IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
US-0693766
(2010-01-26)
|
등록번호 |
US-8250646
(2012-08-21)
|
우선권정보 |
CN-2007 1 0151721 (2007-09-27) |
발명자
/ 주소 |
|
출원인 / 주소 |
- Huawei Technologies Co., Ltd.
|
대리인 / 주소 |
Leydig, Voit & Mayer, Ltd.
|
인용정보 |
피인용 횟수 :
10 인용 특허 :
1 |
초록
▼
A method, system, and device for filtering packets are disclosed. The method includes: by a deep packet inspection (DPI) proxy server configured at the access-network user side, identifying the service type and/or contents of a received packet, and performing DPI filtering on the packet by using a p
A method, system, and device for filtering packets are disclosed. The method includes: by a deep packet inspection (DPI) proxy server configured at the access-network user side, identifying the service type and/or contents of a received packet, and performing DPI filtering on the packet by using a preset DPI filtering policy according to the identified service type and/or contents. In the technical solution of the present invention, DPI proxy servers are configured at the access-network user side on a distributed basis; each DPI proxy server receives packets only from a user equipment (UE) on a customer premises network (CPN), where the UE corresponds to the DPI proxy server. Compared with the DPI server configured at the edge between the core network and the access network in the prior art, the DPI proxy server provided in embodiments of the present invention processes fewer packets, thus performing real-time DPI on the packets.
대표청구항
▼
1. A method for filtering packets, wherein a deep packet inspection (DPI) proxy server is configured at an access-network user side on a distributed basis, comprising: by the DPI proxy server, identifying a service type and/or contents of a received packet;determining a processing mode corresponding
1. A method for filtering packets, wherein a deep packet inspection (DPI) proxy server is configured at an access-network user side on a distributed basis, comprising: by the DPI proxy server, identifying a service type and/or contents of a received packet;determining a processing mode corresponding to the identified service type and/or contents according to a preset DPI filtering policy; andperforming DPI filtering on the packet according to the determined processing mode; wherein the step of performing DPI filtering on the packet comprises: if the processing mode corresponding to the identified service type and/or contents in the DPI filtering policy is “redirection”, forwarding the packet to a DPI server for DPI, wherein the DPI comprises: by the DPI server, identifying the service type and/or contents of the received packet; analyzing the identified service type and/or contents of the packet; determining a processing mode corresponding to the packet; and processing the packet according to the determined processing mode;if the processing mode corresponding to the identified service type and/or contents in the DPI filtering policy is “pass allowed”, sending the packet according to a destination address of the packet; andif the processing mode corresponding to the identified service type and/or contents in the DPI filtering policy is “traffic limiting”, limiting the traffic of the packet according to a preset DPI traffic limiting policy. 2. The method of claim 1, wherein the step of forwarding the packet to the DPI server comprises: setting a beginning point and an end point of a tunnel to be respectively the DPI proxy server and the DPI server by using a tunneling technology, and forwarding the packet to the DPI server through the tunnel; or changing the destination address of the packet to the address of the DPI server, and sending the packet to the DPI server. 3. The method of claim 1, further comprising: changing, by the DPI server, the preset DPI filtering policy, wherein: the changing comprises: by the DPI server, sending a policy update request to a policy server, obtaining an updated DPI filtering policy from the policy server, and updating the DPI filtering policy set in the DPI proxy server; or by the DPI server, sending a policy update request to the policy server, and obtaining an updated DPI filtering policy from the policy server; and updating, by the policy server, the DPI filtering policy in the DPI proxy server. 4. The method of claim 1, wherein before identifying the service type and/or contents of the received packet, the method further comprises: by the DPI proxy server, judging whether a flow ID corresponding to the flow type related to DPI is preset in the DPI filtering policy; and if the flow ID is preset in the DPI filtering policy, continuing the identification. 5. The method of claim 1, wherein the step of identifying the service type and/or contents of the received packet comprises: analyzing the received packet at the application layer, or performing deep flow inspection (DFI) on the received packet.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.