Unlock instant, AI-driven research and patent intelligence for your innovation.

Policy enforcement method, system, policy enforcement device, and control device

A technology for policy execution and control of equipment, applied in the field of network communication, can solve the problems of poor scalability of network architecture and easy consumption of large network transmission resources

Active Publication Date: 2018-01-02
HUAWEI TECH CO LTD
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The embodiment of the present invention provides a policy execution method, system, policy execution device, and control device to solve the problem that the existing policy execution method easily consumes a large amount of network transmission resources and the scalability of the network architecture is poor

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Policy enforcement method, system, policy enforcement device, and control device
  • Policy enforcement method, system, policy enforcement device, and control device
  • Policy enforcement method, system, policy enforcement device, and control device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0095] In order to enable those skilled in the art to better understand the technical solutions in the embodiments of the present invention, and to make the above-mentioned purposes, features and advantages of the embodiments of the present invention more obvious and understandable, the following describes the technical solutions in the embodiments of the present invention in conjunction with the accompanying drawings For further detailed explanation.

[0096] see Figure 1A , which is a schematic diagram of the network architecture applying the embodiment of the present invention:

[0097] Figure 1A, user device A accesses the authentication device through the intranet (also called the private network), the authentication device connects to the NAT device, the NAT device connects to the policy enforcement device, and the policy enforcement device connects to the Internet (also called the external network) Internet , where the authentication device, the NAT device, and the po...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

Disclosed are a policy enforcement method, system and device, and a control device. The method comprises: the policy enforcement device receiving a user packet; the policy enforcement device obtaining a user name corresponding to a public IP address of the user packet through the control device, wherein the control device is used for generating the association between user names and public IP addresses according to user information transmitted by an authentication device and address translation information transmitted by a network address translation (NAT) device; and the policy enforcement device enforcing a user policy corresponding to the user name. In the embodiments of the present invention, the authentication device and the NAT device only need to transmit the user information and the address translation information stored respectively to the control device, and therefore network transmission resources are saved; moreover, when a new policy enforcement device is added in the network architecture, due to the fact that the authentication device and the NAT device do not need to modify their functions for transmission of the user information and the address translation information stored respectively, the network architecture is extended easily.

Description

technical field [0001] The present invention relates to the technical field of network communication, in particular to a strategy execution method, a system, a strategy execution device and a control device. Background technique [0002] In a traditional Network Address Translation (NAT) network architecture, authentication devices for authenticating user identities, NAT devices for converting private network addresses to public network addresses, and several policy enforcement devices are usually deployed. The device, wherein, the policy enforcement device adopts a policy information configuration mode based on a user name. After the user equipment accesses the private network, the authentication device transmits the corresponding relationship between the user name and the private network address to the policy enforcement device, and at the same time, the NAT device transmits the private network address and the converted public network address of each connection of the user...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/12
CPCH04L61/2514
Inventor 尹保国张日华
Owner HUAWEI TECH CO LTD