Great research starts with great data.

Learn More
More >
Patent Analysis of

Method, device, and storage medium for deep packet inspection control

Updated Time 12 June 2019

Patent Registration Data

Publication Number

US10003614

Application Number

US15/023712

Application Date

23 June 2014

Publication Date

19 June 2018

Current Assignee

ZTE CORPORATION

Original Assignee (Applicant)

ZTE CORPORATION

International Classification

H04L29/06,H04L12/24,H04W24/02

Cooperative Classification

H04L63/20,H04L41/0893,H04W24/02

Inventor

HUANG, SUNLIANG,FENG, JUN,FAN, LIANG

Patent Images

This patent contains figures and images illustrating the invention and its embodiment.

US10003614 Method, device, storage medium 1 US10003614 Method, device, storage medium 2 US10003614 Method, device, storage medium 3
See all images <>

Abstract

The present disclosure discloses a Deep Packet Inspection (DPI) control method and device, and a storage medium. The method includes that: a traffic collection request is sent to a network controller according to a pre-set collection policy, wherein the traffic collection request is used for allowing the network controller to send a request for traffic collection to one or more corresponding network devices; traffic data collected by the one or more network devices are received (S11); and the received traffic data of the one or more network devices are analyzed and processed to generate a network control policy corresponding to each network device, and the network control policies are sent to the network controller correspondingly to allow the network controller to send each network control policy to the corresponding network device.

Read more

Claims

1. A method for Deep Packet Inspection (DPI) control, comprising: sending, from a traffic collection module of a device for DPI control to a network controller via a northbound interface of the network controller, a traffic collection request according to a pre-set collection policy, wherein the traffic collection request is configured to instruct the network controller to send a request for traffic collection to more than one network device via a southbound interface of the network controller, wherein the traffic collection request is configured to specify more than one network device which needs the traffic collection request, and wherein the traffic collection request specifies traffic data to be collected via parameters that assign specific service flows from specific users and specific IP flows and traffic from specific ports that are to be collected; directly receiving at a receiving module of the device for DPI control and without using the network controller, the traffic data collected by the more than one network device according to the traffic collection request; analyzing and processing, by a generation module of the device for DPI control, the received traffic data from the more than one network device to generate each of network control policies corresponding to each of the network devices, wherein the network control policies describe application layer requirements; converting the network control policies into network control policies that are recognizable by the network controller; transmitting the converted network control policies to the network controller via the northbound interface of the network controller; sending, via the southbound interface of the network controller, each of the network control policies to a corresponding network device so as to implement the DPI control; and receiving feedback messages reported by the network controller, wherein the feedback messages are configured to indicate that the network devices have successfully executed the network control policies.

2. The method according to claim 1, wherein the step of sending, from a traffic collection module of a device for DPI control to the network controller via a northbound interface of the network controller, the traffic collection request according to the pre-set collection policy comprises: sending the traffic collection request to the network controller via a network capacity control device according to the pre-set collection policy, wherein the traffic collection request is configured to allow the network controller to send the request for traffic collection to the more than one network device.

3. The method according to claim 2, wherein the step of transmitting the converted network control policies to the network controller comprises: sending the network control policies to the network controller via the network capacity control device to allow the network controller to send each of the network control policies to the corresponding network device.

4. The method according to claim 2, before directly receiving, at the receiving module of the device for DPI control and without using the network controller, the traffic data collected by the more than one network device, further comprising: receiving second feedback messages reported by the network controller via the network capacity control device, wherein the second feedback messages indicate that collection policies of the more than one network device are successfully executed.

5. The method according to claim 1, before directly receiving, at a receiving module of the device for DPI control and without using the network controller the traffic data collected by the more than one network device, further comprising: receiving second feedback messages reported by the network controller, wherein the second feedback messages indicate that collection policies of the more than one network device are successfully executed.

6. A device for Deep Packet Inspection (DPI) control, comprising: an electronic computer processor; anda non-transitory memory storing executable instructions which, when executed, cause the electronic computer processor to: send, from a traffic collection module of a device for DPI control to a network controller via a northbound interface of the network controller, a traffic collection request according to a pre-set collection policy, the traffic collection request being configured to instruct the network controller to send a request for traffic collection to more than one network device via a southbound interface of the network controller, and the traffic collection request being configured to specify more than one network device which needs the traffic collection request, and the traffic collection request specifying traffic data to be collected via parameters that assign specific service flows from specific users and specific IP flows and traffic from specific ports that are to be collected; directly receive at a receiving module of the device for DPI control and without using the network controller, the traffic data collected by the more than one network device according to the traffic collection request; analyze and process, by a generation module of the device for DPI control, the received traffic data from the more than one network device to generate each of network control policies corresponding to each of the network devices, the network control policies describing application layer requirements; convert the network control policies into network control policies that are recognizable by the network controller; transmit the converted network control policies to the network controller via the northbound interface of the network controller; send, via the southbound interface of the network controller, each of the network control policies to a corresponding network device so as to implement the DPI control; and receive feedback messages reported by the network controller, the feedback messages being configured to indicate that the network devices have successfully executed the network control policies.

7. The device according to claim 6, wherein the executable instructions, when executed, further cause the electronic computer processor to send the traffic collection request to the network controller via a network capacity control device according to the pre-set collection policy, the traffic collection request being configured to allow the network controller to send the request for traffic collection to the more than one network device.

8. The device according to claim 7, wherein the executable instructions, when executed, further cause the electronic computer processor to send the network control policies to the network controller via the network capacity control device to allow the network controller to send each of the network control policies to the corresponding network device.

9. The device according to claim 7, wherein the executable instructions, when executed, further cause the electronic computer processor to receive second feedback messages reported by the network controller via the network capacity control device, wherein the second feedback messages indicate that collection policies of the more than one network device are successfully executed.

10. The device according to claim 6, wherein the executable instructions, when executed, further cause the electronic computer processor to receive second feedback messages reported by the network controller, wherein the second feedback messages indicate that collection policies of the more than one network device are successfully executed.

11. A non-transitory computer-readable storage medium storing executable instructions which, when executed on a processor, cause the processor to execute a method for Deep Packet Inspection (DPI) control comprising: sending, from a traffic collection module of a device for DPI control to a network controller via a northbound interface of the network controller, a traffic collection request according to a pre-set collection policy, wherein the traffic collection request is configured to instruct the network controller to send a request for traffic collection to more than one network device via a southbound interface of the network controller, and wherein the traffic collection request is configured to specify more than one network device which needs the traffic collection request, and wherein the traffic collection request specifies traffic data to be collected via parameters that assign specific service flows from specific users and specific IP flows and traffic from specific ports that are to be collected; directly receiving at a receiving module of the device for DPI control and without using the network controller the traffic data collected by the more than one network device according to the traffic collection request; analyzing and processing, by a generation module of the device for DPI control, the received traffic data from the more than one network device to generate each of network control policies corresponding to each of the network devices wherein the network control policies describe application layer requirements; converting the network control policies into network control policies that are recognizable by the network controller; transmitting the converted network control policies to the network controller via the northbound interface of the network controller; sending, via the southbound interface of the network controller, each of the network control policies to a corresponding network device so as to implement the DPI control; and receiving feedback messages reported by the network controller, wherein the feedback messages are configured to indicate that the network devices have successfully executed the network control policies.

Read more

Claim Tree

  • 1
    1. A method for Deep Packet Inspection (DPI) control, comprising:
    • sending, from a traffic collection module of a device for DPI control to a network controller via a northbound interface of the network controller, a traffic collection request according to a pre-set collection policy, wherein the traffic collection request is configured to instruct the network controller to send a request for traffic collection to more than one network device via a southbound interface of the network controller, wherein the traffic collection request is configured to specify more than one network device which needs the traffic collection request, and wherein the traffic collection request specifies traffic data to be collected via parameters that assign specific service flows from specific users and specific IP flows and traffic from specific ports that are to be collected
    • directly receiving at a receiving module of the device for DPI control and without using the network controller, the traffic data collected by the more than one network device according to the traffic collection request
    • analyzing and processing, by a generation module of the device for DPI control, the received traffic data from the more than one network device to generate each of network control policies corresponding to each of the network devices, wherein the network control policies describe application layer requirements
    • converting the network control policies into network control policies that are recognizable by the network controller
    • transmitting the converted network control policies to the network controller via the northbound interface of the network controller
    • sending, via the southbound interface of the network controller, each of the network control policies to a corresponding network device so as to implement the DPI control
    • and receiving feedback messages reported by the network controller, wherein the feedback messages are configured to indicate that the network devices have successfully executed the network control policies.
    • 2. The method according to claim 1, wherein
      • the step of sending, from a traffic collection module of a device for DPI control to the network controller via a northbound interface of the network controller, the traffic collection request according to the pre-set collection policy comprises:
    • 5. The method according to claim 1, before directly receiving, at a receiving module of the device for DPI control and without using the network controller the traffic data collected by the more than one network device, further comprising:
      • receiving second feedback messages reported by the network controller, wherein the second feedback messages indicate that collection policies of the more than one network device are successfully executed.
  • 6
    6. A device for Deep Packet Inspection (DPI) control, comprising:
    • an electronic computer processor
    • anda non-transitory memory storing executable instructions which, when executed, cause the electronic computer processor to: send, from a traffic collection module of a device for DPI control to a network controller via a northbound interface of the network controller, a traffic collection request according to a pre-set collection policy, the traffic collection request being configured to instruct the network controller to send a request for traffic collection to more than one network device via a southbound interface of the network controller, and the traffic collection request being configured to specify more than one network device which needs the traffic collection request, and the traffic collection request specifying traffic data to be collected via parameters that assign specific service flows from specific users and specific IP flows and traffic from specific ports that are to be collected
    • directly receive at a receiving module of the device for DPI control and without using the network controller, the traffic data collected by the more than one network device according to the traffic collection request
    • analyze and process, by a generation module of the device for DPI control, the received traffic data from the more than one network device to generate each of network control policies corresponding to each of the network devices, the network control policies describing application layer requirements
    • convert the network control policies into network control policies that are recognizable by the network controller
    • transmit the converted network control policies to the network controller via the northbound interface of the network controller
    • send, via the southbound interface of the network controller, each of the network control policies to a corresponding network device so as to implement the DPI control
    • and receive feedback messages reported by the network controller, the feedback messages being configured to indicate that the network devices have successfully executed the network control policies.
    • 7. The device according to claim 6, wherein
      • the executable instructions, when executed, further cause the electronic computer processor to send the traffic collection request to the network controller via a network capacity control device according to the pre-set collection policy, the traffic collection request being configured to allow the network controller to send the request for traffic collection to the more than one network device.
    • 10. The device according to claim 6, wherein
      • the executable instructions, when executed, further cause the electronic computer processor to receive second feedback messages reported by the network controller, wherein
  • 11
    11. A non-transitory computer-readable storage medium storing executable instructions which, when executed on a processor, cause the processor to execute a method for Deep Packet Inspection (DPI) control comprising:
    • sending, from a traffic collection module of a device for DPI control to a network controller via a northbound interface of the network controller, a traffic collection request according to a pre-set collection policy, wherein the traffic collection request is configured to instruct the network controller to send a request for traffic collection to more than one network device via a southbound interface of the network controller, and wherein the traffic collection request is configured to specify more than one network device which needs the traffic collection request, and wherein the traffic collection request specifies traffic data to be collected via parameters that assign specific service flows from specific users and specific IP flows and traffic from specific ports that are to be collected
    • directly receiving at a receiving module of the device for DPI control and without using the network controller the traffic data collected by the more than one network device according to the traffic collection request
    • analyzing and processing, by a generation module of the device for DPI control, the received traffic data from the more than one network device to generate each of network control policies corresponding to each of the network devices wherein the network control policies describe application layer requirements
    • converting the network control policies into network control policies that are recognizable by the network controller
    • transmitting the converted network control policies to the network controller via the northbound interface of the network controller
    • sending, via the southbound interface of the network controller, each of the network control policies to a corresponding network device so as to implement the DPI control
    • and receiving feedback messages reported by the network controller, wherein the feedback messages are configured to indicate that the network devices have successfully executed the network control policies.
See all independent claims <>

Description

TECHNICAL FIELD

The present disclosure relates to communications and more particularly to a method, a device, and a storage medium for Deep Packet Inspection (DPI) control.

BACKGROUND

With the rapid development of the Internet, Internet services emerge continuously. In terms of a service type, the services include voices, texts, videos or the like. In terms of a network link mode of a service, the services include services of a Client/Server (C/S) type, a Browser/Server (B/S) type, a Peer to Peer (P2P) type, a Peer to Server & Peer (P2SP) type and other types. In terms of a service interaction mode, the services include static web pages, interactive web pages, instant communications or the like. Implementation protocols for different services are very different.

The emergence of a great number of services provides rich Internet service for users and also brings difficulties in supervision and control. In order to meet requirements for national network safety monitoring and refined operation of telecom operators, a Deep Packet Inspection (DPI) technology emerges. The DPI technology can be applied to traffic management, safety, network analysis and other aspects, and can be used to analyse a network data packet.

Most of conventional DPI devices acquire packets using port mirroring or an optical splitter. After perceptual analysis is performed, a corresponding control policy is formed, and is directly transmitted to a corresponding network device to carry out network control. In this way, there is lack of uniform control over the whole network. The transmission and execution of the control policy are only limited to end-to-end control and thus one end-to-multiple ends control is difficult to realize, which is limited for an application range of the DPI devices.

SUMMARY

The embodiments of the present disclosure provide a method, a device, and a storage medium for DPI control, which are intended to realize data collection and transmission of a control policy for one end-to-multiple ends.

In a first aspect, an embodiment of the present disclosure provides a method for DPI control including:

a traffic collection request is sent to a network controller according to a pre-set collection policy, wherein the traffic collection request is used for allowing the network controller to send a request for traffic collection to one or more network devices;

traffic data collected by the one or more network devices are received; and

the received traffic data from the one or more network devices are analysed and processed to generate each of network control policies corresponding to each of the network devices, and the network control policies are sent to the network controller to allow the network controller to send each of the network control policies to a corresponding network device.

Preferably, after the network control policies are sent to the network controller, the method may further include that:

each of feedback messages reported by the network controller is received, wherein the feedback messages are used for indicating that the network devices have successfully executed the network control policies.

Preferably, the step that the traffic collection request is sent to the network controller according to the pre-set collection policy may include that:

the traffic collection request is sent to the network controller via a network capacity control device according to the pre-set collection policy, wherein the traffic collection request is used for allowing the network controller to send the request for traffic collection to the one or more network devices.

Preferably, the step that the network control policies are sent to the network controller may include that:

the network control policies are sent to the network controller via the network capacity control device to allow the network controller to send each of the received network control policies to the corresponding network device.

In a second aspect, an embodiment of the present disclosure also provides a device for DPI control, including a traffic collection module, a receiving module, a generation module and a control policy sending module, wherein

the traffic collection module is configured to send a traffic collection request to a network controller according to a pre-set collection policy, the traffic collection request being used for allowing the network controller to send a request for traffic collection to one or more network devices;

the receiving module is configured to receive traffic data collected by the one or more network devices;

the generation module is configured to analyze and process the received traffic data from the one or more network devices to generate each of network control policies corresponding to each of the network devices; and

the control policy sending module is configured to send the network control policies to the network controller to allow the network controller to send each of the network control policies to a corresponding network device.

Preferably, the receiving module may be further configured to receive each of feedback messages reported by the network controller, wherein the feedback messages are used for indicating that the network devices have successfully executed the network control policies.

Preferably, the traffic collection module may be further configured to send the traffic collection request to the network controller via a network capacity control device according to the pre-set collection policy, wherein the traffic collection request is used for allowing the network controller to send the request for traffic collection to the one or more network devices.

Preferably, the control policy sending module may be further configured to send the network control policies to the network controller via the network capacity control device to allow the network controller to send each of the received network control policies to the corresponding network device.

In a third aspect, an embodiment of the present disclosure provides a readable storage medium, wherein executable instructions are stored therein and are used for executing the abovementioned method for DPI control.

According to the method, the device and the storage medium for DPI control in the embodiments of the present disclosure, the network controller interacts with each of the network devices, and thus the traffic collection request and the network control policy are sent to each of the network devices. Therefore, data collection and transmission of the control policy for one end-to-multiple ends are realized.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a flowchart illustrating a method for DPI control according to a first embodiment of the present disclosure;

FIG. 2 is a flowchart illustrating a method for DPI control according to a second embodiment of the present disclosure;

FIG. 3 is a structure block diagram showing a device for DPI control according to a first embodiment of the present disclosure; and

FIG. 4 is a structure block diagram showing a device for DPI control according to a second embodiment of the present disclosure.

The objectives, functional characteristics and advantages of the present disclosure will be further described with reference to the embodiments and the accompanying drawings.

DETAILED DESCRIPTION

It should be understood that the embodiments described herein are only intended to explain the present disclosure and are not intended to limit the present disclosure.

In this embodiment, a Software Defined Network (SDN) controller is taken as an example to describe the network controller. In other embodiments of the present disclosure, any one of applicable controller at a network side is also used. FIG. 1 is a flowchart illustrating a method for DPI control according to a first embodiment of the present disclosure. As shown in FIG. 1, the method includes the following steps.

At S10, a traffic collection request is sent to an SDN controller according to a pre-set collection policy.

Here, the traffic collection request is used for allowing the network controller to send a request for traffic collection to one or more corresponding network devices.

Here, the traffic collection request is sent to the network controller according to the pre-set collection policy to allow the network controller to send the traffic collection request to one or more network devices in response to the traffic collection request.

In Step S10, the traffic collection request is sent to the SDN controller according to the pre-set collection policy. The traffic collection request contains some parameters for assigning contents to be collected, such as service flows from regular users, interconnection Internet Protocol (IP) flows between regular networks and traffics from regular ports. After the SDN controller receives the traffic collection request, the SDN controller parses and processes the same to determine one or more network devices which need the traffic collection request. The traffic collection request is converted into an instruction capable of being transmitted via a southbound interface of the SDN controller, and the converted traffic collection request is further sent to the one or more network devices via the southbound interface of the SDN controller.

The SDN controller adopts a uniform control mode, and all of the network devices can be globally managed and controlled.

At S11, traffic data collected by the one or more network devices are received.

In Step S11, the traffic data collected by each of the network devices are received. Each of the network devices performs traffic collection according to the traffic collection request transmitted by the SDN controller, and returns the collected traffic data. Preferably, in the method for DPI control, the traffic data collected from the network devices are directly received without the need of the SDN controller.

At S12, the received traffic data from the one or more network devices are analyzed and processed to generate a network control policy corresponding to each of the network devices.

In Step S12, the received traffic data are analyzed and processed to generate the corresponding network control policies. If the received traffic data of a network device A are analyzed and processed to determine that the traffic of a regular port of the network device A is too much, a network control policy for restricting traffic is generated for the network device A.

At S13, the network control policies are sent to the SDN controller to allow the SDN controller to send each of the network control policies to the corresponding network device.

In Step S13, each of the network control policies is sent to the SDN controller. After the SDN controller receives the network control policies, parsing and processing are performed to determine one or more network devices which need the network control policies. Each of the network control policies is converted into an instruction capable of being transmitted via the southbound interface of the SDN controller, and the converted network control policy is further sent to the corresponding network device via the southbound interface of the SDN controller.

By means of the embodiment, the SDN controller interacts with each of the network devices, the traffic collection request and the network control policy are sent to each of the network devices, and therefore the data collection and transmission of the control policy for one end-to-multiple ends are realized.

Furthermore, after Step S13, the method further includes the following step.

At S14, each of feedback messages reported by the SDN controller is received, each of feedback messages being used for indicating that the corresponding network device has successfully executed the corresponding network control policy.

After each of the network devices receives the corresponding network control policy transmitted by the SDN controller, a relevant network control policy is deployed on this network device, and a feedback message indicating that the network control policy is successfully executed is sent to the SDN controller after the deployment is completed. The SDN controller collects the feedback messages which are fed back by all of the network devices and indicate that the network control policies are successfully executed, performs uniform processing, and then returns the uniformly-processed feedback messages indicating that the network control policies are successfully executed.

Furthermore, before Step S11, the method further includes the following step.

At S15, the feedback messages which are reported by the SDN controller and indicate that the collection policies of the one or more network devices are successfully executed are received.

After the one or more network devices receive the traffic collection request transmitted by the SDN controller, a relevant traffic collection policy is deployed on each of the network devices, and each of feedback messages indicating that the corresponding collection policy is successfully executed is sent to the SDN controller after the deployment is completed. The SDN controller collects the feedback messages which are sent by all of the network devices and indicate that the collection policies are successfully executed, performs uniform processing, and then returns the uniformly-processed feedback messages indicating that the collection policies are successfully executed.

In this embodiment, the SDN controller is taken as an example to describe the network controller. In the other embodiments of the present disclosure, any one of applicable controller at the network side is applicable. FIG. 2 is a flowchart illustrating a method for DPI control according to a second embodiment of the present disclosure. As shown in FIG. 2, the method includes the following steps.

At S20, a traffic collection request is sent to an SDN controller via a network capacity control device according to a pre-set collection policy.

Here, the traffic collection request is sent to the SDN controller via the network capacity control device according to the pre-set collection policy to allow the SDN controller to send the traffic collection request to one or more network devices according to the received traffic collection request.

In Step S20, the traffic collection request is sent to the network capacity control device according to the pre-set collection policy. The traffic collection request focuses on describing the application layer requirements, and the level of abstraction is relatively high. The traffic collection request contains some parameters for assigning contents to be collected, such as specific service flows of specific users, specific IP flows and traffics of specific ports. After the network capacity control device receives the traffic collection request, parsing and processing are performed to form a traffic collection request which can be recognized by the SDN controller, and the traffic collection request which is parsed and processed is transmitted to the SDN controller via a northbound interface of the SDN controller.

After the SDN controller receives the traffic collection request transmitted by the network capacity control device, parsing and processing are performed to determine one or more network devices which need the traffic collection request, the traffic collection request is converted into an instruction capable of being transmitted via the southbound interface of the SDN controller, and the converted traffic collection request is further sent to the one or more network devices via the southbound interface of the SDN controller.

The SDN controller adopts a uniform control mode, and all of the network devices can be globally managed and controlled.

At S21, traffic data collected by the one or more network devices are received.

In Step S21, the traffic data collected by each of the network devices are received. Each of the network devices performs traffic collection according to the traffic collection request transmitted by the SDN controller, and returns the collected traffic data. Preferably, in the method for DPI control, the traffic data collected from the network devices are directly received without the need of the SDN controller and the network capacity control device.

At S22, the received traffic data from the one or more network devices are analyzed and processed to generate a network control policy corresponding to each of the network devices.

In Step S22, the received traffic data are analyzed and processed to generate the corresponding network control policies. The network control policies focus on describing the application layer requirements, such as diamond-level service guarantee and end-to-end service guarantee, and the level of abstraction is relatively high. For example, P2P traffic data of a specific region, received from a network device A, are analyzed. If it is determined that the P2P traffic data of the current specific region of the network device A are over-sized, a network control policy for restricting the traffic is generated.

At S23, the network control policies are sent to the SDN controller via the network capacity control device correspondingly to allow the SDN controller to send each of the received network control policies to the corresponding network device.

In Step S23, each of the generated network control policies is sent to the network capacity control device. After the network control policies are received, parsing and processing are performed, the received network control policies are converted into network control policies which can be recognized by the SDN controller, and the converted network control policies are transmitted to the SDN controller via a northbound interface of the SDN controller.

After the SDN controller receives the network control policies transmitted by the network capacity control device, parsing and processing are performed to determine one or more network devices which need the network control policies, each of the network control policies is converted into an instruction capable of being transmitted via the southbound interface of the SDN controller, and each of the converted network control policies is further sent to the corresponding network device via the southbound interface of the SDN controller.

Furthermore, after Step S23, the method further includes the following step.

At S24, each of feedback messages reported by the SDN controller via the network capacity control device is received, each of the feedback messages being used for indicating that the corresponding network device has successfully executed the corresponding network control policy.

After each of the network devices receives the corresponding network control policy transmitted by the SDN controller, a relevant network control policy is deployed on this network device, and each of the feedback messages indicating that the network control policy is successfully executed is sent to the SDN controller after the deployment is completed. The SDN controller collects the feedback messages which are fed back by all of the network devices and indicate that the network control policies are successfully executed, performs uniform processing, and then sends the uniformly-processed feedback messages indicating that the network control policies are successfully executed to the network capacity control device. The network capacity control device returns the feedback messages.

Furthermore, before Step S21, the method further includes the following step.

At S25, the feedback messages which are reported by the SDN controller via the network capacity control device and indicate that the collection policies of the one or more network devices are successfully executed are received.

After the one or more network devices receive the traffic collection request transmitted by the SDN controller, a relevant traffic collection policy is deployed on this network device, and each of the feedback messages indicating that the collection policy is successfully executed is sent to the SDN controller after the deployment is completed. The SDN controller collects the feedback messages which are sent by all of the network devices and indicate that the collection policies are successfully executed, performs uniform processing, and then sends the uniformly-processed feedback messages indicating that the collection policies are successfully executed to the network capacity control device. The network capacity control device returns the feedback messages.

In this embodiment, the SDN controller is taken as an example to describe. In the other embodiments of the present disclosure, any one of applicable network controllers may be used. FIG. 3 is a structure block diagram showing a device for DPI control according to a first embodiment of the present disclosure. As shown in FIG. 3, the device 301 includes a traffic collection module 310, a receiving module 311, a generation module 312 and a control policy sending module 313.

The traffic collection module 310 is configured to send a traffic collection request to an SDN controller 200 according to a pre-set collection policy, the traffic collection request being used for allowing the SDN controller 200 to send a request for traffic collection to one or more network devices 300.

The receiving module 311 is configured to receive traffic data collected by the one or more network devices 300.

The generation module 312 is configured to analyze and process the received traffic data from the one or more network devices to generate a network control policy corresponding to each of the network devices.

The control policy sending module 313 is configured to send the network control policies to the SDN controller 200 to allow the SDN controller 200 to send each of the network control policies to the corresponding network device 300.

The traffic collection module 310 sends the traffic collection request to the SDN controller 200 according to the pre-set collection policy. The traffic collection request contains some parameters for assigning contents to be collected, such as service flows from regular users, regular IP flows and traffics from regular ports. After the SDN controller 200 receives the traffic collection request, parsing and processing are performed to determine one or more network devices 300 which need the traffic collection request. The traffic collection request is converted into an instruction capable of being transmitted via a southbound interface of the SDN controller 200, and the converted traffic collection request is further sent to the one or more network devices via the southbound interface of the SDN controller 200. The SDN controller 200 adopts a uniform control mode, and all of the network devices 300 can be globally managed and controlled.

The receiving module 311 receives traffic data collected from each of the network devices 300. Each of the network devices 300 performs traffic collection according to the traffic collection request transmitted by the SDN controller 200, and sends the collected traffic data to the device for DPI control 301. The traffic data collected from each of the network devices 300 are directly received via the receiving module 311 without the need of the SDN controller 200.

The generation module 312 analyzes and processes the received traffic data to generate the network control policies. If the received traffic data of a network device A are analyzed and processed to determine that the traffic from a regular port of the network device A is too much, a network control policy for restricting traffic is generated for the network device A.

The control policy sending module 313 sends each of the generated network control policies to the SDN controller 200. After the SDN controller 200 receives the network control policies, parsing and processing are performed to determine one or more network devices 300 which need the network control policies. Each of the network control policies is converted into an instruction capable of being transmitted via the southbound interface of the SDN controller 200, and the converted network control policy is further sent to the corresponding network device 300 via the southbound interface of the SDN controller 200.

Furthermore, the receiving module 311 is further configured to receive each of feedback messages reported by the SDN controller 200, each of the feedback messages being used for indicating that the corresponding network device has successfully executed the corresponding network control policy.

After each of the network devices receives the corresponding network control policy transmitted by the SDN controller 200, a relevant network control policy is deployed on this network device, and each of the feedback messages indicating that the network control policy is successfully executed is sent to the SDN controller 200 after the deployment is completed. The SDN controller 200 collects the feedback messages which are fed back by all of the network devices and indicate that the network control policies are successfully executed, performs uniform processing, and then sends the uniformly-processed feedback messages indicating that the network control policies are successfully executed to the receiving module 311 of the device for DPI control 301.

Furthermore, the receiving module 311 is further configured to receive the feedback messages which are reported by the SDN controller 200 and indicate that the collection policies of the one or more network devices are successfully executed.

After each of the one or more network devices receives the traffic collection request transmitted by the SDN controller 200, a relevant traffic collection policy is deployed on this network device, and each of feedback messages indicating that the collection policy is successfully executed is sent to the SDN controller 200 after the deployment is completed. The SDN controller 200 collects the feedback messages which are sent by all of the network devices and indicate that the collection policies are successfully executed, performs uniform processing, and then sends the uniformly-processed feedback messages indicating that the collection policies are successfully executed to the receiving module 311 of the device for DPI control 301.

In this embodiment, the SDN controller is taken as an example to describe. In the other embodiments of the present disclosure, any one of applicable network controllers is also used. FIG. 4 is a structure block diagram showing a device for DPI control according to a second embodiment of the present disclosure. As shown in FIG. 4, the device 401 includes a traffic collection module 420, a receiving module 421, a generation module 422 and a control policy sending module 423.

The traffic collection module 420 is configured to send a traffic collection request to an SDN controller 200 via a network capacity control device 400 according to a pre-set collection policy, the traffic collection request being used for allowing the SDN controller 200 to send a request for traffic collection to one or more corresponding network devices.

The receiving module 421 is configured to receive traffic data collected by the one or more network devices 300.

The generation module 422 is configured to analyze and process the received traffic data of each of the one or more network devices 300 to generate a network control policy corresponding to each of the network devices.

The control policy sending module 423 is configured to send all of the generated network control policies to the SDN controller 200 via the network capacity control device 400 to allow the SDN controller to send each of the received network control policies to the corresponding network device.

The traffic collection module 420 sends the traffic collection request to the network capacity control device 400 according to the pre-set collection policy. The traffic collection request focuses on describing application layer requirements, and the level of abstraction is relatively high. The traffic collection request contains some parameters for assigning contents to be collected, such as specific service flows from specific users, specific IP flows and traffics from specific ports. After the network capacity control device 400 receives the traffic collection request, parsing and processing are performed to form a traffic collection request which can be recognized by the SDN controller 200, and the parsed and processed traffic collection request is transmitted to the SDN controller 200 via a northbound interface of the SDN controller 200.

After the SDN controller 200 receives the traffic collection request transmitted by the network capacity control device 400, parsing and processing are performed to determine one or more network devices which need the traffic collection request, the traffic collection request is converted into an instruction capable of being transmitted via the southbound interface of the SDN controller 200, and the converted traffic collection request is further sent to the one or more network devices via the southbound interface of the SDN controller 200. The SDN controller adopts a uniform control mode, and all of the network devices can be globally managed and controlled.

The receiving module 421 receives the traffic data collected by each of the network devices 300. Each of the network devices 300 performs traffic collection according to the traffic collection request transmitted by the SDN controller 200, and sends the collected traffic data to the receiving module 421 of the device for DPI control 401. The traffic data collected from each of the network devices 300 are directly received via the receiving module 421 without the need of the SDN controller 200 and the network capacity control device 400.

The generation module 422 analyzes and processes the received traffic data to generate the network control policies. The network control policies focus on describing application layer requirements such as diamond-level service guarantee and end-to-end service guarantee, and the level of abstraction is relatively high. For example, P2P traffic data from a specific region, received from a network device A, are analysed. If it is determined that the P2P traffic data from the current specific region of the network device A are over-sized, a network control policy for restricting traffic is generated.

The control policy sending module 423 sends each of the generated network control policies to the network capacity control device 400. After the network capacity control device 400 receives the network control policies, parsing and processing are performed, the received network control policies are converted into network control policies which can be recognized by the SDN controller 200, and the converted network control policies are transmitted to the SDN controller 200 via a northbound interface of the SDN controller 200.

After the SDN controller 200 receives the network control policies transmitted by the network capacity control device 400, parsing and processing are performed to determine one or more network devices which need the network control policies, each of the network control policies is converted into an instruction capable of being transmitted via the southbound interface of the SDN controller 200, and each of the converted network control policies is further sent to the corresponding network device 300 via the southbound interface of the SDN controller 200.

Furthermore, the receiving module 421 is further configured to receive each of feedback messages reported by the SDN controller 200 via the network capacity control device 400, each of the feedback messages being used for indicating that the corresponding network device 300 has successfully executed the corresponding network control policy.

After each of the network devices 300 receives the corresponding network control policy transmitted by the SDN controller 200, a relevant network control policy is deployed on the network device 300, and a feedback message indicating that the network control policy is successfully executed is sent to the SDN controller 200 after the deployment is completed. The SDN controller 200 collects the feedback messages which are fed back by all of the network devices 300 and indicate that the network control policies are successfully executed, performs uniform processing, and then sends the uniformly-processed feedback messages indicating that the network control policies are successfully executed to the network capacity control device 400. The network capacity control device 400 sends the feedback messages to the receiving module 421 of the device for DPI control 401.

Furthermore, the receiving module 421 is further configured to receive the feedback messages which are reported by the SDN controller 200 via the network capacity control device 400 and indicate that the collection policies of the one or more network devices 300 are successfully executed.

After each of the one or more network devices 300 receives the traffic collection request transmitted by the SDN controller 200, a relevant traffic collection policy is deployed on this network device 300, and each of feedback messages indicating that the collection policy is successfully executed is sent to the SDN controller 200 after the deployment is completed. The SDN controller 200 collects the feedback messages which are sent by all of the network devices 300 and indicate that the collection policies are successfully executed, performs uniform processing, and then sends the uniformly-processed feedback messages indicating that the collection policies are successfully executed to the network capacity control device 400. The network capacity control device 400 sends the feedback messages to the receiving module 421 of the device for DPI control 401.

The traffic collection module, the receiving module, the generation module and the control policy sending module in the device for DPI control provided by the embodiments of the present disclosure can be realized by a processor in a network device, and can also be realized by a specific logic circuit, wherein the network device can be an independent server, and can also be a server used for realizing a network controller. In an embodiment, the processor can be a Central Processing Unit (CPU), a Micro-Processor Unit (MPU), a Digital Signal Processor (DSP), a Field Programmable Gate Array (FPGA) or the like.

In the embodiments of the present disclosure, if the method for DPI control is realized in a form of software function modules and is sold or used as an independent product, the product can also be stored in a readable storage medium. Based on this understanding, the technical solutions of the embodiments of the present disclosure can be substantially embodied in a form of a software product or parts contributing to the conventional art can be embodied in a form of a software product, and a computer software product is stored in a storage medium, which includes a plurality of instructions enabling a computer device which can be a personal computer, a server or a network device to execute all or part of the method according to each embodiment of the present disclosure. The storage medium includes various media capable of storing program codes, such as a USB disk, a mobile hard disk, a Read Only Memory (ROM), a disk or an optical disc. Thus, the embodiments of the present disclosure are not limited to a combination of any specific hardware and software.

Accordingly, an embodiment of the present disclosure further provides a readable storage medium. Executable instructions are stored in the readable storage medium and are used for executing the method for DPI control provided by each embodiment of the present disclosure.

The above is only the preferred embodiments of the present disclosure and is not intended to limit the scope of the present disclosure. The equivalent structure or equivalent flow implemented by using the description and drawings of the present disclosure or direct or indirect application to other relevant technical fields should fall within the protection scope of the present disclosure in the same way.

INDUSTRIAL APPLICABILITY

In the embodiments of the present disclosure, the traffic collection request is sent to the network controller according to the pre-set collection policy, wherein the traffic collection request is used for allowing the network controller to send the request for traffic collection to the one or more corresponding network devices; the traffic data collected by the one or more network devices are received; and the received traffic data from the one or more network devices are analyzed and processed to generate a network control policy corresponding to each of the network devices, and the network control policies are sent to the network controller to allow the network controller to send each of the network control policies to the corresponding network device. Thus, the network controller interacts with each of the network devices, and therefore data collection and transmission of the control policy for one end-to-multiple ends are implemented.

Read more
PatSnap Solutions

Great research starts with great data.

Use the most comprehensive innovation intelligence platform to maximise ROI on research.

Learn More

Patent Valuation

$

Reveal the value <>

32.48/100 Score

Market Attractiveness

It shows from an IP point of view how many competitors are active and innovations are made in the different technical fields of the company. On a company level, the market attractiveness is often also an indicator of how diversified a company is. Here we look into the commercial relevance of the market.

62.0/100 Score

Market Coverage

It shows the sizes of the market that is covered with the IP and in how many countries the IP guarantees protection. It reflects a market size that is potentially addressable with the invented technology/formulation with a legal protection which also includes a freedom to operate. Here we look into the size of the impacted market.

65.83/100 Score

Technology Quality

It shows the degree of innovation that can be derived from a company’s IP. Here we look into ease of detection, ability to design around and significance of the patented feature to the product/service.

91.0/100 Score

Assignee Score

It takes the R&D behavior of the company itself into account that results in IP. During the invention phase, larger companies are considered to assign a higher R&D budget on a certain technology field, these companies have a better influence on their market, on what is marketable and what might lead to a standard.

19.64/100 Score

Legal Score

It shows the legal strength of IP in terms of its degree of protecting effect. Here we look into claim scope, claim breadth, claim quality, stability and priority.

Citation

Patents Cited in This Cited by
Title Current Assignee Application Date Publication Date
流量控制的方法及设备 杭州华三通信技术有限公司 04 February 2010 28 July 2010
深度包检测过滤方法、设备和系统 华为技术有限公司 12 August 2010 03 August 2011
网络流量特征识别规则的建立方法、识别控制方法及装置 华为数字技术(成都)有限公司 31 December 2010 04 May 2011
基于深度包检测和深度流检测技术的IPv6监测设备 上海大学 11 August 2009 30 March 2011
一种实现绿色上网的方法和装置 成都市华为赛门铁克科技有限公司 12 March 2009 12 August 2009
See full citation <>

More like this

Title Current Assignee Application Date Publication Date
Security of SDN traffic in a communication cloud environment of multiple applications on top of an SDN controller NOKIA SOLUTIONS & NETWORKS OY 18 November 2014 26 May 2016
Method and system implementing inspection ZTE CORPORATION 18 May 2016 06 April 2017
Conditional declarative policies VARMOUR NETWORKS, INC. 24 March 2016 06 October 2016
User data isolation in software defined networking (SDN) controller TELEFONAKTIEBOLAGET LM ERICSSON (PUBL) 22 July 2016 25 January 2018
Methods and servers for managing traffic steering policies TELEFONAKTIEBOLAGET LM ERICSSON (PUBL) 13 July 2016 18 January 2018
Estimating data traffic composition of a communication network through extrapolation TELEFONAKTIEBOLAGET LM ERICSSON (PUBL) 10 December 2014 16 June 2016
Method and apparatus for generating network control policy, and network controller HUAWEI TECHNOLOGIES CO., LTD. 17 August 2016 02 March 2017
Policy based network compliance EMC IP HOLDING COMPANY LLC 27 June 2007 30 July 2013
Method for triggering network policy update, management function entity, and core network device CHINA ACADEMY OF TELECOMMUNICATIONS TECHNOLOGY 08 June 2017 08 February 2018
Sdn-based ddos attack prevention method, device and system HUAWEI TECHNOLOGIES CO., LTD 29 January 2016 29 September 2016
Methods and devices for access control of data flows in software defined networking system TELEFONAKTIEBOLAGET LM ERICSSON (PUBL) 10 April 2015 13 October 2016
Delivering security functions to distributed networks VARMOUR NETWORKS, INC. 24 March 2016 16 February 2017
Network-service interaction regarding requested network behavior TELEFONAKTIEBOLAGET LM ERICSSON (PUBL) 12 May 2017 16 November 2017
System and method for discovering internet protocol (IP) network address and port translation bindings YAANA TECHNOLOGIES LLC 14 November 2016 18 May 2017
Traffic splitter for user plane in mobile networks TELEFONAKTIEBOLAGET LM ERICSSON (PUBL) 18 November 2016 04 January 2018
Deep packet inspection (DPI) at an endpoint SEVEN NETWORKS, LLC 02 November 2015 12 May 2016
Routing and security within a mobile network JPU.IO LTD 02 December 2016 15 June 2017
Network-based policy control for hybrid accesses TELEFONAKTIEBOLAGET LM ERICSSON (PUBL) 20 April 2016 27 October 2016
Network policy distribution HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP 31 March 2015 06 October 2016
See all similar patents <>

More Patents & Intellectual Property

PatSnap Solutions

PatSnap solutions are used by R&D teams, legal and IP professionals, those in business intelligence and strategic planning roles and by research staff at academic institutions globally.

PatSnap Solutions
Search & Analyze
The widest range of IP search tools makes getting the right answers and asking the right questions easier than ever. One click analysis extracts meaningful information on competitors and technology trends from IP data.
Business Intelligence
Gain powerful insights into future technology changes, market shifts and competitor strategies.
Workflow
Manage IP-related processes across multiple teams and departments with integrated collaboration and workflow tools.
Contact Sales
Clsoe
US10003614 Method, device, storage medium 1 US10003614 Method, device, storage medium 2 US10003614 Method, device, storage medium 3