WO2013082793A1 - Procédé, dispositif et système de commande de transmission de service - Google Patents

Procédé, dispositif et système de commande de transmission de service Download PDF

Info

Publication number
WO2013082793A1
WO2013082793A1 PCT/CN2011/083722 CN2011083722W WO2013082793A1 WO 2013082793 A1 WO2013082793 A1 WO 2013082793A1 CN 2011083722 W CN2011083722 W CN 2011083722W WO 2013082793 A1 WO2013082793 A1 WO 2013082793A1
Authority
WO
WIPO (PCT)
Prior art keywords
service
control
transmission
server
control information
Prior art date
Application number
PCT/CN2011/083722
Other languages
English (en)
Chinese (zh)
Inventor
胡翔
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to PCT/CN2011/083722 priority Critical patent/WO2013082793A1/fr
Priority to CN201180003320.7A priority patent/CN102630376B/zh
Publication of WO2013082793A1 publication Critical patent/WO2013082793A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/564Enhancement of application control based on intercepted application data

Definitions

  • the present invention relates to the field of communications, and more particularly to a method, apparatus and system for controlling the transmission of services. Background technique
  • Gateway Universal Wireless Packet Service Support Node GGSN, Gateway GPRS Support
  • Gateway device such as Node / Packet Data Serving Network (PDSN), as the last core network device before the mobile broadband network accesses the Internet, can be based on shallow SPI (Shallow Packet Inspection) / deep text
  • the DPI Deep Packet Inspection
  • the L34 filter can be configured on the gateway device to match the L34 layer information of the service with the service blacklist and whitelist rule to determine the processing policy for the service, control the transmission of the service, and implement the black and white list function of the service.
  • Embodiments of the present invention provide a method and apparatus for controlling transmission of a service, which can reduce the impact on the performance of the gateway device and maintain continuous updating of the black and white list data.
  • a method for controlling transmission of a service comprising: receiving a data message sent by a sender; sending a classification request message to the server, where the classification request message includes the number Receiving the L34 layer information of the service extracted in the message; receiving the classification request response message sent by the server, the classification request response message includes control information of the service determined by the server according to the L34 layer information; according to the control information, The transmission of the business is controlled.
  • a method for controlling transmission of a service comprising: receiving, by a gateway device, a classification request message, where the classification request message includes L34 layer information of a service extracted by the gateway device from the data packet; L34 layer information, determining control information of the service; sending a classification request response message to the gateway device, the classification request response message including the control information, so that the gateway device controls the transmission of the service according to the control information.
  • a device for controlling transmission of a service comprising: a first receiving unit, configured to receive a data packet sent by a sending end, and a sending unit, configured to send a classification request message to the server, the classification request The message includes the L34 layer information of the service extracted from the data packet; the second receiving unit is configured to receive the classification request response message sent by the server, where the classification request response message includes the service determined by the server according to the L34 layer information. Control information; a control unit, configured to control transmission of the service according to the control information.
  • an apparatus for controlling transmission of a service comprising: a receiving unit, configured to receive, by a gateway device, a classification request message, where the classification request message includes a service L34 of the service extracted by the gateway device from the data packet a layer information, a determining unit, configured to determine, according to the L34 layer information, control information of the service, and a sending unit, configured to send, to the gateway device, a classification request response message, where the classification request response message includes the control information determined by the determining unit So that the gateway device controls the transmission of the service according to the control information.
  • a system for controlling transmission of a service comprising: a gateway device and a server.
  • the gateway device includes: a first receiving unit, configured to receive a data packet sent by the sending end, and a sending unit, configured to send, to the server, a classification request message, where the classification request message includes a L34 layer of the service extracted from the data packet a second receiving unit, configured to receive a classification request response message sent by the server, where the classification request response message includes control information of the service determined by the server according to the L34 layer information, and a control unit, configured to: according to the control information, Control the transmission of this service.
  • the server includes: a receiving unit, configured to receive, by the gateway device, a classification request message, where the classification request message includes L34 layer information of the service extracted by the gateway device from the data packet, and the determining unit is configured to determine, according to the L34 layer information, And a sending unit, configured to send a classification request response message to the gateway device, where the classification request response message includes the control information determined by the determining unit, so that the gateway device uses the control information according to the control information. Transfer into Line control.
  • the method and apparatus for controlling the transmission of the service according to the embodiment of the present invention determine the control information of the service by the server disposed outside the gateway device, and the gateway device controls the transmission of the service according to the control information, thereby enabling All services, including non-browsing and encrypted service types, are controlled to reduce the impact on the performance of the gateway device due to the configuration of the L34 filter, and to maintain the continuous update of the black and white list data, reducing the workload of network maintenance.
  • FIG. 1 is a schematic flowchart of a method of controlling transmission of a service according to an embodiment of the present invention.
  • 2 is a schematic flow chart of a method of controlling transmission of a service according to another embodiment of the present invention.
  • FIG. 3 is an interaction diagram of a method of controlling transmission of a service in accordance with an embodiment of the present invention.
  • FIG. 4 is a schematic block diagram of an apparatus for controlling transmission of a service according to an embodiment of the present invention.
  • FIG. 5 is a schematic block diagram of an apparatus for controlling transmission of a service according to another embodiment of the present invention.
  • 6 is a schematic block diagram of a system for controlling transmission of traffic according to an embodiment of the present invention. detailed description
  • GSM Global System of Mobile Communication
  • CDMA Code Division Multiple Access
  • WCDMA Wideband Code Division Multiple Access
  • GSM Global System of Mobile Communication
  • GPRS General Packet Radio Service
  • LTE Long Term Evolution
  • FDD Frequency Division Duplex
  • TDD Time Division Duplex
  • UMTS Universal Mobile Telecommunications System
  • UE user equipment
  • Mobile Terminal mobile user equipment
  • a radio access network eg, RAN, Radio Access Network
  • the user equipment may be a mobile terminal, such as a mobile phone (or "cellular" phone) and a computer with a mobile terminal, for example, a mobile device that can be portable, pocket, handheld, computer built, or in-vehicle, Exchange language and/or data with the wireless access network.
  • a mobile terminal such as a mobile phone (or "cellular" phone) and a computer with a mobile terminal, for example, a mobile device that can be portable, pocket, handheld, computer built, or in-vehicle, Exchange language and/or data with the wireless access network.
  • FIG. 1 shows a schematic flow chart of a method 100 of controlling transmission of traffic, in accordance with an embodiment of the present invention, as viewed from the perspective of a gateway device side.
  • the method 100 includes:
  • S130 Receive a classification request response message sent by the server, where the classification request response message includes control information of the service determined by the server according to the L34 layer information.
  • the gateway device may obtain the L34 layer information of the service according to the data packet, and send a classification request message including the L34 layer information to the server, where the server may determine according to the L34 layer information.
  • the control information of the service is sent to the gateway device, and the classification request response message including the control information is sent, and after receiving the classification request response message sent by the server, the transmission of the service may be controlled according to the control information.
  • all services including the non-browsing type and the encrypted service type may be controlled according to the L34 layer information, for example, the interaction between the gateway device and the server, if based on The Internet Protocol (IP, Internet Procotol) address controls the transmission of the service, and can control all services transmitted through the IP address, including non-browsing and encrypted service types.
  • IP Internet Protocol
  • the transmission of the service is controlled based on the port, it is possible to control some software or tools that use a specific port for service transmission, and the classification control can be performed no matter what server the software is deployed on.
  • the L34 layer information can be obtained only by performing SPI on the data packet, thereby reducing the performance requirement of the gateway and reducing the impact on the performance of the gateway.
  • the server can receive reports from the government or other network regulators that have their tracking confirmations.
  • the blacklist list of the L34 layer information and classification attributes of the illegal website can also be accessed through some custom website analysis algorithms, and the traversal method is used to access the website providing services to the existing network, and the classification attribute analysis is performed based on the access data.
  • the black and white list data can be continuously updated.
  • the control information of the service is determined by the server disposed outside the gateway device, and the gateway device controls the transmission of the service according to the control information, thereby enabling non-browsing including All services, including classes and encrypted service types, are controlled to reduce the impact on the performance of the gateway device due to the configuration of the L34 filter, and to maintain the continuous update of the black and white list data, reducing the workload of network maintenance.
  • the L34 layer may comprise an L3 layer, or an L4 layer, or an L3 layer and an L4 layer.
  • the L3 layer information may include network layer Internet Protocol (IP, Internet Procotol) address information in an Open System Interconnect (OSI) network model
  • the L4 layer information may include a transport layer transmission control protocol in the OSI network model.
  • TCP/UDP User Datagram Protocol
  • the L34 layer information may include information such as an IP address, a port, and the like of a service server that transmits the service.
  • the server can also be called a content filtering server or a third-party server, which is set outside the gateway device and is independent of the gateway device.
  • the gateway device may include a GGSN, a PDSN, and a Wimax Access Service Network (WASN). It should be understood that the gateway device in the embodiment of the present invention may further include a centralized convergence point of the service in other networks and may implement the terminal.
  • the network element that the user accesses the service flow for content analysis and control.
  • the transmission between the user equipment and the service server needs to pass through the gateway device, and the data packet of the same service (for example, the data packet of the service sent by the user equipment and the data packet of the service generated by the service server) includes The information of the L34 layer is the same. Therefore, the sender in the embodiment of the present invention may be a user equipment or a service server.
  • the classification request response message determined by the server according to the L34 layer information may include a classification attribute or a control policy of the service, where the classification attribute may include portal, technology, social, political, pornography, violence, gambling, and the like.
  • Control policies can include normal access, blocking, redirection to reminders pages, and more.
  • portals, technology, social, etc. control strategies can correspond to normal access, etc.; for politics, pornography, violence, gambling, etc., control strategies can correspond to blocking or redirecting to Reminder page, etc.
  • different users may have the same control policy or different control strategies. For example, for a business with pornographic attributes, all user control strategies may be blocked. For a service with a social attribute, if the user customizes the service, the control policy may be passed, and if the user does not customize the service, the control policy may be blocked. Therefore, different users may have different control policies due to different subscription information.
  • the method for controlling the transmission of the service according to the embodiment of the present invention may further determine the classification attribute based on the user's subscription information and the user identifier. Determine the control strategy to achieve different control strategies for different users.
  • the gateway device or server is only based on the service.
  • the classification attribute enables you to determine the control strategy for the business. If different users have different control policies (for example, for a social attribute service, different users may have different control policies due to different subscription information), the gateway device and the server need to transmit the service according to the classification attribute of the service. User ID of the user equipment, and formulate a business control policy for the user.
  • the classification request message sent by the gateway device to the server may include only the L34 layer information of the service, and the classification request response sent by the gateway device received by the gateway device.
  • the message may include a classification attribute of the service, and may also include a control policy of the service.
  • the server can only determine the classification attribute of the service based on the L34 layer information, and the gateway device It is also necessary to further develop a control policy for the user according to the classification attribute and the user identifier of the user equipment transmitting the service. If the classification request message sent by the gateway device to the server includes the L34 layer information of the service and the user identifier of the user equipment that transmits the service, the server may determine the classification attribute of the service based on the L34 layer information, and further determine the classification attribute according to the user identifier. The user formulates a control strategy so that the gateway device can directly control the transmission of the service according to the control policy.
  • the gateway device may further obtain the user identifier of the user equipment that transmits the service according to the data packet.
  • the classification request message sent by the gateway device to the server may include the L34 layer information of the service, and may also include the L34 layer information and the user identifier, and the classification request response message sent by the server received by the gateway device may include the classification attribute of the service. It can also include control strategies for the business.
  • the gateway device may determine a control policy according to the classification attribute, and control transmission of the service according to the control policy. Therefore, the controlling the transmission of the service according to the control information may include: determining a control policy of the service according to the classification attribute of the service included in the control information; and controlling transmission of the service according to the control policy .
  • the gateway device may further determine, according to the L34 layer information and the user identifier, a control policy of the service. Therefore, the controlling the transmission of the service according to the control information may include:
  • the transmission of the service is controlled.
  • the gateway device may control transmission of the service according to the control policy. Therefore, the controlling the transmission of the service according to the control information may include:
  • the transmission of the service is controlled according to the control policy of the service included in the control information.
  • the control policy may be determined by the server according to the L34 layer information included in the classification request message, or may be determined by the server according to the L34 layer information and the user identifier included in the classification request message. Therefore, the controlling the transmission of the service according to the control information may include:
  • the user identifier and the service black and white list may be set in the gateway device or the content filter.
  • the user policy database for the relationship between dynamic rules.
  • the gateway device can send the L34 layer information. Sending to the server, the server determines the classification attribute of the service according to the L34 layer information, and sends the classification attribute to the gateway device, and the gateway device can obtain the user identifier of the user equipment that transmits the service according to the data packet, and based on the user Identifying a query user policy database, determining a control policy that the user equipment should perform for the classification attribute, and controlling (eg, blocking or passing) according to the control policy.
  • the server determines the classification attribute of the service according to the L34 layer information, and sends the classification attribute to the gateway device
  • the gateway device can obtain the user identifier of the user equipment that transmits the service according to the data packet, and based on the user Identifying a query user policy database, determining a control policy that the user equipment should perform for the classification attribute, and controlling (eg, blocking or passing) according to the control policy.
  • the gateway device may send the L34 layer information and the user identifier to the server, and the server first determines the classification attribute of the service according to the L34 layer information, and then queries the user policy database based on the user identifier to determine the user equipment.
  • a control policy (such as blocking or passing) that should be performed for this classification attribute, and then sent to the gateway device for the gateway device to control.
  • the method for controlling the transmission of the service can obtain a dynamic rule of a large number of black and white lists based on the user identification and the user policy subscription information, thereby enabling different control policies to be flexibly formulated for different users.
  • the user identifier may include a mobile subscriber number (MSISDN, Mobile Subscriber Integrated Services Digital Network), an International Mobile Station Equipment Identity (IMSI), and an international mobile station equipment identifier (IMEI, International Mobile Subscriber Identity) and other information.
  • MSISDN Mobile Subscriber Number
  • IMSI International Mobile Station Equipment Identity
  • IMEI international mobile station equipment identifier
  • Figure 2 shows a schematic flow diagram of a method 200 of controlling the transmission of traffic, as described from the server side, in accordance with an embodiment of the present invention. As shown in FIG. 2, the method 200 includes:
  • the receiving gateway device sends a classification request message, where the classification request message includes L34 layer information of the service extracted by the gateway device from the data packet.
  • the gateway device may obtain the L34 layer information of the service according to the data packet, and send a classification request message including the L34 layer information to the server, where the server may determine according to the L34 layer information.
  • the control information of the service is sent to the gateway device, and the classification request response message including the control information is sent, and after receiving the classification request response message sent by the server, the transmission of the service may be controlled according to the control information.
  • all services including the non-browsing type and the encrypted service type may be controlled according to the L34 layer information, for example, the interaction between the gateway device and the server, if based on The Internet Protocol (IP, Internet Procotol) address controls the transmission of the service, and can control all services transmitted through the IP address, including non-browsing and encrypted service types.
  • IP Internet Protocol
  • the transmission of the service is controlled based on the port, it is possible to control some software or tools that use a specific port for service transmission, and the classification control can be performed no matter what server the software is deployed on.
  • the L34 layer information can be obtained only by performing SPI on the data packet, thereby reducing the performance requirement of the gateway and reducing the impact on the performance of the gateway.
  • the server may receive a black and white list of L34 layer information and classification attributes of the illegal website recorded by the government or other network supervision department, and may also adopt a customized website analysis algorithm to adopt the traversal method to the current network.
  • the website that provides the service is accessed, the classification attribute analysis is performed based on the access data, and the classification attribute of the website is finally confirmed.
  • the black and white list data can be continuously updated.
  • the control information of the service is determined by the server disposed outside the gateway device, and the gateway device controls the transmission of the service according to the control information, thereby enabling non-browsing including All services, including classes and encrypted service types, are controlled to reduce the impact on the performance of the gateway device due to the configuration of the L34 filter, and to maintain the continuous update of the black and white list data, reducing the workload of network maintenance.
  • the L34 layer may comprise an L3 layer, or an L4 layer, or an L3 layer and an L4 layer.
  • the L3 layer information may include IP address information of the network layer in the OSI network model
  • the L4 layer information may include TCP/UDP port information in the OSI network model. Therefore, the L34 layer information may include information such as an IP address, a port, and the like of a service server that transmits the service.
  • the gateway device may further obtain, according to the data packet, a user identifier of the user equipment that transmits the service.
  • the classification request message sent by the gateway device to the server may include the L34 layer information of the service, and may also include the L34 layer information and the user identifier, and the classification request response message sent by the server received by the gateway device may include the classification attribute of the service. , can also include the control strategy of the business.
  • the server may determine the classification attribute of the service according to the L34 layer information.
  • the control information of the service according to the L34 layer information including:
  • control information of the service including the classification attribute of the service is determined.
  • the server may further determine a control policy of the service according to the L34 layer information. Therefore, determining the control information of the service according to the information of the L34 layer includes:
  • control information of the service including the control policy of the service is determined.
  • the server may determine the control policy of the service according to the L34 layer information and the user identifier. Therefore, the determining the control information of the service according to the information of the L34 layer includes: determining, according to the L34 layer information, the user identifier that is extracted by the gateway device from the data packet, and determining that the service includes the service The control information of the service that controls the policy.
  • the user identifier and the service black and white list may be set in the gateway device or the content filter.
  • the user policy database for the relationship between dynamic rules.
  • the gateway device may send the L34 layer information to the server, and the server determines the classification attribute of the service according to the L34 layer information, and sends the classification attribute to the gateway device, and the gateway device may The data packet obtains the user identifier of the user equipment that transmits the service, and queries the user policy database based on the user identifier to determine a control policy that the user equipment should perform for the classification attribute, and controls according to the control policy (for example, blocking or passing ).
  • the control policy for example, blocking or passing
  • the gateway device may send the L34 layer information and the user identifier to the server, and the server first determines the classification attribute of the service according to the L34 layer information, and then queries the user policy database based on the user identifier to determine the user equipment.
  • a control policy (such as blocking or passing) that should be performed for this classification attribute, and then sent to the gateway device for the gateway device to control.
  • the method for controlling the transmission of the service can obtain a dynamic rule of a large number of black and white lists based on the user identification and the user policy subscription information, thereby enabling different control policies to be flexibly formulated for different users.
  • the user identifier may include information such as MSISDN, IMSI, IMEI, and the like. It should be understood that the user identifier of the embodiment of the present invention is not limited to the above information, and other cells that can uniquely represent the user identifier are all within the scope of the embodiments of the present invention.
  • FIG. 3 illustrates an interaction diagram of a method of controlling transmission of traffic in accordance with an embodiment of the present invention.
  • the IP address is used as the L34 layer information
  • the GGSN is used as the gateway device.
  • the GGSN receives a data packet sent by the UE or the service server.
  • the GGSN after receiving the data packet of the service, the GGSN can obtain the L34 layer information of the service, for example, an IP address, based on the SPI technology. Therefore, the GGSN only needs to perform shallow layer analysis on the data packet, thereby reducing the gateway device. The requirements, and, can reduce the impact on the performance of the gateway device.
  • the GGSN may also obtain the USER ID according to the data packet.
  • the gateway may allocate a data packet and a USER ID to the UE to uniquely identify the UE when the UE is activated, and the gateway may notify the neighboring network element to use the uplink data packet (the UE sends the message to the service server.
  • the USER ID index of the data packet is used to establish a UE query entry based on the UE IP address, and is used for the USER ID index of the downlink data packet (the data packet sent from the service server to the UE).
  • the uplink data packet is selected by the UE to carry the context information of the service.
  • the packet After the final data packet is sent to the gateway, the packet carries the ID assigned by the gateway to the UE when the UE is activated.
  • the gateway locally saves the ID based on the ID index. Context, thus getting the USER ID.
  • the downlink packet is obtained by the gateway device by using the UE ID address to select the context information that carries the service. It should be understood that the data packet carrying the USER ID and the data packet carrying the L34 layer information may be the same or different, and the present invention is not particularly limited.
  • the GGSN may first determine whether the L34 layer information filtering is required for the service, and specifically, whether the UE that transmits the service needs to be cached in the policy server.
  • the GGSN interacts with an external server.
  • a global or access point name (APN) configuration may be added to the gateway device to determine whether the UE transmitting the service needs to perform filtering based on the L34 layer information, and when the UE is activated, based on The configuration determines whether the L34 layer information filtering needs to be performed on the service. If the content filtering function is enabled, the GGSN interacts with an external server during the service access process. Therefore, the control mode of the service can be determined based on the user subscription information in the initial stage of the control, so that the control can be flexibly performed, and the efficiency of the transmission of the service can be improved.
  • APN access point name
  • the GGSN may send a classification request message to the server, where the classification is requested.
  • the request message may include an IP address, and may also include an IP address and a USER ID.
  • the server may determine the classification request response message according to the classification request message. Specifically, when the classification request message includes an IP address, the server may compare the IP address of the illegal website with the black and white list of the classification attribute, that is, the classification attribute. a database, determining a classification attribute of the service, and determining, according to the classification attribute, a control policy for the service for all UEs in the network, for example, for a portal, a technology, a social, etc., the gateway device or the server may correspond its control policy to Normal access, etc.; for politics, pornography, violence, gambling, etc., the gateway device or server can map its control policy to block or redirect to the reminder page.
  • the server may first determine the classification attribute of the service against the list of the IP address and the classification attribute of the illegal website, and then determine the classification for the classification based on querying the user policy database by using the USER ID.
  • the server may send the classification request response message to the GGSN, where the classification request response message may include a classification attribute of the service, and may also include a control policy of the service.
  • the GGSN may determine a control policy for the service according to the classification request response message. Specifically, when the classification request response message includes the control policy of the service, the GGSN may directly extract the response request message from the classification request message. The control strategy. And, when the classification request response message includes the classification attribute of the service, the GGSN may determine a control policy for the service according to the classification attribute, or may perform a query on the user policy database by using the USER ID to determine that the classification attribute should be executed. Control Strategy.
  • the GGSN controls the transmission of the service between the UE and the service server according to the control policy.
  • the control information of the service is determined by the server disposed outside the gateway device, and the gateway device controls the transmission of the service according to the control information, thereby enabling non-browsing including All services, including classes and encrypted service types, are controlled to reduce the impact on the performance of the gateway device due to the configuration of the L34 filter, and to maintain the continuous update of the black and white list data, reducing the workload of network maintenance.
  • the dynamic rule of the black and white list is obtained based on the user policy subscription information, so that different control policies can be flexibly formulated for different user equipments.
  • FIG 4 shows a schematic block diagram of an apparatus 400 for controlling the transmission of traffic in accordance with an embodiment of the present invention.
  • the apparatus 400 includes:
  • the first receiving unit 410 is configured to receive a data packet sent by the sending end.
  • the sending unit 420 is configured to send, to the server, a classification request message, where the classification request message includes L34 layer information of the service extracted from the data packet;
  • the second receiving unit 430 is configured to receive a classification request response message sent by the server, where the classification request response message includes control information of the service determined by the server according to the L34 layer information, and a control unit 440, configured to: according to the control information, Control the transmission of this service.
  • the device for controlling the transmission of the service determines the control information of the service by the server disposed outside the gateway device, and the gateway device controls the transmission of the service according to the control information, thereby enabling non-browsing All services, including classes and encrypted service types, are controlled to reduce the impact on the performance of the gateway device due to the configuration of the L34 filter, and to maintain the continuous update of the black and white list data, reducing the workload of network maintenance.
  • the classification request response message received by the second receiving unit 430 may include a classification attribute of the service, so as to include a control policy of the service. Therefore, when the classification request response message includes the classification attribute of the service,
  • the control unit 440 is further configured to determine a control policy of the service according to the classification attribute of the service included in the control information;
  • the gateway device may further determine, according to the L34 layer information and the user identifier, a control policy of the service. Therefore,
  • the control unit is further configured to determine a control policy of the service according to the classification attribute of the service included in the control information, and the user identifier extracted from the data text;
  • control policy may be determined by the server according to the L34 layer information included in the classification request message. Therefore,
  • the control unit is further configured to control transmission of the service according to a control policy of the service included in the control information.
  • control policy may be determined by the server according to the L34 layer information and the user identifier included in the classification request message. Therefore, The control unit is further configured to control transmission of the service according to the control policy of the service included in the service control information, where the control policy is that the server includes the data packet according to the L34 layer information and the classification request message. The extracted user ID is determined.
  • the device for controlling the transmission of the service can obtain a dynamic rule of a large number of black and white lists based on the user identifier and the subscription information of the user, so that different control policies can be flexibly formulated for different user devices.
  • the L34 layer information may include information such as an IP address, a port, and the like of the service server that provides the service.
  • the user identity may include information such as MSISDN, IMSI, and IMEI.
  • the apparatus 400 for controlling transmission of a service may correspond to a gateway device (e.g., GGSN) in the method of the embodiment of the present invention, and the units in the apparatus 400 for controlling transmission of the service and the other operations and In order to implement the corresponding process of the method 100 in FIG. 1 , the functions are not described here.
  • GGSN gateway device
  • FIG. 5 shows a schematic block diagram of an apparatus 500 for controlling the transmission of traffic in accordance with an embodiment of the present invention.
  • the apparatus 500 includes:
  • the receiving unit 510 is configured to receive, by the gateway device, a classification request message, where the classification request message includes L34 layer information of the service extracted by the gateway device from the data packet;
  • a determining unit 520 configured to determine control information of the service according to the L34 layer information
  • a sending unit 530 configured to send, to the gateway device, a classification request response message, where the classification request response message includes the control information determined by the determining unit 520 So that the gateway device controls the transmission of the service according to the control information.
  • the device for controlling the transmission of the service determines the control information of the service by the server disposed outside the gateway device, and the gateway device controls the transmission of the service according to the control information, thereby enabling non-browsing All services, including classes and encrypted service types, are controlled to reduce the impact on the performance of the gateway device due to the configuration of the L34 filter, and to maintain the continuous update of the black and white list data, reducing the workload of network maintenance.
  • the server may determine the classification attribute of the service according to the L34 layer information. Therefore,
  • the determining unit 520 is further configured to determine, according to the L34 layer information, control information of the service including a classification attribute of the service.
  • the classification request message sent by the gateway device received by the server includes the service
  • the server may further determine a control policy of the service according to the L34 layer information. Therefore,
  • the determining unit 520 is further configured to determine, according to the L34 layer information, control information of the service including the control policy of the service.
  • the server may determine the control policy of the service according to the L34 layer information and the user identifier. Therefore,
  • the determining unit 520 is further configured to determine, according to the L34 layer information, the classification request message, the user identifier extracted by the gateway device from the data packet, and the control information of the service including the control policy of the service.
  • the device for controlling the transmission of the service can obtain a dynamic rule of a large number of black and white lists based on the user policy subscription information, so that different control policies can be flexibly formulated for different user equipments.
  • the L34 layer information of the service included in the classification request message sent by the receiving device 510 may include information such as an IP address, a port, and the like of the service server that provides the service.
  • the user identifier included in the classification request message sent by the gateway device received by the receiving unit 510 may include information such as MSISDN, IMSI, and IMEI.
  • the apparatus 500 for controlling transmission of a service may correspond to a server in the method of the embodiment of the present invention, and the units in the apparatus 500 for controlling the transmission of the service and the other operations and/or functions described above are respectively
  • the corresponding process of the method 200 in FIG. 2 is implemented, and the details are not described herein.
  • Figure 6 shows a schematic block diagram of a system 600 for controlling the transmission of traffic in accordance with an embodiment of the present invention.
  • the system 600 includes: a device 400 in accordance with an embodiment of the present invention and a device 500 in accordance with an embodiment of the present invention.
  • the device 400 includes: a first receiving unit 410, configured to receive a data packet sent by the sending end, and a sending unit 420, configured to send, to the server, a classification request message, where the classification request message includes the service extracted from the data packet L34 layer information; a second receiving unit 430, configured to receive the service
  • the classification request response message sent by the device, the classification request response message includes control information of the service determined by the server according to the L34 layer information, and the control unit 440 is configured to control the transmission of the service according to the control information.
  • the apparatus 500 includes: a receiving unit 510, configured to receive, by the gateway device, a classification request message, where the classification request message includes L34 layer information of the service extracted by the gateway device from the data packet, and the determining unit 520 is configured to use, according to the L34 layer The information is used to determine the control information of the service.
  • the sending unit 530 is configured to send a classification request response message to the gateway device, where the classification request response message includes the control information determined by the determining unit 520, so that the gateway device can use the control information according to the control information. , control the transmission of the service.
  • the system for controlling the transmission of the service determines the control information of the service by the server disposed outside the gateway device, and the gateway device controls the transmission of the service according to the control information, thereby enabling non-browsing including All services, including classes and encrypted service types, are controlled to reduce the impact on the performance of the gateway device due to the configuration of the L34 filter, and to maintain the continuous update of the black and white list data, reducing the workload of network maintenance.
  • the units in unit 400 and the other operations and/or functions described above are respectively implemented to implement the corresponding flow of method 100 in FIG.
  • the apparatus 500 described above may correspond to a server in the method of the embodiment of the present invention, and the units in the apparatus 500 and the other operations and/or functions described above are respectively implemented to implement the method of FIG.
  • the size of the sequence numbers of the above processes does not mean the order of execution, and the order of execution of each process should be determined by its function and internal logic, and should not be taken by the embodiment of the present invention.
  • the implementation process constitutes any qualification.
  • the disclosed systems, devices, and The method can be implemented in other ways.
  • the device embodiments described above are merely illustrative.
  • the division of the unit is only a logical function division.
  • there may be another division manner for example, multiple units or components may be combined or Can be integrated into another system, or some features can be ignored, or not executed.
  • the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be in an electrical, mechanical or other form.
  • the units described as separate components may or may not be physically separate, and the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solution of the embodiment.
  • each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.
  • the functions, if implemented in the form of software functional units and sold or used as separate products, may be stored in a computer readable storage medium.
  • the technical solution of the present invention which is essential to the prior art or part of the technical solution, may be embodied in the form of a software product stored in a storage medium, including
  • the instructions are used to cause a computer device (which may be a personal computer, server, or network device, etc.) to perform all or part of the steps of the methods described in various embodiments of the present invention.
  • the foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk or an optical disk, and the like, which can store program codes. .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Selon des modes de réalisation, la présente invention concerne un procédé, un dispositif et un système de commande de transmission de service. Le procédé fait appel : à la réception du message de données envoyé par une extrémité d'envoi ; à l'envoi d'un message de requête de classification à un serveur, le message de requête de classification comprenant des informations de couche L34 du service extraites du message de données ; à la réception d'un message de réponse de classification envoyé par le serveur, le message de réponse de classification comprenant des informations de commande de service déterminées par le serveur sur la base des informations de couche L34 ; à la commande de la transmission de service conformément à l'information de commande. L'information de commande du service est déterminée par le serveur configuré extérieurement au dispositif de passerelle. Conformément à l'information de commande, le dispositif de passerelle commande la transmission de service. Par conséquent, la commande de tout service comprenant un service autre que de navigateur et crypté peut être mise en œuvre, l'influence sur la performance de dispositif de passerelle provoquée par la configuration du filtre L34 est réduite, la mise à jour de données persistantes de la liste noire et de la liste blanche est maintenue, et la charge de travail de maintenance du réseau est réduite.
PCT/CN2011/083722 2011-12-08 2011-12-08 Procédé, dispositif et système de commande de transmission de service WO2013082793A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2011/083722 WO2013082793A1 (fr) 2011-12-08 2011-12-08 Procédé, dispositif et système de commande de transmission de service
CN201180003320.7A CN102630376B (zh) 2011-12-08 2011-12-08 控制业务的传输的方法、装置和系统

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2011/083722 WO2013082793A1 (fr) 2011-12-08 2011-12-08 Procédé, dispositif et système de commande de transmission de service

Publications (1)

Publication Number Publication Date
WO2013082793A1 true WO2013082793A1 (fr) 2013-06-13

Family

ID=46588267

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2011/083722 WO2013082793A1 (fr) 2011-12-08 2011-12-08 Procédé, dispositif et système de commande de transmission de service

Country Status (2)

Country Link
CN (1) CN102630376B (fr)
WO (1) WO2013082793A1 (fr)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106789587B (zh) * 2016-12-28 2021-05-18 国家计算机网络与信息安全管理中心 一种云计算环境下可靠消息的通信装置及方法
CN110024331B (zh) * 2017-01-26 2021-11-19 华为技术有限公司 数据的保护方法、装置和系统
CN110324284B (zh) * 2018-03-30 2020-10-27 华为技术有限公司 接入ims的方法和通信装置
CN111695148B (zh) * 2020-05-15 2023-07-04 浙江信网真科技股份有限公司 一种网络节点自学习的安全过滤方法及装置

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1585444A (zh) * 2004-06-12 2005-02-23 中兴通讯股份有限公司 移动通讯系统中反向帧过滤方法
CN1726671A (zh) * 2002-12-17 2006-01-25 瑞通网络公司 网络通信量的自适应分类
CN1801760A (zh) * 2005-01-05 2006-07-12 阿尔卡特公司 配置dsl连接的方法
US20070280277A1 (en) * 2006-05-30 2007-12-06 Martin Lund Method and system for adaptive queue and buffer control based on monitoring in a packet network switch

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1726671A (zh) * 2002-12-17 2006-01-25 瑞通网络公司 网络通信量的自适应分类
CN1585444A (zh) * 2004-06-12 2005-02-23 中兴通讯股份有限公司 移动通讯系统中反向帧过滤方法
CN1801760A (zh) * 2005-01-05 2006-07-12 阿尔卡特公司 配置dsl连接的方法
US20070280277A1 (en) * 2006-05-30 2007-12-06 Martin Lund Method and system for adaptive queue and buffer control based on monitoring in a packet network switch

Also Published As

Publication number Publication date
CN102630376A (zh) 2012-08-08
CN102630376B (zh) 2014-11-05

Similar Documents

Publication Publication Date Title
JP6911263B2 (ja) サービス管理方法およびその装置
US11451510B2 (en) Method and apparatus for processing service request
EP3668134A1 (fr) Procédé de communication sans fil, dispositif de réseau et dispositif terminal
JP4644681B2 (ja) 無線通信装置に宛てた不要なトラフィックを制御する装置および方法
US8750140B2 (en) Support of home network base station local internet protocol access
CN111050318B (zh) 终端信息的传递方法及相关产品
US10070343B2 (en) Mobile device traffic management
WO2013131472A1 (fr) Procédé, dispositif et système de traitement de messages
CN102448064A (zh) 通过非3gpp接入网的接入
CN106685827B (zh) 一种下行报文的转发方法及ap设备
CN110177381B (zh) 拥塞通知方法、相关设备和系统
EP4184988A1 (fr) Système de gestion de tranchage de réseau, serveur d'application et dispositif de terminal
WO2013082793A1 (fr) Procédé, dispositif et système de commande de transmission de service
CN113824789B (zh) 一种通路描述符的配置方法、装置、设备及存储介质
EP4192184A1 (fr) Procédé d'établissement de session pdu, dispositif de terminal et système de puce
KR101471316B1 (ko) 디바이스 사이의 접속을 제어하는 방법
US9112843B2 (en) Method and system for subscriber to log in internet content provider (ICP) website in identity/location separation network and login device thereof
WO2013189038A1 (fr) Procédé de traitement de contenu et dispositif côté réseau
CN116210252A (zh) 接收用于边缘计算的用户同意的网络操作
EP3198804B1 (fr) Procédé, appareil, système et supports servant à transmettre des messages entre des dispositifs en réseau en communication de données avec un point d'accès de réseau local
EP3010200B1 (fr) Méthode et dispositif de gestion d'un flux de données de service
US20240015512A1 (en) Content Filtering Support for Protocols with Encrypted Domain Name Server
US10111081B2 (en) Local communication wireless network system and method thereof
CN118104286A (zh) 拥塞控制方法、装置、设备、介质、芯片、产品及程序
US20230319684A1 (en) Resource filter for integrated networks

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 201180003320.7

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11877108

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11877108

Country of ref document: EP

Kind code of ref document: A1