CN104348749A - Flow control method, flow control device and flow control system - Google Patents
Flow control method, flow control device and flow control system Download PDFInfo
- Publication number
- CN104348749A CN104348749A CN201410361421.7A CN201410361421A CN104348749A CN 104348749 A CN104348749 A CN 104348749A CN 201410361421 A CN201410361421 A CN 201410361421A CN 104348749 A CN104348749 A CN 104348749A
- Authority
- CN
- China
- Prior art keywords
- layer protocol
- application layer
- application
- message
- processing server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 29
- 238000012545 processing Methods 0.000 claims abstract description 98
- 238000006243 chemical reaction Methods 0.000 claims abstract description 17
- 238000005206 flow analysis Methods 0.000 claims abstract description 8
- 238000001914 filtration Methods 0.000 claims abstract description 7
- 238000004458 analytical method Methods 0.000 claims description 34
- 238000012795 verification Methods 0.000 claims description 7
- 238000012544 monitoring process Methods 0.000 claims description 6
- 238000001514 detection method Methods 0.000 claims description 5
- 238000004321 preservation Methods 0.000 claims description 2
- 238000004891 communication Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to the field of broadband internet access, and discloses a flow control method, a flow control device and a flow control system, wherein the method comprises the steps of receiving data message, carrying out protocol conversion, filtering an application layer protocol, copying the message of the application layer protocol, sending the copied message into an application processing server, analyzing and processing, receiving the analyzed and processed result sent by the application processing server, and controlling the network flow according to the analyzed and processed result. After the method, the device and the system are used, the resource consumption of a backend application processing server is reduced, and flow analysis and control efficiency can be improved.
Description
Technical field
The present invention relates to Broadband Network Access field, particularly relate to a kind of flow control methods, Apparatus and system.
Background technology
In recent years along with the development of Internet service, various types of network application constantly occurs, this brings very large impact to the broadband network of telecom operators.Such as: spreading unchecked of P2P application, a large amount of consumption broadband network bandwidth, the growth of bandwidth consumed has far exceeded the growth rate of number of users and income; The operation of unlawful VoIP service, causes fixed network services to run off; User's private connects behavior, causes the users such as black Internet bar to escape a large amount of broadband access expenses.In addition, telecom operators need deep analysis flow, to provide reference data for network operation and O&M, and are instructed by the data on flows provided and carry out new business or optimized network.
In prior art, POS protocol conversion is become Ethernet and completes analyzing and processing by the back-end processing server that IP section is transmitted to multiple stage 1G disposal ability, backend application processing server will analyze each message, provider backbone flow growth rate quickly, the processing pressure of backend application processing server is large, efficiency is not high, roughly need every half a year to carry out a dilatation, for the application based on deep packet analysis (DPI), adopt the processing mode of prior art, the amount of calculation of usual CPU is very large, average every 1G flow just needs the server process of a two XEON, core router often increases an interface board, newly-increased 2 10G interfaces, just need to take at least one rack, 20 application processing servers process, a large amount of consumption server resource, be inconvenient to safeguard, cost is also higher.
Summary of the invention
The invention provides a kind of flow control methods, Apparatus and system, solve the technical problem for the ununified effective analysis and control method such as current P2P application, VoIP application, shared verification.
The object of the invention is to be achieved through the following technical solutions:
A kind of flow control methods, comprising:
Receive data message, and carry out protocol conversion;
Application layer protocol is filtered, to filter out application layer protocol message;
Described application layer protocol message is copied, and be sent to application processing server carry out analyzing and processing;
Receive the analysis processing result that application processing server sends, and according to described analysis processing result, network traffics are controlled.
A kind of volume control device, described device comprises:
Receiver module, for receiving data message, and carries out protocol conversion;
Filtering module, for filtering application layer protocol, to filter out application layer protocol message;
Copy forwarding module, for copying described application layer protocol message, and be sent to application processing server carry out analyzing and processing;
Control module, for receiving the analysis processing result that application processing server sends, and controls network traffics according to described analysis processing result.
A kind of flow control system, described system comprises volume control device and at least one application processing server, wherein,
Described volume control device, for receiving data message, and carries out protocol conversion; Application layer protocol is filtered, to filter out application layer protocol message; Described application layer protocol message is copied, and be sent to application processing server carry out analyzing and processing; Receive the analysis processing result that application processing server sends, and according to described analysis processing result, network traffics are controlled;
Described application processing server, for receiving the application layer protocol message that described volume control device sends; Analyze the feature of described application layer protocol message, and send analysis processing result to described volume control device.
By a kind of flow control methods provided by the invention, Apparatus and system, by receiving data message, and carry out protocol conversion, application layer protocol is filtered, described application layer protocol message is copied, and be sent to application processing server and carry out analyzing and processing, receive the analysis processing result that application processing server sends, and according to described analysis processing result, network traffics to be controlled.Reduce the resource consumption to backend application processing server, improve the efficiency of flow analysis and control.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
The network topology structure schematic diagram that Fig. 1 provides for the embodiment of the present invention;
The flow chart of a kind of flow control methods that Fig. 2 provides for the embodiment of the present invention;
The structural representation of a kind of volume control device that Fig. 3 provides for the embodiment of the present invention;
The structural representation of a kind of flow control system that Fig. 4 provides for the embodiment of the present invention.
Embodiment
For enabling above-mentioned purpose of the present invention, feature and advantage become apparent more, and below in conjunction with the drawings and specific embodiments, the present invention is further detailed explanation.
As shown in Figure 1, for the network topology structure schematic diagram provided in the embodiment of the present invention, wherein, local network is crossed router 110, flow-control equipment 120 and router one 30 and is accessed Internet, application processing server 110 is the Processing Cluster of multiple application server, a kind of flow control methods is introduced in detail below in conjunction with this scene structure figure, as follows:
As shown in Figure 2, be the flow chart of a kind of flow control methods that the embodiment of the present invention provides, comprise:
Step 201, reception data message, and carry out protocol conversion;
Step 202, application layer protocol to be filtered, to filter out application layer protocol message;
Step 203, described application layer protocol message to be copied, and be sent to application processing server and carry out analyzing and processing;
The analysis processing result that step 204, reception application processing server send, and according to described analysis processing result, network traffics are controlled.
Flow-control equipment 120 is except responsible protocol conversion, also be responsible for the feature identifying various application, and add up characteristic message and the bag number and the flow that do not have characteristic message, feature message repeating carries out labor only to application processing server 110 by flow-control equipment 120, analysis result is notified flow-control equipment 120 by application processing server 110, so that flow-control equipment 120 statistics does not have the flow of characteristic stream.In practical application, the ratio accounting for whole message because feature message is actual is little, and application application processing server can be competent at completely.Therefore technical scheme provided by the invention, saved the resources such as equipment, rack, IP address and the network port, and the whole flow of this method process, and ensure that accuracy and speed.
A kind of flow control methods provided by the invention, by receiving data message, and carry out protocol conversion, application layer protocol is filtered, described application layer protocol message is copied, and be sent to application processing server and carry out analyzing and processing, receive the analysis processing result that application processing server sends, and according to described analysis processing result, network traffics to be controlled.Reduce the resource consumption to backend application processing server, improve the efficiency of flow analysis and control.
Wherein, described application processing server carries out analyzing and processing, comprises shared verification detection, flow analysis and control, VOIP Monitoring and Controlling and information pushing.(1) shared verification detects the comprehensive multiple monitoring method assistance telecommunications relevant departments that adopt and detects which user uses same account number shared verification, especially detects black Internet bar, runs off to avoid telecommunications charges.And can the disabled user detected be blocked, warn, the processing mode such as process afterwards; (2) flow analysis and control, such as, can analyze the characteristic also impact of assessment on network of P2P flow, to realize the detection and control ability to P2P agreement.(3) VOIP Monitoring and Controlling can detect the situation using VoIP communication in TCP/IP network automatically; and effectively can block unlawful VoIP communication or reduce VoIP speech quality; to hit illegal operation VoIP call, effectively protect the communication resource of telecom operators.(4) information pushing, when user browses Web, as long as meet the pushing condition of " setting ", inserts (propelling movement) content, as advertisement, questionnaire, service propaganda, expense of urging notify automatically.
Backbone network is transmitted by SDH at present, the data of the upper transmission of SDH are POS (Packet over SDH) form, namely be that IP packet transmits by adopting peer-peer protocol PPP (Point to Point Protocol), need that POS data message is converted to IP packet to analyze, therefore, step 201 specifically can comprise: receive POS data message, and described POS data message is converted to IP datagram literary composition.
In order to the protocol characteristic storehouse of the application layer protocol message that upgrades in time, before described application layer protocol message being copied in step 203, can comprise: by needs identify application layer protocol message feature be updated to protocol characteristic storehouse.
The embodiment of the present invention is in application process, need to control network traffics in conjunction with prefabricated strategy for analysis processing result, therefore, network traffics are controlled according to described analysis processing result in step 204, can comprise: according to described analysis processing result and default flow control policy, network flow is controlled.
The embodiment of the present invention additionally provides a kind of volume control device, and as shown in Figure 3, described device comprises:
Receiver module 310, for receiving data message, and carries out protocol conversion;
Filtering module 320, for filtering application layer protocol, to filter out application layer protocol message;
Copy forwarding module 330, for copying described application layer protocol message, and be sent to application processing server carry out analyzing and processing;
Control module 340, for receiving the analysis processing result that application processing server sends, and controls network traffics according to described analysis processing result.
Wherein, described receiver module 310, comprising:
Receiving element 311, for receiving POS data message;
Conversion unit of protocol 312, is converted to IP datagram literary composition for the described POS data message received by described receiving element.
Described device also comprises:
Protocol characteristic storehouse 350, for copying before forwarding module copies described application layer protocol message described, carries out renewals preservation by needing the feature of the application layer protocol message identified.
The volume control device that the embodiment of the present invention provides will need the flow of explication de texte process to be copied into many parts and be transmitted to different application processing servers to realize corresponding function.In practical application, each module can adopt ASIC, FPGA and CAM to realize, and the disposal ability of these chips is powerful, can greatly promote disposal ability and efficiency.
The embodiment of the present invention further provides a kind of flow control system, and described system comprises volume control device 410 and at least one application processing server 420, wherein,
Described volume control device 410, for receiving data message, and carries out protocol conversion; Application layer protocol is filtered, to filter out application layer protocol message; Described application layer protocol message is copied, and be sent to application processing server carry out analyzing and processing; Receive the analysis processing result that application processing server sends, and according to described analysis processing result, network traffics are controlled;
Described application processing server 420, for receiving the application layer protocol message that described volume control device 410 sends; Analyze the feature of described application layer protocol message, and send analysis processing result to described volume control device.
Wherein, the analyzing and processing function of described application processing server 420, comprising: shared verification detection, flow analysis and control, VOIP Monitoring and Controlling and information pushing.
In practical application, it is hardware-accelerated that front end (volume control device 410) can adopt ASIC, FPGA and CAM to realize, and rear end (application processing server 420) adopts pci bus multi-core CPU disposable plates to accelerate.
Through the above description of the embodiments, those skilled in the art can be well understood to the mode that the present invention can add required hardware platform by software and realize, can certainly all be implemented by hardware, but in a lot of situation, the former is better execution mode.Based on such understanding, what technical scheme of the present invention contributed to background technology can embody with the form of software product in whole or in part, this computer software product can be stored in storage medium, as ROM/RAM, magnetic disc, CD etc., comprising some instructions in order to make a computer equipment (can be personal computer, server, or the network equipment etc.) perform the method described in some part of each embodiment of the present invention or embodiment.
Above to invention has been detailed introduction, applying specific case herein and setting forth principle of the present invention and execution mode, the explanation of above embodiment just understands method of the present invention and core concept thereof for helping; Meanwhile, for one of ordinary skill in the art, according to thought of the present invention, all will change in specific embodiments and applications, in sum, this description should not be construed as limitation of the present invention.
Claims (10)
1. a flow control methods, is characterized in that, comprising:
Receive data message, and carry out protocol conversion;
Application layer protocol is filtered, to filter out application layer protocol message;
Described application layer protocol message is copied, and be sent to application processing server carry out analyzing and processing;
Receive the analysis processing result that application processing server sends, and according to described analysis processing result, network traffics are controlled.
2. method according to claim 1, is characterized in that, described application processing server carries out analyzing and processing, comprises shared verification detection, flow analysis and control, VOIP Monitoring and Controlling and information pushing.
3. method according to claim 2, is characterized in that, described reception data message, and carries out protocol conversion, comprising:
Receive POS data message, and described POS data message is converted to IP datagram literary composition.
4. method according to claim 1, is characterized in that; Described described application layer protocol message is copied before, comprising: by needs identify application layer protocol message feature be updated to protocol characteristic storehouse.
5. the method according to Claims 1-4, is characterized in that, described and control network traffics according to described analysis processing result, comprising:
According to described analysis processing result and default flow control policy, network flow is controlled.
6. a volume control device, is characterized in that, described device comprises:
Receiver module, for receiving data message, and carries out protocol conversion;
Filtering module, for filtering application layer protocol, to filter out application layer protocol message;
Copy forwarding module, for copying described application layer protocol message, and be sent to application processing server carry out analyzing and processing;
Control module, for receiving the analysis processing result that application processing server sends, and controls network traffics according to described analysis processing result.
7. device according to claim 6, is characterized in that, described receiver module, comprising:
Receiving element, for receiving POS data message;
Conversion unit of protocol, is converted to IP datagram literary composition for the described POS data message received by described receiving element.
8. device according to claim 6, is characterized in that, described device also comprises:
Protocol characteristic storehouse, for copying before forwarding module copies described application layer protocol message described, carries out renewals preservation by needing the feature of the application layer protocol message identified.
9. a flow control system, is characterized in that, described system comprises volume control device and at least one application processing server, wherein,
Described volume control device, for receiving data message, and carries out protocol conversion; Application layer protocol is filtered, to filter out application layer protocol message; Described application layer protocol message is copied, and be sent to application processing server carry out analyzing and processing; Receive the analysis processing result that application processing server sends, and according to described analysis processing result, network traffics are controlled;
Described application processing server, for receiving the application layer protocol message that described volume control device sends; Analyze the feature of described application layer protocol message, and send analysis processing result to described volume control device.
10. system according to claim 9, is characterized in that, the analyzing and processing function of described application processing server, comprising:
Shared verification detection, flow analysis and control, VOIP Monitoring and Controlling and information pushing.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410361421.7A CN104348749B (en) | 2014-07-28 | 2014-07-28 | A kind of flow control methods, apparatus and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410361421.7A CN104348749B (en) | 2014-07-28 | 2014-07-28 | A kind of flow control methods, apparatus and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104348749A true CN104348749A (en) | 2015-02-11 |
| CN104348749B CN104348749B (en) | 2018-02-16 |
Family
ID=52503581
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410361421.7A Expired - Fee Related CN104348749B (en) | 2014-07-28 | 2014-07-28 | A kind of flow control methods, apparatus and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104348749B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016177131A1 (en) * | 2015-08-17 | 2016-11-10 | 中兴通讯股份有限公司 | Method, apparatus, and system for preventing dos attacks |
| CN107547414A (en) * | 2016-06-24 | 2018-01-05 | 中兴通讯股份有限公司 | File transmitting method and device |
| CN110661722A (en) * | 2019-09-09 | 2020-01-07 | 新华三信息安全技术有限公司 | Flow control method and device |
| CN112637090A (en) * | 2020-12-30 | 2021-04-09 | 上海欣诺通信技术股份有限公司 | Dynamic multilevel flow control method based on programmable switching chip |
| CN114095403A (en) * | 2020-07-30 | 2022-02-25 | 阿里巴巴集团控股有限公司 | Network data processing system, method, network element equipment and server |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040198223A1 (en) * | 2002-10-08 | 2004-10-07 | Loh Weng Wah | Flow control in a bluetooth wireless communication system |
| CN102118320A (en) * | 2011-04-18 | 2011-07-06 | 北京神州数码思特奇信息技术股份有限公司 | Method for protocol identification and flow control |
| CN101202700B (en) * | 2006-12-12 | 2011-08-03 | 华为技术有限公司 | Method, apparatus and system for flow control of point-to-point file sharing |
-
2014
- 2014-07-28 CN CN201410361421.7A patent/CN104348749B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040198223A1 (en) * | 2002-10-08 | 2004-10-07 | Loh Weng Wah | Flow control in a bluetooth wireless communication system |
| CN101202700B (en) * | 2006-12-12 | 2011-08-03 | 华为技术有限公司 | Method, apparatus and system for flow control of point-to-point file sharing |
| CN102118320A (en) * | 2011-04-18 | 2011-07-06 | 北京神州数码思特奇信息技术股份有限公司 | Method for protocol identification and flow control |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016177131A1 (en) * | 2015-08-17 | 2016-11-10 | 中兴通讯股份有限公司 | Method, apparatus, and system for preventing dos attacks |
| CN107547414A (en) * | 2016-06-24 | 2018-01-05 | 中兴通讯股份有限公司 | File transmitting method and device |
| CN110661722A (en) * | 2019-09-09 | 2020-01-07 | 新华三信息安全技术有限公司 | Flow control method and device |
| CN110661722B (en) * | 2019-09-09 | 2022-07-22 | 新华三信息安全技术有限公司 | Flow control method and device |
| CN114095403A (en) * | 2020-07-30 | 2022-02-25 | 阿里巴巴集团控股有限公司 | Network data processing system, method, network element equipment and server |
| CN112637090A (en) * | 2020-12-30 | 2021-04-09 | 上海欣诺通信技术股份有限公司 | Dynamic multilevel flow control method based on programmable switching chip |
| CN112637090B (en) * | 2020-12-30 | 2023-04-07 | 上海欣诺通信技术股份有限公司 | Dynamic multilevel flow control method based on programmable switching chip |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104348749B (en) | 2018-02-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR101662605B1 (en) | System and method for correlating network information with subscriber information in a mobile network environment | |
| CN104348749A (en) | Flow control method, flow control device and flow control system | |
| JP5481563B2 (en) | Service event trigger | |
| CN101039309B (en) | Link sharing service apparatus and communication method thereof | |
| WO2011115991A3 (en) | Methods, systems, and computer readable media for communicating policy information between a policy charging and rules function and a service node | |
| US20130198845A1 (en) | Monitoring a wireless network for a distributed denial of service attack | |
| CN101056222A (en) | A deep message detection method, network device and system | |
| CN103650436A (en) | Service path distribution method, router and service execution entity | |
| WO2011143481A3 (en) | System, apparatus for content delivery for internet traffic and methods thereof | |
| CN106416171A (en) | Method and device for feature information analysis | |
| WO2015039474A1 (en) | Method, device, and storage medium for deep packet inspection control | |
| CN107493276B (en) | Network security protection method and device | |
| CN106453669A (en) | Load balancing method and server | |
| CN106656648B (en) | Application flow dynamic protection method and system based on home gateway and home gateway | |
| CN101895552B (en) | Security gateway and method thereof for detecting proxy surfing | |
| WO2016086755A1 (en) | Packet processing method and transparent proxy server | |
| CN103250382A (en) | Distribution method, apparatus and system | |
| WO2016101595A1 (en) | Method, apparatus and system for accessing third-party resource through application | |
| Hyun et al. | A VoLTE traffic classification method in LTE network | |
| CN104040989B (en) | Gateway, and corresponding method, computer program and storage device | |
| CN107395554B (en) | Method and device for defending and processing flow attack | |
| CN103686658B (en) | Method and system for realizing application content charging | |
| CN101420336A (en) | Method for recognizing network telephone flow quantity in network and system thereof | |
| US9277014B2 (en) | Handling of auxiliary NAS | |
| CN104980408A (en) | Blocking method, device and system for malicious website |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20201209 Address after: Zuo Ying Xiang Zuo Ying Cun Nan Yan Huang Lu Bei, juancheng County, Heze City, Shandong Province Patentee after: JUANCHENG ZUOYING HONGYUAN FOOD Co.,Ltd. Address before: 430000 room 5, 6 / F, 2 / F, Guannan Fuxing medical park, 62 Guanggu Avenue, Donghu high tech Development Zone, Wuhan, Hubei Province Patentee before: HUBEI YUHENG TECHNOLOGY Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20210430 Address after: 226600 Chengbei industrial concentration area, Dagong Town, Hai'an City, Nantong City, Jiangsu Province Patentee after: NANTONG FEIYUE HEAVY ENGINEERING EQUIPMENT MANUFACTURING Co.,Ltd. Address before: Zuo Ying Xiang Zuo Ying Cun Nan Yan Huang Lu Bei, juancheng County, Heze City, Shandong Province Patentee before: JUANCHENG ZUOYING HONGYUAN FOOD Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20180216 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |