Nothing Special   »   [go: up one dir, main page]

WO2013082793A1 - Method, device and system for controlling service transmission - Google Patents

Method, device and system for controlling service transmission Download PDF

Info

Publication number
WO2013082793A1
WO2013082793A1 PCT/CN2011/083722 CN2011083722W WO2013082793A1 WO 2013082793 A1 WO2013082793 A1 WO 2013082793A1 CN 2011083722 W CN2011083722 W CN 2011083722W WO 2013082793 A1 WO2013082793 A1 WO 2013082793A1
Authority
WO
WIPO (PCT)
Prior art keywords
service
control
transmission
server
control information
Prior art date
Application number
PCT/CN2011/083722
Other languages
French (fr)
Chinese (zh)
Inventor
胡翔
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to CN201180003320.7A priority Critical patent/CN102630376B/en
Priority to PCT/CN2011/083722 priority patent/WO2013082793A1/en
Publication of WO2013082793A1 publication Critical patent/WO2013082793A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/564Enhancement of application control based on intercepted application data

Definitions

  • the present invention relates to the field of communications, and more particularly to a method, apparatus and system for controlling the transmission of services. Background technique
  • Gateway Universal Wireless Packet Service Support Node GGSN, Gateway GPRS Support
  • Gateway device such as Node / Packet Data Serving Network (PDSN), as the last core network device before the mobile broadband network accesses the Internet, can be based on shallow SPI (Shallow Packet Inspection) / deep text
  • the DPI Deep Packet Inspection
  • the L34 filter can be configured on the gateway device to match the L34 layer information of the service with the service blacklist and whitelist rule to determine the processing policy for the service, control the transmission of the service, and implement the black and white list function of the service.
  • Embodiments of the present invention provide a method and apparatus for controlling transmission of a service, which can reduce the impact on the performance of the gateway device and maintain continuous updating of the black and white list data.
  • a method for controlling transmission of a service comprising: receiving a data message sent by a sender; sending a classification request message to the server, where the classification request message includes the number Receiving the L34 layer information of the service extracted in the message; receiving the classification request response message sent by the server, the classification request response message includes control information of the service determined by the server according to the L34 layer information; according to the control information, The transmission of the business is controlled.
  • a method for controlling transmission of a service comprising: receiving, by a gateway device, a classification request message, where the classification request message includes L34 layer information of a service extracted by the gateway device from the data packet; L34 layer information, determining control information of the service; sending a classification request response message to the gateway device, the classification request response message including the control information, so that the gateway device controls the transmission of the service according to the control information.
  • a device for controlling transmission of a service comprising: a first receiving unit, configured to receive a data packet sent by a sending end, and a sending unit, configured to send a classification request message to the server, the classification request The message includes the L34 layer information of the service extracted from the data packet; the second receiving unit is configured to receive the classification request response message sent by the server, where the classification request response message includes the service determined by the server according to the L34 layer information. Control information; a control unit, configured to control transmission of the service according to the control information.
  • an apparatus for controlling transmission of a service comprising: a receiving unit, configured to receive, by a gateway device, a classification request message, where the classification request message includes a service L34 of the service extracted by the gateway device from the data packet a layer information, a determining unit, configured to determine, according to the L34 layer information, control information of the service, and a sending unit, configured to send, to the gateway device, a classification request response message, where the classification request response message includes the control information determined by the determining unit So that the gateway device controls the transmission of the service according to the control information.
  • a system for controlling transmission of a service comprising: a gateway device and a server.
  • the gateway device includes: a first receiving unit, configured to receive a data packet sent by the sending end, and a sending unit, configured to send, to the server, a classification request message, where the classification request message includes a L34 layer of the service extracted from the data packet a second receiving unit, configured to receive a classification request response message sent by the server, where the classification request response message includes control information of the service determined by the server according to the L34 layer information, and a control unit, configured to: according to the control information, Control the transmission of this service.
  • the server includes: a receiving unit, configured to receive, by the gateway device, a classification request message, where the classification request message includes L34 layer information of the service extracted by the gateway device from the data packet, and the determining unit is configured to determine, according to the L34 layer information, And a sending unit, configured to send a classification request response message to the gateway device, where the classification request response message includes the control information determined by the determining unit, so that the gateway device uses the control information according to the control information. Transfer into Line control.
  • the method and apparatus for controlling the transmission of the service according to the embodiment of the present invention determine the control information of the service by the server disposed outside the gateway device, and the gateway device controls the transmission of the service according to the control information, thereby enabling All services, including non-browsing and encrypted service types, are controlled to reduce the impact on the performance of the gateway device due to the configuration of the L34 filter, and to maintain the continuous update of the black and white list data, reducing the workload of network maintenance.
  • FIG. 1 is a schematic flowchart of a method of controlling transmission of a service according to an embodiment of the present invention.
  • 2 is a schematic flow chart of a method of controlling transmission of a service according to another embodiment of the present invention.
  • FIG. 3 is an interaction diagram of a method of controlling transmission of a service in accordance with an embodiment of the present invention.
  • FIG. 4 is a schematic block diagram of an apparatus for controlling transmission of a service according to an embodiment of the present invention.
  • FIG. 5 is a schematic block diagram of an apparatus for controlling transmission of a service according to another embodiment of the present invention.
  • 6 is a schematic block diagram of a system for controlling transmission of traffic according to an embodiment of the present invention. detailed description
  • GSM Global System of Mobile Communication
  • CDMA Code Division Multiple Access
  • WCDMA Wideband Code Division Multiple Access
  • GSM Global System of Mobile Communication
  • GPRS General Packet Radio Service
  • LTE Long Term Evolution
  • FDD Frequency Division Duplex
  • TDD Time Division Duplex
  • UMTS Universal Mobile Telecommunications System
  • UE user equipment
  • Mobile Terminal mobile user equipment
  • a radio access network eg, RAN, Radio Access Network
  • the user equipment may be a mobile terminal, such as a mobile phone (or "cellular" phone) and a computer with a mobile terminal, for example, a mobile device that can be portable, pocket, handheld, computer built, or in-vehicle, Exchange language and/or data with the wireless access network.
  • a mobile terminal such as a mobile phone (or "cellular" phone) and a computer with a mobile terminal, for example, a mobile device that can be portable, pocket, handheld, computer built, or in-vehicle, Exchange language and/or data with the wireless access network.
  • FIG. 1 shows a schematic flow chart of a method 100 of controlling transmission of traffic, in accordance with an embodiment of the present invention, as viewed from the perspective of a gateway device side.
  • the method 100 includes:
  • S130 Receive a classification request response message sent by the server, where the classification request response message includes control information of the service determined by the server according to the L34 layer information.
  • the gateway device may obtain the L34 layer information of the service according to the data packet, and send a classification request message including the L34 layer information to the server, where the server may determine according to the L34 layer information.
  • the control information of the service is sent to the gateway device, and the classification request response message including the control information is sent, and after receiving the classification request response message sent by the server, the transmission of the service may be controlled according to the control information.
  • all services including the non-browsing type and the encrypted service type may be controlled according to the L34 layer information, for example, the interaction between the gateway device and the server, if based on The Internet Protocol (IP, Internet Procotol) address controls the transmission of the service, and can control all services transmitted through the IP address, including non-browsing and encrypted service types.
  • IP Internet Protocol
  • the transmission of the service is controlled based on the port, it is possible to control some software or tools that use a specific port for service transmission, and the classification control can be performed no matter what server the software is deployed on.
  • the L34 layer information can be obtained only by performing SPI on the data packet, thereby reducing the performance requirement of the gateway and reducing the impact on the performance of the gateway.
  • the server can receive reports from the government or other network regulators that have their tracking confirmations.
  • the blacklist list of the L34 layer information and classification attributes of the illegal website can also be accessed through some custom website analysis algorithms, and the traversal method is used to access the website providing services to the existing network, and the classification attribute analysis is performed based on the access data.
  • the black and white list data can be continuously updated.
  • the control information of the service is determined by the server disposed outside the gateway device, and the gateway device controls the transmission of the service according to the control information, thereby enabling non-browsing including All services, including classes and encrypted service types, are controlled to reduce the impact on the performance of the gateway device due to the configuration of the L34 filter, and to maintain the continuous update of the black and white list data, reducing the workload of network maintenance.
  • the L34 layer may comprise an L3 layer, or an L4 layer, or an L3 layer and an L4 layer.
  • the L3 layer information may include network layer Internet Protocol (IP, Internet Procotol) address information in an Open System Interconnect (OSI) network model
  • the L4 layer information may include a transport layer transmission control protocol in the OSI network model.
  • TCP/UDP User Datagram Protocol
  • the L34 layer information may include information such as an IP address, a port, and the like of a service server that transmits the service.
  • the server can also be called a content filtering server or a third-party server, which is set outside the gateway device and is independent of the gateway device.
  • the gateway device may include a GGSN, a PDSN, and a Wimax Access Service Network (WASN). It should be understood that the gateway device in the embodiment of the present invention may further include a centralized convergence point of the service in other networks and may implement the terminal.
  • the network element that the user accesses the service flow for content analysis and control.
  • the transmission between the user equipment and the service server needs to pass through the gateway device, and the data packet of the same service (for example, the data packet of the service sent by the user equipment and the data packet of the service generated by the service server) includes The information of the L34 layer is the same. Therefore, the sender in the embodiment of the present invention may be a user equipment or a service server.
  • the classification request response message determined by the server according to the L34 layer information may include a classification attribute or a control policy of the service, where the classification attribute may include portal, technology, social, political, pornography, violence, gambling, and the like.
  • Control policies can include normal access, blocking, redirection to reminders pages, and more.
  • portals, technology, social, etc. control strategies can correspond to normal access, etc.; for politics, pornography, violence, gambling, etc., control strategies can correspond to blocking or redirecting to Reminder page, etc.
  • different users may have the same control policy or different control strategies. For example, for a business with pornographic attributes, all user control strategies may be blocked. For a service with a social attribute, if the user customizes the service, the control policy may be passed, and if the user does not customize the service, the control policy may be blocked. Therefore, different users may have different control policies due to different subscription information.
  • the method for controlling the transmission of the service according to the embodiment of the present invention may further determine the classification attribute based on the user's subscription information and the user identifier. Determine the control strategy to achieve different control strategies for different users.
  • the gateway device or server is only based on the service.
  • the classification attribute enables you to determine the control strategy for the business. If different users have different control policies (for example, for a social attribute service, different users may have different control policies due to different subscription information), the gateway device and the server need to transmit the service according to the classification attribute of the service. User ID of the user equipment, and formulate a business control policy for the user.
  • the classification request message sent by the gateway device to the server may include only the L34 layer information of the service, and the classification request response sent by the gateway device received by the gateway device.
  • the message may include a classification attribute of the service, and may also include a control policy of the service.
  • the server can only determine the classification attribute of the service based on the L34 layer information, and the gateway device It is also necessary to further develop a control policy for the user according to the classification attribute and the user identifier of the user equipment transmitting the service. If the classification request message sent by the gateway device to the server includes the L34 layer information of the service and the user identifier of the user equipment that transmits the service, the server may determine the classification attribute of the service based on the L34 layer information, and further determine the classification attribute according to the user identifier. The user formulates a control strategy so that the gateway device can directly control the transmission of the service according to the control policy.
  • the gateway device may further obtain the user identifier of the user equipment that transmits the service according to the data packet.
  • the classification request message sent by the gateway device to the server may include the L34 layer information of the service, and may also include the L34 layer information and the user identifier, and the classification request response message sent by the server received by the gateway device may include the classification attribute of the service. It can also include control strategies for the business.
  • the gateway device may determine a control policy according to the classification attribute, and control transmission of the service according to the control policy. Therefore, the controlling the transmission of the service according to the control information may include: determining a control policy of the service according to the classification attribute of the service included in the control information; and controlling transmission of the service according to the control policy .
  • the gateway device may further determine, according to the L34 layer information and the user identifier, a control policy of the service. Therefore, the controlling the transmission of the service according to the control information may include:
  • the transmission of the service is controlled.
  • the gateway device may control transmission of the service according to the control policy. Therefore, the controlling the transmission of the service according to the control information may include:
  • the transmission of the service is controlled according to the control policy of the service included in the control information.
  • the control policy may be determined by the server according to the L34 layer information included in the classification request message, or may be determined by the server according to the L34 layer information and the user identifier included in the classification request message. Therefore, the controlling the transmission of the service according to the control information may include:
  • the user identifier and the service black and white list may be set in the gateway device or the content filter.
  • the user policy database for the relationship between dynamic rules.
  • the gateway device can send the L34 layer information. Sending to the server, the server determines the classification attribute of the service according to the L34 layer information, and sends the classification attribute to the gateway device, and the gateway device can obtain the user identifier of the user equipment that transmits the service according to the data packet, and based on the user Identifying a query user policy database, determining a control policy that the user equipment should perform for the classification attribute, and controlling (eg, blocking or passing) according to the control policy.
  • the server determines the classification attribute of the service according to the L34 layer information, and sends the classification attribute to the gateway device
  • the gateway device can obtain the user identifier of the user equipment that transmits the service according to the data packet, and based on the user Identifying a query user policy database, determining a control policy that the user equipment should perform for the classification attribute, and controlling (eg, blocking or passing) according to the control policy.
  • the gateway device may send the L34 layer information and the user identifier to the server, and the server first determines the classification attribute of the service according to the L34 layer information, and then queries the user policy database based on the user identifier to determine the user equipment.
  • a control policy (such as blocking or passing) that should be performed for this classification attribute, and then sent to the gateway device for the gateway device to control.
  • the method for controlling the transmission of the service can obtain a dynamic rule of a large number of black and white lists based on the user identification and the user policy subscription information, thereby enabling different control policies to be flexibly formulated for different users.
  • the user identifier may include a mobile subscriber number (MSISDN, Mobile Subscriber Integrated Services Digital Network), an International Mobile Station Equipment Identity (IMSI), and an international mobile station equipment identifier (IMEI, International Mobile Subscriber Identity) and other information.
  • MSISDN Mobile Subscriber Number
  • IMSI International Mobile Station Equipment Identity
  • IMEI international mobile station equipment identifier
  • Figure 2 shows a schematic flow diagram of a method 200 of controlling the transmission of traffic, as described from the server side, in accordance with an embodiment of the present invention. As shown in FIG. 2, the method 200 includes:
  • the receiving gateway device sends a classification request message, where the classification request message includes L34 layer information of the service extracted by the gateway device from the data packet.
  • the gateway device may obtain the L34 layer information of the service according to the data packet, and send a classification request message including the L34 layer information to the server, where the server may determine according to the L34 layer information.
  • the control information of the service is sent to the gateway device, and the classification request response message including the control information is sent, and after receiving the classification request response message sent by the server, the transmission of the service may be controlled according to the control information.
  • all services including the non-browsing type and the encrypted service type may be controlled according to the L34 layer information, for example, the interaction between the gateway device and the server, if based on The Internet Protocol (IP, Internet Procotol) address controls the transmission of the service, and can control all services transmitted through the IP address, including non-browsing and encrypted service types.
  • IP Internet Protocol
  • the transmission of the service is controlled based on the port, it is possible to control some software or tools that use a specific port for service transmission, and the classification control can be performed no matter what server the software is deployed on.
  • the L34 layer information can be obtained only by performing SPI on the data packet, thereby reducing the performance requirement of the gateway and reducing the impact on the performance of the gateway.
  • the server may receive a black and white list of L34 layer information and classification attributes of the illegal website recorded by the government or other network supervision department, and may also adopt a customized website analysis algorithm to adopt the traversal method to the current network.
  • the website that provides the service is accessed, the classification attribute analysis is performed based on the access data, and the classification attribute of the website is finally confirmed.
  • the black and white list data can be continuously updated.
  • the control information of the service is determined by the server disposed outside the gateway device, and the gateway device controls the transmission of the service according to the control information, thereby enabling non-browsing including All services, including classes and encrypted service types, are controlled to reduce the impact on the performance of the gateway device due to the configuration of the L34 filter, and to maintain the continuous update of the black and white list data, reducing the workload of network maintenance.
  • the L34 layer may comprise an L3 layer, or an L4 layer, or an L3 layer and an L4 layer.
  • the L3 layer information may include IP address information of the network layer in the OSI network model
  • the L4 layer information may include TCP/UDP port information in the OSI network model. Therefore, the L34 layer information may include information such as an IP address, a port, and the like of a service server that transmits the service.
  • the gateway device may further obtain, according to the data packet, a user identifier of the user equipment that transmits the service.
  • the classification request message sent by the gateway device to the server may include the L34 layer information of the service, and may also include the L34 layer information and the user identifier, and the classification request response message sent by the server received by the gateway device may include the classification attribute of the service. , can also include the control strategy of the business.
  • the server may determine the classification attribute of the service according to the L34 layer information.
  • the control information of the service according to the L34 layer information including:
  • control information of the service including the classification attribute of the service is determined.
  • the server may further determine a control policy of the service according to the L34 layer information. Therefore, determining the control information of the service according to the information of the L34 layer includes:
  • control information of the service including the control policy of the service is determined.
  • the server may determine the control policy of the service according to the L34 layer information and the user identifier. Therefore, the determining the control information of the service according to the information of the L34 layer includes: determining, according to the L34 layer information, the user identifier that is extracted by the gateway device from the data packet, and determining that the service includes the service The control information of the service that controls the policy.
  • the user identifier and the service black and white list may be set in the gateway device or the content filter.
  • the user policy database for the relationship between dynamic rules.
  • the gateway device may send the L34 layer information to the server, and the server determines the classification attribute of the service according to the L34 layer information, and sends the classification attribute to the gateway device, and the gateway device may The data packet obtains the user identifier of the user equipment that transmits the service, and queries the user policy database based on the user identifier to determine a control policy that the user equipment should perform for the classification attribute, and controls according to the control policy (for example, blocking or passing ).
  • the control policy for example, blocking or passing
  • the gateway device may send the L34 layer information and the user identifier to the server, and the server first determines the classification attribute of the service according to the L34 layer information, and then queries the user policy database based on the user identifier to determine the user equipment.
  • a control policy (such as blocking or passing) that should be performed for this classification attribute, and then sent to the gateway device for the gateway device to control.
  • the method for controlling the transmission of the service can obtain a dynamic rule of a large number of black and white lists based on the user identification and the user policy subscription information, thereby enabling different control policies to be flexibly formulated for different users.
  • the user identifier may include information such as MSISDN, IMSI, IMEI, and the like. It should be understood that the user identifier of the embodiment of the present invention is not limited to the above information, and other cells that can uniquely represent the user identifier are all within the scope of the embodiments of the present invention.
  • FIG. 3 illustrates an interaction diagram of a method of controlling transmission of traffic in accordance with an embodiment of the present invention.
  • the IP address is used as the L34 layer information
  • the GGSN is used as the gateway device.
  • the GGSN receives a data packet sent by the UE or the service server.
  • the GGSN after receiving the data packet of the service, the GGSN can obtain the L34 layer information of the service, for example, an IP address, based on the SPI technology. Therefore, the GGSN only needs to perform shallow layer analysis on the data packet, thereby reducing the gateway device. The requirements, and, can reduce the impact on the performance of the gateway device.
  • the GGSN may also obtain the USER ID according to the data packet.
  • the gateway may allocate a data packet and a USER ID to the UE to uniquely identify the UE when the UE is activated, and the gateway may notify the neighboring network element to use the uplink data packet (the UE sends the message to the service server.
  • the USER ID index of the data packet is used to establish a UE query entry based on the UE IP address, and is used for the USER ID index of the downlink data packet (the data packet sent from the service server to the UE).
  • the uplink data packet is selected by the UE to carry the context information of the service.
  • the packet After the final data packet is sent to the gateway, the packet carries the ID assigned by the gateway to the UE when the UE is activated.
  • the gateway locally saves the ID based on the ID index. Context, thus getting the USER ID.
  • the downlink packet is obtained by the gateway device by using the UE ID address to select the context information that carries the service. It should be understood that the data packet carrying the USER ID and the data packet carrying the L34 layer information may be the same or different, and the present invention is not particularly limited.
  • the GGSN may first determine whether the L34 layer information filtering is required for the service, and specifically, whether the UE that transmits the service needs to be cached in the policy server.
  • the GGSN interacts with an external server.
  • a global or access point name (APN) configuration may be added to the gateway device to determine whether the UE transmitting the service needs to perform filtering based on the L34 layer information, and when the UE is activated, based on The configuration determines whether the L34 layer information filtering needs to be performed on the service. If the content filtering function is enabled, the GGSN interacts with an external server during the service access process. Therefore, the control mode of the service can be determined based on the user subscription information in the initial stage of the control, so that the control can be flexibly performed, and the efficiency of the transmission of the service can be improved.
  • APN access point name
  • the GGSN may send a classification request message to the server, where the classification is requested.
  • the request message may include an IP address, and may also include an IP address and a USER ID.
  • the server may determine the classification request response message according to the classification request message. Specifically, when the classification request message includes an IP address, the server may compare the IP address of the illegal website with the black and white list of the classification attribute, that is, the classification attribute. a database, determining a classification attribute of the service, and determining, according to the classification attribute, a control policy for the service for all UEs in the network, for example, for a portal, a technology, a social, etc., the gateway device or the server may correspond its control policy to Normal access, etc.; for politics, pornography, violence, gambling, etc., the gateway device or server can map its control policy to block or redirect to the reminder page.
  • the server may first determine the classification attribute of the service against the list of the IP address and the classification attribute of the illegal website, and then determine the classification for the classification based on querying the user policy database by using the USER ID.
  • the server may send the classification request response message to the GGSN, where the classification request response message may include a classification attribute of the service, and may also include a control policy of the service.
  • the GGSN may determine a control policy for the service according to the classification request response message. Specifically, when the classification request response message includes the control policy of the service, the GGSN may directly extract the response request message from the classification request message. The control strategy. And, when the classification request response message includes the classification attribute of the service, the GGSN may determine a control policy for the service according to the classification attribute, or may perform a query on the user policy database by using the USER ID to determine that the classification attribute should be executed. Control Strategy.
  • the GGSN controls the transmission of the service between the UE and the service server according to the control policy.
  • the control information of the service is determined by the server disposed outside the gateway device, and the gateway device controls the transmission of the service according to the control information, thereby enabling non-browsing including All services, including classes and encrypted service types, are controlled to reduce the impact on the performance of the gateway device due to the configuration of the L34 filter, and to maintain the continuous update of the black and white list data, reducing the workload of network maintenance.
  • the dynamic rule of the black and white list is obtained based on the user policy subscription information, so that different control policies can be flexibly formulated for different user equipments.
  • FIG 4 shows a schematic block diagram of an apparatus 400 for controlling the transmission of traffic in accordance with an embodiment of the present invention.
  • the apparatus 400 includes:
  • the first receiving unit 410 is configured to receive a data packet sent by the sending end.
  • the sending unit 420 is configured to send, to the server, a classification request message, where the classification request message includes L34 layer information of the service extracted from the data packet;
  • the second receiving unit 430 is configured to receive a classification request response message sent by the server, where the classification request response message includes control information of the service determined by the server according to the L34 layer information, and a control unit 440, configured to: according to the control information, Control the transmission of this service.
  • the device for controlling the transmission of the service determines the control information of the service by the server disposed outside the gateway device, and the gateway device controls the transmission of the service according to the control information, thereby enabling non-browsing All services, including classes and encrypted service types, are controlled to reduce the impact on the performance of the gateway device due to the configuration of the L34 filter, and to maintain the continuous update of the black and white list data, reducing the workload of network maintenance.
  • the classification request response message received by the second receiving unit 430 may include a classification attribute of the service, so as to include a control policy of the service. Therefore, when the classification request response message includes the classification attribute of the service,
  • the control unit 440 is further configured to determine a control policy of the service according to the classification attribute of the service included in the control information;
  • the gateway device may further determine, according to the L34 layer information and the user identifier, a control policy of the service. Therefore,
  • the control unit is further configured to determine a control policy of the service according to the classification attribute of the service included in the control information, and the user identifier extracted from the data text;
  • control policy may be determined by the server according to the L34 layer information included in the classification request message. Therefore,
  • the control unit is further configured to control transmission of the service according to a control policy of the service included in the control information.
  • control policy may be determined by the server according to the L34 layer information and the user identifier included in the classification request message. Therefore, The control unit is further configured to control transmission of the service according to the control policy of the service included in the service control information, where the control policy is that the server includes the data packet according to the L34 layer information and the classification request message. The extracted user ID is determined.
  • the device for controlling the transmission of the service can obtain a dynamic rule of a large number of black and white lists based on the user identifier and the subscription information of the user, so that different control policies can be flexibly formulated for different user devices.
  • the L34 layer information may include information such as an IP address, a port, and the like of the service server that provides the service.
  • the user identity may include information such as MSISDN, IMSI, and IMEI.
  • the apparatus 400 for controlling transmission of a service may correspond to a gateway device (e.g., GGSN) in the method of the embodiment of the present invention, and the units in the apparatus 400 for controlling transmission of the service and the other operations and In order to implement the corresponding process of the method 100 in FIG. 1 , the functions are not described here.
  • GGSN gateway device
  • FIG. 5 shows a schematic block diagram of an apparatus 500 for controlling the transmission of traffic in accordance with an embodiment of the present invention.
  • the apparatus 500 includes:
  • the receiving unit 510 is configured to receive, by the gateway device, a classification request message, where the classification request message includes L34 layer information of the service extracted by the gateway device from the data packet;
  • a determining unit 520 configured to determine control information of the service according to the L34 layer information
  • a sending unit 530 configured to send, to the gateway device, a classification request response message, where the classification request response message includes the control information determined by the determining unit 520 So that the gateway device controls the transmission of the service according to the control information.
  • the device for controlling the transmission of the service determines the control information of the service by the server disposed outside the gateway device, and the gateway device controls the transmission of the service according to the control information, thereby enabling non-browsing All services, including classes and encrypted service types, are controlled to reduce the impact on the performance of the gateway device due to the configuration of the L34 filter, and to maintain the continuous update of the black and white list data, reducing the workload of network maintenance.
  • the server may determine the classification attribute of the service according to the L34 layer information. Therefore,
  • the determining unit 520 is further configured to determine, according to the L34 layer information, control information of the service including a classification attribute of the service.
  • the classification request message sent by the gateway device received by the server includes the service
  • the server may further determine a control policy of the service according to the L34 layer information. Therefore,
  • the determining unit 520 is further configured to determine, according to the L34 layer information, control information of the service including the control policy of the service.
  • the server may determine the control policy of the service according to the L34 layer information and the user identifier. Therefore,
  • the determining unit 520 is further configured to determine, according to the L34 layer information, the classification request message, the user identifier extracted by the gateway device from the data packet, and the control information of the service including the control policy of the service.
  • the device for controlling the transmission of the service can obtain a dynamic rule of a large number of black and white lists based on the user policy subscription information, so that different control policies can be flexibly formulated for different user equipments.
  • the L34 layer information of the service included in the classification request message sent by the receiving device 510 may include information such as an IP address, a port, and the like of the service server that provides the service.
  • the user identifier included in the classification request message sent by the gateway device received by the receiving unit 510 may include information such as MSISDN, IMSI, and IMEI.
  • the apparatus 500 for controlling transmission of a service may correspond to a server in the method of the embodiment of the present invention, and the units in the apparatus 500 for controlling the transmission of the service and the other operations and/or functions described above are respectively
  • the corresponding process of the method 200 in FIG. 2 is implemented, and the details are not described herein.
  • Figure 6 shows a schematic block diagram of a system 600 for controlling the transmission of traffic in accordance with an embodiment of the present invention.
  • the system 600 includes: a device 400 in accordance with an embodiment of the present invention and a device 500 in accordance with an embodiment of the present invention.
  • the device 400 includes: a first receiving unit 410, configured to receive a data packet sent by the sending end, and a sending unit 420, configured to send, to the server, a classification request message, where the classification request message includes the service extracted from the data packet L34 layer information; a second receiving unit 430, configured to receive the service
  • the classification request response message sent by the device, the classification request response message includes control information of the service determined by the server according to the L34 layer information, and the control unit 440 is configured to control the transmission of the service according to the control information.
  • the apparatus 500 includes: a receiving unit 510, configured to receive, by the gateway device, a classification request message, where the classification request message includes L34 layer information of the service extracted by the gateway device from the data packet, and the determining unit 520 is configured to use, according to the L34 layer The information is used to determine the control information of the service.
  • the sending unit 530 is configured to send a classification request response message to the gateway device, where the classification request response message includes the control information determined by the determining unit 520, so that the gateway device can use the control information according to the control information. , control the transmission of the service.
  • the system for controlling the transmission of the service determines the control information of the service by the server disposed outside the gateway device, and the gateway device controls the transmission of the service according to the control information, thereby enabling non-browsing including All services, including classes and encrypted service types, are controlled to reduce the impact on the performance of the gateway device due to the configuration of the L34 filter, and to maintain the continuous update of the black and white list data, reducing the workload of network maintenance.
  • the units in unit 400 and the other operations and/or functions described above are respectively implemented to implement the corresponding flow of method 100 in FIG.
  • the apparatus 500 described above may correspond to a server in the method of the embodiment of the present invention, and the units in the apparatus 500 and the other operations and/or functions described above are respectively implemented to implement the method of FIG.
  • the size of the sequence numbers of the above processes does not mean the order of execution, and the order of execution of each process should be determined by its function and internal logic, and should not be taken by the embodiment of the present invention.
  • the implementation process constitutes any qualification.
  • the disclosed systems, devices, and The method can be implemented in other ways.
  • the device embodiments described above are merely illustrative.
  • the division of the unit is only a logical function division.
  • there may be another division manner for example, multiple units or components may be combined or Can be integrated into another system, or some features can be ignored, or not executed.
  • the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be in an electrical, mechanical or other form.
  • the units described as separate components may or may not be physically separate, and the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solution of the embodiment.
  • each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.
  • the functions, if implemented in the form of software functional units and sold or used as separate products, may be stored in a computer readable storage medium.
  • the technical solution of the present invention which is essential to the prior art or part of the technical solution, may be embodied in the form of a software product stored in a storage medium, including
  • the instructions are used to cause a computer device (which may be a personal computer, server, or network device, etc.) to perform all or part of the steps of the methods described in various embodiments of the present invention.
  • the foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk or an optical disk, and the like, which can store program codes. .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Provided in the embodiments of the present invention are a method, device and system for controlling service transmission. The method comprises: receiving the data message sent by a sending end; sending a classification request message to a server, wherein the classification request message comprises L34 layer information of the service extracted from the data message; receiving a classification response message sent by the server, wherein the classification response message comprises service control information determined by the server on the basis of the L34 layer information; controlling the service transmission according to the control information. Through the server configured external to the gateway device, the control information of the service is determined. According to the control information, the gateway device controls the service transmission. Therefore the control of all service comprising non-browser and encrypted service is able to be implemented, the influence on the gateway device performance caused by the configuration of L34 filter is reduced, the persistent data updating of the black-list and the white-list is maintained, and the workload of network maintenance is reduced.

Description

控制业务的传输的方法、 装置和系统 技术领域  Method, device and system for controlling transmission of a service
本发明涉及通信领域, 尤其涉及控制业务的传输的方法、 装置和系统。 背景技术  The present invention relates to the field of communications, and more particularly to a method, apparatus and system for controlling the transmission of services. Background technique
在包括移动用户设备上网、 客户端应用等上网类业务迅猛发展的同时, 政治、 色情、 暴力、 赌博等违反国家法律的网站和应用也随之增长, 因此对 于净化网络环境的需求也随之提出。  While online services such as mobile user devices and client applications are developing rapidly, websites and applications that violate national laws such as politics, pornography, violence, and gambling have also grown, so the need to clean up the network environment has also been raised. .
网关通用无线分组业务支持节点 (GGSN , Gateway GPRS Support Gateway Universal Wireless Packet Service Support Node (GGSN, Gateway GPRS Support
Node ) /分组数据服务节点 (PDSN , Packet Data Serving Network )等网关 设备作为移动宽带网络接入国际互联网之前的最后一个核心网设备, 能够基 于浅层 文探测 (SPI , Shallow Packet Inspection ) /深度 文解析(DPI , Deep Packet Inspection )技术对业务的数据 文进行探测,获取该业务的 L34 层信息。 因此, 可以在网关设备中配置 L34过滤器, 通过将业务的 L34层信 息与业务黑白名单规则进行匹配, 确定对该业务的处理策略, 对该业务的传 输进行控制, 实现业务的黑白名单功能。 Gateway device such as Node / Packet Data Serving Network (PDSN), as the last core network device before the mobile broadband network accesses the Internet, can be based on shallow SPI (Shallow Packet Inspection) / deep text The DPI (Deep Packet Inspection) technology detects the data of the service and obtains the L34 layer information of the service. Therefore, the L34 filter can be configured on the gateway device to match the L34 layer information of the service with the service blacklist and whitelist rule to determine the processing policy for the service, control the transmission of the service, and implement the black and white list function of the service.
但是, 配置 L34过滤器对于网关设备性能的要求高, 并且, 开启过滤功 能对网关设备的性能会产生很大影响。另夕卜,由于网关设备的系统资源限制, 导致网关设备能够支持的过滤器的规格都很小, 并且需要手工维护黑白名单 列表, 因此, 对于现网这种网站变更及其频繁的场景, 对网络维护人员而言 有很大的工作量, 难以维持黑白名单数据的持续更新。  However, configuring the L34 filter has high performance requirements for the gateway device, and turning on the filtering function has a great impact on the performance of the gateway device. In addition, due to the limitation of the system resources of the gateway device, the specifications of the filters that the gateway device can support are very small, and the black and white list is manually maintained. Therefore, for the website change and its frequent scenes on the live network, Network maintenance personnel have a large workload, and it is difficult to maintain continuous updates of black and white list data.
因此, 需要合适的方案来控制业务的传输, 以减少因配置 L34过滤器而 对网关设备性能造成的影响, 维持黑白名单数据的持续更新, 减少网络维护 的工作量。 发明内容  Therefore, a suitable solution is needed to control the transmission of the service, to reduce the impact on the performance of the gateway device due to the configuration of the L34 filter, to maintain the continuous update of the black and white list data, and to reduce the workload of network maintenance. Summary of the invention
本发明实施例提供一种控制业务的传输的方法和装置, 能够减少对网关 设备性能的影响, 维持黑白名单数据的持续更新。  Embodiments of the present invention provide a method and apparatus for controlling transmission of a service, which can reduce the impact on the performance of the gateway device and maintain continuous updating of the black and white list data.
一方面, 提供了一种控制业务的传输的方法, 该方法包括: 接收发送端 发送的数据报文; 向服务器发送分类请求消息, 该分类请求消息包括从该数 据报文中提取的业务的 L34 层信息; 接收该服务器发送的分类请求应答消 息,该分类请求应答消息包括该服务器根据该 L34层信息确定的该业务的控 制信息; 根据该控制信息, 对该业务的传输进行控制。 In one aspect, a method for controlling transmission of a service is provided, the method comprising: receiving a data message sent by a sender; sending a classification request message to the server, where the classification request message includes the number Receiving the L34 layer information of the service extracted in the message; receiving the classification request response message sent by the server, the classification request response message includes control information of the service determined by the server according to the L34 layer information; according to the control information, The transmission of the business is controlled.
另一方面, 提供了一种控制业务的传输的方法, 该方法包括: 接收网关 设备发送分类请求消息, 该分类请求消息包括该网关设备从数据报文中提取 的业务的 L34层信息; 根据该 L34层信息, 确定该业务的控制信息; 向该网 关设备发送分类请求应答消息, 该分类请求应答消息包括该控制信息, 以便 于该网关设备根据该控制信息, 对该业务的传输进行控制。  In another aspect, a method for controlling transmission of a service is provided, the method comprising: receiving, by a gateway device, a classification request message, where the classification request message includes L34 layer information of a service extracted by the gateway device from the data packet; L34 layer information, determining control information of the service; sending a classification request response message to the gateway device, the classification request response message including the control information, so that the gateway device controls the transmission of the service according to the control information.
再一方面, 提供了一种控制业务的传输的装置, 该装置包括: 第一接收 单元, 用于接收发送端发送的数据报文; 发送单元, 用于向服务器发送分类 请求消息, 该分类请求消息包括从该数据报文中提取的业务的 L34层信息; 第二接收单元, 用于接收该服务器发送的分类请求应答消息, 该分类请求应 答消息包括该服务器根据该 L34 层信息确定的该业务的控制信息; 控制单 元, 用于根据该控制信息, 对该业务的传输进行控制。  In a further aspect, a device for controlling transmission of a service is provided, the device comprising: a first receiving unit, configured to receive a data packet sent by a sending end, and a sending unit, configured to send a classification request message to the server, the classification request The message includes the L34 layer information of the service extracted from the data packet; the second receiving unit is configured to receive the classification request response message sent by the server, where the classification request response message includes the service determined by the server according to the L34 layer information. Control information; a control unit, configured to control transmission of the service according to the control information.
再一方面,提供了一种控制业务的传输的装置,该装置包括:接收单元, 用于接收网关设备发送分类请求消息, 该分类请求消息包括该网关设备从数 据报文中提取的业务的 L34层信息; 确定单元, 用于根据该 L34层信息, 确 定该业务的控制信息;发送单元,用于向该网关设备发送分类请求应答消息, 该分类请求应答消息包括该确定单元确定的该控制信息, 以便于该网关设备 根据该控制信息, 对该业务的传输进行控制。  In a further aspect, an apparatus for controlling transmission of a service is provided, the apparatus comprising: a receiving unit, configured to receive, by a gateway device, a classification request message, where the classification request message includes a service L34 of the service extracted by the gateway device from the data packet a layer information, a determining unit, configured to determine, according to the L34 layer information, control information of the service, and a sending unit, configured to send, to the gateway device, a classification request response message, where the classification request response message includes the control information determined by the determining unit So that the gateway device controls the transmission of the service according to the control information.
再一方面, 提供了一种控制业务的传输的系统, 包括: 网关设备和服务 器。 该网关设备包括: 第一接收单元, 用于接收发送端发送的数据报文; 发 送单元, 用于向服务器发送分类请求消息, 该分类请求消息包括从该数据报 文中提取的业务的 L34层信息; 第二接收单元, 用于接收该服务器发送的分 类请求应答消息,该分类请求应答消息包括该服务器根据该 L34层信息确定 的该业务的控制信息; 控制单元, 用于根据该控制信息, 对该业务的传输进 行控制。 该服务器包括: 接收单元, 用于接收网关设备发送分类请求消息, 该分类请求消息包括该网关设备从数据报文中提取的业务的 L34层信息;确 定单元, 用于根据该 L34层信息, 确定该业务的控制信息; 发送单元, 用于 向该网关设备发送分类请求应答消息, 该分类请求应答消息包括该确定单元 确定的该控制信息, 以便于该网关设备根据该控制信息, 对该业务的传输进 行控制。 In still another aspect, a system for controlling transmission of a service is provided, comprising: a gateway device and a server. The gateway device includes: a first receiving unit, configured to receive a data packet sent by the sending end, and a sending unit, configured to send, to the server, a classification request message, where the classification request message includes a L34 layer of the service extracted from the data packet a second receiving unit, configured to receive a classification request response message sent by the server, where the classification request response message includes control information of the service determined by the server according to the L34 layer information, and a control unit, configured to: according to the control information, Control the transmission of this service. The server includes: a receiving unit, configured to receive, by the gateway device, a classification request message, where the classification request message includes L34 layer information of the service extracted by the gateway device from the data packet, and the determining unit is configured to determine, according to the L34 layer information, And a sending unit, configured to send a classification request response message to the gateway device, where the classification request response message includes the control information determined by the determining unit, so that the gateway device uses the control information according to the control information. Transfer into Line control.
因此, 根据本发明实施例的控制业务的传输的方法和装置, 通过设置在 网关设备外部的服务器确定该业务的控制信息, 网关设备根据该控制信息对 该业务的传输进行控制, 能够实现对包括非浏览类和加密的业务类型在内的 所有业务进行控制, 减少因配置 L34过滤器而对网关设备性能造成的影响, 并能够维持黑白名单数据的持续更新, 减少网络维护的工作量。 附图说明  Therefore, the method and apparatus for controlling the transmission of the service according to the embodiment of the present invention determine the control information of the service by the server disposed outside the gateway device, and the gateway device controls the transmission of the service according to the control information, thereby enabling All services, including non-browsing and encrypted service types, are controlled to reduce the impact on the performance of the gateway device due to the configuration of the L34 filter, and to maintain the continuous update of the black and white list data, reducing the workload of network maintenance. DRAWINGS
为了更清楚地说明本发明实施例的技术方案, 下面将对实施例或现有技 术描述中所需要使用的附图作筒单地介绍, 显而易见地, 下面描述中的附图 仅仅是本发明的一些实施例, 对于本领域普通技术人员来讲, 在不付出创造 性劳动的前提下, 还可以根据这些附图获得其他的附图。  In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings to be used in the embodiments or the description of the prior art will be briefly described below. Obviously, the drawings in the following description are only the present invention. For some embodiments, other drawings may be obtained from those of ordinary skill in the art without departing from the drawings.
图 1是根据本发明实施例的控制业务的传输的方法的示意性流程图。 图 2 是根据本发明另一实施例的控制业务的传输的方法的示意性流程 图。  FIG. 1 is a schematic flowchart of a method of controlling transmission of a service according to an embodiment of the present invention. 2 is a schematic flow chart of a method of controlling transmission of a service according to another embodiment of the present invention.
图 3是根据本发明实施例的控制业务的传输的方法的交互图。  3 is an interaction diagram of a method of controlling transmission of a service in accordance with an embodiment of the present invention.
图 4是根据本发明实施例的控制业务的传输的装置的示意性框图。  4 is a schematic block diagram of an apparatus for controlling transmission of a service according to an embodiment of the present invention.
图 5是根据本发明另一实施例的控制业务的传输的装置的示意性框图。 图 6是根据本发明实施例的控制业务的传输的系统的示意性框图。 具体实施方式  FIG. 5 is a schematic block diagram of an apparatus for controlling transmission of a service according to another embodiment of the present invention. 6 is a schematic block diagram of a system for controlling transmission of traffic according to an embodiment of the present invention. detailed description
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行 清楚、 完整地描述, 显然, 所描述的实施例是本发明一部分实施例, 而不是 全部的实施例。 基于本发明中的实施例, 本领域普通技术人员在没有做出创 造性劳动前提下所获得的所有其他实施例, 都属于本发明保护的范围。  The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is obvious that the described embodiments are a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present invention without making creative labor are within the scope of the present invention.
本发明的技术方案, 可以应用于各种通信系统, 例如: 全球移动通讯 ( GSM , Global System of Mobile communication )系统、码分多址( CDMA , Code Division Multiple Access ) 系统、 宽带码分多址(WCDMA , Wideband Code Division Multiple Access ) 系统、 通用分组无线业务 ( GPRS , General Packet Radio Service ), 长期演进(LTE , Long Term Evolution ) 系统、 LTE 频分双工(FDD , Frequency Division Duplex )系统、 LTE时分双工( TDD , Time Division Duplex ) , 通用移动通信系统 ( UMTS , Universal Mobile Telecommunication System )等。 The technical solution of the present invention can be applied to various communication systems, for example, a Global System of Mobile Communication (GSM) system, a Code Division Multiple Access (CDMA) system, and a Wideband Code Division Multiple Access ( WCDMA, Wideband Code Division Multiple Access) system, General Packet Radio Service (GPRS), Long Term Evolution (LTE, Long Term Evolution) system, LTE Frequency Division Duplex (FDD) system, LTE time division Duplex (TDD, Time Division Duplex), Universal Mobile Telecommunications System (UMTS, Universal Mobile Telecommunication System), etc.
用户,也可称之为用户设备 ( UE , User Equipment )、移动终端( Mobile Terminal ), 移动用户设备等, 可以经无线接入网(例如 RAN , Radio Access Network ) 与一个或多个核心网进行通信, 用户设备可以是移动终端, 如移 动电话(或称为"蜂窝"电话)和具有移动终端的计算机, 例如, 可以是便携 式、 袖珍式、 手持式、 计算机内置的或者车载的移动装置, 它们与无线接入 网交换语言和 /或数据。  Users, also referred to as user equipment (UE, User Equipment), mobile terminal (Mobile Terminal), mobile user equipment, etc., may be performed by a radio access network (eg, RAN, Radio Access Network) and one or more core networks. Communication, the user equipment may be a mobile terminal, such as a mobile phone (or "cellular" phone) and a computer with a mobile terminal, for example, a mobile device that can be portable, pocket, handheld, computer built, or in-vehicle, Exchange language and/or data with the wireless access network.
图 1示出了从网关设备侧的角度描述的,根据本发明实施例的控制业务 的传输的方法 100的示意性流程图。 如图 1所示, 该方法 100包括:  1 shows a schematic flow chart of a method 100 of controlling transmission of traffic, in accordance with an embodiment of the present invention, as viewed from the perspective of a gateway device side. As shown in FIG. 1, the method 100 includes:
S110, 接收发送端发送的数据报文;  S110. Receive a data packet sent by the sending end.
S120, 向服务器发送分类请求消息, 该分类请求消息包括从该数据报文 中提取的业务的 L34层信息;  S120. Send a classification request message to the server, where the classification request message includes L34 layer information of the service extracted from the data packet.
S130, 接收该服务器发送的分类请求应答消息, 该分类请求应答消息包 括该服务器根据该 L34层信息确定的该业务的控制信息;  S130. Receive a classification request response message sent by the server, where the classification request response message includes control information of the service determined by the server according to the L34 layer information.
S140, 根据该控制信息, 对该业务的传输进行控制。  S140. Control, according to the control information, transmission of the service.
网关设备在接收到发送端发送的数据报文后, 可以根据该数据报文, 获 取业务的 L34层信息, 并向服务器发送包括该 L34层信息的分类请求消息, 服务器可以根据该 L34层信息确定该业务的控制信息,并向该网关设备发送 包括该控制信息的分类请求应答消息,在接收该服务器发送的分类请求应答 消息后, 可以根据该控制信息, 对该业务的传输进行控制。  After receiving the data packet sent by the sending end, the gateway device may obtain the L34 layer information of the service according to the data packet, and send a classification request message including the L34 layer information to the server, where the server may determine according to the L34 layer information. The control information of the service is sent to the gateway device, and the classification request response message including the control information is sent, and after receiving the classification request response message sent by the server, the transmission of the service may be controlled according to the control information.
根据本发明实施例的控制业务的传输的方法, 可以根据 L34层信息, 对 包括非浏览类和加密的业务类型在内的所有业务进行控制, 例如, 通过网关 设备与服务器的交互, 如果是基于网际协议(IP , Internet Procotol )地址对 该业务的传输进行控制的话, 可以达到对包括非浏览类和加密的业务类型在 内的所有通过该 IP地址传输的业务进行控制的目的。 如果是基于端口对该 业务的传输进行控制的话, 可以实现对某些使用特定端口进行业务传输的软 件或工具进行控制, 无论该软件部署在什么服务器, 都可以进行分类控制。  According to the method for controlling the transmission of the service according to the embodiment of the present invention, all services including the non-browsing type and the encrypted service type may be controlled according to the L34 layer information, for example, the interaction between the gateway device and the server, if based on The Internet Protocol (IP, Internet Procotol) address controls the transmission of the service, and can control all services transmitted through the IP address, including non-browsing and encrypted service types. If the transmission of the service is controlled based on the port, it is possible to control some software or tools that use a specific port for service transmission, and the classification control can be performed no matter what server the software is deployed on.
同时, 对网关性能而言, 由于只需要对数据报文进行 SPI便能够获取 L34层信息, 因此降低了对网关的性能的要求, 减少了对网关性能的影响。  At the same time, for the performance of the gateway, the L34 layer information can be obtained only by performing SPI on the data packet, thereby reducing the performance requirement of the gateway and reducing the impact on the performance of the gateway.
服务器可以接收政府或其他网络监管部门发送的记载有其跟踪确认的 非法网站的 L34层信息和分类属性的黑白名单列表,还可以通过一些自定义 的网站分析算法, 采取遍历的方式对现网中对外提供服务的网站进行访问, 基于访问数据进行分类属性分析, 最终确认该网站的分类属性, 通过将这些 L34层信息与分类属性导入黑白名单数据库, 能够维持黑白名单数据的持续 更新。 The server can receive reports from the government or other network regulators that have their tracking confirmations. The blacklist list of the L34 layer information and classification attributes of the illegal website can also be accessed through some custom website analysis algorithms, and the traversal method is used to access the website providing services to the existing network, and the classification attribute analysis is performed based on the access data. By confirming the classification attribute of the website, by importing these L34 layer information and classification attributes into the black and white list database, the black and white list data can be continuously updated.
因此, 根据本发明实施例的控制业务的传输的方法, 通过设置在网关设 备外部的服务器确定该业务的控制信息, 网关设备根据该控制信息对该业务 的传输进行控制, 能够实现对包括非浏览类和加密的业务类型在内的所有业 务进行控制, 减少因配置 L34过滤器而对网关设备性能造成的影响, 并能够 维持黑白名单数据的持续更新, 减少网络维护的工作量。  Therefore, according to the method for controlling the transmission of the service according to the embodiment of the present invention, the control information of the service is determined by the server disposed outside the gateway device, and the gateway device controls the transmission of the service according to the control information, thereby enabling non-browsing including All services, including classes and encrypted service types, are controlled to reduce the impact on the performance of the gateway device due to the configuration of the L34 filter, and to maintain the continuous update of the black and white list data, reducing the workload of network maintenance.
在本发明实施例中, L34层可以包括 L3层, 或 L4层, 或 L3层和 L4 层。 L3层信息可以包括开放式系统互联(OSI , Open System Interconnect ) 网络模型中的网络层的网际协议( IP , Internet Procotol )地址信息, L4层 信息可以包括 OSI 网络模型中的传输层的传输控制协议 /用户数据报协议 ( TCP/UDP , Transfer Control Protocol/ User Datagram Protocol )端口信息。 因此, L34层信息可以包括传输该业务的业务服务器的 IP地址、端口等信息。  In an embodiment of the invention, the L34 layer may comprise an L3 layer, or an L4 layer, or an L3 layer and an L4 layer. The L3 layer information may include network layer Internet Protocol (IP, Internet Procotol) address information in an Open System Interconnect (OSI) network model, and the L4 layer information may include a transport layer transmission control protocol in the OSI network model. / User Datagram Protocol (TCP/UDP, Transfer Control Protocol/ User Datagram Protocol) port information. Therefore, the L34 layer information may include information such as an IP address, a port, and the like of a service server that transmits the service.
服务器也可以称为内容过滤服务器、 第三方服务器, 设置在网关设备外 部, 与网关设备相独立。  The server can also be called a content filtering server or a third-party server, which is set outside the gateway device and is independent of the gateway device.
网关设备可以包括 GGSN、 PDSN和 Wimax接入服务网络 ( WASN , Wimax Access Service Network )等, 应理解, 本发明实施例的网关设备还可 以包括其他网络中能够实现业务集中会聚点以及可以实现对终端用户访问 的业务流进行内容解析和控制的网元。  The gateway device may include a GGSN, a PDSN, and a Wimax Access Service Network (WASN). It should be understood that the gateway device in the embodiment of the present invention may further include a centralized convergence point of the service in other networks and may implement the terminal. The network element that the user accesses the service flow for content analysis and control.
业务在用户设备和业务服务器之间的传输需要经过网关设备, 并且, 同 一业务的数据报文(例如, 用户设备发送的该业务的数据报文和业务服务器 发生的该业务的数据报文)包括的 L34层信息相同, 因此, 本发明实施例中 的发送端可以是用户设备, 也可以是业务服务器。  The transmission between the user equipment and the service server needs to pass through the gateway device, and the data packet of the same service (for example, the data packet of the service sent by the user equipment and the data packet of the service generated by the service server) includes The information of the L34 layer is the same. Therefore, the sender in the embodiment of the present invention may be a user equipment or a service server.
在本发明实施例中,服务器根据 L34层信息确定的分类请求应答消息可 以包括业务的分类属性或控制策略, 其中分类属性可以包括门户、 科技、 社 交、 政治、 色情、 暴力、 赌博等。 控制策略可以包括正常访问、 阻塞、 重定 向到提醒页面等。 对于门户、 科技、 社交等, 控制策略可以对应为正常访问 等; 对于政治、 色情、 暴力、 赌博等, 控制策略可以对应为阻塞或重定向到 提醒页面等。 应理解, 本发明实施例中的上述分类属性及控制策略的名称以 及其筒要描述只是为了读者更好地理解本发明实施例, 本发明并不限于此, 并且, 上述分类属性及控制策略的具体含义, 应结合本发明实施例中描述的 具体操作进行理解。 In the embodiment of the present invention, the classification request response message determined by the server according to the L34 layer information may include a classification attribute or a control policy of the service, where the classification attribute may include portal, technology, social, political, pornography, violence, gambling, and the like. Control policies can include normal access, blocking, redirection to reminders pages, and more. For portals, technology, social, etc., control strategies can correspond to normal access, etc.; for politics, pornography, violence, gambling, etc., control strategies can correspond to blocking or redirecting to Reminder page, etc. It should be understood that the above-mentioned classification attribute and the name of the control policy in the embodiment of the present invention and the description thereof are only for the reader to better understand the embodiment of the present invention, and the present invention is not limited thereto, and the above classification attribute and control strategy are The specific meanings should be understood in conjunction with the specific operations described in the embodiments of the present invention.
对于某一分类属性, 不同的用户可以有相同的控制策略, 也可以有不同 的控制策略, 例如, 对于色情属性的业务, 所有用户的控制策略可以均为阻 塞。 对于社交属性的业务, 如果用户定制了该业务的话, 控制策略可以为通 过, 如果用户未定制该业务的话, 控制策略可以为阻塞。 因此, 不同的用户 可能因签约信息的不同而有不同的控制策略,根据本发明实施例的控制业务 的传输的方法, 还可以在确定分类属性的基础上, 进一步根据用户的签约信 息以及用户标识确定控制策略, 以实现对不同的用户灵活制定不同的控制策 略。  For a certain classification attribute, different users may have the same control policy or different control strategies. For example, for a business with pornographic attributes, all user control strategies may be blocked. For a service with a social attribute, if the user customizes the service, the control policy may be passed, and if the user does not customize the service, the control policy may be blocked. Therefore, different users may have different control policies due to different subscription information. The method for controlling the transmission of the service according to the embodiment of the present invention may further determine the classification attribute based on the user's subscription information and the user identifier. Determine the control strategy to achieve different control strategies for different users.
在本实施例中, 针对某一分类属性, 如果网内所有用户的控制策略均相 同 (例如, 对于色情属性的业务, 所有用户的控制策略均为阻塞), 则网关 设备或服务器仅根据业务的分类属性, 便能够确定该业务的控制策略。 如果 对不同用户有不同的控制策略(例如, 对于社交属性的业务, 不同的用户可 能因签约信息的不同而有不同的控制策略), 则网关设备和服务器需要根据 业务的分类属性以及传输该业务的用户设备的用户标识, 为该用户制定业务 控制策略。  In this embodiment, for a certain classification attribute, if all users in the network have the same control policy (for example, for a service with pornographic attributes, all users' control policies are blocked), then the gateway device or server is only based on the service. The classification attribute enables you to determine the control strategy for the business. If different users have different control policies (for example, for a social attribute service, different users may have different control policies due to different subscription information), the gateway device and the server need to transmit the service according to the classification attribute of the service. User ID of the user equipment, and formulate a business control policy for the user.
具体地说, 在网内所有用户的控制策略均相同的情况下, 网关设备向服 务器发送的分类请求消息可以仅包括该业务的 L34层信息,并且网关设备接 收到的该服务器发送的分类请求应答消息可以包括该业务的分类属性,也可 以包括该业务的控制策略。  Specifically, if the control policies of all the users in the network are the same, the classification request message sent by the gateway device to the server may include only the L34 layer information of the service, and the classification request response sent by the gateway device received by the gateway device. The message may include a classification attribute of the service, and may also include a control policy of the service.
在对不同用户有不同的控制策略的情况下,如果网关设备向服务器发送 的分类请求消息仅包括业务的 L34层信息,则服务器仅能够基于该 L34层信 息, 确定该业务的分类属性, 网关设备还需要进一步根据该分类属性以及传 输该业务的用户设备的用户标识, 为该用户制定控制策略。 如果网关设备向 服务器发送的分类请求消息包括业务的 L34层信息和传输该业务的用户设 备的用户标识, 则服务器可以基于该 L34层信息, 确定该业务的分类属性, 并进一步根据用户标识为该用户制定控制策略,从而使网关设备能够直接根 据该控制策略对业务的传输进行控制。以下,省略对相同或相似情况的说明。 因此, 可选地, 在本发明实施例中, 网关设备还可以根据数据报文, 获 取传输该业务的用户设备的用户标识。 网关设备向服务器发送的分类请求消 息可以包括该业务的 L34层信息,也可以包括 L34层信息和用户标识,并且, 网关设备接收到的服务器发送的分类请求应答消息可以包括该业务的分类 属性, 也可以包括该业务的控制策略。 If there are different control policies for different users, if the classification request message sent by the gateway device to the server includes only the L34 layer information of the service, the server can only determine the classification attribute of the service based on the L34 layer information, and the gateway device It is also necessary to further develop a control policy for the user according to the classification attribute and the user identifier of the user equipment transmitting the service. If the classification request message sent by the gateway device to the server includes the L34 layer information of the service and the user identifier of the user equipment that transmits the service, the server may determine the classification attribute of the service based on the L34 layer information, and further determine the classification attribute according to the user identifier. The user formulates a control strategy so that the gateway device can directly control the transmission of the service according to the control policy. Hereinafter, the description of the same or similar cases will be omitted. Therefore, in the embodiment of the present invention, the gateway device may further obtain the user identifier of the user equipment that transmits the service according to the data packet. The classification request message sent by the gateway device to the server may include the L34 layer information of the service, and may also include the L34 layer information and the user identifier, and the classification request response message sent by the server received by the gateway device may include the classification attribute of the service. It can also include control strategies for the business.
具体地说, 当该分类请求应答消息包括该业务的分类属性时, 网关设备 可以根据该分类属性, 确定控制策略, 并根据该控制策略对该业务的传输进 行控制。 因此, 该根据该控制信息, 对该业务的传输进行控制, 可以包括: 根据该控制信息包括的该业务的分类属性, 确定该业务的控制策略; 根据该控制策略, 对该业务的传输进行控制。  Specifically, when the classification request response message includes the classification attribute of the service, the gateway device may determine a control policy according to the classification attribute, and control transmission of the service according to the control policy. Therefore, the controlling the transmission of the service according to the control information may include: determining a control policy of the service according to the classification attribute of the service included in the control information; and controlling transmission of the service according to the control policy .
可选地, 在本发明实施例中, 网关设备还可以进一步根据该 L34层信息 和用户标识, 确定该业务的控制策略。 因此, 该根据该控制信息, 对该业务 的传输进行控制, 可以包括:  Optionally, in the embodiment of the present invention, the gateway device may further determine, according to the L34 layer information and the user identifier, a control policy of the service. Therefore, the controlling the transmission of the service according to the control information may include:
根据该控制信息包括的该业务的分类属性, 和从该数据报文中提取的用 户标识, 确定该业务的控制策略;  Determining a control policy of the service according to the classification attribute of the service included in the control information, and the user identifier extracted from the data packet;
根据该控制策略, 对该业务的传输进行控制。  According to the control strategy, the transmission of the service is controlled.
当该分类请求应答消息包括该业务的控制策略时, 网关设备可以根据该 控制策略对该业务的传输进行控制。 因此, 该根据该控制信息, 对该业务的 传输进行控制, 可以包括:  When the classification request response message includes a control policy of the service, the gateway device may control transmission of the service according to the control policy. Therefore, the controlling the transmission of the service according to the control information may include:
根据该控制信息包括的该业务的控制策略, 对该业务的传输进行控制。 在本发明实施例中,该控制策略可以是服务器根据该分类请求消息包括 的 L34层信息确定的,也可以是服务器根据该分类请求消息包括的 L34层信 息和用户标识确定的。 因此,该根据该控制信息,对该业务的传输进行控制, 可以包括:  The transmission of the service is controlled according to the control policy of the service included in the control information. In the embodiment of the present invention, the control policy may be determined by the server according to the L34 layer information included in the classification request message, or may be determined by the server according to the L34 layer information and the user identifier included in the classification request message. Therefore, the controlling the transmission of the service according to the control information may include:
根据该业务控制信息包括的该业务的控制策略,对该业务的传输进行控 制,该控制策略是该服务器根据该 L34层信息和该分类请求消息包括的从该 数据报文中提取的用户标识确定的。  Controlling the transmission of the service according to the control policy of the service included in the service control information, where the control policy is determined by the server according to the L34 layer information and the user identifier extracted from the data packet included in the classification request message. of.
具体地说, 在本发明实施例中, 在需要根据传输该业务的用户的签约信 息确定对该业务的控制策略的情况下, 可以在网关设备或内容过滤器中设置 包括用户标识与业务黑白名单的动态规则之间关系的用户策略数据库。  Specifically, in the embodiment of the present invention, if the control policy for the service needs to be determined according to the subscription information of the user transmitting the service, the user identifier and the service black and white list may be set in the gateway device or the content filter. The user policy database for the relationship between dynamic rules.
当用户策略数据库设置在网关设备中时,网关设备可以将 L34层信息发 送给服务器, 服务器根据该 L34层信息确定该业务的分类属性, 并将该分类 属性下发给网关设备, 网关设备可以根据数据报文获取传输该业务的用户设 备的用户标识, 并基于该用户标识查询用户策略数据库, 确定该用户设备对 于该分类属性应该执行的控制策略, 根据该控制策略进行控制 (例如, 阻塞 或通过)。 When the user policy database is set in the gateway device, the gateway device can send the L34 layer information. Sending to the server, the server determines the classification attribute of the service according to the L34 layer information, and sends the classification attribute to the gateway device, and the gateway device can obtain the user identifier of the user equipment that transmits the service according to the data packet, and based on the user Identifying a query user policy database, determining a control policy that the user equipment should perform for the classification attribute, and controlling (eg, blocking or passing) according to the control policy.
当用户策略数据库设置在服务器中时,网关设备可以将 L34层信息和用 户标识发送给服务器, 服务器首先根据该 L34层信息确定业务的分类属性, 然后基于用户标识查询用户策略数据库,确定该用户设备对于此分类属性应 该执行的控制策略(比如阻塞或通过 ), 然后将该控制策略下发到网关设备, 以使网关设备进行控制。  When the user policy database is set in the server, the gateway device may send the L34 layer information and the user identifier to the server, and the server first determines the classification attribute of the service according to the L34 layer information, and then queries the user policy database based on the user identifier to determine the user equipment. A control policy (such as blocking or passing) that should be performed for this classification attribute, and then sent to the gateway device for the gateway device to control.
因此,根据本发明实施例的控制业务的传输的方法,能够根据用户标识, 基于用户策略签约信息, 获取大量黑白名单的动态规则, 从而能够实现对不 同的用户灵活制定不同的控制策略。  Therefore, the method for controlling the transmission of the service according to the embodiment of the present invention can obtain a dynamic rule of a large number of black and white lists based on the user identification and the user policy subscription information, thereby enabling different control policies to be flexibly formulated for different users.
在本发明实施例中, 用户标识 (USER ID ) 可以包括移动用户手机号 ( MSISDN , Mobile Subscriber Integrated Services Digital Network ), 国际移 动用户标识 ( IMSI , International Mobile Station Equipment Identity )和国际 移动台设备标识 ( IMEI , International Mobile Subscriber Identity )等信息。 应理解, 本发明实施例的用户标识并不限于以上信息, 其他能够唯一体现用 户标识的信元均落入本发明实施例的范围内。  In the embodiment of the present invention, the user identifier (USER ID) may include a mobile subscriber number (MSISDN, Mobile Subscriber Integrated Services Digital Network), an International Mobile Station Equipment Identity (IMSI), and an international mobile station equipment identifier ( IMEI, International Mobile Subscriber Identity) and other information. It should be understood that the user identifier of the embodiment of the present invention is not limited to the above information, and other cells that can uniquely reflect the user identifier are all within the scope of the embodiments of the present invention.
图 2示出了从服务器侧描述的,根据本发明实施例的控制业务的传输的 方法 200的示意性流程图。 如图 2所示, 该方法 200包括:  Figure 2 shows a schematic flow diagram of a method 200 of controlling the transmission of traffic, as described from the server side, in accordance with an embodiment of the present invention. As shown in FIG. 2, the method 200 includes:
S210, 接收网关设备发送分类请求消息, 该分类请求消息包括该网关设 备从数据报文中提取的业务的 L34层信息;  S210. The receiving gateway device sends a classification request message, where the classification request message includes L34 layer information of the service extracted by the gateway device from the data packet.
S220, ^据该 L34层信息, 确定该业务的控制信息;  S220, according to the L34 layer information, determining control information of the service;
S230, 向该网关设备发送分类请求应答消息, 该分类请求应答消息包括 该控制信息,以便于该网关设备根据该控制信息,对该业务的传输进行控制。  S230. Send a classification request response message to the gateway device, where the classification request response message includes the control information, so that the gateway device controls the transmission of the service according to the control information.
网关设备在接收到发送端发送的数据报文后, 可以根据该数据报文, 获 取业务的 L34层信息, 并向服务器发送包括该 L34层信息的分类请求消息, 服务器可以根据该 L34层信息确定该业务的控制信息,并向该网关设备发送 包括该控制信息的分类请求应答消息,在接收该服务器发送的分类请求应答 消息后, 可以根据该控制信息, 对该业务的传输进行控制。 根据本发明实施例的控制业务的传输的方法, 可以根据 L34层信息, 对 包括非浏览类和加密的业务类型在内的所有业务进行控制, 例如, 通过网关 设备与服务器的交互, 如果是基于网际协议(IP , Internet Procotol )地址对 该业务的传输进行控制的话, 可以达到对包括非浏览类和加密的业务类型在 内的所有通过该 IP地址传输的业务进行控制的目的。 如果是基于端口对该 业务的传输进行控制的话, 可以实现对某些使用特定端口进行业务传输的软 件或工具进行控制, 无论该软件部署在什么服务器, 都可以进行分类控制。 After receiving the data packet sent by the sending end, the gateway device may obtain the L34 layer information of the service according to the data packet, and send a classification request message including the L34 layer information to the server, where the server may determine according to the L34 layer information. The control information of the service is sent to the gateway device, and the classification request response message including the control information is sent, and after receiving the classification request response message sent by the server, the transmission of the service may be controlled according to the control information. According to the method for controlling the transmission of the service according to the embodiment of the present invention, all services including the non-browsing type and the encrypted service type may be controlled according to the L34 layer information, for example, the interaction between the gateway device and the server, if based on The Internet Protocol (IP, Internet Procotol) address controls the transmission of the service, and can control all services transmitted through the IP address, including non-browsing and encrypted service types. If the transmission of the service is controlled based on the port, it is possible to control some software or tools that use a specific port for service transmission, and the classification control can be performed no matter what server the software is deployed on.
同时, 对网关性能而言, 由于只需要对数据报文进行 SPI便能够获取 L34层信息, 因此降低了对网关的性能的要求, 减少了对网关性能的影响。  At the same time, for the performance of the gateway, the L34 layer information can be obtained only by performing SPI on the data packet, thereby reducing the performance requirement of the gateway and reducing the impact on the performance of the gateway.
服务器可以接收政府或其他网络监管部门发送的记载有其跟踪确认的 非法网站的 L34层信息和分类属性的黑白名单列表,还可以通过一些自定义 的网站分析算法, 采取遍历的方式对现网中对外提供服务的网站进行访问, 基于访问数据进行分类属性分析, 最终确认该网站的分类属性, 通过将这些 L34层信息与分类属性导入黑白名单数据库, 能够维持黑白名单数据的持续 更新。  The server may receive a black and white list of L34 layer information and classification attributes of the illegal website recorded by the government or other network supervision department, and may also adopt a customized website analysis algorithm to adopt the traversal method to the current network. The website that provides the service is accessed, the classification attribute analysis is performed based on the access data, and the classification attribute of the website is finally confirmed. By importing the L34 layer information and the classification attribute into the black and white list database, the black and white list data can be continuously updated.
因此, 根据本发明实施例的控制业务的传输的方法, 通过设置在网关设 备外部的服务器确定该业务的控制信息, 网关设备根据该控制信息对该业务 的传输进行控制, 能够实现对包括非浏览类和加密的业务类型在内的所有业 务进行控制, 减少因配置 L34过滤器而对网关设备性能造成的影响, 并能够 维持黑白名单数据的持续更新, 减少网络维护的工作量。  Therefore, according to the method for controlling the transmission of the service according to the embodiment of the present invention, the control information of the service is determined by the server disposed outside the gateway device, and the gateway device controls the transmission of the service according to the control information, thereby enabling non-browsing including All services, including classes and encrypted service types, are controlled to reduce the impact on the performance of the gateway device due to the configuration of the L34 filter, and to maintain the continuous update of the black and white list data, reducing the workload of network maintenance.
在本发明实施例中, L34层可以包括 L3层, 或 L4层, 或 L3层和 L4 层。 L3层信息可以包括 OSI 网络模型中的网络层的 IP地址信息, L4层信 息可以包括 OSI网络模型中的 TCP/UDP端口信息。 因此, L34层信息可以 包括传输该业务的业务服务器的 IP地址、 端口等信息。  In an embodiment of the invention, the L34 layer may comprise an L3 layer, or an L4 layer, or an L3 layer and an L4 layer. The L3 layer information may include IP address information of the network layer in the OSI network model, and the L4 layer information may include TCP/UDP port information in the OSI network model. Therefore, the L34 layer information may include information such as an IP address, a port, and the like of a service server that transmits the service.
可选地, 在本发明实施例中, 网关设备还可以根据数据报文, 获取传输 该业务的用户设备的用户标识。 网关设备向服务器发送的分类请求消息可以 包括该业务的 L34层信息, 也可以包括该 L34层信息和用户标识, 并且, 网 关设备接收到的服务器发送的分类请求应答消息可以包括该业务的分类属 性, 也可以包括该业务的控制策略。  Optionally, in the embodiment of the present invention, the gateway device may further obtain, according to the data packet, a user identifier of the user equipment that transmits the service. The classification request message sent by the gateway device to the server may include the L34 layer information of the service, and may also include the L34 layer information and the user identifier, and the classification request response message sent by the server received by the gateway device may include the classification attribute of the service. , can also include the control strategy of the business.
具体地说, 当服务器接收到的网关设备发送的分类请求消息包括该业务 的 L34层信息时,服务器可以根据该 L34层信息确定该业务的分类属性。 因 此, 该根据该 L34层信息, 确定该业务的控制信息, 包括: Specifically, when the classification request message sent by the gateway device received by the server includes the L34 layer information of the service, the server may determine the classification attribute of the service according to the L34 layer information. Cause Therefore, determining the control information of the service according to the L34 layer information, including:
根据该 L34层信息, 确定包括该业务的分类属性的该业务的控制信息。 并且, 当服务器接收到的网关设备发送的分类请求消息包括该业务的 L34层信息时, 服务器还可以根据该 L34层信息确定该业务的控制策略。 因 此, 该根据该 L34层信息, 确定该业务的控制信息, 包括:  Based on the L34 layer information, control information of the service including the classification attribute of the service is determined. Moreover, when the classification request message sent by the gateway device received by the server includes the L34 layer information of the service, the server may further determine a control policy of the service according to the L34 layer information. Therefore, determining the control information of the service according to the information of the L34 layer includes:
根据该 L34层信息, 确定包括该业务的控制策略的该业务的控制信息。 当服务器接收到的网关设备发送的分类请求消息包括该业务的 L34层 信息和用户标识时,服务器可以根据该 L34层信息和用户标识确定该业务的 控制策略。 因此, 该根据该 L34层信息, 确定该业务的控制信息, 包括: 根据该 L34层信息,和该分类请求消息包括的该网关设备从该数据报文 中提取的用户标识, 确定包括该业务的控制策略的该业务的控制信息。  Based on the L34 layer information, control information of the service including the control policy of the service is determined. When the classification request message sent by the gateway device includes the L34 layer information and the user identifier of the service, the server may determine the control policy of the service according to the L34 layer information and the user identifier. Therefore, the determining the control information of the service according to the information of the L34 layer includes: determining, according to the L34 layer information, the user identifier that is extracted by the gateway device from the data packet, and determining that the service includes the service The control information of the service that controls the policy.
具体地说, 在本发明实施例中, 在需要根据传输该业务的用户的签约信 息确定对该业务的控制策略的情况下, 可以在网关设备或内容过滤器中设置 包括用户标识与业务黑白名单的动态规则之间关系的用户策略数据库。  Specifically, in the embodiment of the present invention, if the control policy for the service needs to be determined according to the subscription information of the user transmitting the service, the user identifier and the service black and white list may be set in the gateway device or the content filter. The user policy database for the relationship between dynamic rules.
当用户策略数据库设置在网关设备中时,网关设备可以将 L34层信息发 送给服务器, 服务器根据该 L34层信息确定该业务的分类属性, 并将该分类 属性下发给网关设备, 网关设备可以根据数据报文获取传输该业务的用户设 备的用户标识, 并基于该用户标识查询用户策略数据库, 确定该用户设备对 于该分类属性应该执行的控制策略, 根据该控制策略进行控制 (例如, 阻塞 或通过)。  When the user policy database is set in the gateway device, the gateway device may send the L34 layer information to the server, and the server determines the classification attribute of the service according to the L34 layer information, and sends the classification attribute to the gateway device, and the gateway device may The data packet obtains the user identifier of the user equipment that transmits the service, and queries the user policy database based on the user identifier to determine a control policy that the user equipment should perform for the classification attribute, and controls according to the control policy (for example, blocking or passing ).
当用户策略数据库设置在服务器中时,网关设备可以将 L34层信息和用 户标识发送给服务器, 服务器首先根据该 L34层信息确定业务的分类属性, 然后基于用户标识查询用户策略数据库,确定该用户设备对于此分类属性应 该执行的控制策略(比如阻塞或通过 ), 然后将该控制策略下发到网关设备, 以使网关设备进行控制。  When the user policy database is set in the server, the gateway device may send the L34 layer information and the user identifier to the server, and the server first determines the classification attribute of the service according to the L34 layer information, and then queries the user policy database based on the user identifier to determine the user equipment. A control policy (such as blocking or passing) that should be performed for this classification attribute, and then sent to the gateway device for the gateway device to control.
因此,根据本发明实施例的控制业务的传输的方法,能够根据用户标识, 基于用户策略签约信息, 获取大量黑白名单的动态规则, 从而能够实现对不 同的用户灵活制定不同的控制策略。  Therefore, the method for controlling the transmission of the service according to the embodiment of the present invention can obtain a dynamic rule of a large number of black and white lists based on the user identification and the user policy subscription information, thereby enabling different control policies to be flexibly formulated for different users.
在本发明实施例中,用户标识可以包括 MSISDN、 IMSI 、 IMEI等信息。 应理解, 本发明实施例的用户标识并不限于以上信息, 其他能够唯一体现用 户标识的信元均落入本发明实施例的范围内。 图 3示出了根据本发明实施例的控制业务的传输的方法的交互图。以下, 以 IP地址作为 L34层信息、 以 GGSN作为网关设备进行说明。 如图 3示, 在 S301中, GGSN接收 UE或业务服务器发送的数据报文。 In the embodiment of the present invention, the user identifier may include information such as MSISDN, IMSI, IMEI, and the like. It should be understood that the user identifier of the embodiment of the present invention is not limited to the above information, and other cells that can uniquely represent the user identifier are all within the scope of the embodiments of the present invention. FIG. 3 illustrates an interaction diagram of a method of controlling transmission of traffic in accordance with an embodiment of the present invention. Hereinafter, the IP address is used as the L34 layer information, and the GGSN is used as the gateway device. As shown in FIG. 3, in S301, the GGSN receives a data packet sent by the UE or the service server.
在 S302中, GGSN在接收到业务的数据报文后, 可以基于 SPI技术获 取该业务的 L34层信息, 例如 IP地址, 因此 GGSN仅需对数据报文进行浅 层解析, 从而降低了对网关设备的要求, 并且, 能够减少对网关设备性能的 影响。  In S302, after receiving the data packet of the service, the GGSN can obtain the L34 layer information of the service, for example, an IP address, based on the SPI technology. Therefore, the GGSN only needs to perform shallow layer analysis on the data packet, thereby reducing the gateway device. The requirements, and, can reduce the impact on the performance of the gateway device.
可选地, GGSN还可以根据数据报文, 获取 USER ID。 具体地说, 网关 在 UE激活时可以为该 UE分配数据报文以及 USER ID,以唯一地标识该 UE, 并且, 网关可以通知周边网元用于上行数据报文(UE发送给到业务服务器 的数据报文) 的 USER ID索引, 建立一个基于 UE IP地址的 UE查询表项, 用于下行数据报文(从业务服务器发送给 UE的数据报文)的 USER ID索引。 上行数据报文由 UE选择承载该业务的上下文信息, 最终数据报文发送到网 关后会在报文头域中携带网关在 UE激活时为该 UE分配的 ID, 网关基于该 ID索引本地保存的上下文, 从而获取 USER ID。 下行报文由网关设备基于 UE ID地址选择承载该业务的上下文信息获取 USER ID。应理解,承载 USER ID的数据报文与承载 L34层信息的数据报文可以相同也可以不同, 本发明 并未特别限定。  Optionally, the GGSN may also obtain the USER ID according to the data packet. Specifically, the gateway may allocate a data packet and a USER ID to the UE to uniquely identify the UE when the UE is activated, and the gateway may notify the neighboring network element to use the uplink data packet (the UE sends the message to the service server. The USER ID index of the data packet is used to establish a UE query entry based on the UE IP address, and is used for the USER ID index of the downlink data packet (the data packet sent from the service server to the UE). The uplink data packet is selected by the UE to carry the context information of the service. After the final data packet is sent to the gateway, the packet carries the ID assigned by the gateway to the UE when the UE is activated. The gateway locally saves the ID based on the ID index. Context, thus getting the USER ID. The downlink packet is obtained by the gateway device by using the UE ID address to select the context information that carries the service. It should be understood that the data packet carrying the USER ID and the data packet carrying the L34 layer information may be the same or different, and the present invention is not particularly limited.
可选地, GGSN在接收到业务的数据报文后, 可以首先确定是否需要对 该业务进行基于 L34层信息的过滤, 具体地说, 可以在策略服务器中緩存传 输该业务的 UE是否需要进行基于 L34层信息的过滤的签约信息, 并在该 UE激活时, 策略服务器可以根据该签约信息, 通知 GGSN是否需要对该业 务进行基于 L34层信息的过滤, 如果开启内容过滤功能, 则在该业务的传输 过程中, GGSN与外部的服务器进行交互。 并且, 还可以在网关设备中增加 一个全局或基于接入点名称(APN, Access Point Name ) 的配置, 以确定传 输该业务的 UE是否需要进行基于 L34层信息的过滤, 在 UE激活时, 基于 该配置, 确定是否需要对该业务进行基于 L34层信息的过滤, 如果开启内容 过滤功能, 则在业务访问过程中, GGSN与外部的服务器进行交互。 因此, 能够在控制的初始阶段根据用户签约信息, 确定对业务的控制方式, 从而能 够灵活地进行控制, 提高业务的传输的效率。  Optionally, after receiving the data packet of the service, the GGSN may first determine whether the L34 layer information filtering is required for the service, and specifically, whether the UE that transmits the service needs to be cached in the policy server. The information about the filtering of the L34 layer information, and when the UE is activated, the policy server may notify the GGSN whether to filter the L34 layer information according to the subscription information, and if the content filtering function is enabled, the service is in the service. During the transmission, the GGSN interacts with an external server. Moreover, a global or access point name (APN) configuration may be added to the gateway device to determine whether the UE transmitting the service needs to perform filtering based on the L34 layer information, and when the UE is activated, based on The configuration determines whether the L34 layer information filtering needs to be performed on the service. If the content filtering function is enabled, the GGSN interacts with an external server during the service access process. Therefore, the control mode of the service can be determined based on the user subscription information in the initial stage of the control, so that the control can be flexibly performed, and the efficiency of the transmission of the service can be improved.
在 S303中, GGSN可以向服务器发送分类请求消息, 其中, 该分类请 求消息可以包括 IP地址, 也可以包括 IP地址和 USER ID。 In S303, the GGSN may send a classification request message to the server, where the classification is requested. The request message may include an IP address, and may also include an IP address and a USER ID.
在 S304中, 服务器可以根据该分类请求消息, 确定分类请求应答消息, 具体地说, 当分类请求消息包括 IP地址时, 服务器可以对照非法网站的 IP 地址和分类属性的黑白名单列表, 即分类属性数据库, 确定该业务的分类属 性, 根据该分类属性, 为网内所有 UE统一地确定对该业务的控制策略, 例 如, 对于门户、 科技、 社交等, 网关设备或服务器可以将其控制策略对应为 正常访问等; 对于政治、 色情、 暴力、 赌博等, 网关设备或服务器可以将其 控制策略对应为阻塞或重定向到提醒页面等。 并且, 当分类请求消息包括 IP 地址和 USER ID时, 服务器可以首先对照非法网站的 IP地址和分类属性的 列表, 确定该业务的分类属性, 然后基于用 USER ID查询用户策略数据库, 确定对于此分类属性应该执行的控制策略。  In S304, the server may determine the classification request response message according to the classification request message. Specifically, when the classification request message includes an IP address, the server may compare the IP address of the illegal website with the black and white list of the classification attribute, that is, the classification attribute. a database, determining a classification attribute of the service, and determining, according to the classification attribute, a control policy for the service for all UEs in the network, for example, for a portal, a technology, a social, etc., the gateway device or the server may correspond its control policy to Normal access, etc.; for politics, pornography, violence, gambling, etc., the gateway device or server can map its control policy to block or redirect to the reminder page. Moreover, when the classification request message includes an IP address and a USER ID, the server may first determine the classification attribute of the service against the list of the IP address and the classification attribute of the illegal website, and then determine the classification for the classification based on querying the user policy database by using the USER ID. The control strategy that the attribute should execute.
在 S305中, 服务器可以向 GGSN发送该分类请求应答消息, 其中, 该 分类请求应答消息可以包括该业务的分类属性,也可以包括该业务的控制策 略。  In S305, the server may send the classification request response message to the GGSN, where the classification request response message may include a classification attribute of the service, and may also include a control policy of the service.
在 S306中, GGSN可以根据该分类请求应答消息, 确定对该业务的控 制策略,具体地说, 当该分类请求应答消息包括该业务的控制策略时, GGSN 可以直接从该分类请求应答消息中提取该控制策略。 并且, 当该分类请求应 答消息包括该业务的分类属性时, GGSN可以根据该分类属性, 确定对该业 务的控制策略, 也可以基于用 USER ID查询用户策略数据库, 确定对于此 分类属性应该执行的控制策略。  In S306, the GGSN may determine a control policy for the service according to the classification request response message. Specifically, when the classification request response message includes the control policy of the service, the GGSN may directly extract the response request message from the classification request message. The control strategy. And, when the classification request response message includes the classification attribute of the service, the GGSN may determine a control policy for the service according to the classification attribute, or may perform a query on the user policy database by using the USER ID to determine that the classification attribute should be executed. Control Strategy.
在 S307中, GGSN根据该控制策略, 控制业务在 UE与业务服务器之 间传输。  In S307, the GGSN controls the transmission of the service between the UE and the service server according to the control policy.
因此, 根据本发明实施例的控制业务的传输的方法, 通过设置在网关设 备外部的服务器确定该业务的控制信息, 网关设备根据该控制信息对该业务 的传输进行控制, 能够实现对包括非浏览类和加密的业务类型在内的所有业 务进行控制, 减少因配置 L34过滤器而对网关设备性能造成的影响, 并能够 维持黑白名单数据的持续更新, 减少网络维护的工作量。  Therefore, according to the method for controlling the transmission of the service according to the embodiment of the present invention, the control information of the service is determined by the server disposed outside the gateway device, and the gateway device controls the transmission of the service according to the control information, thereby enabling non-browsing including All services, including classes and encrypted service types, are controlled to reduce the impact on the performance of the gateway device due to the configuration of the L34 filter, and to maintain the continuous update of the black and white list data, reducing the workload of network maintenance.
并且, 能够根据用户标识, 基于用户策略签约信息, 获取大量黑白名单 的动态规则, 从而能够实现对不同的用户设备灵活制定不同的控制策略。  Moreover, according to the user identifier, the dynamic rule of the black and white list is obtained based on the user policy subscription information, so that different control policies can be flexibly formulated for different user equipments.
上文中, 结合图 1至图 3, 详细描述了根据本发明实施例的控制业务的 传输的方法, 下面将结合图 4至图 5, 详细描述根据本发明实施例的控制业 务的传输的装置。 Hereinabove, a method of controlling transmission of a service according to an embodiment of the present invention is described in detail with reference to FIGS. 1 to 3. Hereinafter, a control industry according to an embodiment of the present invention will be described in detail with reference to FIGS. 4 to 5. The device for transmission.
图 4示出了根据本发明实施例的控制业务的传输的装置 400的示意性框 图。 如图 4所示, 该装置 400包括:  Figure 4 shows a schematic block diagram of an apparatus 400 for controlling the transmission of traffic in accordance with an embodiment of the present invention. As shown in Figure 4, the apparatus 400 includes:
第一接收单元 410, 用于接收发送端发送的数据报文;  The first receiving unit 410 is configured to receive a data packet sent by the sending end.
发送单元 420, 用于向服务器发送分类请求消息, 该分类请求消息包括 从该数据报文中提取的业务的 L34层信息;  The sending unit 420 is configured to send, to the server, a classification request message, where the classification request message includes L34 layer information of the service extracted from the data packet;
第二接收单元 430, 用于接收该服务器发送的分类请求应答消息, 该分 类请求应答消息包括该服务器根据该 L34层信息确定的该业务的控制信息; 控制单元 440, 用于根据该控制信息, 对该业务的传输进行控制。  The second receiving unit 430 is configured to receive a classification request response message sent by the server, where the classification request response message includes control information of the service determined by the server according to the L34 layer information, and a control unit 440, configured to: according to the control information, Control the transmission of this service.
因此, 根据本发明实施例的控制业务的传输的装置, 通过设置在网关设 备外部的服务器确定该业务的控制信息, 网关设备根据该控制信息对该业务 的传输进行控制, 能够实现对包括非浏览类和加密的业务类型在内的所有业 务进行控制, 减少因配置 L34过滤器而对网关设备性能造成的影响, 并能够 维持黑白名单数据的持续更新, 减少网络维护的工作量。  Therefore, the device for controlling the transmission of the service according to the embodiment of the present invention determines the control information of the service by the server disposed outside the gateway device, and the gateway device controls the transmission of the service according to the control information, thereby enabling non-browsing All services, including classes and encrypted service types, are controlled to reduce the impact on the performance of the gateway device due to the configuration of the L34 filter, and to maintain the continuous update of the black and white list data, reducing the workload of network maintenance.
在本发明实施例中, 第二接收单元 430接收的分类请求应答消息可以包 括该业务的分类属性, 以可以包括该业务的控制策略。 因此, 当分类请求应 答消息包括该业务的分类属性时,  In the embodiment of the present invention, the classification request response message received by the second receiving unit 430 may include a classification attribute of the service, so as to include a control policy of the service. Therefore, when the classification request response message includes the classification attribute of the service,
该控制单元 440还用于根据该控制信息包括的该业务的分类属性,确定 该业务的控制策略; 以及  The control unit 440 is further configured to determine a control policy of the service according to the classification attribute of the service included in the control information;
用于根据该控制策略, 对该业务的传输进行控制。  It is used to control the transmission of the service according to the control strategy.
可选地, 在本发明实施例中, 网关设备还可以进一步根据该 L34层信息 和用户标识, 确定该业务的控制策略。 因此,  Optionally, in the embodiment of the present invention, the gateway device may further determine, according to the L34 layer information and the user identifier, a control policy of the service. Therefore,
该控制单元还用于根据该控制信息包括的该业务的分类属性, 和从该数 据 文中提取的用户标识, 确定该业务的控制策略; 以及  The control unit is further configured to determine a control policy of the service according to the classification attribute of the service included in the control information, and the user identifier extracted from the data text;
用于根据该控制策略, 对该业务的传输进行控制。  It is used to control the transmission of the service according to the control strategy.
在本发明实施例中,该控制策略可以是服务器根据该分类请求消息包括 的 L34层信息确定的。 因此,  In the embodiment of the present invention, the control policy may be determined by the server according to the L34 layer information included in the classification request message. Therefore,
该控制单元还用于根据该控制信息包括的该业务的控制策略,对该业务 的传输进行控制。  The control unit is further configured to control transmission of the service according to a control policy of the service included in the control information.
在本发明实施例中, 该控制策略可以也可以是服务器根据该分类请求消 息包括的 L34层信息和用户标识确定的。 因此, 该控制单元还用于根据该业务控制信息包括的该业务的控制策略,对该 业务的传输进行控制,该控制策略是该服务器根据该 L34层信息和该分类请 求消息包括的从该数据报文中提取的用户标识确定的。 In the embodiment of the present invention, the control policy may be determined by the server according to the L34 layer information and the user identifier included in the classification request message. therefore, The control unit is further configured to control transmission of the service according to the control policy of the service included in the service control information, where the control policy is that the server includes the data packet according to the L34 layer information and the classification request message. The extracted user ID is determined.
因此,根据本发明实施例的控制业务的传输的装置,能够根据用户标识, 基于用户策略签约信息, 获取大量黑白名单的动态规则, 从而能够实现对不 同的用户设备灵活制定不同的控制策略。  Therefore, the device for controlling the transmission of the service according to the embodiment of the present invention can obtain a dynamic rule of a large number of black and white lists based on the user identifier and the subscription information of the user, so that different control policies can be flexibly formulated for different user devices.
并且, 在本发明实施例中, 该 L34层信息可以包括提供该业务的业务服 务器的 IP地址、 端口等信息。  Moreover, in the embodiment of the present invention, the L34 layer information may include information such as an IP address, a port, and the like of the service server that provides the service.
该用户标识可以包括 MSISDN、 IMSI和 IMEI等信息。  The user identity may include information such as MSISDN, IMSI, and IMEI.
根据本发明实施例的控制业务的传输的装置 400可对应于本发明实施例 的方法中的网关设备(例如 GGSN ), 并且, 该控制业务的传输的装置 400 中的各单元和上述其他操作和 /或功能分别为了实现图 1中的方法 100的相应 流程, 为了筒洁, 在此不再赘述。  The apparatus 400 for controlling transmission of a service according to an embodiment of the present invention may correspond to a gateway device (e.g., GGSN) in the method of the embodiment of the present invention, and the units in the apparatus 400 for controlling transmission of the service and the other operations and In order to implement the corresponding process of the method 100 in FIG. 1 , the functions are not described here.
图 5示出了根据本发明实施例的控制业务的传输的装置 500的示意性框 图。 如图 5所示, 该装置 500包括:  Figure 5 shows a schematic block diagram of an apparatus 500 for controlling the transmission of traffic in accordance with an embodiment of the present invention. As shown in Figure 5, the apparatus 500 includes:
接收单元 510, 用于接收网关设备发送分类请求消息, 该分类请求消息 包括该网关设备从数据报文中提取的业务的 L34层信息;  The receiving unit 510 is configured to receive, by the gateway device, a classification request message, where the classification request message includes L34 layer information of the service extracted by the gateway device from the data packet;
确定单元 520, 用于根据该 L34层信息, 确定该业务的控制信息; 发送单元 530, 用于向该网关设备发送分类请求应答消息, 该分类请求 应答消息包括该确定单元 520确定的该控制信息, 以便于该网关设备根据该 控制信息, 对该业务的传输进行控制。  a determining unit 520, configured to determine control information of the service according to the L34 layer information, and a sending unit 530, configured to send, to the gateway device, a classification request response message, where the classification request response message includes the control information determined by the determining unit 520 So that the gateway device controls the transmission of the service according to the control information.
因此, 根据本发明实施例的控制业务的传输的装置, 通过设置在网关设 备外部的服务器确定该业务的控制信息, 网关设备根据该控制信息对该业务 的传输进行控制, 能够实现对包括非浏览类和加密的业务类型在内的所有业 务进行控制, 减少因配置 L34过滤器而对网关设备性能造成的影响, 并能够 维持黑白名单数据的持续更新, 减少网络维护的工作量。  Therefore, the device for controlling the transmission of the service according to the embodiment of the present invention determines the control information of the service by the server disposed outside the gateway device, and the gateway device controls the transmission of the service according to the control information, thereby enabling non-browsing All services, including classes and encrypted service types, are controlled to reduce the impact on the performance of the gateway device due to the configuration of the L34 filter, and to maintain the continuous update of the black and white list data, reducing the workload of network maintenance.
当服务器接收到的网关设备发送的分类请求消息包括该业务的 L34层 信息时, 服务器可以根据该 L34层信息确定该业务的分类属性。 因此,  When the classification request message sent by the gateway device received by the server includes the L34 layer information of the service, the server may determine the classification attribute of the service according to the L34 layer information. Therefore,
该确定单元 520还用于根据该 L34层信息,确定包括该业务的分类属性 的该业务的控制信息。  The determining unit 520 is further configured to determine, according to the L34 layer information, control information of the service including a classification attribute of the service.
并且, 当服务器接收到的网关设备发送的分类请求消息包括该业务的 L34层信息时, 服务器还可以根据该 L34层信息确定该业务的控制策略。 因 此, And, the classification request message sent by the gateway device received by the server includes the service When the L34 layer information is used, the server may further determine a control policy of the service according to the L34 layer information. therefore,
该确定单元 520还用于根据该 L34层信息,确定包括该业务的控制策略 的该业务的控制信息。  The determining unit 520 is further configured to determine, according to the L34 layer information, control information of the service including the control policy of the service.
当服务器接收到的网关设备发送的分类请求消息包括该业务的 L34层 信息和用户标识时,服务器可以根据该 L34层信息和用户标识确定该业务的 控制策略。 因此,  When the classification request message sent by the gateway device includes the L34 layer information and the user identifier of the service, the server may determine the control policy of the service according to the L34 layer information and the user identifier. Therefore,
该确定单元 520还用于根据该 L34层信息,和该分类请求消息包括该网 关设备从数据报文中提取的用户标识,确定包括该业务的控制策略的该业务 的控制信息。  The determining unit 520 is further configured to determine, according to the L34 layer information, the classification request message, the user identifier extracted by the gateway device from the data packet, and the control information of the service including the control policy of the service.
因此, 根据本发明实施例的控制业务的传输的装置, 能够基于用户策略 签约信息, 获取大量黑白名单的动态规则, 从而能够实现对不同的用户设备 灵活制定不同的控制策略。  Therefore, the device for controlling the transmission of the service according to the embodiment of the present invention can obtain a dynamic rule of a large number of black and white lists based on the user policy subscription information, so that different control policies can be flexibly formulated for different user equipments.
在本发明实施例中,接收单元 510接收到的网关设备发送的分类请求消 息包括的该业务的 L34层信息可以包括提供该业务的业务服务器的 IP地址、 端口等信息。  In the embodiment of the present invention, the L34 layer information of the service included in the classification request message sent by the receiving device 510 may include information such as an IP address, a port, and the like of the service server that provides the service.
接收单元 510接收到的网关设备发送的分类请求消息包括的用户标识可 以包括 MSISDN、 IMSI和 IMEI等信息。  The user identifier included in the classification request message sent by the gateway device received by the receiving unit 510 may include information such as MSISDN, IMSI, and IMEI.
根据本发明实施例的控制业务的传输的装置 500可对应于本发明实施例 的方法中的服务器, 并且, 该控制业务的传输的装置 500中的各单元和上述 其他操作和 /或功能分别为了实现图 2中的方法 200的相应流程, 为了筒洁, 在此不再赘述。  The apparatus 500 for controlling transmission of a service according to an embodiment of the present invention may correspond to a server in the method of the embodiment of the present invention, and the units in the apparatus 500 for controlling the transmission of the service and the other operations and/or functions described above are respectively The corresponding process of the method 200 in FIG. 2 is implemented, and the details are not described herein.
上文中, 结合图 1至图 5, 详细描述了根据本发明实施例的控制业务的 传输的方法和装置, 下面将结合图 6, 详细描述根据本发明实施例的控制业 务的传输的系统。  Hereinabove, a method and apparatus for controlling transmission of a service according to an embodiment of the present invention are described in detail with reference to Figs. 1 through 5, and a system for controlling transmission of a service according to an embodiment of the present invention will be described in detail below with reference to Fig. 6.
图 6示出了根据本发明实施例的控制业务的传输的系统 600的示意性框 图。 如图 6所示, 该系统 600包括: 根据本发明实施例的装置 400和根据本 发明实施例的装置 500。  Figure 6 shows a schematic block diagram of a system 600 for controlling the transmission of traffic in accordance with an embodiment of the present invention. As shown in Figure 6, the system 600 includes: a device 400 in accordance with an embodiment of the present invention and a device 500 in accordance with an embodiment of the present invention.
该装置 400包括: 第一接收单元 410,用于接收发送端发送的数据报文; 发送单元 420, 用于向服务器发送分类请求消息, 该分类请求消息包括从该 数据报文中提取的业务的 L34层信息; 第二接收单元 430, 用于接收该服务 器发送的分类请求应答消息, 该分类请求应答消息包括该服务器根据该 L34 层信息确定的该业务的控制信息; 控制单元 440, 用于 ^据该控制信息, 对 该业务的传输进行控制。 The device 400 includes: a first receiving unit 410, configured to receive a data packet sent by the sending end, and a sending unit 420, configured to send, to the server, a classification request message, where the classification request message includes the service extracted from the data packet L34 layer information; a second receiving unit 430, configured to receive the service The classification request response message sent by the device, the classification request response message includes control information of the service determined by the server according to the L34 layer information, and the control unit 440 is configured to control the transmission of the service according to the control information.
该装置 500包括:接收单元 510,用于接收网关设备发送分类请求消息, 该分类请求消息包括该网关设备从数据报文中提取的业务的 L34层信息;确 定单元 520,用于根据该 L34层信息,确定该业务的控制信息;发送单元 530, 用于向该网关设备发送分类请求应答消息, 该分类请求应答消息包括该确定 单元 520确定的该控制信息, 以便于该网关设备根据该控制信息, 对该业务 的传输进行控制。  The apparatus 500 includes: a receiving unit 510, configured to receive, by the gateway device, a classification request message, where the classification request message includes L34 layer information of the service extracted by the gateway device from the data packet, and the determining unit 520 is configured to use, according to the L34 layer The information is used to determine the control information of the service. The sending unit 530 is configured to send a classification request response message to the gateway device, where the classification request response message includes the control information determined by the determining unit 520, so that the gateway device can use the control information according to the control information. , control the transmission of the service.
因此, 根据本发明实施例的控制业务的传输的系统, 通过设置在网关设 备外部的服务器确定该业务的控制信息, 网关设备根据该控制信息对该业务 的传输进行控制, 能够实现对包括非浏览类和加密的业务类型在内的所有业 务进行控制, 减少因配置 L34过滤器而对网关设备性能造成的影响, 并能够 维持黑白名单数据的持续更新, 减少网络维护的工作量。 置 400中的各单元和上述其他操作和 /或功能分别为了实现图 1中的方法 100 的相应流程。上述装置 500可对应于本发明实施例的方法中的服务器,并且, 该装置 500中的各单元和上述其他操作和 /或功能分别为了实现图 2中的方法 Therefore, the system for controlling the transmission of the service according to the embodiment of the present invention determines the control information of the service by the server disposed outside the gateway device, and the gateway device controls the transmission of the service according to the control information, thereby enabling non-browsing including All services, including classes and encrypted service types, are controlled to reduce the impact on the performance of the gateway device due to the configuration of the L34 filter, and to maintain the continuous update of the black and white list data, reducing the workload of network maintenance. The units in unit 400 and the other operations and/or functions described above are respectively implemented to implement the corresponding flow of method 100 in FIG. The apparatus 500 described above may correspond to a server in the method of the embodiment of the present invention, and the units in the apparatus 500 and the other operations and/or functions described above are respectively implemented to implement the method of FIG.
200的相应流程为了筒洁, 在此不再赘述。 The corresponding process of 200 is clean and will not be repeated here.
并且, 在本发明的各种实施例中, 上述各过程的序号的大小并不意味着 执行顺序的先后, 各过程的执行顺序应以其功能和内在逻辑确定, 而不应对 本发明实施例的实施过程构成任何限定。  Moreover, in various embodiments of the present invention, the size of the sequence numbers of the above processes does not mean the order of execution, and the order of execution of each process should be determined by its function and internal logic, and should not be taken by the embodiment of the present invention. The implementation process constitutes any qualification.
本领域普通技术人员可以意识到, 结合本文中所公开的实施例描述的各 示例的单元及算法步骤, 能够以电子硬件、 或者计算机软件和电子硬件的结 合来实现。 这些功能究竟以硬件还是软件方式来执行, 取决于技术方案的特 定应用和设计约束条件。 专业技术人员可以对每个特定的应用来使用不同方 法来实现所描述的功能, 但是这种实现不应认为超出本发明的范围。  Those of ordinary skill in the art will appreciate that the elements and algorithm steps of the various examples described in connection with the embodiments disclosed herein can be implemented in a combination of electronic hardware or computer software and electronic hardware. Whether these functions are performed in hardware or software depends on the specific application and design constraints of the solution. A person skilled in the art can use different methods for implementing the described functions for each particular application, but such implementation should not be considered to be beyond the scope of the present invention.
所属领域的技术人员可以清楚地了解到, 为描述的方便和筒洁, 上述描 述的系统、 装置和单元的具体工作过程, 可以参考前述方法实施例中的对应 过程, 在此不再赘述。  It will be apparent to those skilled in the art that, for the convenience of the description and the cleaning process, the specific operation of the system, the device and the unit described above may be referred to the corresponding processes in the foregoing method embodiments, and details are not described herein again.
在本申请所提供的几个实施例中, 应该理解到, 所揭露的系统、 装置和 方法, 可以通过其它的方式实现。 例如, 以上所描述的装置实施例仅仅是示 意性的, 例如, 所述单元的划分, 仅仅为一种逻辑功能划分, 实际实现时可 以有另外的划分方式, 例如多个单元或组件可以结合或者可以集成到另一个 系统, 或一些特征可以忽略, 或不执行。 另一点, 所显示或讨论的相互之间 的耦合或直接耦合或通信连接可以是通过一些接口, 装置或单元的间接耦合 或通信连接, 可以是电性, 机械或其它的形式。 In the several embodiments provided herein, it should be understood that the disclosed systems, devices, and The method can be implemented in other ways. For example, the device embodiments described above are merely illustrative. For example, the division of the unit is only a logical function division. In actual implementation, there may be another division manner, for example, multiple units or components may be combined or Can be integrated into another system, or some features can be ignored, or not executed. In addition, the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be in an electrical, mechanical or other form.
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作 为单元显示的部件可以是或者也可以不是物理单元, 即可以位于一个地方, 或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或 者全部单元来实现本实施例方案的目的。  The units described as separate components may or may not be physically separate, and the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solution of the embodiment.
另外, 在本发明各个实施例中的各功能单元可以集成在一个处理单元 中, 也可以是各个单元单独物理存在, 也可以两个或两个以上单元集成在一 个单元中。  In addition, each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.
所述功能如果以软件功能单元的形式实现并作为独立的产品销售或使 用时, 可以存储在一个计算机可读取存储介质中。 基于这样的理解, 本发明 的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的部 分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质 中, 包括若干指令用以使得一台计算机设备(可以是个人计算机, 服务器, 或者网络设备等)执行本发明各个实施例所述方法的全部或部分步骤。 而前 述的存储介质包括: U盘、移动硬盘、只读存储器( ROM, Read-Only Memory )、 随机存取存储器(RAM, Random Access Memory ), 磁碟或者光盘等各种可 以存储程序代码的介质。  The functions, if implemented in the form of software functional units and sold or used as separate products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention, which is essential to the prior art or part of the technical solution, may be embodied in the form of a software product stored in a storage medium, including The instructions are used to cause a computer device (which may be a personal computer, server, or network device, etc.) to perform all or part of the steps of the methods described in various embodiments of the present invention. The foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk or an optical disk, and the like, which can store program codes. .
以上所述, 仅为本发明的具体实施方式, 但本发明的保护范围并不局限 于此, 任何熟悉本技术领域的技术人员在本发明揭露的技术范围内, 可轻易 想到变化或替换, 都应涵盖在本发明的保护范围之内。 因此, 本发明的保护 范围应所述以权利要求的保护范围为准。  The above is only the specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily think of changes or substitutions within the technical scope of the present invention. It should be covered by the scope of the present invention. Therefore, the scope of the invention should be determined by the scope of the claims.

Claims

权利要求 Rights request
1、 一种控制业务的传输的方法, 其特征在于, 所述方法包括: 接收发送端发送的数据报文;  A method for controlling transmission of a service, the method comprising: receiving a data message sent by a sender;
向服务器发送分类请求消息, 所述分类请求消息包括从所述数据报文中 提取的业务的 L34层信息;  Sending a classification request message to the server, where the classification request message includes L34 layer information of the service extracted from the data packet;
接收所述服务器发送的分类请求应答消息, 所述分类请求应答消息包括 所述服务器根据所述 L34层信息确定的所述业务的控制信息;  And receiving, by the server, a classification request response message, where the classification request response message includes control information of the service determined by the server according to the L34 layer information;
根据所述控制信息, 对所述业务的传输进行控制。  Controlling the transmission of the service according to the control information.
2、 根据权利要求 1所述的方法, 其特征在于, 所述根据所述控制信息, 对所述业务的传输进行控制, 包括:  The method according to claim 1, wherein the controlling the transmission of the service according to the control information comprises:
根据所述控制信息包括的所述业务的分类属性,确定所述业务的控制策 略;  Determining a control policy of the service according to the classification attribute of the service included in the control information;
根据所述控制策略, 对所述业务的传输进行控制。  Controlling the transmission of the service according to the control policy.
3、 根据权利要求 1所述的方法, 其特征在于, 所述根据所述控制信息, 对所述业务的传输进行控制, 包括:  The method according to claim 1, wherein the controlling the transmission of the service according to the control information comprises:
根据所述控制信息包括的所述业务的分类属性, 和从所述数据报文中提 取的用户标识, 确定所述业务的控制策略;  Determining a control policy of the service according to a classification attribute of the service included in the control information, and a user identifier extracted from the data packet;
根据所述控制策略, 对所述业务的传输进行控制。  Controlling the transmission of the service according to the control policy.
4、 根据权利要求 1所述的方法, 其特征在于, 所述根据所述控制信息, 对所述业务的传输进行控制, 包括:  The method according to claim 1, wherein the controlling the transmission of the service according to the control information comprises:
根据所述控制信息包括的所述业务的控制策略,对所述业务的传输进行 控制。  And controlling transmission of the service according to a control policy of the service included in the control information.
5、 根据权利要求 1所述的方法, 其特征在于, 所述根据所述业务控制 信息, 对所述业务的传输进行控制, 包括:  The method according to claim 1, wherein the controlling the transmission of the service according to the service control information comprises:
根据所述业务控制信息包括的所述业务的控制策略,对所述业务的传输 进行控制,所述控制策略是所述服务器根据所述 L34层信息和所述分类请求 消息包括的从所述数据报文中提取的用户标识确定的。  And controlling the transmission of the service according to the control policy of the service included in the service control information, where the control policy is that the server includes the data according to the L34 layer information and the classification request message. The user ID extracted in the message is determined.
6、 根据权利要求 3或 5所述的方法, 其特征在于, 所述用户标识包括 移动用户手机号 MSISDN、 国际移动用户标识 IMSI和国际移动台设备标识 IMEI中的至少一个。  The method according to claim 3 or 5, wherein the user identifier comprises at least one of a mobile subscriber number MSISDN, an international mobile subscriber identity IMSI, and an international mobile station equipment identity IMEI.
7、 根据权利要求 1至 6中任一项所述的方法, 其特征在于, 所述 L34 层信息包括服务器网际协议 IP地址和服务器端口中的至少一个。 The method according to any one of claims 1 to 6, wherein the L34 The layer information includes at least one of a server internet protocol IP address and a server port.
8、 一种控制业务的传输的方法, 其特征在于, 所述方法包括: 接收网关设备发送分类请求消息, 所述分类请求消息包括所述网关设备 从数据报文中提取的业务的 L34层信息;  A method for controlling transmission of a service, the method comprising: receiving a gateway device to send a classification request message, where the classification request message includes L34 layer information of a service extracted by the gateway device from a data packet ;
^据所述 L34层信息, 确定所述业务的控制信息;  And determining, according to the L34 layer information, control information of the service;
向所述网关设备发送分类请求应答消息, 所述分类请求应答消息包括所 述控制信息, 以便于所述网关设备根据所述控制信息, 对所述业务的传输进 行控制。  And sending, to the gateway device, a classification request response message, where the classification request response message includes the control information, so that the gateway device controls transmission of the service according to the control information.
9、 根据权利要求 8所述的方法, 其特征在于, 所述根据所述 L34层信 息, 确定所述业务的控制信息, 包括:  The method according to claim 8, wherein the determining the control information of the service according to the L34 layer information comprises:
根据所述 L34层信息,确定包括所述业务的分类属性的所述业务的控制 信息。  Based on the L34 layer information, control information of the service including a classification attribute of the service is determined.
10、 根据权利要求 8所述的方法, 其特征在于, 所述根据所述 L34层信 息, 确定所述业务的控制信息, 包括:  The method according to claim 8, wherein the determining the control information of the service according to the L34 layer information comprises:
根据所述 L34层信息,确定包括所述业务的控制策略的所述业务的控制 信息。  And determining, according to the L34 layer information, control information of the service including a control policy of the service.
11、 根据权利要求 8所述的方法, 其特征在于, 所述根据所述 L34层信 息, 确定所述业务的控制信息, 包括:  The method according to claim 8, wherein the determining the control information of the service according to the L34 layer information comprises:
根据所述 L34层信息,和所述分类请求消息包括的所述网关设备从所述 数据报文中提取的用户标识,确定包括所述业务的控制策略的所述业务的控 制信息。  And the control information of the service including the control policy of the service is determined according to the L34 layer information, and the user identifier that is extracted by the gateway device from the data packet.
12、 根据权利要求 11所述的方法, 其特征在于, 所述用户标识包括移 动用户手机号 MSISDN、 国际移动用户标识 IMSI 和国际移动台设备标识 IMEI中的至少一个。  The method according to claim 11, wherein the user identifier comprises at least one of a mobile subscriber number MSISDN, an international mobile subscriber identity IMSI, and an international mobile station equipment identity IMEI.
13、根据权利要求 8至 12中任一项所述的方法, 其特征在于, 所述 L34 层信息包括服务器网际协议 IP地址和服务器端口中的至少一个。  The method according to any one of claims 8 to 12, wherein the L34 layer information comprises at least one of a server internet protocol IP address and a server port.
14、 一种控制业务的传输的装置, 其特征在于, 所述装置包括: 第一接收单元, 用于接收发送端发送的数据报文;  A device for controlling transmission of a service, the device comprising: a first receiving unit, configured to receive a data packet sent by a sending end;
发送单元, 用于向服务器发送分类请求消息, 所述分类请求消息包括从 所述数据报文中提取的业务的 L34层信息;  a sending unit, configured to send a classification request message to the server, where the classification request message includes L34 layer information of the service extracted from the data packet;
第二接收单元, 用于接收所述服务器发送的分类请求应答消息, 所述分 类请求应答消息包括所述服务器根据所述 L34 层信息确定的所述业务的控 制信息; a second receiving unit, configured to receive a classification request response message sent by the server, where the The class request response message includes control information of the service determined by the server according to the L34 layer information;
控制单元, 用于根据所述控制信息, 对所述业务的传输进行控制。 And a control unit, configured to control transmission of the service according to the control information.
15、 根据权利要求 14所述的装置, 其特征在于, 所述控制单元还用于 根据所述控制信息包括的所述业务的分类属性, 确定所述业务的控制策略; 以及 The device according to claim 14, wherein the control unit is further configured to determine a control policy of the service according to a classification attribute of the service included in the control information;
用于根据所述控制策略, 对所述业务的传输进行控制。  And for controlling transmission of the service according to the control policy.
16、 根据权利要求 14所述的装置, 其特征在于, 所述控制单元还用于 根据所述控制信息包括的所述业务的分类属性, 和从所述数据报文中提取的 用户标识, 确定所述业务的控制策略; 以及  The device according to claim 14, wherein the control unit is further configured to determine, according to the classification attribute of the service included in the control information, and the user identifier extracted from the data packet. The control strategy of the service;
用于根据所述控制策略, 对所述业务的传输进行控制。  And for controlling transmission of the service according to the control policy.
17、 根据权利要求 14所述的装置, 其特征在于, 所述控制单元还用于 根据所述控制信息包括的所述业务的控制策略, 对所述业务的传输进行控 制。  The device according to claim 14, wherein the control unit is further configured to control transmission of the service according to a control policy of the service included in the control information.
18、 根据权利要求 14所述的装置, 其特征在于, 所述控制单元还用于 根据所述业务控制信息包括的所述业务的控制策略,对所述业务的传输进行 控制,所述控制策略是所述服务器根据所述 L34层信息和所述分类请求消息 包括的从所述数据报文中提取的用户标识确定的。  The device according to claim 14, wherein the control unit is further configured to control transmission of the service according to a control policy of the service included in the service control information, where the control policy is And determining, by the server, the user identifier extracted from the data packet according to the L34 layer information and the classification request message.
19、 根据权利要求 18所述的装置, 其特征在于, 所述用户标识包括移 动用户手机号 MSISDN、 国际移动用户标识 IMSI 和国际移动台设备标识 19. The apparatus according to claim 18, wherein the user identifier comprises a mobile subscriber number MSISDN, an international mobile subscriber identity IMSI, and an international mobile station equipment identity.
IMEI中的至少一个。 At least one of the IMEIs.
20、 根据权利要求 14至 19 中任一项所述的装置, 其特征在于, 所述 L34层信息包括服务器网际协议 IP地址和服务器端口中的至少一个。  The apparatus according to any one of claims 14 to 19, wherein the L34 layer information comprises at least one of a server internet protocol IP address and a server port.
21、 一种控制业务的传输的装置, 其特征在于, 所述装置包括: 接收单元, 用于接收网关设备发送分类请求消息, 所述分类请求消息包 括所述网关设备从数据报文中提取的业务的 L34层信息;  An apparatus for controlling transmission of a service, the apparatus comprising: a receiving unit, configured to receive a gateway device to send a classification request message, where the classification request message includes the gateway device extracting from a data packet L34 layer information of the service;
确定单元, 用于 ^据所述 L34层信息, 确定所述业务的控制信息; 发送单元, 用于向所述网关设备发送分类请求应答消息, 所述分类请求 应答消息包括所述确定单元确定的所述控制信息, 以便于所述网关设备根据 所述控制信息, 对所述业务的传输进行控制。  a determining unit, configured to determine control information of the service according to the L34 layer information, and a sending unit, configured to send a classification request response message to the gateway device, where the classification request response message includes the determining unit And the control information, so that the gateway device controls the transmission of the service according to the control information.
22、 根据权利要求 21所述的装置, 其特征在于, 所述确定单元还用于 根据所述 L34层信息, 确定包括所述业务的分类属性的所述业务的控制信 息。 The device according to claim 21, wherein the determining unit is further configured to: Determining, according to the L34 layer information, control information of the service including a classification attribute of the service.
23、 根据权利要求 21所述的装置, 其特征在于, 所述确定单元还用于 根据所述 L34层信息, 确定包括所述业务的控制策略的所述业务的控制信 息。  The device according to claim 21, wherein the determining unit is further configured to determine, according to the L34 layer information, control information of the service including a control policy of the service.
24、 根据权利要求 21所述的装置, 其特征在于, 所述确定单元还用于 根据所述 L34层信息,和所述分类请求消息包括所述网关设备从数据报文中 提取的用户标识, 确定包括所述业务的控制策略的所述业务的控制信息。  The device according to claim 21, wherein the determining unit is further configured to: according to the L34 layer information, and the classification request message includes a user identifier extracted by the gateway device from a data packet, Determining control information for the service including the control policy of the service.
25、 根据权利要求 24所述的装置, 其特征在于, 所述用户标识包括移 动用户手机号 MSISDN、 国际移动用户标识 IMSI 和国际移动台设备标识 25. The apparatus according to claim 24, wherein the user identifier comprises a mobile subscriber number MSISDN, an international mobile subscriber identity IMSI, and an international mobile station equipment identity.
IMEI中的至少一个。 At least one of the IMEIs.
26、 根据权利要求 21 至 25 中任一项所述的装置, 其特征在于, 所述 L34层信息包括服务器网际协议 IP地址和服务器端口中的至少一个。  The apparatus according to any one of claims 21 to 25, wherein the L34 layer information comprises at least one of a server internet protocol IP address and a server port.
27、 一种控制业务的传输的系统, 其特征在于, 所述系统包括: 权利要求 14至 20中任一项所述的控制业务的传输的装置; 和 权利要求 21至 26中任一项所述的控制业务的传输的装置。  27. A system for controlling the transmission of a service, the system comprising: the apparatus for controlling transmission of a service according to any one of claims 14 to 20; and the method of any one of claims 21 to 26. The device for controlling the transmission of a service.
PCT/CN2011/083722 2011-12-08 2011-12-08 Method, device and system for controlling service transmission WO2013082793A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201180003320.7A CN102630376B (en) 2011-12-08 2011-12-08 Method, apparatus and system for transferring control service
PCT/CN2011/083722 WO2013082793A1 (en) 2011-12-08 2011-12-08 Method, device and system for controlling service transmission

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2011/083722 WO2013082793A1 (en) 2011-12-08 2011-12-08 Method, device and system for controlling service transmission

Publications (1)

Publication Number Publication Date
WO2013082793A1 true WO2013082793A1 (en) 2013-06-13

Family

ID=46588267

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2011/083722 WO2013082793A1 (en) 2011-12-08 2011-12-08 Method, device and system for controlling service transmission

Country Status (2)

Country Link
CN (1) CN102630376B (en)
WO (1) WO2013082793A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106789587B (en) * 2016-12-28 2021-05-18 国家计算机网络与信息安全管理中心 Communication device and method for reliable message in cloud computing environment
CN110024331B (en) 2017-01-26 2021-11-19 华为技术有限公司 Data protection method, device and system
CN110324284B (en) * 2018-03-30 2020-10-27 华为技术有限公司 Method and communication device for accessing IMS
CN111695148B (en) * 2020-05-15 2023-07-04 浙江信网真科技股份有限公司 Security filtering method and device for self-learning of network node

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1585444A (en) * 2004-06-12 2005-02-23 中兴通讯股份有限公司 Method for filtering backward frame in mobile communication system
CN1726671A (en) * 2002-12-17 2006-01-25 瑞通网络公司 Adaptive classification of network traffic
CN1801760A (en) * 2005-01-05 2006-07-12 阿尔卡特公司 Method to configure a DSL connection
US20070280277A1 (en) * 2006-05-30 2007-12-06 Martin Lund Method and system for adaptive queue and buffer control based on monitoring in a packet network switch

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1726671A (en) * 2002-12-17 2006-01-25 瑞通网络公司 Adaptive classification of network traffic
CN1585444A (en) * 2004-06-12 2005-02-23 中兴通讯股份有限公司 Method for filtering backward frame in mobile communication system
CN1801760A (en) * 2005-01-05 2006-07-12 阿尔卡特公司 Method to configure a DSL connection
US20070280277A1 (en) * 2006-05-30 2007-12-06 Martin Lund Method and system for adaptive queue and buffer control based on monitoring in a packet network switch

Also Published As

Publication number Publication date
CN102630376A (en) 2012-08-08
CN102630376B (en) 2014-11-05

Similar Documents

Publication Publication Date Title
JP6911263B2 (en) Service management method and its equipment
US11451510B2 (en) Method and apparatus for processing service request
WO2019153766A1 (en) Wireless communication method, network device, and terminal device
JP4644681B2 (en) Apparatus and method for controlling unnecessary traffic addressed to wireless communication apparatus
US8750140B2 (en) Support of home network base station local internet protocol access
WO2013131472A1 (en) Message processing method, device and system
CN102448064A (en) Access through non-3GPP access networks
EP4192184A1 (en) Pdu session establishment method, terminal device, and chip system
CN110637442B (en) Terminal information transmission method and related product
CN106685827B (en) Downlink message forwarding method and AP (access point) equipment
CN110177381B (en) Congestion notification method, related equipment and system
WO2015085321A1 (en) Mobile device traffic management
WO2013082793A1 (en) Method, device and system for controlling service transmission
CN113824789B (en) Configuration method, device, equipment and storage medium of access descriptor
US9112843B2 (en) Method and system for subscriber to log in internet content provider (ICP) website in identity/location separation network and login device thereof
WO2013189038A1 (en) Content processing method and network side device
EP3010200B1 (en) Method for controlling service data flow and network device
CN116210252A (en) Network operations to receive user consent for edge computation
EP3198804B1 (en) Method, apparatus, system and media for transmitting messages between networked devices in data communication with a local network access point
US20240015512A1 (en) Content Filtering Support for Protocols with Encrypted Domain Name Server
US10111081B2 (en) Local communication wireless network system and method thereof
CN118104286A (en) Congestion control method, device, equipment, medium, chip, product and program
US20230319684A1 (en) Resource filter for integrated networks
US20230413353A1 (en) Inter-plmn user plane integration
CN110661744A (en) Network access control method

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 201180003320.7

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11877108

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11877108

Country of ref document: EP

Kind code of ref document: A1