Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and device for sending access control list (ACL)

An access control list and sending method technology, applied in the field of communication, can solve the problem of very high performance requirements of network equipment, and achieve the effect of reducing upgrade and maintenance

Inactive Publication Date: 2016-10-19
ZTE CORP
View PDF4 Cites 12 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0009] The main purpose of the present invention is to provide a method and device for sending an access control list ACL, so as to at least solve the problem in the related art that using routers to realize the function of ACL requires very high performance of network equipment

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for sending access control list (ACL)
  • Method and device for sending access control list (ACL)
  • Method and device for sending access control list (ACL)

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0060] Embodiment 1: ACL rules with time period characteristics are involved, and complex ACL time period characteristics are placed in the ACL application server for processing; the steps of the SDN-based access control list implementation method include:

[0061] Step S202: configure the ACL through the man-machine interface provided by the ACL application;

[0062] Wherein, the configuration name may be the ACL of TEST, and the ACL number assigned to TEST by the ACL application is 1.

[0063] Step S204: configuring ACL rules;

[0064]Among them, you can configure an ACL rule with time period characteristics in TEST. The rule defines that packets with source IP address 192.168.1.12 are allowed to be forwarded from 9:00 to 17:00 every day, and packets with source IP address 192.168.1.12 are prohibited from being forwarded at other times.

[0065] Step S206: the ACL application processes the time period characteristics of each ACL rule;

[0066] Among them, when the time is ...

Embodiment 2

[0068] Embodiment 2: involves merging ACL rules; the ACL application server simplifies the implementation complexity of the forwarding device and maintains the versatility of the forwarding device by processing complex, proprietary ACL rule merging algorithms and saving the original ACL configuration data . After the merging process, the number of flow entries sent to the forwarding device is reduced, saving the storage space of the flow table of the forwarding device. The steps of the method include:

[0069] Step S302: configure the ACL through the man-machine interface provided by the ACL application.

[0070] The ACL named TEST is configured, and the ACL number assigned to TEST by the ACL application is 1.

[0071] Step S304: configuring ACL rules;

[0072] Among them, two ACL rules are configured in TEST. Rule 1 defines that packets whose source IP address belongs to network segment 192.168.0.0 (mask 255.255.255.0) are prohibited from being forwarded, and rule 2 define...

Embodiment 3

[0076] Embodiment 3: ACL associated with the port; multiple ACLs can exist on each forwarding device, and different ACLs are applied in different occasions. The ACL rules in different ACLs are allowed to be the same, and multiple rules in each ACL match priority. According to the requirements of these basic ACL functions, Openflow technology can be used to combine multiple ACLs into one flow table. Each ACL rule corresponds to a flow entry. Write the ACL number in the metadata (metadata) to achieve. The matching sequence requirements for multiple ACL rules are implemented by setting different priorities for flow entries. The steps of the method include:

[0077] Step S402: configure the ACL through the man-machine interface provided by the ACL application;

[0078] Among them, configure the ACL named TEST1, the ACL number assigned to TEST1 by the ACL application is 1, configure the ACL named TEST2, and the ACL number assigned to TEST2 by the ACL application is 2;

[0079] ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a method and device for sending an access control list (ACL). The method comprises the steps that one or more pre-configured control rules of the ACL are mapped into an Openflow table; the Openflow table obtained after mapping of the control rules is sent through a software-defined network (SDN) controller. Through the method and device, the problems that a router is adopted for achieving the function of the ACL in related technologies, and the requirement for network equipment performance is very high are solved, and then the effect of relieving network equipment upgrading and maintenance is achieved.

Description

technical field [0001] The present invention relates to the communication field, in particular to a method and device for sending an access control list ACL. Background technique [0002] Software Defined Network (Software Defined Network, referred to as SDN) is a new network innovation architecture proposed by the clean slate research group of Stanford University in the United States. Its core technology, Openflow, separates the control plane of network equipment from the data plane, and standardizes forwarding equipment. 1. The control plane is centralized, and all control functions can be programmed through the centralized control plane without upgrading the forwarding plane, thereby realizing flexible control of network traffic and providing a good platform for core network and application innovation. The core of the concept of SDN is the separation of control and forwarding, the forwarding equipment is standardized and simple, and the control plane is centralized. All c...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L12/24
CPCH04L41/0895H04L41/0894
Inventor 刘仓明张征王怀滨洪先进
Owner ZTE CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products