WO2016033986A1 - Method and apparatus for implementing deep packet inspection - Google Patents

Method and apparatus for implementing deep packet inspection Download PDF

Info

Publication number
WO2016033986A1
WO2016033986A1 PCT/CN2015/077874 CN2015077874W WO2016033986A1 WO 2016033986 A1 WO2016033986 A1 WO 2016033986A1 CN 2015077874 W CN2015077874 W CN 2015077874W WO 2016033986 A1 WO2016033986 A1 WO 2016033986A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
aaa
policy
policy information
dpi
Prior art date
Application number
PCT/CN2015/077874
Other languages
French (fr)
Chinese (zh)
Inventor
李小国
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2016033986A1 publication Critical patent/WO2016033986A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/02Capturing of monitoring data
    • H04L43/028Capturing of monitoring data by filtering

Definitions

  • the present invention relates to the field of communications, and in particular, to a method and an apparatus for implementing deep packet inspection.
  • Deep Packet Inspection is a packet-based application layer traffic detection and control technology for different layers of data packets (such as IP address, application layer port, application layer protocol, payload content). Then, perform deep detection and analysis to obtain application layer information of the entire data stream or data packet, and then statistically analyze and control the traffic according to a system-defined strategy.
  • the DPI equipment deployed on the existing network of China Telecom uses the proprietary protocols of each manufacturer to interact with its own integrated system and application platform (referred to as the integrated system), which makes it difficult to share information between different provinces, and more deployments in the same province.
  • DPI manufacturers' equipment needs to build independent sub-systems and strategic control systems, and data from different manufacturers is not easy to share.
  • China Telecom defines the interface specification of DPI equipment and the comprehensive system, to standardize the analysis and reporting data of DPI equipment and unify the information interaction interface between it and the integrated system, to realize a unified data mining analysis system of the whole province and even the whole country.
  • the embodiment of the invention provides a method and a device for implementing deep packet inspection, so as to at least solve the problem that it is difficult to realize information sharing between DPI system devices and the subdivision system of different manufacturers in the prior art.
  • a method for implementing deep packet inspection includes: the DPI device receives authentication and authorization (Acceptance, Accounting, AAA for short) information and policy information from different subdivision systems, where
  • the policy information is a policy used to indicate the detection of the service data and/or a statistical analysis of the service data and reporting the strategy adopted by the comprehensive system;
  • the DPI device caches the AAA information and the policy information; the DPI device detects the service data according to the cached AAA information and the policy information.
  • the DPI device receives the authentication and authorization charging AAA information and the policy information from the different computing system, and the DPI device receives the AAA information and the policy by using a Uc interface disposed on the DPI device. information.
  • the DPI device caches the AAA information and the policy information, and the DPI device obtains a copy of the AAA information obtained by copying the AAA information, and performs the policy information. a copy of the policy information obtained after the copying; the DPI device performs distributed caching on the AAA information and the copy of the AAA information, and performs distributed caching on the policy information and the copy of the policy information.
  • the method further includes: the DPI device generates a service CDR of the service data; The device performs statistics on the service CDRs according to the policy information, and obtains statistics data.
  • the DPI device reports the service data to the multiplexed system.
  • the DPI device reports the service data to the system, and the DPI device reports the statistics to the UD interface on the DPI device. Subdivision system.
  • an apparatus for implementing deep packet inspection comprising: a receiving module, configured to receive authentication and authorization charging AAA information and policy information from different subdivision systems
  • the policy information is a policy used to indicate the detection of the service data and/or a statistical analysis of the service data and reporting the policy adopted by the system;
  • the cache module is set as a cache Determining the AAA information and the policy information;
  • the detecting module is configured to detect the service data according to the cached AAA information and the policy information.
  • the receiving module is further configured to receive the AAA information and the policy information by using a Uc interface that is disposed on the DPI device.
  • the cache module is further configured to obtain a copy of the AAA information obtained by copying the AAA information, and a copy of the policy information obtained by copying the policy information; and the AAA information and The AAA information copy is distributedly cached, and the policy information and the copy of the policy information are distributed and cached.
  • the device further includes: a generating module, configured to generate a service CDR of the service data; and a statistic module, configured to perform statistics on the service CDR according to the policy information, and obtain statistics
  • the reporting module is configured to report the service data to the comprehensive system.
  • the reporting module is further configured to report the statistical data to the comprehensive counting system through a Ud interface disposed on the DPI device.
  • the DPI device is used to receive the authentication and authorization charging AAA information and policy information from different system, wherein the policy information is used to indicate the policy used for detecting the service data and/or the service data is performed.
  • the DPI device caches AAA information and policy information; the DPI device detects the service data based on the cached AAA information and policy information, and solves the DPI system equipment and the integrated system of different manufacturers. It is difficult to realize the problem of information sharing, and thus the data sharing between DPI devices is easy to be shared, and the effect of establishing a unified data mining analysis system is improved, and the performance and reliability of AAA information and policy information storage and use are improved.
  • FIG. 1 is a flowchart of a method for implementing deep packet inspection according to an embodiment of the present invention
  • FIG. 2 is a structural block diagram of an apparatus for implementing deep packet inspection according to an embodiment of the present invention
  • FIG. 3 is a structural block diagram 1 of an apparatus for implementing deep packet inspection according to an embodiment of the present invention
  • FIG. 4 is a block diagram of a functional module of a DPI system according to an embodiment of the present invention.
  • FIG. 5 is a flowchart of cooperation between AAA information processing modules of a DPI system according to an embodiment of the present invention
  • FIG. 6 is a flowchart of cooperation between a DPI system policy and a configuration information processing module according to an embodiment of the present invention
  • FIG. 7 is a flowchart of cooperation between statistical data reporting modules of a DPI system according to an embodiment of the present invention.
  • FIG. 1 is a flowchart of a method for implementing deep packet inspection according to an embodiment of the present invention. As shown in FIG. 1, the process includes the following steps:
  • step S102 the DPI device receives the authentication and authorization charging AAA information and the policy information from the different system, wherein the policy information is used to indicate the policy used for detecting the service data and/or statistically analyze and report the service data.
  • Step S104 the DPI device caches AAA information and policy information.
  • Step S106 The DPI device detects the service data according to the cached AAA information and the policy information.
  • the DPI device caches the received AAA information and policy information from different subdivision systems, and detects the service data according to the cached AAA information and policy information, compared to the DPI system of different manufacturers in the prior art. It is difficult to realize information sharing between the device and the integrated system, which makes it easy to share data between DPI devices, facilitates the establishment of a unified data mining and analysis system, and improves the performance and reliability of AAA information and policy information storage and use. Sex.
  • the DPI device receives the AAA information and the policy information from the different system, and it should be noted that the DPI device can receive the information in multiple manners.
  • the DPI device is set in the DPI.
  • the Uc interface of the device receives AAA information and policy information.
  • the DPI device caches the AAA information and the policy information. Similarly, the DPI device caches the information in multiple manners. In a preferred embodiment, the DPI device obtains the AAA information. A copy of the AAA information, and a copy of the policy information obtained by copying the policy information, and then the DPI device performs distributed caching on the AAA information and the AAA information copy, and distributedly caches the copy of the policy information and the policy information, thereby passing through the DPI system.
  • the distributed cache is used to store AAA information and policy information, which solves the problem that AAA information and service data cannot be distributed to the same service processor for data association. At the same time, distributed cache provides distributed, multi-copy memory storage, and strategy. The storage and use of information and AAA information has higher performance and higher reliability.
  • the DPI device after the DPI device detects the service data according to the cached AAA information and the policy information, the DPI device generates a service CDR of the service data, and the DPI device performs statistics on the service CDR according to the policy information, and obtains statistics. Data, the DPI device reports the business data to the integrated system, thereby realizing the information interaction between the DPI device and the integrated system.
  • the DPI device can also report the service data to the integrated system in a plurality of manners.
  • the DPI device reports the statistical data to the integrated system through the Ud interface disposed on the DPI device.
  • a device for implementing the deep packet detection is further provided, and the device is used to implement the foregoing embodiments and the preferred embodiments, and details are not described herein.
  • the term "module” may implement a combination of software and/or hardware of a predetermined function.
  • the apparatus described in the following embodiments is preferably implemented in software, hardware, or a combination of software and hardware, is also possible and contemplated.
  • the method includes: a receiving module 22 configured to receive authentication and authorization from different subdivision systems. Accounting AAA information and policy information, wherein the policy information is a policy used to indicate the detection of the service data and/or a statistical analysis of the service data and reporting the policy adopted by the system; the cache module 24, configured to cache AAA information and policy information; the detecting module 26 is configured to detect the service data according to the cached AAA information and the policy information.
  • the receiving module 22 is further configured to receive AAA information and policy information through a Uc interface disposed on the DPI device.
  • the cache module 24 is further configured to obtain a copy of the AAA information obtained by copying the AAA information, and a copy of the policy information obtained by copying the policy information; and distributedly buffering the AAA information and the AAA information copy. And distributed caching of copies of policy information and policy information.
  • the apparatus further includes: a generating module 28, configured to generate a service bill for service data; and a statistics module 30, setting The statistics are obtained by collecting statistics on the business bills according to the policy information, and the reporting module 32 is configured to report the service data to the integrated system.
  • the reporting module 32 is further configured to report the statistical data to the integrated system through the Ud interface disposed on the DPI device.
  • the technical problem to be solved by the preferred embodiment is to overcome the problem that the authentication, authorization, and accounting (AAA) information is delivered through the system and the service data cannot be distributed to the same service processor, and the policy.
  • AAA authentication, authorization, and accounting
  • the service processing module detects and controls the service data according to the policy information, and generates a service bill;
  • a policy management module that manages and maintains user AAA information and policy information
  • a statistical database that stores business bill records, analyzes, and statistically detects business data
  • Uc interface module AAA information, policy information and configuration information transmission interface between the DPI system and the integrated system, responsible for data transmission and reception and format conversion;
  • the Ud interface module the DPI system reports the transmission adaptation interface of the statistical data to the comprehensive system, and is responsible for data transmission and reception and format conversion;
  • the statistics aggregation module dynamically maintains statistical tasks according to the statistical reporting policy and reports statistical data to the comprehensive system.
  • the distributed cache module stores distributed user AAA information and policy information in memory in a distributed, multi-copy manner.
  • a service processing module is connected with a policy management module, a distributed cache module, and a statistical database; a policy management module, a service processing module, and a statistical aggregation module.
  • Uc interface module distributed cache module connection; statistical aggregation module and policy management module, Ud interface module, distributed cache module, statistical database connection.
  • the implementation method of the DPI system of the preferred embodiment includes the following steps: Step 1: Receive and parse the AAA information of the maintenance user through the Uc interface; Step 2, receive and parse the maintenance policy and configuration information through the Uc interface; Step 3, according to the management policy The information is detected and controlled by the service data, and the service CDR is generated.
  • step 4 the service CDR record is saved to the statistic database, and the service data is pre-stated, and the statistic data is dynamically obtained according to the statistical report policy, and reported to the ensemble through the Ud interface. Sub-system.
  • the preferred embodiment introduces a distributed cache to store AAA information and policy information in the DPI system, and solves the problem that the AAA information and the service data cannot be distributed to the same service processor for data association, and Distributed cache provides distributed, multi-copy memory storage.
  • the storage and use of policy information and AAA information has higher performance and higher reliability. It provides a DPI system implementation method based on the unified interface of telecom specifications. It makes the data of different manufacturers and different provinces more convenient to share, and it is easy to realize a unified data mining and analysis system of the whole province and even the whole country.
  • FIG. 5 is a flowchart of cooperation between AAA information processing modules of a DPI system according to an embodiment of the present invention. As shown in FIG. 5, the method includes the following steps:
  • step S502 the AAA online information is sent to the Uc interface module of the DPI system.
  • Step S504 the Uc interface module receives the message, and converts to the internal message format of the DPI system and forwards the message to the policy management module.
  • Step S506 the policy management module parses the AAA information to obtain user information, and stores the user information in the distributed cache.
  • Step S508 the service processing module receives the service data packet and does not have corresponding user information locally, and queries the distributed cache to obtain the corresponding user information. If the user information is successfully queried, the query module information of the user information in the distributed cache is updated, AAA. After the online process ends, go to step S516 to process the AAA offline information;
  • Step S510 If the query of the user information in the distributed cache fails, the service processing module continues to query the policy management module for the user information.
  • Step S512 the policy management module sends an AAA information back-check message to the Uc interface module.
  • Step S514 the Uc interface module performs format conversion on the message and forwards the message to the system, and then proceeds to step 1 to continue processing the AAA information delivered by the system after the query;
  • step S5166 the AAA offline message is sent to the Uc interface module of the DPI system.
  • Step S518, the Uc interface module receives the message, and converts the internal message into a DPI system and forwards the message to the policy management module.
  • Step S520 After the policy management module queries and obtains the user information in the distributed cache, the user information in the distributed cache is deleted.
  • step S522 the policy management module notifies the user of the service processing module that has queried the offline user information to go offline.
  • FIG. 6 is a flowchart of cooperation between a DPI system policy and a configuration information processing module according to an embodiment of the present invention. As shown in FIG. 6, the method includes the following steps:
  • Step S602 the service processing module starts initialization, and reads the policy and configuration information delivered by the integrated system into the distributed cache.
  • Step S604 the statistics aggregation module starts initialization, and reads the policy and configuration information delivered by the system in the distributed cache.
  • step S606 the system provides the policy and configuration information to the Uc interface module of the DPI system.
  • Step S608 the Uc interface module receives the message, and converts it into a DPI system internal message format and forwards it to the policy management module.
  • Step S610 the Uc interface module returns a response message to the score system
  • Step S612 the policy management module parses the policy information and the configuration information, and stores the information in the distributed cache.
  • Step S614 if the delivered policy and configuration information are required by the service module, notify all service processors to update the corresponding policy and configuration information;
  • Step S616 the service processing module obtains the updated policy and configuration information in the distributed cache, and detects and controls the service data according to the updated policy and configuration information.
  • Step S618 If the delivered policy and configuration information are required by the statistics aggregation module, notify the statistics aggregation module to update the corresponding policy and configuration information.
  • Step S620 The statistic aggregation module obtains the updated policy and configuration information from the distributed cache, and performs statistical analysis on the service CDR data according to the updated policy and configuration information.
  • FIG. 7 is a flowchart of cooperation between statistical data reporting modules of a DPI system according to an embodiment of the present invention. As shown in FIG. 7, the method includes the following steps:
  • Step S702 the service bill record generated by the service processing module is stored in a statistical database
  • Step S704 pre-stating the service data according to different time granularities and classifications in the statistical database
  • Step S706 The statistic aggregation module collects statistical data from the statistical database according to the current statistical reporting policy.
  • Step S708 the statistical aggregation module sends the statistical data to the Ud interface module.
  • step S710 the Ud interface module performs format conversion on the statistical data and reports it to the integrated system.
  • the present invention makes it easy to share data between DPI devices by implementing a unified interface between the integrated system and the DPI system defined in the telecommunication specification, and is convenient for establishing a unified data mining and analyzing system;
  • a distributed cache module is introduced, which solves the problem that AAA information and service data cannot be distributed to the same service processor, and improves the performance and reliability of AAA information and policy information storage and use.
  • modules or steps of the present invention described above can be implemented by a general-purpose computing device that can be centralized on a single computing device or distributed across a network of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device such that they may be stored in the storage device by the computing device and, in some cases, may be different from the order herein.
  • the steps shown or described are performed, or they are separately fabricated into individual integrated circuit modules, or a plurality of modules or steps thereof are fabricated as a single integrated circuit module.
  • the invention is not limited to any specific combination of hardware and software.
  • the technical solution provided by the embodiment of the present invention can be applied to the deep packet inspection process, and the DPI device is used to receive the authentication and authorization charging AAA information and policy information from different system, wherein the policy information is used to indicate the detection of the service data.

Abstract

Disclosed are a method and an apparatus for implementing deep packet inspection. The method comprises: use a DPI device to receive authentication, authorization and accounting (AAA) information and policy information from different comprehensive analysis systems, wherein the policy information is used for indicating a policy adopted to inspect service data and/or a policy adopted to implement statistical analysis on service data and report the service data to the comprehensive analysis system; the DPI device buffers the AAA information and the policy information; and the DPI device inspects the service data according to the buffered AAA information and policy information. Therefore, the problem of difficulty in implementing information sharing between DPI system devices and comprehensive analysis systems of different manufacturers is solved, so data is easily shared between the DPI devices, a unified data mining and analysis system is convenient to establish, and the storage and use performance and reliability of the AAA information and policy information are improved.

Description

深度包检测的实现方法及装置Method and device for implementing deep packet inspection 技术领域Technical field
本发明涉及通信领域,具体而言,涉及一种深度包检测的实现方法及装置。The present invention relates to the field of communications, and in particular, to a method and an apparatus for implementing deep packet inspection.
背景技术Background technique
深度包检测(Deep Packet Inspection,简称为DPI)是一种基于数据包的应用层流量检测和控制技术,针对数据包的不同层信息(如IP地址、应用层端口、应用层协议、净荷内容等)进行深度检测和分析,从而得到整个数据流或数据包的应用层信息,然后按照系统定义的策略对流量进行统计分析和控制。Deep Packet Inspection (DPI) is a packet-based application layer traffic detection and control technology for different layers of data packets (such as IP address, application layer port, application layer protocol, payload content). Then, perform deep detection and analysis to obtain application layer information of the entire data stream or data packet, and then statistically analyze and control the traffic according to a system-defined strategy.
中国电信现网部署的DPI设备,均采用各厂家私有的协议与其自身的综分系统和应用平台(简称综分系统)进行交互,导致不同省间的信息难以共享,而同一省份内若部署多DPI厂家的设备,则需要建设独立的综分系统和策略控制系统,不同厂家的数据也不易实现共享。The DPI equipment deployed on the existing network of China Telecom uses the proprietary protocols of each manufacturer to interact with its own integrated system and application platform (referred to as the integrated system), which makes it difficult to share information between different provinces, and more deployments in the same province. DPI manufacturers' equipment needs to build independent sub-systems and strategic control systems, and data from different manufacturers is not easy to share.
基于此,中国电信定义了DPI设备与综分系统的接口规范,以规范DPI设备的分析上报数据和统一其与综分系统间的信息交互接口,实现统一的全省乃至全国的数据挖掘分析系统。Based on this, China Telecom defines the interface specification of DPI equipment and the comprehensive system, to standardize the analysis and reporting data of DPI equipment and unify the information interaction interface between it and the integrated system, to realize a unified data mining analysis system of the whole province and even the whole country. .
综上所述,可知现有DPI系统实现方法存在上述缺陷,因此有必要按照电信规范提供一种新的DPI系统实现方法,来解决此问题。In summary, it can be seen that the existing DPI system implementation method has the above drawbacks, so it is necessary to provide a new DPI system implementation method according to the telecommunication specification to solve this problem.
针对相关技术中,不同厂家的DPI系统设备与综分系统之间难以实现信息共享的问题,还未提出有效的解决方案。In view of the related art, it is difficult to realize information sharing between DPI system equipment and the subdivision system of different manufacturers, and an effective solution has not been proposed.
发明内容Summary of the invention
本发明实施例提供了一种深度包检测的实现方法及装置,以至少解决现有技术不同厂家的DPI系统设备与综分系统之间难以实现信息共享的问题。The embodiment of the invention provides a method and a device for implementing deep packet inspection, so as to at least solve the problem that it is difficult to realize information sharing between DPI system devices and the subdivision system of different manufacturers in the prior art.
根据本发明的一个实施例,提供了一种深度包检测的实现方法包括:DPI设备接收来自不同综分系统的认证授权计费(Authentication、Authorization、Accounting,简称为AAA)信息和策略信息,其中,所述策略信息为用于指示对业务数据进行检测所采用的策略和/或对所述业务数据进行统计分析并上报所述综分系统所采用的策略;所 述DPI设备缓存所述AAA信息和所述策略信息;所述DPI设备根据缓存的所述AAA信息和所述策略信息对所述业务数据进行检测。According to an embodiment of the present invention, a method for implementing deep packet inspection includes: the DPI device receives authentication and authorization (Acceptance, Accounting, AAA for short) information and policy information from different subdivision systems, where The policy information is a policy used to indicate the detection of the service data and/or a statistical analysis of the service data and reporting the strategy adopted by the comprehensive system; The DPI device caches the AAA information and the policy information; the DPI device detects the service data according to the cached AAA information and the policy information.
在本发明实施例中,DPI设备接收来自不同综分系统的认证授权计费AAA信息和策略信息包括:所述DPI设备通过设置在所述DPI设备的Uc接口接收所述AAA信息和所述策略信息。In the embodiment of the present invention, the DPI device receives the authentication and authorization charging AAA information and the policy information from the different computing system, and the DPI device receives the AAA information and the policy by using a Uc interface disposed on the DPI device. information.
在本发明实施例中,所述DPI设备缓存所述AAA信息和所述策略信息,包括:所述DPI设备获取对所述AAA信息进行复制后得到的AAA信息副本,以及对所述策略信息进行复制后得到的策略信息副本;所述DPI设备对所述AAA信息和所述AAA信息副本进行分布式缓存,以及对所述策略信息和所述策略信息副本进行分布式缓存。In the embodiment of the present invention, the DPI device caches the AAA information and the policy information, and the DPI device obtains a copy of the AAA information obtained by copying the AAA information, and performs the policy information. a copy of the policy information obtained after the copying; the DPI device performs distributed caching on the AAA information and the copy of the AAA information, and performs distributed caching on the policy information and the copy of the policy information.
在本发明实施例中,所述DPI设备根据缓存的所述AAA信息和所述策略信息对业务数据进行检测之后,还包括:所述DPI设备生成所述业务数据的业务话单;所述DPI设备根据所述策略信息对所述业务话单进行统计,得到统计数据;所述DPI设备将所述业务数据上报至所述综分系统。In the embodiment of the present invention, after the DPI device detects the service data according to the cached AAA information and the policy information, the method further includes: the DPI device generates a service CDR of the service data; The device performs statistics on the service CDRs according to the policy information, and obtains statistics data. The DPI device reports the service data to the multiplexed system.
在本发明实施例中,所述DPI设备将所述业务数据上报至所述综分系统,包括:所述DPI设备通过设置在所述DPI设备上的Ud接口将所述统计数据上报给所述综分系统。In the embodiment of the present invention, the DPI device reports the service data to the system, and the DPI device reports the statistics to the UD interface on the DPI device. Subdivision system.
根据本发明的另一个实施例,提供了一种深度包检测的实现装置,所述装置应用于DPI设备包括:接收模块,设置为接收来自不同综分系统的认证授权计费AAA信息和策略信息,其中,所述策略信息为用于指示对业务数据进行检测所采用的策略和/或对所述业务数据进行统计分析并上报所述综分系统所采用的策略;缓存模块,设置为缓存所述AAA信息和所述策略信息;检测模块,设置为根据缓存的所述AAA信息和所述策略信息对业务数据进行检测。According to another embodiment of the present invention, there is provided an apparatus for implementing deep packet inspection, the apparatus being applied to a DPI device, comprising: a receiving module, configured to receive authentication and authorization charging AAA information and policy information from different subdivision systems The policy information is a policy used to indicate the detection of the service data and/or a statistical analysis of the service data and reporting the policy adopted by the system; the cache module is set as a cache Determining the AAA information and the policy information; the detecting module is configured to detect the service data according to the cached AAA information and the policy information.
在本发明实施例中,所述接收模块还设置为通过设置在所述DPI设备的Uc接口接收所述AAA信息和所述策略信息。In the embodiment of the present invention, the receiving module is further configured to receive the AAA information and the policy information by using a Uc interface that is disposed on the DPI device.
在本发明实施例中,所述缓存模块还设置为获取对所述AAA信息进行复制后得到的AAA信息副本,以及对所述策略信息进行复制后得到的策略信息副本;对所述AAA信息和所述AAA信息副本进行分布式缓存,以及对所述策略信息和所述策略信息副本进行分布式缓存。 In the embodiment of the present invention, the cache module is further configured to obtain a copy of the AAA information obtained by copying the AAA information, and a copy of the policy information obtained by copying the policy information; and the AAA information and The AAA information copy is distributedly cached, and the policy information and the copy of the policy information are distributed and cached.
在本发明实施例中,所述装置还包括:生成模块,设置为生成所述业务数据的业务话单;统计模块,设置为根据所述策略信息对所述业务话单进行统计,得到统计数据;上报模块,设置为将所述业务数据上报至所述综分系统。In the embodiment of the present invention, the device further includes: a generating module, configured to generate a service CDR of the service data; and a statistic module, configured to perform statistics on the service CDR according to the policy information, and obtain statistics The reporting module is configured to report the service data to the comprehensive system.
在本发明实施例中,所述上报模块还设置为通过设置在所述DPI设备上的Ud接口将所述统计数据上报给所述综分系统。In the embodiment of the present invention, the reporting module is further configured to report the statistical data to the comprehensive counting system through a Ud interface disposed on the DPI device.
通过本发明实施例,采用DPI设备接收来自不同综分系统的认证授权计费AAA信息和策略信息,其中,策略信息为用于指示对业务数据进行检测所采用的策略和/或对业务数据进行统计分析并上报综分系统所采用的策略;DPI设备缓存AAA信息和策略信息;DPI设备根据缓存的AAA信息和策略信息对业务数据进行检测,解决了不同厂家的DPI系统设备与综分系统之间难以实现信息共享的问题,进而达到了DPI设备之间的数据易于共享,便于建立统一的数据挖掘分析系统的效果,同时提高了AAA信息、策略信息存储和使用的性能和可靠性。According to the embodiment of the present invention, the DPI device is used to receive the authentication and authorization charging AAA information and policy information from different system, wherein the policy information is used to indicate the policy used for detecting the service data and/or the service data is performed. Statistical analysis and reporting of the strategy adopted by the system; the DPI device caches AAA information and policy information; the DPI device detects the service data based on the cached AAA information and policy information, and solves the DPI system equipment and the integrated system of different manufacturers. It is difficult to realize the problem of information sharing, and thus the data sharing between DPI devices is easy to be shared, and the effect of establishing a unified data mining analysis system is improved, and the performance and reliability of AAA information and policy information storage and use are improved.
附图说明DRAWINGS
此处所说明的附图用来提供对本发明的进一步理解,构成本申请的一部分,本发明的示意性实施例及其说明用于解释本发明,并不构成对本发明的不当限定。在附图中:The drawings described herein are intended to provide a further understanding of the invention, and are intended to be a part of the invention. In the drawing:
图1是根据本发明实施例的深度包检测的实现方法的流程图;1 is a flowchart of a method for implementing deep packet inspection according to an embodiment of the present invention;
图2是根据本发明实施例的深度包检测的实现装置的结构框图;2 is a structural block diagram of an apparatus for implementing deep packet inspection according to an embodiment of the present invention;
图3是根据本发明实施例的深度包检测的实现装置的结构框图一;3 is a structural block diagram 1 of an apparatus for implementing deep packet inspection according to an embodiment of the present invention;
图4是根据本发明实施例的DPI系统功能模块框架图;4 is a block diagram of a functional module of a DPI system according to an embodiment of the present invention;
图5是根据本发明实施例的DPI系统AAA信息处理模块间协作流程图;FIG. 5 is a flowchart of cooperation between AAA information processing modules of a DPI system according to an embodiment of the present invention; FIG.
图6是根据本发明实施例的DPI系统策略、配置信息处理模块间协作流程图;6 is a flowchart of cooperation between a DPI system policy and a configuration information processing module according to an embodiment of the present invention;
图7是根据本发明实施例的DPI系统统计数据上报模块间协作流程图。FIG. 7 is a flowchart of cooperation between statistical data reporting modules of a DPI system according to an embodiment of the present invention.
具体实施方式detailed description
下文中将参考附图并结合实施例来详细说明本发明。需要说明的是,在不冲突的情况下,本申请中的实施例及实施例中的特征可以相互组合。 The invention will be described in detail below with reference to the drawings in conjunction with the embodiments. It should be noted that the embodiments in the present application and the features in the embodiments may be combined with each other without conflict.
在本实施例中提供了一种深度包检测的实现方法,图1是根据本发明实施例的深度包检测的实现方法的流程图,如图1所示,该流程包括如下步骤:In this embodiment, a method for implementing deep packet inspection is provided. FIG. 1 is a flowchart of a method for implementing deep packet inspection according to an embodiment of the present invention. As shown in FIG. 1, the process includes the following steps:
步骤S102,DPI设备接收来自不同综分系统的认证授权计费AAA信息和策略信息,其中,策略信息为用于指示对业务数据进行检测所采用的策略和/或对业务数据进行统计分析并上报所述综分系统所采用的策略;In step S102, the DPI device receives the authentication and authorization charging AAA information and the policy information from the different system, wherein the policy information is used to indicate the policy used for detecting the service data and/or statistically analyze and report the service data. The strategy adopted by the comprehensive system;
步骤S104,DPI设备缓存AAA信息和策略信息;Step S104, the DPI device caches AAA information and policy information.
步骤S106,DPI设备根据缓存的AAA信息和策略信息对业务数据进行检测。Step S106: The DPI device detects the service data according to the cached AAA information and the policy information.
通过上述步骤,DPI设备对接收到的来自不同综分系统的AAA信息和策略信息进行缓存,并根据缓存的AAA信息和策略信息对业务数据进行检测,相对于现有技术中不同厂家的DPI系统设备与综分系统之间难以实现信息共享,实现了DPI设备之间的数据易于共享,便于建立统一的数据挖掘分析系统的效果,同时,提高了AAA信息、策略信息存储和使用的性能和可靠性。Through the above steps, the DPI device caches the received AAA information and policy information from different subdivision systems, and detects the service data according to the cached AAA information and policy information, compared to the DPI system of different manufacturers in the prior art. It is difficult to realize information sharing between the device and the integrated system, which makes it easy to share data between DPI devices, facilitates the establishment of a unified data mining and analysis system, and improves the performance and reliability of AAA information and policy information storage and use. Sex.
上述步骤S102中涉及到DPI设备接收来自不同综分系统的AAA信息和策略信息,需要说明的是DPI设备可以通过多种方式接收上述信息,在一个优选实施例中,DPI设备通过设置在该DPI设备的Uc接口接收AAA信息和策略信息。In the above step S102, the DPI device receives the AAA information and the policy information from the different system, and it should be noted that the DPI device can receive the information in multiple manners. In a preferred embodiment, the DPI device is set in the DPI. The Uc interface of the device receives AAA information and policy information.
上述步骤S104中涉及到DPI设备缓存AAA信息和策略信息,同样地,DPI设备缓存上述信息也可以通过多种方式来实现,在一个优选实施例中,DPI设备获取对AAA信息进行复制后得到的AAA信息副本,以及对策略信息进行复制后得到的策略信息副本,然后DPI设备对AAA信息和AAA信息副本进行分布式缓存,以及对策略信息和策略信息副本进行分布式缓存,从而通过DPI系统中引入了分布式缓存存储AAA信息和策略信息,解决了AAA信息与业务数据无法分发到同一台业务处理机进行数据关联的问题,同时由于分布式缓存提供了分布式、多副本的内存存储,策略信息和AAA信息的存储和使用具有更高的性能和更高的可靠性。In the above step S104, the DPI device caches the AAA information and the policy information. Similarly, the DPI device caches the information in multiple manners. In a preferred embodiment, the DPI device obtains the AAA information. A copy of the AAA information, and a copy of the policy information obtained by copying the policy information, and then the DPI device performs distributed caching on the AAA information and the AAA information copy, and distributedly caches the copy of the policy information and the policy information, thereby passing through the DPI system. The distributed cache is used to store AAA information and policy information, which solves the problem that AAA information and service data cannot be distributed to the same service processor for data association. At the same time, distributed cache provides distributed, multi-copy memory storage, and strategy. The storage and use of information and AAA information has higher performance and higher reliability.
在一个优选实施例中,DPI设备根据缓存的AAA信息和策略信息对业务数据进行检测之后,DPI设备生成业务数据的业务话单,DPI设备根据该策略信息对该业务话单进行统计,得到统计数据,DPI设备将业务数据上报至综分系统,从而实现了DPI设备与综分系统之间的信息交互。In a preferred embodiment, after the DPI device detects the service data according to the cached AAA information and the policy information, the DPI device generates a service CDR of the service data, and the DPI device performs statistics on the service CDR according to the policy information, and obtains statistics. Data, the DPI device reports the business data to the integrated system, thereby realizing the information interaction between the DPI device and the integrated system.
DPI设备将业务数据上报至综分系统也可以有多种方式,在一个优选实施例中,DPI设备通过设置在该DPI设备上的Ud接口将统计数据上报给综分系统。 The DPI device can also report the service data to the integrated system in a plurality of manners. In a preferred embodiment, the DPI device reports the statistical data to the integrated system through the Ud interface disposed on the DPI device.
在本实施例中还提供了一种深度包检测的实现装置,该装置用于实现上述实施例及优选实施方式,已经进行过说明的不再赘述。如以下所使用的,术语“模块”可以实现预定功能的软件和/或硬件的组合。尽管以下实施例所描述的装置较佳地以软件来实现,但是硬件,或者软件和硬件的组合的实现也是可能并被构想的。In the embodiment, a device for implementing the deep packet detection is further provided, and the device is used to implement the foregoing embodiments and the preferred embodiments, and details are not described herein. As used below, the term "module" may implement a combination of software and/or hardware of a predetermined function. Although the apparatus described in the following embodiments is preferably implemented in software, hardware, or a combination of software and hardware, is also possible and contemplated.
图2是根据本发明实施例的深度包检测的实现装置的结构框图,该装置应用于DPI设备,如图2所示,该包括:接收模块22,设置为接收来自不同综分系统的认证授权计费AAA信息和策略信息,其中,策略信息为用于指示对业务数据进行检测所采用的策略和/或对所述业务数据进行统计分析并上报所述综分系统所采用的策略;缓存模块24,设置为缓存AAA信息和策略信息;检测模块26,设置为根据缓存的AAA信息和策略信息对业务数据进行检测。2 is a structural block diagram of an apparatus for implementing deep packet inspection according to an embodiment of the present invention. The apparatus is applied to a DPI device. As shown in FIG. 2, the method includes: a receiving module 22 configured to receive authentication and authorization from different subdivision systems. Accounting AAA information and policy information, wherein the policy information is a policy used to indicate the detection of the service data and/or a statistical analysis of the service data and reporting the policy adopted by the system; the cache module 24, configured to cache AAA information and policy information; the detecting module 26 is configured to detect the service data according to the cached AAA information and the policy information.
在本发明实施例中,接收模块22还设置为通过设置在DPI设备的Uc接口接收AAA信息和策略信息。In the embodiment of the present invention, the receiving module 22 is further configured to receive AAA information and policy information through a Uc interface disposed on the DPI device.
在本发明实施例中,缓存模块24还设置为获取对AAA信息进行复制后得到的AAA信息副本,以及对策略信息进行复制后得到的策略信息副本;对AAA信息和AAA信息副本进行分布式缓存,以及对策略信息和策略信息副本进行分布式缓存。In the embodiment of the present invention, the cache module 24 is further configured to obtain a copy of the AAA information obtained by copying the AAA information, and a copy of the policy information obtained by copying the policy information; and distributedly buffering the AAA information and the AAA information copy. And distributed caching of copies of policy information and policy information.
图3是根据本发明实施例的深度包检测的实现装置的结构框图一,如图3所示,该装置还包括:生成模块28,设置为生成业务数据的业务话单;统计模块30,设置为根据策略信息对业务话单进行统计,得到统计数据;上报模块32,设置为将业务数据上报至综分系统。3 is a block diagram of a structure of an apparatus for implementing deep packet inspection according to an embodiment of the present invention. As shown in FIG. 3, the apparatus further includes: a generating module 28, configured to generate a service bill for service data; and a statistics module 30, setting The statistics are obtained by collecting statistics on the business bills according to the policy information, and the reporting module 32 is configured to report the service data to the integrated system.
在本发明实施例中,上报模块32还设置为通过设置在该DPI设备上的Ud接口将统计数据上报给综分系统。In the embodiment of the present invention, the reporting module 32 is further configured to report the statistical data to the integrated system through the Ud interface disposed on the DPI device.
针对相关技术中所存在的上述问题,下面结合优选实施例进行说明,本优选实施例结合了上述实施例及其优选实施方式。The above-described problems in the related art will be described below in conjunction with the preferred embodiments, which combine the above-described embodiments and preferred embodiments thereof.
本优选实施例所要解决的技术问题是:克服认证、授权和计费(Authentication Authorization Accounting,简称为AAA)信息通过综分系统下发与业务数据不能分发到同一台业务处理机的问题,以及策略信息高性能、高可靠的存储和使用问题,提供一种支持电信规范的DPI系统实现方法。The technical problem to be solved by the preferred embodiment is to overcome the problem that the authentication, authorization, and accounting (AAA) information is delivered through the system and the service data cannot be distributed to the same service processor, and the policy. Information high performance, highly reliable storage and usage issues, providing a DPI system implementation that supports telecom specifications.
本优选实施例中的DPI系统的实现方法包括以下模块:The implementation method of the DPI system in the preferred embodiment includes the following modules:
业务处理模块,对业务数据按照策略信息进行检测和控制,生成业务话单; The service processing module detects and controls the service data according to the policy information, and generates a service bill;
策略管理模块,管理维护用户AAA信息和策略信息;a policy management module that manages and maintains user AAA information and policy information;
统计数据库,存储业务话单记录,分析、统计业务检测数据;A statistical database that stores business bill records, analyzes, and statistically detects business data;
Uc接口模块,DPI系统与综分系统之间AAA信息、策略信息以及配置信息的传输适配接口,负责数据的收发和格式转换;Uc interface module, AAA information, policy information and configuration information transmission interface between the DPI system and the integrated system, responsible for data transmission and reception and format conversion;
Ud接口模块,DPI系统向综分系统上报统计数据的传输适配接口,负责数据的收发和格式转换;The Ud interface module, the DPI system reports the transmission adaptation interface of the statistical data to the comprehensive system, and is responsible for data transmission and reception and format conversion;
统计汇聚模块,根据统计上报策略,动态维护统计任务,向综分系统上报统计数据;The statistics aggregation module dynamically maintains statistical tasks according to the statistical reporting policy and reports statistical data to the comprehensive system.
分布式缓存模块,分布式、多副本的方式存储用户AAA信息和策略信息在内存中。The distributed cache module stores distributed user AAA information and policy information in memory in a distributed, multi-copy manner.
图4是根据本发明实施例的DPI系统功能模块框架图,如图4所示,业务处理模块与策略管理模块、分布式缓存模块、统计数据库连接;策略管理模块与业务处理模块、统计汇聚模块、Uc接口模块、分布式缓存模块连接;统计汇聚模块与策略管理模块、Ud接口模块、分布式缓存模块、统计数据库连接。4 is a functional block diagram of a DPI system according to an embodiment of the present invention. As shown in FIG. 4, a service processing module is connected with a policy management module, a distributed cache module, and a statistical database; a policy management module, a service processing module, and a statistical aggregation module. , Uc interface module, distributed cache module connection; statistical aggregation module and policy management module, Ud interface module, distributed cache module, statistical database connection.
本优选实施例的DPI系统的实现方法包括以下步骤:步骤1,通过Uc接口接收并解析维护用户的AAA信息;步骤2,通过Uc接口接收并解析维护策略和配置信息;步骤3,根据管理策略信息对业务数据检测、控制,并生成业务话单;步骤4,业务话单记录保存到统计数据库,并且对业务数据进行预统计,根据统计上报策略动态获取统计数据,并且通过Ud接口上报给综分系统。The implementation method of the DPI system of the preferred embodiment includes the following steps: Step 1: Receive and parse the AAA information of the maintenance user through the Uc interface; Step 2, receive and parse the maintenance policy and configuration information through the Uc interface; Step 3, according to the management policy The information is detected and controlled by the service data, and the service CDR is generated. In step 4, the service CDR record is saved to the statistic database, and the service data is pre-stated, and the statistic data is dynamically obtained according to the statistical report policy, and reported to the ensemble through the Ud interface. Sub-system.
与现有技术相比较,本优选实施例在DPI系统中引入了分布式缓存存储AAA信息和策略信息,解决了AAA信息与业务数据无法分发到同一台业务处理机进行数据关联的问题,同时由于分布式缓存提供了分布式、多副本的内存存储,策略信息和AAA信息的存储和使用具有更高的性能和更高的可靠性,提供了一种基于电信规范统一接口的DPI系统实现方法,使得不同厂家、不同省份的数据能够更加方便共享,易于实现统一的全省乃至全国的数据挖掘分析系统。Compared with the prior art, the preferred embodiment introduces a distributed cache to store AAA information and policy information in the DPI system, and solves the problem that the AAA information and the service data cannot be distributed to the same service processor for data association, and Distributed cache provides distributed, multi-copy memory storage. The storage and use of policy information and AAA information has higher performance and higher reliability. It provides a DPI system implementation method based on the unified interface of telecom specifications. It makes the data of different manufacturers and different provinces more convenient to share, and it is easy to realize a unified data mining and analysis system of the whole province and even the whole country.
为使本优选实施例的目的、技术方案和优点更加清楚,以下结合附图及具体实施例,对本优选实施例作进一步地详细说明。 The preferred embodiments of the present invention will be further described in detail below with reference to the drawings and specific embodiments.
图5是根据本发明实施例的DPI系统AAA信息处理模块间协作流程图,如图5所示,该方法包括以下步骤:FIG. 5 is a flowchart of cooperation between AAA information processing modules of a DPI system according to an embodiment of the present invention. As shown in FIG. 5, the method includes the following steps:
步骤S502,综分系统下发AAA上线信息给DPI系统的Uc接口模块;In step S502, the AAA online information is sent to the Uc interface module of the DPI system.
步骤S504,Uc接口模块接收消息,并且转换为DPI系统内部消息格式转发给策略管理模块;Step S504, the Uc interface module receives the message, and converts to the internal message format of the DPI system and forwards the message to the policy management module.
步骤S506,策略管理模块解析AAA信息获取用户信息,并且将用户信息存储到分布式缓存中;Step S506, the policy management module parses the AAA information to obtain user information, and stores the user information in the distributed cache.
步骤S508,业务处理模块收到业务数据包且本地没有对应的用户信息,到分布式缓存中查询获取对应的用户信息,若用户信息查询成功,更新分布式缓存中用户信息的查询模块信息,AAA上线流程结束,转到步骤S516处理AAA下线信息;Step S508, the service processing module receives the service data packet and does not have corresponding user information locally, and queries the distributed cache to obtain the corresponding user information. If the user information is successfully queried, the query module information of the user information in the distributed cache is updated, AAA. After the online process ends, go to step S516 to process the AAA offline information;
步骤S510,若分布式缓存中查询用户信息失败,业务处理模块继续向策略管理模块查询用户信息;Step S510: If the query of the user information in the distributed cache fails, the service processing module continues to query the policy management module for the user information.
步骤S512,策略管理模块发送AAA信息反查消息给Uc接口模块;Step S512, the policy management module sends an AAA information back-check message to the Uc interface module.
步骤S514,Uc接口模块对消息进行格式转换后转发给综分系统,然后转到步骤1继续处理查询后综分系统下发的AAA信息;Step S514, the Uc interface module performs format conversion on the message and forwards the message to the system, and then proceeds to step 1 to continue processing the AAA information delivered by the system after the query;
步骤S516,综分系统下发AAA下线消息给DPI系统的Uc接口模块;In step S516, the AAA offline message is sent to the Uc interface module of the DPI system.
步骤S518,Uc接口模块接收消息,并且转换为DPI系统内部消息转发给策略管理模块;Step S518, the Uc interface module receives the message, and converts the internal message into a DPI system and forwards the message to the policy management module.
步骤S520,策略管理模块查询获取分布式缓存中的用户信息后,删除分布式缓存中的用户信息;Step S520: After the policy management module queries and obtains the user information in the distributed cache, the user information in the distributed cache is deleted.
步骤S522,策略管理模块通知查询过该下线用户信息的业务处理模块用户下线。In step S522, the policy management module notifies the user of the service processing module that has queried the offline user information to go offline.
图6是根据本发明实施例的DPI系统策略、配置信息处理模块间协作流程图,如图6所示,该方法包括以下步骤:FIG. 6 is a flowchart of cooperation between a DPI system policy and a configuration information processing module according to an embodiment of the present invention. As shown in FIG. 6, the method includes the following steps:
步骤S602,业务处理模块启动初始化,到分布式缓存中读取综分系统下发的策略和配置信息; Step S602, the service processing module starts initialization, and reads the policy and configuration information delivered by the integrated system into the distributed cache.
步骤S604,统计汇聚模块启动初始化,到分布式缓存中读取综分系统下发的策略和配置信息;Step S604, the statistics aggregation module starts initialization, and reads the policy and configuration information delivered by the system in the distributed cache.
步骤S606,综分系统向DPI系统的Uc接口模块下发策略、配置信息;In step S606, the system provides the policy and configuration information to the Uc interface module of the DPI system.
步骤S608,Uc接口模块接收消息,并且转换为DPI系统内部消息格式转发给策略管理模块;Step S608, the Uc interface module receives the message, and converts it into a DPI system internal message format and forwards it to the policy management module.
步骤S610,Uc接口模块返回响应消息给综分系统;Step S610, the Uc interface module returns a response message to the score system;
步骤S612,策略管理模块对策略信息和配置信息解析后存储到分布式缓存;Step S612, the policy management module parses the policy information and the configuration information, and stores the information in the distributed cache.
步骤S614,若下发的策略和配置信息是业务模块需要的,通知所有的业务处理机更新相应的策略和配置信息;Step S614, if the delivered policy and configuration information are required by the service module, notify all service processors to update the corresponding policy and configuration information;
步骤S616,业务处理模块到分布式缓存中获取更新的策略和配置信息,并且按照更新的策略和配置信息对业务数据进行检测和控制;Step S616, the service processing module obtains the updated policy and configuration information in the distributed cache, and detects and controls the service data according to the updated policy and configuration information.
步骤S618,若下发的策略和配置信息是统计汇聚模块需要的,通知统计汇聚模块更新相应的策略和配置信息;Step S618: If the delivered policy and configuration information are required by the statistics aggregation module, notify the statistics aggregation module to update the corresponding policy and configuration information.
步骤S620,统计汇聚模块到分布式缓存中获取更新的策略和配置信息,并且按照更新的策略和配置信息对业务话单数据进行统计分析。Step S620: The statistic aggregation module obtains the updated policy and configuration information from the distributed cache, and performs statistical analysis on the service CDR data according to the updated policy and configuration information.
图7是根据本发明实施例的DPI系统统计数据上报模块间协作流程图,如图7所示,该方法包括以下步骤:FIG. 7 is a flowchart of cooperation between statistical data reporting modules of a DPI system according to an embodiment of the present invention. As shown in FIG. 7, the method includes the following steps:
步骤S702,业务处理模块产生的业务话单记录存储到统计数据库;Step S702, the service bill record generated by the service processing module is stored in a statistical database;
步骤S704,统计数据库中按照不同的时间粒度和分类对业务数据进行预统计;Step S704, pre-stating the service data according to different time granularities and classifications in the statistical database;
步骤S706,统计汇聚模块根据当前的统计上报策略,从统计数据库统计、获取上报的统计数据;Step S706: The statistic aggregation module collects statistical data from the statistical database according to the current statistical reporting policy.
步骤S708,统计汇聚模块将统计数据发送到Ud接口模块;Step S708, the statistical aggregation module sends the statistical data to the Ud interface module.
步骤S710,Ud接口模块对统计数据进行格式转换,上报给综分系统。In step S710, the Ud interface module performs format conversion on the statistical data and reports it to the integrated system.
综上所示,本发明通过实现电信规范中定义的综分系统和DPI系统之间的统一接口,使得DPI设备之间数据易于共享,便于建立统一的数据挖掘分析系统;在本发明 的DPI系统实现方法中,引入了分布式缓存模块,解决了AAA信息与业务数据不能分发到同一台业务处理机的问题,提高了AAA信息、策略信息存储和使用的性能和可靠性。In summary, the present invention makes it easy to share data between DPI devices by implementing a unified interface between the integrated system and the DPI system defined in the telecommunication specification, and is convenient for establishing a unified data mining and analyzing system; In the DPI system implementation method, a distributed cache module is introduced, which solves the problem that AAA information and service data cannot be distributed to the same service processor, and improves the performance and reliability of AAA information and policy information storage and use.
显然,本领域的技术人员应该明白,上述的本发明的各模块或各步骤可以用通用的计算装置来实现,它们可以集中在单个的计算装置上,或者分布在多个计算装置所组成的网络上,可选地,它们可以用计算装置可执行的程序代码来实现,从而,可以将它们存储在存储装置中由计算装置来执行,并且在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤,或者将它们分别制作成各个集成电路模块,或者将它们中的多个模块或步骤制作成单个集成电路模块来实现。这样,本发明不限制于任何特定的硬件和软件结合。It will be apparent to those skilled in the art that the various modules or steps of the present invention described above can be implemented by a general-purpose computing device that can be centralized on a single computing device or distributed across a network of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device such that they may be stored in the storage device by the computing device and, in some cases, may be different from the order herein. The steps shown or described are performed, or they are separately fabricated into individual integrated circuit modules, or a plurality of modules or steps thereof are fabricated as a single integrated circuit module. Thus, the invention is not limited to any specific combination of hardware and software.
以上所述仅为本发明的优选实施例而已,并不用于限制本发明,对于本领域的技术人员来说,本发明可以有各种更改和变化。凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。The above description is only the preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and scope of the present invention are intended to be included within the scope of the present invention.
工业实用性Industrial applicability
本发明实施例提供的技术方案可以应用于深度包检测过程中,采用DPI设备接收来自不同综分系统的认证授权计费AAA信息和策略信息,其中,策略信息为用于指示对业务数据进行检测所采用的策略和/或对业务数据进行统计分析并上报综分系统所采用的策略;DPI设备缓存AAA信息和策略信息;DPI设备根据缓存的AAA信息和策略信息对业务数据进行检测,解决了不同厂家的DPI系统设备与综分系统之间难以实现信息共享的问题,进而达到了DPI设备之间的数据易于共享,便于建立统一的数据挖掘分析系统的效果,同时提高了AAA信息、策略信息存储和使用的性能和可靠性。 The technical solution provided by the embodiment of the present invention can be applied to the deep packet inspection process, and the DPI device is used to receive the authentication and authorization charging AAA information and policy information from different system, wherein the policy information is used to indicate the detection of the service data. The adopted strategy and/or the statistical analysis of the business data and the reporting of the strategy adopted by the comprehensive system; the DPI device caches the AAA information and the policy information; the DPI device detects the service data according to the cached AAA information and the policy information, and solves the problem. It is difficult to realize information sharing between DPI system equipment and the subdivision system of different manufacturers, so that the data between DPI devices can be easily shared, and the effect of establishing a unified data mining and analysis system is improved, and AAA information and policy information are improved. Performance and reliability of storage and use.

Claims (10)

  1. 一种深度包检测DPI的实现方法,包括:A method for implementing deep packet inspection DPI includes:
    DPI设备接收来自不同综分系统的认证授权计费AAA信息和策略信息,其中,所述策略信息为用于指示对业务数据进行检测所采用的策略和/或对所述业务数据进行统计分析并上报所述综分系统所采用的策略;The DPI device receives the authentication and authorization charging AAA information and the policy information from the different system, wherein the policy information is used to indicate a policy for detecting the service data and/or statistically analyze the service data. Reporting the strategy adopted by the integrated system;
    所述DPI设备缓存所述AAA信息和所述策略信息;The DPI device caches the AAA information and the policy information;
    所述DPI设备根据缓存的所述AAA信息和所述策略信息对所述业务数据进行检测。The DPI device detects the service data according to the cached AAA information and the policy information.
  2. 根据权利要求1所述的方法,其中,所述DPI设备接收来自不同综分系统的认证授权计费AAA信息和策略信息包括:The method according to claim 1, wherein the DPI device receives authentication and authorization charging AAA information and policy information from different subdivision systems, including:
    所述DPI设备通过设置在所述DPI设备的Uc接口接收所述AAA信息和所述策略信息。The DPI device receives the AAA information and the policy information through a Uc interface disposed on the DPI device.
  3. 根据权利要求1所述的方法,其中,所述DPI设备缓存所述AAA信息和所述策略信息,包括:The method of claim 1, wherein the DPI device caches the AAA information and the policy information, including:
    所述DPI设备获取对所述AAA信息进行复制后得到的AAA信息副本,以及对所述策略信息进行复制后得到的策略信息副本;And obtaining, by the DPI device, a copy of the AAA information obtained by copying the AAA information, and copying the policy information obtained by copying the policy information;
    所述DPI设备对所述AAA信息和所述AAA信息副本进行分布式缓存,以及对所述策略信息和所述策略信息副本进行分布式缓存。The DPI device performs distributed caching on the AAA information and the AAA information copy, and performs distributed caching on the policy information and the copy of the policy information.
  4. 根据权利要求1所述的方法,其中,所述DPI设备根据缓存的所述AAA信息和所述策略信息对所述业务数据进行检测之后,还包括:The method of claim 1, wherein the DPI device after detecting the service data according to the cached AAA information and the policy information further includes:
    所述DPI设备生成所述业务数据的业务话单;The DPI device generates a service CDR of the service data;
    所述DPI设备根据所述策略信息对所述业务话单进行统计,得到统计数据;The DPI device performs statistics on the service CDRs according to the policy information to obtain statistical data.
    所述DPI设备将所述业务数据上报至所述综分系统。The DPI device reports the service data to the integrated system.
  5. 根据权利要求1至4中任一项所述的方法,其中,所述DPI设备将所述业务数据上报至所述综分系统,包括:The method according to any one of claims 1 to 4, wherein the DPI device reports the service data to the system, including:
    所述DPI设备通过设置在所述DPI设备上的Ud接口将所述统计数据上报给所述综分系统。 The DPI device reports the statistical data to the integrated system through a Ud interface disposed on the DPI device.
  6. 一种深度包检测DPI的实现装置,该装置应用于DPI设备,所述装置包括:An apparatus for implementing a deep packet inspection DPI, the apparatus being applied to a DPI device, the device comprising:
    接收模块,设置为接收来自不同综分系统的认证授权计费AAA信息和策略信息,其中,所述策略信息为用于指示对业务数据进行检测所采用的策略和/或对所述业务数据进行统计分析并上报所述综分系统所采用的策略;a receiving module, configured to receive authentication and authorization charging AAA information and policy information from different system, wherein the policy information is used to indicate a policy for detecting service data and/or to perform the service data. Statistical analysis and reporting of the strategies adopted by the integrated system;
    缓存模块,设置为缓存所述AAA信息和所述策略信息;a cache module, configured to cache the AAA information and the policy information;
    检测模块,设置为根据缓存的所述AAA信息和所述策略信息对所述业务数据进行检测。The detecting module is configured to detect the service data according to the cached AAA information and the policy information.
  7. 根据权利要求6所述的装置,其中,所述接收模块还设置为通过设置在所述DPI设备的Uc接口接收所述AAA信息和所述策略信息。The apparatus of claim 6, wherein the receiving module is further configured to receive the AAA information and the policy information by a Uc interface disposed at the DPI device.
  8. 根据权利要求6所述的装置,其中,所述缓存模块还设置为获取对所述AAA信息进行复制后得到的AAA信息副本,以及对所述策略信息进行复制后得到的策略信息副本;对所述AAA信息和所述AAA信息副本进行分布式缓存,以及对所述策略信息和所述策略信息副本进行分布式缓存。The device according to claim 6, wherein the cache module is further configured to obtain a copy of the AAA information obtained by copying the AAA information, and copying the policy information obtained by copying the policy information; The AAA information and the copy of the AAA information are distributed and distributed, and the policy information and the copy of the policy information are distributed and cached.
  9. 根据权利要求6所述的装置,其中,所述装置还包括:The apparatus of claim 6 wherein said apparatus further comprises:
    生成模块,设置为生成所述业务数据的业务话单;Generating a module, configured to generate a service CDR of the service data;
    统计模块,设置为根据所述策略信息对所述业务话单进行统计,得到统计数据;The statistic module is configured to perform statistics on the service CDRs according to the policy information to obtain statistical data.
    上报模块,设置为将所述业务数据上报至所述综分系统。The reporting module is configured to report the service data to the comprehensive system.
  10. 根据权利要求6至9中任一项所述的装置,其中,所述上报模块还设置为通过设置在所述DPI设备上的Ud接口将所述统计数据上报给所述综分系统。 The apparatus according to any one of claims 6 to 9, wherein the reporting module is further configured to report the statistical data to the plurality of sub-systems via a Ud interface provided on the DPI device.
PCT/CN2015/077874 2014-09-01 2015-04-29 Method and apparatus for implementing deep packet inspection WO2016033986A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410441378.5 2014-09-01
CN201410441378.5A CN105406977A (en) 2014-09-01 2014-09-01 Depth package detection implementation method and device

Publications (1)

Publication Number Publication Date
WO2016033986A1 true WO2016033986A1 (en) 2016-03-10

Family

ID=55439093

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/077874 WO2016033986A1 (en) 2014-09-01 2015-04-29 Method and apparatus for implementing deep packet inspection

Country Status (2)

Country Link
CN (1) CN105406977A (en)
WO (1) WO2016033986A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020249017A1 (en) * 2019-06-10 2020-12-17 中国移动通信有限公司研究院 Service processing method and device for access network
CN116320088A (en) * 2023-03-03 2023-06-23 武汉麦丰创新网络科技有限公司 Method and device for realizing AAA forwarding

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101212319A (en) * 2006-12-29 2008-07-02 西门子公司 Method and system for flow statistics in mobile communication
CN101488946A (en) * 2008-01-16 2009-07-22 华为技术有限公司 Packet detection method and system
CN101720111A (en) * 2009-02-03 2010-06-02 中兴通讯股份有限公司 Method and device for issuing deep packet inspection technical strategy

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101212319A (en) * 2006-12-29 2008-07-02 西门子公司 Method and system for flow statistics in mobile communication
CN101488946A (en) * 2008-01-16 2009-07-22 华为技术有限公司 Packet detection method and system
CN101720111A (en) * 2009-02-03 2010-06-02 中兴通讯股份有限公司 Method and device for issuing deep packet inspection technical strategy

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020249017A1 (en) * 2019-06-10 2020-12-17 中国移动通信有限公司研究院 Service processing method and device for access network
CN116320088A (en) * 2023-03-03 2023-06-23 武汉麦丰创新网络科技有限公司 Method and device for realizing AAA forwarding
CN116320088B (en) * 2023-03-03 2023-09-15 武汉麦丰创新网络科技有限公司 Method and device for realizing AAA forwarding

Also Published As

Publication number Publication date
CN105406977A (en) 2016-03-16

Similar Documents

Publication Publication Date Title
JP6475306B2 (en) System and method for managing a wireless network
CN104488231B (en) Method, apparatus and system for selectively monitoring flow
US9037710B2 (en) Method and apparatus for correlating end to end measurements through control plane monitoring of wireless traffic
US20160065419A1 (en) Method and apparatus for generating insight into the customer experience of web based applications
CN110659560B (en) Method and system for identifying associated object
US10146682B2 (en) Method and apparatus for improving non-uniform memory access
US8699344B2 (en) Method and apparatus for managing a degree of parallelism of streams
CN113225339B (en) Network security monitoring method and device, computer equipment and storage medium
US11490149B2 (en) Cap-based client-network interaction for improved streaming experience
US9270561B2 (en) Method and apparatus for applying uniform hashing to wireless traffic
US9866456B2 (en) System and method for network health and management
WO2016033986A1 (en) Method and apparatus for implementing deep packet inspection
US8611343B2 (en) Method and apparatus for providing a two-layer architecture for processing wireless traffic
EP4262166A1 (en) Sla performance prediction method and related apparatus, and device
CN115499230A (en) Network attack detection method and device, equipment and storage medium
US20070198218A1 (en) Protocol analyser arrangement, analyser module, and method of managing resources
US10250431B2 (en) System and methods thereof for optimizing communication between a civilian and different dispatchers
WO2018092120A1 (en) A system and method for optimizing communication between civilian and different dispatchers
Brunner Optimizing the Collection and Processing of Wi-Fi Probe Requests
KR101410257B1 (en) Wireless network equiptment and method for managing network by using the equipment
EP2811692B1 (en) Methods and systems for monitoring the quality-of-experience of an application available over a network
CN116112531A (en) Data collection method, device, equipment and medium
WO2011110010A1 (en) Method, apparatus and communication system for transmitting contents
Mal Near Real-Time Push Middleware
JP2013197617A (en) Communication monitoring device, communication monitoring method, and communication monitoring program

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15837809

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15837809

Country of ref document: EP

Kind code of ref document: A1