WO2014023161A1 - Flow rate control method and device - Google Patents

Flow rate control method and device Download PDF

Info

Publication number
WO2014023161A1
WO2014023161A1 PCT/CN2013/079960 CN2013079960W WO2014023161A1 WO 2014023161 A1 WO2014023161 A1 WO 2014023161A1 CN 2013079960 W CN2013079960 W CN 2013079960W WO 2014023161 A1 WO2014023161 A1 WO 2014023161A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
flow rate
rate control
control policy
policy
Prior art date
Application number
PCT/CN2013/079960
Other languages
French (fr)
Chinese (zh)
Inventor
黄传冠
范书田
唐兵兵
陆钱春
元绍华
刘万慧
朱春晖
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2014023161A1 publication Critical patent/WO2014023161A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/70Admission control; Resource allocation
    • H04L47/80Actions related to the user profile or the type of traffic
    • H04L47/808User-type aware
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/24Traffic characterised by specific attributes, e.g. priority or QoS
    • H04L47/2441Traffic characterised by specific attributes, e.g. priority or QoS relying on flow classification, e.g. using integrated services [IntServ]

Definitions

  • the present invention relates to the field of communications, and in particular to a flow rate control method and apparatus. Background technique
  • P2P peer-to-peer
  • P2P Peer to Peer
  • P2P technology lies in its endless life, so the visibility and controllability of network applications are pushed to an important position.
  • the granularity of flow control management needs to be fine enough to be usable.
  • DPI Deep Packet Inspection
  • Normal packet detection only analyzes the contents of the IP packet below four layers, including the source address, destination address, and source port. Based on the destination port and the protocol type, DPI adds an analysis of the application layer, identifies various applications and their contents, and dynamically controls the service usage of each user through the DPI application system.
  • the technical application of DPI is a set of solutions for the effective operation and management of IP networks.
  • a broadband remote access server (BRAS, Broadband Remote Access Server) device can set a static or user setting after the user of the AAA, Authentication Authorization and Accounting system is online. Dynamic authorization information, but its granularity can only be fine-grained to the user level. That is to say, all applications of the user are controlled by the total flow rate. Such control granularity will inevitably lead to some key business usage of the user; DPI equipment can be used for users.
  • BRAS Broadband Remote Access Server
  • the embodiment of the present invention provides a flow rate control method and apparatus to solve at least the above problems.
  • a flow rate control method including: after a user goes online, a DPI device corresponding to the user receives a customized flow rate control policy of the user that is sent by the upstream device in real time; The above speed control strategy controls the flow rate of the user.
  • the above flow rate control strategy includes at least one of the following: a granularity is a user's user control policy, and an granularity is an applied application group per user control policy.
  • the method may include: after the user goes offline, the DPI device corresponding to the user receives the message of the undo flow rate control sent by the upstream device in real time, and cancels the flow rate control of the user.
  • the upstream devices include: AAA system, DPI management system (DMS).
  • DPS DPI management system
  • a flow rate control device is provided on a DPI device, including: a policy receiving module, configured to receive an upstream device in real time after the user goes online and the current DPI device corresponds to the user The customized flow rate control strategy of the user; the flow rate control module is configured to control the flow rate of the user according to the speed control strategy described above.
  • the above flow rate control strategy includes at least one of the following: a granularity is a user's user control policy, and an granularity is an applied application group per user control policy.
  • the user's flow rate control policy is a user control policy or an application group per user control policy is determined by the upstream device according to the user's dynamic policy ID.
  • the device may further include: a control revocation module configured to receive a message of the undo flow rate control sent by the upstream device in real time after the user goes offline, and cancel the flow rate control of the user.
  • the upstream devices include: AAA system, DMS.
  • FIG. 1 is a flow chart of a flow rate control method according to an embodiment of the present invention.
  • FIG. 2 is a flow chart of a flow rate control method in accordance with a preferred embodiment of the present invention.
  • FIG. 3 is a block diagram showing the structure of a flow rate control device according to an embodiment of the present invention. detailed description
  • FIG. 1 is a flow chart of a flow rate control method in accordance with an embodiment of the present invention. As shown in FIG. 1, the flow rate control method of the embodiment of the present invention includes:
  • Step S104 The DPI device performs flow rate control on the user according to the flow rate control policy.
  • the flow rate control method provided by this embodiment is directed to a static configuration strategy in an existing flow rate control method
  • the shortcomings propose a scheme for dynamically configuring the flow rate control strategy.
  • the flow rate control strategy when the user goes online as the flow rate control strategy configuration, the flow rate control strategy is configured for the user in real time, and the flow rate control is performed on the user by the DPI device corresponding to the user, thereby solving the static configuration in the prior art.
  • the lack of strategy has enabled the dynamic flow rate control strategy configuration, which in turn reduced the pressure on equipment and network management personnel.
  • the DPI device can identify and control the user's Internet application, so it can support the application-oriented flow rate control strategy, that is, the application group per-user control policy, and the application group per-user control strategy can ensure the development of key services and achieve fine control. Chemical.
  • the DPI device can also support the user-oriented flow rate control strategy, that is, the user control policy, and the user control policy is coarser in granularity, but it also has a suitable scenario (that is, a scenario where the control precision is not high).
  • the combination of the above two flow rate control strategies can meet the flow rate control requirements in most scenarios, but other applicable strategies are not excluded in the embodiments of the present invention.
  • the manner of determining is set according to specific needs, and a preferred mode is provided in the preferred embodiment:
  • the user's flow rate control policy is The user control policy or application group per user control policy is determined by the upstream device according to the user's dynamic policy ID.
  • the flow rate control method may further include: after the user goes offline, the DPI device corresponding to the user receives the message of the undo flow rate control sent by the upstream device in real time, and cancels the flow rate control on the user.
  • the user Corresponding to the real-time flow rate control strategy configuration of the user online, the user can also set the flow rate control after canceling the line.
  • the dynamic flow rate control policy configuration scheme is more complete and complete, the user goes online to deliver the flow rate control policy to the device, and the user goes offline to cancel the flow rate control strategy on the device, and the manner of the action cycle according to the user state intelligent control strategy , can greatly reduce the load pressure of the equipment and the maintenance pressure of network managers.
  • the foregoing upstream device may include: an AAA system, a DMS.
  • the AAA system and the DMS are preferentially used as the upstream device to implement the above flow rate control method, which is the easiest to implement, but it is not excluded that other devices in the network can also be used as the upstream device.
  • the preferred embodiment provides a method for applying fine flow rate control to an AAA user based on the DPI technology.
  • the remote authentication dial-in user service (RADIUS) server authenticates the AAA system user. Then, the DMS sends a message to inform the user to go online. The DMS sends a customized flow rate control policy to the DPI device. The DPI device identifies the user or the user's Internet application, and the qualified user or user application will be controlled.
  • RADIUS remote authentication dial-in user service
  • the DMS in the preferred embodiment provides a third-party message interface, which can communicate with any RADIUS server that satisfies the message format, and the application is more scalable.
  • FIG. 2 is a flow chart of a flow rate control method according to a preferred embodiment of the present invention. As shown in FIG. 2, the method includes:
  • Step S202 The terminal user initiates an online (or offline) message requesting access to the network (or exiting) the network;
  • Step S204 The BRAS device forwards the message to the RADIUS server for processing;
  • Step S206 The RADIUS server processes the user message, and performs authentication online (or Under the line) operation;
  • Step S208 The RADIUS server sends a control message to the DMS, where the message includes user IP, virtual local area network (VLAN) number, user status, and dynamic policy ID.
  • the DMS can conveniently Locating the DPI device that the user passes through and determining the content of the flow rate control policy that needs to be delivered;
  • Step S210 The RADIUS server returns a processing message to the BRAS device.
  • Step S212 The BRAS device forwards the processing message to the terminal user.
  • Step S214 The third-party message interface of the DMS receives and processes the control message sent by the RADIUS server, and determines whether the flow rate control policy is delivered or revoked according to the state of the user, and determines whether the user control policy or the application group is delivered according to the dynamic policy ID.
  • Per user control strategy Step S216: DMS delivery (or 4 sales) dynamic flow rate control strategy;
  • FIG. 3 is a block diagram showing the structure of a flow rate control device according to an embodiment of the present invention.
  • the flow rate control device provided in this embodiment is located on the DPI device, as shown in FIG. 3, and includes:
  • the policy receiving module 302 is configured to receive a customized flow rate control policy of the user that is sent by the upstream device in real time after the user goes online and the current DPI device corresponds to the user;
  • the flow rate control module 304 coupled to the policy receiving module 302, is configured to control the flow rate of the user in accordance with the speed control policy described above.
  • the flow rate control device provided by the embodiment adopts a method of dynamically allocating a flow rate control strategy, and the user is deployed on the line as a timing of the flow rate control strategy, real-time configuring the flow rate control strategy for the user, and controlling the flow rate thereof, thereby solving the existing
  • the shortcomings of the static configuration strategy in the technology enable the dynamic flow rate control strategy configuration, which reduces the pressure on equipment and network management personnel.
  • the foregoing flow rate control policy may include at least one of the following: a user control policy whose granularity is a user, and an application group per user control policy whose granularity is an application.
  • the flow rate control strategy that can be adopted by the above flow rate control device includes, but is not limited to, an application group per-user control policy with application granularity, and a user-oriented policy with user granularity.
  • the flow rate control device may further include: a control revocation module configured to receive a message of the undo flow rate control issued by the upstream device in real time after the user goes offline, and cancel the flow rate control to the user.
  • a control revocation module configured to receive a message of the undo flow rate control issued by the upstream device in real time after the user goes offline, and cancel the flow rate control to the user.
  • the setting of the control revocation module makes the dynamic flow rate control policy configuration scheme more complete and complete.
  • the user goes online to deliver the flow rate control policy to the device, and the user cancels the flow rate control strategy on the device. This action cycle is based on the user state intelligent control strategy. The way, the load pressure of the equipment and the maintenance pressure of the network administrator can be greatly reduced.
  • the foregoing upstream device may include: an AAA system, a DMS.
  • the flow rate control is preferably implemented by using the AAA system and the DMS as the upstream device, which is the easiest to implement.
  • the embodiment of the present invention provides a scheme for dynamically controlling the flow rate of an AAA user's Internet application based on the DPI technology, and identifies and influences the AAA user's Internet application.
  • the specific application of the key service is to control the dynamic flow rate.
  • the solution links the AAA system and the DMS.
  • the user goes online to deliver the flow rate control policy to the device.
  • the user goes offline to cancel the flow rate control policy on the device.
  • the action cycle of the intelligent control strategy is applied. , reducing the maintenance pressure on equipment and management personnel.
  • the user control policy controls the total application of the user, restricts the user's Internet bandwidth, and the granularity is slightly thicker.
  • the application group's per-user control policy is fine to the specific application of the user's Internet access, and the application is limited to the application that meets the control conditions. It ensures the development of key businesses and achieves refined control.

Abstract

Disclosed are a flow rate control method and device. The method comprises: after a user comes online, a DPI device, corresponding to the user, receiving a customized flow rate control policy of the user, which is sent by an upstream device in real time; and according to the flow rate control policy, the DPI device conducting flow rate control for the user. The technical solution provided in the present invention solves the problem in the prior art that the static policy configuration of a flow rate control solution is various and complicated, achieves dynamic flow rate control policy configuration, and then reduces the pressure of a device and a network manager.

Description

控制方法及装置 技术领域  Control method and device
本发明涉及通信领域, 具体而言, 涉及一种流速控制方法及装置。 背景技术  The present invention relates to the field of communications, and in particular to a flow rate control method and apparatus. Background technique
从 BT ( Bit Torrent )开始, 点对点 (P2P, Peer to Peer )应用如雨后春 笋般的出现, P2P应用的流行, 丰富了网络生活, 同时带来了网络流量的急 剧增加和流量构成格局的重大变化, 打破了宽带服务业务模型, 简单来讲, 就是增量不增效, 而且干扰关键应用。  Starting from BT (Bit Torrent), peer-to-peer (P2P, Peer to Peer) applications have sprung up, and the popularity of P2P applications has enriched the network life, and brought about a dramatic increase in network traffic and major changes in traffic patterns. Breaking the broadband service business model, in simple terms, is that incrementals do not increase efficiency and interfere with critical applications.
P2P技术的优势在于生生不息,因此网络应用可视性与可控性被推到了 重要的位置, 流速控制管理的粒度需要精细到应用才具有可用性。  The advantage of P2P technology lies in its endless life, so the visibility and controllability of network applications are pushed to an important position. The granularity of flow control management needs to be fine enough to be usable.
深度包探测 (DPI, Deep Packet Inspection )是相对于普通报文分析而 言的一种新技术, 普通报文检测仅仅分析 IP包的四层以下的内容, 包括源 地址、 目的地址、 源端口、 目的端口以及协议类型, 而 DPI则在此基础上, 增加了对应用层的分析, 可识别出各种应用及其内容, 并通过 DPI应用系 统下发策略, 动态控制每个用户的业务使用。 DPI的技术应用是一套对 IP 网络的可实施有效运营和管理的解决方案。  Deep Packet Inspection (DPI) is a new technology compared to ordinary packet analysis. Normal packet detection only analyzes the contents of the IP packet below four layers, including the source address, destination address, and source port. Based on the destination port and the protocol type, DPI adds an analysis of the application layer, identifies various applications and their contents, and dynamically controls the service usage of each user through the DPI application system. The technical application of DPI is a set of solutions for the effective operation and management of IP networks.
在现有的技术中, 宽带远程接入服务器 (BRAS, Broadband Remote Access Server )设备在鉴权、授权及计费 ( AAA, Authentication Authorization and Accounting ) 系统用户上线后, 虽然能对用户设置一些静态或者动态的 授权信息, 但是其粒度只能精细到用户一级, 也就是说, 用户的所有应用 都受到总的流速控制, 这样的控制粒度必然导致用户一些关键业务使用受 到影响; DPI设备能够对用户上网应用进行识别和控制,但是进行识别和控 制的前提必须预先在设备配置静态策略, 这些策略不能随着用户的上下线 而增加或者撤销, 随着控制粒度的细化, 策略配置也会变得越来越多, 越 来越复杂, 这对设备和网络管理人员都是一种巨大压力。 针对现有技术中 的上述问题, 目前尚未提出有效的解决方案。 发明内容 In the existing technology, a broadband remote access server (BRAS, Broadband Remote Access Server) device can set a static or user setting after the user of the AAA, Authentication Authorization and Accounting system is online. Dynamic authorization information, but its granularity can only be fine-grained to the user level. That is to say, all applications of the user are controlled by the total flow rate. Such control granularity will inevitably lead to some key business usage of the user; DPI equipment can be used for users. Internet applications for identification and control, but the premise of identification and control must be configured in advance on the device static policies, these policies can not go online with the user With the addition or revocation, as the granularity of control is refined, the configuration of the policy will become more and more complex and more and more complicated, which is a great pressure for equipment and network administrators. In view of the above problems in the prior art, no effective solution has been proposed yet. Summary of the invention
针对现有技术中流速控制方案中静态策略配置繁多复杂的问题, 本发 明实施例提供了一种流速控制方法及装置, 以至少解决上述问题。  In view of the complicated and complicated configuration of the static policy in the flow rate control scheme in the prior art, the embodiment of the present invention provides a flow rate control method and apparatus to solve at least the above problems.
根据本发明实施例的一个方面, 提供了一种流速控制方法, 包括: 用 户上线后, 与该用户对应的 DPI设备接收上游设备实时下发的该用户的定 制化流速控制策略; 上述 DPI设备根据上述速控制策略对该用户进行流速 控制。  According to an aspect of the embodiments of the present invention, a flow rate control method is provided, including: after a user goes online, a DPI device corresponding to the user receives a customized flow rate control policy of the user that is sent by the upstream device in real time; The above speed control strategy controls the flow rate of the user.
上述流速控制策略包括以下至少之一: 粒度为用户的用户控制策略、 粒度为应用的应用组每用户控制策略。  The above flow rate control strategy includes at least one of the following: a granularity is a user's user control policy, and an granularity is an applied application group per user control policy.
用户的流速控制策略是用户控制策略或者应用组每用户控制策略由上 游设备根据用户的动态策略 ID确定。  The user's flow rate control policy is a user control policy or an application group per user control policy is determined by the upstream device based on the user's dynamic policy ID.
上述方法开可以包括: 用户下线后, 该用户对应的 DPI设备接收上游 设备实时下发的撤销流速控制的消息, 并撤销对该用户的流速控制。  The method may include: after the user goes offline, the DPI device corresponding to the user receives the message of the undo flow rate control sent by the upstream device in real time, and cancels the flow rate control of the user.
上游设备包括: AAA系统、 DPI管理系统(DMS )。  The upstream devices include: AAA system, DPI management system (DMS).
根据本发明实施例的另一方面, 提供了一种位于 DPI设备上的流速控 制装置, 包括: 策略接收模块, 配置为在用户上线后且当前 DPI设备与该 用户对应时, 接收上游设备实时下发的该用户的定制化流速控制策略; 流 速控制模块, 配置为根据上述速控制策略对该用户进行流速控制。  According to another aspect of the present invention, a flow rate control device is provided on a DPI device, including: a policy receiving module, configured to receive an upstream device in real time after the user goes online and the current DPI device corresponds to the user The customized flow rate control strategy of the user; the flow rate control module is configured to control the flow rate of the user according to the speed control strategy described above.
上述流速控制策略包括以下至少之一: 粒度为用户的用户控制策略、 粒度为应用的应用组每用户控制策略。  The above flow rate control strategy includes at least one of the following: a granularity is a user's user control policy, and an granularity is an applied application group per user control policy.
用户的流速控制策略是用户控制策略或者应用组每用户控制策略由上 游设备根据用户的动态策略 ID确定。 上述装置还可以包括: 控制撤销模块, 配置为在用户下线后, 接收上 游设备实时下发的撤销流速控制的消息, 并撤销对该用户的流速控制。 The user's flow rate control policy is a user control policy or an application group per user control policy is determined by the upstream device according to the user's dynamic policy ID. The device may further include: a control revocation module configured to receive a message of the undo flow rate control sent by the upstream device in real time after the user goes offline, and cancel the flow rate control of the user.
上游设备包括: AAA系统、 DMS。  The upstream devices include: AAA system, DMS.
通过本发明实施例, 采用以用户上线为契机, 动态地配置流速控制策 略对用户进行流速控制的方案, 解决了现有技术中流速控制方案静态策略 配置繁多复杂的问题, 实现了动态化的流速控制策略配置, 进而减小了设 备和网络管理人员的压力。 附图说明  Through the embodiment of the present invention, the scheme of dynamically controlling the flow rate control strategy to the user to control the flow rate by using the user to go online, solves the complicated and complicated problem of the static strategy configuration of the flow rate control scheme in the prior art, and realizes the dynamic flow rate. Control policy configuration, which reduces the pressure on equipment and network managers. DRAWINGS
此处所说明的附图用来提供对本发明实施例的进一步理解 , 构成本申 请的一部分, 本发明的示意性实施例及其说明用于解释本发明, 并不构成 对本发明的不当限定。 在附图中:  The drawings are intended to provide a further understanding of the embodiments of the present invention, and are intended to be a part of the present invention, and the description of the present invention is not intended to limit the invention. In the drawing:
图 1是根据本发明实施例的流速控制方法的流程图;  1 is a flow chart of a flow rate control method according to an embodiment of the present invention;
图 2是根据本发明优选实施例的流速控制方法的流程图;  2 is a flow chart of a flow rate control method in accordance with a preferred embodiment of the present invention;
图 3是根据本发明实施例的流速控制装置的结构框图。 具体实施方式  3 is a block diagram showing the structure of a flow rate control device according to an embodiment of the present invention. detailed description
下文中将参考附图并结合实施例来详细说明本发明。 需要说明的是, 在不冲突的情况下, 本申请中的实施例及实施例中的特征可以相互组合。  The invention will be described in detail below with reference to the drawings in conjunction with the embodiments. It should be noted that the embodiments in the present application and the features in the embodiments may be combined with each other without conflict.
图 1是根据本发明实施例的流速控制方法的流程图。 如图 1所示, 本 发明实施例的流速控制方法包括:  1 is a flow chart of a flow rate control method in accordance with an embodiment of the present invention. As shown in FIG. 1, the flow rate control method of the embodiment of the present invention includes:
步骤 S102, 用户上线后, 与该用户对应的 DPI设备接收上游设备实时 下发的该用户的定制化流速控制策略;  Step S102: After the user goes online, the DPI device corresponding to the user receives the customized flow rate control policy of the user that is sent by the upstream device in real time;
步骤 S104, 上述 DPI设备根据上述流速控制策略对该用户进行流速控 制。  Step S104: The DPI device performs flow rate control on the user according to the flow rate control policy.
本实施例提供的流速控制方法针对现有流速控制方法中静态配置策略 的不足提出了动态配置流速控制策略的方案。 在本实施例提供的流速控制 方法以用户上线作为流速控制策略配置的时机, 实时地为用户配置流速控 制策略, 通过用户对应的 DPI设备对用户进行流速控制, 从而解决了现有 技术中静态配置策略的不足, 实现了动态化的流速控制策略配置, 进而减 'J、了设备和网络管理人员的压力。 The flow rate control method provided by this embodiment is directed to a static configuration strategy in an existing flow rate control method The shortcomings propose a scheme for dynamically configuring the flow rate control strategy. In the flow rate control method provided by the embodiment, when the user goes online as the flow rate control strategy configuration, the flow rate control strategy is configured for the user in real time, and the flow rate control is performed on the user by the DPI device corresponding to the user, thereby solving the static configuration in the prior art. The lack of strategy has enabled the dynamic flow rate control strategy configuration, which in turn reduced the pressure on equipment and network management personnel.
而基于 DPI设备的能力, 可以采用的流速控制策略是多种多样的。 优 选地, 流速控制策略可以包括以下至少之一: 粒度为用户的用户控制策略、 粒度为应用的应用组每用户控制策略。  Based on the capabilities of DPI devices, the flow control strategies that can be employed are varied. Preferably, the flow rate control policy may include at least one of the following: a granularity is a user's user control policy, and an granularity is an applied application group per user control policy.
DPI设备能够对用户上网应用进行识别和控制,因此其可以支持以应用 为粒度的流速控制策略, 即应用组每用户控制策略, 应用组每用户控制策 略可以保证关键业务的开展, 实现控制的精细化。 当然, DPI设备也可以支 持以用户为粒度的流速控制策略, 即用户控制策略, 用户控制策略粒度较 粗, 但其也有适用的场景(即控制精度要求不高的场景)。 上述两个流速控 制策略的组合应用, 即可满足绝大多数场景下的流速控制要求, 但本发明 实施例中也不排除其它适用的策略。  The DPI device can identify and control the user's Internet application, so it can support the application-oriented flow rate control strategy, that is, the application group per-user control policy, and the application group per-user control strategy can ensure the development of key services and achieve fine control. Chemical. Of course, the DPI device can also support the user-oriented flow rate control strategy, that is, the user control policy, and the user control policy is coarser in granularity, but it also has a suitable scenario (that is, a scenario where the control precision is not high). The combination of the above two flow rate control strategies can meet the flow rate control requirements in most scenarios, but other applicable strategies are not excluded in the embodiments of the present invention.
至于究竟对一个用户采用用户控制策略还是应用组每用户控制策略, 其决定的方式是可以根据具体需要设置的, 本优选实施例中提供一种优选 的方式: 优选地, 用户的流速控制策略是用户控制策略还是应用组每用户 控制策略由上游设备根据用户的动态策略 ID确定。  As for whether a user control policy or an application group per user control policy is applied to a user, the manner of determining is set according to specific needs, and a preferred mode is provided in the preferred embodiment: Preferably, the user's flow rate control policy is The user control policy or application group per user control policy is determined by the upstream device according to the user's dynamic policy ID.
根据用户的动态策略 ID确定其流速控制策略直接快速, 适用性最强。 这里, 用户的动态策略 ID可以作为用户本身的属性, 也可由其它设备为用 户分配。  According to the user's dynamic policy ID, the flow rate control strategy is directly and quickly, and the applicability is the strongest. Here, the user's dynamic policy ID can be used as an attribute of the user itself, or can be assigned by other devices to the user.
优选地, 上述的流速控制方法还可以包括: 用户下线后, 用户对应的 DPI设备接收上述上游设备实时下发的撤销流速控制的消息,并撤销对用户 的流速控制。 对应于用户上线对其进行实时的流速控制策略配置, 用户下线后也可 设置取消对其的流速控制。 这样的方式使动态的流速控制策略配置方案更 为完整彻底, 用户上线给设备下发流速控制策略, 用户下线取消设备上的 流速控制策略, 这种根据用户状态智能控制策略的作用周期的方式, 可以 大大减少设备的负载压力和网络管理人员的维护压力。 Preferably, the flow rate control method may further include: after the user goes offline, the DPI device corresponding to the user receives the message of the undo flow rate control sent by the upstream device in real time, and cancels the flow rate control on the user. Corresponding to the real-time flow rate control strategy configuration of the user online, the user can also set the flow rate control after canceling the line. In this way, the dynamic flow rate control policy configuration scheme is more complete and complete, the user goes online to deliver the flow rate control policy to the device, and the user goes offline to cancel the flow rate control strategy on the device, and the manner of the action cycle according to the user state intelligent control strategy , can greatly reduce the load pressure of the equipment and the maintenance pressure of network managers.
优选地, 上述上游设备可以包括: AAA系统、 DMS。  Preferably, the foregoing upstream device may include: an AAA system, a DMS.
本发明实施例中, 优先采用 AAA系统和 DMS作为上游设备实现上述 流速控制方法, 这样实现起来最为容易, 但也不排除网络中的其它设备也 可以作为上游设备。  In the embodiment of the present invention, the AAA system and the DMS are preferentially used as the upstream device to implement the above flow rate control method, which is the easiest to implement, but it is not excluded that other devices in the network can also be used as the upstream device.
下面结合图 2及具体的优选实施例对本发明提出的流速控制方法的应 用进行详细说明。  The application of the flow rate control method proposed by the present invention will be described in detail below with reference to Fig. 2 and a specific preferred embodiment.
本优选实施例提供了一种基于 DPI技术对 AAA用户上网应用精细流速 控制的方法, 概括来说就是远程认证拨号用户服务 ( RADIUS, Remote Authentication Dial-In User Service )服务器对 AAA系统用户上线进行认证, 然后给 DMS发送消息告知用户上线, DMS下发定制的流速控制策略到 DPI 设备上, DPI设备对用户或者用户的上网应用进行识别,符合条件的用户或 用户应用将受到控制。  The preferred embodiment provides a method for applying fine flow rate control to an AAA user based on the DPI technology. In general, the remote authentication dial-in user service (RADIUS) server authenticates the AAA system user. Then, the DMS sends a message to inform the user to go online. The DMS sends a customized flow rate control policy to the DPI device. The DPI device identifies the user or the user's Internet application, and the qualified user or user application will be controlled.
本优选实施例中的 DMS提供了第三方消息接口,能够与满足消息格式 的任何 RADIUS服务器进行通信交互, 应用更具扩展性。  The DMS in the preferred embodiment provides a third-party message interface, which can communicate with any RADIUS server that satisfies the message format, and the application is more scalable.
图 2是根据本发明优选实施例的流速控制方法的流程图, 如图 2所示, 包括:  2 is a flow chart of a flow rate control method according to a preferred embodiment of the present invention. As shown in FIG. 2, the method includes:
步骤 S202: 终端用户发起上线 (或者下线) 消息, 请求接入网络(或 者退出) 网络;  Step S202: The terminal user initiates an online (or offline) message requesting access to the network (or exiting) the network;
步骤 S204: BRAS设备转发消息到 RADIUS服务器进行处理; 步骤 S206: RADIUS服务器对用户消息进行处理, 进行认证上线(或 者下线)操作; Step S204: The BRAS device forwards the message to the RADIUS server for processing; Step S206: The RADIUS server processes the user message, and performs authentication online (or Under the line) operation;
步骤 S208: RADIUS服务器向 DMS发送控制消息, 该消息中会包含 用户 IP、 虚拟局域网 (VLAN, Virtual Local Area Network )号、 用户状态 和动态策略 ID等信息, 根据这些参数信息, DMS能够很方便地定位用户 经过的 DPI设备和确定需要下发的流速控制策略内容;  Step S208: The RADIUS server sends a control message to the DMS, where the message includes user IP, virtual local area network (VLAN) number, user status, and dynamic policy ID. According to the parameter information, the DMS can conveniently Locating the DPI device that the user passes through and determining the content of the flow rate control policy that needs to be delivered;
步骤 S210: RADIUS服务器回复处理消息给 BRAS设备;  Step S210: The RADIUS server returns a processing message to the BRAS device.
步骤 S212: BRAS设备转发处理消息给终端用户;  Step S212: The BRAS device forwards the processing message to the terminal user.
步骤 S214: DMS的第三方消息接口接收并处理 RADIUS服务器发送 过来的控制消息, 根据用户状态决定此时是下发还是撤销流速控制策略, 根据动态策略 ID决定下发的是用户控制策略还是应用组每用户控制策略; 步骤 S216: DMS下发(或 4敦销 )动态流速控制策略;  Step S214: The third-party message interface of the DMS receives and processes the control message sent by the RADIUS server, and determines whether the flow rate control policy is delivered or revoked according to the state of the user, and determines whether the user control policy or the application group is delivered according to the dynamic policy ID. Per user control strategy; Step S216: DMS delivery (or 4 sales) dynamic flow rate control strategy;
步骤 S218: 用户上线, DPI设备对用户或应用进行识别, 对符合控制 要求的用户或应用进行精细流速控制。  Step S218: The user goes online, and the DPI device identifies the user or the application, and performs fine flow rate control on the user or the application that meets the control requirement.
图 3是根据本发明实施例的流速控制装置的结构框图。 本实施例提供 的流速控制装置位于 DPI设备上, 如图 3所示, 其包括:  3 is a block diagram showing the structure of a flow rate control device according to an embodiment of the present invention. The flow rate control device provided in this embodiment is located on the DPI device, as shown in FIG. 3, and includes:
策略接收模块 302,配置为在用户上线后且当前 DPI设备与该用户对应 时, 接收上游设备实时下发的该用户的定制化流速控制策略;  The policy receiving module 302 is configured to receive a customized flow rate control policy of the user that is sent by the upstream device in real time after the user goes online and the current DPI device corresponds to the user;
流速控制模块 304, 连接至策略接收模块 302, 配置为根据上述速控制 策略对该用户进行流速控制。  The flow rate control module 304, coupled to the policy receiving module 302, is configured to control the flow rate of the user in accordance with the speed control policy described above.
本实施例提供的流速控制装置采用了动态分配流速控制策略的方式, 以用户上线作为流速控制策略配置的时机, 实时地为用户配置流速控制策 略, 并对其进行流速控制, 从而解决了现有技术中静态配置策略的不足, 实现了动态化的流速控制策略配置, 减小了设备和网络管理人员的压力。  The flow rate control device provided by the embodiment adopts a method of dynamically allocating a flow rate control strategy, and the user is deployed on the line as a timing of the flow rate control strategy, real-time configuring the flow rate control strategy for the user, and controlling the flow rate thereof, thereby solving the existing The shortcomings of the static configuration strategy in the technology enable the dynamic flow rate control strategy configuration, which reduces the pressure on equipment and network management personnel.
优选地, 上述流速控制策略可以包括以下至少之一: 粒度为用户的用 户控制策略、 粒度为应用的应用组每用户控制策略。 基于 DPI设备的能力, 上述流速控制装置可以采用的流速控制策略包 括但不限于以应用为粒度的应用组每用户控制策略、 以用户为粒度的用户 控制策略。 Preferably, the foregoing flow rate control policy may include at least one of the following: a user control policy whose granularity is a user, and an application group per user control policy whose granularity is an application. Based on the capabilities of the DPI device, the flow rate control strategy that can be adopted by the above flow rate control device includes, but is not limited to, an application group per-user control policy with application granularity, and a user-oriented policy with user granularity.
优选地, 用户的流速控制策略是用户控制策略还是应用组每用户控制 策略由上游设备根据用户的动态策略 ID确定。  Preferably, whether the user's flow rate control policy is a user control policy or an application group per user control policy is determined by the upstream device according to the user's dynamic policy ID.
根据用户的动态策略 ID确定其流速控制策略直接快速, 适用性最强。 优选地, 上述流速控制装置还可以包括: 控制撤销模块, 配置为在用 户下线后, 接收上游设备实时下发的撤销流速控制的消息, 并撤销对用户 的流速控制。  According to the user's dynamic policy ID, the flow rate control strategy is directly and quickly, and the applicability is the strongest. Preferably, the flow rate control device may further include: a control revocation module configured to receive a message of the undo flow rate control issued by the upstream device in real time after the user goes offline, and cancel the flow rate control to the user.
控制撤销模块的设置使动态的流速控制策略配置方案更为完整彻底, 用户上线给设备下发流速控制策略, 用户下线取消设备上的流速控制策略, 这种根据用户状态智能控制策略的作用周期的方式, 可以大大减少设备的 负载压力和网络管理人员的维护压力。  The setting of the control revocation module makes the dynamic flow rate control policy configuration scheme more complete and complete. The user goes online to deliver the flow rate control policy to the device, and the user cancels the flow rate control strategy on the device. This action cycle is based on the user state intelligent control strategy. The way, the load pressure of the equipment and the maintenance pressure of the network administrator can be greatly reduced.
优选地, 上述上游设备可以包括: AAA系统、 DMS。  Preferably, the foregoing upstream device may include: an AAA system, a DMS.
本发明中, 优先采用 AAA系统和 DMS作为上游设备实现流速控制, 这样实现起来最为容易。  In the present invention, the flow rate control is preferably implemented by using the AAA system and the DMS as the upstream device, which is the easiest to implement.
从以上的描述中, 可以看出本发明实施例针对现有技术中的不足, 提 供了一种基于 DPI技术对 AAA用户上网应用进行动态流速控制的方案,对 AAA用户上网应用进行识别并且对影响关键业务的具体应用进行动态流速 控制, 该方案把 AAA系统和 DMS联动起来, 用户上线给设备下发流速控 制策略, 用户下线取消设备上的流速控制策略, 根据用户状态智能控制策 略的作用周期, 减少了设备和管理人员的维护压力。 流速控制策略分成两 种: 包括用户控制策略和应用组每用户控制策略。 用户控制策略对用户的 所有应用进行总的控制, 限制用户上网带宽, 粒度稍粗; 应用组每用户控 制策略精细到用户上网的具体应用, 对于符合控制条件的应用才进行限制, 保证了关键业务的开展, 实现控制的精细化。 From the above description, it can be seen that the embodiment of the present invention provides a scheme for dynamically controlling the flow rate of an AAA user's Internet application based on the DPI technology, and identifies and influences the AAA user's Internet application. The specific application of the key service is to control the dynamic flow rate. The solution links the AAA system and the DMS. The user goes online to deliver the flow rate control policy to the device. The user goes offline to cancel the flow rate control policy on the device. According to the user status, the action cycle of the intelligent control strategy is applied. , reducing the maintenance pressure on equipment and management personnel. There are two types of flow control strategies: including user control policies and application group per-user control strategies. The user control policy controls the total application of the user, restricts the user's Internet bandwidth, and the granularity is slightly thicker. The application group's per-user control policy is fine to the specific application of the user's Internet access, and the application is limited to the application that meets the control conditions. It ensures the development of key businesses and achieves refined control.
显然, 本领域的技术人员应该明白, 上述的本发明的各模块或各步骤 可以用通用的计算装置来实现, 它们可以集中在单个的计算装置上, 或者 分布在多个计算装置所组成的网络上, 可选地, 它们可以用计算装置可执 行的程序代码来实现, 从而, 可以将它们存储在存储装置中由计算装置来 执行, 并且在某些情况下, 可以以不同于此处的顺序执行所示出或描述的 步骤, 或者将它们分别制作成各个集成电路模块, 或者将它们中的多个模 块或步骤制作成单个集成电路模块来实现。 这样, 本发明不限制于任何特 定的硬件和软件结合。  Obviously, those skilled in the art should understand that the above modules or steps of the present invention can be implemented by a general-purpose computing device, which can be concentrated on a single computing device or distributed over a network composed of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device, such that they may be stored in the storage device by the computing device and, in some cases, may be different from the order herein. The steps shown or described are performed, or they are separately fabricated into individual integrated circuit modules, or a plurality of modules or steps are fabricated as a single integrated circuit module. Thus, the invention is not limited to any specific combination of hardware and software.
以上所述仅为本发明的优选实施例而已, 并不用于限制本发明, 对于 本领域的技术人员来说, 本发明可以有各种更改和变化。 凡在本发明的精 神和原则之内, 所作的任何修改、 等同替换、 改进等, 均应包含在本发明 的保护范围之内。  The above is only the preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. within the spirit and scope of the invention are intended to be included within the scope of the invention.

Claims

权利要求书 Claim
1.一种流速控制方法, 包括:  A flow rate control method comprising:
用户上线后, 与所述用户对应的深度包探测 DPI设备接收上游设备实 时下发的所述用户的定制化流速控制策略;  After the user goes online, the deep packet detection DPI device corresponding to the user receives the customized flow rate control policy of the user that is sent by the upstream device in real time;
所述 DPI设备根据所述速控制策略对所述用户进行流速控制。  The DPI device performs flow rate control on the user according to the speed control policy.
2.根据权利要求 1 所述的方法, 其中, 所述流速控制策略包括以下至 少之一: 粒度为用户的用户控制策略、 粒度为应用的应用组每用户控制策 格。  The method according to claim 1, wherein the flow rate control policy comprises at least one of the following: a user control policy whose granularity is a user, and an application group per user control policy whose granularity is an application.
3.根据权利要求 2所述的方法, 其中, 所述流速控制策略是用户控制 ID确定。  3. The method of claim 2, wherein the flow rate control policy is a user control ID determination.
4.根据权利要求 1至 3任一项所述的方法, 其中, 所述方法还包括: 所述用户下线后, 所述用户对应的 DPI设备接收所述上游设备实时下 发的撤销流速控制的消息, 并撤销对所述用户的流速控制。  The method according to any one of claims 1 to 3, wherein the method further comprises: after the user goes offline, the DPI device corresponding to the user receives the undo flow rate control that is sent by the upstream device in real time. The message, and undo the flow rate control for the user.
5.根据权利要求 1至 3任一项所述的方法, 其中, 所述上游设备包括: 鉴权、 授权及计费 AAA系统、 DPI管理系统。  The method according to any one of claims 1 to 3, wherein the upstream device comprises: an authentication, authorization, and accounting AAA system, and a DPI management system.
6.—种流速控制装置, 位于深度包探测 DPI设备上, 包括:  6. A flow rate control device located on the deep packet detection DPI device, including:
策略接收模块, 配置为在用户上线后且当前 DPI设备与所述用户对应 时, 接收上游设备实时下发的所述用户的定制化流速控制策略;  The policy receiving module is configured to receive a customized flow rate control policy of the user that is sent by the upstream device in real time after the user goes online and the current DPI device corresponds to the user;
流速控制模块, 配置为根据所述速控制策略对所述用户进行流速控制。 The flow rate control module is configured to perform flow rate control on the user according to the speed control policy.
7.根据权利要求 6所述的装置, 其中, 所述流速控制策略包括以下至 少之一: 粒度为用户的用户控制策略、 粒度为应用的应用组每用户控制策 格。 The device according to claim 6, wherein the flow rate control policy comprises at least one of the following: a user control policy whose granularity is a user, and an application group per user control policy whose granularity is an application.
8.根据权利要求 7所述的装置, 其中, 所述流速控制策略是用户控制 策略或者应用组每用户控 ID确定。 The apparatus according to claim 7, wherein the flow rate control policy is a user control policy or an application group per user control ID is determined.
9.根据权利要求 6至 8任一项所述的装置, 其中, 所述装置还包括: 控制撤销模块, 配置为在所述用户下线后, 接收所述上游设备实时下 发的撤销流速控制的消息, 并撤销对所述用户的流速控制。  The device according to any one of claims 6 to 8, wherein the device further comprises: a control revocation module, configured to receive the undo flow rate control sent by the upstream device in real time after the user goes offline The message, and undo the flow rate control for the user.
10. 根据权利要求 6至 8任一项所述的装置,其中,所述上游设备包括: 鉴权、 授权及计费 AAA系统、 DPI管理系统。  The device according to any one of claims 6 to 8, wherein the upstream device comprises: an authentication, authorization and charging AAA system, a DPI management system.
PCT/CN2013/079960 2012-08-10 2013-07-24 Flow rate control method and device WO2014023161A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201210284653.8 2012-08-10
CN201210284653.8A CN103581043A (en) 2012-08-10 2012-08-10 Flow velocity control method and device

Publications (1)

Publication Number Publication Date
WO2014023161A1 true WO2014023161A1 (en) 2014-02-13

Family

ID=50052004

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2013/079960 WO2014023161A1 (en) 2012-08-10 2013-07-24 Flow rate control method and device

Country Status (2)

Country Link
CN (1) CN103581043A (en)
WO (1) WO2014023161A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1937623A (en) * 2006-10-18 2007-03-28 华为技术有限公司 Method and system for controlling network business
CN101247336A (en) * 2008-03-07 2008-08-20 中兴通讯股份有限公司 Method and server for controlling multilevel access authority of access user
CN101383829A (en) * 2008-10-17 2009-03-11 杭州华三通信技术有限公司 Stream recognition method and bandwidth management device
US20100067400A1 (en) * 2008-09-16 2010-03-18 Alcatel Lucent Application-level processing for default lte bearer in s-gw

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1937623A (en) * 2006-10-18 2007-03-28 华为技术有限公司 Method and system for controlling network business
CN101247336A (en) * 2008-03-07 2008-08-20 中兴通讯股份有限公司 Method and server for controlling multilevel access authority of access user
US20100067400A1 (en) * 2008-09-16 2010-03-18 Alcatel Lucent Application-level processing for default lte bearer in s-gw
CN101383829A (en) * 2008-10-17 2009-03-11 杭州华三通信技术有限公司 Stream recognition method and bandwidth management device

Also Published As

Publication number Publication date
CN103581043A (en) 2014-02-12

Similar Documents

Publication Publication Date Title
US9819540B1 (en) Software defined network controller
CN105765921B (en) For carrying out method, system and the equipment of DIAMETER routing using software defined network function
CN101766013B (en) System and method of providing services via peer-to-peer-based next generation network
JP6108625B2 (en) Carrier grade peer-to-peer (P2P) network system and method
CN106411664B (en) A kind of metropolitan area network system
WO2014082538A1 (en) Business scheduling method and apparatus and convergence device
CN1812363A (en) Apparatus and method for providing multiprotocol label switching (MPLS) based virtual private network (VPN)
JP2010537566A (en) Service set manager for ad hoc mobile service providers
US10057236B2 (en) Method for operating a network and a network
CN103312682B (en) The method and system that gateway security accesses
US9037721B2 (en) Method and system for resource admission control
CN106576345A (en) Propagating communication awareness over a cellular network
CN108234677A (en) A kind of block chain network node serve device towards multi-tiling platform chain
WO2014056402A1 (en) Method and device for realizing internet service based on convergence of cdn and network
CN102946434A (en) Communication method of wireless local area network (WLAN)
WO2021164259A1 (en) Packet transmission method, apparatus, and system
WO2010081314A1 (en) An ngn home network resource access control method and system
CN111565165B (en) Cloud mobile phone authentication, maintenance and state change system and method
WO2008151491A1 (en) A p2p network system and application method thereof
CN104683252A (en) Gateway connection method and system applied to game network
CN105659642B (en) Charge processing method concentrates network control node, functional node and system
CN1223155C (en) Method for realizing 802.1 X communication based on group management
Dayananda et al. Architecture for inter-cloud services using IPsec VPN
WO2012083770A1 (en) Cloud computing system in next generation network
WO2014023161A1 (en) Flow rate control method and device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13827063

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13827063

Country of ref document: EP

Kind code of ref document: A1