 而 DPI 除了对前面的层次分析外, 还增加了应用层分析, 能识别各 种应用及其内容。  DPI technology is called "Deep Packet Inspection" and is called "deep packet inspection". The so-called "depth" is compared with the normal message analysis hierarchy. "Common message detection" only analyzes the contents of the IP packet below 4 layers, including the source address, destination address, source port, destination port, and protocol type. In addition to the previous analytic hierarchy analysis, DPI also adds application layer analysis to identify various applications and their content.
釆用 IP分组技术作为承载网技术, 并融合固定通信和移动通信, 可以提 供更丰富的多媒体业务。 ITU ( International Telecommunication Union, 国际电 信联盟) 的架构如图 1所示, 其中, RACF ( Resource and Admission Control Function, 资源接纳控制功能) 包括: PD-FE ( Policy Decision Function Entity, 策略决策功能实体)和 TRC-FE, PD-FE基于媒体流会话信息(从 SCF( Service Control Function, 业务控制功能实体)获取)、 用户的传输资源签约信息(从 NACF ( Network Attachment Control Function, 网络附属控制功能实体)获取 ) 做出初步的 QoS ( Quality Of Service, 服务品质) 资源决策, 然后与 TRC-FE ( Transport Resource Control Function Entity, 传输资源控制功能实体)交互以 确认是否有足够的 QoS 资源, 最后做出一个最终决策, 并将该决策下发给 PE-FE ( Policy Execute Function Entity, 策略执行功能实体)执行。  Using IP packet technology as the bearer network technology, and combining fixed and mobile communications, it can provide richer multimedia services. The architecture of the ITU (International Telecommunication Union) is shown in Figure 1. The RACF (Resource and Admission Control Function) includes: PD-FE (Policy Decision Function Entity) and The TRC-FE, the PD-FE is based on the media stream session information (obtained from the SCF (Service Control Function)), and the user's transmission resource subscription information (obtained from the NACF (Network Attachment Control Function) Make a preliminary QoS (Quality Of Service) resource decision, and then interact with TRC-FE (Transport Resource Control Function Entity) to confirm whether there are enough QoS resources, and finally make a final The decision is made and the decision is sent to the PE-FE (Policy Execute Function Entity).
现有的 NGN环境中, 由于网络选路等的原因, 当网络的一个业务的上下 行流量不经过同一个 DPI设备时, 则 DPI不能满足对该业务的策略同步。 如 图 2所示, 例如 FTP应用的上行流量经过 DPI A后经过网络选路到达应用服 务器, 下行流量经过网络选路后经过 DPI B到达用户侧, 这样可能一个业务 被 DPI A和 DPI B设备重复识别,与此同时可能导致对于同一个业务,在 DPI A和 DPI B上的控制规则不同。 In the existing NGN environment, due to network routing, etc., when the uplink and downlink traffic of one service of the network does not pass through the same DPI device, the DPI cannot satisfy the policy synchronization of the service. As shown in Figure 2, the uplink traffic of the FTP application passes through the DPI A and then goes to the application server through the network routing. The downlink traffic passes through the network routing and then passes through the DPI B to reach the user side. This may duplicate a service by the DPI A and DPI B devices. Identification, at the same time may lead to the same business, in DPI The control rules on A and DPI B are different.
发明内容 Summary of the invention
本发明的目的是提供一种实现策略同步的方法及系统,以实现在 NGN环 境下 DPI设备的策略同步。  It is an object of the present invention to provide a method and system for implementing policy synchronization to achieve policy synchronization of DPI devices in an NGN environment.
为了解决上述技术问题, 本发明提供了一种实现策略同步的方法, 包括: 网络中所有的深度包检测设备对业务流进行识别, 若第一深度包检测设 备识别出一业务, 则将该业务对应的连接信息和业务信息上报资源接纳控制 功能(RACF )装置;  In order to solve the above technical problem, the present invention provides a method for implementing policy synchronization, including: all the deep packet inspection devices in the network identify the service flow, and if the first deep packet inspection device identifies a service, the service is Corresponding connection information and service information reporting resource admission control function (RACF) device;
所述 RACF装置根据所述业务信息确定业务控制策略,然后将所述连接 信息和所述业务控制策略下发给网络中所有的深度包检测设备; 以及 所述网络中所有的深度包检测设备根据所述连接信息进行业务识别, 若 第二深度包检测设备根据所述连接信息识别出所述业务, 则根据所述业务控 制策略对该业务进行控制。  Determining, by the RACF device, a service control policy according to the service information, and then sending the connection information and the service control policy to all deep packet inspection devices in the network; and all deep packet inspection devices in the network according to The connection information is used for service identification. If the second deep packet inspection device identifies the service according to the connection information, the service is controlled according to the service control policy.
所述网络中所有的深度包检测设备对业务流进行识别的步骤包括: 每个深度包检测设备按照预设的业务识别模板对经过本深度包检测设备 的业务流进行识别。  The step of identifying the service flow by all the deep packet detecting devices in the network includes: Each deep packet detecting device identifies the service flow passing through the deep packet detecting device according to the preset service identification template.
所述 RACF装置根据所述业务信息确定业务控制策略的步骤包括: 所述 RACF装置根据所述业务信息获取所述业务与用户的签约信息, 并 结合网络使用情况确定所述业务控制策略。  The step of determining, by the RACF device, the service control policy according to the service information includes: the RACF device acquiring the subscription information of the service and the user according to the service information, and determining the service control policy according to the network usage situation.
上述方法还包括:  The above methods also include:
在根据所述连接信息进行业务识别之前, 每个深度包检测设备将所述连 接信息添加到自身的业务识别模板中。  Each deep packet inspection device adds the connection information to its own service identification template before performing service identification based on the connection information.
上述方法还包括:  The above methods also include:
在对业务流进行识别之前,每个深度包检测设备向所述 RACF装置注册, 携带本深度包检测设备的信息。  Before identifying the service flow, each deep packet inspection device registers with the RACF device to carry information of the deep packet inspection device.
为了解决上述问题, 本发明还提供了一种实现策略同步的系统, 包括多 个深度包检测设备和一资源接纳控制功能(RACF )装置, 其中, 所述深度包检测设备设置成: 对业务流进行识别, 若识别出一业务, 则 将该业务对应的连接信息和业务信息上报所述 RACF装置; 以及, 根据所述 RACF装置下发的连接信息进行业务识别, 若识别出与所述 RACF装置下发 的连接信息对应的业务, 则根据所述 RACF装置下发的业务控制策略对该业 务进行控制; In order to solve the above problems, the present invention also provides a system for implementing policy synchronization, including multiple a deep packet inspection device and a resource admission control function (RACF) device, wherein the deep packet inspection device is configured to: identify a service flow, and if a service is identified, the connection information and service information corresponding to the service And reporting the RACF device; and performing service identification according to the connection information sent by the RACF device, and if the service corresponding to the connection information sent by the RACF device is identified, performing service control according to the RACF device The policy controls the business;
所述 RACF装置设置成:在接收到所述深度包检测设备上报的连接信息 和业务信息后, 根据所接收到的业务信息确定业务控制策略, 然后将所接收 到的连接信息和所确定的业务控制策略下发给所述深度包检测设备。  The RACF device is configured to: after receiving the connection information and the service information reported by the deep packet inspection device, determine a service control policy according to the received service information, and then the received connection information and the determined service The control policy is sent to the deep packet inspection device.
所述深度包检测设备是设置成通过如下方式对业务流进行识别: 按照预 设的业务识别模板对经过本深度包检测设备的业务流进行识别。  The deep packet inspection device is configured to identify the service flow by: identifying the service flow passing through the deep packet inspection device according to the preset service identification template.
所述 RACF装置是设置成通过如下方式确定所述业务控制策略: 根据所 接收到的业务信息获取业务与用户的签约信息, 并结合网络使用情况确定所 述业务控制策略。  The RACF device is configured to determine the service control policy by: obtaining subscription information between the service and the user according to the received service information, and determining the service control policy according to the network usage.
所述深度包检测设备还设置成: 在根据所述 RACF装置下发的连接信息 进行业务识别之前, 将所述 RACF装置下发的连接信息添加到自身的业务识 别模板中, 该连接信息包括: 业务的目的 IP地址、 源 IP地址、 目的端口、 源端口和协议类型。 所述深度包检测设备还设置成:在对业务流进行识别之前,向所述 RACF 装置注册, 携带本深度包检测设备的信息。  The deep packet inspection device is further configured to: add the connection information delivered by the RACF device to the service identification template of the RACF device, and the connection information includes: Destination IP address, source IP address, destination port, source port, and protocol type of the service. The deep packet inspection device is further configured to register with the RACF device to carry information of the deep packet inspection device before identifying the service flow.
综上,本发明提供的实现策略同步的方法及系统,解决了 NGN环境下实 现 DPI设备策略同步的问题。 In summary, the method and system for implementing policy synchronization provided by the present invention solves the problem of realizing DPI device policy synchronization in an NGN environment.
附图概述 BRIEF abstract
附图用来提供对本发明的进一步理解, 并且构成说明书的一部分, 与本 发明的实施例一起用于解释本发明, 并不构成对本发明的限制。 在附图中: 图 1为现有 NGN架构示意图; 图 2为现有技术中业务不经过同一 DPI设备情况的示意图; 图 3为本发明的 NGN架构示意图; The drawings are intended to provide a further understanding of the invention, and are intended to be a part of the description of the invention. In the drawings: Figure 1 is a schematic diagram of an existing NGN architecture; 2 is a schematic diagram of a situation in which a service does not pass through the same DPI device in the prior art; FIG. 3 is a schematic diagram of an NGN architecture of the present invention;
图 4为本发明实施例的一种实现策略同步的系统的示意图;  4 is a schematic diagram of a system for implementing policy synchronization according to an embodiment of the present invention;
图 5为本发明实施例的一种实现策略同步的方法的流程图。  FIG. 5 is a flowchart of a method for implementing policy synchronization according to an embodiment of the present invention.
本发明的较佳实施方式 Preferred embodiment of the invention
本发明提供的一种在 NGN环境下实现 DPI设备策略同步的方法, 由于 现在架构中 DPI与 NGN的资源接纳控制功能(RACF )装置没有接口 (如图 1 所示) , 所以首先需要在这两个设备之间设置接口 (如图 3所示) , 完成 DPI设备与 RACF装置之间策略信息的交互。  The present invention provides a method for implementing DPI device policy synchronization in an NGN environment. Since the DPI and the NGN resource admission control function (RACF) device have no interface (as shown in FIG. 1), the first need to be in the two. Interfaces are set up between devices (as shown in Figure 3) to complete the interaction of policy information between the DPI device and the RACF device.
本发明的核心是, 当一 DPI设备识别出一具体业务时, 该 DPI设备将识 别出的业务的连接信息和业务信息上报 RACF装置, RACF装置根据业务信 息确定出相应的业务控制策略之后, 将该连接信息和相应的业务控制策略下 发给网络中所有的 DPI设备进行业务识别, 这样 DPI设备对于同一业务的业 务控制策略相同,不能出现对于同一业务的上下行釆取不同的业务控制策略, 即可达到策略同步的目的。  The core of the present invention is that when a DPI device identifies a specific service, the DPI device reports the connection information and the service information of the identified service to the RACF device, and after determining the corresponding service control policy according to the service information, the RACF device will The connection information and the corresponding service control policy are sent to all the DPI devices in the network for service identification, so that the DPI device has the same service control policy for the same service, and cannot perform different service control policies for the uplink and downlink of the same service. The goal of policy synchronization can be achieved.
为了更好地理解本发明, 下面结合附图和具体实施例对本发明作进一步 地描述。  For a better understanding of the invention, the invention will be further described in conjunction with the drawings and specific embodiments.
图 4为本发明实施例的一种实现策略同步的系统的示意图,如图 4所示, 本系统主要包括: RACF装置和多个 DPI设备, 如 DPI A、 DPI B、 DPI C和 DPI D。  FIG. 4 is a schematic diagram of a system for implementing policy synchronization according to an embodiment of the present invention. As shown in FIG. 4, the system mainly includes: a RACF device and multiple DPI devices, such as DPI A, DPI B, DPI C, and DPI D.
网络中的 DPI设备 A、 B、 C、 D均向 RACF注册, 告知 RACF该网络中 可用的 DPI设备的信息, 包括但不限于 DPI的网络地址, 容量, 设备状态等 信息。 当 DPI A设备根据特征字 (比如说 BT下载业务在报文中会有特征的 字段 bittorrent, 那么通过识别 bittorrent, DPI设备就知道这是个 BT业务, 其 中的 bittorrent就是特征字 )发现一个业务流(例如, FTP ( File Transportation Protocol, 文件传输协议)业务) 时将相应的连接信息告知 RACF, RACF查 询 NACF的用户签约信息, 并结合网络情况进行业务控制策略决策, 例如决 策业务的流量、 速率和业务的优先级等的业务控制策略, 将决策的业务控制 策略和连接信息告知网络中 DPI 的 A、 B、 C、 D设备, 网络中的 ^ C、 D 设备根据收到的连接信息查找该连接数据流, 当 DPI设备 D发现该连接业务 流时, 按照接收到的控制策略对该业务流进行控制。 The DPI devices A, B, C, and D in the network are all registered with the RACF to inform the RACF of the information of the DPI devices available in the network, including but not limited to the network address, capacity, and device status of the DPI. When the DPI A device according to the feature word (for example, the BT download service has a characteristic bittorrent in the message, then by identifying the bittorrent, the DPI device knows that this is a BT service, and the bittorrent is a feature word) discovers a service flow ( For example, when the FTP (File Transfer Protocol) service is used, the corresponding connection information is notified to the RACF. The RACF queries the NACF user subscription information and makes business control policy decisions based on the network conditions. The service control policy, such as the traffic, rate, and service priority of the service, informs the API, A, B, C, and D devices of the DPI in the network, and the ^C and D devices in the network according to the received service control policy and connection information. The connection information is found to find the connection data stream. When the DPI device D discovers the connection service flow, the service flow is controlled according to the received control policy.
图 5为本发明实施例的一种实现策略同步的方法的流程图,如图 5所示, 包括下面步骤: FIG. 5 is a flowchart of a method for implementing policy synchronization according to an embodiment of the present invention. As shown in FIG. 5, the method includes the following steps:
S10、 DPI设备对业务流进行识别, 若一 DPI设备识别出一业务, 则将该 业务的连接信息和业务信息上报 RACF装置;  S10. The DPI device identifies the service flow. If a DPI device identifies a service, the connection information and the service information of the service are reported to the RACF device.
具体地, 网络中的各个 DPI设备可以按照预设的业务识别模板, 如 BT 业务的识别模板为关键字 Bittorrent, DPI设备深度识别经过自身的业务流, 当识别出业务时,提取该业务的连接信息,如网络五元组信息、 目的 IP地址、 源 IP地址、 目的端口、 源端口和协议类型等连接信息; 还提取该业务信息, 比如, VOIP的电话业务信息等。  Specifically, each DPI device in the network may use a preset service identification template, such as an identification template of the BT service as a keyword Bittorrent, and the DPI device deeply identifies the service flow through itself, and when the service is identified, the connection of the service is extracted. Information, such as network quintuple information, destination IP address, source IP address, destination port, source port, and protocol type, etc.; also extracts the service information, such as VOIP telephone service information.
S20、 RACF装置根据所述业务信息确定相应的控制策略;  S20. The RACF device determines a corresponding control policy according to the service information.
具体地, 上述 DPI设备将该业务的连接信息上报 RAC F装置后, RACF 装置查询 NACF, 获取该业务和用户的签约信息, 并结合网络使用情况确定 控制策略。  Specifically, after the DPI device reports the connection information of the service to the RAC F device, the RACF device queries the NACF, obtains the subscription information of the service and the user, and determines the control policy according to the network usage.
S30、 RACF将连接信息和控制策略下发给网络中所有的 DPI设备;  S30, the RACF sends the connection information and the control policy to all DPI devices in the network;
S40、 网络中所有的 DPI设备根据所述连接信息进行业务识别, 若一 DPI 设备根据所述连接信息识别出业务, 则根据所述控制策略对该业务进行相应 的控制;  S40. All DPI devices in the network perform service identification according to the connection information. If a DPI device identifies a service according to the connection information, the service is controlled according to the control policy.
具体地, RACF将连接信息和控制策略下发给网络中所有的 DPI设备, 当其他的 DPI设备收到该连接信息和控制策略后, 将该连接信息添加到业务 识别模板, 以便加速查找。  Specifically, the RACF sends the connection information and the control policy to all DPI devices in the network. After receiving the connection information and the control policy, the other DPI devices add the connection information to the service identification template to speed up the search.
网络中所有 DPI设备查找新的业务识别模板(即, 新的连接信息) , 如 果发现有此连接, 则认为发现了对应的业务, 则根据收到的 RACF的控制策 略对该业务进行相应的控制。 根据上述方法可实现网络内同一业务的控制策略, 并提高 DPI设备深度 识别的效率。 All DPI devices in the network find a new service identification template (that is, new connection information). If the connection is found, the corresponding service is considered to be found, and the service is controlled according to the received RACF control policy. . According to the above method, the control strategy of the same service in the network can be realized, and the efficiency of deep recognition of the DPI device can be improved.
本领域普通技术人员可以理解上述方法中的全部或部分步骤可通过程序 来指令相关硬件完成, 所述程序可以存储于计算机可读存储介质中, 如只读 存储器、 磁盘或光盘等。 可选地, 上述实施例的全部或部分步骤也可以使用 一个或多个集成电路来实现。 相应地, 上述实施例中的各模块 /单元可以釆用 硬件的形式实现, 也可以釆用软件功能模块的形式实现。 本发明不限制于任 何特定形式的硬件和软件的结合。 One of ordinary skill in the art will appreciate that all or a portion of the above steps may be accomplished by a program instructing the associated hardware, such as a read-only memory, a magnetic disk, or an optical disk. Alternatively, all or part of the steps of the above embodiments may also be implemented using one or more integrated circuits. Correspondingly, each module/unit in the above embodiment may be implemented in the form of hardware or in the form of a software function module. The invention is not limited to any specific form of combination of hardware and software.
以上仅为本发明的优选实施例, 当然, 本发明还可有其他多种实施例, 在不背离本发明精神及其实质的情况下, 熟悉本领域的技术人员当可根据本 发明作出各种相应的改变和变形, 但这些相应的改变和变形都应属于本发明 所附的权利要求的保护范围。 The above is only a preferred embodiment of the present invention, and of course, the present invention may be embodied in various other embodiments without departing from the spirit and scope of the invention. Corresponding changes and modifications are intended to be included within the scope of the appended claims.
工业实用性 Industrial applicability
与现有技术相比, 本发明提供的实现策略同步的方法及系统, 解决了 NGN环境下实现 DPI设备策略同步的问题。  Compared with the prior art, the method and system for implementing policy synchronization provided by the present invention solves the problem of implementing DPI device policy synchronization in an NGN environment.

Claims

权 利 要 求 书 Claim
1、 一种实现策略同步的方法, 包括:  1. A method for implementing policy synchronization, comprising:
网络中所有的深度包检测设备对业务流进行识别, 若第一深度包检测设 备识别出一业务, 则将该业务对应的连接信息和业务信息上报资源接纳控制 功能(RACF )装置;  All the deep packet inspection devices in the network identify the service flow, and if the first deep packet inspection device identifies a service, the connection information and the service information corresponding to the service are reported to the resource admission control function (RACF) device;
所述 RACF装置根据所述业务信息确定业务控制策略,然后将所述连接 信息和所述业务控制策略下发给网络中所有的深度包检测设备; 以及 所述网络中所有的深度包检测设备根据所述连接信息进行业务识别, 若 第二深度包检测设备根据所述连接信息识别出所述业务, 则根据所述业务控 制策略对该业务进行控制。  Determining, by the RACF device, a service control policy according to the service information, and then sending the connection information and the service control policy to all deep packet inspection devices in the network; and all deep packet inspection devices in the network according to The connection information is used for service identification. If the second deep packet inspection device identifies the service according to the connection information, the service is controlled according to the service control policy.
2、 如权利要求 1所述的方法, 其中, 所述网络中所有的深度包检测设备 对业务流进行识别的步骤包括:  2. The method according to claim 1, wherein the step of identifying, by the deep packet detecting device in the network, the service flow comprises:
每个深度包检测设备按照预设的业务识别模板对经过本深度包检测设备 的业务流进行识别。  Each deep packet inspection device identifies the service flow passing through the deep packet inspection device according to a preset service identification template.
3、 如权利要求 1所述的方法, 其中, 所述 RACF装置根据所述业务信息 确定业务控制策略的步骤包括:  3. The method according to claim 1, wherein the step of determining, by the RACF device, the service control policy according to the service information comprises:
所述 RACF装置根据所述业务信息获取所述业务与用户的签约信息, 并 结合网络使用情况确定所述业务控制策略。  The RACF device acquires subscription information of the service and the user according to the service information, and determines the service control policy according to the network usage.
4、 如权利要求 1-3任一项所述的方法, 还包括:  4. The method of any of claims 1-3, further comprising:
在根据所述连接信息进行业务识别之前, 每个深度包检测设备将所述连 接信息添加到自身的业务识别模板中。  Each deep packet inspection device adds the connection information to its own service identification template before performing service identification based on the connection information.
5、 如权利要求 4所述的方法, 还包括:  5. The method of claim 4, further comprising:
每个深度包检测设备在对业务流进行识别之前,向所述 RACF装置注册, 携带本深度包检测设备的信息。  Each deep packet inspection device registers with the RACF device to carry information of the deep packet inspection device before identifying the traffic flow.
6、一种实现策略同步的系统, 包括多个深度包检测设备和一资源接纳控 制功能(RACF )装置, 其中, 6. A system for implementing policy synchronization, comprising a plurality of deep packet inspection devices and a resource admission control function (RACF) device, wherein
所述深度包检测设备设置成: 对业务流进行识别, 若识别出一业务, 则 将该业务对应的连接信息和业务信息上报所述 RACF装置; 以及, 根据所述 RACF装置下发的连接信息进行业务识别, 若识别出与所述 RACF装置下发 的连接信息对应的业务, 则根据所述 RACF装置下发的业务控制策略对该业 务进行控制; The deep packet inspection device is configured to: identify a service flow, and if a service is identified, Reporting the connection information and the service information corresponding to the service to the RACF device; and performing service identification according to the connection information sent by the RACF device, and if the service corresponding to the connection information sent by the RACF device is identified, Controlling the service according to the service control policy delivered by the RACF device;
所述 RACF装置设置成:在接收到所述深度包检测设备上报的连接信息 和业务信息后, 根据所接收到的业务信息确定业务控制策略, 然后将所接收 到的连接信息和所确定的业务控制策略下发给所述深度包检测设备。  The RACF device is configured to: after receiving the connection information and the service information reported by the deep packet inspection device, determine a service control policy according to the received service information, and then the received connection information and the determined service The control policy is sent to the deep packet inspection device.
7、 如权利要求 6所述的系统, 其中,  7. The system of claim 6 wherein
所述深度包检测设备是设置成通过如下方式对业务流进行识别: 按照预 设的业务识别模板对经过本深度包检测设备的业务流进行识别。  The deep packet inspection device is configured to identify the service flow by: identifying the service flow passing through the deep packet inspection device according to the preset service identification template.
8、 如权利要求 6所述的系统, 其中,  8. The system of claim 6 wherein
所述 RACF装置是设置成通过如下方式确定所述业务控制策略: 根据所 接收到的业务信息获取业务与用户的签约信息, 并结合网络使用情况确定所 述业务控制策略。  The RACF device is configured to determine the service control policy by: obtaining subscription information between the service and the user according to the received service information, and determining the service control policy according to the network usage.
9、 如权利要求 6-8任一项所述的系统, 其中,  9. The system of any of claims 6-8, wherein
所述深度包检测设备还设置成: 在根据所述 RACF装置下发的连接信息 进行业务识别之前, 将所述 RACF装置下发的连接信息添加到自身的业务识 别模板中, 该连接信息包括: 业务的目的 IP地址、 源 IP地址、 目的端口、 源端口和协议类型。  The deep packet inspection device is further configured to: add the connection information delivered by the RACF device to the service identification template of the RACF device, and the connection information includes: Destination IP address, source IP address, destination port, source port, and protocol type of the service.
10、 如权利要求 9所述的系统, 其中, 10. The system of claim 9, wherein
所述深度包检测设备还设置成:在对业务流进行识别之前,向所述 RACF 装置注册, 携带本深度包检测设备的信息。  The deep packet inspection device is further configured to register with the RACF device to carry information of the deep packet inspection device before identifying the service flow.
PCT/CN2011/074749 2010-09-20 2011-05-27 Method and system for implementing strategy synchronization WO2012037817A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201010290500.5 2010-09-20
CN201010290500.5A CN101945021B (en) 2010-09-20 2010-09-20 Method and system for realizing strategy synchronization

Publications (1)

Publication Number Publication Date
WO2012037817A1 true WO2012037817A1 (en) 2012-03-29

Family

ID=43436804

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2011/074749 WO2012037817A1 (en) 2010-09-20 2011-05-27 Method and system for implementing strategy synchronization

Country Status (2)

Country Link
CN (1) CN101945021B (en)
WO (1) WO2012037817A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104935478A (en) * 2015-06-19 2015-09-23 上海斐讯数据通信技术有限公司 Intelligent terminal depth perception method and system thereof

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101945021B (en) * 2010-09-20 2014-07-02 中兴通讯股份有限公司 Method and system for realizing strategy synchronization
CN102655474B (en) 2012-04-17 2015-07-22 华为技术有限公司 Method, device and system for identifying equipment-crossing traffic types
CN103595573B (en) * 2013-11-28 2017-01-11 中国联合网络通信集团有限公司 Method and device for issuing strategy rules
CN105610883A (en) * 2014-11-21 2016-05-25 中兴通讯股份有限公司 Policy file synchronization management method, policy synchronization server and management device
CN107493203A (en) * 2016-06-12 2017-12-19 中兴通讯股份有限公司 DPI rules delivery method and device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060072573A1 (en) * 2004-10-05 2006-04-06 Cisco Technology, Inc. System and method for service tagging for enhanced packet processing in a network environment
CN1937623A (en) * 2006-10-18 2007-03-28 华为技术有限公司 Method and system for controlling network business
CN101729308A (en) * 2009-06-01 2010-06-09 中兴通讯股份有限公司 Method and device for controlling strategy
CN101945021A (en) * 2010-09-20 2011-01-12 中兴通讯股份有限公司 Method and system for realizing strategy synchronization

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101286937B (en) * 2008-05-16 2011-01-05 成都市华为赛门铁克科技有限公司 Network flow control method, device and system
CN101621587B (en) * 2008-06-30 2012-08-08 成都市华为赛门铁克科技有限公司 Method, device and system for network monitoring
CN101771627B (en) * 2009-01-05 2015-04-08 武汉邮电科学研究院 Equipment and method for analyzing and controlling node real-time deep packet on internet
CN101534248B (en) * 2009-04-14 2011-12-28 华为技术有限公司 Deep packet identification method, system and business board
CN101715182B (en) * 2009-11-30 2012-11-21 中国移动通信集团浙江有限公司 Method, system and device for controlling traffic

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060072573A1 (en) * 2004-10-05 2006-04-06 Cisco Technology, Inc. System and method for service tagging for enhanced packet processing in a network environment
CN1937623A (en) * 2006-10-18 2007-03-28 华为技术有限公司 Method and system for controlling network business
CN101729308A (en) * 2009-06-01 2010-06-09 中兴通讯股份有限公司 Method and device for controlling strategy
CN101945021A (en) * 2010-09-20 2011-01-12 中兴通讯股份有限公司 Method and system for realizing strategy synchronization

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104935478A (en) * 2015-06-19 2015-09-23 上海斐讯数据通信技术有限公司 Intelligent terminal depth perception method and system thereof

Also Published As

Publication number Publication date
CN101945021A (en) 2011-01-12
CN101945021B (en) 2014-07-02

Similar Documents

Publication Publication Date Title
US7801032B2 (en) System and method of dynamic QoS negotiation in next generation network
EP1999618B1 (en) Establishing facets of a policy for a communication session
KR101098715B1 (en) Method and devices for installing packet filters in a data transmission
US7647406B2 (en) Method for implementing resources reservation in a proxy-requested mode in next generation network
US11909793B2 (en) Method, user terminal, network node, and system for controlling transmission of media stream service, storage medium, and electronic device
US20100034196A1 (en) RPH mapping and defaulting behavior
US9009333B2 (en) Method and device for transmitting network resource information data
US8542580B2 (en) Method and system for transporting service flow securely in an IP network
WO2002085055A2 (en) Binding information for ip media flows
WO2012037817A1 (en) Method and system for implementing strategy synchronization
US10701582B2 (en) Dynamic application QoS profile provisioning
WO2013117126A1 (en) Method, system and device for service rate control
US10469559B2 (en) Quality of service for web real-time communication networks
WO2009114976A1 (en) Method and system for resource and admission control
WO2009094869A1 (en) A method for resource and admission control
US20120166659A1 (en) Node and Method for Quality of Service (QoS) Control
WO2019029581A1 (en) Control method for quality of service flow and related device
CN101729308B (en) Method and device for controlling strategy
WO2007085195A1 (en) System and method for handling resource request
US20090086744A1 (en) Method, system and device for selecting edge connection link across different management domain networks
WO2006056099A1 (en) A method and system for delaminatly ensuring the network service quality
WO2014180410A1 (en) Method and apparatus for implementing media qos carrier resource control
Yun et al. QoS control for NGN: A survey of techniques
WO2009103192A1 (en) A resource allocation method and a resource release method
WO2009018756A1 (en) Method, system and device for bearer resource reservation

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11826344

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11826344

Country of ref document: EP

Kind code of ref document: A1